|
|
This chapter contains an alphabetical listing of the Cisco 6510 Service Selection Gateway (Cisco 6510) configuration parameters. The description of each configuration parameter includes a brief description of its use and the syntax for entering parameter values.
To set a configuration parameter, enter the config set command followed by the parameter name and a parameter value.
For example, to set the AccountingIP1 configuration parameter, enter:
config set AccountingIP1 161.69.73.155
The following pages describe the Cisco 6510 configuration parameters. These parameters are used in conjunction with the commands described in "Command Reference."
This configuration parameter specifies the interface card from which the Cisco 6510 sends Remote Access Dial-In User Service (RADIUS) replies to the Cisco Service Selection Dashboard (Cisco SSD) web server (default: interface card 0).
config set AAAClientIF cardcard | Interface card from which the Cisco 6510 sends RADIUS replies (0, 1, 2). |
Use the AAAClientIF parameter to specify the interface card from which the Cisco 6510 sends RADIUS replies to the Cisco SSD web server.
SSG > config set AAAClientIF 2
This configuration parameter specifies how often the Cisco 6510 checks whether the active authentication and authorization (AA) server is operational.
config set AAFTCheckInterval intervalinterval | How often, in seconds, the Cisco 6510 checks whether the AA server is operational (default: 60). |
Use this parameter to specify how often the Cisco 6510 checks whether the AA server is operational.
This parameter is only used for fault tolerance. If there is only one AA server, this parameter will have no effect. If there are two AA servers and you want the Cisco 6510 to load-balance requests between the AA servers, set this value to 0. For more information, see the "Configuring AA Fault Tolerance Settings" section.
SSG > config set aaftcheckinterval 60
This configuration parameter specifies when the Cisco 6510 considers the AA server failed.
config set AAFTCheckThreshold thresholdthreshold | The threshold used to determine whether the AA server failed (default: 0.1). |
Use this parameter to specify when the Cisco 6510 considers the AA server failed.
For example, if this parameter is set to 0.1 and at least 1 reply is received for every 10 requests, the server is considered operational. Any lower ratio will cause a server switch.
This parameter is only used for fault tolerance. If there is only one AA server or there are two AA servers and AAFTCheckInterval is set to 0, this parameter will have no effect.
SSG > config set aaftcheckthreshold 0.1
This configuration parameter specifies the IP address of the first RADIUS authentication and authorization server.
config set AAIP1 ip_addressip_address | IP address of the primary RADIUS authentication and authorization server. |
Specifies the first IP address used for authentication and authorization.
When both AAIP1 and AAIP2 are configured, the AA authentication and authorization services can be set up for load balancing or fault tolerance. For more information, see the "Configuring AA Fault Tolerance Settings" section.
SSG > config set aaip1 171.69.73.151
This configuration parameter specifies the IP address of the second RADIUS authentication and authorization server (optional).
config set AAIP2 ip_addressip_address | IP address of the secondary RADIUS authentication and authorization server. |
Specifies the second IP address used for authentication and authorization.
When both AAIP1 and AAIP2 are configured, the AA authentication and authorization services can be set up for load balancing or fault tolerance. For more information, see the "Configuring AA Fault Tolerance Settings" section.
SSG > config set aaip2 171.69.73.152
This configuration parameter specifies the shared secret used for RADIUS communication between the Cisco 6510 and the RADIUS authentication, authorization, and accounting (AAA) server.
config set AAAPassword stringstring | Secret string used to authenticate the Cisco 6510 with the RADIUS AAA server. |
Use the AAAPassword parameter to specify the shared secret used for RADIUS communication between the Cisco 6510 and the RADIUS AAA server.
SSG > config set aaapassword aaa6510secret
SSG > secret aaapassword aaa6510secret
This configuration parameter specifies the IP address of the first RADIUS accounting server.
config set AccountingIP1 ip_addressip_address | First IP address for AAA accounting services. |
Specifies the first IP address used for accounting. When both AccountingIP1 and AccountingIP2 are configured, the Cisco 6510 sends all accounting requests to the first server (AccountingIP1). If the Cisco 6510 does not receive a response, it will send accounting requests to the second server (AccountingIP2).
