CISCO Documentation

 

 

 CD ROM Annuaire d'Entreprises France prospect (avec ou sans emails) : REMISE DE 10 % Avec le code réduction AUDEN872

10% de réduction sur vos envois d'emailing --> CLIQUEZ ICI

Retour à l'accueil, cliquez ici

Documentation CISCO

http://www.cisco.com/cisco/web/psa/default.html

Guide d'utilisation de Cisco IP Communicator Ver sion 7.0 Juin 200

http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/7_0/localization/ipcugfra.pdf Command Reference, Cisco ACE Application Control Engine For the Cisco ACE Application Control Engine Module and Cisco ACE 4700 Series Application Control Engine Appliance Software Version A5(1.0) September 201

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/ACE_cr.pdf

Cisco Aironet Antennas and Accessorie

http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.pdf Cisco SAFE Reference Guide Cisco Validated Design Revised: July 8, 2010, OL-19523-0 17 Mo

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg.pdf Cisco IOS Quick Reference Guide for IBN

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/whitepaper_c27-574041.pdf Medianet Reference Guide Last Updated: October 26, 2010 6 Mo

http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/Medianet_Ref_Gd/medianet_DG.pdf Command Line Interface Reference Guide for Cisco Unified Communications Solutions Release 7.1(2

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/7_1_2/cli_ref_712.pdf Common Phone Task

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7962g_7961g_7961g-ge_7942g_7941g_7941g-ge/8_5/english/quick_reference/7962qrcrd85.pdf Cisco IOS XR System Error Message Reference Guide, Release 3.8.2 November 2009 51 Mo

http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.8.2/error/messages/em382sems.pdf