SSG > config set accountingip1 175.63.73.250
This configuration parameter specifies the IP address of the second RADIUS accounting server (optional).
config set AccountingIP2 ip_addressip_address | Second IP address for AAA accounting services. |
Specifies the second IP address used for accounting. When both AccountingIP1 and AccountingIP2 are configured, the Cisco 6510 sends all accounting requests to the first server (AccountingIP1). If the Cisco 6510 does not receive a response, it will send accounting requests to the second server (AccountingIP2).
SSG > config set accountingip2 175.63.73.251
The AccountingRemotePort configuration parameter specifies the port on which the RADIUS server(s) connected to the Cisco 6510 listens for accounting packets.
config set AccountingRemotePort acct_portacct_port | Port on which the AAA server(s) connected to the Cisco 6510 listens for accounting packets (default: 1646). |
If you are using the Cisco 6510 in conjunction with the Cisco Cisco User Control Point (UCP), make sure that you specify the port on which the UCP's Protocol Gateway Service PGS has been configured to listen for accounting packets. For information on how to configure the PGS, refer to the "Using the Network Control Console"chapter in the Cisco User Control Point Administrator Guide.
If you are using another AAA server, specify the port on which the remote AAA server listens for accounting packets.
SSG > config set AccountingRemotePort 1646
This configuration parameter specifies the number of times the Cisco 6510 resends an accounting request packet if a response is not received.
config set AcctRetryCount retriesretries | Number of times the Cisco 6510 will retry an accounting request packet if a response is not received (default: 5). |
Use the AcctRetryCount parameter to set the number of times the Cisco 6510 will retry an accounting packet. To configure all accounting retry and timeout settings, use the accountingparam command. See the "accountingparam" section.
SSG > config set acctretrycount 10
This configuration parameter specifies the number of seconds the Cisco 6510 waits before timing out an accounting request packet.
config set AcctTimeout timetime | The interval before timing out an accounting request packet (default: 10 seconds). |
Use the AcctTimeout parameter to set the number of seconds the Cisco 6510 waits before timing out an accounting request packet. To configure all accounting retry and timeout settings, use the accountingparam command. See the "accountingparam" section.
SSG > config set accttimeout 15
This configuration parameter specifies the number of times the Cisco 6510 will retry an Address Resolution Protocol (ARP) request.
config set ARPRetryCount retriesretries | Number of times the Cisco 6510 will retry an ARP request packet |
Use the ARPRetryCount parameter to set the number of times the Cisco 6510 will retry an ARP request.
SSG > config set ARPRetryCount 1
This configuration parameter specifies the number of milliseconds the Cisco 6510 waits before timing out an ARP request packet.
config set ARPTimeout timetime | Number of milliseconds the Cisco 6510 waits before timing out an ARP request packet (default: 0). |
Use the ARPTimeout parameter to set the number of milliseconds the Cisco 6510 waits before timing out an ARP request packet.
SSG > config set ARPTimeout 0
This configuration parameter specifies the shared secret used for RADIUS communication between the Cisco 6510 and the Cisco SSD.
config set DashboardPassword secretsecret | Text string containing the shared secret. |
Use the DashboardPassword parameter to specify the shared secret used for the RADIUS communication between the Cisco 6510 and the Cisco SSD.
SSG > config set DashboardPassword string2
This configuration parameter enables or disables the accounting debug handler.
config set DebugACCTHandler {0 | 1}0 | Disables the accounting debug handler. |
1 | Enables the accounting debug handler. |
Use the DebugACCTHandler parameter to enable or disable the accounting debug handler.
SSG > config set debugaccthandler 0
SSG > config set debugaccthandler 1
TimeSaver To quickly configure debugging, use the debug command. For more information, see the "debug" section.
This configuration parameter specifies the debug level for the accounting handler. For information on setting debug levels, see the "debug" section.
The accounting handler supports error, informational, and verbose debug levels.
This configuration parameter enables or disables the DHCP debug handler.
config set DebugDHCPHandler {0 | 1}0 | Disables the DHCP debug handler. |
1 | Enables the DHCP debug handler. |
Use the DebugDHCPHandler parameter to enable or disable the DHCP debug handler.
SSG > config set debugdhcphandler 0
SSG > config set debugdhcphandler 1
This configuration parameter specifies the debug level for the DHCP handler. For information on setting debug levels, see the "debug" section.
The DHCP handler supports all debugging levels.
This configuration parameter enables or disables the DNS debug handler.
config set DebugDNSHandler {0 | 1}0 | Disables the DNS debug handler. |
1 | Enables the DNS debug handler. |
Use the DebugDNSHandler parameter to enable or disable the DNS debug handler.
SSG > config set debugdnshandler 0
SSG > config set debugdnshandler 1
This configuration parameter specifies the debug level for the DNS handler. For information on setting debug levels, see the "debug" section.
The DNS handler supports all debugging levels.
This configuration parameter enables or disables the failover debug handler.
config set DebugFOVERHandler {0 | 1}0 | Disables the failover debug handler. |
1 | Enables the failover debug handler. |
Use the DebugFOVERHandler parameter to enable or disable the failover debug handler.
SSG > config set debugfoverhandler 0
SSG > config set debugfoverhandler 1
This configuration parameter specifies the debug level for the failover handler. For information on setting debug levels, see the "debug" section.
The failover handler supports error, informational, and verbose debug levels.
This configuration parameter enables or disables the layer 2 forwarding (L2F) debug handler.
config set DebugL2FHandler {0 | 1}0 | Disables the L2F debug handler. |
1 | Enables the L2F debug handler. |
Use the DebugL2FHandler parameter to enable or disable the L2F debug handler.
SSG > config set debugl2fhandler 0
SSG > config set debugl2fhandler 1
This configuration parameter specifies the debug level for the L2F handler. For information on setting debug levels, see the "debug" section.
The L2F handler supports all debugging levels.
This configuration parameter enables or disables the network address translation (NAT) debug handler.
config set DebugNATHandler {0 | 1}0 | Disables the NATdebug handler. |
1 | Enables the NAT debug handler. |
Use the DebugNATHandler parameter to enable or disable the NAT debug handler.
SSG > config set debugnathandler 0
SSG > config set debugnathandler 1
This configuration parameter specifies the debug level for the NAT handler. For information on setting debug levels, see the "debug" section.
The NAT handler supports error, informational, and verbose debug levels.
This configuration parameter enables or disables the Point-to-Point Protocol (PPP) debug handler.
config set DebugPPPHandler {0 | 1}0 | Disables the PPP debug handler. |
1 | Enables the PPP debug handler. |
Use the DebugPPPHandler parameter to enable or disable the PPP debug handler.
SSG > config set debugppphandler 0
SSG > config set debugppphandler 1
This configuration parameter specifies the debug level for the PPP handler. For information on setting debug levels, see the "debug" section.
The PPP handler supports error, informational, and verbose debug levels.
This configuration parameter enables or disables the RADIUS debug handler.
config set DebugRADIUSHandler {0 | 1}0 | Disables the RADIUS debug handler. |
1 | Enables the RADIUS debug handler. |
Use the DebugRADIUSHandler parameter to enable or disable the RADIUS debug handler.
SSG > config set debugradiushandler 0
SSG > config set debugradiushandler 1
This configuration parameter specifies the debug level for the RADIUS handler. For information on setting debug levels, see the "debug" section.
The RADIUS handler supports error, informational, and verbose debug levels.
This configuration parameter enables or disables the system debug handler.
config set DebugSystemHandler {0 | 1}0 | Disables the system debug handler. |
1 | Enables the system debug handler. |
Use the DebugSystemHandler parameter to enable or disable the system debug handler.
SSG > config set debugsystemhandler 0
SSG > config set debugsystemhandler 1
This configuration parameter specifies the debug level for the system handler. For information on setting debug levels, see the "debug" section.