http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.8.2/error/messages/em382sems.pdf Siège social en Amérique Cisco Systems 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tél : 408 526-4000 800 553-NETS (6387) Fax : 408 527-0883 Guide d'utilisation de Cisco IP Communicator Ver sion 7.0 Juin 2009 Référence texte : OL-19177-01LES SPÉCIFICATIONS ET INFORMATIONS RELATIVES AUX PRODUITS PRÉSENTÉS DANS CE MANUEL SONT SUSCEPTIBLES DE MODIFICATIONS SANS PRÉAVIS. TOUTES LES DÉCLARATIONS, INFORMATIONS ET RECOMMANDATIONS FOURNIES DANS CE MANUEL SONT EXACTES À NOTRE CONNAISSANCE MAIS SONT PRÉSENTÉES SANS GARANTIE D'AUCUNE SORTE, EXPRESSE OU IMPLICITE. LES UTILISATEURS ASSUMENT L'ENTIÈRE RESPONSABILITÉ DE L'APPLICATION DE TOUT PRODUIT. LA LICENCE DE LOGICIEL ET LA GARANTIE LIMITÉE DU PRODUIT CI-JOINT SONT DÉFINIES DANS LES INFORMATIONS FOURNIES AVEC LE PRODUIT ET SONT INTÉGRÉES AUX PRÉSENTES PAR CETTE RÉFÉRENCE. SI VOUS NE TROUVEZ PAS LA LICENCE DE LOGICIEL OU LA GARANTIE LIMITÉE, CONTACTEZ VOTRE REPRÉSENTANT CISCO POUR EN AVOIR UNE COPIE. L'implémentation par Cisco de la compression d'en-tête TCP est une adaptation d'un programme développé par l'Université de Californie, Berkeley (UCB) dans le cadre de la version du système d'exploitation UNIX diffusée dans le domaine public par UCB. Tous droits réservés. Copyright © 1981, Regents of the University of California. PAR DÉROGATION À TOUTE AUTRE GARANTIE DÉFINIE ICI, TOUS LES FICHIERS DE DOCUMENTATION ET LOGICIELS DE CES FOURNISSEURS SONT FOURNIS «EN L'ÉTAT» AVEC TOUS LEURS DÉFAUTS. CISCO ET LES FOURNISSEURS SUS-MENTIONNÉS EXCLUENT TOUTES GARANTIES, EXPRESSES OU IMPLICITES Y COMPRIS DE MANIÈRE NON LIMITATIVE LES GARANTIES DE QUALITÉ MARCHANDE, D'ADÉQUATION À UN USAGE PARTICULIER ET DE NON-INFRACTION OU DES GARANTIES ÉMANANT D'UNE CONDUITE, D'UN USAGE OU D'UNE PRATIQUE COMMERCIALE. EN AUCUN CAS, CISCO OU SES FOURNISSEURS NE POURRONT ÊTRE TENUS RESPONSABLES DE TOUT DOMMAGE INDIRECT, PARTICULIER, CONSÉCUTIF OU ACCIDENTEL Y COMPRIS DE MANIÈRE NON LIMITATIVE LE MANQUE A GAGNER, LA PERTE OU LA DÉTÉRIORATION DE DONNÉES RÉSULTANT DE L'UTILISATION OU DE L'IMPOSSIBILITÉ D'UTILISER CE MANUEL, MÊME SI CISCO OU SES FOURNISSEURS ONT ÉTÉ AVERTIS DE L'ÉVENTUALITÉ DE TELS DOMMAGES. CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, le logo Cisco, DCE et Welcome to the Human Network sont des marques de commerce ; Changing the Way We Work, Live, Play, and Learn et Cisco Store sont des marques de service ; et Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, le logo Cisco Certified Internetwork Expert, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, le logo Cisco Systems, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, le logo IronPort, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx et le logo WebEx sont des marques déposées de Cisco Systems, Inc. et/ou de ses société affiliées aux États-Unis et dans certains autres pays. Toutes les autres marques mentionnées dans ce document ou sur le site Web sont la propriété de leurs détenteurs respectifs. L'utilisation du mot « partenaire » n'implique nullement une relation de partenariat entre Cisco et toute autre entreprise. (0809R) Les adresse IP (Internet Protocol) utilisées dans ce document sont fictives. Tous les exemples, tous les écrans de commandes et toutes les figures que contient ce document sont fournis uniquement à titre d'illustration. L'utilisation d'une adresse IP réelle dans un exemple serait fortuite et involontaire. Guide d'utilisation de Cisco IP Communicator version 7.0 © 2009 Cisco Systems, Inc. Tous droits réservés. iii Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 TABLE D E S M A T I È R E S C H A P I T R E 1 Mise en route de Cisco IP Communicator 1-1 Généralités sur la sécurité des produits Cisco 1-2 Liste de contrôle pour la mise en route 1-2 Installation de périphériques audio avant le lancement initial 1-3 Installation de Cisco IP Communicator sur votre ordinateur 1-4 Lancement de Cisco IP Communicator 1-5 Utilisation de l'Assistant de réglage audio 1-6 Configuration et enregistrement Cisco IP Communicator 1-9 Test de Cisco IP Communicator 1-10 C H A P I T R E 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator 2-1 Fonctionnalités de Cisco IP Communicator 2-1 À propos de l'interface de Cisco IP Communicator 2-4 Boutons et autres composants 2-4 Fonctions de l'écran du téléphone 2-8 Navigation dans l'interface 2-10 À l'aide des raccourcis clavier 2-10 À l'aide du menu 2-11 Utilisation des boutons de contrôle de la fenêtre 2-13 Utilisation de la notification d'appel entrant 2-14 Choix des éléments apparaissant sur l'écran du téléphone 2-14 Utilisation des menus de fonctions 2-15Sommaire iv Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Saisie et modification d'un texte 2-16 Combiné décroché et raccroché 2-16 États et icônes d'appel et de ligne 2-17 Accès à l'aide en ligne 2-19 Fonctionnement et disponibilité des fonctions 2-20 C H A P I T R E 3 Traitement des appels avec Cisco IP Communicator 3-1 Comment traiter les appels simples 3-1 Passer un appel 3-3 Établissement d'un appel vidéo 3-8 Réponse à un appel 3-9 Fin d'un appel 3-11 Utilisation des fonctions Attente et Reprise 3-12 Utilisation de la fonction Secret 3-13 Transfert d'un appel connecté 3-14 Sélection des appels 3-15 Passage d'un appel à l'autre 3-15 Transfert d'un appel en cours vers un autre téléphone 3-17 Renvoi de vos appels vers un autre numéro 3-17 Utilisation de la fonction Ne pas déranger 3-19 Établissement de conférences téléphoniques 3-21 Utilisation de la fonction Conférence. 3-21 Utilisation de la fonction Joindre (uniquement sur les téléphones SCCP) 3-22 Utilisation de la fonction InsConf 3-23 Utilisation de la fonction Meet-Me 3-23 Affichage ou exclusion des participants à une conférence 3-24 Traitement des fonctions d'appel avancées 3-25 Utilisation de la fonction de mobilité de poste de Cisco 3-26 Traitement des appels professionnels à l'aide d'un seul numéro de téléphone 3-27v Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Sommaire Stockage et récupération des appels parqués 3-29 Déconnexion de groupes de recherche 3-29 Emission et réception d'appels sécurisés 3-30 Suivi des appels suspects 3-31 Donner la priorité aux appels critiques 3-32 Redirection d'un appel entrant vers Cisco IP Communicator 3-33 Rappel d'une ligne occupée dès qu'elle devient disponible 3-34 Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne 3-34 Utilisation de lignes partagées 3-35 Établissement ou prise d'appels intercom 3-38 C H A P I T R E 4 Personnalisation des paramètres sur Cisco IP Communicator 4-1 Accès aux paramètres 4-1 Réglage du volume d'un appel 4-2 Personnalisation des sonneries et des indicateurs de message 4-3 Personnalisation de l'écran du téléphone 4-4 Affichage et personnalisation des préférences 4-5 Paramètres utilisateur 4-5 Paramètres réseau 4-7 Paramètres audio 4-8 Affectation de modes audio 4-9 Paramètres audio du réseau 4-13 Paramètres audio avancés 4-13 Paramètres de répertoire 4-15Sommaire vi Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 C H A P I T R E 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator 5-1 Obtention de périphériques audio 5-1 Utilisation d'un casque 5-2 Utilisation de votre ordinateur comme poste téléphonique à haut-parleur 5-4 Utilisation d'un combiné USB 5-5 Suppression et réinstallation de périphériques audio 5-6 C H A P I T R E 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator 6-1 Accès aux messages vocaux 6-1 Utilisation des journaux d'appels 6-3 Composition à partir d'un répertoire 6-5 Utilisation du répertoire d’entreprise 6-6 Utilisation du répertoire personnel 6-7 Utilisation de la fonction Recherche rapide 6-10 Saisie d'informations de mot de passe pour la fonction Recherche rapide 6-11 C H A P I T R E 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM 7-1 Connexion aux pages Web Options utilisateur Cisco Unified CM 7-2 Utilisation de votre Carnet d'adresses personnel 7-3 Configuration de numéros abrégés 7-4 Configuration de la numérotation abrégée 7-5 Configuration de services téléphoniques 7-7 Contrôle des paramètres utilisateur 7-9 Contrôle des paramètres de ligne 7-10 Configuration de téléphones et de listes d'accès pour la connexion mobile 7-12 Utilisation de Cisco WebDialer 7-15vii Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Sommaire C H A P I T R E 8 Dépannage Cisco IP Communicator 8-1 Problèmes d'ordre général 8-1 Problèmes de qualité vocale 8-5 Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les problèmes de performance 8-10 Activation de journaux détaillés 8-11 Capture d'informations sur les problèmes 8-11Sommaire viii Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01C H A P I T R E 1-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 1 Mise en route de Cisco IP Communicator Cisco IP Communicator est une application bureautique qui fournit à votre ordinateur toutes les fonctions d'un téléphone IP Cisco Unified permettant de passer, de prendre et de traiter des appels. Si vous installez Cisco IP Communicator sur un ordinateur portable, vous pouvez utiliser Cisco IP Communicator (ainsi que tous vos paramètres et services téléphoniques) où que vous soyez à condition de disposer d'une connexion au réseau de votre entreprise. Si, par exemple, vous êtes en déplacement professionnel, Cisco IP Communicator vous permet de recevoir des appels ou de consulter vos messages vocaux lorsque vous êtes en ligne. Si vous travaillez à domicile, vos collègues peuvent vous contacter en composant votre numéro de téléphone professionnel. Cisco IP Communicator fonctionne avec Cisco Unified Video Advantage, une autre application bureautique, pour améliorer vos communications grâce à la vidéo. Par exemple, si vous passez un appel par le biais de Cisco IP Communicator et, la vidéo disponible sera automatiquement affichée par le biais de Cisco Unified Video Advantage. • Généralités sur la sécurité des produits Cisco, page 1-2 • Liste de contrôle pour la mise en route, page 1-2 • Installation de périphériques audio avant le lancement initial, page 1-3 • Installation de Cisco IP Communicator sur votre ordinateur, page 1-4 • Lancement de Cisco IP Communicator, page 1-5 • Utilisation de l'Assistant de réglage audio, page 1-6 • Configuration et enregistrement Cisco IP Communicator, page 1-9 • Test de Cisco IP Communicator, page 1-10Chapitre 1 Mise en route de Cisco IP Communicator Généralités sur la sécurité des produits Cisco 1-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Généralités sur la sécurité des produits Cisco Ce produit contient des fonctions cryptographiques et est soumis aux lois des États-Unis et d'autres pays, qui en régissent l'importation, l'exportation, le transfert et l'utilisation. La fourniture de produits cryptographiques Cisco n'implique pas le droit d'un tiers à importer, exporter, distribuer ou utiliser le cryptage. Les importateurs, exportateurs, distributeurs et utilisateurs ont la responsabilité de respecter les lois américaines et celles d'autres pays. En utilisant ce produit, vous vous engagez à respecter les lois et réglementations applicables. Si vous n'êtes pas en mesure de respecter les lois américaines et celles d'autres pays, renvoyez-nous ce produit immédiatement. Vous trouverez un récapitulatif des lois américaines régissant les produits cryptographiques Cisco à l'adresse suivante : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html. Si vous avez besoin d'aide supplémentaire, envoyez-nous un e-mail à l'adresse export@cisco.com. Liste de contrôle pour la mise en route Référez-vous à cette liste de contrôle pour configurer Cisco IP Communicator sur votre bureau afin de pouvoir passer des appels. Tâche de démarrage rapide Pour plus d'informations, consultez... 1. Installer les cartes son ou les périphériques audio USB que vous souhaitez utiliser, notamment un combiné ou un casque USB. Installation de périphériques audio avant le lancement initial, page 1-3 2. Installer l'application Cisco IP Communicator. Installation de Cisco IP Communicator sur votre ordinateur, page 1-4 3. Lancer Cisco IP Communicator. Lancement de Cisco IP Communicator, page 1-5 4. Utiliser l'Assistant de réglage audio pour sélectionner des modes audio et régler les périphériques audio. • Utilisation de l'Assistant de réglage audio, page 1-6 • Affectation de modes audio, page 4-9 5. Réaliser les étapes de configuration réseau ou d'enregistrement définies par votre administrateur système. Configuration et enregistrement Cisco IP Communicator, page 1-9 6. Passer des appels de test. Test de Cisco IP Communicator, page 1-101-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 1 Mise en route de Cisco IP Communicator Installation de périphériques audio avant le lancement initial Installation de périphériques audio avant le lancement initial Avant d'installer et de lancer Cisco IP Communicator pour la première fois, vous devez installer et configurer tous les périphériques audio (cartes son, combinés USB ou casques USB) qui nécessitent des pilotes. Pour une expérience audio optimale, nous vous recommandons d'utiliser un combiné ou un casque USB certifié. Vous pouvez utiliser plusieurs périphériques audio avec Cisco IP Communicator comme indiqué dans le tableau suivant. Pour obtenir la liste des marques de périphériques audio que vous pouvez utiliser avec Cisco IP Communicator, consultez votre administrateur système. Périphérique audio Description Remarques Périphériques USB : • un combiné USB ; • un casque USB. Les périphériques USB nécessitent un pilote et sont dotés de fiches rectangulaires. Suivez les instructions du fabricant du périphérique pour installer des périphériques USB. Le cas échéant, suivez les étapes de l'Assistant Nouveau matériel détecté de Microsoft Windows. Périphériques analogiques externes : • casque analogique • haut-parleurs ou microphones externes Les périphériques audio analogiques ne nécessitent pas de logiciels. Ils fonctionnent comme des extensions de la carte son de l'ordinateur. Branchez les périphériques analogiques aux prises jacks audio de l'ordinateur. Cisco IP Communicator reconnaît les périphériques analogiques comme des extensions de la carte son. Pour afficher ou modifier les paramètres des périphériques analogiques, sélectionnez la carte son. Périphériques audio internes : • microphone intégré • haut-parleurs intégrés Ces périphériques audio sont des composants internes de l'ordinateur et fonctionnent avec la carte son de celui-ci. Il est toujours possible de sélectionner ou d'utiliser les périphériques audio internes.Chapitre 1 Mise en route de Cisco IP Communicator Installation de Cisco IP Communicator sur votre ordinateur 1-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Remarque Si vous installez ou insérez un périphérique audio qui nécessite un pilote de périphérique (un combiné USB, un casque USB ou une carte son) après le lancement de Cisco IP Communicator, l'application ne reconnaîtra pas le périphérique tant que vous n'aurez pas redémarré Cisco IP Communicator. L'Assistant de réglage audio est alors automatiquement lancé afin que vous puissiez régler le périphérique. Rubriques connexes • Installation de Cisco IP Communicator sur votre ordinateur, page 1-4 • Utilisation d'un casque, page 5-2 • Suppression et réinstallation de périphériques audio, page 5-6 Installation de Cisco IP Communicator sur votre ordinateur Avant de commencer • Si vous utilisez un ordinateur portable, vérifiez que vous n'êtes pas connecté à une station d'accueil lorsque vous lancez Cisco IP Communicator pour la première fois après l'installation. La station d'accueil peut interférer avec la capacité de Cisco IP Communicator à localiser la carte réseau de l'ordinateur. • Si Cisco Unified Personal Communicator est en cours d'exécution, quittez-le avant de démarrer Cisco IP Communicator. • Si vous installez Cisco IP Communicator sur un ordinateur tournant sous Microsoft Vista, le message de sécurité Windows ne peut pas vérifier l'éditeur de ce pilote risque de s'afficher. Cliquez sur Installer ce pilote quand même pour poursuivre l'installation.1-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 1 Mise en route de Cisco IP Communicator Lancement de Cisco IP Communicator Procédure Étape 1 Effectuez un double clic sur le fichier exécutable (CiscoIPcommunicatorSetup.exe) pour l'ouvrir, ou cliquez sur le lien d'installation que vous a fourni votre administrateur système. Étape 2 Cliquez sur Suivant pour lancer l'Assistant InstallShield. Étape 3 Lisez attentivement l'accord de licence, puis cliquez sur J'accepte et sur Suivant. Étape 4 Sélectionnez le dossier cible par défaut de l'application ou parcourez la liste pour en sélectionner un autre. Étape 5 Cliquez sur Installer dans la fenêtre Prêt à installer. L'installation peut durer plusieurs minutes. Étape 6 Cliquez sur Lancer le programme puis sur Terminer pour lancer Cisco IP Communicator. Dans certains cas, vous serez invité à redémarrer l'ordinateur à ce stade et la case à cocher Lancer le programme ne sera pas affichée. Rubriques connexes • Lancement de Cisco IP Communicator, page 1-5 Lancement de Cisco IP Communicator Remarque Si vous utilisez un ordinateur portable, vérifiez que vous n'êtes pas connecté à une station d'accueil lors du premier lancement de Cisco IP Communicator après l'installation. Si Cisco Unified Personal Communicator est en cours d'exécution, quittez-le avant de démarrer Cisco IP Communicator. Si vous avez activé la case à cocher Lancer le programme lors de l'étape d'installation finale, Cisco IP Communicator est automatiquement lancé. Pour lancer le programme manuellement, choisissez Démarrer > Programmes > Cisco IP Communicator, ou double cliquez sur le raccourci de bureau Cisco IP Communicator.Chapitre 1 Mise en route de Cisco IP Communicator Utilisation de l'Assistant de réglage audio 1-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 La première fois que vous lancez Cisco IP Communicator : • Le message de sécurité Windows ne peut pas vérifier l'éditeur de ce pilote risque de s'afficher si vous installez Cisco IP Communicator sur un ordinateur tournant sous Microsoft Vista. Cliquez sur Installer ce pilote quand même pour poursuivre l'installation. • L'Assistant de réglage audio s'ouvre. Votre périphérique audio doit être disponible pour le réglage. Lors des lancements suivants, vous pourrez être invité à l'utiliser pour rétablir des paramètres de volume précédents. • Des invites de LocaleDownloader peuvent s'afficher. En règle générale, il est conseillé d'accepter ces invites dès que possible afin de disposer en permanence de la dernière version du produit sur l'ordinateur. Toutefois, si vous utilisez Cisco IP Communicator avec une connexion à distance, vous pouvez choisir de retarder l'exécution de LocaleDownloader jusqu'à ce que vous soyez connecté localement. Si vous travaillez à domicile, par exemple, vous pouvez attendre d'être revenu au bureau. Les sessions LocaleDownloader risquent de durer plus longtemps sur une connexion à distance. Rubriques connexes • Utilisation de l'Assistant de réglage audio, page 1-6 Utilisation de l'Assistant de réglage audio L'Assistant de réglage audio vous guide lors de la sélection et du réglage des périphériques audio installés. • La sélection d'un périphérique audio consiste à associer celui-ci à un ou plusieurs modes audio et/ou à la sonnerie. • Le réglage consiste à tester et, le cas échéant, à modifier le volume du haut-parleur et du microphone pour chaque périphérique sélectionné. L'Assistant de réglage audio apparaît automatiquement lors du premier lancement de Cisco IP Communicator après l'installation. Vous pouvez y accéder manuellement à partir du menu lors des lancements suivants. Le tableau suivant fournit des informations complémentaires sur l'Assistant de réglage audio et d'autres options de paramétrage audio.1-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 1 Mise en route de Cisco IP Communicator Utilisation de l'Assistant de réglage audio Remarque Avant d'utiliser l'Assistant de réglage audio pour régler un périphérique audio doté d'un dispositif de réglage du volume, tel qu'un casque avec des commandes de volume sur le cordon, augmentez le volume du périphérique à son maximum. Si... Procédez comme suit... Remarques Vous venez d'installer Cisco IP Communicator et vous utilisez l'Assistant de réglage audio pour la première fois Réglez tous les périphériques audio lorsque l'Assistant de réglage audio apparaît. L'Assistant de réglage audio vous permet de sélectionner des périphériques audio pour des modes audio ou d'utiliser le périphérique audio Windows par défaut. Le réglage d'un périphérique et la modification du paramètre de volume pour un appel sont des opérations distinctes. Il est préférable de ne régler chaque périphérique qu'une seule fois et de modifier le réglage uniquement si vous rencontrez des problèmes de qualité vocale. Pour plus d'informations, voir Affectation de modes audio, page 4-9 et Sélection d'un mode audio, page 4-9. La fenêtre Vérifier les paramètres audio apparaît lors d'un lancement postérieur à l'installation Cliquez sur l'un de ces boutons : • Rétablir : rétablir les paramètres précédemment associés à ce périphérique audio. • Régler : recommencer le réglage de ce périphérique. • Ignorer : conserver les paramètres modifiés (pour maintenir le volume de la carte son coupé, par exemple). La fenêtre Vérifier les paramètres audio apparaît lors de lancements ultérieurs si vous avez modifié (ou coupé) le volume d'un périphérique depuis son dernier réglage (si, par exemple, vous avez coupé le volume de la carte son de l'ordinateur ou modifié les commandes de volume d'un casque ou d'un combiné USB).Chapitre 1 Mise en route de Cisco IP Communicator Utilisation de l'Assistant de réglage audio 1-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Configuration et enregistrement Cisco IP Communicator, page 1-9 Vous souhaitez changer le volume lors d'un appel Cliquez sur le bouton Volume de Cisco IP Communicator. Cliquez sur Enregistrer pour enregistrer vos paramètres. Il s'agit de la méthode la plus adaptée pour modifier les paramètres de volume pour un appel donné. Voir Réglage du volume d'un appel, page 4-2. Vous souhaitez régler à nouveau un périphérique audio pour résoudre des problèmes de qualité vocale Accéder à l'Assistant de réglage audio (cliquez avec le bouton droit de la souris sur > Assistant de réglage audio). Vo ir Problèmes de qualité vocale, page 8-5. Vous souhaitez modifier vos sélections de mode audio sans recommencer le réglage des périphériques audio Cliquez avec le bouton droit de la souris sur > Préférences > onglet Audio). Vo ir Affectation de modes audio, page 4-9. Si... Procédez comme suit... Remarques1-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 1 Mise en route de Cisco IP Communicator Configuration et enregistrement de Cisco IP Communicator Configuration et enregistrement de Cisco IP Communicator Après avoir installé l'application Cisco IP Communicator, exécuté l'Assistant de réglage audio, et visualisé l'interface Cisco IP Communicator sur votre bureau, vous devrez peut-être effectuer d'autres tâches de configuration et d'enregistrement avant de pouvoir passer des appels. Remarque Les tâches suivantes peuvent varier en fonction des sociétés et des systèmes téléphoniques. Votre administrateur système vous fournira des instructions. Réalisez ces opérations uniquement si vous y avez été invité. Tâche Remarques Choix d'un nom de périphérique Cisco IP Communicator utilise la carte réseau ou le nom du périphérique pour s'identifier auprès du réseau. Dans les deux cas, votre administrateur système vous indiquera quelle carte choisir, ou quel nom de périphérique saisir : • Sélectionnez la carte réseau spécifiée par votre administrateur système dans Cisco IP Communicator (cliquez avec le bouton droit de la souris sur > Préférences > onglet Réseau). En général, la carte sélectionnée est celle qui fournit une connectivité permanente ou celle qui est toujours activée, même si elle n'est pas branchée. Les cartes sans fil sont à éviter. La carte réseau adéquate doit être sélectionnée afin que Cisco IP Communicator fonctionne correctement. Remarque Ce paramètre est utilisé pour l'identification sur le réseau, et non pour les transmissions audio. Une fois ce paramètre défini, vous n'aurez pas à le modifier, à moins que vous ne supprimiez ou désactiviez définitivement la carte réseau sélectionnée. Dans ce cas, contactez votre administrateur système avant de sélectionner une autre carte. • Entrez le nom du périphérique que vous a fourni votre administrateur système dans Cisco IP Communicator (cliquez avec le bouton droit de la souris sur > Préférences > onglet Réseau> Utiliser ce nom de périphérique).Chapitre 1 Mise en route de Cisco IP Communicator Test de Cisco IP Communicator 1-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Test de Cisco IP Communicator, page 1-10 Test de Cisco IP Communicator Avant de tester Cisco IP Communicator, vérifiez que votre numéro de poste est affiché à l'écran et que vous entendez une tonalité lorsque vous décrochez le combiné. Remarque Si votre numéro de poste n'apparaît pas ou si vous n'entendez pas de tonalité, consultez Problèmes d'ordre général, page 8-1. Recherche d'un nom de périphérique Si votre administrateur système vous demande le nom de périphérique de votre carte réseau, vous trouverez ce dernier dans Cisco IP Communicator (cliquez avec le bouton droit de la souris sur > Préférences > onglet Réseau> section Nom du périphérique). Spécification des adresses de serveurs TFTP Sur les conseils de votre administrateur système, entrez les adresses des serveurs TFTP dans Cisco IP Communicator (cliquez avec le bouton droit de la souris sur > Préférences > onglet Réseau> Utiliser les serveurs TFTP suivants). Enregistrement à l'aide de l'outil TAPS Après avoir installé et démarré Cisco IP Communicator et sur les directives de votre administrateur système, enregistrez automatiquement Cisco IP Communicator à l'aide de l'outil TAPS (Tool for Auto-Registered Phones Support). Votre administrateur système vous communiquera le numéro à composer dans Cisco IP Communicator pour effectuer l'enregistrement à l'aide de TAPS. Il se peut que vous ayez à entrer la totalité de votre numéro de poste, y compris l'indicatif régional. Suivez les indications vocales. Lorsque Cisco IP Communicator affiche un message de confirmation, vous pouvez mettre fin à l'appel. Cisco IP Communicator sera redémarré. Tâche Remarques1-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 1 Mise en route de Cisco IP Communicator Test de Cisco IP Communicator Passez quelques appels de test et demandez à vos interlocuteurs s'ils vous entendent correctement. Le tableau suivant énumère les éventuelles actions à effectuer lors des appels de test. Rubriques connexes • Fonctionnalités de Cisco IP Communicator, page 2-1 • Réglage du volume d'un appel, page 4-2 • Paramètres audio, page 4-8 • Problèmes de qualité vocale, page 8-5. Pour... Procédez comme suit : Régler le volume Réglez le volume du mode audio dans Cisco IP Communicator. Cliquez sur le bouton Volume ou appuyez sur les touches Page préc./Page suiv. du clavier. Utiliser une connexion à distance Si vous utiliser Cisco IP Communicator sur une connexion à distance (par exemple, sur une connexion VPN à votre domicile ou dans un hôtel), activez l'option Optimiser pour une bande passante étroite (cliquez avec le bouton droit de la souris sur > Préférences > onglet Audio). Une fois cette fonction activée, appelez une personne et demandez-lui si elle vous entend correctement. Chapitre 1 Mise en route de Cisco IP Communicator Test de Cisco IP Communicator 1-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01C H A P I T R E 2-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator • Fonctionnalités de Cisco IP Communicator, page 2-1 • À propos de l'interface de Cisco IP Communicator, page 2-4 • Navigation dans l'interface, page 2-10 • Accès à l'aide en ligne, page 2-19 Fonctionnalités de Cisco IP Communicator Cisco IP Communicator fonctionne de façon très similaire à un téléphone classique ; il permet de passer et de prendre des appels téléphoniques, de mettre des appels en attente, d'utiliser la numérotation abrégée, de transférer des appels, etc. Cisco IP Communicator prend également en charge des fonctions téléphoniques spéciales (telles que le parcage d'appels et les conférences Meet-Me) qui offrent des capacités de traitement d'appels supplémentaires et personnalisées. Le fonctionnement de Cisco IP Communicator et les fonctionnalités dont vous disposez sont variables d'un système à l'autre. Les fonctionnalités disponibles peuvent varier selon l'agent de traitement des appels utilisé par votre société et selon la façon dont l'assistance technique de votre société a configuré votre système téléphonique. Pour tout renseignement sur le fonctionnement ou la disponibilité des fonctions, contactez l'assistance technique ou votre administrateur système.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Fonctionnalités de Cisco IP Communicator 2-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Vous pouvez accéder à de nombreuses fonctionnalité en appuyant sur une touche de fonction ou sur un bouton de ligne. Voir le Tableau 2-1 pour prendre connaissance des fonctionnalités et des touches de fonction. Vous pouvez configurer certaines fonctionnalités, mais votre administrateur système contrôle la plupart d'entre elles. Outre les fonctions de traitement des appels, Cisco IP Communicator prend en charge les éléments suivants : • L'Assistant de réglage audio • La composition de numéros à partir de répertoires avec la fonction Recherche rapide • L'accès rapide à vos pages Web Options utilisateur Cisco Unified CM et à vos services téléphoniques • Un système d'aide en ligne complet • La modification de l'apparence de Cisco IP Communicator • La composition de numéros par glisser-déplacer • La composition de numéros par copier-coller • Des messages intempestifs de notification d'appel entrant • La composition alphanumérique • Des raccourcis clavier • L'interfonctionnement vidéo avec Cisco Unified Video Advantage version 2.0. Remarque Lorsque Cisco IP Communicator utilise le protocole de contrôle d'appels SIP, il ne prend pas en charge la vidéo avec Cisco Unified Video Advantage. Votre administrateur système vous indiquera si votre déploiement prend en charge la vidéo.2-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Fonctionnalités de Cisco IP Communicator Ta b l e a u 2-1 Fonctionnalités et touches de fonction Rubriques connexes • À propos de l'interface de Cisco IP Communicator, page 2-4 Fonctionnalité Touche de fonction Rappel Rappel Renvoi d'appels RenvTt Parcage d'appel Parquer Interception d'appel Intrcpt Conférence Conf. Liste de conférence ListConf Ne pas déranger NPD Mettre fin à un appel FinApp. Interception d'appels de groupe GrpIntr Mise en attente Attente Identification d'appels malveillants IDAM Conférences Meet-Me MeetMe Mobilité Mobilité Nouvel appel NvAppel Autre groupe de prise d'appel AGrpIntr Outil de génération de rapports sur la qualité QRT Bis Bis Suppression du dernier participant à une conférence SupDerA Transférer TrnsferChapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator À propos de l'interface de Cisco IP Communicator 2-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 À propos de l'interface de Cisco IP Communicator Utilisez la souris pour cliquer sur les boutons et les éléments de menu, et le clavier de l'ordinateur pour entrer des lettres et des nombres et utiliser des raccourcis clavier. Cisco IP Communicator propose deux présentations de bureau appelées apparences : • Boutons et autres composants, page 2-4 • Fonctions de l'écran du téléphone, page 2-8 Boutons et autres composants Le Tableau 2-2 présente les boutons et autres composants communs aux deux apparences. Figure 2-1 Cisco IP Communicator en mode compact 1 4 8 7 5 6 14 9 12 11 10 2 3 16 1412092-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator À propos de l'interface de Cisco IP Communicator Figure 2-2 Cisco IP Communicator en mode par défaut Ta b l e a u 2-2 Boutons et autres composants 1 Écran du téléphone Permet d'afficher l'état des appels et les menus de fonctions et d'activer des éléments de menu. Voir Fonctions de l'écran du téléphone, page 2-8. 2 Boutons de contrôle de la fenêtre Permettent d'afficher le menu, de masquer Cisco IP Communicator, de passer d'une apparence à l'autre ou de quitter l'application. Voir Fonctionnement et disponibilité des fonctions, page 2-20. 2 14 13 12 11 10 16 17 5 7 9 8 6 4 3 15 105031 1Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator À propos de l'interface de Cisco IP Communicator 2-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 3 Touches programmables Selon la configuration de votre téléphone, les touches programmables permettent l'accès aux : • Lignes téléphoniques et lignes intercom (boutons de ligne) • Numéros abrégés (boutons de numérotation abrégée, y compris la fonctionnalité de numérotation abrégée FLO) • Services Web (bouton du carnet d'adresses personnel, par exemple) • Fonctionnalités d'appel (par exemple, bouton de confidentialité, de mise en attente ou de transfert). Les boutons s'allument et leur couleur indique l'état de l'appel : • Vert fixe : appel actif ou appel intercom bidirectionnel • Vert clignotant : appel en attente • Orange fixe : fonction de confidentialité en cours d'utilisation, appel intercom unidirectionnel ou activation de NPD • Orange clignotant : appel entrant ou à reprendre • Rouge fixe : ligne distante en cours d'utilisation (ligne partagée ou état FLO) Vous pouvez transformer les boutons de ligne supplémentaires en boutons de numérotation abrégée. Voir Configuration de la numérotation abrégée, page 7-5 4 Bouton Messages Compose automatiquement le numéro de votre service de messagerie vocale (varie selon le service). (Raccourci clavier : Ctrl + M.) Voir Accès aux messages vocaux, page 6-1. 5 Bouton Répertoires Ouvre ou ferme le menu Répertoires. Permet d'afficher les journaux d'appels et un répertoire d'entreprise, et de composer des numéros à partir de ceux-ci. (Raccourci clavier : Ctrl + D.) Vous pouvez également utiliser la fonction Recherche rapide (Alt + K) pour effectuer une recherche dans des répertoires. Vo ir Utilisation des journaux d'appels, page 6-3. 6 Bouton Aide Active le menu Aide. (Raccourci clavier : Ctrl + I.) Voir Accès à l'aide en ligne, page 2-19. 7 Bouton Paramètres Ouvre ou ferme le menu Paramètres. Permet de modifier les paramètres de l'écran tactile et des sonneries. (Raccourci clavier : Ctrl + S.) Voir Personnalisation des sonneries et des indicateurs de message, page 4-3. Tableau 2-2 Boutons et autres composants (suite)2-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator À propos de l'interface de Cisco IP Communicator 8 Bouton Services Ouvre ou ferme le menu Services. (Raccourci clavier : Ctrl + R.) Voir Configuration de services téléphoniques, page 7-7. 9 Bouton Volume Permet de définir le volume des modes audio et d'autres paramètres. (Raccourci clavier : Page préc./Page suiv.). Voir Réglage du volume d'un appel, page 4-2. 1 10 Bouton Haut-parleur Active/Désactive le mode haut-parleur. Lorsque le mode haut-parleur est activé, le bouton est allumé. (Raccourci clavier : Ctrl + P.) Vo ir Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator, page 5-1. 11 Bouton Secret Active/Désactive la fonction Secret. Lorsque la fonctionnalité est activée, le bouton est allumé. (Raccourci clavier : Ctrl + T.) Voir Utilisation de la fonction Secret, page 3-13. 12 Bouton Casque Permet d'activer/de désactiver le mode Casque. (Raccourci clavier : Ctrl + H.) Voir Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator, page 5-1. 13 Bouton Navigation Permet de faire défiler les menus et de mettre les éléments de menu en surbrillance. À utiliser avec les touches de fonction pour activer les éléments mis en surbrillance. Par ailleurs, lorsque Cisco IP Communicator est raccroché, appuyez sur le bouton Navigation pour accéder aux numéros de téléphone du journal des appels composés. 14 Bouton Cisco Unified Video Advantage Permet de lancer Cisco Unified Video Advantage. Vous devez exécuter Cisco Unified Video Advantage version 2.1.1 et Cisco IP Communicator 2.0 (ou version ultérieure) sur le même PC pour pouvoir utiliser cette fonctionnalité. 2 15 Clavier Permet d'entrer des chiffres et des lettres et de sélectionner des éléments de menu. (Non disponible avec l'apparence facultative.) Vous pouvez également utiliser le clavier de l'ordinateur. 16 Touches de fonction Chaque bouton permet d'activer une touche de fonction. Vous pouvez également cliquer sur les libellés de touche de fonction (au lieu des boutons). (Raccourcis clavier : F2 à F6.) Voir Traitement des appels avec Cisco IP Communicator, page 3-1. 17 Indicateur de message vocal et de sonnerie Indique un appel entrant et un nouveau message vocal. Voir Personnalisation des sonneries et des indicateurs de message, page 4-3. 1. Raccourci clavier dans toutes les versions antérieures à la version 2.0 : Ctrl + V 2. Lorsque Cisco IP Communicator utilise le protocole de contrôle d'appels SIP, il ne prend pas en charge la vidéo avec Cisco Unified Video Advantage. Votre administrateur système vous indiquera si votre déploiement prend en charge la vidéo. Tableau 2-2 Boutons et autres composants (suite)Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator À propos de l'interface de Cisco IP Communicator 2-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Vous pouvez cliquer sur l'icône de menu en haut de l'une ou l'autre des apparences, cliquer avec le bouton droit sur Cisco IP Communicator ou appuyer sur Maj + F10 pour afficher et configurer les paramètres, sélectionner des apparences et activer le mode Écran uniquement. Voir À l'aide du menu, page 2-11. • Le mode par défaut (Figure 2-2) et le mode compact (Figure 2-1) présentent les mêmes icônes de bouton. La forme et l'emplacement des boutons peuvent toutefois varier selon l'apparence utilisée. • Pour obtenir la liste complète des raccourcis, voir À l'aide des raccourcis clavier, page 2-10. • Vo ir Fonctions de l'écran du téléphone, page 2-8 pour plus d'informations sur l'affichage des appels et des lignes à l'écran de Cisco IP Communicator. Fonctions de l'écran du téléphone Lorsque des appels sont actifs et que plusieurs menus de fonctions sont ouverts, l'écran du téléphone Cisco IP Communicator peut présenter l'aspect suivant.2-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator À propos de l'interface de Cisco IP Communicator Rubriques connexes • À propos de l'interface de Cisco IP Communicator, page 2-4 • Navigation dans l'interface, page 2-10 1 Ligne téléphonique principale Affiche le numéro de téléphone (numéro de répertoire) de votre ligne téléphonique principale. 2 Indicateurs des boutons programmables Les boutons programmables peuvent servir de boutons de ligne téléphonique, de boutons de ligne intercom, de boutons de la numérotation abrégée, de boutons de service téléphonique ou des boutons de fonction téléphonique. Les icônes et les étiquettes indiquent comment ces boutons sont configurés. Icône de ligne téléphonique : correspond à une ligne téléphonique. Les icônes de ligne peuvent varier. Icône de numéro abrégé : correspond à un bouton de numérotation abrégée, le cas échéant. Icône de service téléphonique : le cas échéant, correspond à un service téléphonique disponible via le Web, tel que le carnet d'adresses personnel. Icône de fonction : le cas échéant, correspond à une fonction, telle que la fonction Confidentialité. Pour plus d'information sur les autres icônes, voir États et icônes d'appel et de ligne, page 2-17. 3 Libellés des touches de fonction Chaque étiquette décrit la fonction d'une touche de fonction. 4 Ligne d'état Affiche les icônes de mode audio, les informations d'état et les invites. 5 Zone d'activité des appels Affiche les appels en cours par ligne, y compris l'ID de l'appelant, la durée et l'état de l'appel de la ligne mise en surbrillance (en mode d'affichage standard). 6 Onglet Téléphone Indique l'activité des appels. Cliquez sur cet onglet pour revenir à la zone d'activité des appels, si nécessaire. 7 Onglets de fonctions Chaque onglet correspond à un menu de fonctions activé.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface 2-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Navigation dans l'interface • À l'aide des raccourcis clavier, page 2-10 • À l'aide du menu, page 2-11 • Utilisation des boutons de contrôle de la fenêtre, page 2-13 • Utilisation de la notification d'appel entrant, page 2-14 • Choix des éléments apparaissant sur l'écran du téléphone, page 2-14 • Utilisation des menus de fonctions, page 2-15 • Saisie et modification d'un texte, page 2-16 • Combiné décroché et raccroché, page 2-16 • États et icônes d'appel et de ligne, page 2-17 À l'aide des raccourcis clavier Cisco IP Communicator vous permet d'accéder aux boutons de la fenêtre sans utiliser la souris. Ces raccourcis de navigation sont particulièrement utiles si vous êtes mal-voyant et dans l'impossibilité de parcourir l'interface. Consultez le Tableau 2-3 pour obtenir une liste des raccourcis clavier permettant de naviguer dans l'interface. Ta b l e a u 2-3 Raccourcis clavier pour Cisco IP Communicator Frappe de touche Action Ctrl + D Ouvrir ou fermer le menu Répertoires Ctrl + S Ouvrir ou fermer le menu Paramètres Ctrl + R Ouvre ou ferme le menu Services Ctrl + M Ouvrir le système de messagerie vocale Ctrl + I Ouvrir ou fermer le système d'aide en ligne Ctrl + H Permet d'activer/de désactiver le mode Casque Ctrl + P Permet d'activer/de désactiver le mode Haut-parleur Ctrl + T Active/Désactive la fonction Secret2-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface À l'aide du menu Vous pouvez accéder aux éléments de menu suivants en cliquant sur l'icône de menu affichée dans le coin supérieur droit de l'interface, en cliquant avec le bouton droit dans l'interface, ou en appuyant sur Maj + F10. Ctrl + (touches numériques de 1 à 8) Ouvrir ou fermer les boutons de ligne ou les boutons de numérotation abrégée 1 à 8 Ctrl + V Coller un nom ou un numéro de téléphone Ctrl + Maj + A ou F2 Répondre à un appel Alt + S Ouvrir la boîte de dialogue Préférences Alt + K Accéder à la fonction de recherche rapide dans le répertoire Alt + X Quitter Cisco IP Communicator Alt + F4 Fermer Cisco IP Communicator Entrée Composer un appel Échap Raccrocher Page préc. Augmenter le volume du mode audio actuellement sélectionné Page suiv. Diminuer le volume du mode audio actuellement sélectionné F2 à F6 Activer les touches de fonction 1 à 5 / (avec fonction Verr. num activée) Activer la touche # Maj + F10 Ouvrir le menu Tableau 2-3 Raccourcis clavier pour Cisco IP Communicator (suite) Frappe de touche Action Élément Description Apparences Permet de modifier l'apparence de l'interface. Cisco IP Communicator est proposé avec deux apparences : l'apparence par défaut (clic droit > Apparences > Mode par défaut) et l'apparence compacte (clic droit > Apparences > Mode compact). La Figure 2-2 et la Figure 2-1 illustrent ces deux apparences.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface 2-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Écran uniquement Permet d'activer/de désactiver l'affichage Écran uniquement. Les raccourcis clavier s'avèrent particulièrement utiles lorsque vous utilisez Cisco IP Communicator en affichage Écran uniquement. Voir À l'aide des raccourcis clavier, page 2-10. Toujours au-dessus Permet d'activer/de désactiver cette fonction. Lorsqu'elle est activée, cette fonctionnalité permet de toujours afficher Cisco IP Communicator sur votre bureau même si d'autres applications sont actives. Vous pouvez cependant réduire l'interface. Voir Fonctionnement et disponibilité des fonctions, page 2-20. Assistant de réglage audio Permet de lancer l'Assistant de réglage audio, qui permet de sélectionner et de régler les périphériques audio. Voir Utilisation de l'Assistant de réglage audio, page 1-6 et Dépannage Cisco IP Communicator, page 8-1. Coller Permet de copier un numéro à partir d'un programme Windows, de le coller dans la boîte de composition et de cliquer sur Compos. ou d'appuyer sur Entrée pour passer l'appel. Le raccourci clavier de cette fonction est Ctrl + V. Cis c o IP Communicator applique ensuite les règles de numérotation appropriées au numéro, avant de le composer automatiquement. Recherche rapide Permet d'ouvrir la boîte de dialogue Recherche rapide. Le raccourci clavier correspondant à cette boîte de dialogue est Alt + K. La fonction Recherche rapide permet de lancer une recherche dans un ou plusieurs répertoires à l'aide d'une même commande. Voir Utilisation du répertoire personnel, page 6-7. Options utilisateur Cisco Unified CM Permet d'ouvrir la page Web Options utilisateur Cisco Unified CM, où vous pouvez configurer des fonctions, des paramètres et des services téléphoniques IP (notamment les boutons de numérotation abrégée). Voir Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM, page 7-1. Préférences Permet d'ouvrir la boîte de dialogue Préférences, qui regroupe les onglets Utilisateur, Réseau, Audio et Répertoires. Le raccourci clavier correspondant à la boîte de dialogue Préférences est Alt + S. Aide Lance l'aide en ligne de Cisco IP Communicator. À propos de Cisco IP Communicator Affiche les informations sur la version du logiciel Cisco IP Communicator et d'importantes notices sur Cisco IP Communicator. Quitter Permet de quitter Cisco IP Communicator. Élément Description2-13 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface Utilisation des boutons de contrôle de la fenêtre Pour... Procédez comme suit : Accéder au menu Effectuez l'une des opérations suivantes : • Cliquez sur le bouton de menu dans l'angle supérieur droit de l'interface. • Cliquez avec le bouton droit dans l'interface. • Appuyez sur Maj + F10 Réduire l'interface Effectuez l'une des opérations suivantes : • Cliquez sur le bouton de réduction dans le coin supérieur droit de l'interface. • Cliquez une ou plusieurs fois sur le bouton Cisco IP Communicator dans la barre des tâches Basculer entre des modes Effectuez l'une des opérations suivantes : • Cliquez sur le bouton de mode dans le coin supérieur droit de l'interface. • Choisissez Apparences dans le menu. Masquer l'interface Cliquez avec le bouton droit sur l'icône de la barre d'état système et choisissez MasquerCisco IP Communicator. L'icône Cisco IP Communicator disparaît de la barre des tâches mais l'application n'est pas fermée. Récupérer l'interface Effectuez l'une des opérations suivantes : • Double-cliquez sur l'icône de la barre d'état système. • Cliquez sur l'icône de bouton dans la barre des tâches. Quitter Effectuez l'une des opérations suivantes : • Choisissez Quitter dans le menu. • Cliquez avec le bouton droit sur l'icône de la barre d'état système et choisissez Quitter.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface 2-14 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Si vous recevez un appel alors que Cisco IP Communicator est masqué ou réduit, la fenêtre de notification d'appel entrant apparaît si cette option est activée. Si vous avez activé l'option Ramener au premier plan lors d'un appel actif (clic droit > Préférences > onglet Utilisateur), Cisco IP Communicator est automatiquement affiché au premier plan de votre bureau. • Pour que Cisco IP Communicator reste visible sur le bureau même lorsque d'autres applications sont actives, choisissez Toujours au-dessus dans le menu. (Vous pouvez réduire l'interface même lorsque l'option Toujours au-dessus est sélectionnée.) Utilisation de la notification d'appel entrant Choix des éléments apparaissant sur l'écran du téléphone Pour... Procédez comme suit : Répondre à un appel Cliquez n'importe où dans la fenêtre contextuelle (sauf sur l'icône Secret). Couper la sonnerie Cliquez sur l'icône Secret de la fenêtre contextuelle. La fonction Secret s'applique à l'appel qui sonne actuellement. Masquer la notification d'appel entrant Choisissez Préférences > onglet Utilisateur > Masquer la notification d'appel entrant. Pour sélectionner un élément de l'écran du téléphone... Procédez comme suit : En cliquant Cliquez sur un élément de l'écran du téléphone. Sur certains écrans de téléphone (comme l'écran de pré-numérotation) lorsque vous cliquez sur un numéro de téléphone, Cisco IP Communicator risque de composer ce numéro. Un clic sur un élément ou la saisie d'un numéro peuvent déclencher une action. Si l'élément mène à un menu, ce dernier est ouvert.2-15 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface Utilisation des menus de fonctions Par le numéro de l'élément Cliquez sur le numéro correspondant sur votre clavier. Par exemple, cliquez sur 4 pour sélectionner le quatrième élément d'un menu. Par défilement Cliquez sur le bouton Navigation ou utilisez les touches fléchées du clavier pour faire défiler une liste et mettre un élément en surbrillance. Cliquez sur la touche de fonction correspondante, par exemple Sélect. ou Compos. pour achever l'opération. Pour... Procédez comme suit : Ouvrir ou fermer un menu de fonctions Cliquez sur bouton de fonction : • Messages • Services • Aide • Répertoires • Paramètres Faire défiler une liste ou un menu Cliquez sur le bouton Navigation. Remonter d'un niveau au sein d'un menu de fonctions Cliquez sur Quitter. (Notez que si vous cliquez sur Quitter alors que vous êtes dans le niveau supérieur d'un menu, ce dernier est fermé.) Basculer d'un menu de fonctions actif à un autre Cliquez sur un onglet de fonction sur l'écran du téléphone. (À chaque menu d'options correspond un onglet en haut de l'écran du téléphone. Celui-ci est visible lorsque le menu de fonctions est ouvert.) Pour sélectionner un élément de l'écran du téléphone... Procédez comme suit :Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface 2-16 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Saisie et modification d'un texte Combiné décroché et raccroché Certaines tâches et instructions de Cisco IP Communicator varient selon que Cisco IP Communicator est raccroché ou décroché. • Raccroché : aucun appel n'est actif, aucune tonalité. Sur votre Cisco IP Communicator, vous pouvez composer votre numéro le combiné raccroché (pré-numérotation), ce qui vous permet d'entrer ou de sélectionner des numéros de téléphone avant d'activer l'appel. Lorsque votre Cisco IP Communicator est raccroché, l'icône suivante apparaît en regard de chaque numéro de téléphone : • Décroché : le haut-parleur est actif ou une autre méthode est utilisée pour obtenir une tonalité et répondre à un appel entrant. Lorsque le téléphone est décroché, l'une des icônes suivantes apparaît, selon l'état de l'appel ou de la ligne : , , , , ou Rubriques connexes • États et icônes d'appel et de ligne, page 2-17 Pour... Procédez comme suit : Entrer une lettre sur l'écran du téléphone Cliquez pour mettre en surbrillance une fonction d'appel et utilisez le clavier pour entrer des lettres ou des chiffres. Supprimer des caractères dans une entrée ou déplacer le curseur Utilisez la touche Retour arrière du clavier ou cliquez sur << ou sur Suppr. sur l'écran du téléphone pour supprimer une lettre ou un chiffre. Pour déplacer le curseur vers la droite, cliquez sur >> sur l'écran du téléphone. Vous pouvez peut-être utiliser le bouton Navigation ou les touches fléchées gauche et droite de votre clavier.2-17 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface États et icônes d'appel et de ligne • Lignes : chaque ligne est associée à un numéro de répertoire ou intercom que vos interlocuteurs peuvent utiliser pour vous appeler. Votre Cisco IP Communicator prend en charge un maximum de huit lignes, selon sa configuration. Le nombre de lignes dont vous disposez figure dans la partie droite de l'écran du téléphone. Vous disposez d'autant de lignes que de numéros de téléphone et d'icônes de ligne téléphonique : . • Appels : chaque ligne peut prendre en charge plusieurs appels. Par défaut, Cisco IP Communicator prend en charge quatre appels connectés par ligne, mais votre administrateur système peut ajuster ce nombre en fonction de vos besoins. Un seul appel à la fois peut être actif à un moment donné ; les autres appels sont automatiquement mis en attente. Le Tableau 2-4 décrit les icônes qui vous permettront de déterminer l'état des appels et des lignes. Ta b l e a u 2-4 Icônes d'état d'appel et de ligne Icône État de l'appel ou de la ligne Description Ligne raccrochée Aucune activité d'appel sur cette ligne. Si vous composez un numéro avec le téléphone raccroché (pré-numérotation), l'appel ne débute que lorsque vous décrochez. Ligne décrochée Vous êtes en train de composer un numéro ou un appel sortant est en sonnerie. Voir Passer un appel, page 3-3. Appel connecté La communication avec votre interlocuteur est établie. Appel en sonnerie Un appel est en sonnerie sur l'une de vos lignes. Voir Réponse à un appel, page 3-9. Appel en attente Vous avez mis cet appel en attente. Voir Utilisation des fonctions Attente et Reprise, page 3-12. Utilisé à distance Un autre téléphone qui partage votre ligne est associé à un appel connecté. Vo ir Utilisation de lignes partagées, page 3-35. Appel authentifié L'appel connecté est sécurisé. Voir Déconnexion de groupes de recherche, page 3-29. Appel chiffré L'appel connecté est chiffré. Les appels chiffrés sont également authentifiés. Voir Déconnexion de groupes de recherche, page 3-29.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Navigation dans l'interface 2-18 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Le Tableau 2-5 décrit les icônes indiquant comment les boutons de ligne sont configurés. Ta b l e a u 2-5 Icônes de bouton de ligne Icôn e État de l'appel ou de la ligne Description Ligne inactive (FLO) Vo ir Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34. Ligne occupée (FLO) Vo ir Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34. Ligne en mode Ne pas déranger (FLO) Vo ir Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34. Ligne intercom inactive La ligne intercom n'est pas en cours d'utilisation. Voir Établissement ou prise d'appels intercom, page 3-38. Appel intercom unidirectionnel La ligne intercom envoie ou reçoit de l'audio unidirectionnelle. Voir Établissement ou prise d'appels intercom, page 3-38. Appel intercom bidirectionnel Le destinataire a appuyé sur le bouton de ligne intercom pour utiliser la fonction audio bidirectionnelle avec l'appelant. Voir Établissement ou prise d'appels intercom, page 3-38.2-19 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Accès à l'aide en ligne Accès à l'aide en ligne Cisco IP Communicator comprend un système complet d’aide en ligne. Les rubriques d'aide apparaissent sur l'écran du téléphone. Pour... Procédez comme suit : Afficher le menu principal Cliquez sur le bouton Aide de Cisco IP Communicator et attendez quelques secondes que le menu s'affiche. Si l'aide est déjà ouverte, cliquez sur Princ. Les éléments du menu principal sont les suivants : • À propos de Cisco IP Communicator : description détaillée de Cisco IP Communicator • Comment... ? Procédures et informations relatives aux tâches courantes dans Cisco IP Communicator • Fonctions d'appel : description et procédures d'utilisation des fonctions d'appel • Aide : conseils sur l'utilisation et l'accès à l'Aide Obtenir des informations sur un bouton ou une touche de fonction Cliquez sur le bouton Aide, puis cliquez rapidement sur un bouton ou une touche de fonction. Obtenir des informations sur un élément de menu Cliquez sur le bouton Aide, puis cliquez rapidement sur un élément de menu sur l'écran du téléphone. Vous pouvez également cliquer rapidement deux fois sur le bouton Aide après avoir sélectionné l'élément de menu. Apprendre à utiliser l'Aide Cliquez sur le bouton Aide. Attendez une secondes ou deux, puis cliquez de nouveau sur le bouton Aide ou sélectionnez Aide dans le menu principal. Accéder au Guide de l'utilisateur Sélectionnez menu > Aide ou effectuez un clic droit sur > Aide.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator Fonctionnement et disponibilité des fonctions 2-20 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Fonctionnement et disponibilité des fonctions Le fonctionnement de Cisco IP Communicator et les fonctionnalités dont vous disposez peuvent varier selon l'agent de traitement des appels utilisé par votre société et selon la façon dont l'assistance technique de votre société a configuré votre système téléphonique. Pour tout renseignement sur le fonctionnement ou la disponibilité des fonctions, contactez l'assistance technique ou votre administrateur système. Vous pouvez accéder à de nombreuses fonctionnalité en appuyant sur une touche de fonction ou sur un bouton de ligne. Vous pouvez configurer certaines fonctionnalités, mais votre administrateur système contrôle la plupart d'entre elles. Voici quelques informations sur l'accès aux fonctionnalités à l'aide des touches de fonction : Fonctionnalité Touche de fonction Rappel Rappel Renvoi d'appels RenvTt Parcage d'appel Parquer Interception d'appel Intrcpt Conférence Conf. Liste de conférence ListConf Ne pas déranger NPD Mettre fin à un appel FinApp. Interception d'appels de groupe GrpIntr Mise en attente Attente Identification d'appels malveillants IDAM Conférences Meet-Me MeetMe Mobilité Mobilité NvAppel NvAppel Autre groupe de prise d'appel AGrpIntr Outil de génération de rapports sur la qualité QRT Bis Bis Suppression du dernier participant à une conférence SupDerA Trnsfer TrnsferC H A P I T R E 3-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 3 Traitement des appels avec Cisco IP Communicator • Comment traiter les appels simples, page 3-1 • Établissement de conférences téléphoniques, page 3-21 • Traitement des fonctions d'appel avancées, page 3-25 Comment traiter les appels simples Cette section décrit les principales tâches de gestion des appels telles que l'établissement, la prise et le transfert d'appels. Les fonctions nécessaires pour réaliser ces tâches sont standard et disponibles sur la plupart des systèmes téléphoniques. Remarque Le protocole utilisé par votre téléphone peut déterminer les fonctionnalités dont vous disposez. Demandez à votre administrateur quelles fonctionnalités sont prises en charge par votre téléphone. • Passer un appel, page 3-3 • Établissement d'un appel vidéo, page 3-8 • Réponse à un appel, page 3-9 • Fin d'un appel, page 3-11 • Utilisation des fonctions Attente et Reprise, page 3-12Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 • Utilisation de la fonction Secret, page 3-13 • Transfert d'un appel connecté, page 3-14 • Sélection des appels, page 3-15 • Passage d'un appel à l'autre, page 3-15 • Renvoi de vos appels vers un autre numéro, page 3-17 • Utilisation de la fonction Ne pas déranger, page 3-193-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Passer un appel Pour... Procédez comme suit : Pré-numéroter (composer le numéro avec le combiné raccroché, sans entendre de tonalité au départ) • Entrez un numéro de téléphone (la fonction de numérotation automatique peut vous proposer des numéros de téléphone de votre journal Appels composés correspondant aux chiffres saisis). ou • Cliquez sur le bouton Navigation pour afficher les numéros de téléphone de votre journal Appels composés. Cliquez ensuite sur le numéro affiché sur l'écran du téléphone pour le composer. Vous pouvez également effectuer l'une des opérations suivantes pour décrocher le téléphone et composer le numéro en surbrillance : • Cliquez sur le bouton Haut-parleur ou Casque. • Cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. • Cliquez sur un bouton de ligne. • Appuyez sur la touche Entrée du clavier. ou • Faites glisser un numéro à partir d'un programme Windows prenant en charge le glisser-déplacer, déposez-le n'importe où dans l'interface de Cisco IP Communicator, puis cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. • Faites glisser une vCard et déposez-la n'importe où dans l'interface de Cisco IP Communicator. Si la vCard contient plusieurs numéros, sélectionnez celui à composer dans la fenêtre contextuelle et cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. ou • Copiez un numéro à partir d'une autre source, puis cliquez sur Menu > Coller. (Vous pouvez également coller un numéro de téléphone à l'aide du raccourci clavier Ctrl + V.) Le numéro est automatiquement saisi. Cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. Composer le numéro après avoir décroché (après la tonalité) Cliquez sur NvAppel, sur les boutons Haut-parleur ou Casque, ou sur un bouton de ligne, et entrez un numéro. Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rappeler le dernier numéro composé Cliquez sur Bis. Par défaut, la fonction Bis utilise votre ligne principale. Toutefois, vous pouvez ouvrir une ligne secondaire, puis cliquer sur Bis. Pour ouvrir une ligne, cliquez sur un bouton de ligne. Composer un numéro abrégé • Cliquez sur un bouton de numérotation abrégée avant ou après avoir décroché. ou • Entrez un code de numérotation abrégée (de 1 à 99 sur le clavier) avec le téléphone raccroché, puis cliquez sur NumAbr. Passer un appel lorsqu'un autre appel est actif (en utilisant une autre ligne) Cliquez sur un bouton de ligne pour la nouvelle ligne. L'appel de la première ligne est automatiquement mis en attente. Passer un appel lorsqu'un autre appel est actif (en utilisant la même ligne) Cliquez sur Attente, puis sur NvAppel. Vous pouvez à présent composer le numéro ou utiliser la fonction Bis ou la numérotation abrégée. Vous avez également la possibilité de poursuivre l'appel actif tout en vous préparant à composer un numéro à partir d'un journal d'appels ou d'un répertoire Pour récupérer l'appel en attente, cliquez sur Reprend. (voir les deux lignes suivantes de ce tableau pour plus de détails). Composer un numéro à partir d'un journal d'appels Cliquez sur le bouton Répertoires. Sélectionnez Appels en absence, Appels reçus, ou Appels composés. Pour composer un numéro, cliquez dessus ou recherchez-le en faisant défiler la liste et décrochez le téléphone. Si vous souhaitez composer un numéro à partir d'un journal d'appels tout en poursuivant un appel actif, faites défiler la liste pour afficher l'enregistrement souhaité et cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. Choisissez ensuite un élément de menu pour traiter l'appel initial : • Attente : met le premier appel en attente et compose le second. • Transfert : transfère le premier interlocuteur vers le second (cliquez de nouveau sur Transfert pour terminer l'opération). • Conférence : établit une conférence téléphonique entre tous les interlocuteurs (cliquez sur Conf. pour terminer l'opération). • Fin app. : déconnecte le premier appel et compose le second. Pour... Procédez comme suit :3-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Composer une entrée d'un annuaire d'entreprise sur le téléphone Cliquez sur le bouton Répertoires. Sélectionnez Répertoire d'entreprise (le nom exact de ce service peut varier). Entrez les lettres à l'aide du clavier, puis cliquez sur Recher. Pour composer un numéro, cliquez dessus ou recherchez-le en faisant défiler la liste et décrochez le téléphone. Si vous souhaitez composer un numéro à partir d'un répertoire tout en poursuivant un appel actif, faites défiler la liste pour afficher l'enregistrement souhaité et cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. Choisissez ensuite un élément de menu pour traiter l'appel initial : • Attente : met le premier appel en attente et compose le second. • Transfert : transfère le premier interlocuteur vers le second (cliquez de nouveau sur Transfert pour terminer l'opération). • Conférence : établit une conférence téléphonique entre tous les interlocuteurs (cliquez sur Conf. pour terminer l'opération). • Fin app. : déconnecte le premier appel et compose le second. Composer un numéro à partir d'un répertoire d'entreprise de votre ordinateur personnel à l'aide Cisco WebDialer • Ouvrez un navigateur Web et accédez à un répertoire d'entreprise compatible avec WebDialer. • Cliquez sur le numéro à composer. Voir le guide Customizing Your Cisco Unified IP Phone on the Web (Personnalisation de votre téléphone IP Cisco Unified) pour plus de détails : http://www.cisco.com/en/US/products/hw/phones/ps379/products_user_ guide_list.html Utiliser la fonction de rappel de Cisco pour recevoir une notification lorsqu'un poste occupé ou qui ne répond pas se libère • Appuyez sur Rappel lorsque vous entendez la tonalité occupé ou la sonnerie. • Raccrochez. Votre téléphone vous avertit lorsque la ligne se libère. • Passez à nouveau l'appel. Pour... Procédez comme suit :Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Voir si une ligne associée à la numérotation abrégée, à l'enregistrement d'appel, ou à l'inscription à un répertoire est occupée avant de passer un appel sur cette ligne Recherchez des indicateurs de fonction de ligne occupée. Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34 Composer un numéro en mode Casque • Si le bouton Casque n'est pas allumé, cliquez dessus avant ou après la numérotation, la recomposition du dernier numéro (bis) ou la composition d'un numéro abrégé. ou • Si le bouton Casque est allumé, cliquez sur NvAppel, Bis, un bouton de numérotation abrégée ou un bouton de ligne. Le cas échéant, entrez un numéro de téléphone et cliquez sur Compos. ou appuyez sur la touche Entrée du clavier. Voir Utilisation d'un casque, page 5-2. Composer un numéro en mode Haut-parleur Vérifiez tout d'abord qu'aucun casque analogique n'est branché sur les prises jacks audio de l'ordinateur. Cliquez sur NvAppel ou sur appuyez sur le bouton Haut-parleur et saisissez un numéro de téléphone. Vous pouvez également utiliser une autre méthode pour passer l'appel, puis cliquer sur le bouton Haut-parleur pour basculer en mode Haut-parleur. Un grand nombre d'opérations réalisées lorsque vous composez un numéro entraînent le déclenchement automatique du mode Haut-parleur. Voir Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4. Composer un numéro en mode Combiné Décrochez le combiné avant ou après la numérotation, la recomposition du dernier numéro (bis) ou la composition d'un numéro abrégé. Voir Utilisation d'un combiné USB, page 5-5. Pour... Procédez comme suit :3-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Composer un numéro à partir de votre carnet d'adresses personnel Uniquement disponible si activé sur Cisco Unified Communications Manager (anciennement Cisco Unified CallManager). Renseignez-vous auprès de votre administrateur système. • Si vous utilisez une autre version de Cisco Unified Communications Manager que la version 4.x, cliquez sur le bouton Répertoires et sélectionnez Répertoire personnel. • Si vous utilisez Cisco Unified Communications Manager 4.x, cliquez sur le bouton Services et sélectionnez Service PAB (le nom exact peut varier). (Selon la configuration, vous pourrez également utiliser la fonction Recherche rapide. Consultez la Utilisation du répertoire personnel, page 6-7.) Avant d'utiliser ce service, vous devez vous y abonner. Voir Utilisation de votre Carnet d'adresses personnel. Composer un numéro à l'aide d'un code de numérotation abrégée Uniquement disponible si activé sur Cisco Unified Communications Manager (anciennement Cisco Unified CallManager). Renseignez-vous auprès de votre administrateur système. • Si vous utilisez une autre version de Cisco Unified Communications Manager que la version 4.x, cliquez sur le bouton Répertoires et sélectionnez Répertoire personnel. • Si vous utilisez Cisco Unified Communications Manager 4.x, cliquez sur le bouton Services et sélectionnez Fast Dials (Numérotation abrégée) (le nom exact peut varier). Pour composer un numéro à partir d'une liste, cliquez dessus ou sélectionnez-le et décrochez. Pour plus d'informations sur le service de numérotation abrégée, consultez la Configuration de numéros abrégés, page 7-4. Passer un appel en utilisant un code de facturation ou de suivi Composez un numéro ou entrez un code d'affaire client ou un code d'autorisation forcée lorsque vous entendez une tonalité différente. L'administrateur système vous indiquera si vous avez besoin d'entrer ces types de code et peut vous fournir des instructions détaillées si nécessaire. Pour... Procédez comme suit :Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Pour ajouter un préfixe à un numéro figurant dans l'un de vos journaux d'appels, sélectionnez le numéro et cliquez sur ModNum. • Si vous composez le numéro avant de décrocher, le numéro ne peut pas commencer par un astérisque (*) ou le signe dièse (#). Si vous avez besoin d'utiliser ces caractères, décrochez le combiné pour obtenir la tonalité et composez le numéro. Rubriques connexes • Réponse à un appel, page 3-9 • Fin d'un appel, page 3-11 Établissement d'un appel vidéo Lorsque vous utilisez Cisco IP Communicator avec Cisco Unified Video Advantage, vous pouvez passer des appels vidéo. Pour passer un appel vidéo, vous devez remplir les critères suivants : • Cisco Unified Video Advantage doit être installé sur votre système. • Cisco IP Communicator doit être activé pour les appels vidéo sur le serveur de traitement des appels. Après l'activation, Cisco IP Communicator affiche l'icône dans le coin inférieur droit de l'écran du téléphone. Passer un appel prioritaire Entrez le numéro d'accès MLPP (Multilevel Precedence and Preemption) (fourni par votre administrateur système), puis le numéro de téléphone. Passer un appel en utilisant votre profil de mobilité de poste Cisco Vérifiez que vous êtes connecté à la fonction de mobilité de poste. Appuyez sur le bouton Services et sélectionnez Service EM (le nom exact de ce service peut varier), puis entrez vos informations de connexion à l'aide du clavier. Si vous partagez un téléphone, il se peut que vous deviez vous connecter au service de mobilité de poste pour accéder à certaines fonctions ou passer un appel. Le service de mobilité de poste est une fonction spéciale qui n'est pas disponible par défaut et que votre administrateur système peut affecter aux téléphones et à leurs utilisateurs. Pour... Procédez comme suit :3-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples • Vous devez lancer Cisco Unified Video Advantage avant d'établir l'appel vidéo. • Votre correspondant doit également satisfaire aux mêmes critères et utiliser un périphérique qui soit un point d'accès vidéo. Si vous souhaitez activer votre téléphone pour les appels vidéo, contactez votre administrateur système pour obtenir de l'aide et consultez le guide d'utilisation de Cisco Unified Video Advantage : http://www.cisco.com/en/US/products/sw/voicesw/ps5662/products_user_ guide_list.html Réponse à un appel Pour... Procédez comme suit : Répondre en mode Casque Cliquez sur le bouton Casque, s'il n'est pas allumé. Ou, si le bouton Casque est allumé, cliquez sur Répond. ou sur un bouton de ligne clignotant. Voir Utilisation d'un casque, page 5-2. Répondre en mode Haut-parleur Cliquez sur le bouton Haut-parleur ou Répond. ou sur un bouton de ligne clignotant. Voir Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4. Répondre en mode Combiné Soulevez le combiné (ou activez-le comme il convient). Voir Utilisation d'un combiné USB, page 5-5. Prendre un appel à l'aide du raccourci clavier Appuyez sur F2 ou sur Ctrl + Maj + A sur votre clavier. Répondre avec la notification d'appel entrant Cliquez sur l'icône de sonnerie ou sur les informations d'ID de l'appelant. Si vous cliquez sur l'icône Secret dans la fenêtre de notification d'appel entrant qui apparaît au cours d'un appel actif, la sonnerie est coupée et la fenêtre de notification disparaît. Vous devez revenir dans l'interface de l'application pour afficher les détails de l'appel placé en mode Secret et désactiver cette fonction pour les futurs appels entrants. Répondre à un appel en sonnerie à partir d'un appel déjà connecté Voir Passage d'un appel à l'autre, page 3-15 et Utilisation des fonctions Attente et Reprise, page 3-12.Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Fin d'un appel, page 3-11 • Utilisation des fonctions Attente et Reprise, page 3-12 • Transfert d'un appel connecté, page 3-14 • Passage d'un appel à l'autre, page 3-15 • Utilisation de la fonction de mobilité de poste de Cisco, page 3-26 Paramétrer Cisco IP Communicator pour qu'il se connecte automatiquement à l'appel entrant après une ou deux sonneries Demandez à votre administrateur de configurer la fonction Réponse automatique pour vos lignes. Vous pouvez utiliser cette fonction en mode Haut-parleur ou Casque. Voir Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator, page 5-1. Récupérer ou permettre à une autre personne de récupérer un appel en attente sur un autre téléphone (celui d'une salle de conférence, par exemple) Utilisez la fonction de parcage d'appel. Voir Utilisation de la fonction de mobilité de poste de Cisco, page 3-26. Utiliser votre téléphone pour répondre à un appel en sonnerie sur un autre téléphone Utilisez la fonction d'interception d'appels. Voir Redirection d'un appel entrant vers Cisco IP Communicator, page 3-33. Répondre à un appel prioritaire Mettez fin à l'appel en cours en raccrochant, puis cliquez sur Répond. Envoyer un appel entrant directement vers votre système de messagerie vocale Cliquez sur Rvoi Im. L'appel entrant est automatiquement transféré vers l'annonce d'accueil de votre messagerie vocale. Prendre un appel sur votre téléphone portable ou à sur un autre périphérique cible distant Configurez Mobile Connect et répondez au téléphone. Lorsque vous activez Mobile Connect : Les appels sont simultanément reçus sur votre Bureau et sur les périphériques cibles à distance. Lorsque vous prenez l'appel sur votre téléphone de bureau, les périphériques cibles distants cessent de sonner, sont déconnectés, et affichent un message indiquant un appel en absence. Lorsque vous prenez l'appel sur un périphérique cible distant, les autres périphériques cibles distants cessent de sonner, sont déconnectés, et un message indiquant un appel en absence s'affiche sur les autres périphériques cibles distants. Pour... Procédez comme suit :3-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Fin d'un appel Conseil Vous devez conserver le mode Casque activé pour utiliser la fonction Réponse automatique avec le casque (cette fonction doit être configurée par l'administrateur système). Si vous utilisez un casque sans la fonction Réponse automatique, il peut également être préférable de maintenir le mode Casque activé. Voir Obtention de périphériques audio, page 5-1. Rubriques connexes • Passer un appel, page 3-3 • Réponse à un appel, page 3-9 • Transfert d'un appel connecté, page 3-14 Pour... Procédez comme suit : Raccrocher lorsque vous utilisez le mode Combiné Désactivez le combiné, cliquez sur FinApp ou appuyez sur la touche Échap du clavier. Voir Utilisation d'un combiné USB, page 5-5. Raccrocher lorsque vous utilisez le mode Casque Cliquez sur le bouton Casque, s'il est allumé. Pour que le mode Casque reste actif, maintenez le bouton allumé en cliquant sur FinApp ou en appuyant sur la touche Échap du clavier. Vo ir Utilisation d'un casque, page 5-2. Raccrocher lorsque vous utilisez le mode Haut-parleur Cliquez sur FinApp ou appuyez sur la touche Échap du clavier. Vo ir Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4. Mettre fin à un appel sans pour autant mettre fin à un autre appel sur la même ligne Cliquez sur FinApp ou appuyez sur la touche Échap. Si nécessaire, commencez par cliquer sur Reprend pour récupérer un appel en attente.Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation des fonctions Attente et Reprise Vous pouvez mettre en attente ou reprendre des appels. Lorsque vous mettez un appel en attente, l'icône Attente apparaît en regard de l'ID de l'appelant et le bouton de ligne correspondant clignote en vert. Si la fonction d'inversion de la mise en attente est activée pour votre téléphone, les appels mis en attente sonnent à nouveau après un certain temps. L'appel « inversé » reste en attente jusqu'à ce que vous le repreniez ou jusqu'à l'expiration du délai d'inversion. Votre téléphone indique la présence d'un appel inversé : • En vous avertissant à intervalles réguliers à l'aide d'une simple sonnerie (ou d'un clignotement ou d'un bip, selon la configuration de votre ligne téléphonique). • En affichant brièvement un message d'inversion de mise en attente dans la barre d'état au bas de l'écran du téléphone. • En affichant l'icône animée d'inversion de mise en attente en regard de l'ID de l'appelant correspondant à l'appel en attente. • En affichant un bouton de ligne clignotant de couleur orange (selon l'état de la ligne). Pour... Procédez comme suit : Mettre un appel en attente 1. Vérifiez que l'appel à mettre en attente est sélectionné. 2. Cliquez sur Attente. Reprendre sur la ligne active un appel mis en attente 1. Vérifiez que l'appel adéquat et mis en surbrillance. 2. Cliquez sur Reprendre. Reprendre sur une autre ligne un appel mis en attente 1. Cliquez sur un bouton de ligne vert clignotant. Si cette ligne ne comporte qu'un seul appel en attente, la reprise de ce dernier est automatique. 2. Si elle en comporte plusieurs, assurez-vous que l'appel concerné est mis en surbrillance, puis cliquez sur Reprend.3-13 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Conseils • Habituellement, l’activation de la fonction de mise en attente génère de la musique ou un bip. • Si un message vous alerte simultanément d'un appel entrant et d'un appel inversé, l'écran de votre téléphone affiche par défaut l'appel entrant. Votre administrateur système peut changer cette priorité d'affichage. • Si vous utilisez une ligne partagée, l'inversion de mise en attente ne sonne que sur le téléphone sur lequel l'appel a été mis en attente, et non sur les autres téléphones qui partagent la ligne. • L'intervalle entre les alertes d'inversion est déterminé par votre administrateur système. Utilisation de la fonction Secret La fonction Secret coupe le son du casque, du haut-parleur ou du microphone. Lorsque la fonction Secret est activée, vous pouvez entendre vos interlocuteurs, mais ces derniers ne peuvent pas vous entendre. Remarque Si vous lancez Cisco IP Communicator alors que votre périphérique audio ou ordinateur est mis en sourdine, la fenêtre Vérifier les paramètres audio vous invite à rétablir, régler ou annuler vos paramètres audio. Si les paramètres audio que vous aviez définis auparavant fonctionnaient correctement, choisissez Rétablir. Si vous souhaitez les afficher ou les modifier, choisissez Régler. Pour conserver la fonction Secret activée, choisissez Annuler. Pour... Procédez comme suit : Activer la fonction Secret Cliquez sur le bouton Secret qui n'est pas allumé. Désactiver la fonction Secret Cliquez sur le bouton Secret qui est allumé.Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-14 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Transfert d'un appel connecté Le transfert permet de rediriger un appel connecté. La cible est le numéro vers lequel vous souhaitez transférer l'appel. Conseils • Si le transfert en mode téléphone raccroché est activé, vous pouvez raccrocher directement ou cliquer sur Trnsfer avant de raccrocher. • S'il n'est pas activé sur votre téléphone, sachez que le fait de raccrocher plutôt que de cliquer surCisco IP Communicator Trnsfer a pour effet d'annuler le transfert et de mettre en attente la personne dont l'appel doit être transféré. • Vous ne pouvez pas utiliser la touche Trnsfer pour rediriger un appel en attente. Cliquez sur Reprend. pour le reprendre avant de le transférer. Pour... Procédez comme suit : Transférer un appel sans en informer le destinataire du transfert Au cours de l'appel, cliquez sur Transférer et entrez le numéro cible. Quand vous entendez la sonnerie d'appel, cliquez de nouveau sur Transférer. Informer le destinataire du transfert avant de lui transférer un appel (transférer en consultant) Au cours de l'appel, cliquez sur Transférer et entrez le numéro cible. Patientez quelques instants pour laisser le temps au destinataire du transfert de répondre. Si le destinataire accepte l'appel transféré, cliquez de nouveau sur Transférer. Si le destinataire refuse l'appel, appuyez sur Reprend. pour récupérer l'appel initial. Transférer deux appels en cours l'un vers l'autre (transfert direct) Sélectionnez un appel sur la ligne, puis cliquez sur Sélect. Renouvelez cette procédure pour le second appel. Lorsque l'un des appels sélectionnés est mis en surbrillance, cliquez sur TrnsDir (il se peut que vous deviez au préalable cliquer sur autres pour afficher cette option.) Les deux appels se connectent l'un à l'autre et vous ne participez plus à l'appel. Pour rester en ligne avec ces interlocuteurs, utilisez l'option Joindre pour créer une conférence téléphonique. Transférer un appel vers votre système de messagerie vocale Cliquez sur Rvoi Im. L'appel est automatiquement transféré vers le message d'accueil de votre messagerie vocale. Cette fonction est disponible lorsqu'un appel est actif, en sonnerie ou en attente.3-15 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Sélection des appels De nombreuses fonctions de Cisco IP Communicator nécessitent que vous sélectionniez les appels à utiliser avec une fonction particulière. Par exemple, si vous avez quatre appels en attente mais que vous souhaitiez ne joindre que deux d'entre eux à une conférence téléphonique, vous pouvez sélectionner les appels à ajouter avant d'activer la fonction de conférence. Passage d'un appel à l'autre Vous pouvez passer d'un appel à l'autre sur une ou plusieurs lignes. Si l'appel vers lequel vous souhaitez basculer n'est pas sélectionné (mis en surbrillance) automatiquement, cliquez sur l'image qui lui est associée sur l'écran du téléphone. Pour... Procédez comme suit : Mettre un appel en surbrillance Cliquez sur un appel dans la liste des appels. Les appels mis en surbrillance apparaissent sur un fond plus clair et plus lumineux. Sélectionner un appel Mettez en surbrillance un appel connecté ou en attente, puis cliquez sur Sélect. Les appels sélectionnés sont signalés par une coche. Vérifier les appels sélectionnés Cliquez sur le bouton Navigation pour faire défiler la liste des appels. Les appels sélectionnés sont signalés par une coche et regroupés au sein de la liste des appels. Pour... Procédez comme suit : Basculer entre des appels connectés sur une ligne Sélectionnez l'appel vers lequel vous souhaitez basculer et cliquez sur Reprend. L'autre appel est automatiquement mis en attente. Basculer entre des appels connectés sur des lignes différentes Cliquez sur le bouton de ligne vert clignotant qui correspond à la ligne (et à l'appel) vers laquelle vous souhaitez basculer. Si cette ligne ne comporte qu'un seul appel en attente, la reprise de ce dernier est automatique. Si elle en comporte plusieurs, mettez en surbrillance l'appel concerné (si nécessaire) et cliquez sur Reprend. Répondre à un appel en sonnerie à partir d'un appel déjà connecté Cliquez sur Répond. ou sur un bouton de ligne jaune clignotant. Cette procédure permet de répondre au nouvel appel et de placer automatiquement le premier appel en attente. Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-16 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Un seul appel à la fois peut être actif à un moment donné ; les autres appels connectés sont automatiquement mis en attente. • Lorsque vous avez plusieurs appels sur une même ligne, les appels avec le niveau de priorité le plus élevé et dont la durée est la plus longue apparaissent en haut de la liste des appels. • Les appels d'un même type sont regroupés au sein de la liste des appels. Par exemple, les appels auxquels vous avez participé sont regroupés vers le haut ; ensuite viennent les appels sélectionnés. Ceux auxquels vous n'avez pas encore répondu sont regroupés en bas (en dernier). Passer d'un appel entrant à l'autre à l'aide de la notification d'appel entrant Cliquez dans la fenêtre de notification de l'appel entrant (sauf sur l'icône Secret). L'appel actif est ainsi mis en attente et vous pouvez répondre à l'appel entrant. Afficher la liste des appels actifs Cliquez sur un bouton de ligne vert pendant un appel actif afin de revenir à l'écran principal en masquant les informations associées à l'appel actif. Vous obtenez ainsi la liste de tous les appels actifs sur chacune de vos lignes. Il s'agit de l'appel actif ou, si tous les appels sont en attente, de l'appel qui est en attente depuis la plus longue durée. Cliquez de nouveau sur le bouton de ligne vert pour revenir à l'affichage initial. Consulter tous les appels sur une ligne donnée Cliquez sur le bouton Aide puis cliquez immédiatement sur le bouton de ligne. Cette action permet d'afficher les détails sur l'appel sans affecter l'état de l'appel. Utilisez cette procédure lorsque vous êtes sur une ligne et que vous voulez afficher les appels en attente sur une autre ligne. Pour... Procédez comme suit :3-17 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples Transfert d'un appel en cours vers un autre téléphone Si vous utilisez la configuration Mobile Connect, vous pouvez transférer les appels en cours du téléphone logiciel Cisco IP Communicator vers votre téléphone portable ou vers une autre destination distante. Renvoi de vos appels vers un autre numéro Vous pouvez utiliser les fonctions de renvoi d'appel pour rediriger des appels entrants de votre téléphone vers un autre numéro. Remarque Entrez le numéro cible pour le renvoi de tous les appels exactement comme vous le composeriez sur votre téléphone. Par exemple, si nécessaire, entrez un code d'accès, tel que le 9 ou l'indicatif régional. Pour... Procédez comme suit : Transférer un appel en cours de votre téléphone logiciel Cisco IP Communicator vers un téléphone portable Appuyez sur la touche de fonction Mobilité et sélectionez Transférer l'appel vers le téléphone portable. Prenez l'appel en cours sur votre téléphone portable. Le bouton de la ligne téléphonique devient rouge et des icônes de combiné et le numéro de l'appelant sont affichés à l'écran du téléphone. Bien que vous ne puissiez pas utiliser la même ligne téléphonique pour d'autres appels, vous pouvez prendre ou passer des appels sur une autre ligne si votre téléphone prend en charge plusieurs lignes. Transférer un appel en cours d'un téléphone portable vers le téléphone logiciel Cisco IP Communicator Raccrochez votre téléphone portable pour déconnecter le téléphone portable mais pas l'appel. Appuyez sur Reprend. sur votre téléphone dans les 4 secondes et commencez à parler au téléphone de bureau.Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-18 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Votre administrateur système peut vous proposer de choisir entre deux types de fonctions de renvoi d'appels : • Le renvoi d'appels sans condition (Renvoi de tous les appels) : s'applique à tous les appels que vous recevez. • Le renvoi d'appel conditionnel (Renvoi si sans réponse, Renvoi si occupé, Pas de couverture) : s'applique à certains appels que vous recevez, sous certaines conditions. Vous pouvez accéder à la fonction de renvoi de tous les appels sur votre téléphone; les autres fonctions de renvoi d'appels ne sont accessibles que sur les pages Web Options utilisateur Cisco Unified CM. Votre administrateur système détermine quelles fonctions de renvoi d'appels sont disponibles sur votre téléphone. Conseils • Entrez le numéro cible du renvoi d'appels exactement comme si vous le composiez sur votre téléphone. Par exemple, le cas échéant, entrez un code d'accès ou l'indicatif régional. Pour... Procédez comme suit : Configurer le renvoi de tous vos appels sur votre ligne principale Appuyez sur RenvTt ou Renvoyer tout, puis entrez un numéro de téléphone cible. Annuler le renvoi de tous les appels sur votre ligne principale Appuyez surRenvTt ou Renvoyer tout. Vérifier que le renvoi de tous les appels est activé sur votre ligne principale Recherchez : • L'icône de renvoi d'appel au-dessus du numéro de téléphone principal : . • Le numéro cible du renvoi d'appel sur la ligne d'état. Configurer ou annuler le renvoi d'appels à distance, ou pour une ligne secondaire 1. Accédez aux pages Web Options utilisateur Cisco Unified CM. 2. Allez aux paramètres de renvoi d'appel. Voir Contrôle des paramètres de ligne, page 7-10. Remarque Lorsque la fonction de renvoi d'appels est activée pour toute autre ligne que la ligne principale, aucun signal sur votre téléphone ne vous confirme que les appels sont bien renvoyés. Vous devez vérifier vos paramètres dans les pages Web Options utilisateur Cisco Unified CM. 3-19 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples • Le renvoi d'appel dépend de la ligne téléphonique. Si le renvoi d'appels n'est pas activé sur la ligne sur laquelle il arrive, l'appel déclenche la sonnerie normale. • Votre administrateur système peut activer une fonction d'annulation du renvoi d'appel pour que la personne qui reçoit vos appels transférés puisse vous joindre. Lorsque l'annulation est activée, les appels passés à partir du téléphone cible vers votre téléphone ne sont pas transférés ; ils déclenchent une sonnerie sur votre poste. Rubriques connexes • Réponse à un appel, page 3-9 • Transfert d'un appel connecté, page 3-14 • Traitement des fonctions d'appel avancées, page 3-25 Utilisation de la fonction Ne pas déranger Vous pouvez utiliser la fonction Ne pas déranger (NPD) pour bloquer les appels entrants sur votre téléphone à l'aide de la tonalité occupé. Lorsque la fonction NDP et le renvoi d'appels sont activés sur votre téléphone, les appels sont renvoyés et l'appelant n'entend pas de tonalité occupé.Chapitre 3 Traitement des appels avec Cisco IP Communicator Comment traiter les appels simples 3-20 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Lorsque vous activez la fonction NPD : – Cisco IP Communicator ne bloque ni les appels à destination de lignes intercom, ni les appels critiques tels que les appels provenant de Cisco Emergency Responder et les appels MLPP. – Cisco IP Communicator n'enregistre pas les appels entrants dans le journal des Appels en absence de votre téléphone. – Si vous avez également activé Renvoyer tout, cette fonction est prioritaire sur les appels entrants. C'est-à-dire que Cisco IP Communicator transfère tous vos appels, et que l'appelant n'entend pas de tonalité occupé. – Si la fonction Renvoi si occupé est activée sur votre ligne, Cisco IP Communicator transfère les appels au numéro Renvoi si occupé. Les appelants n'entendent pas de tonalité occupé. • Si la fonction NPD est désactivée sur votre téléphone, contactez votre administrateur système. Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Pour... Procédez comme suit : Activer la fonction Ne pas déranger 1. Cliquez sur Paramètres> Configuration du périphérique> Préférences d'appel> Ne pas déranger. 2. Sélectionnez Oui, puis cliquez sur Enregistrer. Ne pas déranger s'affiche sur la ligne d'état et la touche de fonction NPD est ajoutée. Désactiver la fonction NPD Cliquez sur la touche de fonction NPD. La touche de fonction NPD est supprimée. Personnaliser les options Ne pas déranger 1. Sélectionnez Options utilisateur Cisco Unified CM. 2. Accédez aux pages Web Options utilisateur Cisco Unified CM. 3. À partir du menu déroulant, choisissez Options utilisateur> Périphérique 4. Sélectionnez le Nom de votre périphérique Cisco IP Communicator. 5. Il est possible d'utiliser les caractères génériques suivants : – Ne pas déranger : Activer/désactiver NPD. – Alerte d’appel entrant avec la fonction NPD : configurez l'alerte afin qu'elle émette unbip seulement ou qu'elle clignote seulement, ou désactivez toutes les notifications visuelles et sonores. 3-21 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Établissement de conférences téléphoniques Établissement de conférences téléphoniques Vous pouvez créer une conférence de différentes manières, en fonction de vos besoins et des fonctions disponibles sur votre téléphone. • Conférence : Permet de créer une conférence standard (ad hoc) en appelant chaque participant. Utilisez la touche de fonction Conf. • Joindre : permet de créer une conférence standard (ad hoc) en associant des appels existants. Utilisez la touche de fonction Joindre. La fonction Joindre n'est disponible que sur les téléphones SCCP. • InsConf : permet de créer une conférence standard (ad hoc) en vous ajoutant à un appel sur une ligne partagée. Appuyez sur un bouton de ligne ou sur la touche de fonction InsConf. La fonction InsConf est disponible uniquement sur les téléphones qui utilisent des lignes partagées. • Meet-Me : permet de créer ou de rejoindre une conférence en appelant un numéro de conférence. Utilisez la touche de fonction MeetMe. Utilisation de la fonction Conférence. Pour... Procédez comme suit : Créer une conférence 1. Au cours d'un appel, appuyez sur Conf. (Il se peut que vous deviez appuyer sur la touche autres pour accéder à la touche Conf.) 2. Entrez le numéro de téléphone du participant. 3. Attendez que l'appel soit établi. 4. Appuyez de nouveau sur Conf. pour ajouter ce participant à votre appel. 5. Répétez cette procédure pour ajouter d'autres participants. Ajouter de nouveaux participants à une conférence existante Répétez les étapes ci-dessus. Votre administrateur système détermine si vous pouvez ajouter ou supprimer des participants si vous n'êtes pas l'organisateur de la conférence.Chapitre 3 Traitement des appels avec Cisco IP Communicator Établissement de conférences téléphoniques 3-22 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation de la fonction Joindre (uniquement sur les téléphones SCCP) La fonction Joindre permet de combiner plusieurs appels existants afin de créer une conférence à laquelle vous participez. Pour... Procédez comme suit : Créer une conférence en joignant des appels existants passés sur une même ligne téléphonique 1. À partir d'un appel actif, mettez en surbrillance un autre appel à inclure dans la conférence, puis appuyez sur Sélect. 2. Répétez cette étape pour chacun des appels à ajouter. 3. Appuyez sur Joindre. (Il se peut que vous deviez appuyer sur la touche de fonction autres pour accéder à la touche Joindre.) Créer une conférence en joignant des appels existants passés sur plusieurs lignes téléphoniques 1. À partir d'un appel en cours, appuyez sur Joindre. (Il se peut que vous deviez appuyer sur la touche de fonction autres pour accéder à la touche Joindre.) 2. Appuyez sur le bouton de ligne vert clignotant correspondant aux appels à inclure à la conférence. L'un des événements suivants se produit : • Les appels sont joints. • Une fenêtre s'ouvre sur l'écran du téléphone ; un message vous y invite à sélectionner les appels à joindre. Mettez les appels en surbrillance et appuyez ensuite sur Sélect, puis sur Joindre pour terminer l'opération. Remarque Si votre téléphone ne prend pas en charge la fonction Joindre pour les appels sur plusieurs lignes, transférez les appels vers une ligne unique. Vous pourrez alors utiliser la fonction Joindre. Combiner deux conférences existantes Utilisez les touches de fonction Joindre ou TrnsDir. Demandez à votre administrateur système si votre système est équipé de cette fonction.3-23 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Établissement de conférences téléphoniques Utilisation de la fonction InsConf Vous pouvez créer une conférence en utilisant la fonction InsConf pour vous ajouter à un appel sur une ligne partagée. Utilisation de la fonction Meet-Me Le mode de conférence téléphonique Meet-Me permet de démarrer une conférence ou de s'y joindre en composant son numéro. Pour... Procédez comme suit : Créer une conférence en vous connectant par insertion à un appel sur une ligne partagée Appuyez sur le bouton de ligne correspondant à la ligne partagée. Dans certains cas, vous devez mettre l'appel en surbrillance et appuyer sur InsConf pour terminer l'opération. Pour plus d'informations, consultez Procédure pour se connecter personnellement à un appel sur une ligne partagée, page 3-36. Pour... Procédez comme suit : Lancer une conférence Meet-Me 1. Demandez à votre administrateur système un numéro de téléphone Meet-Me. 2. Communiquez ce numéro à tous les participants. 3. Lorsque vous êtes prêt à lancer la conférence, décrochez pour obtenir une tonalité, puis appuyez sur MeetMe. 4. Composez le numéro de la conférence Meet-Me. Les participants peuvent à présent se joindre à la conférence en composant le numéro correspondant. Remarque Les participants entendront une tonalité occupé s'ils composent le numéro de la conférence avant que l'organisateur ne soit lui-même connecté. Dans ce cas, ils doivent rappeler.Chapitre 3 Traitement des appels avec Cisco IP Communicator Établissement de conférences téléphoniques 3-24 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Affichage ou exclusion des participants à une conférence Rejoindre une conférence Meet-Me Composez le numéro de la conférence Meet-Me (que vous a communiqué l'organisateur de la conférence). Remarque Vous entendrez une tonalité occupé si vous composez le numéro de la conférence avant que l'organisateur ne soit connecté. Dans ce cas, rappelez ultérieurement. Mettre fin à une conférence Meet-Me Tous les participants doivent raccrocher. La conférence ne s'arrête pas automatiquement lorsque l'organisateur se déconnecte. Pour... Procédez comme suit : Afficher la liste des participants à une conférence Appuyez sur ListConf. Les participants sont répertoriés dans l'ordre dans lequel ils rejoignent la conférence, les derniers à la rejoindre apparaissant en tête de liste. Mettre à jour la liste des participants à une conférence Lorsque la liste des participants à la conférence est affichée, appuyez sur MàJ. Savoir qui a organisé la conférence La liste des participants à la conférence étant affichée, recherchez le participant qui apparaît au bas de la liste, avec un astérisque (*) en regard de son nom. Exclure un participant de la conférence La liste étant affichée, mettez en surbrillance le nom du participant, puis appuyez sur Suppr. Abandonner le dernier interlocuteur à avoir rejoint la conférence Alors que la liste des participants à la conférence est affichée, appuyez sur SupDerA ou sur Supprimer dernier participant. Pour... Procédez comme suit :3-25 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Traitement des fonctions d'appel avancées Les tâches avancées de traitement des appels font intervenir des fonctions spéciales (non standard) que votre administrateur système peut configurer sur Cisco IP Communicator en fonction de vos besoins et de votre environnement de travail. Par défaut, vous ne pouvez pas accéder à ces fonctions. • Utilisation de la fonction de mobilité de poste de Cisco, page 3-26 • Traitement des appels professionnels à l'aide d'un seul numéro de téléphone, page 3-27 • Utilisation de la fonction de mobilité de poste de Cisco, page 3-26 • Déconnexion de groupes de recherche, page 3-29 • Suivi des appels suspects, page 3-31 • Donner la priorité aux appels critiques, page 3-32 • Redirection d'un appel entrant vers Cisco IP Communicator, page 3-33 • Rappel d'une ligne occupée dès qu'elle devient disponible, page 3-34 • Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34 • Utilisation de lignes partagées, page 3-35 • Établissement ou prise d'appels intercom, page 3-38Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-26 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation de la fonction de mobilité de poste de Cisco La fonctionnalité de mobilité de poste de Cisco (EM, Cisco Extension Mobility) permet de configurer temporairement un téléphone Cisco Unified IP comme étant le vôtre. Lorsque vous vous connectez à EM, le téléphone adopte votre profil utilisateur, vos lignes téléphoniques, vos fonctions, vos services établis et vos paramètres Web. Seul l'administrateur système peut configurer la mobilité de poste. Conseils • Vous êtes automatiquement déconnecté de la mobilité de poste au bout d'un certain temps. Ce délai est déterminé par l'administrateur système. • Les modifications que vous apportez à votre profil de mobilité de poste dans les pages Web Options utilisateur sont prises en compte immédiatement si vous êtes connecté à la fonction de mobilité de poste par téléphone. Sinon, elles ne seront prises en compte qu'à votre prochaine connexion. • Les modifications que vous apportez à votre téléphone dans les pages Web Options utilisateur sont prises en compte immédiatement si vous êtes déconnecté d'EM. Sinon, elles prendront effet après votre déconnexion. • Les paramètres locaux réglables sur le téléphone ne sont pas enregistrés dans votre profil de mobilité de poste. Pour... Procédez comme suit : Vous connecter au service EM 1. Cliquez sur le bouton Services et sélectionnez Service EM (le nom de la fonction peut varier). 2. Saisissez votre ID utilisateur et votre numéro d'identification personnel (fournis par votre administrateur système). 3. Si vous y êtes invité, sélectionnez un profil de périphérique. Vous déconnecter du service EM 1. Cliquez sur le bouton Services et sélectionnez Service EM (le nom de la fonction peut varier). 2. Lorsque vous êtes invité à vous déconnecter, appuyez sur Oui.3-27 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Traitement des appels professionnels à l'aide d'un seul numéro de téléphone Lorsque Mobile Connect et Mobile Voice Access sont installés, vous pouvez utiliser votre téléphone portable pour traiter les appels associés au numéro de votre téléphone de bureau. Un smartphone est un téléphone portable doté de fonctionnalités d'ordinateur personnel telles que la navigation Web, la messagerie électronique, le carnet d'adresses et le calendrier. Pour... Procédez comme suit : Configurer Mobile Connect Utilisez les pages Web Options utilisateur Cisco Unified CM pour configurer des destinations distantes et créer des listes d'accès pour autoriser ou bloquer le transfert d'appels provenant de numéros spécifiques vers ces destinations distantes. Voir Configuration de téléphones et de listes d'accès pour la connexion mobile, page 7-12. Répondre à un appel sur votre téléphone portable Vo ir Réponse à un appel, page 3-9. Passer un appel en cours de votre téléphone de bureau à un téléphone portable Vo ir Transfert d'un appel en cours vers un autre téléphone, page 3-17. Mettre en attente un appel pris sur votre smartphone 1. Appuyez sur la touche de mise en attente d'appel professionnel (le nom de la fonction peut varier) du smartphone. Votre interlocuteur est mis en attente. 2. Sur votre smartphone, appuyez sur la touche de fonction Reprend. (le nom de la fonction peut varier) du smartphone. Voir Transfert d'un appel en cours vers un autre téléphone, page 3-17. Transférer un appel pris sur un smartphone vers un autre numéro 1. Appuyez sur la touche de fonction de transfert d'appel professionnel (le nom de la fonction peut varier) du smartphone. 2. Composez le code d'accès de transfert d'appel de votre société pour initier un nouvel appel. Votre interlocuteur est mis en attente. 3. Appuyez sur la touche de fonction de transfert d'appel professionnel pour terminer le transfert d'appel.Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-28 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Initier une conférence téléphonique lors d'un appel pris sur un smartphone 1. Appuyez sur la touche de fonction de conférence professionnelle (le nom de la fonction peut varier) du smartphone. 2. Composez le code d'accès de conférence de votre société pour initier un nouvel appel. Votre interlocuteur est mis en attente. 3. Appuyez sur la touche de fonction de conférence professionnelle pour finir de configurer la conférence et inclure les deux interlocuteurs dans la conférence. Obtenir la fonction d'accès vocal mobile (Mobile Voice Access) 1. À partir de n'importe quel téléphone, composez le numéro d'accès vocal mobile qui vous a été attribué. 2. Saisissez le numéro depuis lequel vous appelez, si vous y êtes invité, et votre numéro d'identification personnel. Activer la connexion mobile (Mobile Connect) à partir de votre téléphone portable 1. Composez le numéro d'accès vocal mobile qui vous a été attribué. 2. Saisissez votre numéro de téléphone portable (si vous y êtes invité), et votre numéro d'identification personnel. 3. Appuyez sur 2 pour activer la connexion mobile. 4. Choisissez d'activer la connexion mobile pour tous les téléphones configurés ou pour un seul : – Tous les téléphones : saisissez 2. – Un seul téléphone : saisissez 1, puis le numéro à ajouter en tant que destination distante, suivi de #. Désctiver la connexion mobile (Mobile Connect) à partir de votre téléphone portable 1. Composez le numéro d'accès vocal mobile qui vous a été attribué. 2. Saisissez votre numéro de téléphone portable (si vous y êtes invité), et votre numéro d'identification personnel. 3. Appuyez sur 3 pour désactiver la connexion mobile. 4. Choisissez de désactiver la connexion mobile pour tous les téléphones configurés ou pour un seul : – Tous les téléphones : saisissez 2. – Un seul téléphone : saisissez 1, puis le numéro à supprimer en tant que destination distante, suivi de #. Pour... Procédez comme suit :3-29 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Stockage et récupération des appels parqués Lorsque vous souhaitez stocker un appel, vous pouvez le parquer pour qu'une autre personne ou vous-même puissiez le récupérer sur un autre téléphone (par exemple, le téléphone du bureau d'un collègue ou celui d'une salle de conférence) du système de traitement des appels. Le parcage d'appel est une fonction spéciale que votre administrateur système peut paramétrer pour vous. Remarque Vous disposez d'undélai limité pour récupérer l'appel avant qu'il recommence à sonner sur le poste auquel il était destiné à l'origine. Consultez votre administrateur système pour connaître ce délai. Rubriques connexes • Comment traiter les appels simples, page 3-1 • Utilisation des fonctions Attente et Reprise, page 3-12 • Transfert d'un appel connecté, page 3-14 Déconnexion de groupes de recherche Si votre entreprise reçoit un volume importantd 'appels entrants, vous pouvez être membre d'un groupe de recherche. Un groupe de recherche inclut une série de numéros de répertoire partageant la charge des appels entrants. Lorsque le premier numéro de répertoire du groupe de recherche est occupé, le système recherche le prochain numéro de répertoire disponible dans le groupe et dirige les appels vers ce téléphone. Pour... Procédez comme suit : Stocker un appel actif à l'aide de la fonction de parcage d'appel Au cours d'un appel, cliquez sur Parquer (vous devrez peut-être cliquer au préalable sur la touche de fonction autres). Cette opération indique à Cisco IP Communicator qu'il doit stocker l'appel. Notez le numéro de parcage d'appels affiché sur l'écran du téléphone et raccrochez. Récupérer un appel parqué Entrez le numéro de parcage sur n'importe quel téléphone Cisco IP Communicator ou téléphone IP Cisco du réseau pour vous connecter à l'appel.Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-30 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Lorsque vous n'êtes pas à votre poste, vous pouvez vous déconnecter des groupes de recherche pour que votre téléphone ne sonne pas. Conseil La déconnexion des groupes de recherche n'empêche pas votre téléphone de sonner lorsque d'autres appels arrivent. Emission et réception d'appels sécurisés Selon la configuration que votre administrateur système a choisie pour votre système téléphonique, Cisco IP Communicator peut prendre en charge l'établissement et la réception d'appels sécurisés. Cisco IP Communicator prend en charge les types d'appel suivants : • Appel authentifié : l'identité de tous les téléphones participant à l'appel a été vérifiée. • Appel chiffré : le téléphone reçoit et transmet des données audio chiffrées (votre conversation) sur le réseau IP Cisco. Les appels chiffrés sont également authentifiés. • Appel non sécurisé : au moins un des téléphones participant à l'appel ou la connexion ne prennent pas en charge cette fonction de sécurité ou il n'est pas possible de vérifier l'identité des téléphones. Pour... Procédez comme suit : Vous déconnecter des groupes de recherche pour bloquer temporairement les appels de groupes de recherche Appuyez sur Groupmt ou sur Groupe de recherche. L'écran du téléphone affiche le texte « Déconnecté du grpe rech. » Vous connecter pour recevoir des appels des groupes de recherche Appuyez sur Groupmt ou sur Groupe de recherche. Lorsque vous êtes connecté, le bouton Groupe de recherche est allumé.3-31 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Remarque Des interactions, des restrictions et des limites affectent le fonctionnement des fonctions de sécurité sur Cisco IP Communicator. Pour en savoir plus, contactez votre administrateur système. Suivi des appels suspects Si vous recevez des appels suspects ou malveillants, votre administrateur système peut ajouter la fonction d'identification des appels malveillants (IDAM) sur votre téléphone. Cette fonction vous permet d'identifier un appel actif comme suspect, ce qui lance une série de messages automatisés de suivi et de notification. Le système de traitement des appels peut alors identifier et enregistrer la source de l'appel entrant sur le réseau. Pour... Procédez comme suit : Contrôler le niveau de sécurité d’un appel Regardez si l'une des icônes de sécurité suivantes apparaît en haut à droite de la zone d'activité des appels, en regard de l'indicateur de durée d'appel : Appel authentifié ou conférence Appel chiffré ou conférence Si ces icônes ne sont pas affichées, l'appel n'est pas sécurisé. Déterminer s'il est possible de passer des appels sécurisés au sein de votre société Contactez votre administrateur système. Pour... Procédez comme suit : Informer votre administrateur système d'un appel suspect ou malveillant Appuyez sur IDAM. Vous entendez une tonalité et le message IDAM réussie s'affiche sur votre téléphone.Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-32 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Donner la priorité aux appels critiques Dans certains environnements spécialisés, tels que des bureaux de l’Armée ou de l’État, il se peut que vous ayez besoin de passer et de recevoir des appels urgents ou critiques. Si vous avez besoin de ce traitement spécialisé des appels, votre administrateur système peut ajouter une fonction de préséance et préemption à plusieurs niveaux (MLPP) sur votre téléphone. Il est utile de se souvenir des termes suivants : • La préséance indique la priorité associée à un appel. • La préemption est le processus qui permet de mettre fin à un appel existant dont la priorité est inférieure, tout en acceptant un appel de priorité supérieure qui est envoyé vers votre téléphone. Si... Procédez comme suit : Souhaitez pouvoir choisir le niveau de priorité (préséance) d’un appel sortant Contactez votre administrateur système pour obtenir la liste des numéros de priorité correspondant aux appels. Souhaitez passer un appel prioritaire (qui a la préséance) Entrez le numéro d'accès MLPP (que vous a fourni votre administrateur système), puis le numéro de téléphone. Entendez une sonnerie différente (plus rapide que d'habitude) ou une tonalité d'attente spéciale Vous recevez un appel prioritaire (qui a la préséance). Une icône MLPP s'affiche sur l'écran de votre téléphone pour indiquer le niveau de priorité de l'appel. Souhaitez afficher le niveau de priorité d’un appel Recherchez une icône MLPP sur l'écran de votre téléphone : Appel prioritaire Appel d’importance moyenne (immédiat) Appel très important (rapide) Appel de la plus haute importance (suppression rapide) ou appel prioritaire Les appels les plus importants s’affichent en haut de la liste des appels. Si aucune icône MLPP n'apparaît, l'appel est un appel normal (routine). Vous entendez une tonalité continue qui interrompt votre appel Cela signifie que vous ou votre interlocuteur recevez un appel qui est prioritaire sur l'appel en cours. Raccrochez immédiatement pour permettre à l'appel plus important de sonner sur votre téléphone.3-33 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Conseils • Lorsque vous passez ou recevez un appel compatible MLPP, vous entendez une sonnerie et une tonalité d'attente spéciales, différentes des sonnerie et tonalité standard. • Si vous entrez un numéro d’accès MLPP incorrect, un message vocal vous en avertit. • Un appel MLPP garde son statut prioritaire lorsque vous : – le mettez en attente – le transférez – l'ajoutez à une conférence – y répondez par interception. • La fonction MLPP est prioritaire sur la fonction NPD (Ne pas déranger). Redirection d'un appel entrant vers Cisco IP Communicator La fonction d'interception d'appels vous permet de réacheminer un appel en sonnerie sur le téléphone d'un collègue vers votre Cisco IP Communicator pour que vous puissiez répondre à cet appel. L'interception d'appels est une fonction spéciale que votre administrateur système peut configurer pour vous, en fonction de vos besoins en matière de gestion d'appels et de votre environnement de travail. Par exemple, vous pouvez avoir besoin de cette fonction si vous partagez avec vos collègues des responsabilités au niveau de la gestion des appels. Pour... Procédez comme suit : Répondre à un appel en sonnerie sur un autre poste de votre groupe Cliquez sur un bouton de ligne disponible et sur Intrcpt. L'appel sonne sur votre ligne. Répondre à un appel en sonnerie sur un autre poste en dehors du groupe Cliquez sur un bouton de ligne disponible et sur GrpIntr. Entrez le code d'interception du groupe fourni par votre administrateur système. L'appel sonne sur votre ligne. Répondre à un appel en sonnerie, que ce soit sur un autre poste de votre groupe ou sur celui d'un groupe associé Cliquez sur un bouton de ligne disponible et sur AGrpIntr. Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-34 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Pour prendre l'appel qui sonne depuis plus longtemps, appuyez sur Intrcpt ou sur GrpIntr. • Pour prendre l'appel du groupe d'interception qui a la plus haute priorité, appuyez sur AGrpIntr. Rubriques connexes • Transfert d'un appel connecté, page 3-14 Rappel d'une ligne occupée dès qu'elle devient disponible Si le numéro que vous appelez est occupé ou ne répond pas, vous pouvez configurer Cisco IP Communicator pour vous avertir dès que la ligne devient disponible. Pour configurer la notification, composez le numéro et cliquez sur Rappel lorsque vous entendez la tonalité occupé ou la sonnerie. Ensuite, raccrochez. Lorsque le poste se libère, vous recevez un signal sonore et visuel sur votre téléphone. Le rappel du numéro n'est pas automatique ; vous devrez passer l'appel. Le rappel d'un numéro est une fonction spéciale que votre administrateur système peut configurer pour vous sur votre téléphone. Conseil Le rappel ne fonctionne pas si le renvoi d'appels est activé sur le poste de votre interlocuteur. Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne Selon la configuration, vous pouvez utiliser les indicateurs de fonction de ligne occupée (FLO) pour déterminer l'état d'une ligne téléphonique associée à un bouton de numérotation abrégée, un journal d'appels, ou une liste de répertoire de votre Cisco IP Communicator. Vous pouvez appeler cette ligne quel que soit l'état de l'indicateur FLO. Cette fonction n'empêche pas de composer un numéro.3-35 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Utilisation de lignes partagées Votre administrateur système peut vous affecter une ligne partagée. Une ligne partagée est utilisée principalement dans les cas suivants: • Vous souhaitez utiliser une même ligne pour plusieurs téléphones, afin que votre téléphone de bureau et votre téléphone Cisco IP Communicatorsoient associés au même numéro de poste, par exemple 23456. Dans ce cas, tous les appels entrants destinés au numéro de poste 23456 sonneront sur le téléphone Cisco IP Communicator et sur le téléphone de bureau et vous pourrez prendre l'appel sur l'un ou l'autre. • Plusieurs personnes partagent une même ligne. Par exemple, vous êtes directeur et vous partagez une ligne et un poste avec votre assistant. Tous les appels entrants destinés au numéro de poste partagé sonneront alors simultanément sur votre téléphone et celui de votre assistant. Si votre assistant répond, vous pourrez utiliser la fonction de ligne partagée intitulée « Insertion » afin de participer à la conversation engagée. Pour... Procédez comme suit : Afficher l'état d'une ligne de numérotation abrégée Recherchez l'un des indicateurs suivant près du numéro de ligne : + La ligne est en cours d'utilisation. + La ligne est inactive. L'indicateur FLO n'est pas disponible ou n'est pas configuré pour cette ligne. + La ligne est en mode Ne pas déranger. Afficher l'état d'une ligne figurant dans un journal d'appels ou un répertoire Recherchez l'un des indicateurs suivant près du numéro de ligne : La ligne est en cours d'utilisation. La ligne est inactive. L'indicateur FLO n'est pas disponible pour cette ligne. La ligne est en mode Ne pas déranger.Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-36 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 • Pour plus d'informations sur les lignes partagées, consultez votre administrateur système. Les fonctions de ligne partagée telles que la fonction Insertion ne s'appliquent pas aux lignes standard, non partagées. Rubriques connexes • Procédure pour se connecter personnellement à un appel sur une ligne partagée, page 3-36 • Procédures pour empêcher d'autres personnes d'afficher ou de se joindre à un appel sur une ligne partagée, page 3-37 Procédure pour se connecter personnellement à un appel sur une ligne partagée Si vous utilisez une ligne partagée, vous pouvez rejoindre une conversation en cours à l'aide de l'option Insertion. Quand vous utilisez cette fonction, tous les autres interlocuteurs de l'appel entendent un bip signalant votre présence. Lorsque vous raccrochez, les autres interlocuteurs entendent une tonalité de déconnexion et l'appel initial continue. La fonction Insertion s'applique aux lignes partagées uniquement. Pour... Procédez comme suit : Intégrer un appel en cours sur une ligne partagée Sélectionnez l'appel sur l'écran du téléphone et cliquez sur Insert (vous devrez peut-être cliquer auparavant sur la touche de fonction autres). Terminer un appel en insertion sur une ligne partagée Raccrochez.3-37 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées Conseils • Vous serez déconnecté de l'appel en cours que vous avez intégré sur une ligne partagée si cet appel est mis en attente, transféré ou transformé en conférence téléphonique. • Vous ne pouvez pas répondre à un appel sur une autre ligne lorsque vous intervenez dans un appel en cours sur une ligne partagée. • Cliquez sur un bouton de ligne vert lorsque l'appel est actif pour revenir à l'écran principal. Vous obtiendrez ainsi la liste de tous les appels actifs. Rubriques connexes • Comment traiter les appels simples, page 3-1 • Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34 • Procédures pour empêcher d'autres personnes d'afficher ou de se joindre à un appel sur une ligne partagée, page 3-37 Procédures pour empêcher d'autres personnes d'afficher ou de se joindre à un appel sur une ligne partagée Si vous partagez une ligne téléphonique, vous pouvez utiliser la fonctionnalité de confidentialité pour empêcher les personnes qui partagent votre ligne d'afficher vos appels ou de s'y joindre. Pour... Procédez comme suit : Empêcher d'autres personnes d’afficher des appels sur une ligne partagée ou de s'y connecter 1. Appuyez sur Confidentiel. 2. Pour vérifier que la fonction de confidentialité est désactivée, vérifiez la présence de l'icône de la fonction désactivée en regard d'un bouton de ligne de couleur orange. Autoriser d'autres personnes à afficher ou à se joindre aux appels sur une ligne partagée 1. Appuyez sur Confidentiel. 2. Pour vérifier que la fonction de confidentialité est désactivée, vérifiez la présence de l'icône de la fonction désactivée en regard d'un bouton de ligne de couleur éteint.Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-38 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Conseils • Si vous partagez la ligne avec un téléphone dont la fonction de confidentialité est activée, vous pouvez passer et recevoir des appels normalement sur la ligne partagée. • La fonction de confidentialité s’applique à toutes les lignes partagées de votre téléphone. Par conséquent, si vous avez plusieurs lignes partagées et que la fonction de confidentialité est activée, vos collègues ne pourront pas afficher les appels sur vos lignes partagées, ni s'y joindre. Rubriques connexes • Comment traiter les appels simples, page 3-1 • Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34 • Procédure pour se connecter personnellement à un appel sur une ligne partagée, page 3-36 Établissement ou prise d'appels intercom Vous pouvez passer un appel intercom vers un téléphone cible qui réponde automatiquement à l'appel en mode Haut-parleur et coupure du microphone. Les appels intercom unidirectionnels permettent d'envoyer un bref message à leur destinataire. Si le destinataire utilise un combiné ou un casque, il entend le message dans ce périphérique. Si le destinataire a déjà un appel en cours, celui-ci se poursuit simultanément. Le destinataire de l'appel reçoit une tonalité d'alerte intercom et peut alors choisir de : • Écouter l'appelant, son microphone étant coupé (il peut écouter l'appelant, mais ce dernier ne peut pas l'entendre). • Mettre fin à l'appel intercom en appuyant sur la touche de fonction FinApp. après avoir sélectionné l'appel intercom. Utilisez cette option si vous ne souhaitez pas écouter le message. • Parler à l'appelant en appuyant sur le bouton intercom actif, en utilisant le combiné, le casque ou le haut-parleur. L'appel intercom devient une connexion bidirectionnelle au cours de laquelle vous pouvez parler avec l'appelant. Lorsque vous utilisez la fonction intercom, souvenez-vous que :3-39 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées • À partir d'une ligne intercom, vous ne pouvez appeler que d'autres lignes intercom. • Vous ne pouvez utiliser qu'une ligne intercom à la fois. • Vous ne pouvez pas prendre ou passer d'appel intercom si votre appel actif est surveillé ou enregistré. • Vous ne pouvez pas mettre un appel intercom en attente. Remarque Si vous vous connectez à votre téléphone de bureau tous les jours à l'aide de votre profil de mobilité de poste, vérifiez que votre administrateur système a configuré votre profil de mobilité de poste en y incluant la fonction intercom. Pour... Procédez comme suit : Passer un appel intercom vers une cible intercom préconfigurée 1. Appuyez sur une ligne intercom cible. 2. Attendez jusqu'à ce que vous entendiez la tonalité d'alerte intercom. 3. Commencez à parler. Passer un appel intercom vers un numéro intercom 1. Appuyez sur une ligne intercom cible. 2. Procédez comme suit : – Entrez le numéro intercom cible. – Appuyez sur le numéro abrégé de votre cible. 3. Attendez jusqu'à ce que vous entendiez la tonalité d'alerte intercom. 4. Commencez à parler. Recevoir un appel intercom Lorsque vous entendez la tonalité d'alerte intercom, vous pouvez traiter l'appel de l'une des manières suivantes : • Écouter le message en audio unidirectionnel. • Appuyer sur une ligne intercomme orange active pour parler à l'appelant. (La ligne devient verte lorsque l'appel devient bidirectionnel.) • Appuyez sur Fin app. après avoir sélectionné l'appel intercom pour déconnecter ce dernier.Chapitre 3 Traitement des appels avec Cisco IP Communicator Traitement des fonctions d'appel avancées 3-40 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01C H A P I T R E 4-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 4 Personnalisation des paramètres sur Cisco IP Communicator • Accès aux paramètres, page 4-1 • Réglage du volume d'un appel, page 4-2 • Personnalisation des sonneries et des indicateurs de message, page 4-3 • Personnalisation de l'écran du téléphone, page 4-4 • Affichage et personnalisation des préférences, page 4-5 Accès aux paramètres Voici des informations utiles concernant les paramètres de Cisco IP Communicator : • Vous pouvez accéder à la plupart des paramètres en choisissant Préférences dans le menu. Vous pouvez accéder au menu à partir de l'icône de menu dans la barre de boutons de contrôle de la fenêtre, en cliquant avec le bouton droit dans l'interface, ou en appuyant sur Maj+ F10 • Les paramètres associés aux sonneries et aux images d'arrière-plan peuvent être définis en choisissant bouton Paramètres > Préférences utilisateur. • La plupart des paramètres sont accessibles dans IP Communicator, mais quelques-uns d'entre eux sont accessibles en ligne via vos pages Web Options utilisateur. Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Réglage du volume d'un appel 4-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Remarque Si vous n'obtenez pas de réponse lorsque vous appuyez sur le bouton Paramètres, il est possible que votre administrateur système ait désactivé cette touche sur votre téléphone. Pour plus d'informations, contactez votre administrateur système. Rubriques connexes • Affichage et personnalisation des préférences, page 4-5 • Personnalisation des sonneries et des indicateurs de message, page 4-3 • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Réglage du volume d'un appel . Conseils • Vous pouvez régler le volume uniquement pour le mode audio actif. Si vous augmentez le volume en mode Haut-parleur, par exemple, le volume du mode Casque demeure inchangé. • Si vous réglez le volume d'un mode audio sans enregistrer la modification, le niveau précédent sera rétabli lorsque vous réutiliserez ce mode. • Si vous réglez le volume d'un périphérique audio directement sur celui-ci (par exemple, si vous réglez les contrôles de volume de l'ordinateur), il est possible que la fenêtre Vérifier les paramètres audio apparaisse au prochain démarrage de Cisco IP Communicator. Voir Utilisation de l'Assistant de réglage audio, page 1-6. Pour... Procédez comme suit : Régler le volume au cours d'un appel Cliquez sur le bouton Volume ou appuyez sur les touches Page préc./Page suiv au cours d'un appel ou après avoir déclenché la tonalité. Cliquez sur Enreg. pour adopter le nouveau volume comme niveau par défaut du mode audio actif. Vous pouvez également régler le niveau du volume à l'aide des options de réglage de l'ordinateur ou des réglages disponibles sur le périphérique audio (voir la section Conseils pour plus d'informations sur la procédure à suivre). Régler le volume de la sonnerie Cliquez sur le bouton Vo lume alors que Cisco IP Communicator est raccroché (aucun appel et aucune tonalité en cours). Le nouveau volume de la sonnerie est automatiquement enregistré.4-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Personnalisation des sonneries et des indicateurs de message Personnalisation des sonneries et des indicateurs de message Vous pouvez personnaliser la manière dont Cisco IP Communicator signale la présence d'un appel entrant ou d'un nouveau message vocal sur chacune de vos lignes. La personnalisation des sonneries et autres indicateurs peut vous aider à différencier rapidement plusieurs lignes. Par exemple, vous pouvez sélectionner un pépiement d'oiseau pour indiquer que l'appel entrant est sur la ligne1 et un battement de tambour pour les appels entrants sur la ligne 2. Les options des pages Web Options utilisateur Cisco Unified CM peuvent varier. Si vous ne parvenez pas à trouver une option, contactez votre administrateur système. Pour... Procédez comme suit : Utiliser une mélodie différente pour chaque ligne 1. Cliquez sur le bouton Paramètres et sélectionnez Préférences utilisateur> Sonneries. 2. Choisissez une ligne téléphonique ou la sonnerie par défaut. 3. Sélectionnez une sonnerie pour en entendre un échantillon. 4. Appuyez sur Sélect. et sur Enreg. pour utiliser cette sonnerie, ou appuyez sur Annuler. Modifier la séquence de la sonnerie (clignotement seulement, une sonnerie, bip seulement, etc.) 1. Sélectionnez Options utilisateur Cisco Unified CM dans le menu contextuel. 2. Accédez aux pages Web Options utilisateur Cisco Unified CM. 3. Sélectionnez votre périphérique. 4. Cliquez sur Paramètres de ligne, et effectuez des sélections dans la section Paramètres de sonnerie.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Personnalisation de l'écran du téléphone 4-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Réglage du volume d'un appel, page 4-2 • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Personnalisation de l'écran du téléphone Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Modifier le comportement de l'indicateur de message vocal 1. Sélectionnez Options utilisateur Cisco Unified CM dans le menu contextuel. 2. Accédez aux pages Web Options utilisateur Cisco Unified CM. 3. Sélectionnez votre périphérique. 4. Cliquez sur Paramètres de ligne, et effectuez vos modifications dans la section Indicateur de messages en attente. En général, la stratégie par défaut est de toujours allumer l'indicateur lorsque vous recevez un nouveau message vocal. Notez l'emplacement de l'indicateur de messages en attente : • Si vous utilisez le mode par défaut (clic droit > Apparences > Mode par défaut), l'indicateur est la bande lumineuse qui apparaît sur le côté gauche de l'interface. • Si vous utilisez le mode compact (clic droit > Apparences > Mode compact), l'indicateur est l'icône d'enveloppe clignotante à côté du bouton de ligne. Pour... Procédez comme suit : Pour... Procédez comme suit : Modifier l'image d'arrière-plan de l'écran du téléphone Cliquez sur le bouton Paramètres et sélectionnez >Préférences utilisateur > Images d'arrière-plan. Cliquez sur le bouton affiché à gauche de l'image à utiliser, cliquez sur Sélect., puis sur Aperçu pour afficher l'arrière-plan. Cliquez sur Quitter pour revenir au menu de sélection. Cliquez sur Enreg. pour accepter l'image ou sur Annuler pour revenir au paramètre précédemment enregistré. Modifier la langue de l'écran de votre téléphone Connectez-vous à vos pages Web Options utilisateur Cisco Unified CM et sélectionnez votre périphérique. Sélectionnez Options utilisateur > Paramètres utilisateur, modifiez les informations sur la langue de l'utilisateur, puis cliquez sur Enreg.4-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences Affichage et personnalisation des préférences Vous pouvez accéder à la plupart des paramètres de Cisco IP Communicator par le biais de la fenêtre Préférences (clic droit > Préférences). • Paramètres utilisateur, page 4-5 • Paramètres réseau, page 4-7 • Paramètres audio, page 4-8 • Affectation de modes audio, page 4-9 • Paramètres audio du réseau, page 4-13 • Paramètres audio avancés, page 4-13 • Paramètres de répertoire, page 4-15 Paramètres utilisateur Vous pouvez accéder à l'onglet Utilisateur de la fenêtre Préférences (clic droit > Préférences > onglet Utilisateur). Élément Description Pour plus d'informations, consultez... Activer la journalisation Lorsque cette option est activée, votre administrateur système peut extraire des journaux Cisco IP Communicator détaillés pour procéder à la résolution de problèmes. Votre administrateur système peut vous demander d'activer ce paramètre. Dépannage Cisco IP Communicator, page 8-1 Fermer masque l'application Lorsque vous activez cette fonctionnalité puis fermez l'application, CIPC n'est pas fermé : il est caché dans l'icône de la barre d'état système . Double-cliquez sur l'icône de la barre d'état système pour restaurer l'application. Cette fonctionnalité est activée par défaut. Passer un appel, page 3-3Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences 4-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Paramètres réseau, page 4-7 • Paramètres audio, page 4-8 • Paramètres de répertoire, page 4-15 Ramener au premier plan lors d'un appel actif Lorsque cette option est activée, l'application est affichée au-dessus de toutes les autres lorsqu'un appel entrant arrive. Lorsque l'option est désactivée, l'application n'est pas affichée au-dessus des autres lorsqu'un appel entrant arrive. Les seuls éléments indiquant l'arrivée de l'appel sont la sonnerie et la fenêtre intempestive de notification. Réponse à un appel, page 3-9 Masquer la notification d'appel entrant Lorsque cette option, le message de notification d'appel entrant ne s'affiche plus lorsqu'un appel arrive. Réponse à un appel, page 3-9 Utiliser la valeur par défaut (Serveur TFTP) Lorsque cette option est sélectionnée, l'adresse du serveur TFTP spécifiée dans l'onglet Paramètres réseau est utilisée. Il s'agit de la valeur par défaut. Le format est le suivant : http:///utilisateurccm Votre administrateur système vous indiquera si vous devez modifier ce paramètre. Chapitre 7, “Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM” Utiliser une URL spécifique Saisissez une autre URL à utiliser lors de l'ouverture de la page Options utilisateur Cisco Unified CM. Utilisez le format suivant : http:///utilisateurccm Votre administrateur système vous indiquera si vous devez modifier ce paramètre. Chapitre 7, “Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM” Élément Description Pour plus d'informations, consultez...4-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences Paramètres réseau Vous pouvez accéder à l'onglet Réseau de la fenêtre Préférences (clic droit > Préférences > onglet Réseau). Attention La modification de ces paramètres risque d'entraîner une panne sur votre téléphone. Ne modifiez pas ces paramètres avant d'avoir consulté votre administrateur système. Rubriques connexes • Paramètres audio, page 4-8 • Paramètres de répertoire, page 4-15 Élément Description Pour plus d'informations, consultez... Utiliser l'adaptateur réseau pour générer le nom de périphérique Ce paramètre, défini immédiatement après l'installation, permet à Cisco IP Communicator de s'identifier sur le réseau ; il n'est pas utilisé pour les transmissions audio. C'est pourquoi vous n'avez pas besoin de modifier ce paramètre une fois qu'il a été défini, à moins que vous ne supprimiez ou désactiviez définitivement la carte réseau sélectionnée. Dans ce cas, contactez votre administrateur système avant de sélectionner une autre carte. Si vous disposez de plusieurs cartes réseau et si vous êtes invité à en choisir une immédiatement après l'installation de Cisco IP Communicator, votre administrateur système vous indiquera quelle carte utiliser. Configuration et enregistrement Cisco IP Communicator, page 1-9 Utiliser ce nom de périphérique Ce paramètre permet de saisir un nom de périphérique en texte libre que Cisco IP Communicator pourra utiliser pour s'identifier auprès du réseau. Votre administrateur système vous fournira le nom du périphérique. Configuration et enregistrement Cisco IP Communicator, page 1-9 Zone Serveurs TFTP Cette zone permet d'indiquer les serveurs TFTP ou de rétablir l'utilisation du serveur TFTP par défaut. Votre administrateur vous indiquera si vous devez modifier ce paramètre. Configuration et enregistrement Cisco IP Communicator, page 1-9Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences 4-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Paramètres audio Vous pouvez accéder à l'onglet Audio de la fenêtre Préférences (clic droit > Préférences > onglet Audio). Rubriques connexes • Affectation de modes audio, page 4-9 • Paramètres audio du réseau, page 4-13 • Paramètres audio avancés, page 4-13 Élément Description Pour plus d'informations, voir... Zone Périphériques pour les modes audio Cette zone permet d'associer un périphérique à un mode audio. La liste déroulante affiche les périphériques audio actuellement disponibles, installés avant le démarrage de Cisco IP Communicator. Pour des informations sur le paramètre Périphérique audio Windows par défaut, voir Sélection d'un mode audio, page 4-9. • Installation de périphériques audio avant le lancement initial, page 1-3 • Affectation de modes audio, page 4-9 • Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator, page 5-1 Zone Périphérique pour la sonnerie Cette zone permet d'associer un périphérique à la sonnerie. Installation de périphériques audio avant le lancement initial, page 1-3 Optimiser pour une bande passante étroite Si vous utilisez Cisco IP Communicator sur une connexion à distance (par exemple, la connexion VPN de votre domicile ou d'un hôtel), vous risquez de rencontrer des problèmes de qualité vocale en raison d'une bande passante insuffisante. Lorsque vous utilisez Cisco IP Communicator sur une connexion à distance, vous pouvez éviter les éventuels problèmes de son robotisé.et d'autres problèmes en activant l'option Optimiser pour une bande passante étroite. Dépannage Cisco IP Communicator, page 8-1 Bouton Réseau Ce bouton permet d'ouvrir la fenêtre Paramètres audio réseau. Paramètres audio du réseau, page 4-13 Bouton Avancés Ce bouton permet d'ouvrir la fenêtre Paramètres audio avancés. Paramètres audio avancés, page 4-134-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences Affectation de modes audio Vous devez affecter un mode audio à chaque périphérique audio utilisé avec Cisco IP Communicator : • mode Casque • mode Haut-parleur • mode Combiné • mode de sonnerie La sélection d'un mode audio indique à Cisco IP Communicator quels périphériques audio utiliser pour les entrées et les sorties audio. Au démarrage initial de Cisco IP Communicator, vous pouvez affecter des périphériques audio à des modes audio à l'aide de l'Assistant de réglage audio. Vous pouvez ensuite affecter des périphériques audio aux modes en cliquant avec le bouton droit dans Cisco IP Communicator et en sélectionnant Préférences > onglet Audio. Rubriques connexes • Installation de périphériques audio avant le lancement initial, page 1-3 • Sélection d'un mode audio, page 4-9 • Activation d'un mode audio, page 4-11 • À propos des périphériques audio des listes déroulantes Audio, page 4-12 Sélection d'un mode audio Par défaut, Cisco IP Communicator sélectionne un périphérique audio pour tous les modes audio et pour la sonnerie. Il peut s'agir d'une carte son, par exemple. Si vous disposez de plusieurs périphériques audio, vous bénéficiez d'options de configuration supplémentaires. Par exemple, si vous utilisez un casque USB, vous pouvez le sélectionner pour le mode Casque et l'activer en cliquant sur le bouton Casque.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences 4-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Vous pouvez conserver la configuration par défaut ou la personnaliser. Si vous décidez de personnaliser la configuration, suivez les recommandations ci-après : • Si vous utilisez un casque USB, associez-le au mode Casque. • Si vous utilisez un haut-parleur USB externe, associez-le au mode Haut-parleur. • Si vous utilisez un combiné USB, associez-le au mode Combiné. • Si vous utilisez un casque analogique, associez la carte son de l'ordinateur au mode Casque. • Si vous ne disposez pas d'un haut-parleur externe, sélectionnez la carte son de l'ordinateur pour le mode Haut-parleur. • Associez la sonnerie au périphérique qui doit vous signaler les appels entrants. Notez toutefois que si vous associez la sonnerie à une carte son et branchez un casque analogique sur l'ordinateur, vous n'entendrez pas le téléphone sonner si vous ne portez pas le casque. Conseil Vous pouvez utiliser les paramètres de lecture et d'enregistrement du son du Panneau de configuration de Windows (Sons et multimédia > onglet Audio ou Sons et périphériques audio > onglet Audio pour Windows XP) comme périphériques audio de Cisco IP Communicator. Dans la fenêtre Préférences de Cisco IP Communicator (clic droit > Préférences > onglet Audio), sélectionnez Périphérique audio Windows par défaut dans le liste déroulante pour un ou plusieurs paramètres et cliquez sur OK. Utilisez cette méthode pour utiliser un périphérique pour la lecture du son et un autre (par exemple, un microphone de caméra VT) pour l'enregistrement du son. Rubriques connexes • Activation d'un mode audio, page 4-11 • À propos des périphériques audio des listes déroulantes Audio, page 4-124-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences Activation d'un mode audio Rubriques connexes • Sélection d'un mode audio, page 4-9 • À propos des périphériques audio des listes déroulantes Audio, page 4-12 • Utilisation d'un casque, page 5-2 • Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4 • Utilisation d'un combiné USB, page 5-5 Pour... Procédez comme suit : Activer le mode Casque Cliquez sur le bouton Casque (éteint). Cette action active le périphérique que vous avez sélectionné pour ce mode. Si vous souhaitez adopter le mode Casque comme mode par défaut, cliquez sur le bouton Casque (éteint) et sur FinApp. Le mode Casque restera le mode audio par défaut tant que le bouton Casque sera allumé (sauf si un combiné USB est activé). Activer le mode Haut-parleur Cliquez sur le bouton Haut-parleur. Cette action active le périphérique que vous avez sélectionné pour ce mode. Par défaut, le mode Haut-parleur est activé lorsque vous cliquez sur les touches de fonction, les boutons de ligne et les boutons de numérotation abrégée (sauf si un combiné USB est activé). Activer le mode Combiné Décrochez à l'aide du combiné USB (à condition que ce périphérique soit disponible et associé au mode Combiné). La méthode employée pour décrocher le combiné USB dépend de la façon dont le combiné est conçu. Vous devrez peut-être appuyer sur un interrupteur ou sur un bouton de mise en route. Activer la sonnerie La sonnerie est activée quand vous recevez un appel.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences 4-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 À propos des périphériques audio des listes déroulantes Audio Les listes déroulantes Audio de l'onglet Audio (clic droit > Préférences > onglet Audio) contiennent un ou plusieurs périphériques audio. Voici quelques informations sur le contenu de ces listes : • Si un seul périphérique audio est installé au démarrage de Cisco IP Communicator, un seul périphérique audio apparaît dans chaque liste. • Tous les périphériques audio installés ne figurent pas dans les listes des modes audio. Les périphériques présentés dans ces menus sont ceux nécessitant des pilotes (combinés USB, casques USB et cartes son). • Les périphériques audio analogiques, qui se branchent dans les prises audio de l'ordinateur, ne figurent pas dans les listes de modes audio. Cisco IP Communicator ne fait aucune distinction entre les périphériques audio analogiques et votre carte son. Pour sélectionner un périphérique analogique, sélectionnez votre carte son • Si aucun périphérique audio USB installé et aucune carte son ne figurent dans la liste, vérifiez que le périphérique est inséré et relancez Cisco IP Communicator. Cisco IP Communicator ne reconnaît que les périphériques audio qui sont installés et branchés lors du lancement de l'application.) Remarque Si le système d'exploitation Windows trouve des périphériques audio et si Périphérique audio Windows par défaut apparaît dans la liste déroulante, consultez Sélection d'un mode audio, page 4-9. Rubriques connexes • Installation de périphériques audio avant le lancement initial, page 1-3 • Utilisation de l'Assistant de réglage audio, page 1-6 • Affichage et personnalisation des préférences, page 4-5 • Suppression et réinstallation de périphériques audio, page 5-64-13 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences Paramètres audio du réseau Vous pouvez accéder à l'onglet Audio du réseau de la fenêtre Préférences (clic droit > Préférences > onglet Audio> bouton Réseau). Attention La modification de ces paramètres risque d'entraîner une panne sur votre téléphone. Ne modifiez pas ces paramètres avant d'avoir consulté votre administrateur système. Rubriques connexes • Paramètres audio, page 4-8 • Paramètres audio avancés, page 4-13 • Dépannage Cisco IP Communicator, page 8-1 Paramètres audio avancés Vous pouvez accéder aux paramètres audio avancés dans la fenêtre Préférences (clic droit > Préférences > onglet Audio> bouton Avancés). Élément Description Zone Adresse IP audio Le paramètre par défaut de cette zone est Détecter automatiquement. Ne le modifiez que si l'administrateur système vous le demande. Zone Plage de ports audio Le paramètre par défaut de cette zone est Utiliser la plage de ports par défaut. Ne le modifiez que si l'administrateur système vous le demande.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences 4-14 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Élément Description Pour plus d'informations, voir... Mode Sélectionne le mode audio (haut-parleur, casque ou combiné) auquel appliquer les modifications. • Affectation de modes audio, page 4-9 • Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator, page 5-1 Noise Suppression Enabled (Annulation du bruit active) Tente de supprimer les bruits de fond entendus dans le microphone et qui interfèrent avec votre voix. L'annulation du bruit est activée par défaut. Dépannage Cisco IP Communicator, page 8-1 Levels of Aggressiveness (Niveaux d'agressivité) Définit le degré d'annulation du bruit. L'annulation de bruit minimale est la valeur par défaut. Vous devez augmenter le niveau d'agressivité d'un cran si votre interlocuteur se plaint de ne pas bien vous entendre à cause des bruits de fond. Ne passez pas directement d'un extrême à l'autre ; par exemple, passez toujours du niveau minimum au niveau moyen, et du niveau moyen au niveau maximum. Tentez de sélectionner le mode le moins agressif pour réduire ou éliminer le bruit. Remarque En changeant le niveau d'agressivité, vous risquez de modifier également la manière dont votre voix est transmise. Votre interlocuteur risque d'entendre une voix robotisée ou métallique. Dépannage Cisco IP Communicator, page 8-14-15 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences Rubriques connexes • Paramètres audio, page 4-8 • Paramètres audio du réseau, page 4-13 Paramètres de répertoire Vous pouvez accéder à l'onglet Répertoires de la fenêtre Préférences (clic droit > Préférences > onglet Répertoires). Avant d'utiliser la fonction Recherche rapide pour consulter les répertoires d'entreprise, vous devrez peut-être entrer un nom d'utilisateur et un mot de passe dans la fenêtre Répertoires. Essayez tout d'abord d'utiliser la fonction Recherche rapide sans entrer ces informations. Si la fonction ne répond pas, demandez vos nom d'utilisateur et mot de passe pour la fenêtre Répertoires à votre administrateur système et entrez ces informations ici. Vous devez également indiquer vos nom d'utilisateur et mot de passe pour les répertoires dans cette fenêtre si vous souhaitez utiliser la fonction Recherche rapide pour consulter votre Carnet d'adresses personnel. Rubriques connexes • Utilisation du répertoire personnel, page 6-7 • Saisie d'informations de mot de passe pour la fonction Recherche rapide, page 6-11 Bouton OK Enregistre toutes les modifications effectuées (y compris les changements apportés aux modes qui ne sont pas actuellement sélectionnés). Affectation de modes audio, page 4-9 Bouton Appliquer à tous Applique les paramètres du mode audio actuellement sélectionné à tous les autres modes audio. Affectation de modes audio, page 4-9 Élément Description Pour plus d'informations, voir...Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator Affichage et personnalisation des préférences 4-16 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01C H A P I T R E 5-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Ce chapitre décrit comment utiliser des périphériques tels qu'un combiné, un casque d'écoute et les haut-parleurs et le microphone de l'ordinateur avec les modes audio de Cisco IP Communicator (mode Combiné, mode Casque et mode Haut-parleur). • Obtention de périphériques audio, page 5-1 • Utilisation d'un casque, page 5-2 • Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4 • Utilisation d'un combiné USB, page 5-5 • Suppression et réinstallation de périphériques audio, page 5-6 Obtention de périphériques audio Votre administrateur système vous fournira peut-être des périphériques audio. Si vous prévoyez d'en acheter, demandez à votre administrator système de vous fournir la plus récente liste de périphériques pris en charge.Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Utilisation d'un casque 5-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation d'un casque Vous pouvez utiliser un casque USB ou un casque analogique avec Cisco IP Communicator. • Les casques USB sont dotés de fiches plates et rectangulaires qui se branchent dans un port USB de votre ordinateur. • Les casques analogiques sont dotés de fiches rondes qui se branchent dans les connecteurs audio de l'ordinateur. Les casques analogiques fonctionnent avec la carte son de l'ordinateur et ne nécessitent pas de pilote de périphérique. Le tableau suivant indique comment utiliser un casque pour passer et prendre des appels. Pour... Procédez comme suit : Utiliser un casque pour passer et prendre des appels Vérifiez que le bouton Casque est activé (allumé) pour indiquer que Cisco IP Communicator fonctionne en mode Casque. Vous pouvez activer et désactiver le mode Casque en cliquant sur le bouton Casque ou à l'aide du raccourci clavier Ctrl + H. Si vous utilisez un casque en tant que périphérique audio principal, il est utile de garder le bouton Casque allumé même après la fin d'un appel, en cliquant sur FinApp. au lieu d'appuyer sur le bouton Casque pour raccrocher. Lorsque le bouton Casque n'est pas allumé, Cisco IP Communicator utilise le mode Haut-parleur comme mode audio par défaut. Cisco IP Communicator répond à l'activation de touches de fonctions et de boutons de numérotation abrégée, ainsi qu'à d'autres fonctionnalités, en acheminant l'audio par le biais du mode actif. Vous pouvez utiliser un casque avec tous les contrôles de Cisco IP Communicator, y compris le bouton Volume et le bouton Secret. Remarque Bien que les casques analogiques fonctionnent en mode Haut-parleur, leur utilisation en mode Casque permet d'améliorer la qualité du son.5-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Utilisation d'un casque Conseil La fonction Réponse automatique est une fonction spéciale que votre administrateur système peut activer pour vous si vous recevez un volume important d'appels entrants, ou si vous gérez les appels d'autres personnes. Lorsque la fonction Réponse automatique est activée, Cisco IP Communicator répond automatiquement aux appels téléphoniques et les achemine par le biais du mode Haut-parleur ou du mode Casque, selon votre configuration. Rubriques connexes • Comment traiter les appels simples, page 3-1 • Affectation de modes audio, page 4-9 • Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4 Utiliser un casque analogique comme périphérique audio unique Suivez les directives décrites à la ligne précédente. Souvenez-vous que la sonnerie n'est audible que par le biais des haut-parleurs de votre casque lorsque ce dernier est branché dans votre ordinateur. Vous devez porter votre casque pour pouvoir entendre la sonnerie du téléphone. Utiliser la fonction Réponse automatique avec un casque Gardez le bouton Casque activé (allumé) en cliquant sur FinApp pour raccrocher. (Cliquez d'abord sur le bouton Casque si nécessaire). Lorsque le bouton Casque est allumé, Cisco IP Communicator fonctionne en mode Casque. Passer au mode Casque pendant un appel Cliquez sur le bouton Casque ou utilisez le raccourci clavier Ctrl + H. Si vous utilisiez un combiné USB avant le changement de mode, vous pouvez l'éteindre ou le raccrocher. Pour... Procédez comme suit :Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Utilisation de votre ordinateur comme poste téléphonique à haut-parleur 5-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation de votre ordinateur comme poste téléphonique à haut-parleur Vous pouvez utiliser la carte son de l'ordinateur pour passer et prendre des appels en mode Haut-parleur. Conseil La fonction Réponse automatique est une fonction spéciale que votre administrateur système peut activer pour vous si vous recevez un volume important d'appels entrants, ou si vous gérez les appels d'autres personnes. Lorsque la fonction Réponse automatique est activée, Cisco IP Communicator répond automatiquement aux appels téléphoniques et les achemine par le biais du mode Haut-parleur ou du mode Casque, selon votre configuration. Pour... Procédez comme suit : Utiliser votre ordinateur comme un téléphone à haut-parleur pour passer et prendre des appels Vérifiez que le bouton Haut-parleur est allumé pour vous assurer que Cisco IP Communicator fonctionne en mode Haut-parleur. À l'encontre des autres modes, le mode Haut-parleur permet la suppression de l'écho. Vous pouvez activer et désactiver le mode Haut-parleur en cliquant sur le bouton Haut-parleur ou à l'aide du raccourci clavier Ctrl + P. Le mode Haut-parleur est activé par défaut. Cela signifie que de nombreuses actions nécessaires pour passer ou prendre un appel (telles que l'utilisation d'un bouton de numérotation abrégée ou d'une touche de fonction) déclenchent automatiquement le mode Haut-parleur. Remarque Lorsqu'un casque analogique est branché sur votre ordinateur, vous ne pouvez pas entendre de son par le biais des haut-parleurs de l'ordinateur en mode Haut-parleur. Passer au mode Haut-parleur pendant un appel Cliquez sur le bouton Haut-parleur ou utilisez le raccourci clavier Ctrl + P. Si vous utilisiez un combiné avant le changement de mode, éteignez-le ou raccrochez-le. Utiliser le haut-parleur de l'ordinateur comme sonnerie pour vous avertir des appels entrants Vérifiez que votre carte son est affectée au mode Sonnerie et que vous n'avez pas coupé le son du haut-parleur de l'ordinateur. Si vous branchez un casque analogique sur votre ordinateur, la sonnerie n'est audible que par le biais des haut-parleurs du casque. Utiliser la fonction Réponse automatique en mode Haut-parleur Cliquez sur le bouton Haut-parleur pour passer, prendre ou mettre fin à des appels, pour ouvrir et fermer des lignes et pour passer d'un autre périphérique audio au mode Haut-parleur. Comme le mode Haut-parleur est activé par défaut, il n'est pas nécessaire de garder le bouton correspondant allumé comme pour le mode Casque.5-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Utilisation d'un combiné USB Rubriques connexes • Comment traiter les appels simples, page 3-1 • Affectation de modes audio, page 4-9 • Utilisation d'un casque, page 5-2 • Utilisation d'un combiné USB, page 5-5 Utilisation d'un combiné USB Vous devez affecter un combiné USB au mode Combiné. Cette configuration permet à Cisco IP Communicator de savoir si le combiné est raccroché ou décroché, pour que vous puissiez, par exemple, mettre fin à un appel en raccrochant le combiné USB. Pour plus d'informations sur cette affectation, voir Affectation de modes audio, page 4-9. Rubriques connexes • Installation de périphériques audio avant le lancement initial, page 1-3 • Comment traiter les appels simples, page 3-1 • Utilisation d'un casque, page 5-2 • Utilisation de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4 • Suppression et réinstallation de périphériques audio, page 5-6 Pour... Procédez comme suit : Passer ou mettre fin à un appel à l'aide du combiné Activer ou désactiver le combiné USB. De nombreux combinés sont dotés d'un crochet commutateur ou d'un interrupteur. Soulevez le combiné ou activez-le pour le décrocher. Vous pouvez utiliser un combiné USB avec tous les contrôles de Cisco IP Communicator, y compris le bouton Volume et le bouton Secret. Passer au mode Combiné pendant un appel Soulevez le combiné (ou activez-le comme il convient). Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Suppression et réinstallation de périphériques audio 5-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Suppression et réinstallation de périphériques audio Si vous utilisez Cisco IP Communicator sur un ordinateur portable, vous devrez sans doute souvent supprimer et réinstaller les périphériques audio lorsque vous vous déplacez. Le tableau suivant contient des informations sur la réinstallation d'un périphérique audio lorsque vous êtes prêt à l'utiliser de nouveau. Pour... Procédez comme suit : Réinstaller un combiné USB, un casque USB ou une carte son préalablement réglés 1. Installer le périphérique audio (par exémple, branchez le combiné USB) lorsque Cisco IP Communicator n'est pas en cours d'exécution. 2. Lancez Cisco IP Communicator. 3. Sélectionnez le périphérique et réglez-le si nécessaire. Vous pouvez accéder manuellement à l'Assistant de réglage audio par le biais de Cisco IP Communicator (cliquez avec le bouton droit de la souris sur> Préférences > onglet Audio). 4. Si nécessaire, affectez le périphérique aux modes audio souhaités. Installer un nouveau périphérique lorsque l'application est en cours d'exécution et l'utiliser comme périphérique audio de Cisco IP Communica tor 1. Cliquez avec le bouton droit de la souris sur > Préférences > onglet Audio, et sélectionnez le périphérique dans la liste déroulante pour le mode audio. 2. Cliquez sur OK. 3. Réglez le périphérique lorsque l'Assistant de réglage audio est automatiquement lancé. Définissez un périphérique spécifique à utiliser lors du prochain appel 1. Vérifiez que Cisco IP Communicator est en cours d'exécution. 2. Configurez-le pour utiliser le périphérique Windows par défaut (cliquez avec le bouton droit de la souris sur > Préférences > onglet Audio et sélectionnez Périphérique audio Windows par défaut). 3. Connectez un nouveau périphérique et définissez-le comme périphérique audio Windows par défaut dans le Panneau de configuration de Windows. 4. Lancez manuellement l'Assistant de réglage audio (cliquez avec le bouton droit de la souris sur > Assistant de réglage audio) pour régler ce périphérique avant de l'utiliser. Si vous redémarrez l'application sans avoir réglé le périphérique, l'Assistant de réglage audio est automatiquement lancé afin que vous puissiez régler le périphérique, et Cisco IP Communicator utilise ce périphérique lors du prochain appel.5-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Suppression et réinstallation de périphériques audio Conseils • Chaque fois que vous le lancez, Cisco IP Communicator vérifie que le périphérique audio que vous avez utilisé lors de votre session pécédente est présent. Si le périphérique est introuvable, Cisco IP Communicator vous invite à le brancher. • Si vous installez un périphérique audio qui nécessite des pilotes de périphérique (un combiné USB, un casque USB ou une carte son) après le lancement de Cisco IP Communicator, ce dernier ne reconnaîtra pas le périphérique tant que vous n'aurez pas lancé à nouveau l'application. L'Assistant de réglage audio est automatiquement lancé afin que vous puissiez régler le périphérique. • Si vous utilisez Cisco IP Communicator sur une connexion à distance, établissez la connectivité VPN avant de lancer Cisco IP Communicator. • Si vous réinstallez un combiné ou un casque USB sur un poste de travail Microsoft Vista, assurez-vous que le système d'exploitation détecte le périphérique USB. Sinon, Cisco IP Communicator ne pourra pas le trouver. Rubriques connexes • Installation de périphériques audio avant le lancement initial, page 1-3 • Utilisation de l'Assistant de réglage audio, page 1-6 • Affectation de modes audio, page 4-9 • Suppression et réinstallation de périphériques audio, page 5-6Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator Suppression et réinstallation de périphériques audio 5-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01C H A P I T R E 6-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator • Accès aux messages vocaux, page 6-1 • Utilisation des journaux d'appels, page 6-3 • Composition à partir d'un répertoire, page 6-5 • Utilisation du répertoire personnel, page 6-7 Accès aux messages vocaux Votre société détermine le service de messagerie vocale utilisé par votre système téléphonique. Pour obtenir des informations précises et détaillées sur ce service, consultez la documentation correspondante. Le tableau suivant fournit une vue d'ensemble des fonctionnalités du service de messagerie vocale.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Accès aux messages vocaux 6-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Contrôle des paramètres de ligne, page 7-10 • Personnalisation des sonneries et des indicateurs de message, page 4-3 Pour... Procédez comme suit : Configurer et personnaliser votre service de messagerie vocale Cliquez sur le bouton Messages et suivez les invites vocales. Si un menu apparaît à l'écran de votre téléphone, sélectionnez l'élément de menu approprié. Consulter vos nouveaux messages vocaux Recherchez : • Un témoin lumineux rouge fixe sur votre combiné. (Cet indicateur peut varier.) • Une icône d'enveloppe clignotante et un message texte sur l'écran du téléphone. Remarque Le témoin lumineux rouge et l'icône de message en attente ne s'affichent que lorsque vous avez un message sur votre ligne principale, même si des messages vocaux arrivent sur d'autres lignes. Vé r if iez s i : Une tonalité accélérée se fait entendre dans le combiné, le casque ou le haut-parleur lorsque vous passez un appel. Remarque La tonalité accélérée est propre à la ligne. Vous ne l'entendez que lorsque vous utilisez la ligne associée au message en attente. Écouter vos messages vocaux ou accéder au menu des messages vocaux Cliquez sur le bouton Messages. Selon le service de messagerie vocale dont vous disposez, cette opération compose automatiquement le numéro du service de messagerie ou affiche un menu à l'écran. Transférer un appel vers votre système de messagerie vocale Cliquez sur Rvoi Im. La fonction Rvoi Im transfère automatiquement un appel (y compris un appel en sonnerie ou en attente) vers votre système de messagerie vocale. Les appelants entendent le message d'accueil de votre messagerie vocale et peuvent vous laisser un message.6-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator Utilisation des journaux d'appels Utilisation des journaux d'appels Cisco IP Communicator tient à jour des journaux d'appels. Les journaux contiennent les enregistrement de vos appels en absence, passés et reçus. Pour... Procédez comme suit : Afficher les journaux d’appels Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels composés ou Appels reçus. Chaque journal peut contenir un nmaximum de 100 enregistrements. Afficher les détails d'un enregistrement d'appel 1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels composés ou Appels reçus. 2. Mettre un enregistrement d'appel en surbrillance 3. Appuyez sur Détails. Cette action permet d'afficher des informations comme le numéro appelé, le numéro de l'appelant, l'heure et la durée de l'appel (uniquement pour les appels passés et reçus). Effacer les enregistrements d'appels de tous les journaux Cliquez sur le bouton Répertoires puis sur Effacer. Effacer tous les enregistrements d'appels d'un journal 1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels composés ou Appels reçus. 2. Mettre un enregistrement d'appel en surbrillance 3. Appuyez sur Effacer. (Vous devrez peut-être appuyer d'abord sur la touche de fonction autres pour afficher le bouton Effacer). Effacer un seul enregistrement d'appel 1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels composés ou Appels reçus. 2. Mettre un enregistrement d'appel en surbrillance 3. Cliquez sur Supprimer. Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Utilisation des journaux d'appels 6-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34 Composer un numéro à partir d'un journal d'appel (sans être déjà en ligne) 1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels composés ou Appels reçus. 2. Mettre un enregistrement d'appel en surbrillance Remarque Si la touche de fonction Détails apparaît, l'appel est l'entrée principale d'un appel à plusieurs interlocuteurs. 3. Pour afficher le numéro, appuyez sur ModNum puis sur << ou >>. Pour supprimer le numéro, appuyez sur ModNum puis sur Supprimer. (Vous devrez peut-être appuyer d'abord sur la touche de fonction autres pour afficher le bouton Supprimer). 4. Décrochez pour passer l'appel. Composer un numéro à partir d'un journal d'appel (en étant déjà en ligne) 1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels composés ou Appels reçus. 2. Mettre un enregistrement d'appel en surbrillance 3. Pour afficher le numéro, appuyez sur ModNum puis sur << ou >>. Pour supprimer le numéro, appuyez sur ModNum puis sur Supprimer. (Vous devrez peut-être appuyer d'abord sur la touche de fonction autres pour afficher le bouton Supprimer). 4. Appuyez sur Compos. 5. Choisissez ensuite un élément de menu pour traiter l'appel initial : – Attente : met le premier appel en attente et compose le second. – Transfert : transfère le premier interlocuteur vers le second et vous déconnecte de l'appel. Sélectionnez à nouveau cette option après avoir composé le numéro pour terminer l'opération. – Conférence : établit une conférence téléphonique entre tous les interlocuteurs, vous y compris. (Appuyez à nouveau sur Conf. ou Conférence après avoir composé le numéro pour terminer l'opération.) – FinApp. : déconnecte le premier appel et compose le second. Voir si la ligne figurant dans le journal d'appels est occupée avant d'appeler cette ligne Recherchez des indicateurs de fonction de ligne occupée. Afficher l'historique des appels intercom Cliquez sur le bouton Répertoires et sélectionnez Historique intercom. Les détails des 25 plus récents appels intercom sont enregistrés. Il est impossible de composer des numéros intercom à partir de cette liste. Pour... Procédez comme suit :6-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator Composition à partir d'un répertoire Composition à partir d'un répertoire Selon sa configuration, Cisco IP Communicator peut proposer des fonctionnalités de répertoire d'entreprise et personnel : • Répertoire d'entreprise : contacts professionnels auxquels vous pouvez accéder sur Cisco IP Communicator. Il est configuré et géré par votre administrateur système. • Répertoire personnel : il s'agit, le cas échéant, de contacts personnels et des codes de numérotation abrégée associés que vous pouvez configurer et auxquels vous pouvez accéder à partir de Cisco IP Communicator et de vos pages Web Options utilisateur Cisco Unified CM. Le répertoire personnel comprend le carnet d'adresses personnel et les numéros abrégés : – Le carnet d'adresses personnel est un répertoire contenant vos contacts personnels. – Les numéros abrégés sont des codes affectés aux entrées du carnet d'adresses personnel pour permettre leur composition rapide.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Composition à partir d'un répertoire 6-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation du répertoire d’entreprise Rubriques connexes • Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne, page 3-34 Pour... Procédez comme suit : Composer un numéro à partir d'un répertoire d'entreprise (sans être déjà en ligne) 1. Appuyez sur le bouton Répertoires, puis sélectionnez Répertoire d'entreprise (le nom exact de ce service peut varier). 2. Saisissez un nom complet ou partiel à l'aide du clavier, puis appuyez sur Recher. 3. Pour composer un numéro, appuyez dessus dans la liste ou recherchez-le en faisant défiler la liste et décrochez le combiné. Composer un numéro à partir d'un répertoire d'entreprise (lorsque vous êtes déjà en ligne) 1. Appuyez sur le bouton Répertoires, puis sélectionnez Répertoire d'entreprise (le nom exact de ce service peut varier). 2. Saisissez un nom complet ou partiel à l'aide du clavier, puis appuyez sur Recher. 3. Faites défiler la liste jusqu'au numéro souhaité et appuyez sur Sélect. 4. Choisissez ensuite un élément de menu pour traiter l'appel initial : – Attente : met le premier appel en attente et compose le second. – Transfert : transfère le premier interlocuteur vers le second et vous déconnecte de l'appel. Sélectionnez à nouveau cette option après avoir composé le numéro pour terminer l'opération. – Conférence : établit une conférence téléphonique entre tous les interlocuteurs, vous y compris. (Appuyez à nouveau sur Conf. ou Conférence après avoir composé le numéro pour terminer l'opération.) – FinApp. : déconnecte le premier appel et compose le second. Vérifier si la ligne de téléphone du répertoire est occupée Vérifiez la présence d'indicateurs d'affichage de ligne occupé (FLO). 6-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator Composition à partir d'un répertoire Utilisation du répertoire personnel Les fonctions du répertoire personnel comprennent le carnet d'adresses personnel et les numéros abrégés. Pour... Procédez comme suit : Accéder au répertoire personnel (pour le carnet d'adresses personnel et les codes de numérotation abrégée) 1. Cliquez sur le bouton Répertoires, puis sélectionnez Répertoire personnel (le nom exact de ce service peut varier). 2. Saisissez votre ID utilisateur et votre PIN Cisco Unified Communications Manager, puis appuyez sur Soum. Rechercher une entrée dans le carnet d'adresses personnel 1. Accédez au répertoire personnel, puis sélectionnez Carnet d'adresses personnel. 2. Saisissez des critères de recherche, puis appuyez sur Soum. 3. Vous pouvez cliquer sur Préc. ou sur Suivant pour passer d'une entrée à l'autre. 4. Mettez en surbrillance l'entrée de carnet d'adresses personnel de votre choix et appuyez sur Sélect. Composer un numéro à partir d’une entrée du carnet d’adresses personnel 1. Recherchez une entrée. 2. Mettez l'entrée en surbrillance, puis appuyez sur Sélect. 3. Appuyez sur Compos. (Vous devrez peut-être d'abord cliquer sur la touche de fonction autres pour afficher le bouton Compos.) 4. Entrez le numéro de téléphone du participant. 5. Mettez en surbrillance le numéro à composer et cliquez sur OK. 6. Appuyez de nouveau sur OK pour composer le numéro. Supprimer une entrée du carnet d'adresses personnel 1. Recherchez une entrée. 2. Mettez l'entrée en surbrillance, puis appuyez sur Sélect. 3. Cliquez sur Supprimer. 4. Cliquez sur OK pour confirmer la suppression.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Composition à partir d'un répertoire 6-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Modifier une entrée du carnet d'adresses personnel 1. Recherchez une entrée. 2. Mettez l'entrée en surbrillance et appuyez surModif. pour changer un nom ou une adresse électronique. 3. Si nécessaire, sélectionnez Téléph. pour modifier un numéro de téléphone. 4. Cliquez sur MàJ. Ajouter une nouvelle entrée au carnet d'adresses personnel 1. Accédez au répertoire personnel, puis sélectionnez Carnet d'adresses personnel. 2. Accéder à la page Recherche en sélectionnant Soum. (Il n'est pas nécessaire d'entrer les critères de recherche au préalable.) 3. Cliquez sur Nouveau. 4. Utilisez le clavier de votre téléphone pour saisir un nom et les informations de l'adresse électronique. 5. Sélectionnez Téléph. et utilisez le clavier pour saisir des numéros de téléphone. Prenez soin d'inclure tous les codes d'accès nécessaires, comme 9 ou 1. 6. Sélectionnez Soum. pour ajouter l'entrée à la base de données. Affecter un code de numérotation abrégée à une entrée du carnet d'adresses personnel 1. Rechercher l'entrée dans le carnet d'adresses personnel. 2. Mettez l'entrée en surbrillance, puis appuyez sur Sélect. 3. Appuyez sur Numéro abrégé. 4. Mettez en surbrillance le numéro à composer et appuyez sur Sélect. 5. Mettez en surbrillance le code de numérotation abrégée à affecter au numéro, puis appuyez sur Sélect. Ajouter un code de numérotation abrégée (sans utiliser une entrée du carnet d’adresses personnel) 1. Cliquez sur le bouton Répertoires et sélectionnez Répertoire personnel> Numéros abrégés personnels. 2. Appuyez sur Numéro abrégé. 3. Mettez en surbrillance un code de numérotation abrégée non affecté, puis appuyez sur Sélect. 4. Appuyez sur Affecter. 5. Entrez un numéro de téléphone 6. Cliquez sur MàJ. Pour... Procédez comme suit :6-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator Composition à partir d'un répertoire Conseils • L’administrateur système peut vous fournir l’ID utilisateur et le code PIN nécessaires pour vous connecter au répertoire personnel. • Vous êtes automatiquement déconnecté du répertoire personnel au bout d'un certain temps. Ce délai est variable. Pour plus d'informations, contactez votre administrateur système. Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 • Utilisation de votre Carnet d'adresses personnel, page 7-3 • Configuration de numéros abrégés, page 7-4 Rechercher des codes de numérotation abrégée 1. Cliquez sur le bouton Répertoires et sélectionnez Numéros abrégés personnels. 2. Vous pouvez cliquer sur Préc. ou sur Suivant pour passer d'une entrée à l'autre. 3. Mettez en surbrillance l'entrée de votre choix et appuyez sur Sélect. Passer un appel à l’aide d’un code de numérotation abrégée 1. Recherchez un code de numérotation abrégée. 2. Mettez en surbrillance l'entrée de votre choix et appuyez sur Sélect. 3. Appuyez sur Compos. 4. Appuyez sur OK pour terminer l'opération. Supprimer un code de numérotation abrégée 1. Recherchez un code de numérotation abrégée. 2. Mettez en surbrillance l'entrée de votre choix et appuyez sur Sélect. 3. Appuyez sur Suppr. Vous déconnecter du répertoire personnel 1. Cliquez sur le bouton Répertoires, puis sélectionnez Répertoire personnel (le nom exact de ce service peut varier). 2. Choisissez Déconn. Pour... Procédez comme suit :Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Utilisation de la fonction Recherche rapide 6-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Utilisation de la fonction Recherche rapide La fonction Recherche rapide permet de lancer une recherche dans un ou plusieurs répertoires à l'aide d'une même commande. La recherche peut porter sur plusieurs répertoires d'entreprise et votre carnet d'adresses personnel, selon les paramètres configurés par votre administrateur système. Remarque La Recherche rapide dans le carnet d'adresses personnel n'est pas prise en charge dans toutes les versions de Cisco Unified Communications Manager. Demandez à votre administrateur système si cete fonctionnalité est disponible sur votre système. Pour accéder à la Recherche rapide, cliquez avec le bouton droit de la souris sur Cisco IP Communicator, et sélectionnez Recherche rapide. Dans la fenêtre Recherche rapide, entrez un nom ou un numéro de poste, puis cliquez sur Numérotation rapide ou sur Rechercher : • Numérotation rapide : permet de composer automatiquement le numéro lorsque le résultat fournit une seule correspondance. Vous devez toutefois cliquer sur la touche de fonction Compos. pour établir l'appel. Si la recherche renvoie plusieurs correspondances, celles-ci sont affichées. • Rechercher : affiche les résultats de la recherche sans composer automatiquement de numéro. Remarque Seuls les numéros de téléphone saisis dans le champ Professionnel du carnet d'adresses sont affichés dans les résultats de la Recherche rapide. Les numéros de téléphone personnels et de téléphone portable ne sont pas affichés. Pour passer un appel à partir des résultats de la recherche, cliquez sur une entrée de la fenêtre Recherche rapide, puis cliquez sur Compos. Rubriques connexes • Saisie d'informations de mot de passe pour la fonction Recherche rapide, page 6-116-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator Utilisation de la fonction Recherche rapide Saisie d'informations de mot de passe pour la fonction Recherche rapide Selon la manière dont vous souhaitez utiliser la Recherche rapide, vous derez peut-être saisir vos informations d'ouverture de session (nom d'utilisateur et mot de passe) comme décrit dans le tableau suivant. Pour... Procédez comme suit : Effectuer une recherche dans un répertoire d'entreprise Si vous n'utilisez pas le service Carnet d'adresses personnel et si vous faites appel à la fonction Recherche rapide uniquement pour trouver des collègues dans le répertoire de l'entreprise, il ne sera peut-être pas nécessaire d'effectuer de configuration. Effectuez un test en sélectionnant Recherche rapide dans le menu contextuel : • Si la fenêtre Recherche rapide apparaît, aucune configuration n'est nécessaire. • Si la fenêtre Recherche rapide ne s'ouvre pas, entrez un nom d'utilisateur et un mot de passe (clic droit > Préférences > onglet Répertoire). Demandez les informations correspondantes à votre administrateur système.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Utilisation de la fonction Recherche rapide 6-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Traitement des appels avec Cisco IP Communicator, page 3-1 • Personnalisation des paramètres sur Cisco IP Communicator, page 4-1 • Utilisation des journaux d'appels, page 6-3 • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Effectuer une recherche dans votre carnet d'adresses personnel Si vous utilisez le service Carnet d'adresses personnel, la fonction Recherche rapide peut essayer d'établir des correspondances dans un premier temps avec votre carnet d'adresses et dans un deuxième temps avec le répertoire de l'entreprise. Les conditions suivantes doivent être remplies pour que la Recherche rapide puisse accéder à votre carnet d'adresses personnel : • Votre administrateur système doit configurer la fonction Recherche rapide afin de l'intégrer dans les répertoires personnels. • Vous devez vous abonner au service Carnet d'adresses personnel (clic droit > Options utilisateur Cisco Unified CM). • Vous devez entrer votre nom d'utilisateur et votre mot de passe dans la fenêtre Répertoires (clic droit >Préférences > onglet Répertoires). Utiliser une autre méthode de recherche Si vous souhaitez utiliser une autre méthode de recherche que la fonction Recherche rapide, vous disposez des options suivantes : • Pour effectuer une recherche dans des répertoires d'entreprise, cliquez sur le bouton Répertoires, puis sélectionnez Répertoire d'entreprise (le nom exact de ce service peut varier). • Pour effectuer une recherche dans votre carnet d'adresses personenl, cliquez sur le bouton Services et sélectionnez Service Carnet d'adresses personnel (le nom exact de ce service peut varier). Entrez les informations concernant la recherche et cliquez sur Rechercher. Pour... Procédez comme suit :C H A P I T R E 7-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Comme votre téléphone Cisco IP Communicator est un périphérique réseau, il peut partager des données avec d’autres périphériques réseau de votre société, notamment votre ordinateur et vos services Web accessibles via un navigateur Web sur votre ordinateur. Vous pouvez établir des services téléphoniques et contrôler les fonctions à partir de votre ordinateur à l'aide des pages Web Options utilisateur de votre serveur de traitement d'appels Cisco Unified Communications Manager. Une fois les fonctions et services configurés sur les pages Web, vous pouvez y accéder à partir de votre Cisco IP Communicator. Vous pouvez, par exemple, configurer des boutons de numérotation abrégée à partir des pages Web, puis y accéder sur votre téléphone. • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 • Utilisation de votre Carnet d'adresses personnel, page 7-3 • Configuration de la numérotation abrégée, page 7-5 • Configuration de services téléphoniques, page 7-7 • Contrôle des paramètres utilisateur, page 7-9 • Contrôle des paramètres de ligne, page 7-10 • Configuration de téléphones et de listes d'accès pour la connexion mobile, page 7-12 • Utilisation de Cisco WebDialer, page 7-15Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Connexion aux pages Web Options utilisateur Cisco Unified CM 7-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Connexion aux pages Web Options utilisateur Cisco Unified CM Procédure Étape 1 Cliquez sur le bouton Menu (ou cliquez avec le bouton droit de la souris sur Cisco IP Communicator), et choisissez Options utilisateur Cisco Unified CM. Étape 2 Entrez l'ID d'utilisateur et le mot de passe par défaut fournis par votre administrateur système. Étape 3 À partir du menu principal, choisissez Options utilisateur > Périphérique. a. Sélectionnez le nom de périphérique qui correspond à Cisco IP Communicator. b. Une fois votre sélection effectuée, utilisez les boutons situés au bas de la fenêtre pour accéder aux paramètres appropriés pour votre périphérique. c. Cliquez sur Déconnecter pour quitter l'application. Étape 3 Si vous utilisez Cisco Unified Communications Manager 4.x : a. Dans le menu général, choisissez un type de périphérique dans la liste déroulante Sélectionner un périphérique. b. Une fois votre sélection effectuée, un menu contextuel apparaît et propose les options appropriées pour ce type de périphérique. (Si le type de périphérique ne figure pas dans la liste, contactez votre administrateur.) c. Cliquez sur Déconnecter pour quitter l'application. Conseil • Sélectionnez votre périphérique dans la page de menu pour afficher l'ensemble de vos options. • Cliquez sur MàJ pour appliquer et enregistrer vos modifications. • Cliquez sur Retour au menu pour revenir au menu contextuel.7-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Utilisation de votre Carnet d'adresses personnel Utilisation de votre Carnet d'adresses personnel Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 • Configuration de numéros abrégés, page 7-4 • Configuration de la numérotation abrégée, page 7-5 Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM Ajouter une nouvelle entrée au carnet d'adresses personnel 1. Choisissez Options utilisateur> Carnet d'adresses personnel. 2. Cliquez sur Ajouter nouveau. 3. Saisissez les informations correspondant à l'entrée. 4. Cliquez sur Enregistrer. Rechercher une entrée dans le carnet d'adresses personnel 1. Choisissez Options utilisateur> Carnet d'adresses personnel. 2. Indiquez les informations recherchées et cliquez sur Rechercher. Modifier une entrée du carnet d'adresses personnel 1. Recherchez l'entrée dans le carnet d'adresses personnel. 2. Cliquez sur un nom ou un pseudonyme. 3. Modifiez l'entrée et cliquez sur Enreg. Supprimer une entrée du carnet d'adresses personnel 1. Recherchez l'entrée dans le carnet d'adresses personnel. 2. Sélectionnez une ou plusieurs entrées. 3. Cliquez sur Supprimer la sélection.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Utilisation de votre Carnet d'adresses personnel 7-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Configuration de numéros abrégés Rubriques connexes • Utilisation de votre Carnet d'adresses personnel, page 7-3 • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM Affecter un code de numérotation abrégée à une entrée du carnet d'adresses personnel 1. Créez une entrée dans le carnet d'adresses personnel. 2. Sélectionnez Options utilisateur> Numéros abrégés. 3. Cliquez sur Ajouter nouveau. 4. Utilisez la zone des options de recherche pour trouver l'entrée du carnet d'adresses personnel. 5. Cliquez sur un numéro de téléphone dans la zone des résultats de recherche. 6. Modifiez le code de numérotation abrégée, le cas échéant. 7. Cliquez sur Enregistrer. Affecter un code de numérotation abrégée à un numéro de téléphone (sans utiliser d'entrée du carnet d'adresses personnel) 1. Sélectionnez Options utilisateur> Numéros abrégés. 2. Cliquez sur Ajouter nouveau. 3. Modifiez le code de numérotation abrégée, le cas échéant. 4. Entrez un numéro de téléphone 5. Cliquez sur Enregistrer. Rechercher une entrée de numérotation abrégée 1. Sélectionnez Options utilisateur> Numéros abrégés. 2. Indiquez les informations recherchées et cliquez sur Rechercher. Modifier le numéro de téléphone correspondant à un numéro abrégé 1. Sélectionnez Options utilisateur> Numéros abrégés. 2. Recherchez le numéro abrégé à modifier. 3. Cliquez sur un composant de l’entrée. 4. Modifiez le numéro de téléphone. 5. Cliquez sur Enregistrer. Supprimer un numéro abrégé 1. Recherchez le numéro abrégé. 2. Sélectionnez une ou plusieurs entrées. 3. Cliquez sur Supprimer la sélection.7-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de la numérotation abrégée Conseil Vous pouvez créer jusqu'à 500 entrées de numéros abrégés et de carnet d'adresses personnel. Conseil Vous pouvez créer de nouveaux numéros abrégés sans utiliser d'entrée du carnet d'adresses personnel. Ces entrées de numérotation abrégée sont étiquetées brut dans les pages Web Options utilisateur et n’affichent pas d’étiquette de texte configurable. Configuration de la numérotation abrégée Selon sa configuration, votre Cisco IP Communicator peut prendre en charge plusieurs fonctions de numérotation abrégée : • Les boutons de numérotation abrégée • La numérotation abrégée • Les numéros abrégés. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM Configurer les boutons de numérotation abrégée 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un téléphone dans le menu déroulant Nom. 3. Cliquez sur Numérotations abrégées. 4. Saisissez le numéro et l'intitulé correspondant à un bouton de numérotation abrégée (bouton programmable) de votre téléphone. 5. Cliquez sur Enregistrer. Remarque Votre téléphone utilise le champ Nom sans caract. accentués.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de la numérotation abrégée 7-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 • Configuration de numéros abrégés, page 7-4 • Utilisation du répertoire personnel, page 6-7 Configurer les boutons de numérotation abrégée Cisco Unified Communications Manager version 4.x Accédez à vos pages Web Options utilisateur Cisco Unified CM, sélectionnez votre périphérique, puis sélectionnez Ajouter/mettre à jour vos numéros abrégés dans le menu principal. Dans la section Paramètres de numérotation abrégée du téléphone, entrez un numéro de téléphone et un intitulé pour chaque bouton de numérotation abrégée disponible. Entrez le numéro exactement comme si vous le composiez sur votre téléphone fixe. Par exemple, si nécessaire, entrez un code d'accès, tel que le 9 ou l'indicatif régional. L'intitulé que vous entrez apparaît en regard du bouton de numérotation abrégée sur l'écran de votre téléphone. Configurer la numérotation abrégée 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un téléphone dans le menu déroulant Nom. 3. Cliquez sur Numérotations abrégées. 4. Saisissez le numéro et le libellé correspondant à un code de numérotation abrégée. 5. Cliquez sur Enregistrer. Configuration de la numérotation abrégée Cisco Unified Communications Manager version 4.x Accédez à vos pages Web Options utilisateur Cisco Unified CM, sélectionnez votre périphérique, puis sélectionnez Ajouter/mettre à jour vos numéros abrégés dans le menu principal. 1. Dans la section Paramètres de numérotation abrégée non associés à un bouton du téléphone, entrez un numéro de téléphone et un intitulé pour chaque bouton de numérotation abrégée disponible. Entrez le numéro exactement comme si vous le composiez sur votre téléphone. Par exemple, si nécessaire, entrez un code d'accès, tel que le 9 ou l'indicatif régional. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM7-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de services téléphoniques Configuration de services téléphoniques Les services téléphoniques peuvent inclure des fonctions téléphoniques spéciales, des données réseau et des informations basées sur le Web (par exemple les cours de la bourse ou les programmes de cinéma). Vous devez vous abonner à un service téléphonique pour pouvoir y accéder sur votre téléphone. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM S'abonner à un service 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un nom Cisco IP Communicator dans le menu déroulant. 3. Cliquez sur Services téléphoniques. 4. Cliquez sur Ajouter nouveau. 5. Choisissez un service dans la liste déroulante et cliquez sur Suivant. 6. Changez l'intitulé du service et/ou saisissez des informations supplémentaires sur le service, le cas échéant (facultatif). 7. Cliquez sur Enregistrer. Cisco Unified Communications Manager 4.x Dans le menu principal, sélectionnez Configurer vos services téléphoniques IP Cisco. Sélectionnez un service dans la liste déroulante Services disponibles, puis cliquez sur Continuer. Saisissez les renseignements supplémentaires qui vous sont demandés (par exemple, un code postal ou un code PIN), puis cliquez sur S'abonner. Rechercher des services 1. Sélectionnez un Nom de périphérique Cisco IP Communicator. 2. Cliquez sur Services téléphoniques. 3. Cliquez sur Rechercher. Modifier un service ou vous désabonner 1. Recherchez les services. 2. Sélectionnez une ou plusieurs entrées. 3. Cliquez sur Supprimer la sélection. Cisco Unified Communications Manager 4.x Dans le menu principal, sélectionnez Configurer vos services téléphoniques IP Cisco. Cliquez sur un service dans le volet Vos abonnements. Cliquez sur MàJ après avoir effectué vos modifications ou sur Se désabonner. Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de services téléphoniques 7-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Changer le nom d’un service 1. Recherchez les services. 2. Cliquez sur le nom du service. 3. Modifiez les informations et cliquez sur Enreg. Associer un service à un bouton programmable disponible 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un nom Cisco IP Communicator dans le menu déroulant. 3. Cliquez sur URL de service. Remarque Si cette option n'apparaît pas à l'écran, demandez à votre administrateur système de configurer un bouton d'URL de service pour votre téléphone. 4. Sélectionnez un service dans la liste déroulante Bouton de service. 5. Si vous souhaitez renommer le service, modifiez les champs d’étiquettes. Remarque Votre téléphone utilise le champ Nom sans caract. accentués s'il ne prend pas en charge les jeux de caractères à deux octets. 6. Cliquez sur Enregistrer. 7. Cliquez sur Réinitialiser pour réinitialiser votre téléphone (nécessaire pour afficher le nouveau libellé du bouton sur votre téléphone). Cisco Unified Communications Manager version 4.x Après vous être abonné à un service, sélectionnez Ajouter/mettre à jour vos boutons URL de service dans le menu principal. Pour chaque touche disponible, sélectionnez un service dans la liste déroulante, puis saisissez une description. Une fois vos modifications effectuées, cliquez sur MàJ. L'administrateur du système détermine le nombre de touches pouvant être associées à des services ; il peut également affecter des touches de service à votre téléphone. Accéder à un service sur le téléphone Cliquez sur le bouton Services. Ou bien, si vous avez ajouté un service à un bouton programmable, appuyez sur le bouton. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM7-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Contrôle des paramètres utilisateur Contrôle des paramètres utilisateur Les paramètres utilisateur incluent votre mot de passe, votre nuémro d'identification personnel et vos paramètres de langue. Conseil Votre code PIN et votre mot de passe permettent d'accéder à plusieurs fonctions et services. Par exemple, utilisez votre code PIN pour vous connecter au service de mobilité de poste de Cisco ou au répertoire personnel de votre téléphone. Utilisez votre mot de passe pour vous accéder à vos pages Web Options utilisateur et à Cisco WebDialer sur votre ordinateur. Pour en savoir plus, contactez votre administrateur système. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM Changement de mot de passe 1. Sélectionnez Options utilisateur > Paramètres utilisateur. 2. Remplissez les champs de la zone Mot de passe du navigateur. 3. Cliquez sur Sauvegarder. Modification de votre numéro d'identification personnel 1. Sélectionnez Options utilisateur > Paramètres utilisateur. 2. Remplissez les champs de la zone PIN du téléphone, 3. Cliquez sur Enregistrer. Modifier la langue des pages Web Options utilisateur 1. Sélectionnez Options utilisateur > Paramètres utilisateur. 2. Dans la zone Langue utilisateur, choisissez une option dans la liste déroulante Langue. 3. Cliquez sur Enregistrer. Modifier la langue de l'écran de votre téléphone 1. Sélectionnez Options utilisateur > Paramètres utilisateur. 2. Sélectionnez une option dans la liste déroulante Langue utilisateur. 3. Cliquez sur Enregistrer.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Contrôle des paramètres de ligne 7-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Contrôle des paramètres de ligne Les paramètres de ligne affectent une ligne précise (numéro d'annuaire) de votre Cisco IP Communicator. Les paramètres de ligne peuvent inclure le transfert d'appels, les indicateurs de message vocal, la mélodie de sonneries et les libellés de ligne. Vous pouvez configurer d'autres paramètres de ligne directement sur votre Cisco IP Communicator : Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM... Configurer le renvoi d'appels par ligne 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un nom de Cisco IP Communicator dans le menu déroulant Nom. 3. Cliquez sur Paramètres de ligne. 4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre téléphone, sélectionnez une ligne dans le menu déroulant Ligne. 5. Dans la zone Renvoi des appels entrants, choisissez les paramètres de transfert d'appels correspondant à diverses circonstances. 6. Cliquez sur Enregistrer. Modifier le paramètre d'indicateur de message vocal selon la ligne (témoin lumineux) 1. Sélectionnez Options utilisateur> Périphérique. 2. Sélectionnez un nom de Cisco IP Communicator dans le menu déroulant Nom. 3. Cliquez sur Paramètres de ligne. 4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre téléphone, sélectionnez une ligne dans le menu déroulant Ligne. 5. Dans la zone Indicateur de messages en attente, choisissez un ou plusieurs paramètres. Remarque En général, le paramètre par défaut pour les messages en attente demande à votre téléphone d'afficher un témoin lumineux rouge fixe sur la bande lumineuse du combiné pour signaler la présence d'un nouveau message vocal. 6. Cliquez sur Enregistrer.7-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Contrôle des paramètres de ligne Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 • Personnalisation des sonneries et des indicateurs de message, page 4-3 • Accès aux paramètres, page 4-1 Modifier le paramètre d'indicateur sonore de message vocal selon la ligne 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un nom de Cisco IP Communicator dans le menu déroulant Nom. 3. Cliquez sur Paramètres de ligne. 4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre téléphone, sélectionnez une ligne dans le menu déroulant Ligne. 5. Dans la zone Indicateur de messages en attente, choisissez un ou plusieurs paramètres. Remarque En général, le paramètre par défaut pour les messages en attente demande à votre téléphone d'afficher un témoin lumineux rouge fixe sur la bande lumineuse du combiné pour signaler la présence d'un nouveau message vocal. 6. Cliquez sur Enregistrer. Modifier ou créer un libellé de ligne affiché à l'écran de votre téléphone 1. Sélectionnez Options utilisateur > Périphérique. 2. Sélectionnez un téléphone dans le menu déroulant Nom. 3. Cliquez sur Paramètres de ligne. 4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre téléphone, sélectionnez une ligne dans le menu déroulant Ligne. 5. Dans la zone Libellé de ligne, saisissez un libellé. 6. Cliquez sur Enregistrer. Remarque Votre téléphone utilise le champ Nom sans caract. accentués s'il ne prend pas en charge les jeux de caractères à deux octets. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM...Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de téléphones et de listes d'accès pour la connexion mobile 7-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Configuration de téléphones et de listes d'accès pour la connexion mobile Lorsque vous utilisez la fonction de connexion mobile Cisco Mobile Connect, vous devez indiquer les téléphones portables et les autres téléphones à utiliser pour passer et prendre des appels en utilisant les mêmes numéros de répertoire que ceux de votre téléphone de bureau. Ces téléphones sont appelés destinations distantes. Vous pouvez également définir des listes d'accès pour interdire ou autoriser l'envoi vers votre téléphone portable d'appels en provenance de certains numéros. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM Créer une liste d'accès 1. Sélectionnez Options utilisateur > Paramètres de mobilité > Listes d'accès. 2. Cliquez sur Ajouter nouveau. 3. Saisissez les informations suivantes : – Nom : identifie la liste d'accès – Description : décrit la liste d'accès. 4. Sélectionnez l'une des options suivantes : – Liste d'accès bloqué : crée la liste des numéros à bloquer – Liste d'accès autorisé : crée la liste des numéros autorisés 5. Cliquez sur Enregistrer. 7-13 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de téléphones et de listes d'accès pour la connexion mobile Ajouter des membres à une liste d'accès. 1. Créez une liste d'accès. 2. Cliquez sur Ajouter un membre pour ajouter des numéros de téléphone ou des filtres à la liste. 3. Sélectionnez une option dans la liste déroulante Masque de filtre. Vous pouvez filtrer un numéro de répertoire ou les appels dont l'ID d'appelant est restreint (Non disponible) ou anonyme (Confidentiel). 4. Si vous sélectionnez un numéro de répertoire dans la liste déroulante Masque de filtre, saisissez un numéro de téléphone ou un filtre dans le champ Masque NR. Vous pouvez utiliser les caractères génériques suivants pour définir un filtre : – X (majuscule ou minuscule) : correspond à un chiffre. Par exemple, 408555123X correspond à n'importe quel numéro compris entre 4085551230 et 4085551239. – ! : correspond à un nombre indéfini de chiffres. Par exemple, 408! correspond à tout numéro commençant par 408. – # : remplace un chiffre pour créer une correspondance exacte. 5. Cliquez sur Enreg. pour ajouter ce membre à la liste d'accès. 6. Cliquez de nouveau sur Enreg. pour enregistrer la liste d'accès. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CMChapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Configuration de téléphones et de listes d'accès pour la connexion mobile 7-14 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Ajouter une nouvelle destination distante 1. Sélectionnez Options utilisateur > Paramètres de mobilité > Destinations distantes. 2. Sélectionnez le périphérique dans la zone de liste déroulante Nom. 3. Cliquez sur Destinations distantes. 4. Cliquez sur Ajouter nouveau. 5. Sisissez les informations suivantes : – Nom : saisissez un nom pour le téléphone portable (ou tout autre téléphone). – Numéro de destination : saisissez le numéro de votre téléphone portable. – Minuteur de réponse précoce : Saisissez le délai (en millisecondes) à observer avant la prise d'un appel sur le périphérique de destination distante. – Minuteur de réponse tardive : Saisissez le délai (en millisecondes) à observer avant la prise d'un appel sur le périphérique de destination distante. – Indicateur de délai avant sonnerie : Saisissez le délai (en millisecondes) à observer avant que la sonnerie ne retentisse sur le périphérique de destination distante. – Profil de destination distante : Sélectionnez un profil de destination distante (contient les paramètres applicables à toutes vos destinations distantes). – Liste d'accès autorisé : Sélectionnez un numéro de téléphone ou une règle qui autorise votre téléphone portable à sonner lorsqu'un appel arrive sur votre téléphone de bureau. Vous pouvez sélectionner une liste d'accès autorisé ou une liste d'accès bloqué, mais pas les deux. – Liste d'accès bloqué : Sélectionnez un numéro de téléphone ou une règle qui empêche votre téléphone portable de sonner lorsqu'un appel arrive sur votre téléphone de bureau. Vous pouvez sélectionner une liste d'accès autorisé ou une liste d'accès bloqué, mais pas les deux. – Téléphone portable : Sélectionnez cette option pour que votre téléphone portable accepte un appel composé à partir de votre téléphone de bureau. – Activer la connexion mobile : Sélectionnez cette option pour que votre téléphone portable sonne en même temps que votre téléphone de bureau. Vous pouvez également configurer un calendrier de sonnerie. 6. Cliquez sur Enregistrer. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM7-15 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Utilisation de Cisco WebDialer Utilisation de CiscoWebDialer Cisco WebDialer permet d'appeler des contacts du répertoire Cisco IP Communicator en cliquant sur les éléments d'un navigateur Web. Votre administrateur système doit configurer cette fonction à votre place. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CM Utiliser WebDialer avec votre répertoire Options utilisateur 1. Sélectionnez Options utilisateur > Répertoire et recherchez un collègue. 2. Cliquez sur le numéro à composer. 3. Si vous utilisez WebDialer pour la première fois, configurez vos préférences et cliquez sur Soum. (voir la dernière ligne de ce tableau pour plus de détails). 4. Si la page Passer un appel s'affiche, cliquez sur Compos. (Voir à la dernière ligne de ce tableau la procédure permettant de ne plus afficher cette page à l'avenir.) L'appel est passé sur votre téléphone. 5. Cliquez sur Raccrocher ou raccrochez le combiné de votre téléphone pour mettre fin à un appel. Utiliser WebDialer avec un autre répertoire d'entreprise en ligne (et non votre répertoire Options utilisateur) 1. Connectez-vous à un répertoire d'entreprise compatible avec WebDialer et recherchez des collègues. 2. Cliquez sur le numéro à composer. 3. Lorsque vous y êtes invité, entrez votre ID utilisateur et votre mot de passe. 4. Si vous utilisez WebDialer pour la première fois, configurez vos préférences et cliquez sur Soum. (voir la dernière ligne de ce tableau pour plus de détails). 5. Si la page Passer un appel s'affiche, cliquez surCompos. (Voir à la dernière ligne de ce tableau la procédure permettant de ne plus afficher cette page à l'avenir.) L'appel est passé sur votre téléphone. 6. Cliquez sur Raccrocher ou raccrochez le combiné de votre téléphone pour mettre fin à un appel.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM Utilisation de Cisco WebDialer 7-16 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Rubriques connexes • Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2 Vous déconnecter de WebDialer Cliquez sur l'icône de déconnexion à la page Passer un appel ou Raccrocher. Configurer, afficher ou modifier des préférences de WebDialer Accédez à la page Préférences. La page Préférences s'affiche la première fois que vous utilisez WebDialer (après avoir cliqué sur le numéro à composer). Pour revenir aux préférences par la suite, cliquez sur l'icône Préférences des pages Passer un appel ou Raccrocher. La page Préférences contient les options suivantes : • Langue souhaitée : détermine la langue utilisée pour les paramètres et les invites de WebDialer. • Utiliser un périphérique permanent : identifie le téléphone IP Cisco Unified et le numéro de répertoire (ligne) à utiliser pour passer des appels WebDialer. Si votre téléphone dispose d'une seule ligne, ce téléphone et cette ligne sont sélectionnés automatiquement. Sinon, choisissez un téléphone et/ou une ligne. Les téléphones sont indiqués par leur nom d'hôte. (Pour afficher le nom système de votre téléphone, cliquez sur le bouton Paramètres et sélectionnez Configuration réseau > Nom d'hôte.) • Utiliser la mobilité de poste : lorsque qu'elle est sélectionnée, cette option invite WebDialer à utiliser le téléphone IP Cisco Unified associé à votre profil de mobilité de poste (le cas échéant). • Ne pas afficher la boîte de dialogue de confirmation d'appel : lorsque qu'elle est sélectionnée, cette option invite WebDialer à supprimer la page Passer un appel. Cette page s'affiche par défaut lorsque vous cliquez sur un numéro de téléphone dans un répertoire en ligne compatible avec WebDialer. Pour... Effectuez l'action suivante après avoir accédé à la page Web Options utilisateur Cisco Unified CMC H A P I T R E 8-1 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 8 Dépannage Cisco IP Communicator • Problèmes d'ordre général, page 8-1 • Problèmes de qualité vocale, page 8-5 • Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les problèmes de performance, page 8-10 • Activation de journaux détaillés, page 8-11 • Capture d'informations sur les problèmes, page 8-11 Problèmes d'ordre général Problème La qualité audio est mauvaise lorsque je participe à des téléconférences MeetingPlace et que j'utilise Cisco IP Communicator. Solution Fermez les applications inutilisées lorsque vous participez à une téléconférence. Si vous utilisez une connexion VPN, envisagez d'utiliser l'option de connectivité de la console Cisco Unified MeetingPlace. Vous pouvez également optimiser la bande passante de la session de téléconférence en utilisant différentes connexions. Les utilisateurs de Cisco Unified MeetingPlace disposent d'une option permettant de vérifier que leur connexion est adéquate. Les détails sur l'optimisation de la bande passante dans MeetingPlace sont fournis dans le Guide d'utilisation de Cisco Unified MeetingPlace.Chapitre 8 Dépannage Cisco IP Communicator Problèmes d'ordre général 8-2 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Problème Après le démarrage initial, aucun numéro de poste n'apparaît et la ligne d'état affiche le libellé Enregistrement en cours. Solution Vérifiez que vous avez sélectionné un serveur TFTP, le cas échéant. Si vous devez définir une adresse TFTP, votre administrateur doit vous la fournir. Si vous êtes un utilisateur distant, veillez à établir la connexion réseau avant de lancer Cisco IP Communicator. Rubriques connexes • Configuration et enregistrement Cisco IP Communicator, page 1-9 • Paramètres réseau, page 4-7 Problème Après son démarrage, Cisco IP Communicator ne trouve pas votre carte réseau et vous demande de l'insérer. Solution Si possible, sélectionnez un autre périphérique d'interface réseau. Vous pouvez par exemple remplacer une carte sans fil ou un adaptateur Ethernet USB par un autre adaptateur. Si vous avez lancé Cisco IP Communicator pour la première fois sur un ordinateur portable connecté à une station d'accueil, essayez de connecter l'ordinateur à la station. Si cela résoud le problème, demandez à votre administrateur système de vous aider à configurer le nom du périphérique afin que Cisco IP Communicator fonctionne sans qu'il ne soit nécessaire de connecter l'ordinateur à la station d'accueil. Si vous avez retiré ou désactivé définitivement l'adaptateur réseau qui avait été sélectionné, contactez votre administrateur système avant de sélectionner un autre adaptateur. Rubriques connexes • Configuration et enregistrement Cisco IP Communicator, page 1-9 • Paramètres réseau, page 4-7 Problème Votre périphérique audio n'apparaît pas dans le menu déroulant d'un mode audio. Solution Si le périphérique est un combiné USB, un casque USB ou une carte son, vérifiez qu'il est correctement installé et redémarrez Cisco IP Communicator. Les périphériques qui sont installés lorsque l'application est ouverte ne sont reconnus qu'au lancement suivant de celle-ci.8-3 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 8 Dépannage Cisco IP Communicator Problèmes d'ordre général S'il s'agit d'un périphérique analogique, il n'apparaît pas dans les listes des modes audio car ce type de périphérique est considéré comme une extension de votre carte son. Dans ce cas, sélectionnez cette dernière. Pour utiliser un périphérique pour la lecture du son et un autre (par exemple, un microphone de caméra VT) pour l'enregistrement du son dans Cisco IP Communicator, cliquez avec le bouton droit sur > Préférences > onglet Audio. Sélectionnez Périphérique audio Windows par défaut dans la liste déroulante pour un ou plusieurs paramètres, puis cliquez sur OK. Rubriques connexes • Installation de périphériques audio avant le lancement initial, page 1-3 • Affectation de modes audio, page 4-9 • Sélection d'un mode audio, page 4-9 • Suppression et réinstallation de périphériques audio, page 5-6 Problème Après son démarrage, Cisco IP Communicator n'affiche aucun numéro de poste ou affiche un numéro de poste incorrect. Solution Contactez votre administrateur système pour obtenir de l'aide. Il se peut que vous ayez sélectionné une carte réseau incorrecte. Si vous disposez de plusieurs cartes et si vous êtes invité à en sélectionner une immédiatement après l'installation de Cisco IP Communicator, sélectionnez une carte susceptible d'offrir une connexion ininterrompue ou une carte activée en permanence (même si elle est débranchée). Contactez votre administrateur système pour savoir quelle carte sélectionner. Le paramètre de carte réseau permet à Cisco IP Communicator de s'identifier auprès du réseau ; il n'est pas utilisé pour la transmission audio. C'est pourquoi vous ne devez pas modifier ce paramètre une fois qu'il a été défini, à moins que vous ne supprimiez ou désactiviez définitivement la carte réseau sélectionnée. Dans ce cas, contactez votre administrateur système avant de sélectionner une autre carte. Rubriques connexes • Configuration et enregistrement Cisco IP Communicator, page 1-9 • Paramètres réseau, page 4-7Chapitre 8 Dépannage Cisco IP Communicator Problèmes d'ordre général 8-4 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Problème Rien ne se passe lorsque vous sélectionnez l'option Recherche rapide. Solution Cliquez avec le bouton droit de la souris sur > Préférences > onglet Répertoires, et saisissez le nom d'utilisateur et le mot de passe fournis par votre administrateur système. Rubriques connexes • Paramètres de répertoire, page 4-15 • Utilisation du répertoire personnel, page 6-7 Problème La sonnerie de votre téléphone n'est pas audible ou est difficile à entendre. Solution Réglez le volume de votre sonnerie en cliquant sur le bouton Vo lume lorsqu'aucun appel n'est actif. • Si vous utilisez un combiné USB, ne le sélectionnez pas pour la sonnerie. De manière générale, il est conseillé de sélectionner la carte son pour la sonnerie. • Si votre carte son est sélectionnée pour le mode Sonnerie et qu'un casque est connecté aux prises jack audio de l'ordinateur, vous devez porter le casque pour entendre la sonnerie. Rubriques connexes • Installation de périphériques audio avant le lancement initial, page 1-3 • Affectation de modes audio, page 4-9 • Utilisation de l'Assistant de réglage audio, page 1-6 • Accès aux paramètres, page 4-1 • Problèmes de qualité vocale, page 8-58-5 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 8 Dépannage Cisco IP Communicator Problèmes de qualité vocale Problèmes de qualité vocale Avant de commencer • Si le problème concerne le volume, commencez par essayer de régler celui-ci en cliquant sur Volume dans Cisco IP Communicator. • Appelez d'autres personnes afin de déterminer si le problème est lié à Cisco IP Communicator ou au téléphone de votre interlocuteur. Si vous pensez que le problème provient du téléphone de votre interlocuteur, réglez le volume dans Cisco IP Communicator. Évitez dans ce cas de modifier les paramètres à l'aide de l'Assistant de réglage audio (ces modifications risqueraient en effet de ne pas convenir à tous les appels). • Votre administrateur système peut vous demander d'activer la journalisation afin d'enregistrer des informations détaillées en vue du dépannage. En cas de problème concernant le niveau du volume, procédez comme suit : • Dans l'Assistant de réglage audio, commencez par régler le curseur de volume principal. Ce paramètre s'applique à toutes les applications qui lisent des données audio. Vous devez donc tester ce paramètre dans les autres applications (telles que le Lecteur Microsoft Windows Media et RealPlayer) afin de vérifier que les niveaux de volume sont corrects. • Dans l'Assistant de réglage audio, réglez ensuite le curseur de volume Wave afin d'atteindre un niveau d'écoute confortable pour les appels téléphoniques. • Si vous avez modifié les paramètres de volume dans Microsoft Windows, exécutez de nouveau l'Assistant de réglage audio (voir procédure ci-dessus) afin de régler de nouveau les paramètres de volume principal et de volume Wave. Rubriques connexes • Activation de journaux détaillés, page 8-11 Problème La voix de votre interlocuteur est trop forte. Solution • Essayez de régler le volume en cliquant sur le bouton Vo lume. • Lancez l'Assistant de réglage audio et réglez le volume du haut-parleur du périphérique audio en cours d'utilisation. Chapitre 8 Dépannage Cisco IP Communicator Problèmes de qualité vocale 8-6 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Problème Votre interlocuteur vous indique que votre voix est trop forte. Solution • Essayez d'éloigner légèrement le microphone de votre bouche, en le déplaçant vers votre menton si vous utilisez un casque. • Si le problème persiste, lancez l'Assistant de réglage audio et diminuez le volume du microphone pour le périphérique audio en cours d'utilisation. • Si votre voix reste trop forte, désactivez la fonction Amplificateur de microphone pour ce périphérique de l'Assistant de réglage audio. Problème La voix de votre interlocuteur est trop faible. Solution • Essayez de régler le volume en cliquant sur le bouton Vo lume. • Lancez l'Assistant de réglage audio et réglez le volume du haut-parleur du périphérique audio en cours d'utilisation. Problème Votre interlocuteur vous indique que votre voix est trop faible. Solution • Si vous utilisez un casque, vérifiez que Cisco IP Communicator fonctionne en mode Casque et non en mode Haut-parleur. Le mode Casque est activé lorsque le bouton Casque best allumé. Si ce bouton n'est pas allumé, cliquez dessus. • Si vous utilisez un casque, vérifiez que le microphone est correctement positionné. • Si le problème persiste, lancez l'Assistant de réglage audio et augmentez le volume du microphone pour le périphérique audio en cours d'utilisation. Avant de régler un périphérique audio disposant de sa propre commande de volume (un casque USB avec des commandes de volume sur le cordon, par exemple), augmentez au maximum le volume du périphérique. • Si votre voix reste trop faible, activez la fonction Amplificateur de microphone pour le périphérique audio dans l'Assistant de réglage audio. Problème La voix de votre interlocuteur est assourdie. 8-7 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 8 Dépannage Cisco IP Communicator Problèmes de qualité vocale Solution • Si vous utilisez Cisco IP Communicator à distance, activez l'option Optimiser pour une bande passante étroite (clic droit > Préférences > onglet Audio). • Si vous n'utilisez pas Cisco IP Communicator sur une connexion à distance, désactivez l'option Optimiser pour une bande passante étroite. • Demandez à votre interlocuteur de diminuer le volume de son microphone, si cela est possible. Rubriques connexes • Paramètres audio, page 4-8 Problème Votre interlocuteur vous indique que votre voix est assourdie. Solution • Lancez l'Assistant de réglage audio et réglez le volume du microphone du périphérique audio en cours d'utilisation. • Si vous n'utilisez pas Cisco IP Communicator sur une connexion à distance, désactivez l'option Optimiser pour une bande passante étroite. Problème La voix de votre interlocuteur semble lointaine ou étrange. Solution Si vous utilisez un casque, vérifiez que Cisco IP Communicator fonctionne en mode Casque et non en mode Haut-parleur. (Le bouton Casque devrait être allumé.) Problème Votre interlocuteur vous indique que votre voix semble lointaine ou étrange. Solution Activez l'option Optimiser pour une bande passante étroite (clic droit > Préférences > onglet Audio). Rubriques connexes • Paramètres audio, page 4-8 Problème La voix de votre interlocuteur est entrecoupée de silences ou hachée.Chapitre 8 Dépannage Cisco IP Communicator Problèmes de qualité vocale 8-8 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Solution • Fermez toutes les applications inutiles. Tenez compte du fait que le lancement d'applications et les opérations qui sollicitent le réseau (envoi de courriers électroniques, par exemple) peuvent avoir une incidence sur la qualité audio. • Vérifiez que le mode Haut-parleur n'est pas activé. • Sélectionnez un autre paramètre audio en choisissant Préférences > onglet Audio > onglet Avancés. • Si vous utilisez Cisco IP Communicator sur une connexion à distance (par exemple, la connexion VPN de votre domicile ou d'un hôtel), vous risquez de rencontrer des problèmes de qualité vocale en raison d'une bande passante insuffisante. Activez l'option Optimiser pour une bande passante étroite (clic droit > Préférences > onglet Audio. • Vérifiez que votre carte son et vos pilotes audio sont correctement installés. Remarque La transmission peut être interrompue par des bruits secs, des craquements ou des silences en cas d'encombrement du réseau ou de problèmes de trafic de données. Problème Les bruits de fond vous empêchent d'entendre la voix de l'intervenant. Solution Demandez à l'intervenant de : • Se déplacer vers un endroit plus calme. • Activer l'annulation du bruit ou augmenter le niveau d'agressivité de l'annulation du bruit (clic droit > Préférences > onglet Audio > bouton Avancés). L'annulation du bruit est appliquée au microphone (périphérique d'entrée) pour empêcher la transmission du bruit vers la destination distante. Lors d'une conférence téléphonique, demandez aux autres participants de couper le son sur leur téléphone lorsqu'ils ne prennent pas la parole. Problème Vous entendez un écho. Solution • Demandez à votre interlocuteur de diminuer le volume de son microphone ou de son haut-parleur, si possible. • Si votre interlocuteur utilise Cisco IP Communicator comme téléphone à haut-parleur, demandez-lui de vérifier que le bouton Haut-parleur est allumé.8-9 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 8 Dépannage Cisco IP Communicator Problèmes de qualité vocale • Vérifiez que votre carte son n'envoie pas les données audio du haut-parleur vers le microphone. Procédez comme suit : a. Réglez le volume (Panneau de configuration > Sons et multimédia > onglet Audio). b. Cliquez sur Lecture des sons bouton Volume. c. Choisissez Options > Propriétés > Lecture et vérifiez que toutes les cases à cocher figurant dans la partie inférieure de la fenêtre sont sélectionnées, puis cliquez sur OK. d. Dans la fenêtre Contrôle du volume, vérifiez que l'option Muet est sélectionnée pour la colonne Balance du microphone. Certains périphériques audio sont dotés de plusieurs entrées de microphone (par exemple, interne et externe) pouvant capter le son provenant du haut-parleur et créer un signal en retour. Problème Votre interlocuteur entend un écho. Solution • Lancez l'Assistant de réglage audio et réduisez le volume du microphone du périphérique audio en cours d'utilisation. Vérifiez que la fonction Amplificateur de microphone est désactivée. Ensuite, vérifiez le nouveau paramètre de volume en appelant un interlocuteur. • Si vous utilisez votre ordinateur en tant que haut-parleur, laissez le bouton Haut-parleur allumé. • En dernier ressort, changez de périphérique audio. • Si vous utilisez un ordinateur portable sans casque ni combiné, les trois modes sont mappés sur la carte son et agissent comme des haut-parleurs. Mettez le périphérique en mode Haut-parleur. Problème Votre interlocuteur ne vous entend pas du tout (mais vous l'entendez). Solution • Vérifiez que vous n'avez pas activé l'option Muet à partir des commandes du cordon du casque ou du combiné USB. • Vérifiez que les fiches du haut-parleur et du microphone sont insérées dans les prises jacks audio correctes de l'ordinateur. • Vérifiez qu'aucune autre application n'utilise le microphone (un enregistreur audio ou un autre téléphone logiciel, par exemple).Chapitre 8 Dépannage Cisco IP Communicator Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les problèmes de performance 8-10 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Problème Votre interlocuteur vous entend, mais vous ne l'entendez pas. Solution • Vérifiez que les fiches du haut-parleur et du microphone sont insérées dans les prises jacks audio correctes de l'ordinateur. • Vérifiez les paramètres de volume et de coupure du son des périphériques audio système dans le Panneau de configuration. • Vérifiez le réglage du volume de Cisco IP Communicator (le bouton Vo lume et l'Assistant de réglage audio). Problème Vous ne pouvez pas parler en même temps que votre interlocuteur. Solution Vérifiez que vous utilisez une carte son duplex intégral. Problème Vous n'entendez aucun son, pas même une tonalité. Solution • Si vous utilisez une station d'accueil et si votre périphérique audio est connecté à celle-ci, vérifiez que l'ordinateur est connecté à la station d'accueil. • Redémarrez Cisco IP Communicator. Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les problèmes de performance L'administrateur système peut configurer temporairement votre téléphone à l'aide de l'Outil de génération de rapports sur la qualité pour régler les problèmes de performance. Vous pouvez cliquer sur QRT (vous devrez peut-être cliquer plusieurs fois sur autres pour afficher la touche de fonction QRT) pour envoyer des informations à votre administrateur système. Selon la configuration de votre système, l'outil QRT permet de : • signaler immédiatement un problème audio lors d'un appel en cours ; • sélectionner un problème général dans une liste de types de problèmes et choisir des codes de raison. L'administrateur système peut également vous demander de capturer des informations (journaux détaillés) pour aider à résoudre un problème.8-11 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 8 Dépannage Cisco IP Communicator Activation de journaux détaillés Rubriques connexes • Utilisation de l'Assistant de réglage audio, page 1-6 • Accès aux paramètres, page 4-1 • Problèmes d'ordre général, page 8-1 • Capture d'informations sur les problèmes, page 8-11 Activation de journaux détaillés Si vous rencontrez des problèmes lors de l'utilisation de Cisco IP Communicator et si votre administrateur système vous y invite, activez la journalisation détaillée (clic droit > Préférences > onglet Utilisateur et activez l'option Activer la journalisation). Remarque Votre paramétrage est conservé jusqu'à ce que vous le changiez, même après un redémarrage. La journalisation détaillée pouvant affecter la performance, désactivez-la dès que vous n'en avez plus besoin. Désactivez Activer la journalisation pour désactiver cette fonctionnalité. Rubriques connexes • Capture d'informations sur les problèmes, page 8-11 Capture d'informations sur les problèmes En cas de fermeture inopinée de Cisco IP Communicator, l'Outil de génération de rapports de problèmes démarre automatiquement et capture les données pertinentes en vue d'un dépannage. Utilisez cette procédure pour envoyer le rapport à votre administrateur système. Chapitre 8 Dépannage Cisco IP Communicator Capture d'informations sur les problèmes 8-12 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Étape 1 Suivez les instructions de l'Outil de génération de rapports de problèmes pour décrire le problème. N'oubliez pas d'inclure les informations suivantes : • Une description du problème. • Une explication de l'action que vous accomplissiez lorsque le problème s'est produit. • Le périphérique audio utilisé quand le problème s'est produit. • Tout autre détail pertinent. Étape 2 Recherchez sur votre bureau un fichier appelé CIPC-ProblemReportxxx.zip, xxx correspondant à un nombre. Étape 3 Envoyez ce fichier par email à votre administrateur système avec les informations suivantes : Si vous rencontrez d'autres problèmes et si le rapport de problèmes n'est pas créé automatiquement, votre administrateur système pourra vous demander de lui fournir des fichiers journaux. Contrairement à QRT (qui signale la nature du problème), ces journaux fournissent des informations détaillées qui aident à résoudre le problème. Utilisez cette procédure pour collecter ces fichiers : Étape 1 Activez la journalisation détaillée (clic droit > Préférences > onglet Utilisateur, et activez l'option Activer la journalisation). Étape 2 Tentez de reproduire le problème. Si vous ne parvenez pas à reproduire le problème, les journaux ne contiendront pas d'informations détaillées. Étape 3 Créez le rapport en sélectionnant Démarrer > Tous les programmes > Cisco IP Communicator > Create CIPC Problem Report. Étape 4 Suivez les instructions affichées pour décrire le problème. N'oubliez pas d'inclure les informations suivantes : • Une description du problème. • Une explication de l'action que vous accomplissiez lorsque le problème s'est produit. • Le périphérique audio utilisé quand le problème s'est produit. • Tout autre détail pertinent. Étape 5 Avant de cliquer sur Terminer, notez le nom du fichier qui a été créé sur votre bureau. Étape 6 Envoyez ce fichier par email à votre administrateur système.8-13 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Chapitre 8 Dépannage Cisco IP Communicator Capture d'informations sur les problèmes Conseil À l'aide de l'Assistant de réglage audio, vous pouvez lancer l'Outil de génération de rapports de problèmes pour signaler des problèmes audio. Cliquez dans le coin supérieur gauche de la barre de titres de l'Assistant de réglage audio, et sélectionnez Infos de dépannage... Un message intempestif vous invite à lancer l'Outil de génération de rapports de problèmes. Rubriques connexes • Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les problèmes de performance, page 8-10 • Activation de journaux détaillés, page 8-11Chapitre 8 Dépannage Cisco IP Communicator Capture d'informations sur les problèmes 8-14 Guide d'utilisation de Cisco IP Communicator version 7.0 OL-19177-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Command Reference, Cisco ACE Application Control Engine For the Cisco ACE Application Control Engine Module and Cisco ACE 4700 Series Application Control Engine Appliance Software Version A5(1.0) September 2011 Text Part Number: OL-25339-01THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Command Reference, Cisco ACE Application Control Engine Copyright © 2007-2011 Cisco Systems, Inc. All rights reserved.iii Command Reference, Cisco ACE Application Control Engine OL-25339-01 C O N T E N T S Preface xxxi Audience xxxi How to Use This Guide xxxii Related Documentation xxxii Symbols and Conventions xxxv Obtaining Documentation, Obtaining Support, and Security Guidelines xxxvi C H A P T E R 2 CLI Commands 2-1 Exec Mode Commands 2-2 backup 2-3 capture 2-5 changeto 2-6 checkpoint 2-8 clear access-list 2-9 clear accounting log 2-10 clear acl-merge statistics 2-10 clear arp 2-11 clear buffer stats 2-12 clear capture 2-13 clear cde 2-14 clear cfgmgr internal history 2-14 clear conn 2-16 clear cores 2-17 clear crypto session-cache 2-19 clear dc 2-20 clear debug-logfile 2-20 clear fifo stats 2-21 clear ft 2-23 clear icmp statistics 2-24 clear interface 2-25 clear ip 2-26 clear ipv6 2-27 clear line 2-27 clear logging 2-29Contents iv Command Reference, Cisco ACE Application Control Engine OL-25339-01 clear netio stats 2-29 clear np 2-31 clear ntp statistics 2-32 clear probe 2-32 clear processes log 2-34 clear rserver 2-34 clear rtcache 2-35 clear screen 2-37 clear serverfarm 2-37 clear service-policy 2-38 clear ssh 2-40 clear startup-config 2-41 clear stats 2-42 clear sticky database 2-44 clear syn-cookie 2-46 clear tcp statistics 2-46 clear telnet 2-47 clear udp statistics 2-48 clear user 2-48 clear vnet stats 2-49 clear xlate 2-51 clock set 2-53 compare 2-54 configure 2-55 copy capture 2-56 copy checkpoint 2-57 copy core: 2-59 copy disk0: 2-60 copy ftp: 2-62 copy image: 2-63 copy licenses 2-65 copy probe: 2-66 copy running-config 2-68 copy startup-config 2-69 copy sftp: 2-70 copy tftp: 2-72 crypto crlparams 2-73 crypto delete 2-74 crypto export 2-75 crypto generate csr 2-76Contents v Command Reference, Cisco ACE Application Control Engine OL-25339-01 crypto generate key 2-77 crypto import 2-78 crypto verify 2-82 debug 2-83 delete 2-86 dir 2-87 dm 2-89 exit 2-90 format flash: 2-91 ft switchover 2-93 gunzip 2-94 invoke context 2-95 license 2-96 mkdir disk0: 2-97 move disk0: 2-98 np session 2-99 ping 2-101 reload 2-103 reprogram bootflash 2-104 restore 2-105 rmdir disk0: 2-107 setup 2-108 set dc 2-110 set sticky-ixp 2-111 show 2-112 show aaa 2-113 show access-list 2-114 show accounting log 2-115 show acl-merge 2-117 show action-list 2-118 show arp 2-119 show backup 2-121 show banner motd 2-122 show bootvar 2-123 show buffer 2-125 show capture 2-127 show cde 2-129 show cfgmgr 2-130 show checkpoint 2-132 show clock 2-134Contents vi Command Reference, Cisco ACE Application Control Engine OL-25339-01 show conn 2-135 show context 2-136 show copyright 2-137 show crypto 2-138 show dc 2-141 show debug 2-145 show domain 2-148 show download information 2-149 show eobc 2-150 show fifo 2-152 show file 2-153 show fragment 2-155 show ft 2-156 show hardware 2-158 show hyp 2-159 show icmp statistics 2-159 show interface 2-161 show inventory 2-163 show ip 2-164 show ipcp 2-167 show ipv6 2-168 show kalap udp load 2-170 show lcp event-history 2-172 show ldap-server 2-173 show license 2-174 show line 2-176 show logging 2-177 show login timeout 2-179 show nat-fabric 2-180 show netio 2-181 show nexus-device 2-182 show np 2-184 show ntp 2-188 show optimization-global 2-189 show parameter-map 2-190 show probe 2-191 show processes 2-192 show pvlans 2-193 show radius-server 2-194 show resource allocation 2-195Contents vii Command Reference, Cisco ACE Application Control Engine OL-25339-01 show resource internal 2-196 show resource usage 2-198 show restore 2-201 show role 2-203 show rserver 2-204 show running-config 2-206 show scp 2-208 show script 2-209 show security internal event-history 2-211 show serverfarm 2-212 show service-policy 2-214 show snmp 2-216 show ssh 2-218 show startup-config 2-220 show stats 2-221 show sticky cookie-insert group 2-223 show sticky database 2-224 show sticky hash 2-227 show conn sticky 2-228 show syn-cookie 2-229 show system 2-230 show tacacs-server 2-232 show tcp statistics 2-233 show tech-support 2-234 show telnet 2-235 show terminal 2-236 show udp statistics 2-237 show user-account 2-238 show users 2-239 show version 2-240 show vlans 2-242 show vm-controller 2-243 show vnet 2-244 show xlate 2-245 ssh 2-246 system internal 2-248 system watchdog 2-249 tac-pac 2-251 telnet 2-253 terminal 2-254Contents viii Command Reference, Cisco ACE Application Control Engine OL-25339-01 traceroute 2-255 undebug all 2-256 untar disk0: 2-258 write 2-259 xml-show 2-260 Configuration Mode Commands 2-262 (config) aaa accounting default 2-263 (config) aaa authentication login 2-265 (config) aaa group server 2-266 (config) access-group 2-267 (config) access-list ethertype 2-270 (config) access-list extended 2-272 (config) access-list remark 2-281 (config) access-list resequence 2-282 (config) action-list type modify http 2-283 (config) action-list type optimization http 2-285 (config) arp 2-287 (config) banner 2-289 (config) boot system image: 2-290 (config) buffer threshold 2-292 (config) class-map 2-294 (config) clock timezone 2-297 (config) clock summer-time 2-300 (config) config-register 2-301 (config) context 2-303 (config) crypto authgroup 2-304 (config) crypto chaingroup 2-305 (config) crypto crl 2-306 (config) crypto crlparams 2-307 (config) crypto csr-params 2-309 (config) crypto ocspserver 2-310 (config) crypto rehandshake enabled 2-312 (config) domain 2-313 (config) end 2-314 (config) exit 2-314 (config) ft auto-sync 2-315 (config) ft connection-sync disable 2-317 (config) ft group 2-318 (config) ft interface vlan 2-320 (config) ft peer 2-321Contents ix Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config) ft track host 2-322 (config) ft track hsrp 2-323 (config) ft track interface 2-324 (config) hostname 2-325 (config) hw-module 2-326 (config) interface 2-327 (config) ip dhcp relay 2-330 (config) ip domain-list 2-332 (config) ip domain-lookup 2-333 (config) ip domain-name 2-335 (config) ip name-server 2-337 (config) ip route 2-338 (config) ipv6 nd interval 2-340 (config) ipv6 nd learned-interval 2-341 (config) ipv6 nd retries 2-342 (config) ipv6 nd sync disable 2-343 (config) ipv6 nd sync-interval 2-344 (config) kalap udp 2-345 (config) ldap-server host 2-346 (config) ldap-server port 2-347 (config) ldap-server timeout 2-348 (config) line console 2-349 (config) line vty 2-350 (config) login timeout 2-352 (config) logging buffered 2-353 (config) logging console 2-355 (config) logging device-id 2-357 (config) logging enable 2-359 (config) logging facility 2-360 (config) logging fastpath 2-361 (config) logging history 2-362 (config) logging host 2-364 (config) logging message 2-366 (config) logging monitor 2-368 (config) logging persistent 2-369 (config) logging queue 2-370 (config) logging rate-limit 2-371 (config) logging standby 2-373 (config) logging supervisor 2-374 (config) logging timestamp 2-375Contents x Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config) logging trap 2-376 (config) nexus-device 2-377 (config) ntp 2-379 (config) object-group 2-380 (config) optimize 2-382 (config) parameter-map type 2-382 (config) peer hostname 2-385 (config) peer shared-vlan-hostid 2-386 (config) policy-map 2-388 (config) probe 2-392 (config) radius-server attribute nas-ipaddr 2-395 (config) radius-server deadtime 2-396 (config) radius-server host 2-397 (config) radius-server key 2-400 (config) radius-server retransmit 2-401 (config) radius-server timeout 2-402 (config) regex compilation-timeout 2-403 (config) resource-class 2-404 (config) role 2-405 (config) rserver 2-406 (config) script file name 2-407 (config) serverfarm 2-408 (config) service-policy 2-409 (config) shared-vlan-hostid 2-411 (config) snmp-server community 2-412 (config) snmp-server contact 2-414 (config) snmp-server enable traps 2-415 (config) snmp-server engineid 2-418 (config) snmp-server host 2-420 (config) snmp-server location 2-421 (config) snmp-server trap link ietf 2-422 (config) snmp-server trap-source vlan 2-423 (config) snmp-server unmask-community 2-424 (config) snmp-server user 2-425 (config) ssh key 2-428 (config) ssh maxsessions 2-429 (config) ssl-proxy service 2-430 (config) static 2-431 (config) sticky http-content 2-433 (config) sticky http-cookie 2-434Contents xi Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config) sticky http-header 2-436 (config) sticky ip-netmask 2-438 (config) sticky layer4-payload 2-439 (config) sticky radius framed-ip 2-440 (config) sticky rtsp-header 2-441 (config) sticky sip-header 2-442 (config) switch-mode 2-443 (config) tacacs-server deadtime 2-445 (config) tacacs-server host 2-446 (config) tacacs-server key 2-448 (config) tacacs-server timeout 2-449 (config) telnet maxsessions 2-451 (config) timeout xlate 2-452 (config) udp 2-453 (config) username 2-454 (config) vm-controller 2-456 Action List Modify Configuration Mode Commands 2-457 (config-actlist-modify) description 2-458 (config-actlist-modify) header delete 2-459 (config-actlist-modify) header insert 2-461 (config-actlist-modify) header rewrite 2-462 (config-actlist-modify) ssl header-insert 2-464 (config-actlist-modify) ssl url rewrite location 2-473 Action List Optimization Configuration Mode Commands 2-474 (config-actlist-optm) appscope 2-475 (config-actlist-optm) cache 2-476 (config-actlist-optm) delta 2-478 (config-actlist-optm) description 2-479 (config-actlist-optm) dynamic etag 2-480 (config-actlist-optm) flashforward 2-481 (config-actlist-optm) flashforward-object 2-481 Authentication Group Configuration Mode Commands 2-483 (config-authgroup) cert 2-484 Chaingroup Configuration Mode Commands 2-485 (config-chaingroup) cert 2-486 Class Map Configuration Mode Commands 2-488 (config-cmap) description 2-490 (config-cmap) match access-list 2-491 (config-cmap) match any 2-493Contents xii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-cmap) match anyv6 2-494 (config-cmap) match destination-address 2-495 (config-cmap) match port 2-497 (config-cmap) match port-v6 2-500 (config-cmap) match source-address 2-502 (config-cmap) match virtual-address 2-504 Class Map FTP Inspection Configuration Mode Commands 2-507 (config-cmap-ftp-insp) description 2-508 (config-cmap-ftp-insp) match request-method 2-509 Class Map Generic Configuration Mode Commands 2-510 (config-cmap-generic) description 2-511 (config-cmap-generic) match class-map 2-513 (config-cmap-generic) match layer4-payload 2-514 (config-cmap-generic) match source-address 2-516 Class Map HTTP Inspection Configuration Mode Commands 2-517 (config-cmap-http-insp) description 2-519 (config-cmap-http-insp) match content 2-520 (config-cmap-http-insp) match content length 2-522 (config-cmap-http-insp) match cookie secondary 2-523 (config-cmap-http-insp) match header 2-524 (config-cmap-http-insp) match header length 2-528 (config-cmap-http-insp) match header mime-type 2-530 (config-cmap-http-insp) match port-misuse 2-533 (config-cmap-http-insp) match request-method 2-534 (config-cmap-http-insp) match transfer-encoding 2-535 (config-cmap-http-insp) match url 2-537 (config-cmap-http-insp) match url length 2-538 Class Map HTTP Load Balancing Configuration Mode Commands 2-539 (config-cmap-http-lb) description 2-541 (config-cmap-http-lb) match class-map 2-542 (config-cmap-http-lb) match cipher 2-544 (config-cmap-http-lb) match http content 2-545 (config-cmap-http-lb) match http cookie 2-546 (config-cmap-http-lb) match http header 2-547 (config-cmap-http-lb) match http url 2-550 (config-cmap-http-lb) match source-address 2-552 Class Map Management Configuration Mode Commands 2-553 (config-cmap-mgmt) description 2-554 (config-cmap-mgmt) match protocol 2-556Contents xiii Command Reference, Cisco ACE Application Control Engine OL-25339-01 Class Map RADIUS Load Balancing Configuration Mode Commands 2-558 (config-cmap-radius-lb) description 2-560 (config-cmap-radius-lb) match radius attribute 2-561 Class Map RTSP Load Balancing Configuration Mode Commands 2-562 (config-cmap-rtsp-lb) description 2-564 (config-cmap-rtsp-lb) match class-map 2-565 (config-cmap-rtsp-lb) match rtsp header 2-566 (config-cmap-rtsp-lb) match rtsp url 2-567 (config-cmap-rtsp-lb) match source-address 2-570 Class Map SIP Inspection Configuration Mode Commands 2-571 (config-cmap-sip-insp) description 2-572 (config-cmap-sip-insp) match called-party 2-573 (config-cmap-sip-insp) match calling-party 2-575 (config-cmap-sip-insp) match content 2-577 (config-cmap-sip-insp) match im-subscriber 2-578 (config-cmap-sip-insp) match message-path 2-579 (config-cmap-sip-insp) match request-method 2-582 (config-cmap-sip-insp) match third-party registration 2-583 (config-cmap-sip-insp) match uri 2-585 Class Map SIP Load Balancing Configuration Mode Commands 2-586 (config-cmap-sip-lb) description 2-588 (config-cmap-sip-lb) match class-map 2-589 (config-cmap-sip-lb) match sip header 2-590 (config-cmap-sip-lb) match source-address 2-593 Console Configuration Mode Commands 2-595 (config-console) databits 2-596 (config-console) parity 2-597 (config-console) speed 2-598 (config-console) stopbits 2-599 Context Configuration Mode Commands 2-600 (config-context) allocate-interface 2-601 (config-context) description 2-603 (config-context) member 2-604 CSR Parameters Configuration Mode Commands 2-605 (config-csr-params) common-name 2-606 (config-csr-params) country 2-607 (config-csr-params) email 2-608 (config-csr-params) locality 2-609 (config-csr-params) organization-name 2-611Contents xiv Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-csr-params) organization-unit 2-612 (config-csr-params) serial-number 2-613 (config-csr-params) state 2-614 DCI Configuration Mode Commands 2-615 (config-dci) credentials 2-616 (config-dci) ip-address 2-617 Domain Configuration Mode Commands 2-618 (config-domain) add-object 2-620 FT Group Configuration Mode Commands 2-622 (config-ft-group) associate-context 2-623 (config-ft-group) inservice 2-624 (config-ft-group) peer 2-625 (config-ft-group) peer priority 2-626 (config-ft-group) preempt 2-627 (config-ft-group) priority 2-628 FT Interface Configuration Mode Commands 2-629 (config-ft-intf) ip 2-630 (config-ft-intf) peer ip 2-632 (config-ft-intf) shutdown 2-633 FT Peer Configuration Mode Commands 2-634 (config-ft-peer) ft-interface vlan 2-635 (config-ft-peer) heartbeat 2-636 (config-ft-peer) query-interface 2-637 FT Track Host Configuration Mode Commands 2-638 (config-ft-track-host) peer priority 2-640 (config-ft-track-host) peer probe 2-641 (config-ft-track-host) peer track-host 2-643 (config-ft-track-host) priority 2-645 (config-ft-track-host) probe 2-646 (config-ft-track-host) track-host 2-647 FT Track HSRP Configuration Mode Commands 2-648 (config-ft-track-hsrp) peer priority 2-649 (config-ft-track-hsrp) peer track-hsrp 2-650 (config-ft-track-hsrp) priority 2-651 (config-ft-track-hsrp) track-hsrp 2-652 FT Track Interface Configuration Mode Commands 2-653 (config-ft-track-interface) peer priority 2-654 (config-ft-track-interface) peer track-interface vlan 2-655 (config-ft-track-interface) priority 2-656Contents xv Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-ft-track-interface) track-interface vlan 2-657 Interface Configuration Mode Commands 2-658 (config-if) access-group 2-660 (config-if) alias 2-661 (config-if) arp 2-663 (config-if) arp inspection 2-664 (config-if) bridge-group 2-666 (config-if) carrier-delay 2-667 (config-if) channel-group 2-668 (config-if) description 2-669 (config-if) duplex 2-670 (config-if) fragment chain 2-671 (config-if) fragment min-mtu 2-672 (config-if) fragment timeout 2-673 (config-if) ft-port vlan 2-674 (config-if) icmp-guard 2-675 (config-if) ip address 2-677 (config-if) ip df 2-680 (config-if) ip dhcp relay enable 2-681 (config-if) ip dhcp relay server 2-682 (config-if) ip options 2-683 (config-if) ip route inject vlan 2-684 (config-if) ip ttl minimum 2-685 (config-if) ip verify reverse-path 2-686 (config-if) ipv6 dhcp relay enable 2-687 (config-if) ipv6 dhcp relay fwd-interface 2-688 (config-if) ipv6 dhcp relay server 2-689 (config-if) ipv6 enable 2-691 (config-if) ipv6 extension-header 2-692 (config-if) ipv6 fragment chain 2-693 (config-if) ipv6 fragment min-mtu 2-694 (config-if) ipv6 fragment timeout 2-695 (config-if) ipv6 icmp-guard 2-696 (config-if) ipv6 mtu 2-698 (config-if) ipv6 nd dad-attempts 2-699 (config-if) ipv6 nd managed-config-flag 2-700 (config-if) ipv6 nd ns-interval 2-701 (config-if) ipv6 nd other-config-flag 2-702 (config-if) ipv6 nd prefix 2-703 (config-if) ipv6 nd ra hop-limit 2-705Contents xvi Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-if) ipv6 nd ra interval 2-706 (config-if) ipv6 nd ra lifetime 2-707 (config-if) ipv6 nd ra suppress 2-708 (config-if) ipv6 nd reachable-time 2-709 (config-if) ipv6 nd retransmission-time 2-710 (config-if) ipv6 neighbor 2-711 (config-if) ipv6 normalization 2-712 (config-if) ipv6 route inject vlan 2-714 (config-if) ipv6 verify reverse-path 2-715 (config-if) mac-address autogenerate 2-716 (config-if) mac-sticky enable 2-717 (config-if) mtu 2-719 (config-if) nat-pool 2-720 (config-if) normalization 2-721 (config-if) normalization send-reset 2-723 (config-if) peer ip address 2-723 (config-if) port-channel load-balance 2-726 (config-if) qos trust cos 2-727 (config-if) remove-eth-pad 2-728 (config-if) service-policy input 2-729 (config-if) shutdown 2-730 (config-if) speed 2-732 (config-if) switchport access vlan 2-734 (config-if) switchport trunk allowed vlan 2-736 (config-if) switchport trunk native vlan 2-738 (config-if) syn-cookie 2-739 (config-if) udp 2-741 KAL-AP UDP Configuration Mode Commands 2-743 (config-kalap-udp) ip address 2-744 LDAP Configuration Mode Commands 2-745 (config-ldap) attribute user-profile 2-746 (config-ldap) baseDN 2-748 (config-ldap) filter search-user 2-749 (config-ldap) server 2-750 Line Configuration Mode Commands 2-751 (config-line) session-limit 2-752 Object Group Configuration Mode Commands 2-753 (config-objgrp-netw) description 2-754 (config-objgrp-netw) host 2-755Contents xvii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-objgrp-netw) ip_address 2-757 (config-objgrp-serv) description 2-759 (config-objgrp-serv) protocol 2-760 Optimize Configuration Mode Commands 2-767 (config-optimize) appscope-log 2-768 (config-optimize) concurrent-connections 2-769 (config-optimize) debug-level 2-770 Parameter Map Connection Configuration Mode Commands 2-772 (config-parammap-conn) description 2-774 (config-parammap-conn) exceed-mss 2-775 (config-parammap-conn) nagle 2-776 (config-parammap-conn) random-sequence-number 2-777 (config-parammap-conn) rate-limit 2-778 (config-parammap-conn) reserved-bits 2-779 (config-parammap-conn) set ip tos 2-780 (config-parammap-conn) set tcp ack-delay 2-781 (config-parammap-conn) set tcp buffer-share 2-782 (config-parammap-conn) set tcp mss 2-784 (config-parammap-conn) set tcp reassembly-timout 2-786 (config-parammap-conn) set tcp syn-retry 2-786 (config-parammap-conn) set tcp timeout 2-787 (config-parammap-conn) set tcp wan-optimization 2-788 (config-parammap-conn) set tcp window-scale 2-790 (config-parammap-conn) set timeout inactivity 2-791 (config-parammap-conn) slowstart 2-792 (config-parammap-conn) syn-data 2-793 (config-parammap-conn) tcp-options 2-794 (config-parammap-conn) urgent-flag 2-798 Parameter Map DNS Configuration Mode Commands 2-799 (config-parammap-dns) description 2-800 (config-parammap-dns) timeout query 2-801 Parameter Map Generic Configuration Mode Commands 2-801 (config-parammap-generi) case-insensitive 2-803 (config-parammap-generi) description 2-804 (config-parammap-generi) set max-parse-length 2-805 Parameter Map HTTP Configuration Mode Commands 2-806 (config-parammap-http) case-insensitive 2-808 (config-parammap-http) cookie-error-ignore 2-809 (config-parammap-http) description 2-810Contents xviii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-parammap-http) compress 2-811 (config-parammap-http) header modify per-request 2-813 (config-parammap-http) length-exceed 2-815 (config-parammap-http) parsing non-strict 2-816 (config-parammap-http) persistence-rebalance 2-817 (config-parammap-http) server-conn reuse 2-819 (config-parammap-http) set content-maxparse-length 2-820 (config-parammap-http) set header-maxparse-length 2-822 (config-parammap-http) set secondary-cookie-delimiters 2-823 (config-parammap-http) set secondary-cookie-start 2-824 Parameter Map Optimization Configuration Mode Commands 2-825 (config-parammap-optmz) appscope optimize-rate-percent 2-826 (config-parammap-optmz) basefile anonymous-level 2-827 (config-parammap-optmz) cache key-modifier 2-828 (config-parammap-optmz) cache parameter 2-831 (config-parammap-optmz) cache ttl 2-833 (config-parammap-optmz) cache-policy request 2-834 (config-parammap-optmz) cache-policy response 2-835 (config-parammap-optmz) canonical-url 2-836 (config-parammap-optmz) clientscript-default 2-837 (config-parammap-optmz) description 2-838 (config-parammap-optmz) delta 2-839 (config-parammap-optmz) expires-setting 2-841 (config-parammap-optmz) extract meta 2-842 (config-parammap-optmz) flashforward refresh-policy 2-843 (config-parammap-optmz) ignore-server-content 2-844 (config-parammap-optmz) parameter-summary parameter-value-limit 2-845 (config-parammap-optmz) post-content-buffer-limit 2-846 (config-parammap-optmz) rebase 2-847 (config-parammap-optmz) request-grouping-string 2-848 (config-parammap-optmz) server-header 2-849 (config-parammap-optmz) server-load 2-850 (config-parammap-optmz) utf8 threshold 2-852 Parameter Map RTSP Configuration Mode Commands 2-852 (config-parammap-rtsp) case-insensitive 2-854 (config-parammap-rtsp) description 2-855 (config-parammap-rtsp) set header-maxparse-length 2-856 Parameter Map SCCP Configuration Mode Commands 2-857 (config-parammap-skinny) description 2-859Contents xix Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-parammap-skinny) enforce-registration 2-860 (config-parammap-skinny) message-id max 2-861 (config-parammap-skinny) sccp-prefix-len 2-862 Parameter Map SIP Configuration Mode Commands 2-863 (config-parammap-sip) description 2-865 (config-parammap-sip) im 2-865 (config-parammap-sip) max-forward-validation 2-866 (config-parammap-sip) software-version 2-867 (config-parammap-sip) strict-header-validation 2-868 (config-parammap-sip) timeout 2-870 (config-parammap-sip) uri-non-sip 2-871 Parameter Map SSL Configuration Mode Commands 2-872 (config-parammap-ssl) authentication-failure 2-873 (config-parammap-ssl) cdp-errors ignore 2-876 (config-parammap-ssl) cipher 2-877 (config-parammap-ssl) close-protocol 2-879 (config-parammap-ssl) description 2-880 (config-parammap-ssl) expired-crl reject 2-881 (config-parammap-ssl) purpose-check disabled 2-882 (config-parammap-ssl) queue-delay timeout 2-883 (config-parammap-ssl) rehandshake enabled 2-884 (config-parammap-ssl) session-cache timeout 2-885 (config-parammap-ssl) version 2-887 Policy Map Configuration Mode Commands 2-888 (config-pmap) class 2-890 (config-pmap) description 2-891 Policy Map Class Configuration Mode Commands 2-892 (config-pmap-c) appl-parameter dns advanced-options 2-893 (config-pmap-c) appl-parameter generic advanced-options 2-894 (config-pmap-c) appl-parameter http advanced-options 2-895 (config-pmap-c) appl-parameter rtsp advanced-options 2-896 (config-pmap-c) appl-parameter sip advanced-options 2-897 (config-pmap-c) appl-parameter skinny advanced-options 2-898 (config-pmap-c) connection advanced-options 2-899 (config-pmap-c) inspect 2-900 (config-pmap-c) kal-ap primary-oos 2-904 (config-pmap-c) kal-ap-tag 2-906 (config-pmap-c) loadbalance policy 2-907 (config-pmap-c) loadbalance vip advertise 2-908Contents xx Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-pmap-c) loadbalance vip icmp-reply 2-909 (config-pmap-c) loadbalance vip inservice 2-910 (config-pmap-c) loadbalance vip udp-fast-age 2-911 (config-pmap-c) nat dynamic 2-912 (config-pmap-c) nat static 2-913 (config-pmap-c) ssl-proxy 2-916 Policy Map FTP Inspection Configuration Mode Commands 2-917 (config-pmap-ftp-ins) class 2-919 (config-pmap-ftp-ins) description 2-920 (config-pmap-ftp-ins) match request-method 2-921 Policy Map FTP Inspection Class Configuration Mode Commands 2-922 (config-pmap-ftp-ins-c) deny 2-923 (config-pmap-ftp-ins-c) mask-reply 2-924 Policy Map FTP Inspection Match Configuration Mode Commands 2-924 (config-pmap-ftp-ins-m) deny 2-926 (config-pmap-ftp-ins-m) mask-reply 2-927 Policy Map Inspection HTTP Configuration Mode Commands 2-927 (config-pmap-ins-http) class 2-929 (config-pmap-ins-http) description 2-931 (config-pmap-ins-http) match content 2-932 (config-pmap-ins-http) match content length 2-934 (config-pmap-ins-http) match content-type-verification 2-935 (config-pmap-ins-http) match cookie secondary 2-936 (config-pmap-ins-http) match header 2-939 (config-pmap-ins-http) match header length 2-942 (config-pmap-ins-http) match header mime-type 2-944 (config-pmap-ins-http) match port-misuse 2-947 (config-pmap-ins-http) match request-method 2-948 (config-pmap-ins-http) match strict-http 2-950 (config-pmap-ins-http) match transfer-encoding 2-952 (config-pmap-ins-http) match url 2-953 (config-pmap-ins-http) match url length 2-955 Policy Map Inspection HTTP Class Configuration Mode Commands 2-956 (config-pmap-ins-http-c) passthrough log 2-957 (config-pmap-ins-http-c) permit 2-958 (config-pmap-ins-http-c) reset 2-959 Policy Map Inspection HTTP Match Configuration Mode Commands 2-959 (config-pmap-ins-http-m) passthrough log 2-961 (config-pmap-ins-http-m) permit 2-962Contents xxi Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-pmap-ins-http-m) reset 2-963 Policy Map Inspection SIP Configuration Mode Commands 2-964 (config-pmap-ins-sip) class 2-966 (config-pmap-ins-sip) description 2-967 (config-pmap-ins-sip) match called-party 2-968 (config-pmap-ins-sip) match calling-party 2-969 (config-pmap-ins-sip) match content 2-970 (config-pmap-ins-sip) match im-subscriber 2-972 (config-pmap-ins-sip) match message-path 2-973 (config-pmap-ins-sip) match request-method 2-974 (config-pmap-ins-sip) match third-party registration 2-976 (config-pmap-ins-sip) match uri 2-978 Policy Map Inspection SIP Class Configuration Mode Commands 2-979 (config-pmap-ins-sip-c) drop 2-980 (config-pmap-ins-sip-c) log 2-980 (config-pmap-ins-sip-c) permit 2-981 (config-pmap-ins-sip-c) reset 2-982 Policy Map Inspection SIP Match Configuration Mode Commands 2-983 (config-pmap-ins-sip-m) drop 2-984 (config-pmap-ins-sip-m) permit 2-985 (config-pmap-ins-sip-m) reset 2-986 Policy Map Inspection Skinny Configuration Mode Commands 2-986 (config-pmap-ins-skinny) description 2-988 (config-pmap-ins-skinny) match message-id 2-989 Policy Map Inspection Skinny Match Configuration Mode Commands 2-990 (config-pmap-ins-skinny-m) reset 2-991 Policy Map Load Balancing Generic Configuration Mode Commands 2-992 (config-pmap-lb-generic) class 2-994 (config-pmap-lb-generic) description 2-996 (config-pmap-lb-generic) match layer4-payload 2-997 (config-pmap-lb-generic) match source-address 2-998 Policy Map Load Balancing Generic Class Configuration Mode Commands 2-999 (config-pmap-lb-generic-c) drop 2-1000 (config-pmap-lb-generic-c) forward 2-1001 (config-pmap-lb-generic-c) serverfarm 2-1002 (config-pmap-lb-generic-c) set ip tos 2-1003 (config-pmap-lb-generic-c) sticky-serverfarm 2-1004 Policy Map Load Balancing Generic Match Configuration Mode Commands 2-1004 (config-pmap-lb-generic-m) drop 2-1006Contents xxii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-pmap-lb-generic-m) forward 2-1006 (config-pmap-lb-generic-m) serverfarm 2-1007 (config-pmap-lb-generic-m) set ip tos 2-1009 (config-pmap-lb-generic-m) sticky-serverfarm 2-1010 Policy Map Load Balancing HTTP Configuration Mode Commands 2-1011 (config-pmap-lb) class 2-1012 (config-pmap-lb) description 2-1013 (config-pmap-lb) match cipher 2-1014 (config-pmap-lb) match http content 2-1016 (config-pmap-lb) match http cookie 2-1017 (config-pmap-lb) match http header 2-1019 (config-pmap-lb) match http url 2-1023 (config-pmap-lb) match source-address 2-1024 Policy Map Load Balancing HTTP Class Configuration Mode Commands 2-1025 (config-pmap-lb-c) action 2-1026 (config-pmap-lb-c) compress 2-1027 (config-pmap-lb-c) drop 2-1029 (config-pmap-lb-c) forward 2-1030 (config-pmap-lb-c) insert-http 2-1031 (config-pmap-lb-c) nat dynamic 2-1032 (config-pmap-lb-c) serverfarm 2-1033 (config-pmap-lb-c) set ip tos 2-1035 (config-pmap-lb-c) ssl-proxy client 2-1036 (config-pmap-lb-c) sticky-serverfarm 2-1037 Policy Map Load Balancing HTTP Match Configuration Mode Commands 2-1038 (config-pmap-lb-m) action 2-1038 (config-pmap-lb-m) compress 2-1040 (config-pmap-lb-m) drop 2-1041 (config-pmap-lb-m) forward 2-1043 (config-pmap-lb-m) insert-http 2-1044 (config-pmap-lb-m) serverfarm 2-1045 (config-pmap-lb-m) set ip tos 2-1046 (config-pmap-lb-m) ssl-proxy client 2-1047 (config-pmap-lb-m) sticky-serverfarm 2-1048 Policy Map Load Balancing RADIUS Configuration Mode Commands 2-1049 (config-pmap-lb-radius) class 2-1051 (config-pmap-lb-radius) description 2-1053 (config-pmap-lb-radius) match radius attribute 2-1054 Policy Map Load Balancing RADIUS Class Configuration Mode Commands 2-1055Contents xxiii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-pmap-lb-radius-c) drop 2-1056 (config-pmap-lb-radius-c) forward 2-1057 (config-pmap-lb-radius-c) serverfarm 2-1058 (config-pmap-lb-radius-c) set ip tos 2-1059 (config-pmap-lb-radius-c) sticky-serverfarm 2-1060 Policy Map Load Balancing RADIUS Match Configuration Mode Commands 2-1060 (config-pmap-lb-radius-m) drop 2-1062 (config-pmap-lb-radius-m) forward 2-1063 (config-pmap-lb-radius-m) serverfarm 2-1064 (config-pmap-lb-radius-m) set ip tos 2-1065 (config-pmap-lb-radius-m) sticky-serverfarm 2-1066 Policy Map Load Balancing RDP Configuration Mode Commands 2-1066 (config-pmap-lb-rdp) class 2-1068 (config-pmap-lb-rdp) description 2-1069 Policy Map Load Balancing RDP Class Configuration Mode Commands 2-1069 (config-pmap-lb-rdp-c) drop 2-1071 (config-pmap-lb-rdp-c) forward 2-1072 (config-pmap-lb-rdp-c) serverfarm 2-1073 (config-pmap-lb-rdp-c) set ip tos 2-1074 (config-pmap-lb-rdp-c) sticky-serverfarm 2-1075 Policy Map Load Balancing RTSP Configuration Mode Commands 2-1076 (config-pmap-lb-rtsp) class 2-1078 (config-pmap-lb-rtsp) description 2-1079 (config-pmap-lb-rtsp) match rtsp header 2-1080 (config-pmap-lb-rtsp) match rtsp source-address 2-1082 (config-pmap-lb-rtsp) match rtsp url 2-1083 Policy Map Load Balancing RTSP Class Configuration Mode Commands 2-1084 (config-pmap-lb-rtsp-c) drop 2-1085 (config-pmap-lb-rtsp-c) forward 2-1086 (config-pmap-lb-rtsp-c) serverfarm 2-1087 (config-pmap-lb-rtsp-c) set ip tos 2-1088 (config-pmap-lb-rtsp-c) sticky-serverfarm 2-1089 Policy Map Load Balancing RTSP Match Configuration Mode Commands 2-1090 (config-pmap-lb-rtsp-m) drop 2-1091 (config-pmap-lb-rtsp-m) forward 2-1092 (config-pmap-lb-rtsp-m) serverfarm 2-1093 (config-pmap-lb-rtsp-m) set ip tos 2-1094 (config-pmap-lb-rtsp-m) sticky-serverfarm 2-1095 Policy Map Load Balancing SIP Configuration Mode Commands 2-1095Contents xxiv Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-pmap-lb-sip) class 2-1097 (config-pmap-lb-sip) description 2-1099 (config-pmap-lb-sip) match sip header 2-1100 (config-pmap-lb-sip) match source-address 2-1101 Policy Map Load Balancing SIP Class Configuration Mode Commands 2-1102 (config-pmap-lb-sip-c) drop 2-1103 (config-pmap-lb-sip-c) forward 2-1104 (config-pmap-lb-sip-c) serverfarm 2-1105 (config-pmap-lb-sip-c) set ip tos 2-1106 (config-pmap-lb-sip-c) sticky-serverfarm 2-1107 Policy Map Load Balancing SIP Match Configuration Mode Commands 2-1108 (config-pmap-lb-sip-m) drop 2-1109 (config-pmap-lb-sip-m) forward 2-1110 (config-pmap-lb-sip-m) serverfarm 2-1111 (config-pmap-lb-sip-m) set ip tos 2-1112 (config-pmap-lb-sip-m) sticky-serverfarm 2-1113 Policy Map Management Configuration Mode Commands 2-1113 (config-pmap-mgmt) class 2-1115 (config-pmap-mgmt) description 2-1117 Policy Map Management Class Configuration Mode Commands 2-1117 (config-pmap-mgmt-c) deny 2-1118 (config-pmap-mgmt-c) permit 2-1119 Policy Map Optimization Configuration Mode Commands 2-1119 (config-pmap-optmz) class 2-1121 (config-pmap-optmz) description 2-1122 (config-pmap-optmz) match http cookie 2-1123 (config-pmap-optmz) match http header 2-1124 (config-pmap-optmz) match http url 2-1127 Policy Map Optimization Class Configuration Mode Commands 2-1128 (config-pmap-optmz-c) action 2-1128 Policy Map Optimization Match Configuration Mode Commands 2-1129 (config-pmap-optmz-m) action 2-1130 Probe Configuration Mode Commands 2-1132 (config-probe-probe_type) append-port-hosttag 2-1135 (config-probe-probe_type) community 2-1137 (config-probe-probe_type) connection term 2-1138 (config-probe-probe_type) credentials 2-1139 (config-probe-probe_type) description 2-1140 (config-probe-probe_type) domain 2-1142Contents xxv Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-probe-probe_type) expect address 2-1143 (config-probe-probe_type) expect regex 2-1145 (config-probe-probe_type) expect status 2-1147 (config-probe-probe_type) faildetect 2-1148 (config-probe-probe_type) hash 2-1149 (config-probe-probe_type) header 2-1150 (config-probe-probe_type) interval 2-1153 (config-probe-probe_type) ip address 2-1154 (config-probe-probe_type) nas ip address 2-1156 (config-probe-probe_type) oid 2-1157 (config-probe-probe_type) open 2-1159 (config-probe-probe_type) passdetect 2-1160 (config-probe-probe_type) port 2-1162 (config-probe-probe_type) receive 2-1164 (config-probe-probe_type) request command 2-1165 (config-probe-probe_type) request method 2-1166 (config-probe-probe_type) script 2-1167 (config-probe-probe_type) send-data 2-1168 (config-probe-probe_type) ssl cipher 2-1169 (config-probe-probe_type) ssl version 2-1171 (config-probe-probe_type) version 2-1171 (config-probe-sip-udp) rport enable 2-1173 Probe SNMP OID Configuration Mode Commands 2-1174 (config-probe-snmp-oid) threshold 2-1176 (config-probe-snmp-oid) type absolute max 2-1178 (config-probe-snmp-oid) weight 2-1180 Probe VM Configuration Mode Commands 2-1181 (config-probe-vm) interval 2-1182 (config-probe-vm) load 2-1183 (config-probe-vm) vm-controller 2-1185 RADIUS Configuration Mode Commands 2-1186 (config-radius) deadtime 2-1188 (config-radius) server 2-1189 Real Server Host Configuration Mode Commands 2-1190 (config-rserver-host) conn-limit 2-1191 (config-rserver-host) description 2-1193 (config-rserver-host) fail-on-all 2-1194 (config-rserver-host) inservice 2-1195 (config-rserver-host) ip address 2-1196Contents xxvi Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-rserver-host) probe 2-1198 (config-rserver-host) rate-limit 2-1199 (config-rserver-host) weight 2-1201 Real Server Redirect Configuration Mode Commands 2-1202 (config-rserver-redir) conn-limit 2-1204 (config-rserver-redir) description 2-1206 (config-rserver-redir) inservice 2-1207 (config-rserver-redir) probe 2-1208 (config-rserver-redir) rate-limit 2-1209 (config-rserver-redir) webhost-redirection 2-1210 Resource Configuration Mode Commands 2-1212 (config-resource) limit-resource 2-1213 Role Configuration Mode Commands 2-1216 (config-role) description 2-1217 (config-role) rule 2-1218 Server Farm Host Configuration Mode Commands 2-1221 (config-sfarm-host) description 2-1223 (config-sfarm-host) dws 2-1224 (config-sfarm-host) failaction 2-1225 (config-sfarm-host) fail-on-all 2-1228 (config-sfarm-host) inband-health check 2-1230 (config-sfarm-host) partial-threshold 2-1233 (config-sfarm-host) predictor 2-1234 (config-sfarm-host) probe 2-1240 (config-sfarm-host) retcode 2-1242 (config-sfarm-host) rserver 2-1244 (config-sfarm-host) transparent 2-1245 Serverfarm Host Predictor Configuration Mode Commands 2-1246 (config-sfarm-host-predictor) autoadjust 2-1248 (config-sfarm-host-predictor) weight connection 2-1250 Server Farm Host Real Server Configuration Mode Commands 2-1251 (config-sfarm-host-rs) backup-rserver 2-1253 (config-sfarm-host-rs) conn-limit 2-1254 (config-sfarm-host-rs) cookie-string 2-1255 (config-sfarm-host-rs) description 2-1257 (config-sfarm-host-rs) fail-on-all 2-1258 (config-sfarm-host-rs) inservice 2-1260 (config-sfarm-host-rs) probe 2-1262 (config-sfarm-host-rs) rate-limit 2-1263Contents xxvii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-sfarm-host-rs) weight 2-1264 Server Farm Redirect Configuration Mode Commands 2-1265 (config-sfarm-redirect) description 2-1267 (config-sfarm-redirect) failaction 2-1268 (config-sfarm-redirect) predictor 2-1270 (config-sfarm-redirect) probe 2-1276 (config-sfarm-redirect) rserver 2-1277 Serverfarm Redirect Predictor Configuration Mode Commands 2-1279 (config-sfarm-redirect-predictor) autoadjust 2-1281 (config-sfarm-redirect-predictor) weight connection 2-1283 Server Farm Redirect Real Server Configuration Mode Commands 2-1284 (config-sfarm-redirect-rs) backup-rserver 2-1286 (config-sfarm-redirect-rs) conn-limit 2-1287 (config-sfarm-redirect-rs) inservice 2-1288 (config-sfarm-host-rs) probe 2-1290 (config-sfarm-redirect-rs) rate-limit 2-1291 (config-sfarm-redirect-rs) weight 2-1292 SSL Proxy Configuration Mode Commands 2-1294 (config-ssl-proxy) authgroup 2-1295 (config-ssl-proxy) cert 2-1297 (config-ssl-proxy) chaingroup 2-1299 (config-ssl-proxy) crl 2-1300 (config-ssl-proxy) key 2-1302 (config-ssl-proxy) ocspserver 2-1304 (config-ssl-proxy) revcheckprio 2-1306 (config-ssl-proxy) ssl advanced-options 2-1308 Sticky HTTP Cookie Configuration Mode Commands 2-1309 (config-sticky-cookie) cookie insert 2-1310 (config-sticky-cookie) cookie 2-1311 (config-sticky-cookie) cookie secondary 2-1312 (config-sticky-cookie) replicate sticky 2-1313 (config-sticky-cookie) serverfarm 2-1314 (config-sticky-cookie) static cookie-value 2-1315 (config-sticky-cookie) timeout 2-1316 Sticky HTTP Content Configuration Mode Commands 2-1317 (config-sticky-content) content 2-1318 (config-sticky-content) replicate sticky 2-1320 (config-sticky-content) serverfarm 2-1321 (config-sticky-content) static content 2-1323Contents xxviii Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-sticky-content) timeout 2-1324 Sticky HTTP Header Configuration Mode Commands 2-1325 (config-sticky-header) header 2-1327 (config-sticky-header) replicate sticky 2-1329 (config-sticky-header) serverfarm 2-1330 (config-sticky-header) static header-value 2-1332 (config-sticky-header) timeout 2-1333 Sticky IP Configuration Mode Commands 2-1334 (config-sticky-ip) replicate sticky 2-1336 (config-sticky-ip) serverfarm 2-1337 (config-sticky-ip) static client source 2-1338 (config-sticky-ip) timeout 2-1341 Sticky Layer 4 Payload Configuration Mode Commands 2-1342 (config-sticky-l4payloa) layer4-payload 2-1344 (config-sticky-l4payloa) replicate sticky 2-1346 (config-sticky-l4payloa) response sticky 2-1347 (config-sticky-l4payloa) serverfarm 2-1348 (config-sticky-l4payloa) static layer4-payload 2-1349 (config-sticky-l4payloa) timeout 2-1350 Sticky RADIUS Configuration Mode Commands 2-1351 (config-sticky-radius) replicate sticky 2-1353 (config-sticky-radius) serverfarm 2-1354 (config-sticky-radius) timeout 2-1355 Sticky RTSP Header Configuration Mode Commands 2-1356 (config-sticky-header) header 2-1358 (config-sticky-header) replicate sticky 2-1360 (config-sticky-header) serverfarm 2-1361 (config-sticky-header) static header-value 2-1362 (config-sticky-header) timeout 2-1363 Sticky SIP Header Configuration Mode Commands 2-1364 (config-sticky-header) replicate sticky 2-1366 (config-sticky-header) serverfarm 2-1367 (config-sticky-header) static header-value 2-1368 (config-sticky-header) timeout 2-1369 TACACS+ Configuration Mode Commands 2-1371 (config-tacacs+) deadtime 2-1372 (config-tacacs+) server 2-1374 VM Configuration Mode Commands 2-1376 (config-vm) credentials 2-1377Contents xxix Command Reference, Cisco ACE Application Control Engine OL-25339-01 (config-vm) url 2-1378 C L I C O M M A N D SU M M A R Y B Y MO D EContents xxx Command Reference, Cisco ACE Application Control Engine OL-25339-01xxxi Command Reference, Cisco ACE Application Control Engine OL-25339-01 Preface This guide provides the command-line interface (CLI) information of the following products: • Cisco ACE Application Control Engine Module (ACE module) in the Catalyst 6500 series switch or Cisco 7600 series router, hereinafter referred to as the switch or router, respectively • Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance) The information in this guide applies to both the ACE module and the ACE appliance unless otherwise noted. This information includes the following: • How to use the CLI. • The CLI commands, including syntax, options, and related commands. This preface contains the following major sections: • Audience • How to Use This Guide • Related Documentation • Symbols and Conventions • Obtaining Documentation, Obtaining Support, and Security Guidelines Audience This guide is intended for the following trained and qualified service personnel who are responsible for configuring the ACE: • Web master • System administrator • System operatorxxxii Command Reference, Cisco ACE Application Control Engine OL-25339-01 Preface How to Use This Guide This guide is organized alphabetically by command mode, as follows: Related Documentation In addition to this document, the ACE documentation set includes the following: Chapter Description Chapter 1, Using the Command-Line Interface Describes how to use the command-line interface (CLI) on the ACE. Chapter 1, CLI Commands Provides detailed information for the following types of CLI commands for the ACE: • Commands that you can enter after you log in to the ACE. • Configuration mode commands that allow you to access global configuration mode and its subset of modes after you log in to the ACE. Document Title Description Administration Guide, Cisco ACE Application Control Engine Describes how to perform the following administration tasks on the ACE: • Setting up the ACE • Establishing remote access • Managing software licenses • Configuring class maps and policy maps • Managing the ACE software • Configuring SNMP • Configuring redundancy • Configuring the XML interface • Upgrading the ACE software Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance only) Describes how to configure the web optimization features of the ACE appliance. This guide also provides an overview and description of those features. Cisco Application Control Engine (ACE) Configuration Examples Wiki Provides examples of common configurations for load balancing, security, SSL, routing and bridging, virtualization, and so on. Cisco Application Control Engine (ACE) Troubleshooting Wiki Describes the procedures and methodology in wiki format to troubleshoot the most common problems that you may encounter during the operation of your ACE. Command Reference, Cisco ACE Application Control Engine Provides an alphabetical list and descriptions of all CLI commands by mode, including syntax, options, and related commands.xxxiii Command Reference, Cisco ACE Application Control Engine OL-25339-01 Preface CSM-to-ACE Conversion Tool Guide, Cisco ACE Application Control Engine Module (ACE module only) Describes how to use the CSM-to-ACE module conversion tool to migrate Cisco Content Switching Module (CSM) running- or startup-configuration files to the ACE. CSS-to-ACE Conversion Tool Guide, Cisco ACE Application Control Engine Describes how to use the CSS-to-ACE conversion tool to migrate Cisco Content Services Switches (CSS) running-configuration or startup-configuration files to the ACE. Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance only) Describes how to use the Device Manager GUI, which resides in flash memory on the ACE appliance, to provide a browser-based interface for configuring and managing the appliance. Getting Started Guide, Cisco ACE Application Control Engine Module (ACE module only) Describes how to perform the initial setup and configuration tasks for the ACE module. Getting Started Guide, Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance only) Describes how to use the ACE appliance Device Manager GUI and CLI to perform the initial setup and configuration tasks. Hardware Installation Guide, Cisco ACE 4710 Application Control Engine Appliance (ACE appliance only) Provides information for installing the ACE appliance. Installation Note, Cisco ACE Application Control Engine ACE30 Module (ACE module only) Provides information for installing the ACE module into the Catalyst 6500 series switch or a Cisco 7600 series router. Regulatory Compliance and Safety Information, Cisco ACE 4710 Application Control Engine Appliance (ACE appliance only) Regulatory compliance and safety information for the ACE appliance. Release Note, Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance only) Provides information about operating considerations, caveats, and command-line interface (CLI) commands for the ACE appliance. Release Note, Cisco ACE Application Control Engine Module (ACE module only) Provides information about operating considerations, caveats, and command-line interface (CLI) commands for the ACE module. Routing and Bridging Guide, Cisco ACE Application Control Engine Describes how to perform the following routing and bridging tasks on the ACE: • (ACE appliance only) Ethernet ports • VLAN interfaces • IPv6, including transitioning IPv4 networks to IPv6, IPv6 header format, IPv6 addressing, and suported protocols. • Routing • Bridging • Dynamic Host Configuration Protocol (DHCP) Document Title Descriptionxxxiv Command Reference, Cisco ACE Application Control Engine OL-25339-01 Preface Security Guide, Cisco ACE Application Control Engine Describes how to perform the following ACE security configuration tasks: • Security access control lists (ACLs) • User authentication and accounting using a Terminal Access Controller Access Control System Plus (TACACS+), Remote Authentication Dial-In User Service (RADIUS), or Lightweight Directory Access Protocol (LDAP) server • Application protocol and HTTP deep packet inspection • TCP/IP normalization and termination parameters • Network Translation (NAT) Server Load-Balancing Guide, Cisco ACE Application Control Engine Describes how to configure the following server load-balancing features on the ACE: • Real servers and server farms • Class maps and policy maps to load balance traffic to real servers in server farms • Server health monitoring (probes) • Stickiness • Dynamic workload scaling (DWS) • Firewall load balancing • TCL scripts SSL Guide, Cisco ACE Application Control Engine Describes how to configure the following Secure Sockets Layer (SSL) features on the ACE: • SSL certificates and keys • SSL initiation • SSL termination • End-to-end SSL System Message Guide, Cisco ACE Application Control Engine Describes how to configure system message logging on the ACE. This guide also lists and describes the system log (syslog) messages generated by the ACE. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance only) Describes how to perform an ACE appliance software upgrade or downgrade. User Guide, Cisco Application Networking Manager Describes how to use Cisco Application Networking Manager (ANM), a networking management application for monitoring and configuring network devices, including the ACE. Virtualization Guide, Cisco ACE Application Control Engine Describes how to operate your ACE in a single context or in multiple contexts. Document Title Descriptionxxxv Command Reference, Cisco ACE Application Control Engine OL-25339-01 Preface Symbols and Conventions This publication uses the following conventions: Notes use the following conventions: Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication. Cautions use the following conventions: Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. For additional information about CLI syntax formatting, see Chapter 1, Using the Command-Line Interface. Convention Description boldface font Commands, command options, and keywords are in boldface. Bold text also indicates a command in a paragraph. italic font Arguments for which you supply values are in italics. Italic text also indicates the first occurrence of a new term, book title, emphasized text. { } Encloses required arguments and keywords. [ ] Encloses optional arguments and keywords. { x | y | z } Required alternative keywords are grouped in braces and separated by vertical bars. [ x | y | z ] Optional alternative keywords are grouped in brackets and separated by vertical bars. string A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks. screen font Terminal sessions and information the system displays are in screen font. boldface screen font Information you must enter in a command line is in boldface screen font. italic screen font Arguments for which you supply values are in italic screen font. ^ The symbol ^ represents the key labeled Control—for example, the key combination ^D in a screen display means hold down the Control key while you press the D key. < > Nonprinting characters, such as passwords are in angle brackets.xxxvi Command Reference, Cisco ACE Application Control Engine OL-25339-01 Preface Obtaining Documentation, Obtaining Support, and Security Guidelines For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.htmlC H A P T E R 1-1 Command Reference, Cisco ACE Application Control Engine OL-25339-01 1 CLI Commands This chapter provides detailed information for the following types of CLI commands for the ACE: • Commands that you can enter after you log in to the ACE. • Configuration mode commands that allow you to access configuration mode and its subset of modes after you log in to the ACE. The description of each command includes the following: • The syntax of the command • Any related commands, when appropriate1-2 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Exec Mode Commands You can access Exec mode commands immediately after you log in to an ACE. Many of these commands are followed by keywords that make them distinct commands (for example, show aaa, show access-list, show accounting, and so on). To increase readability of command syntax, these commands are presented separately in this command reference. You can also execute Exec mode commands from any of the configuration modes using the do command. For example, to display the ACE running configuration from the Exec mode, use the show running-config command. To execute the same command from the configuration mode, use the do show running-config command.1-3 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands backup To backup the configuration files and dependent files in a context or in all contexts, use the backup command. backup [all] [pass-phrase text_string] [exclude component] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The backup command has the following configuration guidelines and limitations: • Use the Admin context for an ACE-wide backup and the corresponding context for a user context backup. • When you back up the running-configuration file, the ACE uses the output of the show running-configuration command as the basis for the archive file. • The ACE backs up only exportable certificates and keys. • License files are backed up only when you back up the Admin context. all (Optional) Specifies that the ACE should back up the configuration files and dependencies in all contexts. You can specify this keyword only in the Admin context. exclude component (Optional) Specifies the components that you do not wish to back up.You can enter any of the following components in any order separated by a comma if you enter more than one: • checkpoints—Excludes all checkpoints • ssl-files—Excludes SSL certificate files and key files pass-phrase text_string (Optional) Passphrase that you specify to encrypt the backed up SSL keys. Enter the passphrase as an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. You must enter the pass-phrase keyword before the exclude keyword. If you enter a passphrase and then exclude the SSL files from the archive, the ACE does not use the passphrase. ACE Module Release Modification A2(3.0) This command was introduced. ACE Appliance Release Modification A4(1.0) This command was introduced.1-4 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands • Use a passphrase to back up SSL keys in encrypted form. Remember the passphrase or write it down and store it in a safe location. When you restore the encrypted keys, you must enter the passphrase to decrypt the keys. If you use a passphrase when you back up the SSL keys, the ACE encrypts the keys with AES-256 encryption using OpenSSL software. • If you imported SSL certificates or keys with a crypto passphrase, you must use the pass-phrase option to encrypt the crypto passphrase when you back up these files. • Only probe scripts that reside in disk0: need to be backed up. The prepackaged probe scripts in the probe: directory are always available. When you perform a backup, the ACE automatically identifies and backs up the scripts in disk0: that are required by the configuration. • The ACE does not resolve any other dependencies required by the configuration during a backup except for scripts that reside in disk0:. For example, if you configured SSL certificates in an SSL proxy in the running-configuration file, but you later deleted the certificates, the backup proceeds as if the certificates still existed. • To perform a backup or a restore operation, you must have the admin RBAC feature in your user role. Examples To back up all contexts in the ACE, enter: host1/Admin# backup all pass-phrase MY_PASS_PHRASE Related Commands restore show backup1-5 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands capture To enable the context packet capture function for packet sniffing and network fault isolation, use the capture command. As part of the packet capture process, you specify whether to capture packets from all interfaces or an individual VLAN interface. capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop Syntax Description Command Modes Exec Admin and user contexts Command History buffer_name Name of the packet capture buffer. The buffer_name argument associates the packet capture with a name. Specify an unquoted text string with no spaces from 1 to 80 alphanumeric characters. all Specifies that packets from all input interfaces are captured. interface Specifies a particular input interface from which to capture packets. vlan number Specifies the VLAN identifier associated with the interface. access-list name Selects packets to capture based on a specific access list. A packet must pass the access list filters before the packet is stored in the capture buffer. Specify a previously created access list identifier. Enter an unquoted text string with a maximum of 64 characters. Note Ensure that the access list is for an input interface; input is considered with regards to the direction of the session that you wish to capture. If you configure the packet capture on the output interface, the ACE will fail to match any packets. bufsize buf_size (Optional) Specifies the buffer size, in kilobytes (KB), used to store the packet capture. The range is from 1 to 5000 KB. circular-buffer (Optional) Enables the packet capture buffer to overwrite itself, starting from the beginning, when the buffer is full. remove Clears the packet capture configuration. start Starts the packet capture function and displays the messages on the session console as the ACE receives the packets. The CLI prompt returns and you can type other commands at the same time that the ACE is capturing packets. To stop the capture process, use the stop option. The packet capture function automatically stops when the buffer is full unless you enable the circular buffer function. stop Stops the packet capture process after a brief delay. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(5) The buffer size was limited to 5000 KB. A2(1.0) The stop option was introduced.1-6 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The packet capture function enables access control lists (ACLs) to control which packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical. To capture packets for both IPv6 and IPv4 in the same buffer, configure the capture command twice: once with an IPv6 ACL and once with an IPv4 ACL. Under high traffic conditions, you may observe up to 64 packets printing on the console after you enter the stop keyword. These additional messages can occur because the packets were in transit or buffered before you entered the stop keyword. The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context. The ACE does not automatically save the packet capture in a configuration file. To copy the capture buffer information as a file in flash memory, use the copy capture command. Examples To start the packet capture function for CAPTURE1, enter: host1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1 host1/Admin# capture CAPTURE1 start To stop the packet capture function for CAPTURE1, enter: host1/Admin# capture CAPTURE1 stop Related Commands clear icmp statistics copy capture show capture changeto To move from one context on the ACE to another context, use the changeto command. changeto context_name Syntax Description ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) The stop option was introduced. context_name Name of an existing context. This argument is case sensitive.1-7 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the changeto feature in your user role, and as found in all of the predefined user roles. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access. The command prompt indicates the context that you are currently in (see the following example). The predefined user role that is enforced after you enter the changeto command is that of the Admin context and not that of the non-Admin context. You cannot add, modify, or delete objects in a custom domain after you change to a non-Admin context. • If you originally had access to the default-domain in the Admin context prior to moving to a non-Admin context, the ACE allows you to configure any object in the non-Admin context. • If you originally had access to a custom domain in the Admin context prior to moving to a non-Admin context, any created objects in the non-Admin context will be added to the default-domain. However, an error message will appear when you attempt to modify existing objects in the non-Admin context. User-defined roles configured with the changeto feature retain their privileges when accessing different contexts. Examples To change from the Admin context to the context CTX1, enter: host1/Admin# changeto CTX1 host1/CTX1# Related Commands exit show context (config) context (config-role) rule ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.3) You can apply the changeto feature to a rule for a user-defined role. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.2) You can apply the changeto feature to a rule for a user-defined role.1-8 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands checkpoint To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command. checkpoint {create | delete | rollback} name Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If the running-configuration file has the no ft auto-sync command configured and the checkpoint has the ft auto-sync command configured, a checkpoint rollback will fail with the following message: Warning : 'no ft auto-sync' & 'ft auto-sync' conflict detected - Rollback will fail Failing Scenario - running config has 'no ft auto-sync' / checkpoint has 'ft auto-sync' Examples To create the checkpoint CP102305, enter: host1/Admin# checkpoint create CP102305 Related Commands compare copy checkpoint show checkpoint create Creates a new checkpoint with the value of name. delete Deletes the existing checkpoint with the value of name. rollback Reverts back to the checkpoint with the value of name. name Name of a new or existing checkpoint. Enter a text string from 1 to 50 alphanumeric characters (no spaces). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-9 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear access-list To clear access control list (ACL) statistics, use the clear access-list command. clear access-list name Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the access control list ACL1, enter: host1/Admin# clear access-list ACL1 Related Commands show access-list (config) access-list ethertype (config) access-list extended name Name of an existing ACL. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-10 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear accounting log To clear the accounting log, use the clear accounting log command. clear accounting log Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the accounting log, enter: host1/Admin# clear accounting log Related Commands show accounting log (config) aaa accounting default clear acl-merge statistics To clear the ACL-merge statistics, use the clear acl-merge statistics command. clear acl-merge statistics Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-11 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the ACL-merge statistics, enter: host1/Admin# clear acl-merge statistics Related Commands show acl-merge (config) access-list extended clear arp To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP processes, use the clear arp command. clear arp [no-refresh | {statistics [vlan number] [interface_name]}] Syntax Description Command Modes Exec Admin and user contexts Command History ACE Module Release Modification A4(1.0) This command was introduced. ACE Appliance Release Modification A3(2.5) This command was introduced. no-refresh (Optional) Removes the learned ARP entries from the ARP table without refreshing the ARP entries. statistics [vlan number] (Optional) Clears ARP statistics counters globally or for the specified VLAN, vlan number. [interface_name] (Optional, ACE appliance only) Clears ARP statistics counters globally or for the specified interface, interface_name. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised with the vlan option.1-12 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you enter the clear arp command with no option, it clears all learned ARP entries and then refreshes the ARP entries. Examples To clear the ARP statistics, enter: host1/Admin# clear arp statistics To clear the ARP learned entries and then refresh the ARP entries, enter: host1/Admin# clear arp Related Commands show arp (config) arp clear buffer stats To clear the control plane buffer statistics, use the clear buffer stats command. clear buffer stats Syntax Description This command has no keywords or arguments. Command Modes Exec Admin context only Command History ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised with the vlan option. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-13 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To clear the control plane buffer statistics, enter: host1/Admin# clear buffer stats Related Commands show buffer clear capture To clear an existing capture buffer, use the clear capture command. clear capture name Syntax Description Command Modes Exec Admin and user context Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the dir command to view the capture files that you copied to the disk0: file system using the copy capture command. Examples To clear the capture buffer CAPTURE1, enter: host1/Admin# clear capture CAPTURE1 Related Commands capture copy capture name Name of an existing capture buffer. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-14 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands dir show capture clear cde (ACE module only) To clear the classification and distribution engine (CDE) statistics and interrupt counts, use the clear cde command. clear cde {interrupt | stats} Syntax Description Command Modes Exec Admin context Command History Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To clear the CDE interrupt counts, enter: host1/Admin# clear cde interrupt Related Commands show cde clear cfgmgr internal history To clear the Configuration Manager internal history, use the clear cfgmgr internal history command. clear cfgmgr internal history Syntax Description This command has no keywords or arguments. interrupt Clears the CDE interrupt counts. stats Clears the CDE statistics. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-15 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To clear the Configuration Manager internal history, enter: host1/Admin# clear cfgmgr internal history Related Commands show cfgmgr ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-16 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear conn To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn command. clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip | dest_port}} | id number np number | rserver name [port_number] serverfarm sfarm_name] Syntax Description Command Modes Exec Admin and user contexts Command History all (Optional) Clears all connections that go through the ACE, originate with the ACE, or terminate with the ACE. flow (Optional) Clears the connection that matches the specified flow descriptor. prot_number Protocol number of the flow. icmp Specifies the flow types using ICMP. tcp Specifies the flow types using TCP. udp Specifies the flow types using UDP. source_ip Source IP address of the flow. source_port Source port of the flow. dest_ip Destination IP address of the flow. dest_port Destination port of the flow. id number (Optional) Clears the connection with the specified connection ID number as displayed in the output of the show conn command. np number Clears all the connections to the specified network processor with the specified connection ID. rserver name (Optional) Clears all connections to the specified real server. port_number (Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535. serverfarm sfarm_name (Optional) Clears all connections to the specified real server associated with this server farm. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised.1-17 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To clear only the connections that go through the ACE (flows that pass through the ACE between the originating network host and the terminating network host), use the clear conn command without any keywords. When you do not include any keywords, the connections that terminate or originate with the ACE are not cleared. Examples To clear the connections for the real server RSERVER1, enter: host1/Admin# clear conn rserver RSERVER1 Related Commands show conn clear cores To clear all of the core dumps stored in the core: file system, use the clear cores command. clear cores Syntax Description This command has no keywords or arguments. Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Note The ACE creates a core dump when it experiences a fatal error. Core dump information is for Cisco Technical Assistance Center (TAC) use only. We recommend that you contact TAC for assistance in interpreting the information in the core dump. To view the list of core files in the core: file system, use the dir core: command. To save a copy of a core dump to a remote server before clearing it, use the copy capture command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-18 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands To delete a specific core dump file from the core: file system, use the delete core: command. Examples To clear all core dumps, enter: host1/Admin# clear cores Related Commands copy capture delete dir1-19 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear crypto session-cache To clear the session cache information in the context, use the clear crypto session-cache command. clear crypto session-cache [all] Syntax Description Command Modes Exec Admin and user context. The all option is available in the Admin context only. Command History Usage Guidelines This command has no usage guidelines. Examples To clear the session cache information in the context, enter: host1/Admin# clear crypto session-cache Related Commands This command has no related commands. all (Optional) Clears the session cache information for all contexts. This option is available in the Admin context only. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.1-20 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear dc (ACE module only) To clear the daughter card interrupt and register statistics on the ACE module, use the clear dc command. clear dc dc_number {controller {interrupts | stats} | interrupt} Syntax Description Command Modes Exec Admin context only. Command History Usage Guidelines This command requires the Admin user role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To clear the daughter card 1 controller interrupt statistics, enter: host1/Admin# clear dc 1 controller interrupts Related Commands set dc show dc clear debug-logfile To remove a debug log file, use the clear debug-logfile command. clear debug-logfile filename Syntax Description Command Modes Exec Admin and user contexts dc_number Number of the daughter card (1 or 2). controller Specifies the daughter card controller. interrupts Clears the specified daughter card controller interrupt statistics. stats Clears the specified daughter card cumulative controller statistics. interrupt Clears the specified daughter card interrupt count. ACE Module Release Modification A4(1.0) This command was introduced. filename Name of an existing debug log file.1-21 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel. Examples To clear the debug log file DEBUG1, enter: host1/Admin# clear debug-logfile DEBUG1 Related Commands debug show debug clear fifo stats To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command. clear fifo stats Syntax Description This command has no keywords or arguments. Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-22 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To clear the control plane FIFO statistics, enter: host1/Admin# clear fifo stats Related Commands show fifo1-23 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear ft To clear the various fault-tolerant (FT) statistics, use the clear ft command. clear ft {all | ha-stats | hb-stats | history {cfg_cntlr | ha_dp_mgr | ha_mgr} | track-stats [all]} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear all fault-tolerant statistics, enter: host1/Admin# clear ft all Related Commands show ft all Clears all redundancy statistics, including all TL, heartbeat, and tracking counters. ha-stats Clears all transport layer-related counters that the ACE displays as part of the show ft peer detail command output. hb-stats Clears all heartbeat-related statistics. When you enter this command for the first time, the ACE sets the heartbeat statistics counters to zero and stores a copy of the latest statistics locally. From that point on, when you enter the show ft hb-stats command, the ACE displays the difference between the statistics that are stored locally and the current statistics. history Clears the redundancy history statistics. track-stats Clears tracking-related statistics for the Admin FT group only, a user context FT group only, or for all FT groups that are configured in the ACE. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was extensively revised. This version of software introduced the all, ha-stats, hb-stats, history, and track-stats keywords, and removed the original stats keyword. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was extensively revised. This version of software introduced the all, ha-stats, hb-stats, history, and track-stats keywords, and removed the original stats keyword.1-24 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands (config) ft auto-sync (config) ft group (config) ft interface vlan (config) ft peer (config) ft track host (ACE module only) (config) ft track hsrp (config) ft track interface clear icmp statistics To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics command. clear icmp statistics Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the ICMP statistics, enter: host1/Admin# clear icmp statistics Related Commands show icmp statistics ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-25 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear interface To clear the interface statistics, use the clear interface command. clear interface [bvi number | vlan number | gigabitEthernet slot_number/port_number] Syntax Description Command Modes Exec BVI and VLAN—Admin and user contexts (ACE appliance only) Ethernet data port—Admin context only Command History Usage Guidelines This command requires the interface feature in your user role. In addition, the Ethernet data port interface command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To clear all of the interface statistics, enter the clear interface command without using the optional VLAN and BVI keywords. Examples ACE Module Example To clear all of the interface statistics for VLAN 212, enter: host1/Admin# clear interface vlan 212 bvi number (Optional) Clears the statistics for the specified Bridge Group Virtual Interface (BVI). vlan number (Optional) Clears the statistics for the specified VLAN. gigabitEthernet slot_number/ port_number (Optional, ACE appliance only) Clears the statistics for the specified Gigabit Ethernet slot and port. • The slot_number represents the physical slot on the ACE containing the Ethernet ports. This selection is always 1. • The port_number represents the physical Ethernet port on the ACE. Valid selections are 1 through 4. This keyword is available in the Admin context only. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-26 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands ACE Appliance Example To clear the statistics for Ethernet port 3, enter: host1/Admin# clear interface gigabitEthernet 1/3 Related Commands show interface (config) interface clear ip To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip command. clear ip [dhcp relay statistics | statistics] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional keywords. Examples To clear all of the IP normalization, fragmentation, and reassembly statistics, enter: host1/Admin# clear ip statistics Related Commands show ip dhcp relay statistics (Optional) Clears all of the DHCP relay statistics. statistics (Optional) Clears all of the statistics associated with IP normalization, fragmentation, and reassembly. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-27 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear ipv6 To clear the Dynamic Host Configuration Protocol (DHCP) relay and neighbor discovery statistics, use the clear ipv6 command. clear ipv6 {dhcp relay statistics | {neighbors [no-refresh | vlan vlan_id ipv6_address [no-refresh] | ipv6_address [no-refresh]]}} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear all the DHCPv6 statistics, enter: host1/Admin# clear ipv6 dhcp relay statistics Related Commands show ipv6 clear line To close a specified virtual terminal (VTY) session, use the clear line command. clear line vty_name dhcp relay statistics Clears all the DHCPv6 relay statistics. neighbors Clears all the statistics associated with neighbor discovery. no-refresh (Optional) The ACE deletes the neighbor information from the cache and does not perform a refresh vlan vlan_id (Optional) Deletes the neighbor information associated with the specified VLAN interface ipv6_address (Optional) Deletes the neighbor information associated with the specified IPv6 address. ACE Module/Appliance Release Modification A5(1.0) This command was introduced.1-28 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To terminate the VTY session VTY1, enter: host1/Admin# clear line VTY1 Related Commands (ACE module only) (config) line console (config) line vty vty_name Name of a VTY session. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-29 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear logging To clear information stored in the logging buffer, use the clear logging command. clear logging [disabled | rate-limit] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To clear all of the information stored in the logging buffer, enter the clear logging command without using either of the optional keywords. Examples To clear all of the information stored in the logging buffer, enter: host1/Admin# clear logging Related Commands show logging (config) logging buffered clear netio stats To clear the control plane network I/O statistics, use the clear netio stats command. clear netio stats Syntax Description This command has no keywords or arguments. disabled (Optional) Clears the logging buffer of “disabled” messages. rate-limit (Optional) Clears the logging buffer of “rate-limit configuration” messages. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-30 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To clear the control plane network I/O statistics, enter: host1/Admin# clear netio stats Related Commands show netio ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-31 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear np To clear the network processor interrupt error statistics that appear when you enter the show np number interrupts command, use the clear np command. clear np number interrupts Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the network processor interrupt error statistics, enter: host1/Admin# clear np 1 interrupts Related Commands show np number Specifies the number of the network processor whose interrupt statistics you want to clear. Enter an integer from 1 to 4. interrupts Clears the interrupt statistics. of the network processor that you specify. Release Modification A4(1.0) This command was introduced.1-32 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear ntp statistics (ACE appliance only) To clear the NTP statistics that display when you enter the show ntp command, use the clear ntp command. clear ntp statistics {all-peers | io | local | memory} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the NTP memory statistics, enter: host1/Admin# clear ntp statistics memory Related Commands (config) ntp clear probe To clear the probe statistics displayed through the show probe command, use the clear probe command. clear probe name Syntax Description Command Modes Exec Admin and user contexts all-peers Clears all peer statistics. io Clears the I/O statistics. local Clears the local statistics. memory Clears the memory statistics. ACE Appliance Release Modification A1(7) This command was introduced. name Name of an existing probe.1-33 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear all the statistics for the probe HTTP1, enter: host1/Admin# clear probe HTTP1 Related Commands show probe (config) probe ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-34 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear processes log To clear the statistics for the processes log, use the clear processes log command. clear processes log {all | pid id} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the list of process identifiers assigned to each of the processes running on the ACE, use the show processes command. Examples To clear all the statistics for the processes log, enter: host1/Admin# clear processes log all Related Commands show processes clear rserver To clear the real server statistics of all instances of a particular real server regardless of the server farms that it is associated with, use the clear rserver command. clear rserver name Syntax Description all Clears all statistics for the processes logs. pid id Specifies the processes log to clear. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. name Name of the real server.1-35 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you have redundancy configured, then you need to explicitly clear real-server statistics on both the active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE’s statistics at the old values. Examples To clear the statistics for the real server RS1, enter: host1/Admin# clear rserver RS1 Related Commands show rserver (config) rserver clear rtcache To clear the route cache, use the clear rtcache command. clear rtcache Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-36 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the route cache, enter: host1/Admin# clear rtcache Related Commands This command has no related commands. ACE Appliance Release Modification A1(7) This command was introduced.1-37 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear screen To clear the display screen, use the clear screen command. clear screen Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the display screen, enter: host1/Admin# clear screen Related Commands This command has no related commands. clear serverfarm To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command. clear serverfarm name [inband | predictor | retcode] Syntax Description ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. name Name of an existing server farm. inband (Optional) Resets the inband health monitoring Total failure counters for the specified server farm, as displayed by the show serverfarm name inband command. 1-38 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the statistics for the server farm SFARM1, enter: host1/Admin# clear serverfarm SFARM1 Related Commands show serverfarm (config) serverfarm clear service-policy To clear the service policy statistics, use the clear service-policy command. clear service-policy policy_name Syntax Description predictor (Optional) Resets the average bandwidth field for each real server in the specified server farm, as displayed by the show serverfarm name detail command. retcode (Optional) Clears the return-code statistics for the server farm. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. A2(1.3) The predictor option was added. A4(1.0) The inband option was added. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised. The predictor option was added. A4(1.0) The inband option was added. policy_name Name of an existing policy map that is currently in service (applied to an interface).1-39 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the statistics for the service policy HTTP1, enter: host1/Admin# clear service-policy HTTP1 Related Commands show service-policy ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-40 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear ssh To clear a Secure Shell (SSH) session or clear the public keys of all SSH hosts, use the clear ssh command. clear ssh {session_id | hosts} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To obtain the specific SSH session ID value, use the show ssh session-info command. Examples To clear the SSH session with the identifier 345, enter: host1/Admin# clear ssh 345 Related Commands clear telnet show ssh (config) ssh key (config) ssh maxsessions session_id Identifier of the SSH session to clear, terminating the session. hosts Clears the public keys of all trusted SSH hosts. This keyword is available to all users in all contexts. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-41 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear startup-config To clear the startup configuration of the current context, use the clear startup-config command. clear startup-config Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Clearing the startup configuration does not affect the context running-configuration. The clear startup-config command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command. To clear the startup configuration, you can also use the write erase command. Before you clear a startup configuration, we recommend that you back up your current startup configuration to a file on a remote server using the copy startup-config command. Once you clear the startup configuration, you can perform one of the following processes to recover a copy of an existing configuration: • Use the copy running-config startup-config command to copy the contents of the running configuration to the startup configuration. • Upload a backup of a previously saved startup-configuration file from a remote server using the copy startup-config command. Examples To clear the startup configuration, enter: host1/Admin# clear startup-config Related Commands copy capture show startup-config write ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-42 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear stats To clear the statistical information stored in the ACE buffer, use the clear stats command. clear stats {all | connection | {crypto [client | server [alert | authentication | cipher | termination]]} | http | inspect | kalap | loadbalance [radius | rdp | rtsp | sip] | optimization | probe | resource-usage | sticky} Syntax Description Command Modes Exec Admin and user contexts all Clears all statistical information in a context. The all keyword also clears the resource usage counters. connection Clears connection statistical information. crypto Clears TLS and SSL statistics from the context. If you do not enter the client or server option, the ACE clears both the client and server statistics. client (Optional) Clears the complete TLS and SSL client statistics for the current context. server (Optional) Clears the complete TLS and SSL server statistics for the current context. alert (Optional) Clears the back-end SSL alert statistics. authentication (Optional) Clears the back-end SSL authentication statistics. cipher (Optional) Clears the back-end SSL cipher statistics. termination (Optional) Clears the back-end SSL termination statistics. http Clears HTTP statistical information. inspect Clears HTTP inspect statistical information. kalap Clears the global server load-balancing (GSLB) statistics. loadbalance Clears load-balancing statistical information. radius (Optional) Clears Remote Authentication Dial-In User Service (RADIUS) load-balancing statistical information. rdp (Optional) Clears Reliable Datagram Protocol (RDP) load-balancing statistical information. rtsp (Optional) Clears Real-Time Streaming Protocol (RTSP) load-balancing statistical information. sip (Optional) Clears Session Initiation Protocol (SIP) load-balancing statistical information. optimization (ACE appliance only) Clears HTTP optimization statistics probe Clears probe statistical information. resource-usage Clears resource usage-related context statistics sticky Clears sticky statistical information.1-43 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command requires the loadbalance, inspect, NAT, connection, sticky, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you have redundancy configured, then you need to explicitly clear sticky statistics on both the active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE’s statistics at the old values. Examples To clear sticky statistics, enter: host1/Admin# clear stats sticky Related Commands show stats ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The crypto keyword and client | server [alert | authentication | cipher | termination] options were added. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) The resource-usage keyword was added. A3(2.1) The crypto keyword and client | server [alert | authentication | cipher | termination] options were added.1-44 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear sticky database To clear dynamic sticky database entries, use the clear sticky database command. clear sticky database {active-conn-count min value1 max value2 | all | group group_name | time-to-expire min value3 max value4 | type {hash-key value5 | http-cookie value6 | ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5}} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. active-conn-cou nt min value1 max value2 Clears the sticky database entries within the specified connection count range. all Clears all dynamic sticky database entries in a context. group name Clears all dynamic sticky database entries for the specified sticky group. time-to-expire min value3 max value4 Clears the sticky database entries within the specified time to expire range. type {hash-key value5 | http-cookie value6 | ip-netmask {both {source ip_address1 destination ip_address2} | destination ip_address3 | source ip_address4}} Clears sticky database entries for one of the following sticky group types: – hash-key value – http-cookie value – ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5} ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-45 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands This command does not clear static sticky database entries. To clear static sticky database entries, use the no form of the appropriate sticky configuration mode command. For example, enter (config-sticky-cookie) static cookie-value or (config-sticky-header) static header-value. Examples To clear all dynamic sticky database entries in the Admin context, enter: host1/Admin# clear sticky database all Related Commands show sticky database1-46 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear syn-cookie To clear the SYN cookie statistics, use the clear syn-cookie command. To clear SYN cookie statistics for all VLANs that are configured in the current context, enter the command with no arguments. clear syn-cookie [vlan number] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no usage guidelines. Examples To clear SYN cookie statistics for VLAN 100, enter: host1/C1# clear syn-cookie vlan 100 Related Commands show syn-cookie clear tcp statistics To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command. clear tcp statistics Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts vlan number (Optional) Instructs the ACE to clear SYN cookie statistics for the specified interface. Enter an integer from 2 to 2024. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.1-47 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the TCP statistics, enter: host1/Admin# clear tcp statistics Related Commands show tcp statistics clear telnet To clear a Telnet session, use the clear telnet command. clear telnet session_id Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To obtain the specific Telnet session identification number, use the show telnet command. Examples To clear the Telnet session with the identification number of 236, enter: ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. session_id Identifier of the Telnet session to clear, terminating the session. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-48 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands host1/Admin# clear telnet 236 Related Commands clear ssh show telnet telnet clear udp statistics To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command. clear udp statistics Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To clear the UDP statistics, enter: host1/Admin# clear udp statistics Related Commands show udp statistics clear user To clear a user session, use the clear user command. clear user name ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-49 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the list of users that are currently logged in to the ACE, use the show users command. Examples To log out the user USER1, enter: host1/Admin# clear user USER1 Related Commands show users (config) username clear vnet stats To clear control plane virtual network (VNET) device statistics, use the clear vnet stats command. clear vnet stats Syntax Description This command has no keywords or arguments. Command Modes Exec Admin context only Command History name Name of the user to log out. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-50 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To clear the VNET statistics, enter: host1/Admin# clear vnet stats Related Commands show vnet ACE Appliance Release Modification A1(7) This command was introduced.1-51 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clear xlate To clear the global address to the local address mapping information based on the global address, global port, local address, local port, interface address as global address, and NAT type, use the clear xlate command. clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port [end_port]] [interface vlan number] [state static] [portmap] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you enter this command, the ACE releases sessions that are using the translations (Xlates). If you configure redundancy, then you need to explicitly clear Xlates on both the active and the standby ACEs. Clearing Xlates on the active ACE does not clear Xlates in the standby ACE. global (Optional) Clears the active translation by the global IP address. local (Optional) Clears the active translation by the local IP address. start_ip Global or local IP address or the first IP address in a range of addresses. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). end_ip (Optional) Last IP address in a global or local range of IP addresses. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). netmask netmask (Optional) Specifies the network mask for global or local IP addresses. Enter a mask in dotted-decimal notation (for example, 255.255.255.0). gport (Optional) Clears active translations by the global port. lport (Optional) Clears active translations by the local port. start_port Global or local port number. end_port (Optional) Last port number in a global or local range of ports. interface vlan number (Optional) Clears active translations by the VLAN number. state static (Optional) Clears active translations by the state. portmap (Optional) Clears active translations by the port map. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-52 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To clear all static translations, enter: host1/Admin# clear xlate state static Related Commands show xlate1-53 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands clock set (ACE appliance only) To set the time and the date for an ACE, use the clock set command in Exec mode. clock set hh:mm:ss DD MONTH YYYY Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you enter this command, the ACE displays the current configured date and time. If you want to use the Network Time Protocol (NTP) to automatically synchronize the ACE system clock to an authoritative time server (such as a radio clock or an atomic clock), see Chapter 1, Setting Up the ACE, in the Administration Guide, Cisco ACE Application Control Engine. In this case, the NTP time server automatically sets the ACE system clock. hh:mm:ss Current time to which the ACE clock is being reset. Specify one or two digits for the hour, minutes, and seconds. DD MONTH YYYY Current date to which the ACE clock is being reset. Specify the full name of the month, one or two digits for the day, and four digits for the year. The following month names are recognized: • January • February • March • April • May • June • July • August • September • October • November • December ACE Appliance Release Modification A1(7) This command was introduced.1-54 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands If you previously configured NTP on an ACE, the ACE prevents you from using the clock set command and displays an error message. To manually set the ACE system clock, remove the NTP peer and NTP server from the configuration before setting the clock on an ACE. Examples For example, to specify a time of 1:38:30 and a date of October 7, 2008, enter: host1/Admin# clock set 01:38:30 7 Oct 2008 Wed Oct 7 01:38:30 PST 2008 Related Commands show clock (config) clock timezone (config) clock summer-time compare To compare an existing checkpoint with the running-configuration file, use the compare command. compare checkpoint_name Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If the checkpoint configuration is the same as the running-config, the output of this command is: Checkpoint config is same as running config If the checkpoint configuration is different from the running-config, the output will be the difference between the two configurations. Examples To compare the CHECKPOINT_1 checkpoint with the running-config, enter the following command: host1/Admin# compare CHECKPOINT_1 checkpoint_name Specifies the name of an existing checkpoint. The compare function defaults to comparing the specified checkpoint with the running-config. ACE Module/Appliance Release Modification A4(1.0) This command was introduced.1-55 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands checkpoint copy checkpoint show checkpoint configure To change from the Exec mode to the configuration mode, use the configure command. configure [terminal] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires one or more features assigned to your user role, such as the AAA, interface, or fault-tolerant features. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To return to the Exec mode from the configuration mode, use the exit command. To execute an Exec mode command from any of the configuration modes, use the do version of the command. Examples To change to the configuration mode from the Exec mode, enter: host1/Admin# configure host1/Admin(config)# Related Commands exit terminal (Optional) Enables you to configure the system from the terminal. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-56 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy capture To copy an existing context packet capture buffer as the source file in the ACE compact flash to another file system, use the copy capture command. copy capture capture_name disk0: [path/]destination_name Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. After you copy a capture file to a remote server, you can use the delete disk0:filename command to delete the file from the ACE and free memory. Examples To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter: host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1 Related Commands clear capture show capture capture_name Name of the packet capture buffer on the disk0: file system. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. disk0: Specifies that the buffer is copied to the disk0: file system. [path/]destination_name Destination path (optional) and name for the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-57 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy checkpoint To copy a checkpoint file to a remote server, use the copy checkpoint command. copy checkpoint:filename disk0:[path/]filename | image:image_name | startup-config | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. filename Filename of the checkpoint file residing on the ACE in flash memory. disk0:[path/]filename Specifies that the file destination is the disk0: directory of the current context and the filename for the checkpoint. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. image:image_name Specifies that the file destination is an image in the image: directory. startup-config Specifies that the destination file is the startup-configuration file. ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server and optional renamed checkpoint file. sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed checkpoint file. tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed checkpoint file. ACE Module Release Modification A2(1.6) This command was introduced. ACE Appliance Release Modification A4(1.0) This command was introduced.1-58 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands • Copies the file to the root directory of the destination file system if you do not provide the path information. Examples To copy a checkpoint file from the ACE to a remote FTP server, enter: host1/Admin# copy checkpoint:CHECKPOINT1.txt ftp://192.168.1.2 Enter the destination filename[]? [CHECKPOINT1.txt] Enter username[]? user1 Enter the file transfer mode[bin/ascii]: [bin] Password: Passive mode on. Hash mark printing on (1024 bytes/hash mark). Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server. Related Commands checkpoint compare show checkpoint1-59 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy core: To copy a core file to a remote server, use the copy core: command. copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. • Copies the file to the root directory of the destination file system if you do not provide the path information. filename1 Filename of the core dump residing on the ACE in flash memory. Use the dir core: command to view the core dump files available in the core: file system. disk0:[path/]filename2 Specifies that the file destination is the disk0: directory of the current context and the filename for the core. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server and optional renamed core dump. sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed core dump. tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed core dump. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-60 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To copy a core file from the ACE to a remote FTP server, enter: host1/Admin# copy core:np0_crash.txt ftp://192.168.1.2 Enter the destination filename[]? [np0_crash.txt] Enter username[]? user1 Enter the file transfer mode[bin/ascii]: [bin] Password: Passive mode on. Hash mark printing on (1024 bytes/hash mark). Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server. Related Commands dir copy disk0: To copy a file from one directory in the disk0: file system of flash memory to another directory in disk0: or a network server, use the copy disk0: command. copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] | image:image_filename | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | running-config | startup-config} Syntax Description disk0:[path/]filename1 Specifies the name of the file to copy in the disk0: file system. Use the dir disk0: command to view the files available in disk0:. If you do not provide the optional path, the ACE copies the file from the root directory on the disk0: file system. disk0:[path/]filename2 Specifies that the file destination is the disk0: directory of the current context and the filename for the core. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server and optional renamed file. image:image_filename Specifies the image: filesystem and the image filename. sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed file. ftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed file. running-config Specifies to replace the running-configuration file that currently resides on the ACE in volatile memory. startup-config Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory.1-61 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. • Copies the file to the root directory of the destination file system if you do not provide the path information. Examples To copy the file called SAMPLEFILE to the MYSTORAGE directory in flash memory, enter: host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILE Related Commands dir ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-62 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy ftp: To copy a file, software image, running-configuration file, or startup-configuration file from a remote File Transfer Protocol (FTP) server to a location on the ACE, use the copy ftp: command. copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To copy a startup-configuration file from a remote FTP server to the ACE, enter: host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-config Related Commands show running-config show startup-config ftp://server/path[/filename] Specifies the FTP network server and optional file to copy. disk0:[path/]filename Specifies that the file destination is the disk0: directory of the current context and the filename. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. image: [image_name] Specifies to copy a system software image to flash memory. Use the boot system command in configuration mode to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. The image: keyword is available only in the Admin context. The image_name argument is optional. If you do not enter a name, the ACE uses the source filename. running-config Specifies to replace the running-configuration file that currently resides on the ACE in RAM (volatile memory). startup-config Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory (nonvolatile memory). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-63 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy image: To copy an ACE software system image from flash memory to a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy image: command. copy image:image_filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. • Copies the file to the root directory of the destination file system if you do not provide the path information. Examples ACE Module Example To save a software system image to a remote FTP server, enter: host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2 image_filename Name of the ACE system software image. Use the dir image: command or the show version command to view the software system images available in flash memory. ftp://server/path[/filename] Specifies the FTP network server and optional renamed image. sftp://[username@]server/path[/filename] Specifies the SFTP network server and optional renamed image. tftp://server[:port]/path[/filename] Specifies the TFTP network server and optional renamed image. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-64 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands ACE Appliance Example To save a software system image to a remote FTP server, enter: host1/Admin# copy image:c4710ace-mz.A3_1_0.bin ftp://192.168.1.2 Related Commands dir show version1-65 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy licenses To create a backup license file for the ACE licenses in the .tar format and copy it to the disk0: file system, use the copy licenses command. copy licenses disk0:[path/]filename.tar Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To copy the installed software licenses to the disk0: file system, enter: host1/Admin# copy licenses disk0:mylicenses.tar Related Commands show license untar disk0: disk0: Specifies that the backup license file is copied to the disk0: file system. [path/]filename.tar Specifies the destination filename for the backup licenses. The destination filename must have a .tar file extension. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-66 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy probe: To copy scripted probe files from the probe: directory to the disk0: file system on the ACE or a remote server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the copy probe: command. copy probe:probe_filename {disk0:[path/]filename | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. • Copies the file to the root directory of the destination file system if you do not provide the path information. Examples To copy a probe file to a remote FTP server, enter: host1/Admin# copy probe:IMAP_PROBE ftp://192.168.1.2 probe_filename Name of the scripted probe file. Use the dir probe: command to view the files available in flash memory. disk0: Specifies that the probe file is copied to the disk0: file system. ftp://server/path[/filename] Specifies the FTP network server and optional renamed image. sftp://[username@]server/path[/filename] Specifies the SFTP network server and optional renamed image. tftp://server[:port]/path[/filename] Specifies the TFTP network server and optional renamed image. ACE Module/Appliance Release Modification A4(1.0) This command was introduced.1-67 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands dir1-68 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy running-config To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration file in flash memory (nonvolatile memory) or a network server, use the copy running-config command. copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. • Copies the file to the root directory of the destination file system if you do not provide the path information. To copy the running configuration to the startup configuration, you can also use the write memory command. disk0:[path/]filename Specifies that the running configuration is copied to a file on the disk0: file system. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. startup-config Copies the running configuration file to the startup configuration file. ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server and optional renamed file. sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed file. tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed file. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-69 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To save the running-configuration file to the startup-configuration file in flash memory on the ACE, enter: host1/Admin# copy running-config startup-config Related Commands show running-config show startup-config write copy startup-config To merge the contents of the startup configuration file into the running configuration file or copy the startup configuration file to a network server, use the copy startup-config command. copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. disk0:[path/]filename Specifies that the startup configuration is copied to a file on the disk0: file system. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. running-config Merges contents of the startup configuration file into the running configuration file. ftp://server/pat[/filename] Specifies the File Transfer Protocol (FTP) network server and optional renamed file. sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP) network server and optional renamed file. tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network server and optional renamed file. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-70 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following: • Prompts you for your username and password if the destination file system requires user authentication. • Prompts you for the server information if you do not provide the information with the command. • Copies the file to the root directory of the destination file system if you do not provide the path information. Examples To merge the contents of the startup-configuration file into the running-configuration file in flash memory, enter: host1/Admin# copy startup-config running-config Related Commands show startup-config copy sftp: To copy a file, software image, running-configuration file, or startup-configuration file from a remote Secure File Transfer Protocol (SFTP) server to a location on the ACE, use the copy sftp: command. copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name] | running-config | startup-config} Syntax Description Command Modes Exec sftp://[username@]server/path[/filename] Specifies the SFTP network server and optional renamed file. disk0:[path/]filename Specifies that the file destination is the disk0: directory of the current context and the filename. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. image: [image_name] Specifies to copy a system software image to flash memory. Use the boot system command in configuration mode to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. The image: keyword is available only in the Admin context. The image_name argument is optional. If you do not enter a name, the ACE uses the source filename. running-config Specifies to replace the running-configuration file that currently resides on the ACE in RAM (volatile memory). startup-config Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory (nonvolatile memory).1-71 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To copy a startup-configuration file from a remote SFTP server to the ACE, enter: host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-config Related Commands show running-config show startup-config ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-72 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands copy tftp: To copy a file, software image, running-configuration file, or startup-configuration file from a remote Trivial File Transfer Protocol (TFTP) server to a location on the ACE, use the copy tftp: command. copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config | startup-config} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To copy a startup-configuration file from a remote TFTP server to the ACE, enter: host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-config tftp://server[:port]/path[/filename] Specifies the TFTP network server and optional renamed file. disk0:[path/]filename Specifies that the file destination is the disk0: directory of the current context and the filename. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system. image: [image_name] Specifies to copy a system software image to flash memory. Use the boot system command in configuration mode to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. The image: keyword is available only in the Admin context. The image_name argument is optional. If you do not enter a name, the ACE uses the source filename. running-config Specifies to replace the running-configuration file that currently resides on the ACE in RAM (volatile memory). startup-config Specifies to replace the startup-configuration file that currently resides on the ACE in flash memory (nonvolatile memory). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-73 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands show running-config show startup-config crypto crlparams To configure signature verification on a Certificate Revocation List (CRL) to determine that it is from a trusted certificate authority, use the crypto crlparams command. crypto crlparams crl_name cacert ca_cert_filename no crypto crlparams crl_name Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To configure signature verification on a CRL, enter: host1/Admin(config)# crypto crlparams CRL1 cacert MYCERT.PEM To remove signature verification from a CRL, enter: host1/Admin(config)# no crypto crlparams CRL1 Related Commands (config-ssl-proxy) crl crl_name Name of an existing CRL. ca_cert_filename Name of the CA certificate file used for signature verification. ACE Module Release Modification A2(1.4) and A2(2.1) This command was introduced. ACE Appliance Release Modification A3(2.2) This command was introduced.1-74 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands crypto delete To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete command. crypto delete {filename | all} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The all option does not delete the preinstalled sample certificate and key files. When you use the all keyword, the ACE prompts you with the following message to verify the deletion: This operation will delete all crypto files for this context from the disk, but will not interrupt existing SSL services. If new SSL files are not applied SSL services will be disabled upon next vip inservice or device reload. Do you wish to proceed? (y/n) [n] To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command. You cannot delete the ACE cisco-sample-key and cisco-sample-cert files. Examples To delete the key pair file MYRSAKEY.PEM, enter: host1/Admin# crypto delete MYRSAKEY.PEM Related Commands crypto export crypto import show crypto filename Name of a specific certificate or key pair file to delete. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. all Deletes all of the certificate and key pair files. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-75 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands crypto export To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen, use the crypto export command. crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You cannot export a certificate or key pair file that you marked as nonexportable when you imported the file to the ACE. The remote server variables listed after the terminal keyword in the “Syntax Description” are used by the ACE only when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). We recommend using SFTP as it provides the most security. To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command. local_filename Name of the file stored on the ACE to export. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. ftp Specifies the File Transfer Protocol (FTP) file transfer process. sftp Specifies the Secure File Transfer Protocol (SFTP) file transfer process. tftp Specifies the Trivial File Transfer Protocol (TFTP) file transfer process. terminal Displays the file content on the terminal for copy and paste purposes. Use the terminal keyword when you need to cut and paste certificate or private key information from the console. You can only use the terminal method to display PEM files, which are in ASCII format. ip_addr IP address or name of the remote server. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). username Username required to access the remote server. The ACE prompts you for your password when you enter the command. remote_filename Name to save the file to on the remote server. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-76 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter: host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEM User password: **** Writing remote file /usr/keys/mykey.pem host1/Admin# Related Commands crypto delete crypto import show crypto crypto generate csr To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command. crypto generate csr csr_params key_filename Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs it to the screen. Most major certificate authorities have web-based applications that require you to cut and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file. csr_params CSR parameters file that contains the distinguished name attributes. The ACE applies the distinguished name attributes contained in the CSR parameters file to the CSR. To create a CSR parameters file, use the (config) crypto csr-params command in the configuration mode. key_filename RSA key pair filename that contains the key on which the CSR is built. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. It is the public key that the ACE embeds in the CSR. Ensure that the RSA key pair file is loaded on the ACE for the current context. If the appropriate key pair does not exist, the ACE logs an error message. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-77 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Note The ACE does not save a copy of the CSR locally. After submitting your CSR to the CA, you will receive your signed certificate in one to seven business days. When you receive your certificate, use the crypto import command to import the certificate to the ACE. Examples To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in the file MYRSAKEY_1.PEM, enter: host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEM Related Commands crypto import (config) crypto csr-params crypto generate key To generate an RSA key pair file, use the crypto generate key command. crypto generate key [non-exportable] bitsize filename Syntax Description Command Modes Exec Admin and user contexts Command History non-exportable (Optional) Marks the key pair file as nonexportable, which means that you cannot export the key pair file from the ACE. bitsize Key pair security strength. The number of bits in the key pair file defines the size of the RSA key pair used to secure web transactions. Longer keys produce a more secure implementation by increasing the strength of the RSA security policy. Available entries (in bits) are as follows: • 512 (least security) • 768 (normal security) • 1024 (high security, level 1) • 1536 (high security, level 2) • 2048 (high security, level 3 filename Name that you assign to the generated RSA key pair file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.The key pair filename is used only for identification purposes by the ACE. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-78 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To generate the RSA key pair file MYRSAKEYS.PEM with a bit size of 1536, enter: host1/Admin# crypto generate key 1536 MYRSAKEYS.PEM Related Commands crypto delete crypto export crypto generate csr crypto import crypto verify show crypto crypto import To import certificate or key pair files to the ACE or terminal screen from a remote server, use the crypto import command. crypto import [non-exportable] {bulk sftp [passphrase passphrase] ip_addr username remote_url} | {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} | terminal local_filename [passphrase passphrase] Syntax Description ACE Appliance Release Modification A1(7) This command was introduced. non-exportable (Optional) Specifies that the ACE marks the imported file as nonexportable, which means that you cannot export the file from the ACE. bulk Specifies the importing of multiple certificate or key pair files simultaneously. sftp Specifies the Secure File Transfer Protocol (SFTP) file transfer process. ftp Specifies the File Transfer Protocol (FTP) file transfer process. passphrase passphrase (Optional) Indicates that the file was created with a passphrase, which you must submit with the file transfer request in order to use the file. The passphrase pertains only to encrypted PEM files and PKCS files. ip_addr IP address or name of the remote server. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). username Username required to access the remote server. The ACE prompts you for your password when you enter the command.1-79 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Because a device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both corresponding file types: the certificate file and its corresponding key pair file. The remote server variables listed after the passphrase variable in the Syntax Description table are only used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for terminal). If you select one of these transport types and do not define the remote server variables, the ACE prompts you for the variable information. We recommend using SFTP because it provides the most security. The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the remote_url Path to the certificate or key pair files that reside on the remote server to import. The ACE matches only files specified by the URL. Enter a file path including wildcards (for example, /remote/path/*.pem). To fetch all files from a remote directory, specify a remote URL that ends with a wildcard character (for example, /remote/path/*). The ACE module fetches all files on the remote server that matches the wildcard criteria. However, it imports only files with names that have a maximum of 40 characters. If the name of a file exceeds 40 characters, the ACE module does not import the file and discards it. remote_filename Name of the certificate or key pair file that resides on the remote server to import. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. local_filename Name to save the file to when imported to the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. tftp Specifies the Trivial File Transfer Protocol (TFTP) file transfer process. terminal Allows you to import a file using cut and paste by pasting the certificate and key pair information to the terminal display. You can only use the terminal method to display PEM files, which are in ASCII format. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(2.0) The bulk keyword was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) The bulk keyword was introduced.1-80 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width. Of these methods, we recommend SFTP because it is secure. This bulk keyword imports files with the names that they have on the remote server and does not allow you to rename the files. If you attempt to import a file that has the same filename of an existing local file, the ACE module does not overwrite the existing file. Before importing the updated file, you must either delete the local file or rename the imported file. The ACE supports 4096 certificates and 4096 keys. The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits. To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command. Examples To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter: host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM MYKEY.PEM Password: ******** Passive mode on. Hash mark printing on (1024 bytes/hash mark). # Successfully imported file from remote server. host1/Admin# This example shows how to use the terminal keyword to allow pasting of the certificate information to the file MYCERT.PEM: host1/Admin# crypto import terminal MYCERT.PEM Enter PEM formatted data ending with a blank line or “quit” on a line by itself --------BEGIN CERTIFICATE----------------------- MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJa QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3 -----------END CERTIFICATE------------------------ QUIT host1/Admin# This example shows how to use the bulk keyword to import all of the RSA key files from an SFTP server: host1/Admin# crypto import bulk sftp 1.1.1.1 JOESMITH /USR/KEYS/*.PEM Initiating bulk import. Please wait, it might take a while... Connecting to 1.1.1.1... Password: password ... Bulk import complete. Summary: Network errors: 0 Bad file URL: 0 Specified local files already exists: 0 Invalid file names: 1 Failed reading remote files: 5 Failed reading local files: 0 Failed writing local files: 0 Unknown errors: 0 Successfully imported: 10 host1/Admin#1-81 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands crypto delete crypto export crypto verify show crypto1-82 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands crypto verify To compare the public key in a certificate with the public key in a key pair file, and to verify that they are identical, use the crypto verify command. crypto verify key_filename cert_filename Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If the public key in the certificate does not match the public key in the key pair file, the ACE logs an error message. To view the list of the certificate and key pair files stored on the ACE for the current context, use the show crypto files command. Examples To verify that the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match, enter: host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEM keypair in myrsakey.pem matches certificate in mycert.pem This example shows what happens when the public keys do not match: host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEM Keypair in myrsakey2.pem does not match certificate in mycert.pem host1/Admin# Related Commands crypto import key_filename Name of the key pair file (stored on the ACE) that the ACE uses to verify against the specified certificate. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. cert_filename Name of the certificate file (stored on the ACE) that the ACE uses to verify against the specified key pair. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-83 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show crypto debug To enable the ACE debugging functions, use the debug command. debug {aaa | access-list | accmgr | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr [rhi-info] | clock | fifo | fm | gslb | ha_dp_mgr | ha_mgr | hm | ifmgr | ip | ipcp | lcp | ldap | license | logfile | mtsmon | nat-download | netio | ntp | pfmgr | pktcap | portmgr | radius | routemgr | scp | scripted_hm | security | sme | snmp | ssl | syslogd | system | tacacs+ | time | tl | virtualization | vnet} Syntax Description aaa Enables debugging for authentication, authorization, and accounting (AAA). access-list Enables access-list debugging. accmgr Loglevel options for application acceleration CM. arpmgr Enables Address Resolution Protocol (ARP) manager debugging. bpdu Enables bridge protocol data unit (BPDU) debugging. buffer Configures debugging of CP buffer manager. cfg_cntlr Enables configuration controller debugging. cfgmgr Enables configuration manager debugging. rhi-info (Optional, ACE module only) Enables route health injection (RHI) debugging. clock (ACE module only) Enables clock module debugging. fifo Configures debugging of the packet first in, first out (FIFO) driver. fm Enables ACE feature manager debugging. gslb Enables GSLB protocol debugging. ha_dp_mgr Enables HA-DP debugging. ha_mgr Enables HA debugging. hm Enables HM debugging. ifmgr Enables interface manager debugging. ip Enables IP service debugging. ipcp Enables interprocess control protocol debugging. lcp (ACE module only) Enables the debugging of the line card processor. ldap Configures debugging for Lightweight Directory Access Protocol (LDAP). license Enables the debugging of licensing. logfile Directs the debug output to a log file. mtsmon Enables MTS monitor debugging. nat-download Enables Network Address Translation (NAT) download debugging. netio Enables the debugging of the CP network I/O. ntp (ACE appliance only) Debugs the Network Time Protocol (NTP) module.1-84 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command is available to roles that allow debugging and to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. pfmgr Enables the debugging of the platform manager. pktcap Enables packet capture debugging. portmgr (ACE appliance only) Debugs the port manager. radius Configures debugging for the Remote Authentication Dial-In User Service (RADIUS) daemon. routemgr Enables route manager debugging. ipcp Enables the debugging of the kernel IPCP component. scp (ACE module only) Configures debugging for the Switch Module Control protocol. scripted_hm Enables scripted health monitoring debugging. security Enables the debugging for security and accounting. sme Enables the debugging for the System Manager Extension. snmp Configures Simple Network Management Protocol (SNMP) server debugging. ssl Enables ACE SSL manager debugging. syslogd Enables syslogd debugging. system Enables debugging of the system components. tacacs+ Configures debugging for Terminal Access Controller Access Control System Plus (TACACS+). tl Configures debugging of TL driver. virtualization Enables virtualization debugging. vnet Configures debugging of virtual net-device driver. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. A4(1.0) The rhi-info option was added. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised. A4(1.0) The hardware and optimize options was removed.1-85 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel. Examples To enable access-list debugging, enter: host1/Admin# debug access-list Related Commands clear debug-logfile show debug1-86 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands delete To delete a specified file in an ACE file system, use the delete command. delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you do not specify a filename with the file system keyword, the ACE prompts you for a filename. To display the list of files that reside in a file system, use the dir command. Examples To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter: host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZ Related Commands dir core:filename Deletes the specified file from the core: file system. disk0:[path/]filename Deletes the specified file from the disk0: file system. If you do not specify the optional path, the ACE looks for the file in the root directory of the disk0: file system. image:filename Deletes the specified file from the image: file system. volatile:filename Deletes the specified file from the volatile: file system. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-87 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands dir To display the contents of a specified ACE file system, use the dir command. dir {core: | disk0:[path/][filename] | image:[filename] | probe:[filename] | volatile:[filename]} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To delete a file from a file system, use the delete command. To delete all core dumps, use the clear cores command. Examples ACE Module Example To display the contents of the disk0: file system, enter: host1/Admin# dir disk0: core: Displays the contents of the core: file system. disk0:[path/] Displays the contents of the disk0: file system. Specify the optional path to display the contents of a specific directory on the disk0: file system. image: Displays the contents of the image: file system. probe: Displays the contents of the probe: file system. This directory contains the Cisco-supplied scripts. For more information about these scripts, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. volatile: Displays the contents of the volatile: file system. filename (Optional) Specified file to display. Displays information, such as the file size and the date that it was created. You can use wildcards in the filename. A wildcard character (*) matches all patterns. Strings after a wildcard are ignored. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) The probe: option was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) The probe: option was introduced.1-88 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands ACE Appliance Example To display the contents of the image: file system, enter: switch/Admin# dir image: 176876624 Aug 08 2008 14:15:31 c4710ace-mz.A3_1_0.bin 176876624 Jun 9 14:15:31 2008 c4710ace-mz.A1_8_0A.bin Usage for image: filesystem 896978944 bytes total used 11849728 bytes free 908828672 bytes total Related Commands clear cores delete show file1-89 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands dm (ACE Appliance only) To verify the state of the Device Manager (DM), restart it when it is inoperative, or upload a lifeline file to a TFTP server, use the dm command. dm {help | {lifeline tftp host port}| reload | status} Syntax Description Command Modes Exec Admin context Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the status of the DM, enter: host1/Admin# dm status Related Commands This command has no related commands. help Displays the list of keywords that are available for use on the dm command. lifeline tftp host port Creates and uploads a lifeline (anm-lifeline.tar.gz) file through TFTP. reload Restarts the DM with a reinitialized database. status Displays the status of the DM. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.6) This command is no longer hidden1-90 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands exit To exit out of Exec mode and log out the CLI session, use the exit command. exit Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To log out of an active CLI session, enter: host1/Admin# exit Related Commands This command has no related commands. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-91 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands format flash: To erase all data stored in the Flash memory and reformat it with the ACE module FAT16 filesystem or the ACE appliance third extended filesystem (ext3) as the base file system, use the format flash: command. All user-defined configuration information is erased and the ACE returns to the factory-default settings. format flash: Syntax Description This command has no keywords or arguments. Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. (ACE appliance only) The ACE performs the following verification sequence prior to reformatting Flash memory: • If the system image (the current loaded image) is present in the GNU GRand Unified Bootloader (GRUB) boot loader, the ACE automatically performs a backup of that image and then performs the reformat of Flash memory. • If the system image is not present in the GRUB boot loader, the ACE prompts you for the location of an available image to backup prior to reformatting the Flash memory. • If you choose not to backup an available image file, the ACE searches for the ACE-APPLIANCE-RECOVERY-IMAGE.bin image in the Grub partition of Flash memory. ACE-APPLIANCE-RECOVERY-IMAGE.bin is the recovery software image that the ACE uses if the disk partition in Flash memory is corrupted. – If ACE-APPLIANCE-RECOVERY-IMAGE.bin is present, the ACE continues with the Flash memory reformat. The CLI prompt changes to “switch(RECOVERY-IMAGE)/Admin#” as a means for you to copy the regular ACE software image. – If ACE-APPLIANCE-RECOVERY-IMAGE.bin is not present, the ACE stops the Flash memory reformat because there is no image to boot after format. Before you reformat the Flash memory, you should save a copy of the following ACE operation and configuration attributes to a remote server: • ACE software image (use the copy image: command) ACE Module Release Modification A4(1.0) This command was introduced and replaced the format disk0: command. ACE Appliance Release Modification A1(7) This command was introduced.1-92 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands • ACE license (use the copy licenses command) • Startup configuration of each context (use the copy startup-config command) • Running configuration of each context (use the copy running-config command) • Core dump files of each context (use the copy core: command) • Packet capture buffers of each context (use the copy capture command) • Secure Sockets Layer (SSL) certificate and key pair files of each context (use the crypto export command) After you reformat the Flash memory, perform the following actions: • Copy the ACE software image to the image: file system using the copy ftp:, copy tftp:, or copy sftp: command • Reinstall the ACE license using the license command • Import the following configuration files into the associated context using the copy disk0: command: – Startup-configuration file – Running-configuration file • Import the following SSL files into the associated context using the crypto import command: – SSL certificate files – SSL key pair files Examples For example, to erase all information in Flash memory and reformat it, enter: host1/Admin# format flash: Warning!! This will erase everything in the compact flash including startup configs for all the contexts and reboot the system!! Do you wish to proceed anyway? (yes/no) [no] yes If the ACE fails to extract a system image from the Grub bootloader, it prompts you to provide the location of an available system image to backup: Failed to extract system image Information from Grub backup specific imagefile? (yes/no) [no] yes Enter Image name: scimi-3.bin Saving Image [scimi-3.bin] Formatting the cf..... Unmounting ext3 filesystems... Unmounting FAT filesystems... Unmounting done... Unmounting compact flash filesystems... format completed successfully Restoring Image backupimage/scimi-3.bin kjournald starting. Commit interval 5 seconds REXT3 FS on hdb2, internal journal EXT3-fs: mounted filesystem with ordered data mode. starting graceful shutdown switch/Admin# Unmounting ext3 filesystems... Unmounting FAT filesystems... Unmounting done...1-93 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands copy capture copy ftp: copy tftp: copy sftp: crypto export crypto import dir license ft switchover To purposely cause a failover to make a particular context active, use the ft switchover command. ft switchover [all [force] | force | group_id [force]] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By using the ft switchover command, you direct the standby group member to statefully become the active member of the FT group, which forces a switchover. all (Optional) Causes a switchover of all FT groups configured in the ACE simultaneously. force (Optional) Causes a switchover of the Admin context if you enter the command in the Admin context and do not specify a group ID, or the specified FT group, while ignoring the state of the standby member. Use this option only when the fault-tolerant (FT) VLAN is down. group_id (Optional) Causes a switchover of the specified FT group. Enter the ID of an existing FT group as an integer from 1 to 255. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) Added the all keyword. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) Added the all keyword. A3(2.2) This command is disabled by default for the network-monitor role.1-94 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands You may need to force a switchover when you want to make a particular context the standby (for example, for maintenance or a software upgrade on the currently active context). If the standby group member can statefully become the active member of the FT group, a switchover occurs. To use this command, you must configure the no preempt command in FT group configuration mode. The ft switchover command exhibits the following behavior, depending on whether you enter the command from the Admin context or a user context: • Admin context—If you specify an FT group ID, then the FT group specified by the group ID switches over. If you do not specify a group ID, then the Admin context switches over. • User context—Because you cannot specify an FT group ID in a user context, the context in which you enter the command switches over. When you specify the ft switchover command, there may be brief periods of time when the configuration mode is enabled on the new active group member to allow the administrator to make configuration changes. However, these configuration changes are not synchronized with the standby group member and will exist only on the active group member. We recommend that you refrain from making any configuration changes after you enter the ft switchover command until the FT states stabilize to ACTIVE and STANDBY_HOT. Once the FT group reaches the steady state of ACTIVE and STANDBY_HOT, any configuration changes performed on the active group member will be incrementally synchronized to the standby group member, assuming that configuration synchronization is enabled. Examples To cause a switchover from the active ACE to the standby ACE of FT group1, enter: host1/Admin# ft switchover 1 Related Commands (config-ft-group) preempt gunzip To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe script files), use the gunzip command. gunzip disk0:[path/]filename.gz Syntax Description Command Modes Exec Admin and user contexts Command History disk0:[path/]filename.gz Specifies the name of the compressed file on the disk0: file system. The filename must end with a .gz extension. If you do not specify the optional path, the ACE looks for the file in the root directory. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-95 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file that is zipped by the gzip (GNU zip) compression utility. To display a list of available zipped files on disk0:, use the dir command. Examples To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file system, enter: host1/Admin# gunzip disk0:PROBE_SCRIPTS.gz Related Commands dir invoke context To display the context running configuration information from the Admin context, use the invoke context command. invoke context context_name show running-config Syntax Description Command Modes Exec Admin context Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. ACE Appliance Release Modification A1(7) This command was introduced. context_name Name of user-created context. This argument is case sensitive. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-96 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display the running configuration for the C1 user context from the Admin context, enter: host1/Admin# invoke context C1 show running-config Related Commands This command has no related commands. license To install, update, or uninstall licenses on the ACE, use the license command. license {install disk0:[path/]filename [target_filename] | uninstall {name | all} | update disk0:[path/]permanent_filename demo_filename} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. install disk0:[path/]filename Installs a demo or permanent license from the disk0: file system into flash memory on the ACE. The filename is the name of the license on the disk0: file system. If you do not specify the optional path, the ACE looks for the file in the root directory. target_filename (Optional) Target filename for the license file. uninstall name Uninstalls the specified license file. Enter the license name as an unquoted text string with no spaces. all Uninstalls all installed licenses in the ACE. update disk0: Updates an installed demo license with a permanent license. [path/]permanent_filename Filename for the permanent license. demo_filename Filename for the demo license. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) Added the all keyword to the uninstall option ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) Added the all keyword to the uninstall option1-97 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands After you receive a demo or permanent software license key in an e-mail from Cisco Systems, you must copy the license file to a network server and then use the copy tftp command in Exec mode to copy the file to the disk0: file system on the ACE. To update an installed demo license with a permanent license, use the license update command. The demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage command. To back up license files, use the copy licenses command Caution When you remove a demo or permanent virtual context license, the ACE removes all user contexts from the Admin running configuration. By removing the user contexts, their running and startup configurations are also removed from the ACE. Before removing any virtual context license, back up the Admin running configuration and the user context running configurations to a remote server. For more information about the types of ACE licenses available and how to manage the licenses on your ACE, see the Administration Guide, Cisco ACE Application Control Engine. Examples To install a new permanent license, enter: host1/Admin# license install disk0:ACE-VIRT-020.LIC To uninstall a license, enter: host1/Admin# license uninstall ACE-VIRT-20.LIC ACE Module Example To update the demo license with a permanent license, enter: host1/Admin# license update disk0:ACE-VIRT-250.LIC ACE-VIRT-250-demo.LIC ACE Appliance Example To update the demo license with a permanent license, enter: host1/Admin# license update disk0:ACE-AP-VIRT-020.lic ACE-AP-VIRT-020-DEMO.lic Related Commands copy licenses copy tftp: show license mkdir disk0: To create a new directory in disk0:, use the mkdir disk0: command. mkdir disk0:[path/]directory_name Syntax Description [path/]directory_name Name that you assign to the new directory. Specify the optional path if you want to create a directory within an existing directory.1-98 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If a directory with the same name already exists, the ACE does not create the new directory and the “Directory already exists” message appears. Examples To create a directory in disk0: called TEST_DIRECTORY, enter: host1/Admin# mkdir disk0:TEST_DIRECTORY Related Commands dir rmdir disk0: move disk0: To move a file between directories in the disk0: file system, use the move disk0: command. move disk0:[source_path/]filename disk0:[destination_path/]filename Syntax Description Command Modes Exec Admin and user contexts Command History ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. disk0: Indicates the disk0: file system of the current context. source_path/ (Optional) Path of the source directory. destination_path/ (Optional) Path of the destination directory. filename Name of the file to move in the disk0: file system. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-99 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If a file with the same name already exists in the destination directory, that file is overwritten by the file that you move. Examples To move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in disk0:, enter: host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILE Related Commands dir np session (ACE module only) To execute network processor-related commands, use the np session command. np session {disable | enable} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To enable sessions to the network processor from the supervisor engine, enter: host1/Admin# np session enable ACE Appliance Release Modification A1(7) This command was introduced. disable Disables sessions to the network processor from the supervisor engine. enable Enables sessions to the network processor from the supervisor engine. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-100 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands This command has no related commands.1-101 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands ping To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the ping command. ping [ip | ipv6 [system_address [count count [size size [timeout time]]]]] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ping command sends an echo request packet to an address from the current context on the ACE and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying the name of the current directory and the path, and whether the host can be reached or is functioning. To terminate a ping session before it reaches its timeout value, press Ctrl-C. ip | ipv6 (Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address. system_address (Optional) IP address of the remote host to ping. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). If you do not specify the IP address of the remote host, the CLI prompts you for the information. count count (Optional) Repeat count. Enter the repeat count as an integer from 1 to 65000. The default is 5. size size (Optional) Datagram size. Enter the datagram size as an integer from 36 to 1440. The default is 100. timeout time (Optional) Timeout in seconds. Enter the timeout value as an integer from 0 to 3600. The default is 2. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The size option was increased from 452 to 1440. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.5) At the datagram size prompt for the extended ping command, the size was increased from 452 to 1400. A3(2.6) The size option was increased from 452 to 1440. A5(1.0) Added IPv6 support.1-102 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples IPv6 Example To send a ping to the IPv6 loopback address 0:0:0:0:0:0:0:1, enter the following command: host1/Admin# ping ::1 PING 0:0:0:0:0:0:0:1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=255 time=0.039 ms 64 bytes from ::1: icmp_seq=2 ttl=255 time=0.000 ms 64 bytes from ::1: icmp_seq=3 ttl=255 time=0.000 ms 64 bytes from ::1: icmp_seq=4 ttl=255 time=0.108 ms 64 bytes from ::1: icmp_seq=5 ttl=255 time=0.126 ms --- 0:0:0:0:0:0:0:1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 8002ms rtt min/avg/max/mdev = 0.000/0.054/0.126/0.053 ms To abnormally terminate a ping session, press Ctrl-C. IPv4 Example To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter: host1/Admin# ping 196.168.1.2 Related Commands traceroute1-103 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands reload To reload the configuration on the ACE, use the reload command. reload Syntax Description This command has no keywords or arguments. Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command. Caution Configuration changes that are not written to flash memory are lost after a reload. Before rebooting, enter the copy running-conf startup-config command to save a copy of the running configuration to the startup configuration in flash memory. If you fail to save your running configuration changes, the ACE reverts to the last saved version of the startup configuration upon restart. Examples To execute a soft reboot, enter: host1/Admin# reload This command will reboot the system Save configurations for all the contexts. Save? [yes/no]: [yes] Related Commands copy capture show running-config show startup-config ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-104 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands reprogram bootflash (ACE module only) To reprogram the field upgradable (FUR) partition of the ROM monitor (rommon) image on the ACE, use the reprogram bootflash command. reprogram bootflash {default-image {disk0:[path/]filename | image:[path/]filename} | fur-image {disk0:[path/]filename | image:[path/]filename} | invalidate-fur-image | validate-fur-image} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The reprogram bootflash command is intended for use by trained Cisco personnel only. Entering this command may cause unexpected results. Do not attempt to use the reprogram bootflash command without guidance from Cisco support personnel. Examples To reprogram the rommon image FUR partition on the image: file system, enter: host1/Admin# reprogram bootflash fur-image image:sb-ace.NOV_11 Related Commands This command has no related commands. default-image Reprograms the rommon image default partition. fur-image Reprograms the rommon image FUR partition. disk0:[path/]filename Specifies a file stored on the disk0: file system. image:[path/]filename Specifies the rommon image stored on the image: file system. invalidate-fur-image Invalidates the rommon image FUR partition. validate-fur-image Validates the rommon image FUR partition. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-105 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands restore To restore the configuration files and dependent files in a context or in all contexts, use the restore command. restore {[all] disk0:archive_filename} [pass-phrase text_string] [exclude {licenses | ssl-files}] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The restore command has the following configuration guidelines and limitations: • The restore command will cause an interruption in service for the two contexts in a redundant configuration. We recommend that you schedule the restoration of a backup archive on a redundant pair during a maintenance window. • When you instruct the ACE to restore the archive for the entire ACE in the Admin context, it restores the Admin context completely first, and then it restores the other contexts. The ACE restores all dependencies before it restores the running context. The order in which the ACE restores dependencies is as follows: – License files all Specifies that the ACE should restore the configuration files and dependencies in all contexts. You can specify this keyword only in the Admin context. disk0:archive_ filename Name of the archive file that you want to restore. exclude licenses | ssl-files (Optional) Excludes licenses or SSL certificates and keys from the restoration. Use this option only if you want to keep the license or SSL files already present in your ACE and ignore the license or SSL files in the backup archive, if any. pass-phrase text_string Passphrase that you used to encrypt the backed up SSL keys in the archive. Enter the passphrase as an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. If you used a passphrase when you backed up the SSL keys, the ACE encrypted the keys with AES-256 encryption using OpenSSL software. To restore the SSL keys, you must enter that same passphrase. Note If you forget your passphrase, import the required SSL files first. Then, use the exclude option of the restore command to restore e the backup archive. ACE Module Release Modification A2(3.0) This command was introduced. ACE Appliance Release Modification A4(1.0) This command was introduced.1-106 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands – SSL certificates and key files – Health-monitoring scripts – Checkpoints – Startup-configuration file – Running-configuration file • After you restore license files, previously installed license files are uninstalled and the restored files are installed in their place. • In a redundant configuration, if the archive that you want to restore is different from the peer configurations in the FT group, redundancy may not operate properly after the restoration. • You can restore a single context from an ACE-wide backup archive provided that: – You enter the restore command in the context that you want to restore – All files dependencies for the context exist in the ACE-wide backup archive • If you upgrade to software version A4(1.0) or later from a release before A4(1.0), the ACE cannot install the earlier license files because they are unsupported. The ACE ignores these license files and keeps the existing licenses. • If you enter the exclude option first, you cannot enter the pass-phrase option. Examples To restore a backup archive in the Admin context, enter: host1/Admin# restore disk0:switch_Admin_07_July_2009_11_08_04_AM.tgz pass-phrase MY_PASS_PHRASE Related Commands backup show restore1-107 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands rmdir disk0: To remove a directory from the disk0: file system, use the rmdir disk0: command. rmdir disk0:directory Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use the dir command. To delete files from a directory, use the delete command. Examples To remove the directory TEST_DIRECTORY from disk0:, enter: host1/Admin# rmdir disk0:TEST-DIRECTORY Related Commands delete dir mkdir disk0: directory Name of the directory to remove. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-108 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands setup (ACE appliance only) To initiate a special setup script that guides you through the basic process of configuring an Ethernet port on the ACE as the management port to access the Device Manager GUI, use the setup command. setup Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The setup script is intended primarily as the means to guide you though a basic configuration of the ACE to quickly access the Device Manager. Use the setup command when the ACE boots without a startup-configuration file. This situation may occur when the ACE is new and the appliance was not configured upon initial startup. The setup script guides you through configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports. After you specify a gigabit Ethernet port, the port mode, and management VLAN, the setup script automatically applies the following default configuration: • Management VLAN allocated to the specified Ethernet port. • VLAN 1000 assigned as the management VLAN interface. • GigabitEthernet port mode configured as VLAN access port. • Extended IP access list that allows IP traffic originating from any other host addresses. • Traffic classification (class map and policy map) created for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated for connectivity with the Device Manager GUI. • VLAN interface configured on the ACE and a policy map assigned to the VLAN interface. The ACE provides a default answer in brackets [ ] for each question in the setup script. To accept a default configuration prompt, press Enter, and the ACE accepts the setting. To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence. When completed, the setup script prompts you to apply the configuration settings. Examples To run the setup script from the CLI, enter: host1/Admin# setup ACE Appliance Release Modification A1(7) This command was introduced.1-109 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands This script will perform the configuration necessary for a user to manage the ACE Appliance using the ACE Device Manager.The management port is a designated Ethernet port which has access to the same network as your management tools including the ACE Device Manager. You will be prompted for the Port Number, IP Address, Netmask and Default Route (optional). Enter 'ctrl-c' at any time to quit the script Would you like to enter the basic configuration (yes/no): y Enter the Ethernet port number to be used as the management port (1-4):? [1]: 3 Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 192.168.1.10 Enter the management port Netmask(n.n.n.n): [255.255.255.0]: 255.255.255.2 Enter the default route next hop IP Address (n.n.n.n) or to skip this step: 172.16.2.1 Summary of entered values: Management Port: 3 Ip address 192.168.1.10 Netmask: 255.255.255.2 Default Route: 172.16.2.1 Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]: d Detailed summary of entered values: interface gigabit/Ethernet 1/3 switchport access vlan 1000 no shut access-list ALL extended permit ip any any class-map type management match-any remote_access match protocol xml-https any match protocol dm-telnet any match protocol icmp any match protocol telnet any match protocol ssh any match protocol http any match protocol https any match protocol snmp any policy-map type management first-match remote_mgmt_allow_policy class remote_access permit interface vlan 1000 ip address 192.168.1.10 255.255.255.0 access-group input ALL service-policy input remote_mgmt_allow_policy no shutdown ssh key rsa ip route 0.0.0.0 0.0.0.0 172.16.2.1 Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]: y Configuration successfully applied. You can now manage this ACE Appliance by entering the url 'https://192.168.1.10' into a web browser to access the Device Manager GUI. Related Commands This command has no related commands.1-110 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands set dc (ACE module only) To set the daughter card console access to the master or the slave network processor, use the set dc command. set dc dc_number console {master | slave} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To set the daughter card 1 console access to the slave network processor, enter: host1/Admin# set dc 1 console slave Switched the console access to slave network processor Related Commands clear dc show dc dc_number Specifies the daughter card on the ACE module. Enter either 1 or 2. console Sets the console access to the specified network processor. master | slave Specifies the master or the slave network processor on the specified daughter card for console access. The default is master. ACE Module Release Modification A4(1.0) This command was introduced.1-111 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands set sticky-ixp (ACE module only) This command has been deprecated in software version A4(1.0). Command History ACE Module Release Modification A2(1.0) This command was introduced. A4(1.0) This command was removed from the software.1-112 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show To display ACE statistical and configuration information, use the show command. show keyword [| {begin pattern | count | end | exclude pattern | include pattern | next | prev}] [> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}] Syntax Description Command Modes Exec Command History keyword Keyword associated with the show command. See the show commands that follow. | (Optional) Enables an output modifier that filters the command output. begin pattern Begins with the line that matches the pattern that you specify. count Counts the number of lines in the output. end pattern Ends with the line that matches the pattern that you specify. exclude pattern Excludes the lines that match the pattern that you specify. include pattern Includes the lines that match the pattern that you specify. next Displays the lines next to the matching pattern that you specify. prev Displays the lines before the matching pattern that you specify. > (Optional) Enables an output modifier that redirects the command output to a file. filename Name of the file that the ACE saves the output to on the volatile: file system. disk0: Specifies that the destination is the disk0: file system on the ACE flash memory. volatile: Specifies that the destination is the volatile: file system on the ACE. [path/][filename] (Optional) Path and filename to the disk0: or volatile: file system. This path is optional because the ACE prompts you for this information if you omit it. ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server and optional filename. sftp://[username@]server/path [/filename] Specifies the Secure File Transfer Protocol (SFTP) network server and optional filename. tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network server and optional filename. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-113 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines The features required in your user role to execute a specific show command are described in the “Usage Guidelines” section of the command. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Most commands have an associated show command. For example, the associated show command for the interface command in configuration mode is the show interface command. Use the associated show command to verify changes that you make to the running configuration. The output of the show command may vary depending on the context that you enter the command from. For example, the show running-config command displays the running-configuration for the current context only. To convert show command output from the ACE to XML for result monitoring by an NMS, use the xml-show command. Examples To display the current running configuration, enter: host1/Admin# show running-config Related Commands xml-show show aaa To display AAA accounting and authentication configuration information for the current context, use the show aaa command. show aaa {accounting | authentication [login error-enable] | groups} [|] [>] Syntax Description ACE Appliance Release Modification A1(7) This command was introduced. accounting Displays accounting configuration information. authentication Displays authentication configuration information. login error-enable (Optional) Displays the status of the login error message configuration. groups Displays the configured server groups. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-114 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show aaa command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display the accounting configuration information, enter: host1/Admin# show aaa accounting default: local Related Commands show accounting log (config) aaa accounting default (config) aaa authentication login show access-list To display statistics associated with a specific access control list (ACL), use the show access-list command. show access-list name [detail] [|] [>] Syntax Description Command Modes Exec Admin and user contexts ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. name Name of an existing ACL. Enter the name as an unquoted text string. detail Displays detailed information for the specified ACL. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-115 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACL information that the ACE displays when you enter the show access-list command includes the ACL name, the number of elements in the ACL, the operating status of the ACL (ACTIVE or NOT ACTIVE), any configured remarks, the ACL entry, and the ACL hit count. For information about the fields in the show access-list command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display statistical and configuration information for the ACL ACL1, enter: host1/Admin# show access-list ACL1 Related Commands clear access-list show running-config (config) access-list ethertype (config) access-list extended (config) access-list remark (config) access-list resequence show accounting log To display AAA accounting log information, use the show accounting log command. show accounting log [size] [all] [|] [>] Syntax Description ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised with the detail option. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised with the detail option. size (Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to 250000. The default is 250000 bytes. all (Optional) Displays the accounting logs of all contexts in the ACE. This option is available only in the Admin context.1-116 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show accounting log command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display the contents of the accounting log file, enter: host1/Admin# show accounting log Related Commands show aaa (config) aaa accounting default | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The all option was added. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) The all option was added.1-117 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show acl-merge The ACE merges individual ACLs into one large ACL called a merged ACL. The ACL compiler then parses the merged ACL and generates the ACL lookup mechanisms. A match on this merged ACL can result in multiple actions. To display statistics related to merged ACLs, use the show acl-merge command. show acl-merge {acls {vlan number | internal vlan 1 | 4095} {in | out} [summary]} | {event-history} | {match {acls {vlan number | internal vlan 1 | 4095} {in | out} ip_address1 ip_address2 protocol src_port dest_port}} | {merged-list {acls {vlan number | internal vlan 1 | 4095}{in | out} [non-redundant | summary]}} | {statistics} [|] [>] Syntax Description Command Modes Exec Admin and user contexts acls Displays various feature ACLs and their entries before the merge. vlan number Specifies the interface on which the ACL was applied. internal vlan 1 | 4095 Displays the ACL merge information for internal VLAN 1 or 4095 (ACE appliance). in | out Specifies the direction in which the ACL was applied to network traffic: incoming or outgoing. summary (Optional) Displays summary information before or after the merge. event-history Displays the ACL merge event-history log. match Displays the ACL entry that matches the specified tuple. ip_address1 Source IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). ip_address2 Destination IP address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). protocol Protocol specified in the ACL. src_port Source port specified in the ACL. dest_port Destination port specified in the ACL. merged-list (Optional) Displays the merged ACL. non-redundant (Optional) Displays only those ACL entries that have been downloaded to a network processor. statistics Displays ACL merge node failure statistics and other merge and compiler errors. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-118 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command requires the acl-merge feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a redundant configuration. The number assigned depends on the order in which the ACLs are applied to the VLANs. This number can be different on the two ACEs. The ACL merged list could be different on the two ACEs depending on when redundancy is enabled. Examples To display the ACL merge information for VLAN 401, enter: host1/Admin# show acl-merge acls vlan 401 in summary Related Commands This command has no related commands. show action-list To display information about an action list configuration, use the show action-list command in Exec mode. The show action-list command output displays all modify HTTP and ACE appliance optimization action list configurations and configured values. show action-list [list_name] [|] [>] Syntax Description ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.5) and A2(2.1) This command was revised to include the internal vlan 1 keywords. A4(1.0) This command was revised to include the event-history and statistics keywords. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.3) This command was revised to include the internal vlan 1 | 4095 keywords. A3(2.5) This command was revised to include the event-history and statistics keywords. list_name (Optional) Identifier of an existing action list as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter an action list name, the ACE displays all configured action lists.1-119 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show action-list command output, see the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance and the Server Load-Balancing Guide, Cisco ACE Application Control Engine. Examples To display configuration information for the ACT_LIST1 action list, enter: host1/Admin# show action-list ACT_LIST1 Related Commands show running-config (config) action-list type modify http (ACE appliance only) (config) action-list type optimization http show arp To display the current active IP address-to-MAC address mapping in the Address Resolution Protocol (ARP) table, statistics, or inspection or timeout configuration, use the show arp command. show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>] | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification A4(1.0) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.3) The Description field has been added to the show action-list command output. This field displays the previously entered summary about the specific parameter map. 1-120 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show arp command without options displays the active IP address-to-MAC address mapping in the ARP table. For information about the fields in the show arp command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. Examples To display the current active IP address-to-MAC address mapping in the ARP table, enter: host1/Admin# show arp Related Commands clear arp (config) arp inspection (Optional) Displays the ARP inspection configuration. internal event-history dbg (Optional) Displays the ARP internal event history. The ACE debug commands are intended for use by trained Cisco personnel only. Do not attempt to use these commands without guidance from Cisco support personnel. statistics (Optional) Displays the ARP statistics for all VLAN interfaces. vlan vlan_number (Optional) Displays the statistics for the specified VLAN number. timeout (Optional) Displays the ARP timeout values. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-121 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show backup To display backup errors (in the case of a failed backup) or the backup status, use the show backup command. show backup errors | status [details] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the status of an ongoing backup, enter: host1/Admin# show backup status detail Backup Archive: host1_2010_09_16_21_34_03.tgz Type : Full Start-time : Thu Sep 16 21:34:03 2010 Finished-time : Thu Sep 16 21:34:18 2010 Status : SUCCESS Current vc : ct3 Completed : 4/4 ------------------------+---------------+--------------------------+------------ Context component Time Status ------------------------+---------------+--------------------------+------------ errors Displays errors that may occur during a backup operation. For information about backup system messages, see the System Message Guide, Cisco ACE Application Control Engine. status [details] Displays the status of the last backup operation. Backup status details are not stored across reboots. Possible values in the Status column are as follows: • SUCCESS—The component was successfully backed up • FAILED—The component failed to be backed up • N/A—The component (for example, a checkpoint or probe script) being backed up contains 0 files ACE Module Release Modification A2(3.0) This command was introduced. ACE Appliance Release Modification A4(1.0) This command was introduced.1-122 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Admin Running-cfg Thu Sep 16 21:34:04 2010 SUCCESS Admin Startup-cfg Thu Sep 16 21:34:04 2010 SUCCESS Admin Checkpoints Thu Sep 16 21:34:07 2010 SUCCESS Admin Cert/Key Thu Sep 16 21:34:07 2010 SUCCESS Admin License Thu Sep 16 21:34:07 2010 SUCCESS Admin Probe script Thu Sep 16 21:34:07 2010 N/A ct1 Running-cfg Thu Sep 16 21:34:12 2010 SUCCESS ct1 Startup-cfg Thu Sep 16 21:34:12 2010 SUCCESS ct1 Checkpoints Thu Sep 16 21:34:12 2010 N/A ct1 Cert/Key Thu Sep 16 21:34:12 2010 SUCCESS ct1 Probe script Thu Sep 16 21:34:12 2010 N/A ct2 Running-cfg Thu Sep 16 21:34:13 2010 SUCCESS ct2 Startup-cfg Thu Sep 16 21:34:13 2010 SUCCESS ct2 Checkpoints Thu Sep 16 21:34:13 2010 N/A ct2 Cert/Key Thu Sep 16 21:34:13 2010 SUCCESS ct2 Probe script Thu Sep 16 21:34:13 2010 N/A ct3 Running-cfg Thu Sep 16 21:34:13 2010 SUCCESS ct3 Startup-cfg Thu Sep 16 21:34:13 2010 SUCCESS ct3 Checkpoints Thu Sep 16 21:34:13 2010 N/A ct3 Cert/Key Thu Sep 16 21:34:13 2010 SUCCESS ct3 Probe script Thu Sep 16 21:34:13 2010 N/A Related Commands backup show banner motd To display the configured banner message of the day, use the show banner motd command. show banner motd [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-123 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To configure the banner message, use the banner command in the configuration mode. For information about the fields in the show banner motd command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the message of the day, enter: host1/Admin# show banner motd Related Commands (config) banner show bootvar To display the current BOOT environment variable and configuration register setting, use the show bootvar command. This command is available only in the Admin context. show bootvar [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To set the BOOT environment variable, use the boot system image: command in the configuration mode. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-124 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands For information about the fields in the show bootvar command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples ACE Module Example To display the current BOOT environment variable and configuration register setting, enter: host1/Admin# show bootvar BOOT variable = "disk0:c6ace-t1k9-mzg.3.0.0_A0_2.48.bin" Configuration register is 0x1 ACE Appliance Example To display the current BOOT environment variable and configuration register setting, enter: host1/Admin# show bootvar BOOT variable = “disk0:c4710ace-mz.A5_1_0.bin” Configuration register is 0x1 Related Commands This command has no related commands.1-125 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show buffer To display the buffer manager module messages, use the show buffer command. show buffer {events-history | stats | usage} [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display the control plane buffer event history, enter: host1/Admin# show buffer events-history 1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000 [102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa0 2) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000 [102] total blocks=151682 (ctrl=75841, data=75841) events-history Displays a historic log of the most recent messages generated by the buffer manager event history. stats Displays detailed counters for various buffer manager event occurrences. usage Displays the number of buffers currently being held (allocated but not freed) by each buffer module. The usage keyword also shows an estimate of the number of times a particular buffer module has freed the same buffer more than once (this condition indicates a software error). Displays the Hi watermark field which allows more visibility for buffer usage when monitoring high watermarks | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-126 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands clear buffer stats1-127 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show capture To display the packet information that the ACE traces as part of the packet capture function, use the show capture command. show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For all types of received packets, the console display is in tcpdump format. To copy the capture buffer information as a file in flash memory, use the copy capture command. For information about the fields in the show capture command output, see the Administration Guide, Cisco ACE Application Control Engine. buffer_name Name of the packet capture buffer. Specify an unquoted text string with no spaces from 1 to 80 alphanumeric characters. detail (Optional) Displays additional protocol information for each packet. connid connection_id (Optional) Displays protocol information for a specified connection identifier. range packet_start packet_end (Optional) Displays protocol information for a range of captured packets. status (Optional) Displays capture status information for each packet. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-128 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display the captured packet information contained in packet capture buffer CAPTURE1, enter: switch/Admin# show capture CAPTURE1 Related Commands copy capture1-129 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show cde (ACE module only) To display the classification and distribution engine (CDE) interface statistics, health, and register values, use the show cde command. This command includes statistics for the CDE daughter card interface, the CDE control plane interface, and the CDE switch fabric interface. show cde {all | count | dist | hash index_number | health | interrupts | reg cde_number register | stats {cumulative | stats} | vlan vlan_number} [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. all Displays all CDE register values. count Displays the cumulative count of the CDE interrupts. dist Displays the CDE distribution type. hash index_number Displays the hash distribution table. Enter a value from 0 to 63. health Displays the CDE health, including the daughter card statistics. interrupts Displays the CDE interrupts. reg Displays the specified CDE register. cde_number CDE number (0 or 1). register Register value. Enter a hexadecimal value from 0x0 to 0x1d9. stats Displays the specified CDE statistics. cumulative Displays the cumulative CDE statistics from the last invocation of the show cde command. delta Displays the delta CDE statistics from the last invocation of the show cde command. vlan vlan_number Displays the VLAN distribution table for the specified VLAN. Enter the desired VLAN number from 0 to 4096. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-130 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display all of the CDE register values, enter: host1/Admin# show cde all Related Commands clear cde show cfgmgr To display the Configuration Manager internal information, use the show cfgmgr command. show cfgmgr internal {history | {table {access-group | ace name| acl name| action-list | arp | class-map | context | icmp-vip | if-zone | interface | l2-ace | l2-acl | l3-rule| match-item | nat | nat-dynamic | nat-pool | nat-pool-data | nat-static | og name | og-data name | og-exp name | parameter-map | policy-map | probe | probe-instance | rserver | script-file | script-task | sfarm | sfarm-real | slb-policy | ssl-proxy | sticky-grp | sticky-static-grp | time-range | track-probe | vip} [all | context name | detail]} [|] [>] Syntax Description history Displays the Configuration Manager debug log. table Displays the specified Configuration Manager internal table. access-group Displays the access group table. ace name Displays the specified ACE table. acl name Displays the specified ACL table. action-list Displays the action-list table. arp Displays the ARP table. class-map Displays the class map table. context Displays the context table. icmp-vip Displays the ICMP state in VIP table. if-zone Displays the if zone table. interface Displays the interface table. l2-ace Displays the Layer 2 ACE table. l2-acl Displays the Layer 2 ACL table. l3-rule Displays the Layer 3 rule table. match-item Displays the match-item table. nat Displays the NAT table. nat-dynamic Displays the NAT dynamic table. nat-pool Displays the NAT pool table. nat-pool-data Displays the NAT pool data table. nat-static Displays the NAT static table. og name Displays the specified Object Group table. og-data name Displays the specified Object Group Data table. og-exp name Displays the specified Object Group Expanded table. parameter-map Displays the parameter map table. policy-map Displays the policy map table.1-131 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. probe Displays the probe table. probe-instance Displays the probe instance table. rserver Displays the real server table. script-file Displays the script file table. script-task Displays the script task table. sfarm Displays the server farm table. sfarm-real Displays the server farm and real server table. slb-policy Displays the server load-balancing policy table. ssl-proxy Displays the SSL proxy table. sticky-grp Displays the sticky group table. sticky-static-grp Displays the static sticky table. time-range Displays the time-range table. track-probe Displays the track probe table. vip Display the VIP table. all Displays the internal table information for all the contexts. context name Displays the internal table information for the specified context. detail Displays the detailed Configuration Manager table information. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-132 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display real server table information, enter: host1/Admin# show cfgmgr internal table rserver Related Commands clear cfgmgr internal history show checkpoint To display information relating to the configured checkpoints, use the show checkpoint command. show checkpoint {all | detail name} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show checkpoint command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the running configuration for the checkpoint MYCHECKPOINT, enter: host1/Admin# show checkpoint detail MYCHECKPOINT all Displays a list of all existing checkpoints. The show output includes checkpoint time stamps. detail name Displays the running configuration of the specified checkpoint. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-133 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands checkpoint1-134 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show clock To display the current date and time settings of the system clock, use the show clock command. show clock [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To configure the system clock setting, use the clock command in the configuration mode. For information about the fields in the show clock command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the current clock settings, enter: host1/Admin# show clock Fri Feb 24 20:08:14 UTC 2006 Related Commands (config) clock summer-time (config) clock timezone | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-135 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show conn To display the connection statistics, use the show conn command. show conn {address ip_address1 [ip_address2] [/prefix_length | netmask mask]] [detail]} | count | detail | {port number1 [number2] [detail]} | {protocol {tcp | udp} [detail]} | {rserver rs_name [port_number] [serverfarm sfarm_name1] [detail]} | {serverfarm sfarm_name2 [detail]} [|] [>] Syntax Description Command Modes Exec Admin and user contexts address ip_address1 [ip_address2] Displays connection statistics for a single source or destination IPv4 or IPv6 address or, optionally, for a range of source or destination IPv4 or IPv6 addresses. To specify a range of IP addresses, enter an IP address for the lower limit of the range and a second IP address for the upper limit of the range. /prefix_length Displays connection statistics for the IPv6 address or range of IPv6 addresses that you specify. Enter an IPv6 prefix (for example, /64). netmask mask Specifies the network mask for the IPv4 address or range of IPv4 addresses that you specify. Enter a network mask in dotted-decimal notation (for example, 255.255.255.0). count Displays the total current connections to the ACE. Note The total current connections is the number of connection objects. There are two connection objects for each flow and complete connection. detail Displays detailed connection information. Note The total current connections is the number of connection objects. There are two connection objects for each flow and complete connection. port number1 [number2] Displays connection statistics for a single source or destination port or optionally, for a range of source or destination ports. protocol {tcp | udp} Displays connection statistics for TCP or UDP. rserver rs_name Displays connection statistics for the specified real server. port_number (Optional) Port number associated with the specified real server. Enter an integer from 1 to 65535. serverfarm sfarm_name1 (Optional) Displays connection statistics for the specified real server associated with this server farm. serverfarm sfarm_name2 Displays connection statistics for the real servers associated with the specified server farm. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-136 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show conn command output, see the Security Guide, Cisco ACE Application Control Engine. Examples IPv6 Example To display connection statistics for a range of IP addresses, enter: host1/C1# show conn address 2001:DB8:1::15 2001:DB8:1::35/64 IPv4 Example To display connection statistics for a range of IP addresses, enter: host1/C1# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0 Related Commands clear conn show context To display the context configuration information, use the show context command. show context [context_name | Admin] [|] [>] Syntax Description ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.4) and A2(2.1) This detail option was added for a specified address, port, protocol, real server, or server farm. A5(1.0) Added support for IPv6. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.2) This detail option was added for a specified address, port, protocol, real server, or server farm. A5(1.0) Added support for IPv6. context_name (Optional) Name of user-created context. The ACE displays just the specified context configuration information. The context_name argument is case sensitive. and is visible only from the admin context. Admin (Optional) Displays just the admin context configuration information. This keyword is visible only from the admin context.1-137 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE displays different information for this command depending on the context that you are in when executing the command: • Admin context—When you are in the Admin context and use the show context command without specifying a context, the ACE displays the configuration information for the admin context and all user-created contexts. • user-created context—When you are in a user-created context and enter the show context command, the ACE displays only the configuration information of the current context. For information about the fields in the show context command output, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the Admin context and all user-context configuration information, enter: host1/Admin# show context To display the configuration information for the user context CTX1, enter: host1/Ctx1# show context Related Commands changeto (config) context show copyright To display the software copyright information for the ACE, use the show copyright command. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-138 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show copyright [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show copyright command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the ACE software copyright information, enter: host1/Admin# show copyright Related Commands This command has no related commands. show crypto To display the summary and detailed reports on files containing Secure Sockets Layer (SSL) certificates, key pairs, chain and authentication groups, and statistics, use the show crypto command. show crypto { aia-errors | authgroup {group_name| all} | cdp-errors | certificate {filename | all} | chaingroup {filename | all} | {crl {filename [detail]} | all | best-effort} | csr-params {filename | all} | files | key {filename | all} | ocspserver {name [detail] | all | best-effort} | session}} [|] [>] | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-139 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts aia-errors Displays the AuthorityInfoAccess (AIA) extension error statistics. authgroup Specifies the authentication group file type. group_name Name of the specific authentication group file. all Displays the summary report that lists all the files of the specified file type or certificates for each authentication group, or certificate revocation lists (CRLs) in the context. cdp-errors Displays the statistics for discrepancies in CRL Distribution Points (CDPs) for the certificates on the ACE; not context specific. A CDP indicates the location of the CRL in the form of a URL. CDP parsing in the certificate occurs only when best effort CRL is in use. The statistics include incomplete, malformed and missing information, and unrecognized transports and the number of times that the ACE ignores CDP errors as related to the (config-parammap-ssl) cdp-errors ignore command. certificate Specifies the certificate file type. filename Name of a specific file. The ACE displays the detailed report for the specified file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. chaingroup Specifies the chaingroup file type. crl Specifies the certificate revocation list configured in the context. detail (Optional) Displays detailed statistics for the downloading of the CRL including failure counters. best-effort Displays summarized information for all best-effort CRLs in ACE (a maximum of 16 CRLs). csr-params Specifies the Certificate Signing Request (CSR) parameter set. files Displays the summary report listing all of the crypto files loaded on the ACE, including certificate, chaingroup, and key pair files. The summary report also shows whether the file contains a certificate, a key pair, or both. key Specifies the key pair file type. ocspserver name Identifier of a configured OCSP server. The ACE displays Online Certificate Status Protocol (OCSP) information. You can use OCSP as an alternative to CRLs. detail Instructs the ACE to display detailed statistics for the specified OCSP server. all Displays statistics for all configured OCSP servers. best-effort Displays statistics for OCSP servers that were obtained on a best-effort basis by extracting the server information from the client packets. session Displays the number of cached TLS and SSL client and server session entries in the current context. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-140 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When using the show crypto certificate command and the certificate file contains a chain, the ACE displays only the bottom level certificate (the signers are not displayed). For information about the fields in the show crypto command output, see the SSL Guide, Cisco ACE Application Control Engine. Examples To display the summary report that lists all of the crypto files, enter: host1/Admin# show crypto files To display Related Commands crypto delete crypto export crypto import crypto verify (config) crypto csr-params (config-parammap-ssl) cdp-errors ignore ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(6.2a) This command was revised with the hardware and stats keywords. A2(1.0) This command was revised with the authgroup, csr-params, crl, and session keywords. A2(2.0) This command was revised with the cdp-errors, detail, and best-effort keywords. A2(2.1) This command was revised to include the Best Effort CDP Errors Ignored field displayed with the cdp-errors keyword. A5(1.0) Added the aia-errors and the ocspserver keywords and arguments. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised with the authgroup, csr-params, crl, and session keywords. A3(2.2) The cdp-errors keyword and the detail option were added. A3(2.3) The best-effort keyword was added. A5(1.0) Added the aia-errors and the ocspserver keywords and arguments.1-141 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show dc (ACE module only) To display the statistics for the daughter card hardware on the ACE ACE, use the show dc command. show dc dc_number {console | controller {all | health | interrupts | reg register_number | stats {cumulative | delta}} | interrupts} [|] [>] Syntax Description Command Modes Exec Admin context only Command History dc_number Number of the daughter card (1 or 2). console Displays whether the master or the slave network processor console is directed to the base board front panel for the specified daughter card. For example, if the master network processor is directed to the front panel, the following message appears: “mCPU console is directed to base board front panel.” See the related set dc dc_number console command. controller Displays the register values for the specified daughter card CPU and the specified controller area. all Displays all controller register values for the specified daughter card CPU health Displays the controller health and statistics for the specified daughter card. interrupts Displays the controller interrupt statistics for the specified daughter card. reg register_number Displays the description, value, and register type for the specified controller register in the specified daughter card. stats Displays the controller statistics registers for the specified daughter card. You can instruct the ACE to display either cumulative stats since the last reboot or the change in stats since the last time you entered this command. cumulative Displays accumulated controller statistics since the last time you rebooted the ACE or entered the clear dc command. delta Displays the difference in controller statistics since the last time you entered this command. interrupts Displays the interrupt statistics for the specified daughter card. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification A4(1.0) This command was introduced.1-142 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the Admin feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. For information about the fields in the show dc command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the cumulative daughter card controller statistics, enter: host1/Admin# show dc 1 controller stats cumulative Tnrpc call for INFO_VERN_REGISTERS Success SNO Verni Register Name Address Value --------------------------------------------------------- 0 VERNI_TXDCCTRLBPCNT_REG_ADDR 0x0024 0 1 VERNI_TXBCMBPCNT_REG_ADDR 0x0028 0 2 VERNI_CSR_CNTL_REG_ADDR 0x0080 0 3 VERNI_DCRX0_BYTCNT_L_REG_ADDR 0x3104 0 4 VERNI_DCRX0_BYTCNT_H_REG_ADDR 0x3100 0 5 VERNI_DCRX1_BYTCNT_L_REG_ADDR 0x3114 26857913 6 VERNI_DCRX1_BYTCNT_H_REG_ADDR 0x3110 0 7 VERNI_DCRX2_BYTCNT_L_REG_ADDR 0x3124 2984041857 8 VERNI_DCRX2_BYTCNT_H_REG_ADDR 0x3120 0 9 VERNI_DCRX3_BYTCNT_L_REG_ADDR 0x3134 0 10 VERNI_DCRX3_BYTCNT_H_REG_ADDR 0x3130 0 11 VERNI_DCRX4_BYTCNT_L_REG_ADDR 0x3144 0 12 VERNI_DCRX4_BYTCNT_H_REG_ADDR 0x3140 0 13 VERNI_DCRX5_BYTCNT_L_REG_ADDR 0x3154 10182426 14 VERNI_DCRX5_BYTCNT_H_REG_ADDR 0x3150 0 15 VERNI_DCRX6_BYTCNT_L_REG_ADDR 0x3164 461907 16 VERNI_DCRX6_BYTCNT_H_REG_ADDR 0x3160 0 17 VERNI_DCRX7_BYTCNT_L_REG_ADDR 0x3174 0 18 VERNI_DCRX7_BYTCNT_H_REG_ADDR 0x3170 0 19 VERNI_DCRX0_PKTCNT_REG_ADDR 0x3200 0 20 VERNI_DCRX1_PKTCNT_REG_ADDR 0x3204 270400 21 VERNI_DCRX2_PKTCNT_REG_ADDR 0x3208 33181066 22 VERNI_DCRX3_PKTCNT_REG_ADDR 0x320c 0 23 VERNI_DCRX4_PKTCNT_REG_ADDR 0x3210 0 24 VERNI_DCRX5_PKTCNT_REG_ADDR 0x3214 120311 25 VERNI_DCRX6_PKTCNT_REG_ADDR 0x3218 4946 26 VERNI_DCRX7_PKTCNT_REG_ADDR 0x321c 0 27 VERNI_DCRX0_EPKTCNT_REG_ADDR 0x3300 0 28 VERNI_DCRX1_EPKTCNT_REG_ADDR 0x3304 0 29 VERNI_DCRX2_EPKTCNT_REG_ADDR 0x3308 0 30 VERNI_DCRX3_EPKTCNT_REG_ADDR 0x330c 0 31 VERNI_DCRX4_EPKTCNT_REG_ADDR 0x3310 0 32 VERNI_DCRX5_EPKTCNT_REG_ADDR 0x3314 0 33 VERNI_DCRX6_EPKTCNT_REG_ADDR 0x3318 0 34 VERNI_DCRX7_EPKTCNT_REG_ADDR 0x331c 0 35 VERNI_DCRX0_FCCNT_REG_ADDR 0x3400 0 36 VERNI_DCRX0_DROPCNT_REG_ADDR 0x3420 0 37 VERNI_DCRX1_FCCNT_REG_ADDR 0x3404 0 38 VERNI_DCRX1_DROPCNT_REG_ADDR 0x3424 0 39 VERNI_DCRX2_DROPCNT_REG_ADDR 0x3408 0 40 VERNI_DCRX3_DROPCNT_REG_ADDR 0x340c 0 41 VERNI_DCRX4_FCCNT_REG_ADDR 0x3410 0 42 VERNI_DCRX4_DROPCNT_REG_ADDR 0x3428 0 43 VERNI_DCRX5_FCCNT_REG_ADDR 0x3414 0 44 VERNI_DCRX5_DROPCNT_REG_ADDR 0x342c 0 45 VERNI_DCRX6_DROPCNT_REG_ADDR 0x3418 0 46 VERNI_DCRX7_DROPCNT_REG_ADDR 0x341c 01-143 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands 47 VERNI_DCTX0_BYTCNT_L_REG_ADDR 0x4104 0 48 VERNI_DCTX0_BYTCNT_H_REG_ADDR 0x4100 0 49 VERNI_DCTX1_BYTCNT_L_REG_ADDR 0x4114 29588774 50 VERNI_DCTX1_BYTCNT_H_REG_ADDR 0x4110 0 51 VERNI_DCTX2_BYTCNT_L_REG_ADDR 0x4124 15457403 52 VERNI_DCTX2_BYTCNT_H_REG_ADDR 0x4120 0 53 VERNI_DCTX3_BYTCNT_L_REG_ADDR 0x4134 0 54 VERNI_DCTX3_BYTCNT_H_REG_ADDR 0x4130 0 55 VERNI_DCTX4_BYTCNT_L_REG_ADDR 0x4144 0 56 VERNI_DCTX4_BYTCNT_H_REG_ADDR 0x4140 0 57 VERNI_DCTX5_BYTCNT_L_REG_ADDR 0x4154 7139354 58 VERNI_DCTX5_BYTCNT_H_REG_ADDR 0x4150 0 59 VERNI_DCTX6_BYTCNT_L_REG_ADDR 0x4164 82 60 VERNI_DCTX6_BYTCNT_H_REG_ADDR 0x4160 0 61 VERNI_DCTX7_BYTCNT_L_REG_ADDR 0x4174 0 62 VERNI_DCTX7_BYTCNT_H_REG_ADDR 0x4170 0 63 VERNI_DCTX0_PKTCNT_REG_ADDR 0x4200 0 64 VERNI_DCTX1_PKTCNT_REG_ADDR 0x4204 345107 65 VERNI_DCTX2_PKTCNT_REG_ADDR 0x4208 150138 66 VERNI_DCTX3_PKTCNT_REG_ADDR 0x420c 0 67 VERNI_DCTX4_PKTCNT_REG_ADDR 0x4210 0 68 VERNI_DCTX5_PKTCNT_REG_ADDR 0x4214 77580 69 VERNI_DCTX6_PKTCNT_REG_ADDR 0x4218 1 70 VERNI_DCTX7_PKTCNT_REG_ADDR 0x421c 0 71 VERNI_DCTX0_EPKTCNT_REG_ADDR 0x4300 0 72 VERNI_DCTX1_EPKTCNT_REG_ADDR 0x4304 0 73 VERNI_DCTX2_EPKTCNT_REG_ADDR 0x4308 0 74 VERNI_DCTX3_EPKTCNT_REG_ADDR 0x430c 0 75 VERNI_DCTX4_EPKTCNT_REG_ADDR 0x4310 0 76 VERNI_DCTX5_EPKTCNT_REG_ADDR 0x4314 0 77 VERNI_DCTX6_EPKTCNT_REG_ADDR 0x4318 0 78 VERNI_DCTX7_EPKTCNT_REG_ADDR 0x431c 0 79 VERNI_DCTX0_CRCECNT_REG_ADDR 0x4400 0 80 VERNI_DCTX1_CRCECNT_REG_ADDR 0x4404 0 81 VERNI_DCTX2_CRCECNT_REG_ADDR 0x4408 0 82 VERNI_DCTX3_CRCECNT_REG_ADDR 0x440c 0 83 VERNI_DCTX4_CRCECNT_REG_ADDR 0x4410 0 84 VERNI_DCTX5_CRCECNT_REG_ADDR 0x4414 0 85 VERNI_DCTX6_CRCECNT_REG_ADDR 0x4418 0 86 VERNI_DCTX7_CRCECNT_REG_ADDR 0x441c 0 87 VERNI_SOP_ILL_CNT_REG_ADDR 0x4420 0 88 VERNI_SNKCH0_BYTCNT_L_REG_ADDR 0x5104 0 89 VERNI_SNKCH0_BYTCNT_H_REG_ADDR 0x5100 0 90 VERNI_SNKCH1_BYTCNT_L_REG_ADDR 0x5114 29589286 91 VERNI_SNKCH1_BYTCNT_H_REG_ADDR 0x5110 0 92 VERNI_SNKCH2_BYTCNT_L_REG_ADDR 0x5124 15466363 93 VERNI_SNKCH2_BYTCNT_H_REG_ADDR 0x5120 0 94 VERNI_SNKCH3_BYTCNT_L_REG_ADDR 0x5134 0 95 VERNI_SNKCH3_BYTCNT_H_REG_ADDR 0x5130 0 96 VERNI_SNKCH4_BYTCNT_L_REG_ADDR 0x5144 0 97 VERNI_SNKCH4_BYTCNT_H_REG_ADDR 0x5140 0 98 VERNI_SNKCH5_BYTCNT_L_REG_ADDR 0x5154 7141402 99 VERNI_SNKCH5_BYTCNT_H_REG_ADDR 0x5150 0 100 VERNI_SNKCH6_BYTCNT_L_REG_ADDR 0x5164 82 101 VERNI_SNKCH6_BYTCNT_H_REG_ADDR 0x5160 0 102 VERNI_SNKCH7_BYTCNT_L_REG_ADDR 0x5174 0 103 VERNI_SNKCH7_BYTCNT_H_REG_ADDR 0x5170 0 104 VERNI_SNKCH0_PKTCNT_REG_ADDR 0x5200 0 105 VERNI_SNKCH1_PKTCNT_REG_ADDR 0x5210 345107 106 VERNI_SNKCH2_PKTCNT_REG_ADDR 0x5220 150138 107 VERNI_SNKCH3_PKTCNT_REG_ADDR 0x5230 0 108 VERNI_SNKCH4_PKTCNT_REG_ADDR 0x5240 0 109 VERNI_SNKCH5_PKTCNT_REG_ADDR 0x5250 75532 110 VERNI_SNKCH6_PKTCNT_REG_ADDR 0x5260 11-144 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands 111 VERNI_SNKCH7_PKTCNT_REG_ADDR 0x5270 0 112 VERNI_SNKCH0_EPKTCNT_REG_ADDR 0x5300 0 113 VERNI_SNKCH1_EPKTCNT_REG_ADDR 0x5310 0 114 VERNI_SNKCH2_EPKTCNT_REG_ADDR 0x5320 0 115 VERNI_SNKCH3_EPKTCNT_REG_ADDR 0x5330 0 116 VERNI_SNKCH4_EPKTCNT_REG_ADDR 0x5340 0 117 VERNI_SNKCH5_EPKTCNT_REG_ADDR 0x5350 0 118 VERNI_SNKCH6_EPKTCNT_REG_ADDR 0x5360 0 119 VERNI_SNKCH7_EPKTCNT_REG_ADDR 0x5370 0 120 VERNI_SNK_GERRCNT_REG_ADDR 0x5400 0 121 VERNI_SRCCH0_BYTCNT_L_REG_ADDR 0x6104 0 122 VERNI_SRCCH0_BYTCNT_H_REG_ADDR 0x6100 0 123 VERNI_SRCCH1_BYTCNT_L_REG_ADDR 0x6114 26857913 124 VERNI_SRCCH1_BYTCNT_H_REG_ADDR 0x6110 0 125 VERNI_SRCCH2_BYTCNT_L_REG_ADDR 0x6124 2984065605 126 VERNI_SRCCH2_BYTCNT_H_REG_ADDR 0x6120 0 127 VERNI_SRCCH3_BYTCNT_L_REG_ADDR 0x6134 0 128 VERNI_SRCCH3_BYTCNT_H_REG_ADDR 0x6130 0 129 VERNI_SRCCH4_BYTCNT_L_REG_ADDR 0x6144 0 130 VERNI_SRCCH4_BYTCNT_H_REG_ADDR 0x6140 0 131 VERNI_SRCCH5_BYTCNT_L_REG_ADDR 0x6154 10182426 132 VERNI_SRCCH5_BYTCNT_H_REG_ADDR 0x6150 0 133 VERNI_SRCCH6_BYTCNT_L_REG_ADDR 0x6164 461907 134 VERNI_SRCCH6_BYTCNT_H_REG_ADDR 0x6160 0 135 VERNI_SRCCH7_BYTCNT_L_REG_ADDR 0x6174 0 136 VERNI_SRCCH7_BYTCNT_H_REG_ADDR 0x6170 0 137 VERNI_SRCCH0_PKTCNT_REG_ADDR 0x6200 0 138 VERNI_SRCCH1_PKTCNT_REG_ADDR 0x6210 270400 139 VERNI_SRCCH2_PKTCNT_REG_ADDR 0x6220 33181387 140 VERNI_SRCCH3_PKTCNT_REG_ADDR 0x6230 0 141 VERNI_SRCCH4_PKTCNT_REG_ADDR 0x6240 0 142 VERNI_SRCCH5_PKTCNT_REG_ADDR 0x6250 120311 143 VERNI_SRCCH6_PKTCNT_REG_ADDR 0x6260 4946 144 VERNI_SRCCH7_PKTCNT_REG_ADDR 0x6270 0 145 VERNI_SRCCH0_EPKTCNT_REG_ADDR 0x6300 0 146 VERNI_SRCCH1_EPKTCNT_REG_ADDR 0x6310 0 147 VERNI_SRCCH2_EPKTCNT_REG_ADDR 0x6320 0 148 VERNI_SRCCH3_EPKTCNT_REG_ADDR 0x6330 0 149 VERNI_SRCCH4_EPKTCNT_REG_ADDR 0x6340 0 150 VERNI_SRCCH5_EPKTCNT_REG_ADDR 0x6350 0 151 VERNI_SRCCH6_EPKTCNT_REG_ADDR 0x6360 0 152 VERNI_SRCCH7_EPKTCNT_REG_ADDR 0x6370 0 153 CH0_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6400 8 154 CH1_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6410 0 155 CH2_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6420 0 156 CH3_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6430 0 157 CH4_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6440 0 158 CH5_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6450 0 159 CH6_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6460 0 160 CH7_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6470 0 Related Commands set dc clear dc1-145 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show debug To display the debug flags, use the show debug command. show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp | fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile | nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl | syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd} [|] [>] Syntax Description aaa Displays the 301 debug flags. access-list Displays the access-list debug flags. arpmgr Displays the Address Resolution Protocol (ARP) manager debug flags. ascii-cfg Displays the ASCII cfg debug flags. bpdu Displays the bridge protocol data unit (BPDU) debug flags. buffer Displays the CP buffer debug flags. cfg_cntlr Displays the configuration controller debug flags. cfgmgr Displays the configuration manager debug flags. clock (ACE module only) Displays the state of clock debug settings. dhcp Displays the Dynamic Host Configuration Protocol (DHCP) debug flags. fifo Displays the show packet first in, first out (FIFO) debug flags. fm Displays the feature manager debug flags. fs-daemon Displays the FS daemon debug flags. ha_dp_mgr Displays the high availability (HA) dataplane manager debug flags. ha_mgr Displays the HA manager debug flags. hm Displays the HM debug flags. ifmgr Displays the interface manager debug flags. ipcp Displays the kernel IP Control Protocol (IPCP) debug flags. lcp (ACE module only) Displays the LCP debug flags. ldap Displays the Lightweight Directory Access Protocol (LDAP) debug flags. license Displays the licensing debug flags. logfile Displays the contents of the logfile. nat-download Displays the Network Address Translation (NAT) download debug flags. netio Displays the CP net I/O debug flags. pfmgr Displays the platform manager debug flags. pktcap Displays the packet capture debug flags. radius Displays the Remote Authentication Dial-In User Service (RADIUS) debug flags. routemgr Displays the route manager debug flags. scp (ACE module only) Displays the Secure Copy Protocol (SCP) debug flags.1-146 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the debug feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel. Examples To display the VSHD debug flags, enter: host1/Admin# show debug vshd security Displays the security/accounting debug flags. sme Displays the System Manager Extension (SME) debug flags. snmp Displays the Simple Network Management Protocol (SNMP) server debug flags. ssl Displays the Secure Sockets Layer (SSL) manager debug flags. syslogd Displays the syslogd debug flags. system Displays the system debug flags. tacacs+ Displays the Terminal Access Controller Access Control System Plus (TACACS+) debug flags. tl Displays the CP buffer debug flags. ttyd Displays the TTYD debug flags. virtualization Displays the virtualization debug flags. vnet Displays the virtual network (VNET) driver debug flags. vshd Displays the VSHD debug flags. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-147 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands debug clear debug-logfile1-148 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show domain To display the information about the configured domains in the ACE, use the show domain command. show domain [name] [|] [>] Syntax Description Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the complete domain configuration report that lists all of the configured domains, enter the show domain command without including the name argument. For information about the fields in the show domain command output, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the domain configuration report for the domain D1, enter: host1/Admin# show domain D1 Related Commands (config) domain name (Optional) Name of an existing context domain. Specify a domain name to display the detailed configuration report that relates to the specified domain. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-149 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show download information To display the state of the configuration download for each interface on the context, use the show download information command. show download information [all] [summary]} [|] [>] Syntax Description Command Modes Exec Admin context for the all option. Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If no option is included with this command, the status information for all interfaces in the current context is displayed. You can execute the show download information command to monitor the progress of the download. When you apply changes to a configuration file, the ACE downloads the configuration to its data plane. When you perform incremental changes, such as copying and pasting commands in a configuration, the ACE immediately performs the configuration download and does not display any terminal messages at the start or end of the download. all Displays the configuration download status for all interfaces on all contexts (Admin context only). summary Displays the summary status of the download information for the context. When you include the all option with the summary option, this command displays the download summary status for all contexts. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification A2(3.0) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.7) only This command displays the regex download optimization status, enabled or disabled through the debug cfgmgr limit-regex-dnld command.1-150 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands However, in the following situations, the ACE defers the configuration download until the entire configuration is applied to the context: • The startup configuration at boot time • Copying of the configuration to the running-config file • A checkpoint rollback We recommend that you do not execute any configuration commands during the deferred download. The ACE does not deny you from entering configuration changes. But the changes will not occur until the download is completed. If the command times out during the download, the following message appears: Config application in progress. This command is queued to the system. The ACE does not queue the command immediately, however, the ACE processes and executes the command when the download is completed even if the command times out. Examples To display the configuration download status for all contexts, enter: host1/Admin# show download information all Related Commands This command has no related commands. show eobc (ACE module only) To display the Ethernet Out-of-Band Channel (EOBC) registers and statistics on the ACE, use the show eobc command. show eobc {registers | stats} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History registers Displays the EOBC registers. stats Displays the EOBC statistics. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification A2(2.3) This command was introduced. A2(3.1) This command was introduced.1-151 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display the EOBC statistics, enter: host1/Admin# show eobc stats Related Commands This command has no related commands.1-152 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show fifo To display the packet first in, first out (FIFO) statistics for the Pkt-Fifo module, use the show fifo command. show fifo {event-history | registers | stats} [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display the control plane packet FIFO registers, enter: host1/Admin# show fifo registers Related Commands clear fifo stats event-history Displays a historic log of the most recent debug messages generated by the Pkt-Fifo module. registers Displays the state of all the registers associated with the transmit and receive hardware engines. stats Displays detailed counters for the various Pkt-Fifo module event occurrences. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(5) Interrupt statistics were added to the output of the stats keyword. ACE Appliance Release Modification A1(7) This command was introduced.1-153 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show file To display the contents of a specified file in a directory in persistent memory (flash memory) or volatile memory (RAM), use the show file command. show file {disk0: | volatile:}[directory/]filename [cksum | md5sum] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show file command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the contents of the file FILE1 stored in the directory MYFILES in disk0:, enter: host1/Admin# show file disk0:MYFILES/FILE1 disk0: Specifies the disk0 file system in persistent memory. volatile: Specifies the file system in volatile memory. [directory/]filename Path and name of the specified file. cksum (Optional) Displays the cyclic redundancy check (CRC) checksum for the file. The checksum values compute a CRC for each named file. Use this command to verify that the files are not corrupted. You compare the checksum output for the received file against the checksum output for the original file. md5sum (Optional) Displays the MD5 checksum (electronic fingerprint) for the file. MD5 is the latest implementation of the Internet standards described in RFC 1321 and is useful for data security and integrity. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-154 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands dir clear cores delete1-155 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show fragment To display the IPv4 an IPv6 fragmentation and reassembly statistics for all interfaces in the ACE or the specified interface, use the show fragment command. show fragment [vlan vlan_id] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you omit the vlan vlan_id optional keyword and argument, you can display statistics for all interfaces in the ACE. For information about the fields in the show fragment command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display the IPv4 and IPv6 fragmentation and reassembly statistics for VLAN 210, enter: host1/Admin# show fragment vlan 210 Related Commands show vlans vlan vlan_id (Optional) Specifies an existing interface. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A5(1.0) Added IPv6 support.1-156 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show ft To display the fault-tolerant (ft), or redundancy, statistics per context, use the show ft command. show ft {config-error [context_name]} | {group {brief | {[group_id] {detail | status | summary}}}} | {history {cfg_cntlr | ha_dp_mgr | ha_mgr}} | {idmap} | {memory [detail]} | {peer peer_id {detail | status | summary}} | {stats group_id} | {track group_id {detail | status | summary}} [|] [>] Syntax Description config-error [context_name] Displays the commands that fail on the standby ACE during bulk synchronization in a redundant configuration. If all commands succeed on the standby ACE, the command displays the following message: No bulk config apply errors In the Admin context, the optional context_name argument is the name of a user context. If you do not enter the argument, the command uses the Admin context. In a user context, this argument is not available. group group_id Displays FT group statistics for the specified FT group. In the Admin context, this keyword displays statistics for all FT groups in the ACE. Also, in the Admin context, you can specify an FT group number to display statistics for an individual group. In a user context, this keyword displays statistics only for the FT group to which the user context belongs. brief Displays the group ID, local state, peer state, context name, context ID of all the FT groups that are configured in the ACE, and the configuration synchronization status. detail Displays detailed information for the specified FT group or peer, including the configuration synchronization status of the running- and the startup-configuration files. status Displays the current operating status for the specified FT group or peer. summary Displays summary information for the specified FT group or peer. history Displays a history of internal redundancy software statistics (Admin context only). cfg_cntlr Displays the configuration controller debug log. ha_dp_mgr Displays the high availability (HA) dataplane manager debug log. ha_mgr Displays the HA manager debug log. idmap Displays the IDMAP table for all object types. In a redundancy configuration, the IDMAP table is used to map objects between the active and the standby ACEs for use in config sync and state replication. memory [detail] Displays summary HA manager memory statistics or optional detailed HA manager memory statistics (Admin context only). peer peer_id Specifies the identifier of the remote standby member of the FT group. stats group_id Displays redundancy statistics for the specified FT group. track group_id Displays redundancy statistics related to tracked items for all FT groups. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-157 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show ft {history | memory} command is available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed. For detailed information about the fields in the show ft command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the detailed statistics for FT group GROUP1, enter: host1/Admin# show ft group GROUP1 detail Related Commands clear ft (config) ft auto-sync (config) ft group (config) ft interface vlan (config) ft peer ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(5) The brief and idmap keywords were added to this command. The status of config sync was added to the output of the detail keyword. A2(2.1) The config-error keyword and context_name option were added to this command. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.2) The config-error keyword and context_name option were added to this command. A3(2.6) The show ft {history | memory} command is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. See the “Usage Guidelines” section for more information. A4(1.0) The brief and detail options were added to the show ft group command.1-158 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands (config) ft track host (ACE module only) (config) ft track hsrp (config) ft track interface show hardware To display the ACE hardware details, such as the serial number and the hardware revision level of the ACE and the ACE module daughter card, use the show hardware command. show hardware [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show hardware command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display ACE hardware information, enter: host1/Admin# show hardware Related Commands show inventory show tech-support | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) Added daughter card information. ACE Appliance Release Modification A1(7) This command was introduced.1-159 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show hyp (ACE module only) To display the Hyperion backplane ASIC register values and statistics, use the show hyp command. show hyp [reg reg_number | stats] [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display the Hyperion backplane ASIC statistics, enter: host1/Admin# show hyp stats Related Commands This command has no related commands. show icmp statistics To display the Internet Control Message Protocol (ICMP) statistics, use the show icmp statistics command. show icmp statistics [|] [>] reg reg_number (Optional) Displays the specified Hyperion backplane ASIC register values. Enter a hexadecimal value from 0x0 to 0x6db. stats (Optional) Displays the Hyperion backplane ASIC statistics. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-160 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the clear icmp-statistics command to clear the ICMP statistics. For information about the fields in the show icmp statistics command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display ICMP statistics, enter: host1/Admin# show icmp statistics Related Commands clear icmp statistics | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-161 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show interface To display the interface information, use the show interface command. show interface [bvi number | eobc | gigabitEthernet slot_number/port_number [counters] | internal {event-history {dbg | mts} | iftable [name] | port-vlantable | seciptable | vlantable [number]} port-channel channel_number | vlan number] [|] [>] Syntax Description bvi number (Optional) Displays the information for the specified Bridge Group Virtual Interface (BVI). eobc (Optional, ACE module only) Displays the interface information for the Ethernet Out-of-Band channel (EOBC). gigabitEthernet slot_number/por t_number (Optional, ACE appliance only) Displays the statistics for the specified gigabit Ethernet slot and port. • The slot_number represents the physical slot on the ACE containing the Ethernet ports. This selection is always 1. • The port_number represents the physical Ethernet port on the ACE. Valid selections are 1 through 4. This keyword is available in the Admin context only. counters (ACE appliance only) Displays a summary of interface counters for the specified Ethernet data port related to the receive and transmit queues. internal (Optional) Displays the internal interface manager tables and events. event-history Displays event history information. dbg Displays debug history information. mts Displays message history information. iftable Displays the master interface table (Admin context only). name (Optional) Interface table name. If you specify an interface table name, the ACE displays the table information for that interface. port-vlantable (Optional, ACE appliance only) Displays the Ethernet port manager VLAN table. seciptable Displays the interface manager's (ifmgr) view of a logical interface and displays all the configured secondary IP addresses under an interface vlantable Displays the VLAN table (Admin context only). number (Optional) VLAN number. If you specify an interface number, the ACE displays the table information for that interface. port-channel channel_number (Optional, ACE appliance only) Displays the channel number assigned to a port-channel interface. Valid values are from 1 to 255. This keyword is available in the Admin context only. vlan number (Optional) Displays the statistics for the specified VLAN. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-162 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec BVI and VLAN interface—Admin and user contexts (ACE appliance only) Ethernet data port, Ethernet management port, and port-channel interface—Admin context only Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. (ACE appliance only) In addition, the Ethernet data port, Ethernet management port, and port-channel interface command functions require the Admin user role. (ACE appliance only) You can configure flow control on each Ethernet port of a Catalyst 6500 series switch. However, the ACE does not support flow control. If you connect an ACE to a Catalyst 6500 series switch, the flow control functionality is disabled on the ACE. The output of the show interface gigabitEthernet command on the ACE displays the “input flow-control is off, output flow control is off” flow-control status line as shown in the example above regardless of the state of flow control on the Catalyst 6500 series switch port to which the ACE is connected. To display all of the interface statistical information, enter the show interface command without using any of the optional keywords. The internal keyword and options are intended for use by trained Cisco personnel for troubleshooting purposes only. For information about the fields in the show interface command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. Examples To display all of the interface statistical information, enter: host1/Admin# show interface ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(3.1) Added the seciptable option. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.5) The command output includes the reason for an UP transition, timestamp for the last change, number for transitions since creation, and the last three previous states including the timestamp and the transition reasons. If you do not configure a load-balance scheme on the interface, the load-balance scheme field through the port-channel option displays src-dst-mac, which is the default load-balance scheme on the source or destination MAC address. A4(1.0) Added the seciptable option.1-163 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands ACE Appliance Example To view the configuration status for Ethernet data port 4, enter: host1/Admin# show interface gigabitEthernet 1/4 Related Commands clear interface show inventory To display the system hardware inventory, use the show inventory command. show inventory [raw] [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the show inventory command to display information about the field-replaceable units (FRUs) in the ACE, including product IDs, serial numbers, and version IDs. If you do not include the raw keyword, the ACE displays the hardware inventory report only. For information about the fields in the show inventory command output, see the Administration Guide, Cisco ACE Application Control Engine. raw (Optional) Displays the hardware inventory report and information about each temperature sensor in the ACE. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-164 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display the hardware inventory report, enter: host1/Admin# show inventory To display the hardware inventory report and information about each temperature sensor, enter: host1/Admin# show inventory raw Related Commands show hardware show ip To display the IP statistics, use the show ip command. show ip {dhcp relay {conf | information policy | statistics} | fib [np number {dest-ip ip_address}} | summary | wr dest-ip ip_address] | interface brief {[bvi | gigabitEthernet | port-channel | vlan] number} | route [summary | internal {event-history dbg | memory}] | traffic} [|] [>] Syntax Description dhcp relay Specifies the Dynamic Host Configuration Protocol (DHCP) configuration information. conf Displays the DHCP relay configuration information. information policy Displays the relay agent information and the reforwarding policy status. statistics Displays the DHCP relay statistics. fib Displays the Forwarding Information Base (FIB) table for the context. This table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables. np number dest-ip ip_address (Optional) Displays the FIB information for a destination address on the specified ACE NP (network processor). For the number argument: • For the ACE module, enter an integer from 1 to 4. • For the ACE appliance, enter 1. For the ip_address argument, enter the IPV4 address in dotted-decimal notation (for example, 172.27.16.10). summary (Optional) Displays the FIB table or route summary for the current context. wr dest-ip ip_address (Optional) Displays the FIB information for the specified wire region (0 only) and destination IP address. Enter the IPv4 address in dotted-decimal notation (for example, 172.27.16.10). interface brief Displays a brief configuration and status summary of all interfaces, a specified bridge group virtual interface (BVI), or a virtual LAN (VLAN), including the interface number, IP address, status, and protocol. bvi Displays the information for a specified BVI. gigabitEthernet Displays the information for an existing gigabit Ethernet (GE) port. Enter 1. port-channel Displays the information for an existing port-channel. vlan Displays the statistics for a specified VLAN number. 1-165 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The internal and fib keywords and options are intended for use by trained Cisco personnel for troubleshooting purposes only. number Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1. For a port channel, enter an integer from 1 to 255. For a VLAN, enter an integer from 2 to 4090. route Displays the route entries. internal (Optional) Specifies the internal route entries. event-history dbg Displays the event history statistics. memory Displays the mtrack output statistics. traffic Displays the IPv4 and IPv6 protocol statistics. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) Added the interface brief and related keywords. A5(1.0) Added IPv6 support for the traffic keyword. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) Added the interface brief and related keywords. A3(2.5) Added the gigabitEthernet and port-channel keywords. The interface brief option displays the hardware interfaces along with the logical interfaces. It also supports the individual output of each physical interface. For FT interfaces, (ft) appears after the VLAN ID in the output. This change is only applicable in the Admin context. A5(1.0) Added IPv6 support for the traffic keyword.1-166 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands For information about the fields in the show ip command output, see the Security Guide, Cisco ACE Application Control Engine and the Routing and Bridging Guide, Cisco ACE Application Control Engine. Examples To display all IP route entries, enter: host1/Admin# show ip route Related Commands clear ip1-167 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show ipcp To display the Interprocess Communication Protocol (IPCP) statistics, use the show ipcp command. The ACE module uses the Interprocess Communication Protocol for communication between the control plane processor and the dataplane processors. show ipcp {cde | clients | event-history | peek_poke} [|] [>] Syntax Description Command Modes Exec Admin context only Command History cde Displays the following statistics: • ACE module—IPCP messages that were sent over the classification and distribution engine (CDE) interface. • ACE appliance—Displays IPCP statistical information. clients Displays the following statistics: • ACE module—Displays the IPCP statistics of the service access points (SAPs). • ACE appliance—Displays IPCP message queue information. event-history Displays the following statistics: • ACE module—Displays the history of error messages (usually none) in the IPCP driver. • ACE appliance—Displays IPCP event history information. peek_poke Displays the following statistics: • ACE module—Displays the statistics of the special queue that is used to read from or write to the network processor or the control plane processor memory from the control plane. • ACE appliance—Displays IPCP peek poke message queue information. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification A2(1.0) This command was introduced.1-168 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display IPCP statistics for the CDE interface, enter the following command: host1/Admin# show ipcp cde Related Commands This command has no related commands. show ipv6 To display the IPv6 statistics, use the show ipv6 command. show ipv6 {dhcp relay [statistics]} | {fib [{np number dest-ip ip_address} | summary | wr dest-ip ip_address]} | {interface [brief] [[bvi | vlan] number]} | neighbors | {route [summary | internal ktable]} [|] [>] Syntax Description ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) The pci option was removed. dhcp relay Specifies the Dynamic Host Configuration Protocol (DHCP) configuration information. statistics (Optional) Displays the DHCP relay statistics. fib Displays the Forwarding Information Base (FIB) table for the context. This table contains information that the forwarding processors require to make IP forwarding decisions. This table is derived from the route and ARP tables. np number dest-ip ip_address (Optional) Displays the FIB information for a destination address on the specified ACE NP (network processor). For the number argument: • For the ACE module, enter an integer from 1 to 4. • For the ACE appliance, enter 1. For the ip_address argument, enter the IP address in dotted-decimal notation (for example, 172.27.16.10). summary (Optional) Displays the FIB table or route summary for the current context. wr dest-ip ip_address (Optional) Displays the FIB information for the specified wire region (0 only) and destination IP address. Enter the IP address in dotted-decimal notation (for example, 172.27.16.10). interface Displays the configuration and status of all interfaces, including the interface number, IP address, status, and protocol.1-169 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History brief Displays a brief configuration and status summary of all interfaces, a specified bridge group virtual interface (BVI), or a virtual LAN (VLAN), including the interface number, IP address, status, and protocol. bvi Displays the configuration and status information for a specified BVI. vlan Displays the configuration and status information for a specified VLAN number. number Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1. For a port channel, enter an integer from 1 to 255. For a VLAN, enter an integer from 2 to 4090. neighbors Displays information about the IPv6 neighbors, including the IPv6 address, MAC address, status (Up or Down), and more. route Displays the route entries. internal (Optional) Specifies the internal route entries. ktable Displays the IPv6 kernel route table entries. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) Added the interface brief and related keywords. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) Added the interface brief and related keywords. A3(2.5) Added the gigabitEthernet and port-channel keywords. The interface brief option displays the hardware interfaces along with the logical interfaces. It also supports the individual output of each physical interface. For FT interfaces, (ft) appears after the VLAN ID in the output. This change is only applicable in the Admin context. A5(1.0) Added IPv6 support.1-170 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The internal and fib keywords and options are intended for use by trained Cisco personnel for troubleshooting purposes only. For information about the fields in the show ipv6 command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. Examples To display IPv6 interface summary information for VLAN 300, enter: host1/Admin# show ipv6 interface brief vlan 300 Related Commands show kalap udp load To display the latest load information for a VIP address, VIP-based tag, or a domain name provided to the KAL-AP request, use the show kalap udp load command in Exec mode. show kalap udp load {all | domain domain | vip {ip_address | tag name}} [|] [>] Syntax Description Command Modes Exec Admin and user contexts all Displays the latest load information for all VIP addresses, and VIP-based tags and domains with their associated VIP addresses and port numbers. domain domain Displays the latest load information for the specified domain name. vip ip_address | tag name Displays the latest load information for the specified VIP address or VIP tag name. For the ip_address argument, enter the IP address in dotted-decimal notation (for example, 192.168.11.1). | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-171 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines The output fields for the show kalap udp load all command display the VIP address, VIP tag with its associated VIP address and port number, or domain name with its associated VIP address and port number, its load value, and the time stamp. Examples To display the latest load information to the KAL-AP request for VIP address 10.10.10.10, enter: host1/Admin# show kalap udp load vip 10.10.10.10 To display the latest load information to the KAL-AP request for domain KAL-AP-TAG1, enter: host1/Admin# show kalap udp load domain KAL-AP-TAG1 To display the latest load information to the KAL-AP request for the VIP KAL-AP-TAG2 tag, enter: host1/Admin# show kalap udp load vip tag KAL-AP-TAG2 Related Commands (config-pmap-c) kal-ap-tag ACE Module Release Modification A2(1.0) This command was introduced. A2(2.0) The all keyword was added. The vip tag name keyword and argument were added. ACE Appliance Release Modification A3(1.0) This command was introduced. A4(1.0) The tag name keyword and argument were added.1-172 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show lcp event-history (ACE module only) To display the Line Card Process (LCP) debug event history information, use the show lcp event-history command. show lcp event-history [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display LCP debug event history information, enter: host1/Admin# show lcp event-history Related Commands This command has no related commands. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-173 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show ldap-server To display the configured Lightweight Directory Access Protocol (LDAP) server and server group parameters, use the show ldap-server command. show ldap-server [groups] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show ldap-server command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display the configured LDAP server groups, enter: host1/Admin# show ldap-server groups Related Commands (config) aaa group server (config) ldap-server host (config) ldap-server port (config) ldap-server timeout groups (Optional) Displays configured LDAP server group information. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-174 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show license To display your ACE license information, use the show license command. show license [brief | file filename | internal event-history | status | usage] [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Entering the show license command without any options and arguments displays all of the installed ACE license files and their contents. For information about the fields in the show license command output, see the Administration Guide, Cisco ACE Application Control Engine. To manage the licenses on your ACE, use the license command. brief (Optional) Displays a filename list of currently installed licenses. file filename (Optional) Displays the file contents of the specified license. internal event-history (Optional) Displays a history of licensing-related events. status (Optional) Displays the status of licensed features. usage (Optional) Displays the usage table for all licenses. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.3) The Count value for Web Optimization in the show license status command output has been modified from “cps” to “concurrent connections.”1-175 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display all of the installed ACE license files and their contents, enter: host1/Admin# show license Related Commands copy capture license1-176 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show line To display all of the configured console and virtual terminal line sessions, use the show line command. show line [console [connected]] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show line command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display all configured console and virtual terminal line sessions, enter: host1/Admin# show line ACE Module Example To display the configured console settings for the ACE, enter: host1/Admin# show line console Related Commands clear line (ACE module only) (config) line console console (Optional) Displays the configured console settings for the ACE. connected (Optional) Displays the physical connection status. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-177 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show logging To display the current severity level and state of all syslog messages stored in the logging buffer, or to display information related to specific syslog messages, use the show logging command. show logging [history | internal {event-history dbg | facility} | message [syslog_id | all | disabled] | persistent | queue | rate-limit | statistics] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History history (Optional) Displays the logging history file. internal (Optional) Displays syslog internal messages. event-history dbg Displays the debug history for the syslog server. facility Displays the registered internal facilities for the syslog server. message (Optional) Displays a list of syslog messages that have been modified from the default settings. These are messages that have been assigned a different severity level or messages that have been disabled. syslog_id (Optional) Identifier of a specific system log message to display, specified by message ID, and identifies whether the message is enabled or disabled. all (Optional) Displays all system log message IDs and identifies whether they are enabled or disabled. disabled (Optional) Displays a complete list of suppressed syslog messages. persistent (Optional) Displays statistics for the log messages sent to flash memory on the ACE. queue (Optional) Displays statistics for the internal syslog queue. rate-limit (Optional) Displays the current syslog rate-limit configuration. statistics (Optional) Displays syslog statistics. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-178 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To use the show logging command, you must have the ACE buffer enabled as a logging output location. By default, logging to the local buffer on the ACE is disabled. To enable system logging to a local buffer and to limit the messages sent to the buffer based on severity, use the logging buffered configuration command from the desired context. The show logging command lists the current syslog messages and identifies which logging command options are enabled. To clear the ACE buffer of the logging information currently stored, use the clear logging command. For information about the fields in the show logging command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display a complete list of disabled syslog messages, enter: host1/Admin# show logging message disabled To display the contents of the logging history buffer, enter: host1/Admin# show logging history To display the contents of the internal facility messages buffer, enter: host1/Admin# show logging internal facility To display statistics for the log messages sent to flash memory on the ACE, enter: host1/Admin# show logging persistent To display statistics for the internal syslog queue, enter: host1/Admin# show logging queue To display the current syslog rate-limit configuration, enter: host1/Admin# show logging rate-limit To display the current syslog statistics, enter: host1/Admin# show logging statistics Related Commands clear logging (config) logging buffered1-179 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show login timeout To display the login session idle timeout value, use the show login timeout command. show login timeout [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To configure the login timeout value, use the login timeout command in configuration mode. For information about the fields in the show login timeout command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the login timeout value, enter: host1/Admin# show login timeout Related Commands (config) login timeout | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-180 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show nat-fabric To display the Network Address Translation (NAT) policy and pool information for the current context, use the show nat-fabric command. show nat-fabric {policies | src-nat policy_id mapped_if | dst-nat static_xlate_id | nat-pools | implicit-pat| global-static} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. policies Displays the NAT policies. src-nat policy_id mapped_if Displays the specified source NAT policy information. To obtain the values for the policy_id and mapped_if arguments, view the policy_id and mapped_if fields displayed by the show nat-fabric policies command. dst-nat static_xlate_id Displays the static address translation for the specified static XLATE ID. To obtain the value for the static_xlate_id argument, view the static_xlate_id field displayed by the show nat-fabric policies command. nat-pools Displays NAT pool information for a dynamic NAT policy. implicit-pat Displays the implicit PAT policies. global-static Displays global static NAT information when the static command in global configuration mode is configured. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised with the global-static keyword. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised with the global-static keyword.1-181 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands To obtain the values for the policy_id, mapped_if, and static_xlate_id arguments, view their respective fields displayed by the show nat-fabric policies command. Examples To display the implicit PAT policies, enter: host1/Admin# show nat-fabric implicit-pat Related Commands (ACE module only) (config) static show netio To display the control plane network I/O information, use the show netio command. show netio {clients | event-history | stats} [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. clients Displays statistics for the applications that are transmitting and receiving packets through the Netio module. event-history Displays a historic log of the most recent debug network I/O messages. stats Displays detailed counters for various Netio event occurrences. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-182 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display control plane network I/O client information, enter: host1/Admin# show netio event-history 1) Event:E_DEBUG, length:73, at 921762 usecs after Sat Jan 1 00:04:55 2000 [105] ed_request_encap: Sending ARP_RESOLUTION for 75.0.0.6, in context 0 2) Event:E_DEBUG, length:78, at 921752 usecs after Sat Jan 1 00:04:55 2000 [105] ed_egress_route_lookup: Route lookup failure -96 for 75.0.0.6, context 0 Related Commands clear netio stats show nexus-device To display the Nexus device connection statistics, use the show nexus-device command. show nexus-device [name][detail] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the Nexus device connection information, enter the following command: host1/Admin# show nexus-device DC1 name Configured identifier of the Nexus device. Enter the name of an existing Nexus device as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. detail Displays an additional field for the IP address of the Nexus device. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module/Appliance Release Modification A4(2.0) This command was introduced.1-183 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands (config) nexus-device1-184 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show np To display the hardware information stored on the four network processors (NPs), use the show np command. show np np_number {access-list {node vlan vlan_number {in node_address | out node_address} | resource | root vlan vlan_number {in | out} | syslog {lineno-table [index_1 index_2 | all] | name-table [index_3 index_4 | all]} | trace vlan vlan_number in protocol prot_number | source source_ip source_port | destination dest_ip dest_port} | {adjacency [lower_index upper_index [all]} | {buffer stats {event-history | stats | usage}} | {cpu | internal [lower_index upper_index]] | reap]} | {interface {icmlookup [all] | iflookup}} | {interrupts} | {lb-stats {option}} | {mac-address-table} | {me-stats ucdump_option} | {memory} | {mtrie dest-ip dest_ip} | {nat {bitmap map_id | dst_nat policy_id | implicit-pat | policies | src-nat policy_id interface_id} | {reg} | {status} [|] [>] Syntax Description np_number Network processor number, as follows: • ACE module—Enter one of the following processor identifier numbers: – 1—Octeon network processor (NP) 1 – 2—Octeon network processor (NP) 2 – 3—Octeon network processor (NP) 3 – 4—Octeon network processor (NP) 4 • ACE appliance—Enter one of the following processor identifier numbers: – 0—x86 processor – 1—Octeon processor access-list Displays information related to the access control list (ACL). node Displays the contents of the hardware ACL node that is identified by the vlan_number. vlan vlan_number Specifies the number of the VLAN. in Specifies the inbound traffic flow. out Specifies the outbound traffic flow. node_address Address of the node. resource Displays information about the ACL resource usage. root Displays the hardware address of the root of the downloaded, aggregated ACL, identified by the vlan_number. syslog Displays the ACL syslog tables. lineno-table Displays the ACl syslog line-number table. index_1 index_2 Range of indices to display. Enter an integer from 0 to 262143 for index_1 and index_2. all Specifies whether to display invalid entries. name-table Displays the ACL syslog namestring table. index_3 index_4 Range of indices to display. Enter an integer from 0 to 16383 for index_3 and index_4.1-185 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands trace Traces a packet through a specific ACL. protocol prot_number Specifies a protocol number. source Specifies the source of the flow. source_ip Source IP address. source_port Source port number. destination Specifies the destination of a flow. dest_ip Destination IP address. dest_port Destination port number. adjacency Displays information related to the adjacent nodes. lower_index Lower index value. Enter a value from 1 to 32767. upper_index Upper index value. Enter a value from 1 to 32767. all Displays all entries, including invalid entries. internal Displays the internal information for adjacency structures. buffer Displays NP buffer usage available and status of ft switchover. event-history Displays control plane buffer event history. stats Displays control plane buffer statistics. usage Displays control plane buffer usage. cpu Displays information about the CPU processes. This command option is available only for a user with the Admin role in any context. reap (Optional, ACE appliance only) Retrieves the encap reap statistics. interface Displays information related to the interface tables. icmlookup Displays the ICM/OCM interface table from the CP (0) or the specified NP. iflookup Displays the fast path interface lookup table from the CP (0) or the specified NP. Note The iflookup keyword presents information from the fast path interface lookup table. If you wish to verify the configured shared VLAN host ID value, enter the show running-config | include shared command. interrupts (ACE module only) Displays the network processor interrupt error counters (for example, PIP, L2D, L2T, DRAM, and so on). lb-stats Displays load-balancing statistics similar to the LbInspectTool. mac-address-table Displays the MAC address table. me-stats Displays Micro Engine statistics for the network processors. This command option is available only for a user with the Admin role in any context. ucdump_option Options for the ucdump utility. The ucdump utility is a binary on Xscale which returns information about Micro Engine statistics. Specify --help as the ucdump_option argument to list all of the supported ucdump utility options. Enter up to 80 alphanumeric characters. Note The following ucdump utility options are disabled from show np me-stats: -C, -f, and -i. memory Displays information about the memory processes. This command option is available only for a user with the Admin role in any context.1-186 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command and its options require the access-list or interface feature in your user role, except for the cpu, me-stats, and memory options. These three options require that you have the Admin user role in any context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. mtrie dest-ip dest_ip Displays Mtrie entry for the specified destination IP address. nat Displays information related to the network processor Network Address Translation (NAT) tables. bitmap map_id Specifies the NAT-pool bit-map table in the network processor. dst_nat policy_id Specifies the destination NAT policy. implicit-pat Specifies the implicit Port Address Translation (PAT) policy table. policies Specifies the full NAT policy table. src-nat Specifies the source NAT policy. policy_id Policy identifier number. Enter a value from 0 to 65535. interface_id Mapped interface identifier. Enter a value from 0 to 65535. reg (ACE module only) Displays information related to the network processor registers. status (ACE appliance only) Displays status information related to the specified network processor. You can only display the statistics for network processor 1. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The value of 0 was removed from the network processor np_number argument range. A4(1.1) Added the buffer keyword and options. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.1) Added the buffer keyword and options.1-187 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands (ACE appliance only) The show np 1 {me-stats | memory | status} is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed. Examples To display the access list information from the hardware using the network processor 1, enter: host1/Admin# show np 1 access-list To display Micro Engine statistics for a ucdump utility (-b, which instructs the ACE to dump fastpath buffer memory), enter: host1/Admin# show np me-stats -b Fastpath thread buffers ================================= ME:1 thread:0 addr:0x0010 particle:0x00000000 len:78 rx_seq=7 0018 0x8500004e 0x00608034 0x0000001e 0x00101e07 ...N .`.4 .... .... 001c 0x0000ffff 0xffffffff 0x00059a3b 0x9a390800 .... .... ...; .9.. 0020 0x4500002c 0xa4540000 0xff11fd64 0x0c010105 E.., .T.. ...d .... 0024 0x0c010101 0xc350c352 0x00185db6 0x000100f0 .... .P.R ..]. .... 0028 0x00000008 0x00000000 0x00000064 0x00000000 .... .... ...d .... Related Commands clear np show processes1-188 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show ntp (ACE appliance only) To display information about the Network Time Protocol (NTP) statistics, use the show ntp command. show ntp {peer-status | peers | statistics [io | local | memory | peer ip_address]} [|] [>] Syntax Description Command Modes Exec Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the status for all configured NTP servers and peers, enter: host1/Admin# show peer-status To display a listing of all peers, enter: switch/Admin# show ntp peers Related Commands (config) ntp peer-status Displays the status for all configured NTP servers and peers. peers Displays a listing of all peers. statistics Displays the NTP statistics. io (Optional) Displays information the input/output statistics. local (Optional) Displays the counters maintained by the local NTP. memory (Optional) Displays the statistical counters related to the memory code. peer (Optional) Displays the peer-peer statistical counters of the specified peer. ip_address Peer statistics for the specified IP address. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Appliance Release Modification A1(7) This command was introduced.1-189 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show optimization-global To display information about the global optimization statistics, use the show optimization-global command. show optimization-global [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display global optimization statistics, enter: host1/Admin# show optimization-global Related Commands (config) optimize | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Appliance Release Modification A1(7) This command was introduced.1-190 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show parameter-map To display the detailed configuration information for a specified parameter map, use the show parameter-map command. show parameter-map [parammap_name] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the connection feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the configuration for the parameter map SSL_PARAMMAP, enter: host1/Admin# show parameter-map SSL_PARAMMAP Related Commands show running-config parammap_name (Optional) Name of an existing parameter map. Enter the name as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The persistence rebalance field now displays the enabled strict state when you configure the persistence-rebalance strict command. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.3) The Description field has been added to the show parameter-map command output. This field displays the previously entered summary about the specific parameter map.1-191 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show probe To display the probe information including script probes, use the show probe command. show probe [probe_name] [detail] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you enter the show probe command without specifying a probe name, the ACE displays a summary report that includes all configured probes. For information about the fields in the show probe command output, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. Examples To display the probe summary report, enter: host1/Admin# show probe Related Commands clear probe (config) probe probe_name (Optional) Name of an existing probe. detail (Optional) Displays a detailed probe report that includes configuration information and statistics for all configured probes. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.7). Not applicable for A4(1.0) or A4(2.0). The regex cache-length field was added to display the configured cache length.1-192 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show processes To display the general information about all of the processes running on the ACE, use the show processes command. The show processes command displays summary CPU information for the ACE module SiByte 1250 Processor or ACE appliance Pentium processor. show processes [cpu | log [details | pid process_id] | memory] [|] [>] Syntax Description Command Modes Exec Admin users (users with an Admin role), across all contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show processes command is available only to Admin users (users with an Admin role) across all contexts. The displayed system processes information is at the CPU system level (the total CPU usage) and is not on a per-context level. For information about the fields in the show processes command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display information about the memory processes, enter: host1/Admin# show processes memory cpu (Optional) Displays information about the CPU processes. log (Optional) Displays information about the process logs. details (Optional) Displays detailed process log information for all process identifiers. pid process_id (Optional) Displays process information about a specific process identifier. Enter a value from 0 to 2147483647. memory (Optional) Displays information about the memory processes. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-193 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands clear processes log show np show tech-support show pvlans (ACE module only) To display the private VLANs on the ACE downloaded from the supervisor engine in the Catalyst 6500 series switch, use the show pvlans command. show pvlans [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show pvlans command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. Examples To display the private VLANs on the ACE downloaded from the supervisor engine, enter: host1/Admin# show pvlans Related Commands This command has no related commands. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-194 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show radius-server To display the configured Remote Authentication Dial-In User Service (RADIUS) server and group parameters, use the show radius-server command. show radius-server [groups | sorted] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show radius-server command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display configured RADIUS server parameters, enter: host1/Admin# show radius-server To display the configured RADIUS server groups, enter: host1/Admin# show radius-server groups To display the sorted RADIUS servers, enter: host1/Admin# show radius-server sorted groups (Optional) Displays configured RADIUS server group information. sorted (Optional) Displays RADIUS server information sorted by name. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-195 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands (config) aaa group server (config) radius-server attribute nas-ipaddr (config) radius-server deadtime (config) radius-server host (config) radius-server key (config) radius-server retransmit show resource allocation To display the allocation for each resource across all resource classes and class members, use the show resource allocation command. show resource allocation [|] [>] Syntax Description Command Modes Exec (ACE module) Admin context only ACE appliance) Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command shows the resource allocation but does not show the actual resources being used. To display information about actual resource usage, use the show resource usage command. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.6) This command is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. See the “Usage Guidelines” section for more information.1-196 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands (ACE appliance only) The show resource allocation command is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed. For information about the fields in the show resource allocation command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the allocation for each resource, enter: host1/Admin# show resource allocation Related Commands show resource usage show resource internal To display internal resource-related functions, use the show resource internal command. show resource internal {appmap | regexp | socket}[|] [>] Syntax Description Command Modes Exec (ACE module) Admin context only (ACE Appliance) Admin and user contexts Command History appmap Displays the resource driver application map. regexp Displays the current memory usage for the virtual server ID. socket Displays the current socket resources. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The regexp keyword was added.1-197 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. (ACE appliance only) The show resource internal command is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. Because these commands are not context specific, we recommend that you issue them from the Admin context only. If you issue these commands in a user context, they may not display any data if other user context information could be displayed. Examples To display the memory used by the virtual server IDs, enter: host1/Admin# show resource internal regexp Related Commands show resource usage ACE Appliance Release Modification A1(7) This command was introduced. A3(2.6) This command is now available to users configured with a custom role in both the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor roles. See the “Usage Guidelines” section for more information. A4(1.0) The regexp keyword was added.1-198 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show resource usage To display the resource usage for each Network Processor (NP) or each context, use the show resource usage command. show resource usage [np {1 | number |current |denied | peak}] [all | [[context context_name | summary] [resource {acc-connections | acl-memory | all | conc-connections | mgmt-connections | probes | proxy-connections | rate {bandwidth | connections | http-comp | inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog} | regexp | sticky | syslogbuffer | xlates}]]] [counter [all | current | denied | peak [count_threshold]]] [|] [>] Syntax Description np (Optional) Displays the resource usage for the NP. 1 (ACE appliance only) Displays all resource usage statistics for the NP. Enter 1. number (ACE module only) Network Processor (NP) number. Enter a number from 1 to 4. Since the ACE divides all resources equally between all NPs, this argument allows you to monitor the resource usage for each NP independently in case it reaches a limit. When an NP reaches a limit, it can deny a connection even though the limit is not reached in the other NPs. current Displays the active concurrent instances or the current rate of the resource for the NPs. denied Displays the number of denied uses of the resource for the NPs since the resource statistics were last cleared. peak Displays the peak concurrent instances, or the peak rate of the resource for the NPs since the statistics were last cleared, either using the clear resource usage command or because the device rebooted. all (Optional) Displays the resource usage for each context individually. This is the default setting. This option is available in the Admin context only. context context_name (Optional) Displays the resource usage for the specified context. The context_name argument is case sensitive. This option is available in the Admin context only. summary (Optional) Displays the total resource usage for all contexts together. For example, the denied column shows the items that have been denied for each context limit. This option is available in the Admin context only. top number (Optional) Displays the greatest n users of a single resource arranged from the highest to the lowest percentage of resources used. You must specify a single resource type and cannot use the resource all keywords with this option. This option is available in the Admin context only. resource (Optional) Displays statistics for one of the following specified resources. This option is available for the np option in the Admin context only. acc-connections (ACE appliance only) Displays the number of application acceleration connections. acl-memory Displays the ACL memory usage. all Displays the resource usage for all resources used by the specified context or contexts. conc-connections Displays the resource usage for simultaneous connections. mgmt-connections Displays the resource usage for management connections.1-199 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Defaults None Command Modes Exec probes Displays the resource usage for probes. proxy-connections Displays the resource usage for proxy connections. rate Displays the rate per second for the specified connections or syslog messages. bandwidth Displays the bandwidth in bytes per second. connections Displays connections per second. http-comp Displays the HTTP compression rate in bytes per second. To convert the value to bits per second, multiply the displayed value by 8. inspect-conn Displays all inspection connections per second. mac-miss Displays MAC miss traffic that was punted to the CP packets per second. mgmt-traffic Displays management traffic bytes per second. ssl-connections Displays Secure Sockets Layer (SSL) connections. syslog Displays the syslog message buffer usage. regexp Displays resource usage for regular expressions. sticky Displays resource usage for sticky entries. syslogbuffer Displays resource usage for the syslog buffer. xlates Displays resource usage by Network Address Translation (NAT) and Port Address Translation (PAT) entries. counter (Optional) Displays all statistics. You can specify one of the following options: all (Optional) Displays all statistics. This is the default setting. current (Optional) Displays the active concurrent instances or the current rate of the resource. denied (Optional) Displays the number of denied uses of the resource since the resource statistics were last cleared. peak (Optional) Displays the peak concurrent instances, or the peak rate of the resource since the statistics were last cleared, either using the clear resource usage command or because the device rebooted. count_threshold (Optional) Number above which resources are shown. Enter an integer from 0 to 4294967295. The default is 1. If the usage of the resource is below the number you set, then the resource is not shown. If you specify all for the counter name, then the count_threshold applies to the current usage. To show all resources, set the count_threshold to 0. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-200 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show resource usage command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the resource usage for context C1, enter: host1/Admin# show resource usage context C1 resource Related Commands This command has no related commands. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) This command was modified to include the np option and http-comp keywords for compression. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) This command was modified to include the np option.1-201 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show restore To display restore errors or the restore status, use the show restore command. show restore errors | status [details] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display the details of a restore operation in the Admin context, enter: host1/Admin# show restore status details Backup Archive: fusion_2010_09_16_21_34_03.tgz Type : Full Start-time : Thu Sep 16 23:27:53 2010 Finished-time : Thu Sep 16 23:28:19 2010 Status : SUCCESS Current vc : ct3 Completed : 4/4 ------------------------+---------------+--------------------------+------------ Context component Time Status ------------------------+---------------+--------------------------+------------ Admin License Thu Sep 16 23:28:03 2010 SUCCESS Admin Cert/Key Thu Sep 16 23:28:03 2010 SUCCESS Admin Probe script Thu Sep 16 23:28:03 2010 SUCCESS Admin Checkpoints Thu Sep 16 23:28:06 2010 SUCCESS Admin Startup-cfg Thu Sep 16 23:28:07 2010 SUCCESS Admin Running-cfg Thu Sep 16 23:28:07 2010 SUCCESS ct1 Cert/Key Thu Sep 16 23:28:17 2010 SUCCESS ct1 Probe script Thu Sep 16 23:28:17 2010 SUCCESS errors Displays errors that may occur during a backup operation. For information about backup system messages, see the System Message Guide, Cisco ACE Application Control Engine. status [details] Displays errors that occur during a restore operation. For information about restore system messages, see the System Message Guide, Cisco ACE Application Control Engine. ACE Module Release Modification A2(3.0) This command was introduced. ACE Appliance Release Modification A4(1.0) This command was introduced.1-202 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands ct1 Checkpoints Thu Sep 16 23:28:17 2010 SUCCESS ct1 Startup-cfg Thu Sep 16 23:28:17 2010 SUCCESS ct1 Running-cfg Thu Sep 16 23:28:18 2010 SUCCESS ct2 Cert/Key Thu Sep 16 23:28:18 2010 SUCCESS ct2 Probe script Thu Sep 16 23:28:18 2010 SUCCESS ct2 Checkpoints Thu Sep 16 23:28:18 2010 SUCCESS ct2 Startup-cfg Thu Sep 16 23:28:18 2010 SUCCESS ct2 Running-cfg Thu Sep 16 23:28:18 2010 SUCCESS ct3 Cert/Key Thu Sep 16 23:28:19 2010 SUCCESS ct3 Probe script Thu Sep 16 23:28:19 2010 SUCCESS ct3 Checkpoints Thu Sep 16 23:28:19 2010 SUCCESS ct3 Startup-cfg Thu Sep 16 23:28:19 2010 SUCCESS ct3 Running-cfg Thu Sep 16 23:28:19 2010 SUCCESS Related Commands restore1-203 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show role To display the configured user roles (predefined and user-configured roles), use the show role command. show role [role_name] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To configure roles, use the role command in configuration mode. For information about the fields in the show role command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display all of the available user roles, enter: host1/Admin# show role Related Commands (config) role role_name (Optional) Name of an existing role. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-204 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show rserver To display the IPv6 or IPv4 summary or detailed statistics for a named real server or for all real servers, use the show rserver command. show rserver [rserver_name] [detail] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show rserver command output, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. For the Total Conn-failures output field of the show rserver detail command, the following conditions apply: For Layer 4 traffic with normalization on, the count increments if the three-way handshake fails to be established for either of the following reasons: • A RST comes from the client or the server after a SYN-ACK. • The server does not reply to a SYN. The connection times out. For Layer 4 traffic with normalization off, the count does not increment. rserver_name (Optional) Identifier of an existing real server. detail (Optional) Displays detailed statistics for the real server name that you enter or for all real servers. If you do not include the detail keyword, the summary report is displayed. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A5(1.0) Added IPv6 support ACE Appliance Release Modification A1(7) This command was introduced. A5(1.0) Added IPv6 support1-205 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands For L7 traffic (normalization is always on), the count increments if the three-way handshake fails to be established for either of the following reasons: • A RST comes from the server after the front-end connection is established • The server does not reply to a SYN. The connection times out. Examples To display detailed statistics for all configured real servers, enter: host1/Admin# show rserver detail Related Commands clear rserver (config) rserver1-206 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show running-config To display the running configuration information associated with the current context, use the show running-config command. show running-config [aaa | access-list | action-list | class-map | context | dhcp | domain | ft | interface | object-group | parameter-map | policy-map | probe | resource-class | role | rserver | serverfarm | sticky [name]] [|] [>] Syntax Description Command Modes Exec aaa (Optional) Displays authentication, authorization, and accounting (AAA) information. access-list (Optional) Displays access control list (ACL) information. action-list (Optional) Displays action-list information. class-map (Optional) Displays the list of all class maps configured for the current context. The ACE also displays configuration information for each class map listed. context (Optional) Displays the list of contexts configured on the ACE. The ACE also displays the resource class (member) assigned to each context. The context keyword only works from within the admin context. dhcp (Optional) Displays Dynamic Host Configuration Protocol (DHCP) information. domain (Optional) Displays the list of domains configured for the current context. The ACE also displays configuration information for each domain listed. ft (Optional) Displays the list of redundancy or fault-tolerance (ft) configurations configured for the current context. The ACE also displays configuration information for each ft configuration listed. interface (Optional) Displays interface information. object-group (Optional) Displays object-group information. parameter-map (Optional) Displays parameter map information. policy-map (Optional) Displays policy map information. probe (Optional) Displays probe information. resource-class (Optional) Displays resource class information. role (Optional) Displays the list of roles configured for the current context. The ACE also displays configuration information for each role on the list. rserver (Optional) Displays rserver information. serverfarm (Optional) Displays server farm information. sticky (Optional) Displays sticky information. name (Optional) Object name to display. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command.1-207 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show running-config command is a context-sensitive command. The ACE creates a running configuration for each context that you create; therefore, to display the running-config file of a specific context, you must enter the show running-config command from within the desired context. If you need to change to another context before executing the show running-config command, use the changeto command or log directly in to the desired context. Use the copy capture command to do the following: • Save a copy of the running configuration to a file on one or more destination locations. • Save the running configuration as the startup configuration. • Save the startup configuration as the running configuration. For information about the fields in the show running-config command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the entire running configuration, enter: host1/Admin# show running-config Related Commands copy capture show startup-config show tech-support write ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. A4(1.1) Added the optional name argument. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised. A3(2.7). Not applicable for A4(1.0) and A4(2.0). The name option was added.1-208 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show scp (ACE module only) To display the Switch Command Control Protocol (SCP) statistics, use the show scp command. show scp {debugs | event-history | stats} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display the SCP statistics, enter: host1/Admin# show scp stats Related Commands This command has no related commands. debugs Displays SCP debug filter settings. event-history Displays a historic log of the most recent SCP debug messages. stats Displays detailed counters for SCP events. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.1-209 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show script To display the statistics for a script file that is active on the ACE including exit codes and exit messages, use the show script command. show script {script_name probe_name [rserver_name [port_number] [serverfarm sfarm_name]] | code script_name} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show script command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the script file code for the script in the file MYSCRIPT, enter: host1/Admin# show script code MYSCRIPT script_name Name of a loaded script. probe_name Name of a probe containing an association with the specified script. rserver_name (Optional) Name of a real server that contains an association with the specified probe. port_number (Optional) Port number on the specified real server. serverfarm sfarm_name (Optional) Specifies the server farm containing an association with the specified real server. code script_name Displays the code for the specified script. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-210 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands (config) script file name (config-probe-probe_type) script1-211 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show security internal event-history To display information about the security event history, use the show security internal event-history command. show security internal event-history {errors | msgs} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display the error logs of the security manager, enter: host1/Admin# show security internal event-history errors Related Commands This command has no related commands. errors Displays the debug error logs of the security manager. msgs Displays the message logs of the security manager. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-212 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show serverfarm To display a summary or detailed statistics about a specified server farm, use the show serverfarm command. show serverfarm [name [retcode]] [detail] [NPn] [|] [>] show serverfarm [name [inband]] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History name (Optional) Detailed report for the specified server farm. If you do not specify a server farm name, the summary report is displayed. retcode (Optional) Displays the HTTP return codes statistics for configured real server and retcode map combinations only if the return code hit count is greater than 0. All return code hit counts are an aggregate of the counts of both network processors. Displays the HTTP return codes associated with the server farm. detail (Optional) Displays detailed statistics for the specified server farm, including the current and total connections stuck to each real server due to sticky. When used after the retcode option, the detail option displays return code statistics even if the value is 0. inband (Optional) Displays the number of inband health monitoring connection failures for each real server in a server farm. NPn (Optional) Indicates which network processor (NP) handled a connection for a particular real server. Use this field to troubleshoout real server connections when only some connections are dropped. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(4) This command was revised. The Out-of-Rotation Count field was added to the show command output. A4(1.0) This command was revised to include the inband option. A4(1.1) Added the NPn option.1-213 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the serverfarm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. In software version A4(1.1) and later, the ACE retains the retcode and inband health monitoring statistics of a server farm when a real server transitions from the OPERATIONAL state to the INACTIVE state. For information about the fields in the show serverfarm command output, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. Examples To display a summary report about the server farm, enter: host1/Admin# show serverfarm Related Commands clear serverfarm (config) serverfarm (config-sfarm-host) inband-health check ACE Appliance Release Modification A1(7) This command was introduced. A3(2.3)) This command with the name or detail option was revised to include the real server description field as defined by the description command in the serverfarm host real server configuration mode. A4(1.0) This command was revised to include the inband option. A4(1.1) Added the NPn option.1-214 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show service-policy To display the statistics for all policy maps or a specific policy map that is currently in service, use the show service-policy command. This command also allows you to display statistics for a specific class map in a policy or the hit counts for match HTTP URL statements in a Layer 7 HTTP policy map. If you do not enter an option with this command, the ACE displays all enabled policy statistics. show service-policy [policy_name [class-map class_name]] [detail [dad] | summary | url-summary] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History policy_name (Optional) Identifier of an existing policy map that is currently in service (applied to an interface) as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter the name of an existing policy map, the ACE displays information and statistics for all policy maps. class-map class_name (Optional) Displays the statistics for the specified class map associated with the policy. detail (Optional) Displays a more detailed listing of policy map or class map statistics and status information. dad (Optional) Displays the IPv6 duplicate address detection (DAD) information, including the DAD status of the VIP. summary (Optional) Displays a summary of policy map or class map statistics and status information. url-summary (Optional) Displays the number of times that a connection is established based on a match HTTP URL statement for a class map in a Layer 7 HTTP policy map. The URL hit counter is per match statement per load-balancing Layer 7 policy. If you are using the same combination of Layer 7 policy and class maps with URL match statements in different VIPs, the count is combined. If the ACE configuration exceeds 64K URL and load-balancing policy combinations, this counter displays NA. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(4) Command syntax was changed to allow the display of all service policies that are configured in the ACE. A2(1.2) The class-map class_name and summary options were added.1-215 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show service-policy command displays the following information: • VLAN to which the policy is applied • Class map associated with the policy • Status of any NAT operations • Status of any load-balancing operations • Status of any compression operations • Dynamic Workload Scaling (DWS) status of the VIP • DAD status of IPv6 VIPs The ACE updates the counters that the show service-policy command displays after the applicable connections are closed. For information about the fields in the show service-policy command output, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. Examples To display detailed statistics and current status of the service policy MGMT_POLICYMAP, enter: host1/Admin# show service-policy MGMT_POLICYMAP detail Related Commands clear service-policy show running-config (config) service-policy A2(2.0) The url-summary option was added. A2(3.3) The regex dnld status field was added. A4(2.0) Added VIP DWS state output field A5(1.0) Added optional dad keyword and associated output fields for IPv6. ACE Module Release Modification ACE Appliance Release Modification A1(7) This command was introduced. A3(2.1) The class-map class_name and summary options were added. A3(2.5) Compression counter fields were added. A3(2.6) The regex dnld status field was added. A4(1.0) The url-summary option was added. A4(2.0) Added VIP DWS state output field A5(1.0) Added optional dad keyword and associated output fields for IPv6.1-216 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show snmp To display the Simple Network Management Protocol (SNMP) statistics and configured SNMP information, use the show snmp command. show snmp [community | engineID | group | host | sessions | user] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, this command displays the ACE contact, the ACE location, the packet traffic information, community strings, and the user information. You can instruct the ACE to display specific SNMP information by including the appropriate keyword. For information about the fields in the show snmp command output, see the Security Guide, Cisco ACE Application Control Engine. community (Optional) Displays SNMP community strings. engineID (Optional) Displays the identification of the local SNMP engine and all remote engines that have been configured on the ACE. group (Optional) Displays the names of groups on the ACE, the security model, the status of the different views, and the storage type of each group. host (Optional) Displays the configured SNMP notification recipient host, the User Datagram Protocol (UDP) port number, the user, and the security model. sessions (Optional) Displays the IP address of the targets for which traps or informs have been sent. user (Optional) Displays SNMPv3 user information. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-217 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To display SNMP statistics and configured SNMP information, enter: host1/Admin# show snmp Related Commands (config) snmp-server community (config) snmp-server contact (config) snmp-server enable traps (config) snmp-server host (config) snmp-server location (config) snmp-server trap link ietf (config) snmp-server trap-source vlan (config) snmp-server user1-218 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show ssh To display the information about the Secure Shell (SSH) keys and sessions, use the show ssh command. show ssh {key [dsa | rsa | rsa1] | maxsessions [context_name] | session-info [context_name]} [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. From the Admin context, this argument allows you to display only the SSH information associated with a specific user-created context. key Displays the host key pair details for all SSH keys. dsa (Optional) Displays only the details of the DSA key pair for the SSH version 2 protocol. rsa (Optional) Displays only the details of the RSA key pair for the SSH version 2 protocol. rsa1 (Optional) Displays only the details of the RSA1 key pair for the SSH version 1 protocol. maxsessions Displays the maximum number of SSH sessions that the ACE allows. Context administrators may also view SSH session information associated with a particular context. context_name (Optional) Name of an existing context that contains the SSH session information that the context administrator wants to view. Only the global administrator can view Telnet information associated with a particular context. The context_name argument is case sensitive and is visible only from the admin context. session-info Displays session information, including the session ID, the remote host IP address, and the active time. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-219 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands For information about the fields in the show ssh command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display all of the loaded SSH keys, enter: host1/Admin# show ssh key To display the maximum number of SSH sessions that the ACE permits for the context C2, enter: host1/Admin # show ssh maxsessions C2 Maximum Sessions Allowed is 2(SSH Server is enabled) Related Commands clear ssh (config) class-map (config) ssh key (config) ssh maxsessions1-220 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show startup-config To display information about the startup configuration that is associated with the current context, use the show startup-config command. show startup-config [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To clear the startup configuration, use the clear startup-config command. To copy the running configuration to the startup configuration, or copy the startup configuration to the running configuration, use the copy running-config command. For information about the fields in the show startup-config command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display information about the startup configuration, enter: host1/Admin# show startup-config Related Commands clear startup-config copy capture show running-config | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-221 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show stats To display statistics about the ACE operation, use the show stats command. show stats [connection | {crypto {client [alert | authentication | cipher | termination]} | {server [alert | authentication | cipher | insert | redirect | termination]}} | http | inspect [ftp | http | rtsp]| kalap [all] | loadbalance [radius | rdp | rtsp | sip] | optimization http | probe [type probe_type] | sticky] [|] [>] Syntax Description connection (Optional) Displays global connection statistics associated with the current context. crypto (Optional) Displays the back-end (client keyword) and front-end (server keyword) SSL statistics for the current context. client Displays the back-end SSL client statistics for the current context. If you do not enter any options with this keyword, this command displays alert, authentication, cipher, and termination statistics. alert (Optional) Displays SSL alert statistics. authentication (Optional) Displays the SSL authentication statistics. cipher (Optional) Displays the SSL cipher statistics. termination (Optional) Displays the back-end SSL termination statistics. server Displays the front-end SSL server statistics for the current context. If you do not enter any options with this keyword, this command displays alert, authentication, cipher, header insertion, redirect, and termination statistics. insert (Optional) Displays the header insertion statistics. redirect (Optional) Displays the redirect statistics. http (Optional) Displays global HTTP statistics associated with the current context. inspect [ftp | http | rtsp] (Optional) Displays global FTP, HTTP, or RTSP inspect statistics associated with the current context. If you do not include any options with the inspect keyword, the ACE displays the global HTTP statistics. kalap (Optional) Displays global server load-balancing (GSLB) statistics associated with the current context. all (Optional) In the admin context, displays the total number of KAL-AP statistics for all contexts. These statistics are followed by the statistics for the admin context and then all other contexts. loadbalance (Optional) Displays global load-balancing statistics associated with the current context. radius (Optional) Displays Remote Authentication Dial-In User Service (RADIUS) load-balancing statistics associated with the current context. rdp (Optional) Displays Reliable Datagram Protocol (RDP) load-balancing statistics associated with the current context. rtsp (Optional) Displays Real-Time Streaming Protocol (RTSP) load-balancing statistics associated with the current context. sip (Optional) Displays Session Initiation Protocol (SIP) load-balancing statistics associated with the current context. optimization http (Optional, ACE appliance only) Displays HTTP optimization global statistics associated with the current context.1-222 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Command HistoryA Usage Guidelines This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the statistics for a specific probe type (for example, scripted), include the type probe_type keyword and argument. Examples To display all of the statistics about the ACE operation, enter: host1/Admin# show stats To see a list of probe types, enter: host1/Admin# show stats probe type ? probe [type probe_type] (Optional) Displays global probe statistics associated with the current context. sticky (Optional) Displays global sticky statistics associated with the current context. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised to add the crypto, radius, and rtp keywords. A2(1.1) This command was revised to add the rtsp and sip keywords. A2(2.0) This command was revised to add the all keyword. This command was revised to add counters for SSL redirect and header insertion. A4(1.0) This command was revised to add the alert, authentication, cipher, insert, redirect, and termination options. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised. A3(2.1) The alert, authentication, cipher, and termination options were added.1-223 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands clear stats show sticky cookie-insert group To display the inserted cookie information for the specified sticky group, use the show sticky cookie-insert group command. show sticky cookie-insert group sticky_group_name Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command displays information that correlates the inserted cookie, the sticky entry, and the final destination for the cookie insert configuration. For information about the fields in the show sticky cookie-insert command output, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. Examples To display the inserted cookie information for the sticky group, enter: host1/Admin# show sticky cookie-insert group STICKY-TEST Related Commands (config-sticky-cookie) cookie insert sticky_group_name The name of the configured sticky group | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification A2(1.4) and A2(2.1) This command was introduced. ACE Appliance Release Modification A3(2.2) This command was introduced.1-224 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show sticky database To display the sticky statistics, use the show sticky database command. show sticky database [static] [active-conn-count min value1 max value2 | client ip_address1 | group name1 | http-content value3 | http-cookie value24 | http-header value5 | ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5} | layer4-payload value6 | rserver name2 [port] serverfarm name3 | rtsp-header value7 | sip-header value8 | time-to-expire min value9 max value10 | type {http-content | http-cookie | http-header | ip-netmask {both | destination | source} | layer4-payload | radius {calling-id | framed-ip | username} | rtsp-header | sip-header} [count | detail]] Syntax Description static (Optional) Displays static sticky database entries. If you do not use an optional keyword to specify the type of static sticky database entry to display, all entries are displayed. active-conn-count min value1 max value2 (Optional) Displays sticky database entries within the specified connection count range. client ip_address (Optional) Displays sticky database entries for the source IPv6 or IPv4 address of a client that you specify. group name1 (Optional) Displays sticky database entries for the sticky group name that you specify. http-content value3 (Optional) Displays sticky database entries for the HTTP content value that you specify. http-cookie value4 (Optional) Displays sticky database entries for the HTTP cookie value that you specify. http-header value5 (Optional) Displays sticky database entries for the HTTP header value that you specify. ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 | source ip_address5} (Optional) Displays sticky database entries for both the source and destination addresses, the destination address only, or the source address only. layer4-payload value6 (Optional) Displays sticky database entries for the Layer 4 payload value that you specify. rserver name2 (Optional) Displays sticky database entries for the real-server name that you specify. port (Optional) Real server port number. serverfarm name3 Specifies a server farm associated with the real server. rtsp-header value7 (Optional) Displays sticky database entries for the RTSP header value that you specify. sip-header value8 (Optional) Displays sticky database entries for the SIP header value that you specify. time-to-expire min value9 max value10 (Optional) Displays the sticky database entries within the specified time to expire range. type (Optional) Displays sticky database entries for one of the following sticky group types: http-content Specifies HTTP content sticky database entries.1-225 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History http-cookie Specifies HTTP cookie sticky database entries. http-header Specifies HTTP header sticky database entries. ip-netmask Specifies IP netmask sticky database entries. both Specifies both source and destination IP netmasks. destination Specifies the destination IP netmask. source Specifies the source IP netmask. radius Specifies RADIUS attribute sticky database entries. calling-id Specifies RADIUS calling-ID attribute sticky database entries. framed-ip Specifies RADIUS framed-IP attribute sticky database entries. username Specifies RADIUS username attribute sticky database entries. rtsp-header Specifies RTSP header sticky database entries. sip-header Specifies SIP header sticky database entries. count (Optional) Displays the count for the sticky databae entries. detail (Optional) Displays detailed statistics for the specified sticky database component. The detail option output includes the sticky-hit-count field to display the total number of times that a sticky entry is hit. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. A2(1.3) The show sticky database static http-cookie value2 command no longer displays the hash key. A4(1.1) Added the active-conn-count, ip-netmask, time-to-expire, count, and deatil options. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised. A4(1.1) Added the active-conn-count, ip-netmask, time-to-expire, count, and deatil options.1-226 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show sticky command output, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine. Examples To display sticky statistics for the client with a source IP address of 192.168.12.15, enter: host1/Admin# show sticky database client 192.168.12.15 Related Commands (config-sfarm-host-rs) cookie-string A3(2.2) When you enable cookie insertion through the cookie insert command in sticky-cookie configuration mode, the show sticky database static http-cookie command no longer displays the hash key. A3(2.6) This command displays the source and destination addresses in dotted-decimal notation instead of the hexadecimal equivalent. ACE Appliance Release Modification1-227 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show sticky hash To correlate a known cookie or URL value with its corresponding sticky database entry (hash), use the show sticky hash command. This command allows you to generate the hash value from a known cookie or URL value using the same algorithm that is used by the URL and cookie hashing function. show sticky hash text Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no usage guidelines. Examples To generate the hash value for the cookie value 1.1.1.10, enter the following command: host1/Admin# show sticky hash 1.1.1.10 Hash: 0x8a0937592c500bfb - 9946542108159511547 Now you can display the sticky database for a particular sticky group and match the generated hash with the sticky entry (hash) in the sticky database. For example, to display the sticky database for the group STICKY_GROUP1, enter the following command: host1//Admin# show sticky database group STICKY_GROUP1 sticky group : STICKY_GROUP1 type : HTTP-COOKIE timeout : 1440 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags --------------------+----------------+----------------+-------+ 9946542108159511547 SERVER1:80 86390 - Related Commands show sticky database text Cookie or URL text for which you want to calculate the hash value. Enter the cookie or URL value as an unquoted text string with no spaces and with a maximum of 1024 alphanumeric characters. If you want to include spaces in the text string, enclose the text string in quotation marks (“ ”) ACE Module/Appliance Release Modification A4(1.0) This command was introduced.1-228 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show conn sticky To display all the connections that are linked to a sticky entry, use the show conn sticky internal_id command. This command is useful in identifying why a sticky entry does not timeout. show conn sticky internal_id Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no usage guidelines. Examples The following example shows how to use the two above-mentioned commands to display all the connections associated with a particular sticky entry. To obtain the internal IDs of sticky database entries, enter the following command: switch/Admin# show sticky database static detail | i internal internal entry-id: 0x200006 internal entry-id: 0x200007 After you have obtained an internal sticky id, use the show conn sticky command to display all the connections linked to that sticky entry as follows: switch/Admin# show conn sticky 0x200006 conn-id np dir proto vlan source destination state -------+--+---+-----+----+-------------------+----------------+------+ 242 1 in TCP 20 192.168.20.45:44425192.168.20.15:80 ESTAB 243 1 out TCP 40 192.168.40.28:80 192.168.20.45:44425 ESTAB switch/Admin# show conn sticky 0x200007 conn-id np dir proto vlan source destination state -------+--+---+-----+----+-----------------+-----------------+------+ switch/Admin# Related Commands show sticky database internal_id internal identifier of a sticky entry in the sticky database. ACE Module/Appliance Release Modification A4(1.0) This command was introduced.1-229 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show syn-cookie To display SYN cookie statistics, use the show syn-cookie command. To display SYN cookie statistics for all VLANs that are configured in the current context, enter the command with no arguments. show syn-cookie [vlan number] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no usage guidelines. Examples To display SYN cookie statistics for VLAN 100, enter: host1/C1# show syn-cookie vlan 100 Related Commands clear syn-cookie vlan number Instructs the ACE to display SYN cookie statistics for the specified interface. Enter an integer from 2 to 2024. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-230 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show system To display the ACE system information, use the show system command. show system {cpuhog} | {error-id {hex_id | list} | internal {aaa {event-history {errors | msgs} | mem-stats} | dmesg | log {boot {kickstart | system} | install [details]} | mts {buffers [age seconds | details | node name | order | sap number | sap_all | summary] | memory | opcode} | radius event-history {errors | msgs} | sysmgr {event-history {errors | msgs} | service {all [detail] | local [detail] | name service_name [dependencies | policies | seqnotbl] | not-running [details] | pid id [config | dependencies | log] | running [details] | uuid hex_id [config | dependencies]} | startup-config {locks | state} | state | time} | tacacs+ event-history {errors | msgs} | urifs | vshd {config-intro | feature-list | license-info | log {running-config | tree-table} | subtype-table | tree-table}} | kcache | kmem | kmemtrack | resources | skbtrack | uptime | watchdog [lcp | memory | scp]} [|] [>] Syntax Description cpuhog Displays the largest amount of time that a driver was executing in the kernel. This keyword is intended for use by trained Cisco personnel for troubleshooting purposes only. error-id Displays description about errors. This keyword is available in all user contexts. hex_id Error ID in hexadecimal format. The range is from 0x0 to 0xffffffff. list Specifies all error IDs. internal Displays Cisco internal system-related functions. The internal keywords and related keywords, options, and arguments are intended for use by trained Cisco personnel for troubleshooting purposes only. This option is available in the Admin context only. kcache Displays Linux kernel cache statistics. kmem Displays Linux kernel memory statistics. kmemtrack Displays how the kernel memory is being currently used. This keyword is intended for use by trained Cisco personnel for troubleshooting purposes only. resources Displays system-related CPU and memory statistics. skbtrack Displays the allocation and deallocation of network buffers in the drivers. This keyword is intended for use by trained Cisco personnel for troubleshooting purposes only. uptime Displays how long the ACE has been up and running. This keyword is available in all user contexts.1-231 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin context User contexts (error-id and uptime keywords only) Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show system command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display system resource information, enter: host1/Admin# show system resources watchdog [lcp | memory | scp] Displays whether the watchdog is enabled or disabled, and its timeout. When you enter this keyword without an option, all watchdogs are displayed. To display a specific watchdog, enter one of the following options: • lcp—(ACE module only) Displays the LCP process watchdog • memory—Displays whether the low memory watchdog is enabled or disabled, and its timeout. • scp—(ACE module only) Displays the watchdog for SCP keepalive messages from the hardware timer interrupt level The system watchdog command allows you to configure the Memory watchdog timeout. (ACE module only) The LCP and SCP timeouts are not configurable. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) The watchdog keyword was added. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) The dmseg and watchdog memory keywords were added.1-232 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands system watchdog show tacacs-server To display the configured Terminal Access Controller Access Control System Plus (TACACS+) server and server group parameters, use the show tacacs-server command. show tacacs-server [groups | sorted] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show tacacs-server command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display the configured TACACS+ server parameters, enter: host1/Admin# show tacacs-server To display the configured TACACS+ server groups, enter: host1/Admin# show tacacs-server groups To display the sorted TACACS+ servers, enter: host1/Admin# show tacacs-server sorted groups (Optional) Displays configured TACACS+ server group information. sorted (Optional) Displays TACACS+ server information sorted by name. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-233 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands (config) aaa group server (config) tacacs-server deadtime (config) tacacs-server host (config) tacacs-server key (config) radius-server timeout show tcp statistics To display the Transmission Control Protocol (TCP) statistics, use the show tcp statistics command. show tcp statistics [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the connection feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show tcp statistics command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display TCP statistics, enter: host1/Admin# show tcp statistics Related Commands clear tcp statistics | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-234 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show tech-support To display information that is useful to technical support when reporting a problem with your ACE, use the show tech-support command. show tech-support [details] [|] [>] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show tech-support command is useful when collecting a large amount of information about your ACE for troubleshooting purposes with Cisco technical support. The output of this command can be provided to technical support representatives when reporting a problem. details (Optional) Provides detailed information for each of the show commands described below in the “Usage Guidelines” section. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.2) This command no longer displays the following: • All show acl-merge acls vlan command output • All show acl-merge merge-list vlan number out command output It also now displays a maximum of four VLANs. A3(2.6) This command no longer executes the following commands: • show optimization-debug • show np 1 me-stats “-W number”1-235 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands The show tech-support command displays the output of several show commands at once. The output from this command varies depending on your configuration. The default output of the show tech-support command includes the output of the following commands: • show hardware—See the show hardware command. • show interface—See the show interface command. • show process—See the show processes command. • show running-config—See the show running-config command. • show system internal dmesg—See the show system command. • show version—See the show version command. Explicitly set the terminal length command to 0 (zero) to disable autoscrolling and enable manual scrolling. Use the show terminal command to view the configured terminal size. After obtaining the output of this command, reset your terminal length as required. You can save the output of this command to a file by appending > filename to the show tech-support command. If you save this file, verify that you have sufficient space to do so as each of these files may take about 1.8 MB. For information about the fields in the show tech-support command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the summary version of the technical support report, enter: host1/Admin# show tech-support Related Commands show fifo show hardware show interface show processes show running-config show terminal show version show telnet To display the information about the Telnet session, use the show telnet command. show telnet [maxsessions] [context_name] [|] [>] Syntax Description maxsessions (Optional) Displays the maximum number of enabled Telnet sessions. context_name (Optional) Name of an existing context. Use the context_name argument to display Telnet information that pertains only to the specified context. The context_name argument is case sensitive.1-236 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you do not include the optional maxsessions keyword, the ACE displays the following Telnet information: • Session ID—Unique session identifier for the Telnet session • Remote host—IP address and port of the remote Telnet client • Active time—Time since the Telnet connection request was received by the ACE For information about the fields in the show telnet command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display the current Telnet information, enter: host1/Admin# show telnet Related Commands clear telnet telnet (config) class-map show terminal To display the console terminal settings, use the show terminal command. show terminal [internal info] [|] [>] | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-237 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show terminal command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the console terminal settings, enter: host1/Admin# show terminal Related Commands terminal show udp statistics To display the User Datagram Protocol (UDP) statistics, use the show udp statistics command. show udp statistics [|] [>] internal info (Optional) Displays terminal internal information. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-238 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the connection feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show udp statistics command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display UDP statistics, enter: host1/Admin# show udp statistics Related Commands clear udp statistics show user-account To display user account information, use the show user-account command. show user-account [user_name] [|] [>] Syntax Description | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. user_name (Optional) Name of user.1-239 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command Modes Exec Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the user account information for all users, do not specify a user with the optional user_name argument. For information about the fields in the show user-account command output, see the Administration Guide, Cisco ACE Application Control Engine. The Account Expiry field for this command displays the date, if any, when the user account expires. This date is based on Coordinated Universal Time (UTC/GMT), which the ACE keeps internally. If you use the clock timezone command to configure a UTC offset, this field displays the UTC date and does not reflect the date with the offset as displayed by the show clock command. Examples To display the account information for all users, enter: host1/Admin# show user-account Related Commands show users (config) username show users To display the information for users that are currently logged in to the ACE, use the show users command. show users [user_name] [|] [>] | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-240 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To display the information for all users that are currently logged in to the ACE, do not specify a user with the optional user_name argument. For information about the fields in the show users command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display information for all users that are currently logged in to the ACE, enter: host1/Admin# show users Related Commands clear user show user-account (config) username show version To display the version information of system software that is loaded in flash memory and currently running on the ACE, use the show version command. show version [|] [>] user_name (Optional) Name of user. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-241 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The show version command also displays information related to the following ACE hardware components: • (ACE module only) Slot number—Slot number that the ACE occupies on the Catalyst 6500 series chassis. • CPU—Number of CPUs and type and model • Memory—Total and shared volatile memory • Flash memory—Total and used flash memory Use the show version command to verify the software version on the ACE before and after an upgrade. For information about the fields in the show version command output, see the Administration Guide, Cisco ACE Application Control Engine. Examples To display the software version information, enter: host1/Admin# show version Related Commands show tech-support | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-242 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show vlans To display the VLANs on the ACE, use the show vlans command. For the ACE module, they are downloaded from the supervisor engine in the Catalyst 6500 series switch show vlans [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show vlans command output, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. Examples To display the VLANs on the ACE, enter: host1/Admin# show vlans Related Commands This command has no related commands. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-243 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show vm-controller To display the VM controller connection statistics, use the show vm-controller command. show vm-controller [name] [detail] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To display detailed VM controller statistics, enter: host1/Admin# show vm-controller VCENTER1 detail Related Commands (config) vm-controller name Configured identifier of the VM controller. Enter the name of an existing VM controller as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. detail Displays additional fields for the vendor and the URL location of the VM controller. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module/Appliance Release Modification A4(2.0) This command was introduced.1-244 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show vnet To display information about the virtual network (VNET) device, use the show vnet command. show vnet {event-history | stats} [|] [>] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To display VNET device statistics for the control plane, enter: host1/Admin# show vnet stats Related Commands clear vnet stats event-history Displays a historic log of the most recent debug VNET messages. stats Displays detailed counters for various VNET events. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-245 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands show xlate To display information about the IP and port translation (XLATE), use the show xlate command. show xlate [global {ip_address1 [ip_address2 [/prefix-length | netmask mask1]]}] [local {ip_address3 [ip_address4 [/prefix-length2 | netmask mask2]]}] [gport port1 [port2]] [lport port1 [port2]] [|] [>] Syntax Description Command Modes Exec Admin context only Command History global ip_address1 ip_address2 (Optional) Displays information for a global IPv6 or IPv4 address or a range of global IPv6 or IPv4 addresses to which the ACE translates source addresses for static and dynamic NAT. To specify a range of IP addresses, enter a second IP address. /prefix-length IPv6 prefix length that specifies the number of bytes used for the network identifier. netmask mask (Optional) Specifies a subnet mask for the specified IP addresses. local ip_address3 ip_address4 (Optional) Displays information for a local IP address or a range of local IP addresses. To specify a range of local IP addresses, enter a second IP address. gport port1 port2 (Optional) Displays information for a global port or a range of global ports to which the ACE translates source ports for static port redirection and dynamic PAT. Enter a port number as an integer from 0 to 65535. To specify a range of port numbers, enter a second port number. lport port1 port2 (Optional) Displays information for a local port or a range of local ports. Enter a port number as an integer from 0 to 65535. To specify a range of port numbers, enter a second port number. | (Optional) Pipe character (|) for enabling an output modifier that filters the command output. For a complete description of the options available for filtering the command output, see the show command. > (Optional) Greater-than character (>) for enabling an output modifier that redirects the command output to a file. For a complete description of the options available for redirecting the command output, see the show command. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-246 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the fields in the show xlate command output, see the Security Guide, Cisco ACE Application Control Engine. Examples To display IP and XLATE information, enter: host1/Admin# show xlate global 172.27.16.3 172.27.16.10 netmask 255.255.255.0 gport 100 200 Related Commands clear xlate ssh To initiate a Secure Shell (SSH) session with another device, use the ssh command. ssh {hostname | user@hostname} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To initiate an SSH session with the host 196.168.12.10, enter: host1/Admin# ssh 196.168.12.10 To initiate an SSH session with USER1 on HOST1, enter: host1/Admin# ssh USER1@HOST1 hostname Name or IP address of the host to access. If no username is specified, the default is “admin.” Enter up to 64 alphanumeric characters. user Username on a host. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-247 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands clear ssh show ssh (config) class-map (config) login timeout (config) ssh key (config) ssh maxsessions1-248 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands system internal To generate a debug snapshot of a service, use the system internal command. system internal snapshot service {name} Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. Examples To take a snapshot of a service, enter: host1/Admin# system internal snapshot service Related Commands This command has no related commands. snapshot service Specifies debug snapshots of a service. name Name of a system service for which you want to take a snapshot. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-249 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands system watchdog To enable all system watchdogs or the specific system watchdog, use the system watchdog command. When you enter this command without an option, all watchdogs are enabled. By default, the watchdogs are enabled. Use the no form of this command to disable the system watchdogs. When you disable the low memory watchdog, its timeout is reset to its default. system watchdog [lcp | memory [timeout seconds] | scp] system no watchdog [lcp | memory | scp] Syntax Description Command Modes Exec Admin context only Command History Usage Guidelines This command requires the Admin role in the Admin context. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is intended for use by trained Cisco personnel for troubleshooting purposes only. When you are troubleshooting the ACE, disable the watchdog timeout to prevent the ACE from rebooting. lcp (Optional, ACE module only) Enables the watchdog for the LCP process. The current SCP watchdog watches this process. However, if the LCP process is not scheduled on time, this watchdog reboots the ACE. memory (Optional) Enables the low memory watchdog when the ACE memory reaches 99 percent. timeout seconds (Optional) Configures the low memory watchdog timeout in seconds. Enter a number from 5 to 180. The default is 90. To change the timeout, reenter the system watchdog memory timeout seconds command. When reenable a disabled watchdog, the timeout is reset to its default value. scp (Optional, ACE module only) Enables the watchdog that monitors the SCP keepalive messages from the hardware timer interrupt level. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(2.4) The lcp, memory and scp options were added. The system watchdog command now enables all watchdogs. Previously, it enabled only the SCP watchdog timer. ACE Appliance Release Modification A4(1.0) This command was introduced.1-250 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To enable the low memory system watchdog after it has been disabled, enter: host1/Admin# system watchdog memory To disable the low memory system watchdog, enter: host1/Admin# system no watchdog memory Related Commands show system1-251 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands tac-pac To save Technical Assistance Center (TAC) information to a local or remote location, use the tac-pac command. tac-pac [ftp://server/path[/filename] | scp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] | disk0:[path/]filename] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The TAC information that the ACE saves when using the tac-pac command is the same information that you can display using the show tech-support command. If you do not specify a directory on a file system, the default is the root directory. The output of the show tech-support command is in gzip format. We recommend that you include the .gz extension in the filename so that it can be easily unzipped from the destination filesystem. Examples To save TAC information and send the output of the show tech-support command to a remote FTP server, enter: host1/Admin# tac-pac ftp://192.168.1.2/tac-output_10-7-07.gz ftp: (Optional) Specifies the File Transfer Protocol network server as the destination. scp: (Optional) Specifies the Secure Copy network server as the destination. sftp: (Optional) Specifies the Secure File Transfer Protocol network server as the destination. tftp: (Optional) Specifies the Trivial File Transfer Protocol network server as the destination. disk0: (Optional) Specifies the disk0: file system in flash memory on the ACE as the destination. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-252 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Related Commands This command has no related commands.1-253 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands telnet To initiate a Telnet session with another network device, use the telnet command. telnet ip_address [port] Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To open a Telnet session with another network device, enter: host1/Admin# telnet 192.126.2.1 Related Commands clear telnet show telnet (config) class-map (config) login timeout ip_address IP address of the network host. Enter an IP address in dotted-decimal notation (for example, 172.16.1.10). port (Optional) Port number on network host. The range is from 0 to 2147483647. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-254 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands terminal To configure the terminal display settings, use the terminal command. terminal {length lines | monitor | no | session-timeout minutes | terminal-type text | width characters} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the show terminal command to display the current terminal settings. length lines Sets the number of lines displayed on the current terminal screen. This command is specific to the console port only. Telnet and Secure Shell (SSH) sessions set the length automatically. Valid entries are from 0 to 511. The default is 24 lines. A value of 0 instructs the ACE to scroll continuously (no pausing) and overrides the terminal width command. monitor Displays the syslog output on the terminal for the current terminal and session. To enable the various levels of syslog messages to the terminal, use the logging monitor command in configuration command mode. no Negates a command or sets it back to its default value. session-timeout minutes Specifies the session timeout value in minutes to configure the automatic logout time for the current terminal session on the ACE. When you exceed the time limit configured by this command, the ACE closes the session and exits. The range is 0 to 525600. The default is 5 minutes. You can set the terminal session-timeout value to 0 to disable this feature so that the terminal remains active until you choose to exit the ACE. The ACE does not save this change in the configuration file. terminal-type text Specifies the name and type of the terminal used to access the ACE. If a Telnet or SSH session specifies an unknown terminal type, the ACE uses the VT100 terminal by default. Specify a text string from 1 to 80 alphanumeric characters. width characters Sets the number of characters displayed on the current terminal screen. This command is specific to only the console port. Telnet and SSH sessions set the width automatically. Valid entries are from 24 to 512. The default is 80 columns. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-255 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands All terminal parameter-setting commands are set locally and do not remain in effect after you end a session. You must perform this task at the Exec prompt at each session to see the debugging messages. Examples To specify the VT100 terminal, set the number of screen lines to 35, and set the number of characters to 250, enter: host1/Admin# terminal terminal-type vt220 host1/Admin# terminal length 35 host1/Admin# terminal width 250 To specify a terminal timeout of 600 minutes for the current session, enter host1/Admin# terminal session-timeout 600 To set the width to 100 columns, enter: host1/Admin# terminal width 100 To set the width to its default of 80 columns, enter: host1/Admin# terminal no width To start the current terminal monitoring session, enter: host1/Admin# terminal monitor To stop the current terminal monitoring session, enter: host1/Admin# terminal no monitor Related Commands show terminal (config) login timeout traceroute To trace the route that an IP packet takes to a network host from the ACE, use the traceroute command. traceroute [ip | ipv6 [ip_address [size packet]] Syntax Description Command Modes Exec Admin and user contexts ip | ipv6 (Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol, it is inferred from the address. ip_address (Optional) IP address of the network host. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). size packet (Optional) Specifies the packet size. Enter a number from 40 to 452. The default is 40.1-256 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command traces the route that an IP packet follows to an Internet host by launching User Datagram Protocol (UDP) probe packets with a small time to live (TTL), and then listening for an Internet Control Message Protocol (ICMP) “time exceeded” reply from a gateway. Examples IPv6 Example To trace the IPv6 address 2001:DB8:1::2, enter the following command: host1/Admin# traceroute ipv6 2001:DB8:1::2 To terminate a traceroute session, press Ctrl-C. IPv4 Example To display the route that a packet takes from the ACE to a network host with the IP address 196.126.1.2, enter: host1/Admin# traceroute 196.126.1.2 Related Commands ping undebug all To disable all debugging, use the undebug all command. undebug all Syntax Description This command has no keywords or arguments. Command Modes Exec Admin and user contexts ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A5(1.0) Added IPv6 support.1-257 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Command History Usage Guidelines This command is available to all user roles that allow debugging and is not available to network monitor or technician users. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE debug commands are intended for use by trained Cisco personnel only. Entering these commands may cause unexpected results. Do not attempt to use these commands without guidance from Cisco support personnel. Examples To disable all debugging, enter: host1/Admin# undebug all Related Commands debug ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-258 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands untar disk0: To untar a single file with a .tar extension in the disk0: file system, use the untar command. untar disk0:[path/]filename Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The copy licenses disk0: command creates backup .tar license files on the ACE. If a license becomes corrupted or lost, or you accidently remove the license on the ACE, you can untar the license and reinstall it. You must use the untar command in the Admin context to untar a backup tar license file. Examples To untar the mylicense.tar file on disk0, enter: host1/Admin# untar disk0:mylicenses.tar Related Commands copy licenses gunzip [path/]filename Name of the .tar file on the disk0: file system. The filename must end with a .tar extension. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-259 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands write To manage persistent and nonpersistent configuration information, use the write command. write {erase | memory [all] | terminal} Syntax Description Exec Admin and user contexts Command History Usage Guidelines For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The different versions of this command require the following user role or feature in your user role: • write erase—Admin user • write memory—config-copy feature • write all—Admin user The write erase command does not remove license files or crypto files (certs and keys) from the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the crypto delete command. If you intend to use the write memory command to save the contents of the running-configuration file for the current context to the startup-configuration file, you must also specify this command in the Admin context. Saving changes to the Admin context startup-configuration file is important because the Admin context startup-configuration file contains all configurations that are used to create each user context. To write the running configuration to the startup configuration, you can also use the copy running-config startup-config command. To erase the startup configuration, you can also use the clear startup-config command. To display the running configuration, use the show running-config command. erase Erases the entire startup configuration with the exception of any configuration that affects the loader functionality. The startup configuration then reverts back to the factory-default values. The running configuration is not affected. memory Writes the running configuration to the startup configuration. all (Optional) Writes configurations for all existing contexts. This keyword is available only in the Admin context. terminal Writes the running configuration to the terminal. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-260 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands Examples To write running configuration to the startup configuration, enter: host1/Admin# write memory Related Commands clear startup-config show running-config xml-show To enable the display of raw XML request show command output in XML format, use the xml-show command. xml show {off | on | status} Syntax Description Command Modes Exec Admin and user contexts Command History Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, XML responses will automatically appear in XML format if the corresponding CLI show command output supports the XML format. However, if you are running commands on the CLI console or you are running raw XML responses from NMS, the XML responses appear in regular CLI display format. You can enable the display of raw XML request show command output in XML format by performing one of the following actions: • Specifying the xml-show on command in Exec mode from the CLI, or • Including the xml-show on command in the raw XML request itself (CLI commands included in an XML wrapper). Specification of the xml-show on command is not required if you are running true XML. off Displays CLI show command output in regular CLI display output, not in XML format. on Displays CLI show command output in XML format unless a specific show command is not implemented to display its output in XML format. status Displays the current setting of the xml-show command (on or off). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.1-261 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 1 CLI Commands Exec Mode Commands For details on the show command output supported in XML format, consult the ACE schema file, schema.xsd for the ACE module or for the ACE appliance, that is included as part of the software image (see the Administration Guide, Cisco ACE Application Control Engine). The ACE schema File contains the information on the XML attributes for those show output commands that support XML format. The off and on keywords affect only the current CLI session in use; they are session-based functions. Examples To enable the display of raw XML request show command output in XML format from the CLI, enter: host1/Admin# xml-show on Related Commands This command has no related commands.2-262 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Configuration Mode Commands Configuration mode commands allow you to configure global ACE parameters that affect the following contexts: • All contexts, when configured in the Admin context • A single user context, when configured in that context Configuration mode also allows you to access all the ACE subordinate configuration modes. These modes provide parameters to configure the major features of the ACE, including access control lists (ACLs), application protocol inspection, fragmentation and reassembly, interfaces, Network Address Translation (NAT), persistence (stickiness), protocols, redundancy, routing, scripts, Secure Sockets Layer (SSL), server load balancing (SLB), TCP/IP normalization, users, and virtualization. To access configuration mode, use the config command. The CLI prompt changes to (config). See the individual command descriptions of all the configuration mode commands on the following pages. Command Modes Exec mode Admin and user contexts Command History Usage Guidelines This command requires one or more features assigned to your user role that allow configuration, such as AAA, interface, or fault-tolerant. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To access configuration mode, enter: host1/Admin# config host1/Admin(config)# Related Commands show running-config show startup-config ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-263 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) aaa accounting default To configure the default accounting method, use the aaa accounting default command. You specify either a previously created AAA server group that identifies separate groups of Terminal Access Controller Access Control System Plus (TACACS+) or Remote Authentication Dial-In User Service (RADIUS) servers or the local database on the ACE. Use the no form of this command to remove the accounting method. aaa accounting default {group group_name} {local} {none} no aaa accounting default {group group_name} {local} {none} Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To enable user accounting to be performed using remote TACACS+ servers, followed by local login as the fallback method, enter: host1/Admin(config)# aaa accounting default group TacServer local Related Commands show aaa show accounting log (config) aaa authentication login group group_name Associates the accounting method with a TACACS+ or RADIUS server defined previously through the aaa group server command. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. local Specifies to use the local database on the ACE as the accounting method. none Specifies that the ACE does not perform password verification, which disables password verification. If you configure this option, users can log in without providing a valid password. Note Only users with an Admin role can configure the none keyword. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-264 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) aaa group server2-265 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) aaa authentication login To configure the authentication method used for login to the ACE CLI, use the aaa authentication login command. Use the no form of this command to disable the authentication method. aaa authentication login {{console | default} {{group group_name} {local} {none}}} | error-enable no aaa authentication login {{console | default} {{group group_name} {local} {none}}} | error-enable Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the error-enable option cautiously. If you specify none, any user will be able to access the ACE at any time. console Specifies the console port login authentication method, identified by the specified server group. default Specifies the default login authentication method (by console or by Telnet or Secure Shell [SSH] session) that is identified by the specified server group. group group_name Associates the login authentication process with a Terminal Access Controller Access Control System Plus (TACACS+), Remote Authentication Dial-In User Service (RADIUS), or Lightweight Directory Access Protocol (LDAP) server defined through the aaa group server command. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. local Specifies to use the local database on the ACE as the login authentication method. If the server does not respond, then the local database is used as the fallback authentication method. none Specifies that the ACE does not perform password verification. If you configure this option, users can log in to the ACE without providing a valid password. Note Only users with an Admin role can configure the none keyword. error-enable Enables the display of the login error message when the remote AAA servers fail to respond. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-266 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To view the current display status, use the show aaa authentication login error-enable command. When a user attempts to log in, and the remote AAA servers do not respond to the authentication request, the ACE processes the login sequence by switching to local user database. Examples To enable console authentication using the TACSERVER server group, followed by local login as the fallback method, enter: host1/Admin(config)# aaa authentication login console group TACSERVER local Password verification remains enabled for login authentication. To turn off password validation, enter: host1/Admin(config)# aaa authentication login console group TACSERVER local none Related Commands show aaa (config) aaa accounting default (config) aaa group server (config) aaa group server To configure independent server groups of Terminal Access Controller Access Control System Plus (TACACS+), Remote Authentication Dial-In User Service (RADIUS), or Lightweight Directory Access Protocol (LDAP) servers, use the aaa group server command. Use the no form of this command to remove a server group. aaa group server {ldap | radius | tacacs+} group_name no aaa group server {ldap | radius | tacacs+} group_name Syntax Description Command Modes Configuration mode Admin and user contexts ldap Specifies an LDAP directory server group. For information about the commands in the LDAP server configuration mode, see the “LDAP Configuration Mode Commands” section. radius Specifies a RADIUS server group. For information about the commands in the RADIUS server configuration mode, see the “RADIUS Configuration Mode Commands” section. tacacs+ Specifies a TACACS+ server group. For information about the commands in the TACACS+ server configuration mode, see the “TACACS+ Configuration Mode Commands” section. group_name Name for the LDAP, RADIUS, or TACACS+ server group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.2-267 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. A server group is a list of server hosts of a particular type. The ACE allows you to configure multiple TACACS+, RADIUS, and LDAP servers as a named server group. You group the different AAA server hosts into distinct lists. The ACE searches for the server hosts in the order in which you specify them within a group. You can configure a maximum of 10 server groups for each context in the ACE. You can configure server groups at any time, but they take effect only when you apply them to the AAA service using the aaa authentication login or the aaa accounting default commands. To create a AAA server group and access one of the three AAA server group configuration modes, enter the aaa group server ldap, aaa group server radius, or aaa group server tacacs+ command in configuration mode. The CLI prompt changes to (config-ldap), (config-radius), or (config-tacacs+). In this mode, you specify the IP address of one or more previously configured servers that you want added to or removed from the server group. Examples To create a RADIUS server group and add a previously configured RADIUS server, enter: (config)# aaa group server radius RAD_Server_Group1 host1/Admin(config-radius)# server 192.168.252.1 host1/Admin(config-radius)# server 192.168.252.2 host1/Admin(config-radius)# server 192.168.252.3 Related Commands show aaa show running-config (config) aaa accounting default (config) aaa authentication login (config) access-group To apply an IPv4 or IPv6 access control list (ACL) to the inbound direction on all VLAN interfaces in a context and make the ACL active, use the access-group command. Use the no form of this command to remove an ACL from all interfaces in a context. access-group input acl_name no access-group input acl_name ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-268 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use this command to apply an IPv6 or an IPv4 ACL to a single interface or all interfaces in a context. You must apply an ACL to an interface to allow the passing of traffic on that interface. This command enables you to apply an ACL to all interfaces in a context in the inbound direction only and to allow traffic on all interfaces simultaneously. The following considerations apply: • You can use the access-group command in configuration mode only if there are no interfaces in the context to which you have applied an ACL previously using the (config-if) access-group command in interface configuration mode. • If you have applied an ACL globally to all interfaces in a context, you cannot apply an ACL to an individual interface using the (config-if) access-group command in interface configuration mode. • You can apply one Layer 2 ACL and one Layer 3 ACL globally to all interfaces in a context. • You can apply both a Layer 3 and a Layer 2 ACL to all Layer 2 bridge-group virtual interfaces (BVIs) in a context. • On Layer 3 virtual LAN (VLAN) interfaces, you can apply only Layer 3 ACLs. You can apply one IPv6 and one IPv4 ACL in each direction on a Layer 3 VLAN interface. • In a redundant configuration, the ACE does not apply a global ACL to the FT VLAN. For details about redundancy, see the Administration Guide, Cisco ACE Application Control Engine. For complete details on ACLs, see the Security Guide, Cisco ACE Application Control Engine. Examples To apply an ACL named INBOUND to the inbound direction of all interfaces in the Admin context, enter: host1/Admin(config)# access-group input INBOUND To remove an ACL from all interfaces in the Admin context, enter: input Specifies the inbound direction of all interfaces in a context on which you want to apply the ACL acl_name Identifier of an existing ACL that you want to apply to an interface ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A5(1.0) Added IPv6 support.2-269 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands host1/Admin(config)# no access-group input INBOUND Related Commands (config-if) access-group show access-list2-270 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) access-list ethertype To configure an EtherType access control list (ACL), use the access-list ethertype command. Use the no form of this command to remove the ACL from the configuration. access-list name ethertype {deny | permit} {any | bpdu | ipv6 | mpls} no access-list name ethertype {deny | permit} {any | bpdu | ipv6 | mpls} Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can configure an ACL that controls traffic based on its EtherType. An EtherType is a subprotocol identifier. EtherType ACLs support Ethernet V2 frames. EtherType ACLs do not support 802.3-formatted frames because they use a length field instead of a type field. Bridge protocol data units (BPDUs) are exceptions because they are SNAP-encapsulated, and the ACE is designed to specifically handle BPDUs. You can permit or deny BPDUs. By default, all BPDUs are denied. The ACE receives trunk port (Cisco proprietary) BPDUs because ACE ports are trunk ports. Trunk BPDUs have VLAN information inside the payload, so the ACE modifies the payload with the outgoing VLAN if you permit BPDUs. BPDU packets are not subjected to bandwidth policing in a bridge-mode configuration. You can configure an EtherType ACL only on a Layer 2 interface in the inbound direction. name Unique identifier of the ACL. Enter an unquoted text string with a maximum of 64 alphanumeric characters. ethertype Specifies a subprotocol of type: any, bpdu, ipv6, or mpls. deny Blocks connections on the assigned interface. permit Allows connections on the assigned interface. any Specifies any EtherType. bpdu Specifies bridge protocol data units. ipv6 Specifies Internet Protocol version 6. mpls Specifies Multiprotocol Label Switching. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(2.4) BPDU packets are not subjected to bandwidth policing in a bridge-mode configuration. ACE Appliance Release Modification A1(7) This command was introduced.2-271 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands When you specify the mpls keyword in an EtherType ACL, the ACE denies or permits both MPLS-unicast and MPLS-multicast traffic. Examples To configure an ACL that controls traffic based on its EtherType, enter: (config)# access-list INBOUND ethertype permit mpls Related Commands clear access-list show access-list2-272 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) access-list extended To create an extended ACL, use the access-list extended command. The two major types of extended ACLs are as follows: • Non-ICMP ACLs • ICMP ACLs Use the no form of this command to delete the ACL. IPv6 Syntax For a non-ICMP extended ACL, the syntax is as follows: access-list name [line number] extended {deny | permit} {protocol {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length | object-group net_obj_grp_name} [operator port1 [port2]] {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length | object-group net_obj_grp_name} [operator port3 [port4]]} | {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length | object-group net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length | object-group net_obj_grp_name} no access-list name [line number] extended {deny | permit} {protocol {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length | object-group net_obj_grp_name} [operator port1 [port2]] {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length | object-group net_obj_grp_name} [operator port3 [port4]]} | {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length | object-group net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length | object-group net_obj_grp_name} For an ICMP-extended ACL, the syntax is as follows: access-list name [line number] extended {deny | permit} {icmpv6 {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length| object_group net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length| object_group network_grp_name} [icmp_type [code operator code1 [code2]]]} | {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length| object-group net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length| object-group net_obj_grp_name} no access-list name [line number] extended {deny | permit} {icmpv6 {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length| object_group net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length| object_group network_grp_name} [icmp_type [code operator code1 [code2]]]} | {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length| object-group net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length| object-group net_obj_grp_name} IPv4 Syntax For a non-ICMP extended ACL, the syntax is as follows: access-list name [line number] extended {deny | permit} {protocol {any | host src_ip_address | src_ip_address netmask | object-group net_obj_grp_name} [operator port1 [port2]] {any | host dest_ip_address | dest_ip_address netmask | object-group net_obj_grp_name} [operator port3 [port4]]}2-273 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands |{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask | object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object-group net_obj_grp_name} no access-list name [line number] extended {deny | permit} {protocol {any | host src_ip_address | src_ip_address netmask | object-group net_obj_grp_name} [operator port1 [port2]] {any | host dest_ip_address | dest_ip_address netmask | object-group net_obj_grp_name} [operator port3 [port4]]} |{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask | object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object-group net_obj_grp_name} For an ICMP-extended ACL, the syntax is as follows: access-list name [line number] extended {deny | permit} {icmp {any | host src_ip_address | src_ip_address netmask | object_group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object_group network_grp_name} [icmp_type [code operator code1 [code2]]]} |{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask | object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object-group net_obj_grp_name} no access-list name [line number] extended {deny | permit} {icmp {any | host src_ip_address | src_ip_address netmask | object_group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object_group network_obj_grp_name} [icmp_type [code operator code1 [code2]]]} |{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask | object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object-group net_obj_grp_name} Syntax Description name Unique identifier of the ACL. Enter an unquoted text string with a maximum of 64 alphanumeric characters. line number (Optional) Specifies the line number position where you want the entry that you are configuring to appear in the ACL. The position of an entry affects the lookup order of the entries in an ACL. If you do not configure the line number of an entry, the ACE applies a default increment and a line number to the entry and appends it at the end of the ACL.2-274 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands extended Specifies an extended ACL. Extended ACLs allow you to specify the destination IP address and subnet mask and other parameters not available with a standard ACL. deny Blocks connections on the assigned interface. permit Allows connections on the assigned interface. protocol Name or number of an IP protocol. Enter a protocol name or an integer from 0 to 255 that represents an IP protocol number from the following: • ah—(51) Authentication Header • eigrp—(88) Enhanced IGRP • esp—(50) Encapsulated Security Payload • gre—(47) Generic Routing Encapsulation • icmp—(1) Internet Control Message Protocol (See Table 1-1 for optional ICMPv4 messaging types) • icmpv6—(58) Internet Control Message Protocol (See Table 1-2 for optional ICMPv6 messaging types) • igmp—(2) Internet Group Management Protocol • ip—(0) Internet Protocol • ip-in-ip—(4) IP-in-IP Layer 3 tunneling protocol • ospf—(89) Open Shortest Path First • pim—(103) Protocol Independent Multicast • tcp—(6) Transmission Control Protocol • udp—(17) User Datagram Protocol any Specifies the network traffic from any IPv4 source. anyv6 Specifies the network traffic from any IPv6 source. host src_ipv6_address Specifies the IPv6 address of the host from which the network traffic originates. Use this keyword and argument to specify the network traffic from a single IPv6 address. host src_ip_address Specifies the IP address of the host from which network traffic originates. Use this keyword and argument to specify the network traffic from a single IP address. src_ipv6_address/ prefix_length Traffic from a source defined by the IPv6 address and the prefix length. Use these arguments to specify network traffic from a range of IPv6 source addresses. src_ip_address netmask Traffic from a source defined by the IP address and the network mask. Use these arguments to specify the network traffic from a range of source IP addresses. object-group network_obj_grp_ name Specifies the identifier of an existing source network object group. To use object groups in an ACL, replace the normal network (source_address, mask, and so on), service (protocol operator port) or ICMP type (icmp_type) arguments with an object-group name. 2-275 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands operator (Optional) Operand used to compare source and destination port numbers for TCP, TCP-UDP, and UDP protocols. The operators are as follows: • eq—Equal to. • gt—Greater than. • lt—Less than. • neq—Not equal to. • range—An inclusive range of port values. If you entered the range operator, enter a second port number value to define the upper limit of the range. port1 [port2] TCP or UDP source port name or number from which you permit or deny services access. Enter an integer from 0 to 65535. To enter an inclusive range of ports, enter two port numbers. Port2 must be greater than or equal to port1. See Table 1-3 for a list of well-known TCP port names and numbers and Table 1-4 for a list of well-known UDP port names and numbers. dest_ipv6_address/ prefix_length IPv6 address of the network or host to which the packet is being sent and the prefix length of the IPv6 destination address. Use these arguments to specify a range of IPv6 destination addresses. dest_ip_address netmask Specifies the IP address of the network or host to which the packet is being sent and the network mask bits that are to be applied to the destination IP address. Use these arguments to specify a range of destination IP addresses. anyv6 Specifies the network traffic that goes to any IPv6 destination. any Specifies the network traffic going to any destination. host dest_ipv6_address Specifies the IPv6 address of the destination of the packets in a flow. Use this keyword and argument to specify the network traffic destined to a single IPv6 address. host destination_ address Specifies the IP address and subnet mask of the destination of the packets in a flow. Use this keyword and argument to specify the network traffic destined to a single IP address. operator (Optional) Operand used to compare source and destination port numbers for TCP, TCP-UDP, and UDP protocols. The operators are as follows: • lt—Less than. • gt—Greater than. • eq—Equal to. • neq—Not equal to. • range—An inclusive range of port values. If you enter this operator, enter a second port number value to define the upper limit of the range. port3 [port4] TCP or UDP destination port name or number to which you permit or deny access to services. To enter an optional inclusive range of ports, enter two port numbers. Port4 must be greater than or equal to port3. See Table 1-3 for a list of well-known ports. icmp_type (Optional) Type of ICMP messaging. Enter either an integer that corresponds to the ICMP code number or one of the ICMP types as described in Table 1-1. code (Optional) Specifies that a numeric operator and ICMP code follows. 2-276 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE does not explicitly support standard ACLs. To configure a standard ACL, specify the destination addresses as “any” and do not specify ports in an extended ACL. For the source IP address and destination IP address netmasks, the ACE supports only standard subnet mask entries in an ACL. Wildcard entries and non-standard subnet masks are not supported. For TCP and UDP connections, you do not need to also apply an ACL on the destination interface to allow returning traffic, because the ACE allows all returning traffic for established connections. You can apply only one extended ACL to each direction (inbound or outbound) of an interface. You can also apply the same ACL on multiple interfaces.You can apply EtherType ACLs only in the inbound direction and only on Layer 2 interfaces. operator An operator that the ACE applies to the ICMP code number that follows. Enter one of the following operators: • lt—Less than. • gt—Greater than. • eq—Equal to. • neq—Not equal to. • range—An inclusive range of ICMP code values. When you use this operator, specify two code numbers to define the range. code1, code2 ICMP code number that corresponds to an ICMP type. See Table 1-3. If you entered the range operator, enter a second ICMP code value to define the upper limit of the range. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised with the object-group keyword and associated keywords and arguments. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A2(1.0) This command was revised with the object-group keyword and associated keywords and arguments. A5(1.0) Added IPv6 support.2-277 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands If you create an ICMP extended ACL, you can optionally specify the type of ICMP messaging. Enter either an integer that corresponds to the ICMP code number or one of the ICMP messaging types as described in Table 1-1 (ICMPv4) and Table 1-2 (ICMPv6). ACLs have no effect on neighbor discovery (ND) packets and they are always permitted to and through the ACE. For more information about ND, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. Ta b l e 1-1 ICMPv4 Types ICMPv4 Code Number ICMPv4 Type 0 echo-reply 3 unreachable 4 source-quench 5 redirect 6 alternate-address 8 echo 9 router-advertisement 10 router-solicitation 11 time-exceeded 12 parameter-problem 13 timestamp-request 14 timestamp-reply 15 information-request 16 information-reply 17 mask-request 18 mask-reply 30 traceroute 31 conversion-error 32 mobile-redirect Ta b l e 1-2 ICMPv6 Types ICMPv6 Code Number ICMPv6 Type 1 unreachable 3 time-exceeded 4 parameter-problem 30 traceroute 128 echo 129 echo-reply 137 redirect2-278 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands 139 information-request 140 information-reply Ta b l e 1-3 Well-Known TCP Port Numbers and Key Words Keyword Port Number Description aol 5190 America-Online bgp 179 Border Gateway Protocol chargen 19 Character Generator citrix-ica 1494 Citrix Independent Computing Architecture protocol cmd 514 Same as exec, with automatic authentication ctiqbe 2748 Computer Telephony Interface Quick Buffer Encoding daytime 13 Daytime discard 9 Discard domain 53 Domain Name System echo 7 Echo exec 512 Exec (RSH) finger 79 Finger ftp 21 File Transfer Protocol ftp-data 20 FTP data connections gopher 70 Gopher hostname 101 NIC hostname server http 80 Hyper Text Transfer Protocol https 443 HTTP over TLS/SSL ident 113 Ident Protocol imap4 143 Internet Message Access Protocol, version 4 irc 194 Internet Relay Chat kerberos 88 Kerberos klogin 543 Kerberos Login kshell 544 Kerberos Shell ldap 389 Lightweight Directory Access Protocol ldaps 636 LDAP over TLS/SSL login 513 Login (rlogin) lotusnotes 1352 IBM Lotus Notes Table 1-2 ICMPv6 Types (continued) ICMPv6 Code Number ICMPv6 Type2-279 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands lpd 515 Printer Service matip-a 350 Mapping of Airline Traffic over Internet Protocol (MATIP) Type A netbios-ssn 139 NetBIOS Session Service nntp 119 Network News Transport Protocol pcanywhere-data 5631 PC Anywhere data pim-auto-rp 496 PIM Auto-RP pop2 109 Post Office Protocol v2 pop3 110 Post Office Protocol v3 pptp 1723 Point-to-Point Tunneling Protocol, RFC 2637 rtsp 554 Real Time Streaming Protocol sip 5060 Session Initiation Protocol skinny 2000 Cisco Skinny Client Control Protocol (SCCP) smtp 25 Simple Mail Transfer Protocol sqlnet 1521 Structured Query Language Network ssh 22 Secure Shell sunrpc 111 Sun Remote Procedure Call tacacs 49 Terminal Access Controller Access Control System talk 517 Talk telnet 23 Telnet time 37 Time uucp 540 UNIX-to-UNIX Copy Program whois 43 Nicname www 80 World Wide Web (HTTP) Ta b l e 1-4 Well-Known UDP Key Words and Port Numbers Keyword Port Number Description biff 512 Mail notification bootpc 68 Bootstrap Protocol client bootps 67 Bootstrap Protocol server discard 9 Discard dnsix 195 DNSIX Security protocol auditing (dn6-nlm-aud) domain 53 Domain Name System Table 1-3 Well-Known TCP Port Numbers and Key Words (continued) Keyword Port Number Description2-280 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples IPv6 Examples To configure an IPv6 TCP extended ACL, enter: host1/Admin(config)# access-list INBOUND line 10 extended permit tcp 2001:DB8:1::1/64 gt 1024 2001:DB8:2::1 lt 4000 To remove an entry from an extended ACL, enter: echo 7 Echo isakmp 500 Internet Security Association Key Management Protocol kerberos 88 Kerberos mobile-ip 434 Mobile IP registration nameserver 42 Host Name Server netbios-dgm 138 NetBIOS datagram service netbios-ns 137 NetBIOS name service netbios-ssn 139 NetBIOS Session Service ntp 123 Network Time Protocol pcanywherestatus 5632 PC Anywhere status radius 1812 Remote Authentication Dial-in User Service radius-acct 1813 RADIUS Accounting rip 520 Routing Information Protocol snmp 161 Simple Network Management Protocol snmptrap 162 SNMP Traps sunrpc 111 Sun Remote Procedure Call syslog 514 System Logger tacacs 49 Terminal Access Controller Access Control System talk 517 Talk tftp 69 Trivial File Transfer Protocol time 37 Time who 513 Who service (rwho) wsp 9200 Connectionless Wireless Session Protocol wsp-wtls 9202 Secure Connectionless WSP wsp-wtp 9201 Connection-based WSP wsp-wtp-wtls 9203 Secure Connection-based WSP xdmcp 177 X Display Manager Control Protocol Table 1-4 Well-Known UDP Key Words and Port Numbers (continued) Keyword Port Number Description2-281 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands host1/Admin(config)# no access-list INBOUND line 10 To control a ping, specify echo (128) (host to ACE). To allow an external host with IP address 2001:DB8:1::2 to ping a host behind the ACE with an IP address of FC00:ABCD:1:2::5, enter: host1/Admin(config)# access-list INBOUND extended permit icmpv6 host 2001:DB8:1::2 host FC00:ABCD:1:2::5 echo code eq 0 To remove an entry from an ICMP ACL, enter: host1/Admin(config)# no access-list INBOUND extended permit icmpv6 host 2001:DB8:1::2 echo IPv4 Examples To configure a TCP extended ACL, enter: host1/Admin(config)# access-list INBOUND line 10 extended permit tcp 192.168.12.0 255.255.255.0 gt 1024 172.27.16.0 255.255.255.0 lt 4000 To remove an entry from an extended ACL, enter: host1/Admin(config)# no access-list INBOUND line 10 To allow an external host with IP address 192.168.12.5 to be able to ping a host behind the ACE with an IP address of 10.0.0.5, enter: (config)# access-list INBOUND extended permit icmp host 192.168.12.5 host 10.0.0.5 echo code eq 0 To remove an entry from an ICMP ACL, enter: (config)# no access-list INBOUND extended permit icmp host 192.168.12.5 echo To use object groups for all available parameters, enter: ISM/Admin(config)# access-list acl_name extended {deny | permit} object-group service_grp_name object-group network_grp_name object-group network_grp_name Related Commands clear access-list show access-list (config) access-list remark You can add comments about an access control list (ACL) to clarify the function of the ACL. To add a comment to an ACL, use the access-list remark command. You can enter only one comment per ACL and the comment appears at the top of the ACL. Use the no form of this command to remove an ACL remark. access-list name remark text no access-list name remark text2-282 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you delete an ACL using the no access-list name command, then the remarks are also removed. Examples To add an entry comment to an ACL, enter: host1/Admin(config)# access-list INBOUND remark This is a remark To remove entry comments from an ACL, enter: (config)# no access-list INBOUND line 200 remark Related Commands clear access-list show access-list (config) access-list resequence To resequence the entries in an extended access control list (ACL) with a specific starting number and interval, use the access-list resequence command. Use the no form of this command to reset the number assigned to an ACL entry to the default of 10. access-list name resequence number1 number2 no access-list name resequence number1 number2 name Unique identifier of the ACL. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. line number (Optional) Specifies the line number position where you want the comments to appear in the ACL. If you do not specify a line number, the ACE applies a default increment and a line number to the remark and appends it at the end of the ACL. remark text Specifies any comments that you want to include about the ACL. Comments appear at the top of the ACL. Enter an unquoted text string with a maximum of 100 alphanumeric characters. You can enter leading spaces at the beginning of the text. Trailing spaces are ignored. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-283 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ability to resequence entries in an ACL is supported only for extended ACLs. Examples For example, to assign the number 5 to the first entry in the access list INBOUND and then number each succeeding entry by adding 15 to the preceding entry line number, enter: host1/Admin(config)# access-list INBOUND resequence 5 15 Related Commands clear access-list show access-list (config) action-list type modify http Action list modify configuration mode commands allow you to configure ACE action lists. An action list is a named group of actions that you associate with a Layer 7 HTTP class map in a Layer 7 HTTP policy map. You can create an action list to modify an HTTP header or to rewrite an HTTP redirect URL for SSL. For information about the commands in action list modify configuration mode, see the “Action List Modify Configuration Mode Commands” section. To create an action list, use the action-list type modify http command. The CLI prompt changes to (config-actlist-modify). Use the no form of this command to remove the action list from the configuration. action-list type modify http name name Unique identifier of the ACL. Enter an unquoted text string with a maximum of 64 alphanumeric characters. resequence Specifies the renumbering of the entries in an ACL. number1 Number assigned to the first entry in the ACL. Enter any integer. The default is 10. number2 Number added to each entry in the ACL after the first entry. Enter any integer. The default is 10. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-284 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands no action-list type modify http name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command has no usage guidelines. Examples To create an action list, enter: host1/Admin(config)# action-list type modify http HTTP_MODIFY_ACTLIST host1/Admin(config-actlist-modify)# To remove the action list from the configuration, enter: host1/Admin(config)# no action-list type modify http HTTP_MODIFY_ACTLIST Related Commands show running-config show stats name Unique name for the action list. Enter an unquoted text string with a maximum of 64 alphanumeric characters. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.2-285 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) action-list type optimization http (ACE appliance only) Action list optimization configuration mode commands allow you to configure ACE action lists. An action list is a named group of actions that you associate with a Layer 7 HTTP optimization policy map. The action-list type command allows you to configure a series of application acceleration and optimization statements. After you enter this command, the system enters the action list optimization configuration mode. For information about the commands in action list optimization configuration mode, see the “Action List Optimization Configuration Mode Commands” section. To create an optimization action map for performing application acceleration and optimization, use the action-list type command in global configuration mode. The CLI prompt changes to (config-actlist-optm). Use the no form of this command to remove an action list from the ACE. action-list type optimization http list_name no action-list type optimization http list_name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines The commands in this mode require the loadbalance feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. After you configure the action list, you associate it with a specific statement in a Layer 7 HTTP optimization policy map. The Layer 7 optimization HTTP policy map activates an optimization HTTP action list that allows you to configure the specified optimization actions. For information about the commands in action list optimization configuration mode, see the “Action List Optimization Configuration Mode Commands” section. For details about configuring the commands in the action list optimization configuration mode, see the Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide. optimization http Specifies an optimization HTTP action list. After you create the optimization HTTP type action list, you configure application acceleration and optimization functions in the action list optimization configuration mode. For information about the commands in action list optimization configuration mode, see the “Action List Optimization Configuration Mode Commands” section. list_name Name assigned to the action list. Enter a unique name as an unquoted text string with a maximum of 64 alphanumeric characters. ACE Appliance Release Modification A1(7) This command was introduced.2-286 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To create an optimization HTTP action list, enter: host1/Admin(config)# action-list type optimization http ACT_LIST1 host1/Admin(config-actlist-optm)# To remove the action list from the configuration, enter: host1/Admin(config)# no action-list type optimization http ACT_LIST1 Related Commands show action-list show running-config (config) parameter-map type (config) policy-map2-287 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) arp To configure the Address Resolution Protocol (ARP) on the ACE to manage and map IP to Media Access Control (MAC) information to forward and transmit packets, use the arp command. Use the no form of this command to remove the ARP entry or reset a default value. arp {ip_address mac_address | interval seconds | inspection enable [flood | no flood] | learned-interval seconds | learned-mode enable | rate seconds | ratelimit pps | retries number | sync disable | sync-interval seconds} no arp {ip_address mac_address | interval | inspection enable | learned-interval | learned-mode enable | rate | ratelimit | retries | sync disable | sync-interval} Syntax Description Command Modes Configuration mode ip_address mac_address Static ARP entry in the ARP table that allows ARP responses from an IP address to a MAC address. Enter the IP address in dotted-decimal notation (for example, 172.16.56.76). Enter the MAC address in dotted-hexadecimal notation (for example, 00.60.97.d5.26.ab). interval seconds Specifies the interval in seconds that the ACE sends ARP requests to the configured hosts. Enter a number from 15 to 31526000. The default is 300. inspection enable Enables ARP inspection, preventing malicious users from impersonating other hosts or routers, known as ARP spoofing. The default is disabled. flood (Optional) Enables ARP forwarding of nonmatching ARP packets. The ACE forwards all ARP packets to all interfaces in the bridge group. This is the default setting. no flood (Optional) Disables ARP forwarding for the interface and drops non-matching ARP packets. learned-interval seconds Sets the interval in seconds when the ACE sends ARP requests for learned hosts. Enter a number from 60 to 31536000. The default is 14400. learned-mode enable Enables the ACE to learn MAC addresses if the command has been disabled. By default, for bridged traffic, the ACE learns MAC addresses from all traffic. For routed traffic, the ACE learns MAC addresses only from ARP response packets or from packets that are destined to the ACE (for example, a ping to a VIP or a ping to a VLAN interface). rate seconds Specifies the time interval in seconds between ARP retry attempts to hosts. Enter a number from 1 to 60. The default is 10. ratelimit pps Specifies the rate limit in packets per second for gratuitous ARPs sent by the ACE. Enter a number from 100 to 8192. The default is 512. Note that this keyword applies to the entire ACE. retries number Specifies the number of ARP attempts before the ACE flags the host as down. Enter a number from 2 to 15. The default is 3. sync disable Disables the replication of ARP entries. By default, ARP entry replication is enabled. sync-interval seconds Specifies the time interval between ARP sync messages for learned hosts. Enter an integer from 1 to 3600 seconds (1 hour). The default is 5 seconds.2-288 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Admin and user contexts. The ratelimit keyword is available in the Admin context only. Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The static arp command in configuration mode now allows the configuration of the multicast MAC address for a host. The ACE uses this multicast MAC address while sending packets to the host. This enhancement allows the support of deployments that involve clustering (for example Checkpoint clustering). A host can be assigned an multicast MAC address with the arp command. The ACE does not learn the multicast MAC addresses for a host. ARP inspection operates only on ingress bridged interfaces. By default, ARP inspection is disabled on all interfaces, allowing all ARP packets through the ACE. When you enable ARP inspection, the ACE uses the IP address and interface ID (ifID) of an incoming ARP packet as an index into the ARP table. The ACE then compares the MAC address of the ARP packet with the MAC address in the indexed static ARP entry in the ARP table and takes the following actions: • If the IP address, source ifID, and MAC address match a static ARP entry, the inspection succeeds and the ACE allows the packet to pass. • If the IP address and interface of the incoming ARP packet match a static ARP entry, but the MAC address of the packet does not match the MAC address that you configured in that static ARP entry, ARP inspection fails and the ACE drops the packet. • If the ARP packet does not match any static entries in the ARP table or there are no static entries in the table, then you can set the ACE to either forward the packet out all interfaces (flood) or to drop the packet (no-flood). In this case, the source IP address to MAC address mapping is new to the ACE. If you enter the flood option, the ACE creates a new ARP entry and marks it as LEARNED. If you enter the no-flood option, the ACE drops the ARP packet. The ARP rate limit applies to all gratuitous ARPs sent for local addresses on new configurations, ACE reboot, and on MAC address changes. When you change the ARP request internal for learned hosts and configured hosts, the new timeout does not take effect until the existing time is reached. If you want the new timeout to take effect immediately, enter the clear arp command to apply the new ARP interval (see the clear arp command). For more information, see the Routing and Bridging Guide, Cisco ACE Application Control Engine ACE Module Release Modification 3.0(0)A1(2) This command was introduced. 3.0(0)A1(3) This command was revised with the sync disable and sync-interval keywords. 3.0(0)A1(6.2a) This command was revised with the ratelimit keyword. A2(3.2) The static arp this command now allows the configuration of a multicast MAC address. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.6) The static arp this command now allows the configuration of a multicast MAC address. 2-289 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To allow ARP responses from the router at 10.1.1.1 with the MAC address 00.02.9a.3b.94.d9, enter: host1/contexta(config)# arp 10.1.1.1 00.02.9a.3b.94.d9 To remove a static ARP entry, enter: host1/contexta(config)# no arp 10.1.1.1 00.02.9a.3b.94.d9 To enable ARP inspection and to drop all nonmatching ARP packets, enter: host1/contexta(config)# arp inspection enable no-flood To configure the retry attempt interval of 15 seconds, enter: host1/contexta(config)# arp rate 15 To reset the retry attempt interval to the default of 10 seconds, enter: host1/contexta(config)# no arp rate To disable the replication of ARP entries, enter: host1/contexta(config)# sync disable Related Commands clear arp show arp (config) banner Use the banner command to specify a message to display as the message-of-the-day banner when a user connects to the ACE CLI. Use the no form of this command to delete or replace a banner or a line in a multiline banner. banner motd text no banner motd text Syntax Description Command Modes Configuration mode Admin and user contexts motd Configures the system to display as the message-of-the-day banner when a user connects to the ACE. text Line of message text to be displayed as the message-of-the-day banner. The text string consists of all characters that follow the first space until the end of the line (carriage return or line feed). The # character functions as the delimiting character for each line. For the banner text, spaces are allowed but tabs cannot be entered at the CLI. Multiple lines in a message-of-the-day banner are handled by entering a new banner command for each line that you wish to add. The banner message is a maximum of 80 alphanumeric characters per line, up to a maximum of 3000 characters (3000 bytes) total for a message-of-the-day banner. This maximum value includes all line feeds and the last delimiting character in the message.2-290 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To replace a banner or a line in a multiline banner, use the no banner motd command before adding the new lines. To add multiple lines in a message-of-the-day banner, precede each line by the banner motd command. The ACE appends each line to the end of the existing banner. If the text is empty, the ACE adds a carriage return (CR) to the banner. You can include tokens in the form $(token) in the message text. Tokens will be replaced with the corresponding configuration variable, as follows: • $(hostname)—Displays the hostname for the ACE during run time. • $(line)—Displays the tty (teletypewriter) line or name (for example, /dev/console, /dev/pts/0, or 1). To use the $(hostname) in single line banner motd input, include double quotation marks (“) around the $(hostname) so that the $ is interpreted to a special character for the beginning of a variable in the single line. An example is as follows: switch/Admin(config)# banner motd #Welcome to “$(hostname)”...# Do not use the double quotation mark (“) or the percent sign (%) as a delimiting character in a single line message string. Do not use the delimiting character in the message string. For multiline input, double quotation marks (“) are not required for the token because the input mode is different from the signal line mode. The ACE treats the double quotation mark (“) as a regular character when you operate in multiline mode. Examples To add a message-of-the-day banner, enter: host1/Admin(config)# banner motd #Welcome to the “$(hostname)”. host1/Admin(config)# banner motd Contact me at admin@admin.com for any host1/Admin(config)# banner motd issues.# Related Commands show banner motd (config) boot system image: To set the BOOT environment variable, use the boot system image: command. Use the no form of this command to remove the name of the system image file. boot system image:filename no boot system image:filename ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-291 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can add several images to the BOOT environment variable to provide a fail-safe boot configuration. If the first file fails to boot the ACE, subsequent images that are specified in the BOOT environment variable are tried until the ACE boots or there are no additional images to attempt to boot. If there is no valid image to boot, the ACE enters ROM-monitor mode where you can manually specify an image to boot. The ACE stores and executes images in the order in which you added them to the BOOT environment variable. If you want to change the order in which images are tried at startup, you can either prepend and clear images from the BOOT environment variable to attain the desired order or you can clear the entire BOOT environment variable and then redefine the list in the desired order. If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the boot string, and this message displays: Warning: File not found but still added in the bootstring. If the file does exist, but is not a valid image, the file is not added to the bootstring, and this message displays: Warning: file found but it is not a valid boot image. Examples ACE Module Example To set the BOOT environment variable, enter: host1/Admin(config)# boot system image:sb-ace.REL_1_0_0 ACE Appliance Example To set the BOOT environment variable, enter: host1/Admin(config)# boot system image:ace-t1k9-mzg.3.1.0.bin Related Commands show bootvar (config) config-register filename Name of the system image file. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-292 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) buffer threshold To set threshold levels for the NP buffers in the active and the standby ACEs and cause the active ACE to reboot if the thresholds are reached or exceeded, use the buffer threshold command. Use the no form of this command to . buffer threshold active number1 standby number2 action reload no buffer threshold active number1 standby number2 action reload Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE checks the status of NP buffer usage every five seconds to initiate the reload action if the buffer threshold is configured and reached, and to generate syslogs if necessary. If the buffer threshold command is configured and if the NP buffer usage reaches or exceeds the threshold, the ACE reloads. In a redundant configuration, a switchover occurs and the former standby ACE becomes the active ACE. In the absence of this command, the automatic reload feature is disabled. You can also use this command in a stand-alone ACE. Examples To specify the active NP buffer utilization threshold as 88 percent and the standby NP buffer utilization threshold as 40 percent, enter the following command: active number1 Specifies the buffer threshold for the active redundant ACE or stand-alone ACE as a percentage. Enter 50, 75, 88, 95, or 100. There is no default value. In a redundant configuration, if the buffer usage of any NP reaches or exceeds the threshold and each of the NP’s buffer usage in the standby ACE is below the configured standby threshold, the active ACE reboots and a switchover occurs. For a standalone ACE, if any of the NP’s buffer usage exceeds the active value, then the ACE reboots. standby number Specifies the buffer threshold for the standby redundant ACE. Enter 10, 20, 30, 40, 50. There is no default value. In a redundant configuration, if the active ACE buffer usage reaches or exceeds the configured active threshold and the standby ACE buffer usage reaches or exceeds the standby threshold, the active ACE does not reboot and no switchover occurs. For a reload and a switchover to occur, the standby buffer usage of all NPs must be less than the configured standby threshold value. action reload Specifies that the ACE reloads when the buffer utilization exceeds the configured threshold. In a redundant configuration, a switchover occurs upon reload of the active ACE. ACE Release Modification A5(1.0) This command was introduced.2-293 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands host1/Admin(config)# buffer threshold active 88 standby 40 action reload Related Commands show np2-294 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) class-map To create a Layer 3 and Layer 4 or a Layer 7 class map, use the class-map command. Use the no form of the command to remove a class map from the ACE. class-map [match-all | match-any] map_name class-map type {ftp inspect match-any | generic {match-all | match-any}} map_name class-map type {http {inspect | loadbalance} | management | radius loadbalance | rtsp loadbalance | sip {inspect | loadbalance}} [match-all | match-any] map_name no class-map [match-all | match-any] map_name no class-map type {ftp inspect match-any | generic {match-all | match-any}} map_name no class-map type {http {inspect | loadbalance} | management | radius loadbalance | rtsp loadbalance | sip {inspect | loadbalance}} [match-all | match-any] map_name Syntax Description match-all Determines how the ACE evaluates Layer 3 and Layer 4 network traffic when multiple match criteria exist in a class map. The class map is considered a match if all the match criteria listed in the class map match the network traffic class in the class map (typically, match commands of different types). The default setting is to meet all of the match criteria (match-all) in a class map. match-any Determines how the ACE evaluates Layer 3 and Layer 4 network traffic when multiple match criteria exist in a class map. The class map is considered a match if only one of the match criteria listed in the class map matches the network traffic class in the class map (typically, match commands of the same type). The default setting is to meet all of the match criteria (match-all) in a class map. map_name Name assigned to the class map. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. For a Layer 3 and Layer 4 class map, you enter the class map configuration mode and the prompt changes to (config-cmap). type Specifies the class map type that is to be defined. When you specify a class map type, you enter its corresponding class map configuration mode (for example, HTTP inspection configuration mode). ftp inspect Specifies a Layer 7 class map for the inspection of File Transfer Protocol (FTP) request commands. For information about commands in FTP inspection configuration mode, see the “Class Map FTP Inspection Configuration Mode Commands” section. generic Specifies a Layer 7 class map for generic TCP or UDP data parsing. For information about commands in class map generic configuration mode, see the “Class Map Generic Configuration Mode Commands” section. http inspect | loadbalance Specifies a Layer 7 class map for HTTP server load balancing (loadbalance keyword) or a Layer 7 class map for the HTTP deep packet application protocol inspection (inspect keyword) of traffic through the ACE. For information about commands in class map HTTP inspection configuration mode, see the “Class Map HTTP Inspection Configuration Mode Commands” section. For information about commands in class map HTTP server load-balancing configuration mode, see the “Class Map HTTP Load Balancing Configuration Mode Commands” section.2-295 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the inspect, loadbalance, NAT, connection, SSL, or vip feature in your user role, depending on the type of class map that you want to configure. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the class map configuration mode commands to create class maps that classify inbound network traffic destined to, or passing through, the ACE based on a series of flow match criteria specified in the class map. The CLI prompt changes correspondingly to the selected class map configuration mode, for example, (config-cmap), (config-cmap-ftp-insp), (config-cmap-http-lb), or (config-cmap-mgmt). A Layer 3 and Layer 4 class map contains match criteria that classifies the following: • Network traffic that can pass through the ACE based on source or destination IP address, source or destination port, or IP protocol and port management Specifies a Layer 3 and Layer 4 class map to classify the IP network management protocols received by the ACE. For information about commands in class map management configuration mode, see the “Class Map Management Configuration Mode Commands” section. radius loadbalance Specifies a Layer 7 class map for RADIUS server load balancing of traffic through the ACE. For information about commands in RADIUS server load-balancing configuration mode, see the “Class Map RADIUS Load Balancing Configuration Mode Commands” section. rtsp loadbalance Specifies a Layer 7 class map for RTSP server load balancing of traffic through the ACE. For information about commands in RTSP server load-balancing configuration mode, see the “Class Map RTSP Load Balancing Configuration Mode Commands” section. sip inspect | loadbalance Specifies a Layer 7 class map for SIP server load balancing (loadbalance keyword) or a Layer 7 class map for the SIP deep packet application protocol inspection (inspect keyword) of traffic through the ACE. For information about commands in class map SIP inspection configuration mode, see the “Class Map SIP Inspection Configuration Mode Commands” section. For information about commands in class map SIP server load-balancing configuration mode, see the “Class Map SIP Load Balancing Configuration Mode Commands” section. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised.2-296 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands • Network management traffic that can be received by the ACE based on the HTTP, HTTPS, ICMP, SNMP, SSH, or Telnet protocols A Layer 7 class map contains match criteria that classifies specific Layer 7 protocol information. The match criteria enables the ACE to do the following: • Perform server load balancing based on the HTTP cookie, the HTTP header, the HTTP URL, protocol header fields, or source IP addresses • Perform deep packet inspection of the HTTP protocol • Perform FTP request command filtering The ACE supports a system-wide maximum of 8192 class maps. For details about creating a class map, see the Administration Guide, Cisco ACE Application Control Engine. When multiple match criteria exist in the traffic class, you can identify evaluation instructions using the match-any or match-all keywords. If you specify match-any, the traffic that is evaluated must match one of the specified criteria (typically, match commands of the same type). If you specify match-all, the traffic that is evaluated must match all of the specified criteria (typically, match commands of different types). Examples To create a Layer 3 and Layer 4 class map named L4VIP_CLASS that specifies the network traffic that can pass through the ACE for server load balancing, enter: host1/Admin(config)# class-map match-all L4VIP_CLASS host1/Admin(config-cmap)# To create a Layer 3 and Layer 4 class map named MGMT-ACCESS_CLASS that classifies the network management protocols that can be received by the ACE, enter: host1/Admin(config)# class-map type management match-any MGMT-ACCESS_CLASS host1/Admin(config-cmap-mgmt)# To create a Layer 7 class map named L7SLB_CLASS that performs HTTP server load balancing, enter: host1/Admin(config)# class-map type http loadbalance match-any L7SLB_CLASS host1/Admin(config-cmap-http-lb)# To create a Layer 7 class map named HTTP_INSPECT_L7CLASS that performs HTTP deep packet inspection, enter: (config)# class-map type http inspect match-any HTTP_INSPECT_L7CLASS host1/Admin(config-cmap-http-insp)# To create a Layer 7 class map named FTP_INSPECT_L7CLASS that performs FTP command inspection, enter: host1/Admin(config)# class-map type ftp inspect match-any FTP_INSPECT_L7CLASS host1/Admin(config-cmap-ftp-insp)# Related Commands show startup-config (config) policy-map (config) service-policy2-297 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) clock timezone To set the time zone, use the clock timezone command. Use the no form of this command to configure independent server groups of Terminal Access Controller Access Control System Plus (TACACS+), Remote Authentication Dial-In User Service (RADIUS), or Lightweight Directory Access Protocol (LDAP) servers. clock timezone {zone_name {+ | –} hours minutes} | {standard time_zone} no clock timezone Syntax Description Command Modes Configuration mode Admin context only zone_name 8-letter name of the time zone (for example, PDT) to be displayed when the time zone is in effect. See Table 1-5 in the “Usage Guidelines” section for a list of the common time zone acronyms used for this argument. hours Hours offset from Coordinated Universal Time (UTC). minutes Minutes offset from UTC. Range is from 0 to 59 minutes. standard time_zone Sets the time to a standard time zone that include an applicable UTC hours offset. Enter one of the following well-known time zones: • ACST—Australian Central Standard Time as UTC + 9.5 hours • AKST—Alaska Standard Time as UTC –9 hours • AST—Atlantic Standard Time as UTC –4 hours • BST—British Summer Time as UTC + 1 hour • CEST—Central Europe Summer Time as UTC + 2 hours • CET—Central Europe Time as UTC + 1 hour • CST—Central Standard Time as UTC –6 hours • EEST—Eastern Europe Summer Time as UTC + 3 hours • EET—Eastern Europe Time as UTC + 2 hours • EST—Eastern Standard Time as UTC –5 hours • GMT—Greenwich Mean Time as UTC • HST—Hawaiian Standard Time as UTC –10 hours • IST—Irish Summer Time as UTC + 1 hour • MSD—Moscow Summer Time as UTC + 4 hours • MSK—Moscow Time as UTC + 3 hours • MST—Mountain Standard Time as UTC –7 hours • PST—Pacific Standard Time as UTC –8 hours • WEST—Western Europe Summer Time as UTC + 1 hour • WST—Western Standard Time as UTC + 8 hours2-298 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines The ACE keeps time internally in Universal Time Coordinated (UTC) offset, so this command is used only for display purposes and when the time is set manually. This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Table 1-5 lists common time zone acronyms used for the zone_name argument. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) The ACST keyword was introduced. It replaced the CST keyword, as UTC +9.5 hours. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) The ACST keyword was introduced. It replaced the CST keyword, as UTC +9.5 hours. Ta b l e 1-5 Time Zone Acronyms Acronym Time Zone Name and UTC Offset Europe BST British Summer Time as UTC + 1 hour CET Central Europe Time as UTC + 1 hour CEST Central Europe Summer Time as UTC + 2 hours EET Eastern Europe Time as UTC + 2 hours EEST Eastern Europe Summer Time as UTC + 3 hours GMT Greenwich Mean Time as UTC IST Irish Summer Time as UTC + 1 hour MSK Moscow Time as UTC + 3 hours MSD Moscow Summer Time as UTC + 4 hours WET Western Europe Time as UTC WEST Western Europe Summer Time as UTC + 1 hour United States and Canada AST Atlantic Standard Time as UTC –4 hours ADT Atlantic Daylight Time as UTC –3 hours CT Central Time, either as CST or CDT, depending on the place and time of the year CST Central Standard Time as UTC –6 hours CDT Central Daylight Saving Time as UTC –5 hours ET Eastern Time, either as EST or EDT, depending on the place and time of the year2-299 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To set the time zone to PST and to set an UTC offset of –8 hours, enter: host1/Admin(config)# clock timezone PST -8 0 To remove the clock time-zone setting, enter: host1/Admin(config)# no clock timezone PST -8 0 Related Commands (ACE appliance only) clock set show clock (config) clock summer-time EST Eastern Standard Time as UTC –5 hours EDT Eastern Daylight Saving Time as UTC –4 hours MT Mountain Time, either as MST or MDT, depending on the place and time of the year MDT Mountain Daylight Saving Time as UTC –6 hours MST Mountain Standard Time as UTC –7 hours PT Pacific Time, either as PST or PDT, depending on the place and time of the year PDT Pacific Daylight Saving Time as UTC –7 hours PST Pacific Standard Time as UTC –8 hours AKST Alaska Standard Time as UTC –9 hours AKDT Alaska Standard Daylight Saving Time as UTC –8 hours HST Hawaiian Standard Time as UTC –10 hours Australia CST Central Standard Time as UTC + 9.5 hours EST Eastern Standard/Summer Time as UTC + 10 hours (+11 hours during summer time) WST Western Standard Time as UTC + 8 hours Table 1-5 Time Zone Acronyms (continued) Acronym Time Zone Name and UTC Offset2-300 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) clock summer-time To configure the ACE to change the time automatically to summer time (daylight saving time), use the clock summer-time command. Use the no form of this command to remove the clock summer-time setting. clock summer-time {daylight_timezone_name start_week start_day start_month start_time end_week end_day end_month end_time daylight_offset | standard time_zone} no clock summer-time Syntax Description Command Modes Configuration mode Admin context only daylight_timezone_name 8-letter name of the time zone (for example, PDT) to be displayed when summer time is in effect. For a list of the common time zone acronyms used for this argument, see the “Usage Guidelines” section for the (config) clock timezone command. start_week Start week for summer time, ranging from 1 through 5. start_day Start day for summer time, ranging from Sunday through Saturday. start_month Start month for summer time, ranging from January through December. start_time Start time (military time) in hours and minutes. end_week End week for summer time, ranging from 1 through 5. end_day End day for summer time, ranging from Sunday through Saturday. end_month End month for summer time, ranging from January through December. end_time End time (military format) in hours and minutes. daylight_offset Number of minutes to add during summer time. Valid entries are from 1 to 1440. The default is 60. standard time_zone Sets the daylight time to a standard time zone that includes an applicable daylight time start and end range along with a daylight offset. Enter one of the following well-known time zones: • ADT—Atlantic Daylight Time: 2 a.m. first Sunday in April—2 a.m. last Sunday in October, + 60 minutes • AKDT—Alaska Standard Daylight Time: 2 a.m. first Sunday in April—2 a.m. last Sunday in October, + 60 minutes • CDT—Central Daylight Time: 2 a.m. first Sunday in April—2 a.m. last Sunday in October, + 60 minutes • EDT—Eastern Daylight Time: 2 a.m. first Sunday in April—2 a.m. last Sunday in October, + 60 minutes • MDT—Mountain Daylight Time: 2 a.m. first Sunday in April— 2 a.m. last Sunday in October, + 60 minutes • PDT—Pacific Daylight Time: 2 a.m. first Sunday in April—2 a.m. last Sunday in October, + 60 minutes2-301 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The first part of the command specifies when summer time begins, and the second part of the command specifies when summer time ends. All times are relative to the local time zone; the start time is relative to standard time and the end time is relative to summer time. If the starting month is after the ending month, the ACE assumes that you are located in the southern hemisphere. Examples To specify that summer time begins on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00, with a daylight offset of 60 minutes, enter: host1/Admin(config)# clock summer-time Pacific 1 Sun Apr 02:00 5 Sun Oct 02:00 60 To remove the clock summer-time setting, enter: host1/Admin(config)# no clock summer-time Related Commands show clock (config) clock timezone (config) config-register To change the configuration register settings, use the config-register configuration command. Use the no form of this command to reset the config-register to its default setting. config-register value no config-register value ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-302 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can modify the boot method that the ACE uses at the next startup by setting the boot field in the software configuration register. The configuration register identifies how the ACE should boot. For the ACE module, it also identifies where the system image is stored. You can modify the boot field to force the ACE to boot a particular system image at startup instead of using the default system image. The config-register command affects only the configuration register bits that control the boot field and leaves the remaining bits unaltered. value Configuration register value that you want to use the next time that you restart the ACE. • For the ACE module, the supported value entries are as follows: – 0—(default) Upon reboot, the ACE boots to ROM monitor. The ACE remains in ROM monitor mode at startup. – 1—Upon reboot, the ACE boots the system image identified in the BOOT environment variable (see the (config) boot system image: command). The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. If the ACE encounters an error or if the image is not valid, it will try the second image (if one is specified). If the second image also fails to boot, the ACE returns to ROM monitor. • For the ACE appliance, the supported value entries are as follows: – 0x0—Upon reboot, the ACE boots to the GNU GRand Unified Bootloader (GRUB). From the GRUB boot loader, you specify the system boot image to use to boot the ACE. Upon startup, the ACE loads the startup-configuration file stored in Flash memory (nonvolatile memory) to the running-configuration file stored in RAM (volatile memory). – 0x1—(default) Upon reboot, the ACE boots the system image identified in the BOOT environment variable (see (config) boot system image:). The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. If the ACE encounters an error or if the image is not valid, it will try the second image (if one is specified). Upon startup, the ACE loads the startup-configuration file stored in Flash memory (nonvolatile memory) to the running-configuration file stored in RAM (volatile memory). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-303 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples ACE Module Example To set the boot field in the configuration register to boot the system image identified in the BOOT environment variable upon reboot, enter: host1/Admin(config)# config-register 1 ACE Appliance Example To set the boot field in the configuration register to boot the system image identified in the BOOT environment variable upon reboot and to load the startup-configuration file stored in Flash memory, enter: host1/Admin(config)# config-register 0x1 Related Commands (config) boot system image: (config) context To create a context, use the context command. The CLI prompt changes to (config-context). A context provides a user view into the ACE and determines the resources available to a user. Use the no form of this command to remove a context. context name no context name Syntax Description Command Modes Configuration mode Admin context only Command History name Name that designates a context. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. Do not configure a context name that contains opening braces, closing braces, white spaces, or any of the following characters: ` $ % & * ( ) \ | ; ' " < > / ? Do not start the context name with the following characters: - . # ~ ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(2.3) This command no longer supports you from configuring a context name that contains opening braces, closing braces, white spaces, or any of the following symbols: ` $ % & * ( ) \ | ; ' " < > / ? 2-304 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, the ACE allows you to create and use five user-configured contexts plus the default Admin context. To use a maximum of 251 contexts (Admin context plus 250 user contexts), you must purchase an additional license from Cisco Systems. Examples To create a context called C1, enter: host1/Admin(config)# context C1 host1/Admin(config-context)# To remove the context from the configuration, enter: host1/Admin(config)# no context C1 Related Commands changeto show context show user-account show users (config) crypto authgroup To create a certificate authentication group, use the crypto authgroup command. Once you create an authentication group, the CLI enters into the authentication group configuration mode, where you add the required certificate files to the group. Use the no form of this command to delete an existing authentication group. crypto authgroup group_name no crypto authgroup group_name Syntax Description Command Modes Configuration mode Admin and user contexts ACE Appliance Release Modification A1(7) This command was introduced. A3(2.3) This command no longer supports you from configuring a context name that contains opening braces, closing braces, white spaces, or any of the following symbols: ` $ % & * ( ) \ | ; ' " < > / ? group_name Name that you assign to the authentication group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. 2-305 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By creating an authentication group, you can implement a group of certificates that are trusted as certificate signers on the ACE. After creating the authentication group and assigning its certificates, you can configure client authentication on an SSL-proxy service by assigning the authentication group to the service. You include an authentication group in the handshake process by configuring the SSL proxy-service with the authentication group (see the (config) ssl-proxy service command). You can configure an authentication group with up to ten certificates. Examples To create the authentication group AUTH-CERT1, enter: host1/Admin(config)# crypto authgroup AUTH-CERT Related Commands (config) ssl-proxy service (config) crypto chaingroup To create a certificate chain group, use the crypto chaingroup command. Once you create a chain group, the CLI enters into the chaingroup configuration mode, where you add the required certificate files to the group. Use the no form of this command to delete an existing chain group. crypto chaingroup group_name no crypto chaingroup group_name Syntax Description Command Modes Configuration mode Admin and user contexts ACE Module Release Modification A2(1.0) This command was introduced. A4(1.0) The number of certificates in an authentication group was increased from 4 to 10. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) The number of certificates in an authentication group was increased from 4 to 10. group_name Name that you assign to the chain group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. 2-306 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. A chain group specifies the certificate chains that the ACE sends to its peer during the handshake process. A certificate chain is a hierarchal list of certificates that includes the subject’s certificate, the root CA certificate, and any intermediate CA certificates. You include a chain group in the handshake process by configuring the SSL proxy service with the chain group (see the (config) ssl-proxy service command). Each context on the ACE can contain up to eight chain groups. Examples To create the chain group MYCHAINGROUP, enter: host1/Admin(config)# crypto chaingroup MYCHAINGROUP Related Commands (config) ssl-proxy service (config) crypto crl To download a certificate revocation list (CRL) to the ACE, use the crypto crl command. Use the no form of this command to remove a CRL. crypto crl crl_name url no crypto crl crl_name Syntax Description Command Modes Configuration mode Admin and user contexts ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. crl_name Name that you assign to the CRL. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. url URL where the ACE retrieves the CRL. Enter the URL full path including the CRL filename in an unquoted alphanumeric string with a maximum of 255 characters. Both HTTP and LDAP URLs are supported. Start the URL with the http:// prefix or the ldap:// prefix. 2-307 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can use a CRL downloaded to the ACE for client or server authentication on an SSL proxy service. After you download the CRL, you can assign it to an SSL proxy service for either client or server authentication (see (config-ssl-proxy) crl for more information). The ldap:/// prefix is not considered a valid LDAP CRL link in the CDP portion of the server certificate. Valid formats for LDAP URLs are as follows: • ldap://10.10.10.1:389/dc=cisco,dc=com?o=bu?certificateRevocationList • ldap://10.10.10.1/dc=cisco,dc=com?o=bu?certificateRevocationList • ldap://ldapsrv.cisco.com/dc=cisco,dc=com?o=bu?certificateRevocationList • ldap://ldapsrv.cisco.com:389/dc=cisco,dc=com?o=bu?certificateRevocationList To use a question mark (?) character as part of the URL, press Ctrl-v before entering it. Otherwise the ACE interprets the question mark as a help command. You can configure up to eight CRLs per context. Examples To download a CRL that you want to name CRL1 from http://crl.verisign.com/class1.crl, enter: host1/Admin(config)# crypto crl CRL1 http://crl.verisign.com/class1.crl To remove the CRL, enter: host1/Admin(config)# no crypto crl CRL1 Related Commands (config) ssl-proxy service (config) crypto crlparams To configure signature verification on a Certificate Revocation List (CRL) to determine that it is from a trusted certificate authority or to configure a timeoute for CRL downloads to specify the maximum wait time for the ACE to retrieve the CRL data from a server, use the crypto crlparams command. Use the no form of this command to remove the CRL global parameters. ACE Module Release Modification A2(1.0) This command was introduced. A2(2.0) This command was revised to support LDAP URLs and increased the number of CRLs per context from four to eight. ACE Appliance Release Modification A3(1.0) This command was introduced. A4(1.0) This command was revised to support LDAP URLs and increased the number of CRLs per context from four to eight.2-308 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands crypto crlparams crl_name {cacert ca_cert_filename | timeout number} no crypto crlparams crl_name {cacert ca_cert_filename | timeout number} Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. In the absence of the timeout keyword, if the ACE does not receive the complete certificate revocation list (CRL) in a timely manner from a CRL server or the server does not close the connection, the ACE continues to wait for the data to arrive. While it is waiting for the CRL data, the ACE keeps the socket connection with the server open until the TCP connection with the server is closed because of inactivity. The TCP inactivity timer value could be as large as an hour. There is no way to clear this already established connection with the CRL server even if the static CRL is removed from the configuration. Examples To download a CRL that you want to name CRL1 from http://crl.verisign.com/class1.crl, enter: host1/Admin(config)# crypto crl CRL1 http://crl.verisign.com/class1.crl To remove the CRL, enter: host1/Admin(config)# no crypto crl CRL1 to configure a 200-second CRL download timeout for CRL1, enter the following command: crl_name Name that you assign to the CRL. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. cacert ca_cert_filename Name of the CA certificate file used for signature verification. timeout number Specifies the time in seconds that the ACE waits for the CRL data before closing the connection with the server. For static CRLs, enter an integer from 2 to 300. For best-effort CRLs, the timeout is 60 seconds and not user-configurable. If the ACE does not receive the entire CRL data within the timeout limit, the ACE closes the socket connection with the server. For static CRLs, you can abort the CRL data download by removing the static CRL from the configuration. ACE Module Release Modification A2(1.4) and A2(2.1) This command was introduced. A4(1.1) Added the timeout number keyword and argument. ACE Appliance Release Modification A3(2.2) This command was introduced. A4(1.1) Added the timeout number keyword and argument.2-309 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands host1/Admin(config)# crypto crl-params CRL1 timeout 200 When the CRL data download timeout expires and the download is aborted, the ACE generates a syslog to log the event as follows: %ACE-6-253008: CRL crl_name could not be retrieved, reason: crl data dnld timeout error The crl_name variable indicates the name of an existing CRL whose download was aborted because the CRL download timeout expired. To return the behavior of the ACE to the default of waiting until the entire CRL is downloaded before closing the SSL connection or waiting for the TCP inactivity timeout to close the TCP connection, enter the following command: host1/Admin(config)# no crypto crl-params CRL1 timeout 200 Related Commands (config) ssl-proxy service (config) crypto csr-params To create a Certificate Signing Request (CSR) parameter set to define a set of distinguished name attributes, use the crypto csr-params command. Use the no form of this command to remove an existing CSR parameter set. crypto csr-params csr_param_name no crypto csr-params csr_param_name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. csr_param_name Name that designates a CSR parameter set. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-310 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands A CSR parameter set defines the distinguished name attributes that the ACE applies to the CSR during the CSR-generating process. The distinguished name attributes provide the CA with the information that it needs to authenticate your site. Creating a CSR parameter set allows you to generate multiple CSRs with the same distinguished name attributes. You can create up to eight CSR parameter sets per context. When you use the crypto csr-params command to specify a CSR parameter set, the prompt changes to the csr-params configuration mode (for more information on this mode and commands, see the “CSR Parameters Configuration Mode Commands” section), where you define each of the distinguished name attributes. The ACE requires that you define the following attributes: Country name • State or province • Common name • Serial number If you do not configure the required attributes, the ACE displays an error message when you attempt to generate a CSR using the incomplete CSR parameter set. Examples To create the CSR parameter set CSR_PARAMS_1, enter: host1/Admin(config)# crypto csr-params CSR_PARAMS_1 host1/Admin(config-csr-params) Related Commands crypto generate csr show crypto (config) crypto ocspserver To configure an Online Certificate Status Protocol (OCSP) server that the ACE uses for revocation checks, use the crypto ocspserver command. By default, SSL rehandshake is disabled in all ACE contexts. Use the no form of this command to reset the default behavior. crypto ocspserver ocsp_server_name url [conninactivitytout timeout] [nonce enable | disable] [reqsigncert signer_cert_filename {reqsignkey signer_key_filename}] [respsigncert response_signer_cert] no crypto ocspserver ocsp_server_name url [conninactivitytout timeout] [nonce enable | disable] [reqsigncert signer_cert_filename {reqsignkey signer_key_filename}] [respsigncert response_signer_cert] Syntax Description ocsp_server_name Identifier of the OCSP server. You use this name to apply the OCSP server to an SSL proxy service. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. url HTTP URL in the form: http://ocsphost.com:port_id/. The port ID is optional. If you do not specify a port, the default value of 2560 is used. You can specify either an IPv4- or an IPv6-based URL. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters. conninactivitytout timeout (Optional) TCP connection inactivity timeout. in seconds. Enter an integer from 2 to 3600. The default is 300 seconds.2-311 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode All contexts Command History Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. OCSP has the following configurations guidelines and restrictions: • You can configure a maximum of 64 OCSP servers in the ACE. • You can configure a maximum of 10 OCSP servers in an SSL proxy service. • The ACE can handle a maximum of 64 OCSP server connections with both static and best effort OCSP servers combined. • If you configure best-effort OCSP servers and best-effort CRLs in the same proxy list, the ACE extracts a maximum of four AIAs and four CDPs to conserve resources. • Client authentication may be delayed when you configure OCSP servers and CRLs in the same SSL proxy service. • The ACE does not perform authentication and revocation checks on response signer certificates. Examples To configure an OCSP server that the ACE uses to check the revocation status of SSL certificates, enter the following command: host1/Admin(config)# crypto ocspserver OCSP_SSERVER1 http://10.10.10.10/ nonce enable conninactivitytout 60 To remove an OCSP server from the configuration, enter the following command: nonce enable | disable (Optional) Enables or disables the use of a nonce. By default, nonce is disabled. A nonce is a unique string that is used to bind OCSP requests and responses. When a nonce is enabled, the ACE includes a unique string in the requests that is sends to the OCSP server. The server must include the string in its responses to the ACE to verify the response. reqsigncert signer_cert_filename (Optional) Signer’s certificate filename to sign outgoing requests to the OCSP server. By default, the request is not signed. reqsignkey signer_key_filename (Optional) Signer’s private key filename to sign outgoing requests to the OCSP server. By default, the request is not signed. If you enter the reqsigncert option, you must enter the reqsignkey option. respsigncert response_signer_cert (Optional) Certificate to verify the signature of the OCSP server responses. By default, the signature in the response from the OCSP server are not verified. ACE Module Release Modification A5(1.0) This command was introduced. ACE Appliance Release Modification A5(1.0) This command was introduced.2-312 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands host1/Admin(config)# no crypto ocspserver OCSP_SSERVER1 Related Commands show crypto (config) crypto rehandshake enabled To enable SSL rehandshake for all VIPs in a context, use the crypto rehandshake enabled command in configuration mode. By default, SSL rehandshake is disabled in all ACE contexts. Use the no form of this command to reset the default behavior. crypto rehandshake enabled no crypto rehandshake enabled Syntax Description This command has no keywords or arguments. Command Modes Configuration mode All contexts Command History Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The crypto rehandshake enabled configuration mode command overrides the rehandshake enable parameter map command that you can configure individually in an SSL proxy service. Examples To enable SSL rehandshake for all VIPs in a context, enter: host1/Admin(config)# crypto rehandshake enabled To return the ACE behavior to the default of rehandshake being disabled, enter: host1/Admin(config)# no crypto rehandshake enabled Related Commands show crypto (config-parammap-ssl) rehandshake enabled ACE Module Release Modification A4(1.0) This command was introduced. ACE Appliance Release Modification A4(1.0) This command was introduced.2-313 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) domain To create a domain, use the domain command. The CLI prompt changes to (config-domain). See the “Domain Configuration Mode Commands” section for details. Use the no form of this command to remove a domain from the configuration. domain name no domain name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can configure a maximum of 63 domains in each context. A domain does not restrict the context configuration that you can display using the show running-config command. You can still display the running configuration for the entire context. However, you can restrict your access to the configurable objects within a context by adding to the domain only a limited subset of all the objects available to a context. To limit a user’s ability to manipulate the objects in a domain, you can assign a role to that user. For more information about domains and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can configure KAL-AP TAGs as domains. For the domain load calculation, the ACE considers the Layer 3 class map, server farm, and real server objects. All other objects under the domain are ignored during the calculation. Examples To create a domain named D1, enter: host1/Admin(config)# domain D1 host1/Admin(config-domain)# name Name for the domain. Enter an unquoted text string with no spaces and a maximum of 76 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(2.0) The length of the name argument changes from 64 to 76 characters. ACE Appliance Release Modification A1(7) This command was introduced.2-314 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands (config) context show user-account show users (config) end To exit from configuration mode and return to Exec mode, use the end command. end Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can also press Ctrl-Z or enter the exit command to exit configuration mode. Examples To exit from configuration mode and return to Exec mode, enter: host1/Admin(config)# end host1/Admin# Related Commands This command has no related commands. (config) exit To exit from the current configuration mode and return to the previous mode, use the exit command. exit ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-315 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description This command has no keywords or arguments. Command Modes All configuration modes Admin and user contexts Command History Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. In configuration mode, the exit command transitions to the Exec mode. In all other configuration modes, the exit command transitions to the previous configuration mode. You can also press Ctrl-Z, enter the (config) end command, or enter the exit command to exit configuration mode. Examples To exit from configuration mode and return to Exec mode, enter: host1/Admin(config)# exit host1/Admin# To exit from interface configuration mode and return to configuration mode, enter: host1/Admin(config-if)# exit host1/Admin(config)# Related Commands This command has no related commands. (config) ft auto-sync To enable automatic synchronization of the running-configuration and the startup-configuration files in a redundancy configuration, use the ft auto-sync command. Use the no form of this command to disable the automatic synchronization of the running-configuration or the startup-configuration file. ft auto-sync {running-config | startup-config} no ft auto-sync {running-config | startup-config} ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-316 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, the ACE automatically updates the running configuration on the standby context of an FT group with any changes that occur to the running configuration of the active context. If you disable the ft auto-sync command, you need to update the configuration of the standby context manually. For more information about configuration synchronization and configuring redundancy, see the Administration Guide, Cisco ACE Application Control Engine. Caution Toggling ft auto-sync running-config in the Admin context may have undesirable side effects if the same command is also disabled in an active user context. If the ft auto-sync running-config command is disabled in the active Admin context and in an active user context, and you subsequently enable the ft auto-sync running-config command in the active Admin context first, the entire configuration of the standby user context will be lost. Always enter the ft auto-sync running-config command in the active user context first, and then enable the command in the active Admin context. The ACE does not copy or write changes in the running-configuration file to the startup-configuration file unless you enter the copy running-config startup-config command or the write memory command for the current context. To write the contents of the running-configuration file to the startup-configuration file for all contexts, use the write memory all command. At this time, if the ft auto-sync startup-config command is enabled, the ACE syncs the startup-configuration file on the active ACE to the standby ACE. The ACE does not synchronize the SSL certificates and key pairs that are present in the active context with the standby context of an FT group. If the ACE performs a configuration synchronization and does not find the necessary certs and keys in the standby context, config sync fails and the standby context enters the STANDBY_COLD state. running-config Enables autosynchronization of the running-configuration file. The default is enabled. startup-config Enables autosynchronization of the startup-configuration file. The default is enabled. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-317 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Caution Do not enter the no inservice command followed by the inservice command on the active context of an FT group when the standby context is in the STANDBY_COLD state. Doing so may cause the standby context running-configuration file to overwrite the active context running-configuration file. To copy the certs and keys to the standby context, you must export the certs and keys from the active context to an FTP or TFTP server using the crypto export command, and then import the certs and keys to the standby context using the crypto import command. For more information about importing and exporting certs and keys, see the SSL Guide, Cisco ACE Application Control Engine. To return the standby context to the STANDBY_HOT state in this case, ensure that you have imported the necessary SSL certs and keys to the standby context, and then perform a bulk sync of the active context configuration by entering the following commands in configuration mode in the active context of the FT group: 1. no ft auto-sync running-config 2. ft auto-sync running-config Examples To enable autosynchronization of the running-configuration file in the C1 context, enter: host1/C1(config)# ft auto-sync running-config Related Commands (config) ft group (config) ft interface vlan (config) ft peer (config) ft track host (ACE module only) (config) ft track hsrp (config) ft track interface (config) ft connection-sync disable By default, connection replication is enabled. There may be times when you want to disable it. To disable connection replication, use the ft connection-sync disable command. The syntax of this command is as follows: ft connection-sync disable no ft connection-sync disable Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts2-318 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Initially, after you disable connection replication, the active ACE does not synchronize connections to the standby ACE. After a bulk sync: • New connections are not synchronized • Connections are not updated in a periodic scan • Connections that are already synchronized on the standby are not torn down If you enable connection replication after a bulk sync occurs, the ACE takes the following actions: • New connections are synced immediately • Existing connections are synced in the next periodic cycle (in approximately 3 to 4 minutes) Sticky replication is disabled by default and you can configure it on a per sticky group basis. The replicate sticky command takes precedence over the ft connection-sync disable command, so new client connections can be load balanced to the same server even when connection replication is disabled. Note the following caveats with stickiness when connection replication is disabled: • The sticky database is not always in sync on the standby. With connection replication disabled, sticky connections on the active close normally, but on the standby the connections time out according to the idle timeout setting. • When sticky entries are approaching their expiration time, it is possible to have a zero active-conns-count on the standby and still have active connections on the active ACE. This condition can lead to sticky entries that are not present after a switchover. Examples To disable connection replication in the C1 context, enter the following command: host1/C1(config)# ft connection-sync disable To reenable connection replication after you have disabled it, enter the following command: host1/Admin(config)# no ft connection-sync disable Related Commands (config) ft auto-sync (config) ft group To create a fault-tolerant (FT) group for redundancy, use the ft group command. After you enter this command, the system enters the FT group configuration mode. Use the no form of this command to remove an FT group from the configuration. ACE Module Release Modification A4(1.1) This command was introduced. ACE Appliance Release Modification A4(1.1) This command was introduced.2-319 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands ft group group_id no ft group group_id Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You must configure the same group ID on both peer ACEs. On each ACE, you can create multiple FT groups: • For ACE module, up to a maximum of 251 (250 contexts and 1 Admin context) • For ACE appliance, up to a maximum of 64 groups Each group consists of a maximum of two members (contexts): one active context on one ACE and one standby context on the peer ACE. For information about the commands in FT group configuration mode, see the “FT Group Configuration Mode Commands” section. Examples To configure an FT group, enter: host1/Admin(config)# ft group 1 host1/Admin(config-ft-group)# To remove the group from the configuration, enter: host1/Admin(config)# no ft group 1 Related Commands (config) ft auto-sync (config) ft interface vlan group-id Unique identifier of the FT group. • For the ACE module, enter an integer from 1 to 255. • For the ACE appliance, enter an integer from 1 to 64. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.6) The number of FT groups increased from 21 to 64.2-320 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ft peer (config) ft track host (ACE module only) (config) ft track hsrp (config) ft track interface (config) ft interface vlan To create a dedicated fault-tolerant (FT) VLAN over which two redundant peers communicate, use the ft interface vlan command. After you enter this command, the system enters the FT interface configuration mode. Use the no form of this command to remove an FT VLAN from the configuration. ft interface vlan vlan_id no ft interface vlan vlan_id Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Peer ACEs communicate with each other over a dedicated FT VLAN. These redundant peers use the FT VLAN to transmit and receive heartbeat packets and state and configuration replication packets. You must configure the same VLAN on each peer ACE. You cannot use this VLAN for normal network traffic and the FT VLAN does not support IPv6. To remove an FT VLAN, first remove it from the FT peer using the no ft interface vlan command in FT peer configuration mode. See the (config-ft-peer) ft-interface vlan command for more information. (ACE appliance only) To configure one of the Ethernet ports or a port-channel interface on the ACE for fault tolerance using a dedicated FT VLAN for communication between the members of an FT group, use the ft-port vlan command in interface configuration mode. See the (config-if) ft-port vlan command for more information. (ACE appliance only) On both peer ACE appliances, you must configure the same Ethernet port or port-channel interface as the FT VLAN port. For example: vlan_id Unique identifier for the FT VLAN. Enter an integer from 2 to 4094. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-321 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands • If you configure ACE appliance 1 to use Ethernet port 4 as the FT VLAN port, then be sure to configure ACE appliance 2 to use Ethernet port 4 as the FT VLAN port. • If you configure ACE appliance 1 to use port-channel interface255 as the FT VLAN port, then be sure to configure ACE appliance 2 to use port-channel interface 255 as the FT VLAN. Examples To configure an FT VLAN, enter: host1/Admin(config)# ft interface vlan 200 host1/Admin(config-ft-intf)# To remove the FT VLAN from the redundancy configuration, enter: host1/Admin(config)# no ft interface vlan 200 Related Commands (config) ft auto-sync (config) ft group (config) ft peer (config) ft track host (ACE module only) (config) ft track hsrp (config) ft track interface (ACE appliance only) (config-if) ft-port vlan (config) ft peer On both peer ACEs, configure an FT peer definition. To create an FT peer, use the ft peer command. After you enter this command, the system enters the FT peer configuration mode. You can configure a maximum of two ACEs as redundancy peers. Use the no form of this command to remove the FT peer from the configuration. ft peer peer_id no ft peer peer_id Syntax Description Command Modes Configuration mode Admin context only Command History peer_id Unique identifier of the FT peer. Enter 1. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-322 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Each ACE ACE can have one FT peer. FT peers are redundant ACE ACEs that communicate with each other over a dedicated FT VLAN. Before you can remove an FT peer from the configuration, remove the peer from the FT group using the no peer command in FT group configuration mode. For information about the commands in FT peer configuration mode, see the “FT Peer Configuration Mode Commands” section. Examples To configure an FT peer, enter: host1/Admin(config)# ft peer 1 host1/Admin(config-ft-peer)# Related Commands (config) ft auto-sync (config) ft group (config) ft interface vlan (config) ft track host (ACE module only) (config) ft track hsrp (config) ft track interface (config) ft track host To create a tracking and failure detection process for a gateway or host, use the ft track host command. After you enter this command, the system enters FT track host configuration mode. Use the no form of this command to remove the gateway-tracking process. ft track host name no ft track host name Syntax Description Command Modes Configuration mode Admin and user contexts Command History name Unique identifier of the tracking process for a gateway or host. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-323 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the fault-tolerant (FT) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about commands in FT track host configuration mode, see the “FT Track Host Configuration Mode Commands” section. For details about configuring redundant ACE ACEs, see the Administration Guide, Cisco ACE Application Control Engine. Examples To create a tracking process for a gateway, enter: host1/Admin(config)# ft track host TRACK_GATEWAY1 host1/Admin(config-ft-track-host)# To remove the gateway-tracking process, enter: host1/Admin(config)# no ft track host TRACK_GATEWAY1 Related Commands (ACE module only) (config) ft track hsrp (config) ft track interface (config) ft track hsrp (ACE module only) To configure failure detection and tracking for a Hot Standby Router Protocol (HSRP) group, use the ft track hsrp command. After you enter this command, the system enters FT track hsrp configuration mode. Use the no form of this command to stop tracking for an HSRP group. ft track hsrp name ft track hsrp name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the fault-tolerant (FT) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. name Unique identifier of the tracking process for an HSRP group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-324 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands You must configure the HSRP group on the supervisor engine on the Catalyst 6500 series switch before you configure HSRP tracking on the ACE. Failure to do so may result in erroneous state information for the HSRP group being displayed in the show ft track detail command output in Exec mode. For information about commands in FT track hsrp configuration mode, see the “FT Track Interface Configuration Mode Commands” section. For details about configuring redundant ACE ACEs, see the Administration Guide, Cisco ACE Application Control Engine. Examples To configure FT tracking for an HSRP group, enter: host1/Admin(config)# ft track hsrp TRACK_HSRP_GRP1 host1/Admin(config-ft-track-hsrp)# To remove the HSRP group-tracking process, enter: host1/Admin(config)# no ft track hsrp TRACK_HSRP_GRP1 Related Commands (config) ft auto-sync (config) ft group (config) ft interface vlan (config) ft peer (config) ft track host (config) ft track interface (config) ft track interface To create a tracking and failure detection process for a critical interface, use the ft track interface command. After you enter this command, the system enters FT track interface configuration mode. Use the no form of this command to stop tracking for an interface. ft track interface name no ft track interface name Syntax Description Command Modes Configuration mode Admin and user contexts Command History name Unique identifier of the tracking process for a critical interface. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-325 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the fault-tolerant (FT) feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You cannot delete an interface if the ACE is using the interface for tracking. Also, you cannot configure the FT VLAN for tracking. For information about commands in FT track interface configuration mode, see the “FT Track Interface Configuration Mode Commands” section. For details about configuring redundant ACE ACEs, see the Administration Guide, Cisco ACE Application Control Engine. Examples To configure a tracking and failure detection process for an interface, enter: host1/Admin(config)# ft track interface TRACK_VLAN100 To remove the interface-tracking process, enter: host1/Admin(config)# no ft track interface TRACK_VLAN100 Related Commands (config) ft auto-sync (config) ft group (config) ft interface vlan (config) ft peer (config) ft track host (ACE module only) (config) ft track hsrp (config) hostname To specify a hostname for the ACE, use the hostname command. The hostname is used for the command line prompts and default configuration filenames. If you establish sessions to multiple devices, the hostname helps you track where you enter commands. Use the no form of this command to reset the hostname to the default of switch. hostname name no hostname name Syntax Description ACE Appliance Release Modification A1(7) This command was introduced. name New hostname for the ACE. Enter a case-sensitive text string that contains from 1 to 32 alphanumeric characters (with no spaces). The underscore (_) character is not supported in the hostname for the ACE.2-326 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, the hostname for the ACE is switch. Examples To change the hostname of the ACE from switch to ACE1, enter: switch/Admin(config)# hostname ACE1 ACE1/Admin(config)# Related Commands (config) peer hostname (config) hw-module (ACE module only) To configure hardware module parameters in the ACE, use the hostname command. Use the no form of this command to reset to the default behavior. hw-module {cde-same-port-hash | optimize-lookup} no hw-module {cde-same-port-hash | optimize-lookup} Syntax Description ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A4(1.0) Underscores (_) in the host name for an ACE are not supported. ACE Appliance Release Modification A1(7) This command was introduced. A4(1.0) Underscores (_) in the host name for an ACE are not supported. cde-same-port-hash Configures the classification and distribution engine (CDE) to perform the hash function using the ports when the TCP or UDP packets are equal. When this command is configured, the ACE also disables implicit PAT on packets so that the source port does not change. This command is available only in the Admin context. optimize-lookup Disables the egress MAC address lookup that the ACE normally performs. Use this command when you have multiple ACEs installed in a chassis with heavy traffic to improve performance.2-327 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, when the source and destination ports of a TCP or UDP packet are equal, the CDE uses the source IP address and destination IP address to perform the hash function. When they are not equal, the CDE only uses the ports. When the cde-same-port-hash command is configured and the ports are equal, the CDE uses a slightly different hash method from the default method. If you have multiple ACEs installed in a Catalyst 6500 Series Switch or in a Cisco Catalyst 7600 Router, you may experience lower performance than expected with very high rates of traffic. If you fail to achieve the advertised performance of the ACE, you can disable the egress MAC address lookup using the hw-module optimize-lookup command. Do not use the hw-module optimize-lookup command if you have intelligent modules with distributed forwarding cards (DFCs) installed in the Catalyst 6500 Series Switch or the Cisco Catalyst 7600 Router. Using this command with such modules will cause the Encoded Address Recognition Logic (EARL) units on these modules and on the Supervisor to become unsynchronized. Examples To configure the CDE to perform the hash function using the ports when the TCP or UDP packets are equal, enter: switch/Admin(config)# hw-module cde-same-port-hash To reset the default behavior, enter: switch/Admin(config)# no hw-module cde-same-port-hash Related Commands show cde (config) interface To configure a bridge-group virtual interface (BVI), VLAN interface, and for the ACE appliance, the Ethernet port, or port-channel interface, use the interface command. The CLI prompt changes to (config-if). Use the no form of this command to remove the interface. interface {bvi group_number | gigabitEthernet slot_number/port_number | port-channel channel_number | vlan number} no interface {bvi group_number | gigabitEthernet slot_number/port_number | port-channel channel_number | vlan number} ACE Module Release Modification 3.0(0)A1(6.2a) This command was introduced. A2(1.0) This command was revised with the optimize-lookup keyword.2-328 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode BVI and VLAN—Admin and user contexts (ACE appliance only) Ethernet port and port-channel interface—Admin context only Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about commands in interface configuration mode, see the “Interface Configuration Mode Commands” section. For details about configuring a BVI interface, Ethernet port, port-channel interface, or VLAN interface, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. To enable the bridge-group VLANs, you must configure a bridge-group virtual interface (BVI) that represents a corresponding bridge group. You should configure an IP address in the same subnet on the BVI. This address is used for management traffic and as a source IP address for traffic from the ACE, similar to ARP requests. You can configure one or more VLAN interfaces in any user context before you assign those VLAN interfaces to the associated user contexts through the (config-context) allocate-interface command in the Admin context. The ACE supports a maximum of 4093 VLAN interfaces with a maximum of 1024 shared VLANs. bvi group_number Creates a BVI for a bridge group and accesses interface configuration mode commands for the BVI. The group_number argument is the bridge-group number configured on a VLAN interface. gigabitEthernet slot_number/ port_number (ACE appliance only) Specifies one of the four Ethernet ports on the rear panel of the ACE as follows: • slot_number—The physical slot on the ACE containing the Ethernet ports. This selection is always 1, the location of the daughter card in the ACE. The daughter card includes the four Layer 2 Ethernet ports to perform Layer 2 switching. • port_number—The physical Ethernet port on the ACE. Valid selections are 1 through 4, which specifies one of the four Ethernet ports (1, 2, 3, or 4) associated with the slot 1 (daughter card) selection. port-channel channel_number (ACE appliance only) Specifies the channel number assigned to this port-channel interface. Valid values are from 1 to 255. vlan number Assigns the VLAN to the context and accesses interface configuration mode commands for the VLAN. The number argument is the number for a VLAN assigned to the ACE. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-329 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Each ACE supports a maximum of 8192 interfaces that includes VLANs, shared VLANs, and BVI interfaces. ACE Appliance Guidelines In addition, the Ethernet port and port-channel interface command functions require the Admin user role. The four Ethernet ports provide physical Ethernet ports to connect servers, PCs, routers, and other devices to the ACE. You can configure the four Ethernet ports to provide an interface for connecting to 10-Mbps, 100-Mbps, or 1000-Mbps networks. Each Layer 2 Ethernet port supports autonegotiate, full-duplex, or half-duplex operation on an Ethernet LAN and can carry traffic within a designated VLAN. You can group physical ports together on the ACE to form a logical Layer 2 interface called the EtherChannel (or port channel). You must configure all the ports that belong to the same port channel with the same values (such as port parameters, VLAN membership, and trunk configuration). Only one port channel in a channel group is allowed, and a physical port can belong to only to a single port-channel interface. Examples To assign VLAN interface 200 to the Admin context and access interface configuration mode, enter: host1/Admin(config)# interface vlan 200 host1/Admin(config-if)# To remove a VLAN, enter: host1/Admin(config)# no interface vlan 200 To create a BVI for bridge group 15, enter: host1/Admin(config)# interface bvi 15 host1/Admin(config-if)# To delete a BVI for bridge group 15, enter: host1/Admin(config)# no interface bvi 15 ACE Appliance Example To configure Ethernet port 3 and access interface configuration mode, enter: host1/Admin(config)# interface gigabitEthernet 1/3 host1/Admin(config-if)# To create a port-channel interface with a channel number of 255, enter: host1/Admin(config)# interface port-channel 255 host1/Admin(config-if)# Related Commands clear interface show interface2-330 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ip dhcp relay To configure a Dynamic Host Configuration Protocol (DHCP) relay agent on the ACE, use the ip dhcp relay command. When you configure the ACE as a DHCP relay agent, it is responsible for forwarding the requests and responses negotiated between the DHCP clients and the server. You must configure a DHCP server when you enable the DHCP relay. Use the no form of this command to disable a DHCP relay agent setting. ip dhcp relay {enable | information policy {keep | replace} | server ip_address} no ip dhcp relay {enable | information policy {keep | replace} | server ip_address} Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the DHCP feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The DHCP relay agent can be configured at both the context and interface level of the ACE. Note the following configuration considerations: • If you configure the DHCP relay agent at the context level, the configuration is applicable to all interfaces associated with the context. enable Accepts DHCP requests from clients on the associated context or interface and enables the DHCP relay agent. The DHCP relay starts forwarding packets to the DHCP server address specified in the ip dhcp relay server command for the associated interface or context. information policy Configures a relay agent information reforwarding policy on the DHCP server to identify what the DHCP server should do if a forwarded message already contains relay information. keep Indicates that existing information is left unchanged on the DHCP relay agent. This is the default setting. replace Indicates that existing information is overwritten on the DHCP relay agent. server Specifies the IP address of a DHCP server to which the DHCP relay agent forwards client requests. ip_address IP address of the DHCP server. Enter the address in dotted-decimal IP notation (for example, 192.168.11.1). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-331 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands • If you configure the DHCP relay agent at the interface level, the configuration is applicable to that particular interface only; the remaining interfaces fallback to the context level configuration. Examples To set the IP address of a DHCP server at the context level, enter: host1/Admin# changeto C1 host1/C1# config Enter configuration commands, one per line. End with CNTL/Z host1/C1(config)# ip dhcp relay enable host1/C1(config)# ip dhcp relay server 192.168.20.1 To specify the DHCP relay at the interface level, enter: host1/Admin(config)# interface vlan 50 host1/Admin(config-if)# ip dhcp relay enable host1/Admin(config-if)# ip dhcp relay server 192.168.20.1 To remove the IP address of the DHCP server, enter: host1/Admin(config-if)# no ip dhcp relay server 192.168.20.1 Related Commands clear ip show ip2-332 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ip domain-list To configure a domain name search list, use the ip domain-list command. The domain name list can contain a maximum of three domain names. Use the no form of this command to remove a domain name from the list. ip domain-list name no ip domain-list name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the domain name feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can configure a Domain Name System (DNS) client on the ACE to communicate with a DNS server to provide hostname-to-IP-address translation for hostnames in CRLs for the client authentication feature. For unqualified hostnames (hostnames that do not contain a domain name), you can configure a default domain name or a list of domain names that the ACE can use to: • Complete the hostname • Attempt a hostname-to-IP-address resolution with a DNS server If you configure both a domain name list and a default domain name, the ACE uses only the domain name list and not the single default name. After you have enabled domain name lookups and configured a domain name list, the ACE uses each domain name in turn until it can resolve a single domain name into an IP address. Examples For example, to configure a domain name list, enter: host1/Admin(config)# ip domain-list cisco.com host1/Admin(config)# ip domain-list foo.com host1/Admin(config)# ip domain-list xyz.com To remove a domain name from the list, enter: host1/Admin(config)# no ip domain-list xyz.com name Domain name. Enter an unquoted text string with no spaces and a maximum of 85 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-333 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands show running-config (config) ip domain-lookup (config) ip domain-name (config) ip domain-lookup To enable the ACE to perform a domain lookup (host-to-address translation) with a DNS server, use the ip domain-lookup command. By default, this command is disabled. Use the no form of this command to return the state of domain lookups to the default value of disabled. ip domain-lookup no ip domain-lookup Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the Domain Name feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can configure a Domain Name System (DNS) client on the ACE to communicate with a DNS server to provide hostname-to-IP-address translation for hostnames in CRLs for the client authentication feature. Before you configure a DNS client on the ACE, ensure that one or more DNS name servers are properly configured and are reachable. Otherwise, translation requests (domain lookups) from the DNS client will be discarded. You can configure a maximum of three name servers. The ACE attempts to resolve the hostnames with the configured name servers in order until the translation succeeds. If the translation fails, the ACE reports an error. For unqualified hostnames (hostnames that do not contain a domain name), you can configure a default domain name or a list of domain names that the ACE can use to do the following: • Complete the hostname ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-334 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands • Attempt a hostname-to-IP-address resolution with a DNS server Examples For example, to enable domain lookups, enter: host1/Admin(config)# ip domain-lookup To return the state of domain lookups to the default value of disabled, enter: host1/Admin(config)# no ip domain-lookup Related Commands show running-config (config) ip domain-list (config) ip domain-name (config) ip name-server2-335 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ip domain-name To configure a default domain name, use the ip domain-name command. The domain name list can contain a maximum of three domain names. Use the no form of this command to remove a domain name from the list. ip domain-list name no ip domain-list name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the domain name feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The DNS client feature allows you to configure a default domain name that the ACE uses to complete unqualified hostnames. An unqualified hostname does not contain a domain name (any name without a dot). When domain lookups are enabled and a default domain name is configured, the ACE appends a dot (.) and the configured default domain name to the unqualified host name and attempts a domain lookup. Examples For example, to specify a default domain name of cisco.com, enter: host1/Admin(config)# ip domain-name cisco.com In the above example, the ACE appends cisco.com to any unqualified host name in a CRL before the ACE attempts to resolve the host name to an IP address using a DNS name server. To remove the default domain from the configuration, enter: host1/Admin(config)# no ip domain-name cisco.com name Default domain name. Enter an unquoted text string with no spaces and a maximum of 85 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-336 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands show running-config (config) ip domain-list (config) ip domain-lookup2-337 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ip name-server To configure a DNS name server on the ACE, use the ip name-server command. You can configure a maximum of three DNS name servers. Use the no form of this command to remove a name server from the list. ip name-server ip_address no ip name-server ip_address Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the domain name feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To translate a hostname to an IP address, you must configure one or more (maximum of three) existing DNS name servers on the ACE. Ping the IP address of each name server before you configure it to ensure that the server is reachable. Examples For example, to configure three name servers for the DNS client feature, enter: host1/Admin(config)# ip name-server 192.168.12.15 192.168.12.16 192.168.12.17 To remove a name server from the list, enter: host1/Admin(config)# no ip name-server 192.168.12.15 Related Commands show running-config (config) ip domain-lookup ip_address IP address of a name server. Enter the address in dotted decimal notation (for example, 192.168.12.15). You can enter up to three name server IP addresses in one command line. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-338 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ip route To configure a default or static IP route, use the ip route command. Use the no form of this command to remove a default or static IP route from the configuration. ip route ipv6_dest_address/prefix_length {global_nexthop_address | {bvi number | vlan number {link_local_address}}} | {ipv4_dest_address netmask gateway_ip_address} no ip route dest_ip_prefix netmask gateway_ip_address Syntax Description Command Modes Configuration mode Admin and user contexts Command History ipv6_dest_address IPv6 destination address for the route. The address that you specify for the static route is the address that is in the packet before entering the ACE and performing network address translation. /prefix_length Specifies how many of the most significant bits (MSBs) of the IPv6 address are used for the network identifier. Enter a a forward slash character (/) followed by an integer from 1 to 128. The default is /128. global_nexthop_add ress IP address of the gateway router (the next-hop address for this route). The gateway address must be in the same network as specified in the ip address command for a VLAN interface. For information on configuring the address, see the Routing and Bridging Guide, Cisco ACE Application Control Engine. bvi number Forward bridged VLAN interface for the link-local address. link_local_address Link-local address of the interface. vlan number Forward VLAN interface for the link-local address. ipv4_dest_address IPv4 destination address for the route. The address that you specify for the static route is the address that is in the packet before entering the ACE and performing network address translation. netmask Subnet mask for the route. gateway_ip_address IP address of the gateway router (the next-hop address for this route). The gateway address must be in the same network as specified in the ip address command for a VLAN interface. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A5(1.0) Added IPv6 support. ACE Appliance Release Modification A1(7) This command was introduced. A5(1.0) Added IPv6 support.2-339 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the routing feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The default route identifies the router IP address to which the ACE sends all IP packets for which it does not have a route. Admin and user contexts do not support dynamic routing. You must use static routes for any networks to which the ACE is not directly connected; for example, use a static route when there is a router between a network and the ACE. The ACE supports up to eight equal cost routes on the same interface for load balancing. Routes that identify a specific destination address take precedence over the default route. See the Routing and Bridging Guide, Cisco ACE Application Control Engine for more information about configuring default or static routes. Examples IPv6 Examples To configure a static route to send all traffic destined to 2001:DB8:1::1/64 to the next-hop router at 2001:DB8:1::10, enter the following command: host1/Admin(config)# ip route 2001:DB8:1::1/64 2001:DB8:1::10 To configure a default route, set the IPv6 address for the route to ::/0, the IPv6 equivalent of “any.” For example, if the ACE receives traffic that does not have a route and you want the ACE to send the traffic out the interface to the router at 2001:DB8:1::10/64, enter: host1/Admin(config)# ip route ::/0 2001:DB8:1::10 To remove a default or static route, use the no form of the command as follows: host1/Admin(config)# no ip route 2001:DB8:1::1/64 2001:DB8:1::10 IPv4 Examples To configure a default route, set the IP address and the subnet mask for the route to 0.0.0.0. For example, if the ACE receives traffic that it does not have a route, it sends the traffic out the interface to the router at 192.168.4.8. Enter: host1/Admin(config)# ip route 0.0.0.0 0.0.0.0 192.168.4.8 Related Commands (config-if) ip address2-340 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ipv6 nd interval To configure the refresh interval for existing neighbor discovery (ND) entries of configured hosts, use the ipv6 nd interval command in configuration mode. Use the no form of this command to reset the ND refresh interval to the default value of 300 seconds. ipv6 nd interval number no ipv6 nd interval number Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines You configure this command for each context. Examples To configure an NS message interval of 600 seconds (10 minutes), enter the following command: host1/Admin(config)# ipv6 nd interval 600 To reset the NS message interval to the default of 300 seconds, enter the following command; host1/Admin(config)# no ipv6 nd interval 600 Related Commands (config-if) ipv6 nd ns-interval interval Indicates the frequency of the neighbor solicitation (NS) messages that are sent by the ACE. number Specifies the time interval in seconds between NS messages for configured hosts. Enter an integer from 15 to 31536000. The default is 300 seconds (5 minutes). ACE Module/Appliance Release Modification A5(1.0) This command was introduced.2-341 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ipv6 nd learned-interval To configure the refresh interval for ND entries of learned hosts, use the ipv6 nd learned-interval command. Use the no form of this command to reset the ND refresh interval of learned hosts to the default value of 300 seconds. ipv6 nd learned-interval number no ipv6 nd learned-interval number Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines You configure this command for each context. Examples To configure a learned neighbor interval of 600 seconds (10 minutes), enter the following command: host1/Admin(config)# ipv6 nd learned-interval 600 To reset the learned neighbor interval to the default of 300 seconds, enter the following command; host1/Admin(config)# no ipv6 nd learned-interval 600 Related Commands (config-if) ipv6 nd ns-interval learned-interval Indicates the refresh interval for ND entries of learned hosts. number Specifies the time interval in seconds between NS messages for learned neighbor entries. Enter an integer from 60 to 31536000. The default is 300 seconds (5 minutes). ACE Module/Appliance Release Modification A5(1.0) This command was introduced.2-342 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ipv6 nd retries To configure the number of NS attempts before the ACE considers a host as down, use the ipv6 nd retries command. Use the no form of this command to reset the number of retries to the default value of 3. ipv6 nd retries number no ipv6 nd retries number Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines You configure this command for each context. Examples To configure the ACE to resend NS messages five times before marking the host as down, enter the following command: host1/Admin(config)# ipv6 nd retries 5 To reset the number of retries to the default value of 3, enter the following command; host1/Admin(config)# no ipv6 nd retries 5 Related Commands (config-if) ipv6 nd ns-interval (config) ipv6 nd interval number Specifies the number of times that the ACE resends the NS messages before considering a host as down. Enter an integer from 1 to 15. The default is 3. ACE Module/Appliance Release Modification A5(1.0) This command was introduced.2-343 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ipv6 nd sync disable To disable the replication of ND entries from the active to the standby in a redundant configuration, use the ipv6 nd sync disable command. Use the no form of this command to reset the ACE behavior to the default of replicating ND entries to the standby in a redundant configuration. ipv6 nd sync disable no ipv6 nd sync disable Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines You configure this command for each context. Examples To disable ND entry replication for the current context, enter the following command: host1/Admin(config)# ipv6 nd sync disable To reenable the replication of ND entries, enter the following command; host1/Admin(config)# no ipv6 nd sync disable Related Commands (config-if) ipv6 nd ns-interval ACE Module/Appliance Release Modification A5(1.0) This command was introduced.2-344 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ipv6 nd sync-interval To configure the time interval between neighbor discovery (ND) synchronization messages for learned hosts, use the ipv6 nd sync-interval command. Use the no form of this command to reset the interval to the default value of 5 seconds. ipv6 nd sync-interval number no ipv6 nd sync-interval number Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines You configure this command for each context. Examples To specify a time intervall between ND synchronization messages for learned hosts of 100 seconds, enter: host1/Admin(config)# ipv6 nd sync-interval 100 To restore the default value of 5 seconds, enter the following command: host1/Admin(config)# no ipv6 nd sync-interval Related Commands (config-if) ipv6 nd ns-interval number Specifies the time interval between ND synchronization messages. Enter an integer from 1 to 3600 seconds (1 hour). The default is 5 seconds. ACE Module/Appliance Release Modification A5(1.0) This command was introduced.2-345 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) kalap udp To configure secure KAL-AP on the ACE, use the kalap udp command to access KAL-AP UDP configuration mode. The CLI prompt changes to (config-kalap-udp). Use the no form of this command to return to configuration mode (or use the exit command). kalap udp no kalap udp Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE supports secure KAL-AP for MD5 encryption of data between the ACE and the Global Site Selector (GSS). For encryption, you must configure a shared secret as a key for authentication between the GSS and the ACE context. For information about the commands in KAL-AP UDP configuration mode, see the “KAL-AP UDP Configuration Mode Commands” section. Examples To enter KAL-AP UDP configuration mode, enter: host1/Admin(config)# kalap udp host1/Admin(config-kalap-udp)# Related Commands show kalap udp load show running-config (config-kalap-udp) ip address ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-346 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ldap-server host To specify the Lightweight Directory Access Protocol (LDAP) server IP address, the destination port, and other options, use the ldap-server host command. You can enter multiple ldap-server host commands to configure multiple LDAP servers. Use the no form of this command to revert to a default LDAP server authentication setting. ldap-server host ip_address [port port_number] [timeout seconds] [rootDN “DN_string” [password bind_password]] no ldap-server host ip_address [port port_number] [timeout seconds] [rootDN “DN_string” [password bind_password]] Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. ip_address IP address for the LDAP server. Enter the address in dotted-decimal IP notation (for example, 192.168.11.1). port port_number (Optional) Specifies the TCP destination port for communicating authentication requests to the LDAP directory server. The port_number argument specifies the LDAP + port number. Enter an integer from 1 to 65535. timeout seconds (Optional) Specifies the time in seconds to wait for a response from the LDAP server before the ACE can declare a timeout failure with the LDAP server. Use this option to change the time interval that the ACE waits for the LDAP server to reply to an authentication request. Enter an integer from 1 to 60. The default is 5 seconds. rootDN “DN_string” (Optional) Defines the distinguished name (DN) for a user who is unrestricted by access controls or administrative limit parameters to perform operations on the LDAP server directory. The rootDN user can be thought of as the root user for the LDAP server database. Enter a quoted string with a maximum of 63 alphanumeric characters. The default is an empty string. password bind_password (Optional) Defines the bind password (rootpw) applied to the rootDN of the LDAP server directory. Enter an unquoted string with a maximum of 63 alphanumeric characters. The default is an empty string. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-347 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands By default, the LDAP server port is 389. If your LDAP server uses a port other than 389, use the port keyword to configure an appropriate port before starting the LDAP service. The ldap-server port command overrides the global setting for the specified server. By default, the ACE waits 5 seconds for the LDAP server to reply to an authentication request before the ACE declares a timeout failure and attempts to contact the next server in the group. The ldap-server timeout command overrides the global setting for the specified server. Examples To configure LDAP server authentication parameters, enter: host1/Admin(config)# ldap-server host 192.168.2.3 port 2003 host1/Admin(config)# ldap-server host 192.168.2.3 timeout 60 host1/Admin(config)# ldap-server host 192.168.2.3 rootDN “cn=manager,dc=cisco,dc=com" password lab To remove the LDAP server authentication setting, enter: host1/Admin(config)# no ldap-server host 192.168.2.3 timeout 60 Related Commands show aaa (config) aaa group server (config) ldap-server port (config) ldap-server timeout (config) ldap-server port To globally configure a TCP port (if your LDAP server uses a port other than the default port 389) before you start the LDAP service, use the ldap-server port command. This global port setting will be applied to those LDAP servers for which a TCP port value is not individually configured by the ldap-server host command. Use the no form of this command to revert to the default of TCP port 389. ldap-server port port_number no ldap-server port port_number Syntax Description Command Modes Configuration mode Admin and user contexts Command History port_number Destination port to the LDAP server. Enter an integer from 1 to 65535. The default is TCP port 389. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-348 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To override the global TCP port setting (specified by the ldap-server port command) for a specific server, use the ldap-server host port command. Examples To globally configure the TCP port, enter: host1/Admin(config)# ldap-server port 2003 To revert to the default of TCP port 389, enter: host1/Admin(config)# no ldap-server port 2003 Related Commands show aaa (config) aaa group server (config) ldap-server host (config) ldap-server timeout (config) ldap-server timeout To globally change the time interval that the ACE waits for the LDAP server to reply to a response before it declares a timeout failure, use the ldap-server timeout command. By default, the ACE waits 5 seconds to receive a response from an LDAP server before it declares a timeout failure and attempts to contact the next server in the group. The ACE applies this global timeout value to those LDAP servers for which a timeout value is not individually configured by the ldap-server host command. Use the no form of this command to revert to the default of 5 seconds between transmission attempts. ldap-server timeout seconds no ldap-server timeout seconds Syntax Description Command Modes Configuration mode Admin and user contexts Command History seconds Timeout value in seconds. Enter an integer from 1 to 60. The default is 5 seconds. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-349 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To override the global TCP timeout setting (specified by the ldap-server timeout command) for a specific server, use the ldap-server host timeout command. Examples To globally configure the timeout value to 30 seconds, enter: host1/Admin(config)# ldap-server timeout 30 To change to the default of 5 seconds between transmission attempts, enter: host1/Admin(config)# no ldap-server timeout 30 Related Commands show aaa (config) aaa group server (config) ldap-server host (config) ldap-server port (config) line console (ACE module only) To configure the console interface settings, use the line console configuration mode command. When you enter this command, the prompt changes (config-console) and you enter the console configuration mode. Use the no form of this command to reset the console configuration mode parameters to their default settings. line console no line console Syntax Description There are no keywords or arguments for this command. Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The console port is an asynchronous serial port on the Catalyst 6500 series switch that enables the ACE to be set up for initial configuration through a standard RS-232 port with an RJ-45 connector. Any device connected to this port must be capable of asynchronous transmission. Connection to a terminal requires a terminal emulator to be configured as 9600 baud, 8 data bits, 1 stop bit, no parity. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-350 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands For information about the commands in console configuration mode, see the “Console Configuration Mode Commands” section. Examples To enter console configuration mode, enter: host1/Admin(config)# line console host1/Admin(config-console)# Related Commands clear line show line (config) line vty To configure the virtual terminal line settings, use the line vty configuration mode command. When you enter this command, the prompt changes (config-line) and you enter the line configuration mode. Use the no form of this command to reset the line configuration mode parameter to its default setting. line vty no line vty Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in line configuration mode, see the “Line Configuration Mode Commands” section. Examples To enter the line configuration mode, enter: host1/Admin(config)# line vty host1/Admin(config-line)# ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-351 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands clear line show line2-352 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) login timeout To modify the length of time that a user can be idle before the ACE terminates the console, Telnet, or Secure Shell (SSH) session, use the login timeout command. By default, the inactivity timeout value is 5 minutes. Use the no form of this command to restore the default timeout value of 5 minutes. login timeout minutes no login timeout Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To specify a timeout period of 10 minutes, enter: host1/Admin(config)# login timeout 10 To restore the default timeout value of 5 minutes, enter. host1/Admin(config)# no login timeout Related Commands telnet (config-cmap-mgmt) match protocol minutes Length of time in minutes. Enter a value from 0 to 60 minutes. A value of 0 instructs the ACE never to time out. The default is 5 minutes. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-353 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging buffered To enable system logging to a local buffer and to limit the messages sent to the buffer based on severity, use the logging buffered command. By default, logging to the local buffer on the ACE is disabled. New messages are appended to the end of the buffer. The first message displayed is the oldest message in the buffer. When the log buffer fills, the ACE deletes the oldest message to make space for new messages. Use the no form of this command to disable message logging. logging buffered severity_level no logging buffered Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To set the logging buffer level to 3 for logging error messages, enter: host1/Admin(config)# logging buffered 3 To disable message logging, enter: host1/Admin(config)# no logging buffered severity_level Maximum level for system log messages sent to the buffer. The severity level that you specify indicates that you want syslog messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-354 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands (config) logging enable2-355 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging console To enable the logging of syslog messages during console sessions and to limit the display of messages based on severity, use the logging console command. By default, the ACE does not display syslog messages during console sessions. Use the no form of this command to disable logging to the console. logging console severity_level no logging console Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Logging to the console can degrade system performance. Use the logging console command only when you are testing and debugging problems, or when there is minimal load on the network. We recommend that you use the lowest severity level possible because logging at a high rate may affect ACE performance. Do not use this command when the network is busy. Examples To enable system logging to the console for messages with severity levels of 2, 1, and 0: host1/Admin(config)# logging console 2 severity_level Maximum level for system log messages sent to the console. The severity level that you specify indicates that you want to log messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-356 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands (config) logging enable2-357 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging device-id To specify that the device ID of the ACE is included in the syslog message, use the logging device-id command. If enabled, the ACE displays the device ID in all non-EMBLEM-formatted syslog messages. The device ID specification does not affect the syslog message text that is in the EMBLEM format. Use the no form of this command to disable device ID logging for the ACE in the syslog message. logging device-id {context-name | hostname | ipaddress interface_name | string text} no logging device-id Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The device ID part of the syslog message is viewed through the syslog server only and not directly on the ACE. The device ID does not appear in EMBLEM-formatted messages, Simple Network Management Protocol (SNMP) traps, or on the ACE console, management session, or buffer. Examples To instruct the ACE to use the hostname of the ACE to uniquely identify the syslog messages, enter: host1/Admin(config)# logging device-id hostname context-name Specifies the name of the current context as the device ID to uniquely identify the syslog messages sent from the ACE. hostname Specifies the hostname of the ACE as the device ID to uniquely identify the syslog messages sent from the ACE. ipaddress interface_name Specifies the IP address of the interface as the device ID to uniquely identify the syslog messages sent from the ACE. You can specify the IP address of a VLAN interface or BVI as the device ID. If you use the ipaddress keyword, syslog messages sent to an external server contain the IP address of the interface specified, regardless of which interface the ACE uses to send the log data to the external server. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. string text Specifies a text string to uniquely identify the syslog messages sent from the ACE. The maximum length is 64 alphanumeric characters without spaces. You cannot use the following characters: & (ampersand), ‘ (single quotation mark), “ (double quotation marks), < (less than), > (greater than), or ? (question mark). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-358 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To disable the use of the hostname of the ACE, enter: host1/Admin(config)# no logging device-id Related Commands (config) logging enable2-359 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging enable To enable message logging, use the logging enable command. Message logging is disabled by default. You must enable logging if you want to send messages to one or more output locations. Use the no form of this command to stop message logging to all output locations. logging enable no logging enable Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Message logging is disabled by default. When enabled, log messages are sent to a logging process, which logs messages to designated locations asynchronously to the processes that generated the messages. You must set a logging output location to view any logs. Examples To enable message logging to all output locations, enter: host1/Admin(config)# logging enable To stop message logging to all output locations, enter: host1/Admin(config)# no logging enable Related Commands This command has no related commands. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-360 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging facility To change the logging facility to a value other than the default of 20 (LOCAL4), use the logging facility command. Most UNIX systems expect the messages to use facility 20. The ACE allows you to change the syslog facility type to identify the behavior of the syslog daemon (syslogd) on the host. Use the no form of this command to set the syslog facility to its default of 20. logging facility number no logging facility number Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The syslog daemon uses the specified syslog facility to determine how to process messages. Each logging facility configures how the syslog daemon on the host handles a message. Syslog servers file messages based on the facility number in the message. For more information on the syslog daemon and facility levels, see your syslog daemon documentation. Examples To set the syslog facility as 16 (LOCAL0) in syslog messages, enter: host1/Admin(config)# logging facility 16 To change the syslog facility back to the default of LOCAL4, enter: host1/Admin(config)# no logging facility 16 Related Commands (config) logging enable number Syslog facility. Enter an integer from 16 (LOCAL0) to 23 (LOCAL7). The default is 20 (LOCAL4). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-361 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging fastpath To enable the logging of connection setup and teardown messages through the fastpath, use the logging fastpath command. By default, the ACE logs connection setup and teardown syslog messages through the control plane. Use the no form of this command to disable the logging of connection setup and teardown syslog messages. logging fastpath no logging fastpath Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Because of the large number of syslog messages that are generated by connection setup and teardown, you can instruct the ACE to send these syslogs through the fast path instead of the control plane. The fast path supports a much higher rate of syslogs than the control plane does. When you instruct the ACE to send these syslogs through the fast path, the message formatting changes (different message spacing) and the syslog IDs change from 106023, 302022, 302023, 302024, and 302025 to 106028, 302028, 302029, 302030, and 302031, respectively. Examples To configure the ACE to log connection setup and teardown syslog messages, enter: host1/Admin(config)# logging fastpath To disable the ACE from logging connection setup and teardown syslog messages, enter: host1/Admin(config)# no logging fastpath Related Commands (config) logging enable ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-362 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging history To set the Simple Network Management Protocol (SNMP) message severity level when sending log messages to a network management system (NMS), use the logging history command. Use the no form of this command to disable logging of informational system messages to an NMS. logging history severity_level no logging history Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To enable or disable all SNMP syslog message logging, use the logging history command without the severity_level argument. We recommend that you use the debugging (7) level during initial setup and during testing. After setup, set the level from debugging (7) to a lower value for use in your network. Examples To send informational system message logs to an SNMP NMS, enter: host1/Admin(config)# logging history 6 severity_level Maximum level system log messages sent as traps to the NMS. The severity level that you specify indicates that you want to log messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-363 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To disable logging to an SNMP NMS, enter: host1/Admin(config)# no logging history Related Commands (config) logging enable2-364 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging host To specify a host (the syslog server) that receives the syslog messages sent by the ACE, use the logging host command. You can use multiple logging host commands to specify additional servers to receive the syslog messages. Use the no form of this command to disable logging to a syslog server. By default, logging to a syslog server on a host is disabled on the ACE. logging host ip_address [tcp | udp [/port#] | [default-udp] | [format emblem]] no logging host ip_address Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you choose to send log messages to a host, the ACE sends those messages using either UDP or TCP. The host must run a program (known as a server) called syslogd, a daemon that accepts messages from other applications and the network, and writes them out to system wide log files. UNIX provides the syslog server as part of its operating system. If you are running Microsoft Windows, you must obtain a syslog server for the Windows operating system. ip_address IP address of the host to be used as the syslog server. tcp (Optional) Specifies to use TCP to send messages to the syslog server. A server can only be specified to receive either UDP or TCP, not both. udp (Optional) Specifies to use UDP to send messages to the syslog server. A server can only be specified to receive either UDP or TCP, not both. /port# (Optional) Port that the syslog server listens to for syslog messages. Enter an integer from 1025 to 65535. The default protocol and port are UDP/514. The default TCP port, if specified, is 1470. default-udp (Optional) Instructs the ACE to default to UDP if the TCP transport fails to communicate with the syslog server. format emblem (Optional) Enables EMBLEM-format logging for each syslog server. The Cisco Resource Management Environment (RME) is a network management application that collects syslogs. RME can process syslog messages only if they are in EMBLEM format. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-365 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands If you use TCP as the logging transport protocol, the ACE denies new network access sessions if the ACE is unable to reach the syslog server, if the syslog server is misconfigured, if the TCP queue is full, or if the disk is full. The format emblem keywords allow you to enable EMBLEM-format logging for each syslog server. EMBLEM-format logging is available for either TCP or UDP syslog messages. If you enable EMBLEM-format logging for a particular syslog host, then the messages are sent to that host. If you also enable the logging timestamp command, the messages are sent to the syslog server with a time stamp. For example, the EMBLEM format for a message with a time stamp appears as follows: ipaddress or dns name [Dummy Value/Counter]: [mmm dd hh:mm:ss TimeZone]: %FACILITY-[SUBFACILITY-]SEVERITY-MNEMONIC: [vtl-ctx: context id] Message-text Examples To send log messages to a syslog server, enter: host1/Admin(config)# logging host 192.168.10.1 tcp/1025 format emblem default-udp To disable logging to a syslog server, enter: host1/Admin(config)# no logging host 192.168.10.1 Related Commands (config) logging enable (config) logging timestamp2-366 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging message To control the display of a specific system logging message or to change the severity level associated with the specified system logging message, use the logging message command. Use the no form of this command to disable logging of the specified syslog message. logging message syslog_id [level severity_level] no logging message syslog_id Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can use the show logging command to determine the level currently assigned to a message and whether the message is enabled. For information on syslog messages and their IDs, see the System Message Guide, Cisco ACE Application Control Engine. syslog_id Specific message that you want to disable or to enable. level severity_level (Optional) Changes the severity level associated with a specific system log message. For example, the %-4-411001 message listed in the syslog has the default assigned severity level of 4 (warning message). You can change the assigned default severity level to a different level. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-367 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To disable the %-6-615004 syslog message (VLAN available for configuring an interface), enter: host1/Admin(config)# no logging message 615004 To resume logging of the disabled syslog message, enter: host1/Admin(config)# logging message 615004 level 6 To change the severity level of the 615004 syslog message from the default of 6 (informational) to a severity level of 5 (notification), enter: (config)# logging message 615004 level 5 To return the severity level of the 615004 syslog message to the default of 6, enter: host1/Admin(config)# no logging message 615004 Related Commands (config) logging enable2-368 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) logging monitor To display syslog messages as they occur when accessing the ACE through a Secure Shell (SSH) or a Telnet session, use the logging monitor command. You can limit the display of messages based on severity. By default, logging to a remote connection using the SSH or Telnet is disabled on the ACE. Use the no form of this command to disable system message logging to the current Telnet or SSH session. logging monitor severity_level no logging monitor Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Note Before you can use this command, you must enable remote access on the ACE and establish a remote connection using the SSH or Telnet protocols from a PC. severity_level Maximum level for system log messages displayed during the current SSH or Telnet session. The severity level that you specify indicates that you want to log messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-369 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To display logs during the SSH or Telnet session, use the terminal monitor Exec mode command. This command enables syslog messages for all sessions in the current context. The logging monitor command sets the logging preferences for all SSH and Telnet sessions, while the terminal monitor command controls logging for each individual Telnet session. However, in each session, the terminal monitor command controls whether syslog messages appear on the terminal during the session. Examples To send informational system message logs to the current Telnet or SSH session, enter: host1/Admin# terminal monitor host1/Admin# config Enter configuration commands, one per line. End with CNTL/Z host1/Admin(config)# logging monitor 6 To disable system message logging to the current Telnet or SSH session, enter: host1/Admin(config)# no logging monitor Related Commands (config) logging enable (config) logging persistent To send specific log messages to compact flash on the ACE, use the logging persistent command. By default, logging to compact flash is disabled on the ACE. The ACE allows you to specify the system message logs that you want to keep after a system reboot by saving them to compact flash. Use the no form of this command to disable logging to compact flash. logging persistent severity_level no logging persistent Syntax Description Command Modes Configuration mode Admin and user contexts severity_level Maximum level for system log messages sent to compact flash. The severity level that you specify indicates that you want to log messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages)2-370 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. We recommend that you use a lower severity level, such as severity level 3, because logging at a high rate to flash memory on the ACE might affect performance. Examples To send informational system message logs to flash memory on the ACE, enter: host1/Admin(config)# logging persistent 6 To disable logging to flash memory on the ACE, enter: host1/Admin(config)# no logging persistent Related Commands (config) logging enable (config) logging queue To change the number of syslog messages that can appear in the message queue, use the logging queue command. By default, the ACE can hold 80 syslog messages in the message queue while awaiting processing. Use the no form of this command to reset the logging queue size to the default of 100 messages. logging queue queue_size no logging queue queue_size Syntax Description Command Modes Configuration mode Admin and user contexts Command History ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. queue_size Queue size for storing syslog messages. Enter an integer from 1 to 8192. The default is 80 messages. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-371 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Set the queue size before the ACE processes syslog messages. When traffic is heavy, messages might get discarded. Examples To set the size of the syslog message queue to 1000, enter: host1/Admin(config)# logging queue 1000 To reset the logging queue size to the default of 80 messages, enter: host1/Admin(config)# no logging queue 0 Related Commands (config) logging enable (config) logging rate-limit To limit the rate at which the ACE generates messages in the syslog, use the logging rate-limit command. You can limit the number of syslog messages generated by the ACE for specific messages. Use the no form of this command to disable rate limiting for message logging in the syslog. logging rate-limit {num {interval | level severity_level | message syslog_id} | unlimited {level severity_level | message syslog_id}} no logging rate-limit {num {interval | level severity_level | message syslog_id} | unlimited {level severity_level | message syslog_id}} Syntax Description ACE Appliance Release Modification A1(7) This command was introduced. num Number at which the syslog is to be rate limited. interval Time interval in seconds over which the system message logs should be limited. The default time interval is 1 second.2-372 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Disabled rate limiting is the default setting. In this case, the logging rate-limit unlimited command will not be displayed in the ACE running-configuration file. The severity level you enter indicates that you want all syslog messages at the specified level to be rate-limited. For example, if you specify a severity level of 7, the ACE applies a rate limit only to level 7 (debugging messages). If you want to apply a logging rate limit on a different severity level, you must configure the logging rate-limit level command for that level as well. If you configure rate limiting for syslogs 302028 through 302031 (connection setup and teardown syslogs that are formatted in the data plane), the ACE always rate-limits these syslogs at level 6. Even if you change the logging level to a different value using the logging message command and the new logging level appears on the syslog server or other destination, the ACE will continue to rate-limit these syslogs at level 6. For information on syslog messages and their IDs, see the System Message Guide, Cisco ACE Application Control Engine. level severity_level Specifies the syslog level that you want to rate limit. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) message syslog_id Identifies the ID of the specific message you want to suppress reporting. unlimited Disables rate limiting for messages in the syslog. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-373 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To limit the syslog rate to a 60-second time interval for informational messages (level 6), enter: host1/Admin(config)# logging rate-limit 42 60 level 6 To suppress reporting of system message 302022, enter: host1/Admin(config)# logging rate-limit 42 60 302022 To disable rate limiting, enter: host1/Admin(config)# no logging rate-limit 42 60 level 6 Related Commands (config) logging enable (config) logging standby To enable logging on the standby ACE in a redundant configuration, use the logging standby command. When enabled, the standby ACE syslog messages remain synchronized should a failover occur. When enabled, this command causes twice the message traffic on the syslog server. Use the no form of this command to disable logging on the standby ACE. logging standby no logging standby Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is disabled by default. Examples To enable logging on the failover standby ACE: host1/Admin(config)# logging standby ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-374 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To disable logging on the standby ACE, enter: host1/Admin(config)# no logging standby Related Commands (config) logging enable (config) logging supervisor (ACE module only) To set the severity level at which syslog messages are sent to the supervisor engine, use the logging supervisor command. The ACE can forward syslog messages to the supervisor engine on the Catalyst 6500 series switch. Use the no form of this command to disable system message logging to the supervisor engine. logging supervisor severity_level no logging supervisor Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. severity_level Maximum level for system log messages. The severity level that you specify indicates that you want to log messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-375 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To send informational system message logs to the supervisor engine on the Catalyst 6500 series switch, enter: host1/Admin(config)# logging supervisor 6 To disable system message logging to the supervisor engine, enter: host1/Admin(config)# no logging supervisor 3 Related Commands (config) logging enable (config) logging timestamp To specify that syslog messages should include the date and time that the message was generated, use the logging timestamp command. By default, the ACE does not include the date and time in syslog messages. Use the no form of this command to specify that the ACE not include the date and time when logging syslog messages. logging timestamp no logging timestamp Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is disabled by default. Examples To enable the time stamp on system logging messages, enter: host1/Admin(config)# logging timestamp To disable the time stamp from syslog messages, enter: host1/Admin(config)# no logging timestamp ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-376 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands (config) logging enable (config) logging trap To identify which messages are sent to a syslog server, use the logging trap command. This command limits the logging messages sent to a syslog server based on severity. Use the no form of this command to return the trap level to the default (information messages). logging trap severity_level no logging trap Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To send logging messages to a syslog server, use the logging host command to specify the name or IP address of the host to be used as the syslog server. severity_level Maximum level for system log messages. The severity level that you specify indicates that you want to log messages at that level and below. Allowable entries are as follows: • 0—emergencies (system unusable messages) • 1—alerts (take immediate action) • 2—critical (critical condition) • 3—errors (error message) • 4—warnings (warning message) • 5—notifications (normal but significant condition) • 6—informational (information message) • 7—debugging (debug messages) ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-377 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To send informational system message logs to the syslog server, enter: host1/Admin(config)# logging trap 6 To disable sending message logs to the syslog server, enter: host1/Admin(config)# no logging trap 6 Related Commands (config) logging enable (config) logging host (config) nexus-device To create the DCI device (Nexus 7000 series switch) for the dynamic workload scaling (DWS) feature, use the nexus-device command. The CLI prompt changes to (config-dci). See the “DCI Configuration Mode Commands” section for details. Use the no form of this command to remove the DCI device from the configuration. nexus-device name no nexus-device name Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The DCI device provides the locality information (local or remote) of the virtual machines (VMs) only. You can configure one DCI device per ACE. Examples To create a DCI device named DCI_DEVICE1, enter: host1/Admin(config)# nexus-device DCI_DEVICE1 host1/Admin(config-dci)# To remove the DCI device from the configuration, enter: host1/Admin(config)# no nexus-device DCI_DEVICE1 name Name of the DCI device that the ACE queries for the locality information of the VMs. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module/Appliance Release Modification A4(2.0) This command was introduced.2-378 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands show nexus-device2-379 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ntp (ACE appliance only) To configure the ACE system clock to synchronize a peer (or to be synchronized by a peer) or to be synchronized by a time server, use the ntp command. Use the no form of the command to remove an NTP peer or server from the configuration. ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]} no ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]} Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. An NTP association can be a peer association, which means that the ACE is willing to synchronize to the other system or to allow the other system to synchronize to the ACE. An NTP association can also be a server association, which means that only this system will synchronize to the other system, not the other way around. You can identify multiple servers; the ACE uses the most accurate server. To send logging messages to a syslog server, use the logging host command to specify the name or IP address of the host to be used as the syslog server. Examples To specify multiple NTP server IP addresses and identify a preferred server, enter: host1/Admin(config)# ntp server 192.168.10.10 prefer host1/Admin(config)# ntp server 192.168.4.143 host1/Admin(config)# ntp server 192.168.5.10 peer Configures the ACE system clock to synchronize a peer or to be synchronized by a peer. You can specify multiple associations. ip_address1 IP address of the peer providing or being provided by the clock synchronization. prefer (Optional) Makes this peer the preferred peer that provides synchronization. Using the prefer keyword reduces switching back and forth between peers. server Configures the ACE system clock to be synchronized by a time server. You can specify multiple associations. ip_address2 IP address of the time server that provides the clock synchronization. prefer (Optional) Makes this server the preferred server that provides synchronization. Use the prefer keyword to set this NTP server as the preferred server if multiple servers have similar accuracy. NTP uses an algorithm to determine which server is the most accurate and synchronizes to that one. If servers have similar accuracy, then the prefer keyword specifies which of those servers to use. ACE Appliance Release Modification A1(7) This command was introduced.2-380 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To form a peer association with a preferred peer, enter: host1/Admin(config)# ntp peer 192.168.10.0 prefer To remove an NTP peer or server from the configuration, enter: host1/Admin(config)# no ntp peer 192.168.10.0 Related Commands clear np show clock (config) object-group To create an object group, use the object-group command. Object groups allow you to streamline the creation of multiple ACL entries in an ACL. Use the no form of this command to remove the object group from the configuration. object-group [network | service] name no object-group [network | service] name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines You can create either network or service object groups. After you create these groups, you can use a single ACL entry to allow trusted hosts to make specific service requests to a group of public servers. If you add new members to an existing object group that is already in use by an entry in a large ACL, recommitting the ACL can take a long time, depending on the size of the ACL and the object group. In some cases, making this change can cause the ACE to devote over an hour to committing the ACL, during which time you cannot access the terminal. We recommend that you first remove the ACL entry that refers to the object group, make your change, and then add the ACL entry back into the ACL. network Specifies a group of hosts or subnet IP addresses. service Specifies a group of TCP or UDP port specifications. name Unique identifier for the object group. Enter the object group name as an unquoted, alphanumeric string from 1 to 64 characters. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.2-381 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To create a network object group, enter: host1/Admin(config)# object-group network NET_OBJ_GROUP1 Related Commands (config-objgrp-netw) ip_address (config-objgrp-netw) host2-382 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) optimize (ACE appliance only) To configure the global optimization settings on the ACE, enter the optimize command. The CLI prompt changes to (config-optimize). To remove an optimize mode selection, use the no form of the command. optimize no optimize Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines The commands in this mode require the loadbalance feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about commands in optimize configuration mode, see the “Optimize Configuration Mode Commands” section. For details about configuring the commands in the optimize configuration mode, see the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance. Examples To access the optimize configuration mode, enter: host1/Admin(config)# optimize host1/Admin(config-optimize)# Related Commands show optimization-global (config) parameter-map type To create a connection-, HTTP- or SSL-type parameter map, use the parameter-map type command. For the ACE appliance only, you can also create an optimization HTTP-type parameter map. Use the no form of this command to remove a parameter map from the ACE. parameter-map type {connection | generic | http | optimization http | rtsp | sip | skinny | ssl} name no parameter-map type {connection | generic | http | optimization http | rtsp | sip | skinny | ssl} name ACE Appliance Release Modification A1(7) This command was introduced.2-383 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description connection Specifies a connection-type parameter map. After you create the connection-type parameter map, you configure TCP, IP, and other settings for the map in the parameter map connection configuration mode. For information about the commands in parameter map connection configuration mode, see the “Parameter Map Connection Configuration Mode Commands” section. dns Specifies a DNS parameter map. After you create a DNS parameter map, you configure settings for the map in the parameter map DNS configuration mode. For information about the commands in parameter map DNS configuration mode, see the “Parameter Map DNS Configuration Mode Commands” section. generic Specifies a generic Layer 7 parameter map. After you create the generic Layer 7 parameter map, you configure settings for the map in the parameter map generic configuration mode. For information about the commands in parameter map generic configuration mode, see the “Parameter Map HTTP Configuration Mode Commands” section. http Specifies an HTTP-type parameter map. After you create the HTTP-type parameter map, you configure HTTP settings for the map in the parameter map HTTP configuration mode. For information about the commands in parameter map HTTP configuration mode, see the “Parameter Map HTTP Configuration Mode Commands” section. optimization http (ACE appliance only) Specifies an optimization HTTP-type parameter map and define its application acceleration and optimization settings. After you create the optimization HTTP-type parameter map, you configure settings for the map in the parameter map optimization HTTP configuration mode. For information about the commands in parameter map HTTP connection configuration mode, see the “Parameter Map Optimization Configuration Mode Commands” section. rtsp Specifies an RTSP-type parameter map. After you create the RTSP-type parameter map, you configure RTSP settings for the map in the parameter map RTSP configuration mode. For information about the commands in parameter map RTSP configuration mode, see the “Parameter Map RTSP Configuration Mode Commands” section. sip Specifies a SIP-type parameter map. After you create the SIP-type parameter map, you configure SIP settings for the map in the parameter map SIP configuration mode. For information about the commands in parameter map SIP configuration mode, see the “Parameter Map SIP Configuration Mode Commands” section. skinny Specifies a Skinny Client Control Protocol (SCCP) type parameter map. After you create the SCCP-type parameter map, you configure SCCP settings for the map in the parameter map SCCP configuration mode. For information about the commands in parameter map SCCP configuration mode, see the “Parameter Map SCCP Configuration Mode Commands” section.2-384 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines The connection and http commands requires the connection feature in your user role. The ssl commands in this mode require the connection or SSL feature. (ACE appliance only) The optimization http commands in this mode require the loadbalance feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The parameter-map type command allows you to configure a series of Layer 3 and Layer 4 statements that instruct the ACE how to handle TCP termination, normalization and reuse, SSL termination, and advanced HTTP behavior for server load-balancing connections. After you enter this command, the system enters the corresponding parameter map configuration mode. To access one of the parameter-map configuration modes, enter the appropriate parameter-map type command. For example, enter parameter-map type connection, parameter-map type http, or parameter-map type ssl. The CLI prompt changes to the corresponding mode, for example, (config-parammap-conn), (config-parammap-http), or (config-parammap-ssl). After you configure the parameter map, you associate it with a specific action statement in a policy map. Examples To create a connection-type parameter map called TCP_MAP, enter: host1/Admin(config)# parameter-map type connection TCP_MAP host1/Admin(config-parammap-conn)# To create an HTTP-type parameter map called HTTP_MAP, enter: host1/Admin(config)# parameter-map type http HTTP_MAP host1/Admin(config-parammap-http)# ssl Specifies an SSL-type parameter map. After you create the SSL-type parameter map, you configure SSL settings for the map in the parameter map SSL configuration mode. For information about the commands in parameter map SSL connection configuration mode, see the “Parameter Map SSL Configuration Mode Commands” section. name Name assigned to the parameter map. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised.2-385 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To create an SSL-type parameter map called SSL_MAP, enter: host1/Admin(config)# parameter-map type ssl SSL_MAP host1/Admin(config-parammap-ssl)# ACE Appliance Example To create an optimization HTTP parameter map called OPTIMIZE_MAP, enter: host1/Admin(config)# parameter-map type optimization http OPTIMIZE_MAP host1/Admin(config-parammap-optmz)# Related Commands show running-config (config) policy-map (config) peer hostname To specify a hostname for the peer ACE in a redundant configuration, use the peer hostname command. The hostname is used for the command line prompts and default configuration filenames. If you establish sessions to multiple devices, the hostname helps you track where you enter commands. Use the no form of this command to reset the hostname of the peer to the default of switch. peer hostname name no peer hostname name Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, the hostname for the ACE is switch. name New hostname for the peer ACE. Enter a case-sensitive text string that contains from 1 to 32 alphanumeric characters. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.2-386 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To change the hostname of the peer ACE from switch to ACE_1, enter: switch/Admin(config)# peer hostname ACE_1 ACE_1/Admin(config)# Related Commands (config) hostname (config) peer shared-vlan-hostid To configure a specific bank of MAC addresses for a peer ACE in a redundant configuration, use the peer shared-vlan-hostid command. Use the no form of this command to remove the configured bank of MAC addresses. peer shared-vlan-hostid number no peer shared-vlan-hostid Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To configure bank 3 for a peer ACE, enter: host1/Admin(config)# peer shared-vlan-hostid 3 To remove the configured bank of MAC addresses, enter: host1/Admin(config)# no peer shared-vlan-hostid number Bank of MAC addresses that the ACE uses. Enter a number from 1 to 16. Be sure to configure different bank numbers for multiple ACEs. ACE Module Release Modification 3.0(0)A1(6.2a) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-387 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands (config) arp (config) shared-vlan-hostid2-388 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) policy-map Use the policy-map command to create a Layer 3 and Layer 4 or Layer 7 policy map. To access one of the policy map configuration modes, use the policy-map command. Use the no form of this command to remove a policy map from the ACE. policy-map multi-match map_name policy-map type inspect {ftp first-match | http all-match | sip all-match | skinny} map_name policy-map type loadbalance {first-match | generic first-match | http first-match | radius first-match | rdp first-match | rtsp first-match | sip first-match} map_name policy-map type management first-match map_name policy-map type optimization http first-match map_name no policy-map multi-match map_name no policy-map type inspect {ftp first-match | http all-match | sip all-match | skinny} map_name no policy-map type loadbalance {first-match | generic first-match | http first-match | radius first-match | rdp first-match | rtsp first-match | sip first-match} map_name no policy-map type management first-match map_name Syntax Description multi-match Configures a Layer 3 and Layer 4 policy map that defines the different actions applied to traffic passing through the ACE. The ACE attempts to match multiple classes within the Layer 3 and Layer 4 policy map to allow a multifeature Layer 3 and Layer 4 policy map. The ACE executes the action for only one matching class within each of the class sets. The definition of which classes are in the same class set depends on the actions applied to the classes; the ACE associates each policy map action with a specific set of classes. For information about the commands in policy map configuration mode, see the “Policy Map Configuration Mode Commands” section. map_name Name assigned to the policy map. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. type Specifies the type of policy map to be defined. When you specify a policy map type, you enter its corresponding policy map configuration mode (for example, RADIUS load balancing). inspect ftp first-match Specifies a Layer 7 policy map that defines the inspection of File Transfer Protocol (FTP) commands by the ACE. The ACE executes the action for the first matching classification. For a list of classes in a policy map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map FTP inspection configuration mode, see the “Policy Map FTP Inspection Configuration Mode Commands” section.2-389 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands inspect http all-match Specifies a Layer 7 policy map that defines the deep packet inspection of the HTTP protocol by the ACE. The ACE attempts to match all specified conditions against the matching classification and executes the actions of all matching classes until it encounters a deny for a match request. For information about the commands in policy map inspection HTTP configuration mode, see the “Policy Map Inspection HTTP Configuration Mode Commands” section. inspect sip all-match Specifies a Layer 7 policy map that defines the inspection of SIP protocol packets by the ACE. The ACE attempts to match all specified conditions against the matching classification and executes the actions of all matching classes until it encounters a deny for a match request. For information about the commands in policy map inspection SIP configuration mode, see the “Policy Map Inspection SIP Configuration Mode Commands” section. inspect skinny Specifies a Layer 7 policy map that defines the inspection of SCCP or skinny protocol packets by the ACE. The ACE uses the SCCP inspection policy to filter traffic based on message ID and to perform user-configurable actions on that traffic. For information about the commands in policy map inspection SIP configuration mode, see the “Policy Map Inspection Skinny Configuration Mode Commands” section. loadbalance first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing HTTP Configuration Mode Commands” section. loadbalance generic first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing Generic Configuration Mode Commands” section. loadbalance http first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing HTTP Configuration Mode Commands” section.2-390 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode loadbalance radius first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing RADIUS Configuration Mode Commands” section. loadbalance rdp first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing RDP Configuration Mode Commands” section. loadbalance rtsp first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing RDP Configuration Mode Commands” section. loadbalance sip first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server load-balancing decisions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map load balance configuration mode, see the “Policy Map Load Balancing SIP Configuration Mode Commands” section. management first-match Specifies a Layer 3 and Layer 4 policy map that defines the IP management protocols that can be received by the ACE. The ACE executes the specified action only for traffic that meets the first matching classification with a policy map. For information about the commands in policy map management configuration mode, see the “Policy Map Management Configuration Mode Commands” section. optimization http first-match (ACE appliance only) Specifies a Layer 7 policy map that defines Layer 7 HTTP optimization operations. The Layer 7 optimization HTTP policy map associates an HTTP optimization action list and parameter map to configure the specified optimization actions. The ACE executes the action for the first matching classification. For a list of classes in a policy-map, the actions associated with the first class that matches the packet are the actions that the ACE executes on the packet. For information about the commands in policy map optimization configuration mode, see the “Policy Map Optimization Configuration Mode Commands” section.2-391 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Admin and user contexts Command History Usage Guidelines This command requires the inspect, loadbalance, NAT, connection, or SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use the policy map configuration mode commands to configure a series of Layer 3 and Layer 4 or Layer 7 policies. Each policy map defines a series of actions (functions) that you apply to a set of classified inbound traffic. The CLI prompt changes correspondingly to the selected policy map configuration mode: config-pmap, config-pmap-c, config-pmap-insp-http, config-pmap-insp-http-c, config-pmap-insp-http-m, config-pmap-lb, config-pmap-lb-c, config-pmap-lb-m, config-pmap-mgmt, and config-pmap-mgmt-c. (ACE appliance only) In addition, the prompt include config-pmap-optmz and config-pmap-optmz-c. For a Layer 3 and Layer 4 traffic classification, you create Layer 3 and Layer 4 policy maps with actions that configure the following: • Network management traffic received by the ACE (HTTP, HTTPS, ICMP, SNMP, SSH, or Telnet) • Server load balancing based on Layer 3 and Layer 4 connection information (virtual IP address) • Secure Sockets Layer (SSL) security services between a web browser (the client) and the HTTP connection (the server) • Static or dynamic Network Address Translation (NAT) • Application protocol inspection (also known as protocol fixup) • TCP termination, normalization, and reuse • IP normalization and fragment reassembly For a Layer 7 traffic classification, you create policy maps with actions that configure the following: • Server load balancing based on the Layer 7 HTTP-related information (such as HTTP headers, cookies, and URLs), or the client IP address • (ACE appliance only) Application acceleration and optimization functions • Deep packet inspection of the HTTP protocol • FTP command inspection The ACE supports a system-wide maximum of 4096 policy maps. For details about creating a policy map, see the Administration Guide, Cisco ACE Application Control Engine. Examples To create a Layer 3 and Layer 4 server load-balancing policy map named L4_SLB_POLICY, enter: host1/Admin(config)# policy-map multi-match L4_SLB_POLICY ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised.2-392 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands host1/Admin(config-pmap)# To create a Layer 3 and Layer 4 management protocol policy map named L4_MGMT-ACCESS_POLICY, enter: host1/Admin(config)# policy-map type management match-any L4_MGMT-ACCESS_CLASS host1/Admin(config-pmap-mgmt)# (ACE appliance only) To create a Layer 7 optimization HTTP policy map named L7OPTIMIZATION_POLICY, enter: host/Admin(config)# policy-map type optimization http first-match L7OPTIMIZATION_POLICY host/Admin(config-pmap-optmz)# To create a Layer 7 HTTP server load-balancing policy map named L7_SLB_POLICY, enter: host1/Admin(config)# policy-map type loadbalance first-match L7_SLB_POLICY host1/Admin(config-pmap-lb)# To create a Layer 7 HTTP deep packet inspection policy map named L7_HTTP_INSPECT_POLICY, enter: host/Admin(config) # policy-map type inspect http all-match HTTP_INSPECT_L7POLICY host/Admin(config-pmap-ins-http)# To create a Layer 7 FTP command inspection policy map named L7_FTP_INSPECT_POLICY, enter: host1/Admin(config)# class-map type ftp inspect match-any L7_FTP_INSPECT_POLICY host1/Admin(config-pmap-ftp-ins)# Related Commands show startup-config (config) class-map (config) parameter-map type (config) service-policy (config) probe To define a probe and access its configuration mode, use the probe command. The CLI prompt changes to (config-probe_type). Use the no form of this command to delete the probe. probe probe_type probe_name no probe probe_type probe_name Syntax Description probe_type Probe types. The probe type determines what the probe sends to the real server. Enter one of the following keywords: • dns—Sends a request to a DNS server giving it a configured domain. To determine if the server is up, the ACE must receive the configured IP address for that domain. • echo {tcp | udp}—Sends a string to the server and compares the response to the original string. If the response string matches the original string, the server is marked as passed. Otherwise, the ACE retries a configured number of times and time interval before the server is marked as failed.2-393 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands • finger—Sends a Finger probe to a server to verify that a defined username is a username on the server. Use the Finger protocol to configure the username string. • ftp—Initiates an FTP session. By default, this probe is for an anonymous login with the option of configuring a user ID and password. The ACE performs an FTP GET or LS to determine the outcome of the probe. This probe supports only active connections. • http—Sets up a TCP connection and issues an HTTP request. The default request is an HTTP 1.1 GET request with the URL /. Any valid HTTP response causes the probe to mark the real server as passed. You can also configure an HTTP response value. • https—Similar to the HTTP probe, but this probe uses SSL to generate encrypted data. • icmp—Sends an ICMP request and listens for a response. If the server returns a response, the ACE marks the real server as passed. If there is no response and the time times out, or an ICMP standard error such as DESTINATION_UNREACHABLE occurs, the ACE marks the real server as failed. • imap—Identical to POP/POP3 probe, but uses IMAP. • pop—Initiates a POP session, using a configured user ID and password. Then, the probe attempts to retrieve e-mail from the server and validates the result of the probe based on the return codes received from the server. • radius—Connects to a RADIUS server and logs in to it to determine whether the server is up. • rtsp—Establishes a TCP connection and sends a request packet to the RTSP server to determine whether the server is up. • scripted—Executes probes from a configured script to perform health probing. You can author specific scripts with features not present in standard health probes. • sip {tcp | udp}— Establishes a TCP or UDP connection and sends an OPTIONS request packet to the user agent on the SIP server to determine whether the server is up. • smtp—Initiates an SMTP session by logging in to the server. • snmp—Establishes a UDP connection and sends a maximum of eight SMNP OID queries to probe the server. • tcp—Initiates a TCP handshake and expects a response. By default, a successful response causes the probe to mark the server as passed, and then the probe sends a FIN to end the session. If the response is not valid or if there is no response, the probe marks the real server as failed. • telnet—Establishes a connection to the real server and verifies that a greeting from the application was received.2-394 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about commands in probe configuration mode, see the “Probe Configuration Mode Commands” section. Examples To define a TCP probe named PROBE1 and access its mode, enter: host1/Admin(config)# probe tcp PROBE1 host1/Admin(config-probe-tcp)# To delete a TCP probe named PROBE1, enter: host1/Admin(config)# no probe tcp PROBE1 • udp—Sends a UDP packet to a real server. The probe marks the server as failed only if an ICMP Port Unreachable message is returned. Optionally, you can configure this probe to send specific data and expect a specific response to mark the real server as passed. • vm—Polls the local VM load information from the VM controller (vCenter) for the dynamic workload scaling (DWS) feature. The ACE calculates the average aggregate load information as a percentage of CPU usage or memory usage to determine when to burst traffic to the remote data center. If the server farm consists of both physical servers and VMs, the ACE considers load information only from the VMs. After you configure the VM probe and its attributes, you associate it with a VM controller and a server farm. probe_name Identifier for the probe. The probe name associates the probe to the real server. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. A2(1.0) This command was revised. A4(2.0) Added the VM probe type. ACE Appliance Release Modification A1(7) This command was introduced. A3(1.0) This command was revised. A4(2.0) Added the VM probe type.2-395 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands clear probe show probe (config) radius-server attribute nas-ipaddr To specify a RADIUS NAS-IP-Address attribute, use the radius-server attribute nas-ipaddr command. Use the no form of this command to delete the RADIUS NAS-IP-Address and return to the default configuration. radius-server attribute nas-ipaddr nas_ip_address no radius-server attribute nas-ipaddr nas_ip_address Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, the NAS-IP-Address is not configured. The ACE performs a route lookup on the Remote Authentication Dial-In User Service (RADIUS) server IP address and uses the result. The RADIUS NAS-IP-Address attribute allows you to configure an arbitrary IP address to be used as RADIUS attribute 4, NAS-IP-Address for each context. The radius-server attribute nas-ipaddr command allows the ACE to behave as a single RADIUS client from the perspective of the RADIUS server. The configured NAS-IP-Address will be encapsulated in all outgoing RADIUS authentication request and accounting packets. Examples To specify a RADIUS NAS-IP-Address, enter: host1/Admin(config)# radius-server attribute nas-ipaddr 192.168.1.1 nas_ip_address IP address that is used as the RADIUS NAS-IP-Address, attribute 4. Enter the address in dotted-decimal IP notation (for example, 192.168.11.1). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-396 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To delete the RADIUS NAS-IP-Address and return to the default configuration, enter: host1/Admin(config)# no radius-server attribute nas-ipaddr 192.168.1.1 Related Commands show aaa (config) aaa group server (config) radius-server host (config) radius-server deadtime To globally set the time interval in which the ACE verifies whether a nonresponsive server is operational, use the radius-server deadtime command. Use the no form of this command to reset the Remote Authentication Dial-In User Service (RADIUS) server dead-time request to the default of 0. radius-server deadtime minutes no radius-server deadtime minutes Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use of this command causes the ACE to mark as “dead” any RADIUS servers that fail to respond to authentication requests. This action avoids the wait for the request to time out before trying the next configured server. The ACE skips a RADIUS server that is marked as dead by sending additional requests for the duration of minutes. The dead-time interval starts when the server does not respond to the number of authentication request transmissions configured through the radius-server retransmit command. When the server responds to a probe access-request packet, the ACE transmits the authentication request to the server. minutes Length of time that the ACE skips a nonresponsive RADIUS server for transaction requests. Enter an integer from 0 to 1440 (24 hours). The default is 0. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-397 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To globally configure a 15-minute dead-time for RADIUS servers that fail to respond to authentication requests, enter: host1/Admin(config)# radius-server deadtime 15 To set the RADIUS server dead-time request to 0, enter: host1/Admin(config)# no radius-server deadtime 15 Related Commands show aaa (config) aaa group server (config) radius-server host (config) radius-server host To designate and configure a host for RADIUS server functions, use the radius-server host command. You can define multiple radius-server host commands to configure multiple Remote Authentication Dial-In User Service (RADIUS) servers. Use the no form of this command to remove the RADIUS server from the configuration. radius-server host ip_address [key shared_secret [0 shared_secret | 7 shared_secret]] [auth-port port_number] [acct-port port_number] [authentication] [accounting] [timeout seconds] [retransmit count] no radius-server host ip_address [key shared_secret [0 shared_secret | 7 shared_secret]] [auth-port port_number] [acct-port port_number] [authentication] [accounting] [timeout seconds] [retransmit count] Syntax Description ip_address IP address for the RADIUS server. Enter the address in dotted-decimal IP notation (for example, 192.168.11.1). key (Optional) Enables an authentication key for communication between the ACE and the RADIUS daemon running on the RADIUS server. The key is a text string that must match the encryption key used on the RADIUS server. shared_secret Key that is used to authenticate communication between the RADIUS client and server. The shared secret must match the one configured on the RADIUS server. Enter the shared secret as a case-sensitive string with no spaces with a maximum of 63 alphanumeric characters. 0 (Optional) Configures a key specified in clear text (indicated by 0) to authenticate communication between the RADIUS client and server. 7 (Optional) Configures a key specified in encrypted text (indicated by 7) to authenticate communication between the RADIUS client and server. auth-port port_number (Optional) Specifies the UDP destination port for communicating authentication requests to the RADIUS server. By default, the RADIUS authentication port is 1812 (as defined in RFC 2138 and RFC 2139). The port_number argument specifies the RADIUS port number. Valid values are from 1 to 65535.2-398 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The key option overrides the global setting of the radius-server key command. If you do not specify a key, the global value is used. RADIUS keys are always stored in encrypted form in persistent storage. The running configuration also displays keys in encrypted form. If neither the authentication nor the accounting options are specified, the RADIUS server is used for both accounting and authentication. If your RADIUS server uses a port other than 1813, use the acct-port keyword to configure the ACE for the appropriate port before starting the RADIUS service. acct-port port_number (Optional) Specifies the UDP destination port for communicating accounting requests to the RADIUS server. By default, the RADIUS accounting port is 1813 (as defined in RFC 2138 and RFC 2139). The port_number argument specifies the RADIUS port number. Valid values are from 1 to 65535. authentication (Optional) Specifies that the RADIUS server is used only for authentication purposes. If neither the authentication nor the accounting options are specified, the RADIUS server is used for both accounting and authentication purposes. accounting (Optional) Specifies that the RADIUS server is used only for accounting purposes. If neither the authentication nor the accounting options are specified, the RADIUS server is used for both accounting and authentication purposes. timeout seconds (Optional) Specifies the time interval that the ACE waits for the RADIUS server to reply to an authentication request before retransmitting a request. Valid entries are from 1 to 60 seconds. The default is 1 second. retransmit count (Optional) Specifies the number of times that the ACE retransmits an authentication request to a timed-out RADIUS server before declaring the server to be unresponsive and contacting the next server in the group. Valid entries are from 1 to 5 attempts. The default is one attempt. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-399 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands If your RADIUS server uses a port other than 1812, use the auth-port keyword to configure the ACE for the appropriate port before starting the RADIUS service. The retransmit and timeout options override the global settings assigned for the specified server when you enter the radius-server retransmit and radius-server timeout commands. Examples To configure RADIUS server authentication parameters, enter: host1/Admin(config)# radius-server host 192.168.2.3 key HostKey host1/Admin(config)# radius-server host 192.168.2.3 key 7 secret_1256 host1/Admin(config)# radius-server host 192.168.2.3 auth-port 1645 host1/Admin(config)# radius-server host 192.168.2.3 acct-port 1646 host1/Admin(config)# radius-server host 192.168.2.3 authentication host1/Admin(config)# radius-server host 192.168.2.3 accounting host1/Admin(config)# radius-server host 192.168.2.3 timeout 25 host1/Admin(config)# radius-server host 192.168.2.3 retransmit 3 To revert to a default RADIUS server authentication setting, enter: host1/Admin(config)# no radius-server host 192.168.2.3 acct-port 1646 Related Commands show aaa (config) aaa group server (config) radius-server attribute nas-ipaddr2-400 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) radius-server key To globally configure an authentication key for communication between the ACE and the Remote Authentication Dial-In User Service (RADIUS) daemon running on each RADIUS server, use the radius-server key command. Use the no form of this command to remove the global RADIUS server key setting from the configuration. radius-server key {shared_secret | 0 shared_secret | 7 shared_secret} no radius-server key {shared_secret | 0 shared_secret | 7 shared_secret} Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The key is a text string that must match the encryption key used on the RADIUS server. RADIUS keys are always stored in encrypted form in persistent storage on the ACE. This global key will be applied to those RADIUS servers in a named server group for which a shared secret is not individually configured by the (config) radius-server host command. Examples To globally configure an authentication key to be sent in encrypted text (indicated by 7) to the RADIUS server, enter: host1/Admin(config)# radius-server key 7 abe4DFeeweo00o To delete the key, enter: host1/Admin(config)# no radius-server key 7 abe4DFeeweo00o shared_secret Key used to authenticate communication between the RADIUS client and the server. The shared secret must match the one configured on the RADIUS server. Enter the shared secret as a case-sensitive string with no spaces and a maximum of 63 alphanumeric characters. 0 Configures a key specified in clear text (indicated by 0) to authenticate communication between the RADIUS client and server. 7 Configures a key specified in encrypted text (indicated by 7) to authenticate communication between the RADIUS client and server. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-401 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands show aaa (config) aaa group server (config) radius-server host (config) radius-server retransmit To globally change the number of times that the ACE sends an authentication request to a Remote Authentication Dial-In User Service (RADIUS) server, use the radius-server retransmit command. Use the no form of this command to revert to the default of one transmission attempt. radius-server retransmit count no radius-server retransmit count Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE applies this global retransmission value to those RADIUS servers for which a value is not individually configured by the (config) radius-server host command. If all servers in the group are unavailable for authentication and accounting, the ACE tries the local database if you configure a local fallback method by entering the aaa authentication login or the aaa accounting default commands. If you do not have a fallback method, the ACE continues to contact one of the AAA servers listed in the server group. Examples To globally configure the number of retransmissions to 3, enter: host1/Admin(config)# radius-server retransmit 3 To revert to the default of one transmission attempt, enter: host1/Admin(config)# no radius-server retransmit 3 count Number of times that the ACE attempts to connect to a RADIUS server(s) before trying to contact the next available server. Enter an integer from 1 to 5. The default is 1. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-402 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands show aaa (config) aaa group server (config) radius-server host (config) radius-server timeout To globally change the time interval that the ACE waits for the Remote Authentication Dial-In User Service (RADIUS) server to reply before retransmitting an authentication request to the RADIUS server, use the radius-server timeout command. Use the no form of this command to revert to the default of one second between transmission attempts. radius-server timeout seconds no radius-server timeout seconds Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE applies this global timeout value to those RADIUS servers for which a timeout value is not individually configured by the (config) radius-server host command. Examples To globally configure the timeout value to 30 seconds, enter: host1/Admin(config)# radius-server timeout 30 To revert to the default of one second between transmission attempts, enter: host1/Admin(config)# no radius-server timeout 30 Related Commands show aaa (config) aaa group server seconds Time in seconds between retransmissions to the RADIUS server. Enter an integer from 1 to 60 seconds. The default is 1 second. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-403 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) radius-server host (config) regex compilation-timeout (ACE appliance only) To configure the timeout for regex compilation, use the regex compilation-timeout command. When you configure a regex and its compilation is longer than the configured timeout, the ACE stops the regex compilation. Use the no form of this command to revert to the default of 60 minutes. regex compilation-timeout minutes no regex compilation-timeout Syntax Description Command Modes Configuration mode Admin context Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. This command is applicable across all contexts. Examples To configure a compilation timeout of 80 minutes, enter the following command: host/Admin(config)# regex compilation-timeout 80 To reset the regex compilation timeout to the default value of 60 minutes, enter the following command: host/Admin(config)# no regex compilation-timeout Related Commands This command has no related commands. minutes Timeout value in minutes. Enter an integer from 1 to 500. The default timeout is 60 minutes. ACE Appliance Release Modification A3(2.7). Not applicable for A4(1.0) and A4(2.0). This command was introduced.2-404 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) resource-class Caution The no resource-class command will remove all resources from any context to which the specified resource class is assigned. Be sure that you want to do this before you enter the command. To create a resource class and enter resource configuration mode, use the resource-class command. The CLI prompt changes to (config-resource). Configure a resource class to limit the use of system resources by one or more contexts. Use the no form of this command to remove the resource-class setting. resource-class name no resource-class name Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Use a resource class to allocate and limit system resources among contexts in your ACE. The default resource class allocates 100 percent of all configurable system resources to each context. By creating a resource class, you can prevent oversubscription by limiting the percentage of resources available to each context. After you create and configure a resource class, use the (config-context) member command in context configuration mode to assign a context to the class. To use the stickiness feature, you must allocate a minimum percentage of resources to the feature. Otherwise, stickiness will not work. For more details, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in the resource configuration mode, see the “Resource Configuration Mode Commands” section. name Name assigned to the resource class. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. You can also use the resource class called default. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-405 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To create a resource class called RC1, enter: host1/C1(config)# resource-class RC1 host1/C1(config-resource) To remove the resource class from the configuration, enter: host1/C1(config)# no resource-class RC1 Related Commands show resource allocation show resource usage show user-account show users (config-context) member (config) role To assign a user role to a user and enter role configuration mode, use the role command. The CLI prompt changes to (config-role). User roles determine the privileges that a user has, the commands that a user can enter, and the actions that a user can perform in a particular context. You can apply the roles that you create only in the context in which you create them. See the “Role Configuration Mode Commands” section for details. Use the no form of this command to remove the user role assignment. role name no role name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. name Identifier associated with a user role. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-406 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands If you do not assign a user role to a new user, the default user role is Network-Monitor. For users that you create in the Admin context, the default scope of access is the entire device. For users that you create in other contexts, the default scope of access is the entire context. If you need to restrict a user’s access, you must assign a role-domain pair using the (config) username command. For information about the commands in the role configuration mode, see the “Role Configuration Mode Commands” section. For information about configuring roles and assigning them to users, see the Virtualization Guide, Cisco ACE Application Control Engine Examples To assign a role, enter: host1/C1(config)# role TECHNICIAN host1/C1(config-role)# To remove the role from the configuration, enter: host1/C1(config)# no role TECHNICIAN Related Commands show role show user-account show users (config) username (config) rserver To create a real server for server load balancing (SLB) and enter real server configuration mode, use the rserver command. The CLI prompt changes to (config-host-rserver) or (config-redirect-rserver), depending on the type of real server that you create. You can create a maximum of 16,384 real servers. Use the no form of this command to remove the real server from the configuration. rserver [host | redirect] name no rserver [host | redirect] name Syntax Description host (Optional) Specifies a typical real server that provides content and services to clients. This is the default setting. For details on the commands in real server host configuration mode, see the “Real Server Host Configuration Mode Commands” section. redirect (Optional) Specifies a real server used to redirect traffic to a new location as specified in the relocn-string argument of the webhost-redirection command. For details on the commands in real server redirect configuration mode, see the “Real Server Redirect Configuration Mode Commands” section. name Identifier for the real server. Enter an unquoted text string with no spaces and maximum of 64 alphanumeric characters.2-407 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the rserver feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. All servers in a server farm must be of the same type: host or redirect. You can create a maximum of 4096 real servers in each ACE. Examples To create a real server of type host, enter: host1/Admin(config)# rserver server1 To remove the real server of type host from the configuration, enter: host1/Admin(config)# no rserver server1 Related Commands (config-rserver-redir) webhost-redirection clear rserver show rserver (config) script file name To load a script into memory on the ACE and enable it for use, use the script file name command. Use the no form of this command to remove a script from memory and the running configuration. script file name script_name no script file name script_name Syntax Description Command Modes Configuration mode Admin and user contexts ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. script_name Name of the script on the disk0: filesystem. The script name must be unique across the context. You will use the filename when you configure the probe.2-408 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To run a script or create a health probe using a script, you must see the script name, not the script file from which the script was loaded. Examples To load a script into memory, enter: host1/Admin(config)# script file name ftp1.tcl To remove the script, enter: host1/Admin(config)# no script file name ftp1.tcl Related Commands show script (config) serverfarm To create a new server farm or modify an existing server farm and enter the serverfarm configuration mode, use the serverfarm command. You can configure a maximum of 4096 server farms on each ACE. Use the no form of this command to remove the server farm from the configuration. serverfarm [host | redirect] name no serverfarm [host | redirect] name Syntax Description ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. host (Optional) Specifies a typical server farm that consists of real servers that provide content and services to clients. This is the default. For details on the commands in the serverfarm host configuration mode, see the “Server Farm Host Configuration Mode Commands” section. redirect (Optional) Specifies that the server farm consist only of real servers that redirect client requests to alternate locations specified by the relocation string or port number in the real server configuration. For details on the commands in the serverfarm redirect host configuration mode, see the “Server Farm Redirect Configuration Mode Commands” section. name Unique identifier of the server farm. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.2-409 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the server-farm feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. After you create a server farm, you configure the other server farm attributes and add real servers to the farm. You can configure a maximum of 4096 server farms in each ACE. Examples To create a server farm of type host called SFARM1, enter: host1/Admin(config)# serverfarm SFARM1 host1/Admin(config-sfarm-host)# To remove a server farm called SFARM1, enter: host1/Admin(config)# no serverfarm SFARM1 host1/Admin(config-sfarm-host)# Related Commands (config-rserver-redir) webhost-redirection clear serverfarm show serverfarm (config) service-policy To apply a previously created policy map and attach the traffic policy to a specific VLAN interface or globally to all VLAN interfaces in the same context, use the service-policy command. Use the no form of this command to remove a service policy. service-policy input policy_name no service-policy input policy_name ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-410 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Note the following when creating a service policy: • Policy maps, applied globally in a context, are internally applied on all interfaces existing in the context. • You can apply the policy in an input direction only. • A policy activated on an interface overwrites any specified global policies for overlapping classification and actions. • The ACE allows only one policy of a specific feature type to be activated on a given interface. Examples To specify an interface VLAN and apply the Layer 3 and Layer 4 SLB policy map to the VLAN, enter: host1/C1(config)# interface vlan50 host1/C1(config-if)# mtu 1500 host1/C1(config-if)# ip address 172.20.1.100 255.255.0.0 host1/C1(config-if)# service-policy input L4SLBPOLICY To globally apply the Layer 3 and Layer 4 SLB policy map to the entire context: host1/C1(config)# service-policy input L4SLBPOLICY To globally detach a traffic policy from a context, enter: host1/C1(config)# no service-policy input L4SLBPOLICY Related Commands clear service-policy show service-policy (config-if) service-policy input input Specifies that the traffic policy is to be attached to the input direction of an interface. The traffic policy evaluates all traffic received by that interface. policy_name Name of a previously defined policy map, configured with a previously created policy-map command. The name can be a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-411 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) shared-vlan-hostid To configure a specific bank of MAC addresses for an ACE, use the shared-vlan-hostid command. Use the no form of this command to remove a configured bank of MAC addresses. shared-vlan-hostid number no shared-vlan-hostid Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When contexts share a VLAN, the ACE assigns a different MAC address to the VLAN on each context. The MAC addresses reserved for shared VLANs are 0x001243dc6b00 to 0x001243dcaaff, inclusive. All ACE ACEs derive these addresses from a global pool of 16k MAC addresses. This pool is divided into 16 banks, each containing 1,024 addresses. An ACE supports only 1,024 shared VLANs, and would use only one bank of MAC addresses out of the pool. By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACE ACEs in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank and use the same MAC addresses. To avoid this conflict, you need to configure the bank that the ACEs will use. Examples To configure bank 2 of MAC addresses, enter: host1/Admin(config)# shared-vlan-hostid 2 To remove the configured bank of MAC addresses, enter: host1/Admin(config)# no shared-vlan-hostid number Bank of MAC addresses that the ACE uses. Enter a number from 1 to 16. Be sure to configure different bank numbers for multiple ACEs. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-412 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands (config) arp (config) peer shared-vlan-hostid (config) snmp-server community To create or modify Simple Network Management Protocol (SNMP) community names and access privileges, use the snmp-server community command. Each SNMP device or member is part of a community. An SNMP community determines the access rights for each SNMP device. SNMP uses communities to establish trust between managers and agents. Use the no form of this command to remove an SNMP community. snmp-server community community_name [group group_name | ro] no snmp-server community community_name [group group_name | ro] Syntax Description Command Modes Configuration mode Admin and user contexts Caution If you change the SNMP engine ID for an Admin or user context, all configured SNMP users become invalid. You must recreate all SNMP users by using the snmp-server community command in configuration mode. Command History community_name SNMP community name for this system. Enter an unquoted text string with no space and a maximum of 32 alphanumeric characters. group group_name (Optional) Identifies the role group to which the user belongs. Enter Network-Monitor, the default group name and the only role that is supported. Note Only network monitoring operations are supported through the ACE implementation of SNMP. In this case, all SNMP users are automatically assigned the system-defined default group of Network-Monitor. For details on creating users, see the Virtualization Guide, Cisco ACE Application Control Engine. ro (Optional) Allows read-only access for this community. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-413 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. After you create or modify a community, all SNMP devices assigned to that community as members have the same access rights (as described in RFC 2576). The ACE allows read-only access to the MIB tree for devices included in this community. The read-only community string allows a user to read data values, but prevents that user from modifying modify the data. SNMP communities are applicable only for SNMPv1 and SNMPv2c. SNMPv3 requires user configuration information such as specifying the role group that the user belongs to, authentication parameters for the user, authentication password, and message encryption parameters. Examples To specify an SNMP community called SNMP_Community1, which is a member of the user group, with read-only access privileges for the community, enter: host1/Admin(config)# snmp-server community SNMP_Community1 group Network-Monitor To remove an SNMP community, enter: host1/Admin(config)# no snmp-server community SNMP_Community1 group Network-Monitor Related Commands (config) snmp-server host2-414 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) snmp-server contact To specify the contact information for the Simple Network Management Protocol (SNMP) system, use the snmp-server contact command. You can specify information for only one contact name. Use the no form of this command to remove an SNMP contact. snmp-server contact contact_information no snmp-server contact Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can specify only one contact name per SNMP system. Examples To specify SNMP system contact information, enter: host1/Admin(config)# snmp-server contact “User1 user1@cisco.com” To remove the specified SNMP contact information, enter: host1/Admin(config)# no snmp-server contact Related Commands (config) snmp-server host contact_information SNMP contact information for this system. Enter a text string with a maximum of 240 alphanumeric characters, including spaces. If the string contains more than one word, enclose the string in quotation marks (“ ”). You can include information on how to contact the person; for example, you can include a phone number or an e-mail address. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-415 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) snmp-server enable traps To enable the ACE to send Simple Network Management Protocol (SNMP) traps and informs to the network management system (NMS), use the snmp-server enable traps command. This command enables both traps and inform requests for the specified notification types. Use the no form of this command to disable the sending of SNMP traps and inform requests. snmp-server enable traps [notification_type [notification_option]] no snmp-server enable traps [notification_type [notification_option]] Syntax Description Command Modes Configuration mode notification_type (Optional) Type of notification to enable. If no type is specified, the ACE sends all notifications. Specify one of the following keywords: • license—Sends SNMP license manager notifications. This keyword appears only in the Admin context. • slb—Sends server load-balancing notifications. When you specify the slb keyword, you can specify a notification_option value. • snmp—Sends SNMP notifications. When you specify the snmp keyword, you can specify a notification_option value. • syslog—Sends error message notifications (Cisco Syslog MIB). Specify the level of messages to be sent with the logging history command. • virtual-context—Sends virtual context change notifications. This keyword appears only in the Admin context. notification_option (Optional) One of the following SNMP notifications to enable: • When you specify the snmp keyword, specify the authentication, coldstart, linkdown, or linkup keyword to enable SNMP notifications. This selection generates a notification if the community string provided in SNMP request is incorrect, or when a VLAN interface is either up or down. The coldstart keyword appears only in the Admin context. • When you specify the slb keyword, specify the real, serverfarm, or vserver keyword to enable server load-balancing notifications. This selection generates a notification if one of the following occurs: – The real server changes state (up or down) due to such occurrences as user intervention, ARP failures, and probe failures. – The virtual server changes state (up or down). The virtual server represents the servers behind the content switch in the ACE to the outside world and consists of the following attributes: destination address (can be a range of IP addresses), protocol, destination port, incoming VLAN.2-416 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Admin and user contexts Command History Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The notification types used in the snmp-server enable traps command all have an associated MIB object that globally enables or disables them. However, not all of the notification types available in the snmp-server host command have notificationEnable MIB objects, so some of the notification types cannot be controlled using the snmp-server enable traps command. To configure the ACE to send the SNMP notifications, specify at least one snmp-server enable traps command. To enable multiple types of notifications, you must enter a separate snmp-server enable traps command for each notification type and notification option. If you enter the command without any keywords, the ACE enables all notification types and traps. The snmp-server enable traps command is used with the snmp-server host command. The snmp-server host command specifies which host receives the SNMP notifications. To send notifications, you must configure at least one SNMP server host. (ACE appliance only) The supported SNMP notifications (traps) in the CISCO-ENHANCED-SLB-MIB for the serverfarm option are as follows: • esRealServerStateUpRev1 State of a real server configured in a server farm is up due to user intervention.The notification is sent with the following varbinds: – cesRealServerName – cesServerFarmRserverBackupPort – cesServerFarmName – cesServerFarmRserverAdminStatus – cesServerFarmRserverOperStatus – cesRserverIpAddressType – cesRserverIpAddress – cesServerFarmRserverDescr • cesRealServerStateDownRev1 State of a real server configured in a server farm is down due to user intervention. The notification is sent with the following varbinds: – cesRealServerName – cesServerFarmRserverBackupPort – cesServerFarmName – cesServerFarmRserverAdminStatus ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced. A3(2.4) The serverfarm option was added to this command.2-417 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands – cesServerFarmRserverOperStatus – cesServerFarmRserverStateDescr – cesRserverIpAddressType – cesRserverIpAddress – cesServerFarmRserverDescr • cesRealServerStateChangeRev1 State of a real server configured in a server farm changed to a new state as a result of something other than a user intervention. This notification is sent for situations such as ARP failures, probe failures, and so on. The notification is sent with the following varbinds: – cesRealServerName – cesServerFarmRserverBackupPort – cesServerFarmName – cesServerFarmRserverAdminStatus – cesServerFarmRserverOperStatus – cesServerFarmRserverStateDescr – cesRserverIpAddressType – cesRserverIpAddress – cesProbeName – cesServerFarmRserverDescr Examples To enable the ACE to send server load-balancing traps to the host myhost.cisco.com using the community string public, enter: host1/Admin(config)# snmp-server host myhost.cisco.com host1/Admin(config)# snmp-server community SNMP_Community1 group Network-Monitor host1/Admin(config)# snmp-server enable traps slb real To disable SNMP server notifications, enter: host1/Admin(config)# no snmp-server enable traps slb real Related Commands (config) snmp-server host2-418 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) snmp-server engineid To configure the SNMP engine ID for an ACE context, use the snmp-server engineid command. Use the no form of this command to reset the default engine ID for the context. snmp-server engineid number no snmp-server engineid number Syntax Description Command Modes Configuration mode Admin and user contexts Caution If you change the SNMP engine ID for an Admin or user context, all configured SNMP users become invalid and all SNMP communities are deleted. You must recreate all SNMP users by using the snmp-server user command in configuration mode. You must recreate all SNMP communities by using the snmp-server community command in configuration mode. Command History Usage Guidelines The ACE allows you to configure an SNMP engine ID for the Admin or user context. By default, the ACE automatically creates an SNMP engine ID for the Admin context and each user context. The SNMP engine represents a logically separate SNMP agent. The IP address for an ACE context provides access to only one SNMP engine ID. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Examples To configure an engine ID 88439573498573888843957349857388 for the Admin context, enter: host1/Admin(config)# snmp-server engineID 88439573498573888843957349857388 To reset the default engine ID for the Admin context, enter: host1/Admin(config)# no snmp-server engineID contact_information SNMPv3 engine ID that you want to configure. Enter a range of 10 to 64 hexadecimal digits. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(2.3) This command was introduced.2-419 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To display the engine ID for a context, use the show snmp engineID command in Exec mode for the context. For example, to display the engine ID for the Admin context, enter: host1/Admin# show snmp engineID Related Commands (config) snmp-server host (config) snmp-server community (config) snmp-server user2-420 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) snmp-server host To specify which host receives Simple Network Management Protocol (SNMP) notifications, use the snmp-server host command. To send notifications, you must configure at least one SNMP host using the snmp-server host command. Use the no form of this command to remove the specified host. snmp-server host host_address [informs | traps] [version {1 | 2c | {3 auth | noauth | priv}] community-string_username [udp-port number] no snmp-server host host_address [informs | traps] [version {1 | 2c | {3 auth | noauth | priv}] community-string_username [udp-port number] Syntax Description Command Modes Configuration mode Admin and user contexts Command History host_address IP address of the host (the targeted recipient). Enter the address in dotted-decimal IP notation (for example, 192.168.11.1). informs (Optional) Sends SNMP inform requests to the identified host, which allows for manager-to-manager communication. Inform requests can be useful when you need more than one NMS in the network. traps (Optional) Sends SNMP traps to the identified host. An agent uses a trap to tell the NMS that a problem has occurred. The trap originates from the agent and is sent to the trap destination, as configured within the agent itself. The trap destination is typically the IP address of the NMS. version (Optional) Specifies the version of SNMP used to send the traps. SNMPv3 is the most secure model because it allows packet encryption with the priv keyword. 1 Specifies SNMPv1. 2c Specifies SNMPv2C. 3 Specifies SNMPv3. auth Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication. noauth Specifies the noAuthNoPriv security level. priv Enables Data Encryption Standard (DES) packet encryption (privacy). community-string_username SNMP community string or username with the notification operation to send. Enter an unquoted text string with no space and a maximum of 32 alphanumeric characters. udp-port number (Optional) Specifies the port UDP port of the host to use. The default is 162. Enter a number from 0 to 65535. ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-421 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE supports a maximum of 10 SNMP hosts per context. Examples To specify the recipient of an SNMP notification, enter: host1/Admin(config)# snmp-server host 192.168.1.1 traps version 2c abcddsfsf udp-port 500 To remove the specified host, enter: host1/Admin(config)# no snmp-server host 192.168.1.1 traps version 2c abcddsfsf udp-port 500 Related Commands (config) snmp-server enable traps (config) snmp-server location To specify the Simple Network Management Protocol (SNMP) system location, use the snmp-server location command. You can specify only one location. Use the no form of this command to remove the SNMP system location. snmp-server location location no snmp-server location Syntax Description Command Modes Configuration mode Admin and user contexts Command History ACE Appliance Release Modification A1(7) This command was introduced. location Physical location of the system. Enter a text string with a maximum of 240 alphanumeric characters, including spaces. If the string contains more than one word, enclose the string in quotation marks (“ ”). ACE Module Release Modification 3.0(0)A1(2) This command was introduced.2-422 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. You can specify only one location per SNMP system. Examples To specify SNMP system location information, enter: host1/Admin(config)# snmp-server location “Boxborough MA” To remove the specified SNMP system location information, enter: host1/Admin(config)# no snmp-server location Related Commands (config) snmp-server community (config) snmp-server trap link ietf To instruct the ACE to send the linkUp and linkDown traps with the IETF standard IF-MIB (RFC 2863) variable bindings that consist of ifIndex, ifAdminStatus, and ifOperStatus, use the snmp-server trap link ietf command. Use the no form of this command to revert to the Cisco implementation of linkUp and linkDown traps. snmp-server trap link ietf no snmp-server trap link ietf Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History ACE Appliance Release Modification A1(7) This command was introduced. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-423 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. By default, the ACE sends the Cisco implementation of linkUp and linkDown traps to the NMS. The ACE sends the Cisco Systems IF-MIB variable bindings that consist of ifIndex, ifAdminStatus, ifOperStatus, ifName, ifType, clogOriginID, and clogOriginIDType. You can configure the ACE to send the IETF standards-based implementation for linkUp and linkDown traps (as outlined in RFC 2863). The Cisco var-binds are sent by default. To receive RFC 2863-compliant traps, you must specify the snmp-server trap link ietf command. Examples To configure the linkUp and linkDown traps to be compliant with RFC 2863, enter: host1/Admin(config)# snmp-server trap link ietf To revert to the Cisco implementation of linkUp and linkDown traps, enter: host1/Admin(config)# no snmp-server trap link ietf Related Commands (config) snmp-server enable traps (config) snmp-server trap-source vlan To specify the use of the IP address configured on a VLAN as the trap-source address in the SNMPv1 trap PDU, use the snmp-server trap-source vlan command. If the VLAN interface does not contain a valid IP address, the sending of notifications fails for SNMPv1 traps. Use the no form of this command to remove the specified VLAN as the source address in the SNMPv1 trap PDU and reset the default behavior. snmp-server trap-source vlan number no snmp-server trap-source vlan number Syntax Description Command Modes Configuration mode Admin and user contexts Command History number VLAN number of the configured interface. Enter a value from 2 to 4094 for an existing VLAN. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-424 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines By default, the ACE uses the trap source IP address from the internal routing table, depending on the destination host address, where the ACE will send the notification. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. (ACE appliance only) The ACE restricts you from selecting the VLAN number of the FT VLAN interface that has been specified between redundant ACE appliances as the trap source address contained in the SNMP v1 trap PDU. Examples To specify VLAN 50 in the VLAN interface as the source address in the SNMPv1 trap PDUs, enter: host1/Admin(config)# snmp-server trap-source vlan 50 To remove the specified VLAN as the source address in the SNMPv1 trap PDU and reset the default behavior, enter: host1/Admin(config)# no snmp-server trap-source Related Commands (config) snmp-server enable traps (config) snmp-server unmask-community To unmask the snmpCommunityName and snmpCommunitySecurityName OIDs of the SNMP-COMMUNITY-MIB, use the snmp-server unmask-community command. By default, these OIDs are masked. Use the no form of this command to mask these OIDs. snmp-server unmask-community no snmp-server unmask-community Syntax Description This command has no keywords or arguments. Command Modes Configuration mode Admin and user contexts Command History A3(2.1) You can no longer select the VLAN number of the FT VLAN interface that has been specified between redundant ACE appliances as the trap source address contained in the SNMP v1 trap PDU. ACE Appliance Release Modification ACE Module Release Modification A2(1.5) This command was introduced.2-425 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To assign multiple roles to a user, enter multiple snmp-server user commands. You can create a maximum of 28 SNMP users for each context. User configuration through the snmp-server user command is applicable only for SNMPv3; SNMPv1 and SNMPv2c use a community string match for user authentication. The ACE synchronizes the interactions between a user created with the username command and the same user specified using the snmp-server user command; updates made to a user configuration in the ACE CLI are automatically reflected in the SNMP server. For example, when you delete a user, the user is automatically deleted from both the SNMP server and the CLI. In addition, user-role mapping changes are synchronized in SNMP and CLI. Only network monitoring operations are supported through the ACE implementation of SNMP where all SNMP users are automatically assigned to the system-defined default group of Network-Monitor. Examples To set the user information, enter: host1/Admin# config Enter configuration commands, one per line. End with CNTL/Z host1/Admin(config)# snmp-server user joe Network-Monitor auth sha abcd1234 host1/Admin(config)# snmp-server user sam Network-Monitor auth md5 abcdefgh host1/Admin(config)# snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh To disable the SNMP user configuration or to remove an SNMP user, enter: host1/Admin(config)# no snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh Related Commands This command has no related commands. (config) snmp-server user To configure Simple Network Management Protocol (SNMP) user information, use the snmp-server user command. Use the no form of this command to disable the SNMP user configuration or to remove an SNMP user. snmp-server user user_name [group_name] [auth {md5 | sha} password1 [priv [aes-128] password2] [localizedkey]] no snmp-server user user_name [group_name] [auth {md5 | sha} password1 [priv [aes-128] password2] [localizedkey]] ACE Appliance Release Modification A3(2.3) This command was introduced.2-426 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Syntax Description user_name Username. Enter an unquoted text string with no spaces and a maximum of 24 alphanumeric characters. group_name • (Optional) User role group to which the user belongs. Enter Network-Monitor, the default group name and the only role that is supported. Note Only network monitoring operations are supported through the ACE implementation of SNMP. In this case, all SNMP users are automatically assigned the system-defined default group of Network-Monitor. For details on creating users, see the Virtualization Guide, Cisco ACE Application Control Engine. auth (Optional) Sets authentication parameters for the user. Authentication determines that the message is from a valid source. md5 Specifies the HMAC Message Digest 5 (MD5) encryption algorithm for user authentication. sha Specifies the HMAC Secure Hash Algorithm (SHA) encryption algorithm for user authentication. password1 User authentication password. Enter an unquoted text string with no space and a maximum of 130 alphanumeric characters. The ACE automatically synchronizes the SNMP authentication password as the password for the CLI user. The ACE supports the following special characters in a password: , . / = + - ^ @ ! % ~ # $ * ( ) Note that the ACE encrypts clear text passwords in the running-config. priv (Optional) Specifies encryption parameters for the user. The priv option and the aes-128 option indicate that this privacy password is for generating a 128-bit AES key. aes-128 (Optional) Specifies the 128-byte Advanced Encryption Standard (AES) algorithm for privacy. AES is a symmetric cipher algorithm and is one of the privacy protocols for SNMP message encryption. It conforms with RFC 3826. password2 Encryption password for the user. The AES priv password can have a minimum of eight alphanumeric characters. If the passphrases are specified in clear text, you can specify a maximum of 64 alphanumeric characters. If you use the localized key, you can specify a maximum of 130 alphanumeric characters. Spaces are not allowed. The ACE supports the following special characters in a password: , . / = + - ^ @ ! % ~ # $ * ( ) Note that the ACE encrypts clear text passwords in the running-config. localizedkey (Optional) Specifies that the password is in a localized key format for security encryption.2-427 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Note If you change the SNMP engine ID for an Admin or user context, all configured SNMP users become invalid. You must recreate all SNMP users by using the snmp-server user command in configuration mode. Command History Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To assign multiple roles to a user, enter multiple snmp-server user commands. You can create a maximum of 28 SNMP users for each context. User configuration through the snmp-server user command is applicable only for SNMPv3; SNMPv1 and SNMPv2c use a community string match for user authentication. The ACE synchronizes the interactions between a user created with the username command and the same user specified using the snmp-server user command; updates made to a user configuration in the ACE CLI are automatically reflected in the SNMP server. For example, when you delete a user, the user is automatically deleted from both the SNMP server and the CLI. In addition, user-role mapping changes are synchronized in SNMP and CLI. Only network monitoring operations are supported through the ACE implementation of SNMP where all SNMP users are automatically assigned to the system-defined default group of Network-Monitor. Examples To set the user information, enter: host1/Admin# config Enter configuration commands, one per line. End with CNTL/Z host1/Admin(config)# snmp-server user joe Network-Monitor auth sha abcd1234 host1/Admin(config)# snmp-server user sam Network-Monitor auth md5 abcdefgh host1/Admin(config)# snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh To disable the SNMP user configuration or to remove an SNMP user, enter: host1/Admin(config)# no snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh Related Commands (config) snmp-server community ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-428 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) ssh key To generate the Secure Shell (SSH) private key and the corresponding public key for use by the SSH server, use the ssh key command. Use the no form of this command to remove an SSH key pair. ssh key {dsa | rsa | rsa1} [bits [force]] no ssh key {dsa | rsa | rsa1} Syntax Description Command Modes Configuration mode Admin context only Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. Before you generate the key, set the hostname. This setting is used in the generation of the key. The global administrator performs the key generation in the Admin context. All contexts associated with the ACE share the common key. There is only a single host-key pair. If you are the administrator or another user authorized in the Admin context, use the changeto command in exec mode to move to the Admin context. An administrator can perform all allowable functions within the Admin context. Ensure that you have an SSH host key pair with the appropriate version before you enable the SSH service. The SSH service accepts three types of key pairs for use by SSH versions 1 and 2. Generate the SSH host key pair according to the SSH client version used. dsa Generates the DSA key pair for the SSH version 2 protocol. rsa Generates the RSA key pair for the SSH version 2 protocol. rsa1 Generates the RSA1 key pair for the SSH version 1 protocol. bits (Optional) Number of bits for the key pair. For DSA, enter an integer from 768 to 2048. For RSA and RSA1, enter an integer from 768 to 4096. The greater the number of bits that you specify, the longer it takes to generate the key. The default is 1024. force (Optional) Forces the generation of a DSA or RSA key even when previous keys exist. If the SSH key pair option is already generated for the required version, use the force option to overwrite the previously generated key pair. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-429 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To generate an RSA1 key pair in the Admin context, enter: host1/Admin(config)# ssh key rsa1 768 generating rsa1 key(768 bits)..... . generated rsa1 key To remove the SSH host key pair, enter: host1/Admin(config)# no ssh key rsa1 Related Commands (config) ssh maxsessions (config-cmap-mgmt) match protocol (config) ssh maxsessions To control the maximum number of Secure Shell (SSH) sessions allowed for each context, use the ssh maxsessions command. By default, the ACE supports four concurrent SSH management sessions for each user context and 16 concurrent SSH management sessions for the Admin context. Use the no form of this command to revert to the default number of SSH sessions. ssh maxsessions max_sessions no ssh maxsessions Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE supports a total maximum of 256 concurrent SSH sessions. max_sessions Maximum number of concurrent SSH sessions allowed for the associated context. The range is from 1 to 4 SSH sessions per user context and from 1 to 16 SSH sessions for the Admin context. The defaults are 4 (user context) and 16 (Admin context). ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-430 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Examples To set the maximum number of concurrent SSH sessions in the Admin context to 3, enter: host1/Admin(config)# ssh maxsessions 3 To revert to the default of 16 SSH sessions for the Admin context, enter: host1/Admin(config)# no ssh maxsessions Related Commands (config) ssh key (config-cmap-mgmt) match protocol (config) ssl-proxy service To create a Secure Sockets Layer (SSL) proxy service, use the ssl-proxy service command. For SSL termination, you configure the ACE with an SSL proxy server service because the ACE acts as an SSL server. Once you create an SSL proxy service, the CLI enters into the ssl-proxy configuration mode, where you define each of the proxy service attributes that the ACE uses during the SSL handshake. Use the no form of this command to delete an existing SSL proxy service. ssl-proxy service pservice_name no ssl-proxy service pservice_name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. When you create a SSL proxy service, the CLI prompt changes to the ssl-proxy configuration mode, where you define the following SSL proxy service attributes: • Authentication group • Certificate • Key pair pservice_name Name of the SSL proxy service. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-431 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands • Chain group • Parameter map For information about the commands in SSL proxy configuration mode, see the “SSL Proxy Configuration Mode Commands” section. Examples To create the SSL proxy service PSERVICE_SERVER, enter: host1/Admin(config)# ssl-proxy service PSERVICE_SERVER host1/Admin(config-ssl-proxy)# To delete an existing SSL proxy service, enter: host1/Admin(config)# no ssl-proxy PSERVICE_SERVER Related Commands (config-ssl-proxy) cert (config-ssl-proxy) authgroup (config-ssl-proxy) chaingroup (config-ssl-proxy) key (config-ssl-proxy) ssl advanced-options (config) static (ACE module only) To configure the static NAT overwrite feature, use the static command. This feature allows a maximum number of 400 K static NATs. By default, the ACE allows you to configure a maximum 8 K static NAT configurations. Use the no form of this command to reset the default behavior. static vlan mapped_vlan_id vlan real_vlan_id mapped_ip_address {real_ip_address [netmask mask]} no static vlan mapped_vlan_id vlan real_vlan_id mapped_ip_address {real_ip_address [netmask mask]} Syntax Description mapped_vlan_id The VLAN ID of the interface connected to the mapped IP address network. In a context, the mapped interface must be the same in each static NAT configuration. real_vlan_id The VLAN ID of the interface connected to the real IP address network. mapped_ip_address The translated IP address for the real address. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). In a context, the mapped IP address must be different in each static NAT configuration. real_ip_address The real server IP address for translation. Enter an IP address in dotted-decimal notation (for example, 172.27.16.10). In a context, you must configure a different address for configurations that have the same real server interface. netmask mask (Optional) Specifies the subnet mask for the real server address. Enter a subnet mask in dotted-decimal notation (for example, 255.255.255.0).2-432 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. The ACE creates static connections that contain the NATs as soon as the configuration is applied. Because these connections exist before the packets are received, no ACL is required to permit flows that will be translated. When using the static command, consider the following restrictions: • The ACE supports this configuration only in routed mode. • The ACE allows only one mapped interface in a context. However, each static NAT configuration must have a different mapped IP address. • The ACE does not support bidirectional NAT, source address and destination address translation for the same flow. • You must limit the number of real server IP addresses on the same subnet as the real interface to less than 1 K. Also, limit the number of mapped IP addresses on the same subnet as the mapped interface to less than 1 K. • You must not configure more than one next-hop at any point on the mapped interface. It is not recommended that you configure MPC-based NAT for the same context in which you configure the static command. Examples To create a static NAT configuration for the mapped interface VLAN 176, real server interface VLAN 171, and real server IP address of 10.181.0.2 255.255.255.255 to be translated to the mapped address 5.6.7.4, enter: host1/C1(config)# static vlan 176 vlan 171 5.6.7.4 10.81.0.2 netmask 255.255.255.255 To remove this configuration, enter: host1/C1(config)# no static vlan 176 vlan 171 5.6.7.4 10.81.0.2 netmask 255.255.255.255 Related Commands show nat-fabric show running-config ACE Module Release Modification A2(1.0) This command was introduced.2-433 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) sticky http-content To create a sticky group for HTTP content stickiness, use the sticky http-content command. The prompt changes to the sticky HTTP content configuration mode (config-sticky-content). Use the no form of this command to remove the sticky group from the configuration. sticky http-content name no sticky http-content name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness. Otherwise, the feature will not work. For more information about allocating resources, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in sticky HTTP content configuration mode, see the “Sticky HTTP Content Configuration Mode Commands” section. Examples To create a sticky group for HTTP packet content stickiness, enter: host1/Admin(config)# sticky http-content HTTP_CONTENT_GROUP host1/Admin(config-sticky-content)# To remove the sticky group from the configuration, enter: host1/Admin(config)# no sticky http-content HTTP_CONTENT_GROUP Related Commands show running-config show sticky database name Unique identifier of the sticky group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.2-434 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) sticky http-cookie To configure the ACE to use HTTP cookies for stickiness and enter sticky cookie configuration mode, use the sticky http-cookie command. The CLI prompt changes to (config-sticky-cookie). The ACE uses the learned cookie to provide stickiness between a client and a server for the duration of a transaction. Use the no form of this command to remove the sticky group from the configuration. sticky http-cookie name1 name2 no sticky http-cookie name1 name2 Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness. Otherwise, the feature will not work. For more information about allocating resources, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in sticky cookie configuration mode, see the “Sticky HTTP Cookie Configuration Mode Commands” section. Examples To create a sticky group for cookie stickiness, enter: host1/Admin(config)# sticky http-cookie cisco.com GROUP3 To remove the sticky group from the configuration, enter: host1/Admin(config)# no sticky http-cookie cisco.com GROUP3 http-cookie name1 Specifies that the ACE learn the cookie value from the HTTP header of the client request or from the Set-Cookie message from the server. Enter a unique identifier for the cookie as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. name2 Unique identifier of the sticky group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-435 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Related Commands show running-config show sticky database2-436 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) sticky http-header To create an HTTP header sticky group to enable the ACE to stick client connections to the same real server based on HTTP headers, use the sticky http-header command. The prompt changes to the sticky-header configuration mode (config-sticky-header). Use the no form of this command to remove the sticky group from the configuration. sticky http-header name1 name2 no sticky http-header name1 name2 Syntax Description Command Modes Configuration mode Admin and user contexts name1 HTTP header name. Enter the HTTP header name as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. Alternatively, you can select one of the following standard headers: • Accept • Accept-Charset • Accept-Encoding • Accept-Language • Authorization • Cache-Control • Connection • Content-MD5 • Expect • From • Host • If-Match • Pragma • Referer • Transfer-Encoding • User-Agent • Via See the Server Load-Balancing Guide, Cisco ACE Application Control Engine for a definition of each standard header. name2 Unique identifier of the sticky group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.2-437 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Command History Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness. Otherwise, the feature will not work. For more information about allocating resources, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in HTTP sticky header configuration mode, see the “Sticky HTTP Header Configuration Mode Commands” section. Examples To create a group for HTTP header stickiness, enter: host1/Admin(config)# sticky http-header Host GROUP4 host1/Admin(config-sticky-header)# To remove the sticky group from the configuration, enter: host1/Admin(config)# no sticky http-header Host GROUP4 Related Commands show running-config show sticky database ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-438 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands (config) sticky ip-netmask To create a sticky group for IP address stickiness, use the sticky-ip netmask command. The prompt changes to the sticky-IP configuration mode (config-sticky-ip). You can create a maximum of 4096 sticky groups on an ACE. Use the no form of this command to remove the sticky group from the configuration. sticky ip-netmask netmask address {both | destination | source} name no sticky ip-netmask netmask address {both | destination | source} name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness. Otherwise, the feature will not work. For more information about allocating resources, see the Virtualization Guide, Cisco ACE Application Control Engine. netmask Network mask that the ACE applies to the IP address. Enter a network mask in dotted-decimal notation (for example, 255.255.255.0). address {both | destination | source} Specifies the IP address used for stickiness. Enter one of the following options after the address keyword: • both—Specifies that the ACE use both the source IP address and the destination IP address to stick the client to a server. • destination—Specifies that the ACE use the destination address specified in the client request to stick the client to a server. You typically use this keyword in caching environments. • source—Specifies that the ACE use the client source IP address to stick the client to a server. You typically use this keyword in web application environments. name Unique identifier of the sticky group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification 3.0(0)A1(2) This command was introduced. ACE Appliance Release Modification A1(7) This command was introduced.2-439 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands For information about the commands in sticky IP configuration mode, see the “Sticky IP Configuration Mode Commands” section. Examples To create a sticky group that uses IP address stickiness based on both the source IP address and the destination IP address, enter: host1/Admin(config)# sticky ip-netmask 255.255.255.0 address both GROUP1 host1/Admin(config-sticky-ip)# To remove the sticky group from the configuration, enter: host1/Admin(config)# no sticky ip-netmask 255.255.255.0 address both GROUP1 Related Commands show running-config show sticky database (config) sticky layer4-payload To create a sticky group for Layer 4 payload stickiness, use the sticky layer4-payload command. The prompt changes to the sticky Layer 4 payload configuration mode (config-sticky-l4payloa). Use the no form of this command to remove the sticky group from the configuration. sticky layer4-payload name no sticky layer4-payload name Syntax Description Command Modes Configuration mode Admin and user contexts Command History Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. name Unique identifier of the sticky group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification A2(1.0) This command was introduced. ACE Appliance Release Modification A3(1.0) This command was introduced.2-440 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness. Otherwise, the feature will not work. You can create a maximum of 4096 sticky groups on an ACE.For more information about allocating resources, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in sticky Layer 4 payload configuration mode, see the “Sticky Layer 4 Payload Configuration Mode Commands” section. Examples To create a sticky group that uses Layer 4 payload stickiness, enter: host1/Admin(config)# sticky layer4-payload L4_PAYLOAD_GROUP host1/Admin(config-sticky-l4payloa)# To remove the sticky group from the configuration, enter: host1/Admin(config)# no sticky layer4-payload L4_PAYLOAD_GROUP Related Commands show running-config show sticky database (config) sticky radius framed-ip To create a sticky group for RADIUS attribute stickiness, use the sticky radius framed-ip command. The prompt changes to the sticky RADIUS configuration mode (config-sticky-radius). Use the no form of this command to remove the sticky group from the configuration. sticky radius framed-ip [calling-station-id | username] name no sticky radius framed-ip [calling-station-id | username] name Syntax Description Command Modes Configuration mode Admin and user contexts Command History calling-station-id (Optional) Specifies stickiness based on the RADIUS framed IP attribute and the calling station ID attribute. username (Optional) Specifies stickiness based on the RADIUS framed IP attribute and the username attribute. name Unique identifier of the RADIUS sticky group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. ACE Module Release Modification A2(1.0) This command was introduced.2-441 Command Reference, Cisco ACE Application Control Engine OL-25339-01 Chapter 2 CLI Commands Configuration Mode Commands Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness. Otherwise, the feature will not work. For more information about allocating resources, see the Virtualization Guide, Cisco ACE Application Control Engine. For information about the commands in sticky RADIUS configuration mode, see the “Sticky RADIUS Configuration Mode Commands” section. Examples To create a sticky group for RADIUS attribute stickiness, enter: host1/Admin(config)# sticky radius framed-ip calling-station-id RADIUS_GROUP host1/Admin(config-sticky-radius)# To remove the sticky group from the configuration, enter: host1/Admin(config)# no sticky radius framed-ip calling-station-id RADIUS_GROUP Related Commands show running-config show sticky database (config) sticky rtsp-header To create an RTSP header sticky group to enable the ACE to stick client connections to the same real server based