The system handler supports error, informational, and verbose debug levels.
This configuration parameter specifies the interface card to which the server specified by the DefaultServerIP parameter is attached (default: Interface Card 2). For more information, see the "DefaultServerIP" section.
config set DefaultServerIF cardcard | Interface card to which the default server is attached (0, 1, 2). |
Use the DefaultServerIF parameter to specify the interface card where the Cisco SSD is attached.
SSG > config set DefaultServerIF 2
This configuration parameter specifies the first IP address or range of IP addresses that can be accessed without authenticating with the Cisco 6510 (usually the Cisco SSD).
config set DefaultServerIP ipip | IP address of the server Cisco SSD. |
When client users of the Cisco 6510 log in to the service provider's network and want to access services, users access the Cisco SSD through this IP address or range of IP addresses and select which services they want to access.
Use the DefaultServerIP parameter to specify the first IP address or range of IP addresses that the Cisco 6510 will allow traffic to access without authenticating with the Cisco 6510.
SSG > config set DefaultServerIP 192.168.1.2
This configuration parameter specifies the first range of IP addresses that can be accessed without authenticating with the Cisco 6510 (usually the Cisco SSD).
config set DefaultServerIPMask maskmask | Subnet mask used by DefaultServerIP. |
When client users of the Cisco 6510 log in to the service provider's network and want to access services, users access the Cisco SSD through this range of IP addresses and select which services they want to access.
Use the DefaultServerIPMask parameter to specify the first range of IP addresses that the Cisco 6510 will allow traffic to access without authenticating with the Cisco 6510. This parameter must be used in conjunction with the DefaultServerIP parameter.
SSG > config set DefaultServerIPMask 255.255.255.0
This configuration parameter specifies the second IP address or range of IP addresses that can be accessed without authenticating with the Cisco 6510 (usually the Cisco SSD).
config set DefaultServerIP2 ipip | IP address of the server Cisco SSD. |
When client users of the Cisco 6510 log in to the service provider's network and want to access services, users access the Cisco SSD through this IP address or range of IP addresses and select which services they want to access.
Use the DefaultServerIP2 parameter to specify the second IP address or range of IP addresses that the Cisco 6510 will allow traffic to access without authenticating with the Cisco 6510.
SSG > config set DefaultServerIP2 192.168.10.1
This configuration parameter specifies the second range of IP addresses that can be accessed without authenticating with the Cisco 6510 (usually the Cisco SSD).
config set DefaultServerIP2Mask maskmask | Subnet mask used by DefaultServerIP2. |
When client users of the Cisco 6510 log in to the service provider's network and want to access services, users access the Cisco SSD through this range of IP addresses and select which services they want to access.
Use the DefaultServerIP2Mask parameter to specify the second range of IP addresses that the Cisco 6510 will allow traffic to access without authenticating with the Cisco 6510. This parameter must be used in conjunction with the DefaultServerIP2 parameter.
SSG > config set DefaultServerIP2Mask 255.255.255.0
This configuration parameter specifies the IP address of the DHCP server.
config set DHCPIP DHCP_ipDHCP_ip | IP address of the DHCP server. |
The DHCPIP parameter specifies the IP address of the remote DHCP server connected to the management interface of the Cisco 6510.
SSG > config set dhcpip 136.123.56.57
The Cisco 6510 can be configured as a DHCP relay agent. This configuration parameter enables or disables the DHCP relay option.
config set DHCPRelayEnable {0 | 1}0 | Disables the DHCP relay option (default). |
1 | Enables the DHCP relay option. |
Use the DHCPRelayEnable parameter to configure the Cisco 6510 as a DHCP relay agent.
SSG > config set DHCPRelayEnable 0
This configuration parameter specifies the remote port from which the Cisco 6510 sends Dynamic Host Configuration Protocol (DHCP) packets.
config set DHCPRemotePort DHCP_portDHCP_port | Port on which the remote DHCP server sends and receives DHCP packets (default: 67). |
The DHCPRemotePort parameter specifies the port on which the remote DHCP server connected to the Cisco 6510 listens for DHCP packets.
If you are using Cisco UCP with the Cisco 6510, make sure that you specify the port on which the UCP's Protocol Gateway Service (PGS) has been configured to listen for DHCP packets. For information on how to configure the PGS, refer to the "Using the Network Control Console" chapter in the Cisco User Control Point Administrator Guide.
If you are using another DHCP server with the Cisco 6510, specify the port used by the remote DHCP server to receive and send DHCP packets.
SSG > config set DHCPRemotePort 67
This configuration parameter specifies how often the Cisco 6510 checks whether the DNS server is operational.
config set DNSFTCheckInterval intervalinterval | How often the Cisco 6510 checks whether the DNS server is operational (default: 60 seconds). |
Use this parameter to specify how often the Cisco 6510 checks whether the DNS server is operational.
This parameter is only used for fault tolerance. If there is only one DNS server, this parameter will have no effect. If there are two DNS servers and you want the Cisco 6510 to load-balance requests between the DNS servers, set this value to 0. For information on configuring two DNS servers, see the "DNS Server Address" section.
SSG > config set dnsftcheckinterval 60
This configuration parameter specifies when the Cisco 6510 considers the DNS server failed.
config set DNSFTCheckThreshold thresholdthreshold | The threshold used to determine whether the DNS server failed (default: 0.1). For example, if this parameter is set to 0.1 and at least 1 reply is received for every 10 requests, the server is considered operational. |
Use this parameter to specify when the Cisco 6510 considers the DNS server failed.
This parameter is only used for fault tolerance. If there is only one DNS server or there are two DNS servers and they are configured for load-balancing, this parameter will have no effect.
SSG > config set dnsftcheckthreshold 0.1
This configuration parameter specifies the remote port from which the Cisco 6510 sends Domain Name System (DNS) packets.
config set DNSRemotePort DNS_portDNS_port | Port on which the remote DNS server connected to the Cisco 6510 sends and receives DNS packets (default: 53). |
The DNSRemotePort parameter specifies the port on which the remote DNS server connected to the Cisco 6510 listens for DNS packets.
If you are using the Cisco 6510 in conjunction with UCP, make sure that you specify the port on which the UCP's Protocol Gateway Service (PGS) has been configured to listen for DNS packets. For information on how to configure the PGS, refer to the "Using the Network Control Console" chapter in the Cisco User Control Point Administrator Guide.
If you are using another DNS server with the Cisco 6510, specify the port used by the remote DNS server to receive and send DNS packets.
SSG > config set DNSRemotePort 53
This configuration parameter indicates the IP address assigned to interface card 0 of the active failover unit.
This configuration parameter indicates the IP address assigned to interface card 1 of the active failover unit.
This configuration parameter indicates the IP address assigned to interface card 2 of the active failover unit.
This configuration parameter indicates the Media Access Control (MAC) address assigned to interface card 0 of the active failover unit. The format of the MAC address is as follows:
Mac ID: xx:xx:xx:xx:xx:xx
This configuration parameter indicates the MAC address assigned to interface card 1 of the active failover unit. The format of the MAC address is as follows:
Mac ID: xx:xx:xx:xx:xx:xx
This configuration parameter indicates the MAC address assigned to interface card 2 of the active failover unit. The format of the MAC address is as follows:
Mac ID: xx:xx:xx:xx:xx:xx
This configuration parameter indicates the IP address assigned to interface card 0 of the standby failover unit.
This configuration parameter indicates the IP address assigned to interface card 1 of the standby failover unit.
This configuration parameter indicates the IP address assigned to interface card 2 of the standby failover unit.
This configuration parameter indicates the MAC address assigned to interface card 0 of the standby failover unit. The format of the MAC address is as follows:
Mac ID: xx:xx:xx:xx:xx:xx
This configuration parameter indicates the MAC address assigned to interface card 1 of the standby failover unit. The format of the MAC address is as follows:
Mac ID: xx:xx:xx:xx:xx:xx
This configuration parameter indicates the MAC address assigned to interface card 2 of the standby failover unit. The format of the MAC address is as follows:
Mac ID: xx:xx:xx:xx:xx:xx
This configuration parameter specifies the IP address used by interface card 0---the interface that will connect to Dashboard hosts.
config set FEI0_InetAddr ipip | IP address used by interface card 0. |
Use FEI0_InetAddr to set the IP address used by interface card 0.
SSG > config set FEI0_InetAddr 198.46.3.2
TimeSaver To quickly set all configuration parameters for an interface card, see the "ifconfig" section.
This configuration parameter specifies the IP subnet mask used by interface card 0.
config set FEI0_Mask maskmask | Subnet mask used by interface card 0. |
Use FEI0_Mask to specify the subnet mask used by interface card 0.
SSG > config set FEI0_Mask 255.255.255.0
This configuration parameter specifies the IP address of the default gateway of interface card 0.
config set FEI0_InetGateway ipip | IP address of the default gateway of interface card 0. |
Use FEI0_InetGateway to specify the IP address of the default gateway for interface
card 0.
SSG > config set FEI0_InetGateway 198.46.2.1
This configuration parameter specifies a name for interface card 0.
config set FEI0_InetName namename | Text string representing the name to assign to the interface card. |
You can use the FEI0_InetName parameter to assign a name to an interface card.
This is a description field and does not affect operation.
SSG > config set FEI0_InetName host_0
This configuration parameter specifies the IP address used by interface card 1--- the interface that connects to the network containing AAA, DHCP, and SNMP services.
config set FEI1_InetAddr ipip | IP address used by interface card 1. |
Use FEI1_InetAddr to set the IP address used by interface card 1.
SSG > config set FEI1_InetAddr 198.46.4.2
| TimeSaver To quickly set all configuration parameters for an interface card, see the "ifconfig" section. |
This configuration parameter specifies the IP subnet mask used by interface card 0.
config set FEI1_Mask maskmask | Subnet mask used by interface card 1. |
Use FEI1_Mask to specify the subnet mask used by interface card 0.
SSG > config set FEI1_Mask 255.255.255.0
The FEI1_InetGateway configuration parameter specifies the IP address of the default gateway of interface card 1.
config set FEI1_InetGateway ipip | IP address of the default gateway of interface card 1. |
Use FEI1_InetGateway to specify the IP address of the default gateway for interface
card 1.
SSG > config set FEI1_InetGateway 198.46.3.1
The FEI1_InetName configuration parameter specifies a name for interface card 1.
config set FEI1_InetName namename | Text string representing the name to assign to the interface card. |
You can use the FEI1_InetName parameter to assign a name to an interface card 1.
This is a description field and does not affect operation.
SSG > config set FEI1_InetName lt_usp
This configuration parameter specifies the IP address used by interface card 2--- the interface that connects to the service provider network.
config set FEI2_InetAddr ipip | IP address used by interface card 2. |
Use FEI2_InetAddr to set the IP address used by interface card 2.
SSG > config set FEI2_InetAddr 198.46.5.2
| TimeSaver To quickly set all configuration parameters for an interface card, see the "ifconfig" section. |
This configuration parameter specifies the IP subnet mask used by interface card 2.
config set FEI2_Mask maskmask | Subnet mask used by interface card 2. |
Use FEI2_Mask to specify the subnet mask used by interface card 2.
SSG > config set FEI2_Mask 255.255.255.0
This configuration parameter specifies the IP address of the default gateway of interface card 2.
config set FEI2_InetGateway ipip | IP address of the default gateway of interface card 2. |
Use FEI2_InetGateway to specify the IP address of the default gateway for interface card 2.
SSG > config set FEI2_InetGateway 198.46.4.1
This configuration parameter specifies a name for interface card 2.
config set FEI2_InetName namename | Text string representing the name to assign to the interface card. |
You can use the FEI2_InetName parameter to assign a name to an interface card 2.
This is a description field and does not affect operation.
SSG > config set FEI2_InetName lt_isp
This configuration parameter enables or disables support for Internet Group Management Protocol (IGMP). If multicast support is desired and there is a router between the Cisco 6510 and the hosts network, this parameter must be enabled.
config set IGMPHelperEnable {0 | 1}0 | Disables multicast support (default). |
1 | Enables multicast support. |
Use the IGMPHelperEnable configuration parameter to enable or disable support for IGMP.
SSG > config set igmphelperenable 1
This configuration parameter specifies the UNIX syslog facility used to monitor debug messages.
config set LogFacility valuevalue | Numeric value used to set the UNIX syslog facility. |
Use the LogFacility parameter to specify the local device to which the Cisco 6510 writes debug messages.
SSG > config set logfacility 0
This configuration parameter specifies the port number from which the home gateway connected to the Cisco 6510 listens for Layer 2 Forwarding (L2F) packets.
config set L2FRemotePort port_numport_num | Port number of the home gateway to which the Cisco 6510 sets up a tunneled connection (Default: 1701). |
Use the L2FRemotePort parameter to specify the port number of the remote gateway to which the Cisco 6510 sets up an L2F tunnel.
SSG > config set L2FRemotePort 1701
This configuration parameter configures the appearance of the CLI prompt.
config set MachineName namename | Name that will appear in the command-line interface (CLI) prompt. |
Use the MachineName configuration parameter to configure the appearance of the CLI prompt.
SSG > config set MachineName SSG_42
SSG_42 >
This configuration parameter specifies the maximum number of services to which any user can log on.
config set MaxServicePerHost maxconnsmaxconns | Maximum number of service connections (default: 10). |
Use the MaxServicePerHost configuration parameter to specify the maximum number of services to which any user can log on.
For example, the Cisco 6510 supports a maximum of 250,000 simultaneous connections. If 25,000 users will simultaneously connect to the Cisco 6510, this parameter can be set to 10. If only 10,000 users will simultaneously connect to the Cisco 6510, this parameter can be set to 25.
| Caution Be careful when setting this parameter. Make sure it does not exceed the 250,000 maximum connections. |
SSG > config set MaxServicePerHost 10
This configuration parameter enables or disables multicast support for the Cisco 6510.
config set MulticastEnable {0 | 1}0 | Disables multicast support (default). |
1 | Enables multicast support. |
Use the MulticastEnable configuration parameter to enable or disable multicast support.
SSG > config set multicastenable 1
This configuration parameter specifies the interval that the Cisco 6510 waits before cleaning up a connection object for an FTP network address tranlation (NAT) request.
config set NATFTPCleanupInternal intervaltime | Number of seconds the Cisco 6510 waits before timing out an FTP connection request for NAT (default: 300). |
Use the NATFTPCleanupInternal parameter to set the number of seconds the Cisco 6510 waits before timing out an FTP connection request for NAT.
SSG > config set natftpcleanupinternal 300
This configuration parameter specifies the number of milliseconds the Cisco 6510 waits before timing out an FTP connection request for NAT.
config set NATFTPConnTimeout timetime | Number of milliseconds the Cisco 6510 waits before timing out an FTP connection request for NAT (default: 14400). |
Use the NATFTPConnTimeout parameter to set the number of milliseconds the Cisco 6510 waits before timing out an FTP connection request for NAT.
SSG > config set natftpconntimeout 14400
This configuration parameter specifies the interval, in seconds, that the Cisco 6510 waits before timing out the connection object for an FTP connection.
config set NATFTPFinConnTimeout timetime | Number of seconds that the Cisco 6510 waits before timing out the connection object for an FTP connection (default: 1). |
Use the NATFTPFinConnTimeout parameter to set the number of seconds that the Cisco 6510 waits before timing out the connection object for an FTP connection.
SSG > config set natftpfinconntimeout 1
This configuration parameter specifies the name of the next hop gateway table profile, a RADIUS profile that associates service next hop keys with actual IP addresses.
config set NHGTableProfile profileprofile | Name of the next hop gateway profile for this Cisco 6510. |
Use the NHGTableProfile parameter to specify the name of the next hop gateway table profile used by this Cisco 6510.
SSG > config set nhgtableprofile SSG_1
This configuration parameter specifies the port number from which the RADIUS server connected to the Cisco 6510 listens for RADIUS packets.
config set RADIUSRemotePort port_numport_num | Port on which the remote server connected to the Cisco 6510 sends and receives RADIUS packets. |
The RADIUSRemotePort parameter specifies the port on which the remote AAA server connected to the Cisco 6510 listens for RADIUS packets.
If you are using the Cisco 6510 in conjunction with the Cisco UCP, make sure that you specify the port on which the UCP's PGS has been configured to listen for RADIUS packets. For information on how to configure the PGS, refer to the "Using the Network Control Console"chapter in the Cisco User Control Point Administrator Guide.
If you are using another AAA product and RADIUS server with the Cisco 6510, specify the port used by the remote AAA server to receive and send RADIUS packets.
SSG > config set RADIUSRemotePort 1645
This configuration parameter specifies the password used to authenticate the Cisco 6510 with the RADIUS service and pseudo-service profiles. This value must match the value configured for the RADIUS service profiles by the RADIUS administrator.
config set ServicePassword secretsecret | Password used to authenticate the Cisco 6510 with the CiscoSecure ACS service profiles. |
Use the ServicePassword parameter to set the password for authenticating the Cisco 6510 with the CiscoSecure ACS service profiles. The password can be up to 64 characters long.
SSG > config set servicepassword profilepass1
This configuration parameter sets the IP address of the SNMP server.
config set SNMPIP ipip | IP address of the SNMP server. |
Use the SNMPIP parameter to specify the IP address where the Cisco 6510 will send SNMP traps.
The Cisco 6510 generates two SNMP traps: Failover Switchover and AAA Service Switchover.
When two Cisco 6510s are configured for failover and the active unit fails, the standby unit takes over and becomes the active unit. Whenever this occurs, a Failover Switchover SNMP trap is generated and will appear to the SNMP server as a "Warm Start" error.
When two AAA servers are configured for failover and the active unit fails, the standby unit takes over and becomes the active unit. Whenever this occurs, a AAA Service Switchover SNMP trap is generated and will appear to the SNMP server as an "Authentication Failure" error.
SSG > config set SNMPIP 192.168.1.8
This configuration parameter specifies the port number from which the SNMP server listens for SNMP packets.
config set L2FRemotePort port_numport_num | Port number of the SNMP server used to listen for SNMP packets (default: 162). |
Use the SNMPRemotePort parameter to specify the port number from which the SNMP server listens for SNMP packets.
SSG > config set SNMPRemotePort 162
This configuration parameter specifies the number of messages the Cisco 6510 sends when it generates an SNMP trap.
config set SNMPRetryCount integerinteger | Number of messages the Cisco 6510 sends when it generates an SNMP trap. |
Use the SNMPRetryCount configuration parameter to specify the number of messages the Cisco 6510 sends when it generates an SNMP trap.
SSG > config set SNMPRetryCount 0
This configuration parameter enables or disables the transparent passthrough feature.
config set TPTEnable {0 | 1}0 | Disallows access without authentication. |
1 | Allows access without authentication. |
Transparent passthrough is designed to allow unauthenticated traffic (users or network devices that have not logged in to the Cisco 6510 through the Cisco SSD) to pass through the SSG (usually to the Internet).
Use this parameter to allow users to enable or disable transparent passthrough.
SSG > config set tptenable 0
Sets the period of time the Cisco 6510 waits before closing a tunnel that has no traffic.
config set TunnelTimeout integerinteger | Amount of time (in seconds) the Cisco 6510 waits before closing a tunnel that has no traffic (default: 60). |
This attribute allows the Cisco 6510 to detect when a home gateway closes a tunnel or when the tunnel fails.
Use the TunnelTimeout configuration parameter to set the period of time the Cisco 6510 waits before closing a tunnel that has no traffic.
The minimum setting for this attribute is 15 seconds.
SSG > config set tunneltimeout 60
|
|