|
|
This appendix contains a categorized complete listing of CLI configuration manager commands for the Secure Content Accelerator. Each command is described and, where appropriate, an example of usage is included. Some commands are available only with specific configuration connection methods. Availability of each command is indicated. Configuration using the GUI is described in Chapter 6.
This appendix contains the following sections:
Table C-1 describes the data formats acceptable for most commands.
| Data | Data Format |
|---|---|
MAC Address: | HH:HH:HH:HH:HH:HH |
MAC Address: | HHHH.HHHH.HHHH |
IP Address: | D.D.D.D |
IP Address: | 0xHHHHHHHH |
Integer Values: | D |
Integer Values: | 0xH |
Integer Range: | D-D |
"H" is one or more hexadecimal digit [0-F] and "D" is one or more decimal digit.
Bold text indicates a command in a paragraph.
Courier text indicates text that appears in a command line (such as the command line interface) or is returned by the computer.
Courier bold text indicates commands and text you enter in a command line.
Italic text indicates the first occurrence of a new term, book title, and emphasized text. In this command summary, items presented in italics represent user-specified information.
Items within angle brackets ("<>") are required information.
Items within square brackets ("[]") are optional information.
Items separated by a vertical bar ("|") are options. You can choose any of them.
 |
Note Though a command string may be displayed on multiple lines in this guide, it must be entered on a single line with not returns except at the end of the complete command. |
You can use individual keys and control-key combinations to help you work with the Command Line Interface (CLI). Table C-2 describes the key and key combination functions.
| Key(s) | Function |
|---|---|
TAB | Completes the current word |
? | Shows possible command completions |
CTRL+A | Moves cursor to the beginning of the command line |
CTRL+B | Moves cursor to the previous character |
CTRL+C | Exits the QuickStart wizard at any point; the configuration is not saved |
CTRL+D | When editing a command, deletes the character to the right of the cursor; otherwise, exits current configuration level or exits the configuration manager if at the Top Level |
CTRL+E | Moves cursor to the end of the command line |
CTRL+F | Moves cursor to the next character |
CTRL+K | Erases characters from the cursor to the end of the line |
CTRL+L | Clears the screen |
CTRL+N | Displays the next command in the command history |
CTRL+P | Displays the previous command in the command history |
CTRL+U | Erases characters from the cursor to the beginning of the line |
CTRL+W | Erases the previous word |
CTRL+Z | Leaves current mode and returns to Top Level mode |
LEFT ARROW | Moves the cursor to the previous character |
RIGHT ARROW | Moves the cursor to the next character |
HOME | Moves cursor to the beginning of the command (not available in Solaris) |
END | Moves cursor to the end of the command (not available in Solaris) |
|
Note Due to differences in operating systems, client software, and user preferences, some keys (such as ARROW, HOME, and END keys may not work as expected. Please use the key combinations listed in the Table C-2. |
Most configuration commands require completing all fields in the command. For commands that have several possible completers, the TAB or ? keys display all options.
SCA> show [TAB]
access-list ip route
arp keep-alive monitor running-configuration
copyrights memory snmp
cpu messages ssl
device netstat syslog
dns processes system-resources
group profile terminal
history remote-management version
interface rip
The TAB key can also be used to finish a command if the command is uniquely identified by user input.
SCA> show cop[TAB]
results in
SCA> show copyrights
Additionally, commands may be abbreviated as long as the partial commands are unique. The following text:
SCA> sho dev lis
is an acceptable abbreviation for
SCA> show device list
|
Note Device, certificate, certificate group, key, security policy, and server names are case-sensitive. |
The CLI configuration manager allows you to control hardware and SSL portions of the appliance through a discreet mode and submode system. The commands for the Secure Content Accelerator device fit into the logical hierarchy show in Figure C-1.
To configure items in a submode, activate the submode by entering a command in the mode above it. For example, to set the network interface speed or duplex you must first enter enable, configure, then interface network. To return to the higher Configuration mode, simply enter end or exit or press CTRL+D. The finished command returns to the Top Level from any mode. Appendix C lists all commands for SSL devices.
Cisco Secure Content Accelerator devices allow easy, flexible configuration without compromising the security of your network or their own configuration.
SSL devices are shipped without passwords. Setting passwords is important because the device can be administered over a network. For more information about passwords, see the commands password access and password enable in Appendix C.
Access lists control which computers can attach to a specific device. No access lists exist when you first install the Secure Content Accelerator. You can restrict the computers allowed to manage the appliance by adding their IP addresses to one or more access lists for each device. For more information about configuring access lists, see the commands show access-list, access-list, snmp access-list, remote-management access-list, telnet access-list, and web-mgmt access-list in Appendix C.
To further protect the configuration security, you can specify that remote (non-serial and non-telnet) configuration sessions be encrypted using AES, DES, or ARC4. See remote-management encryption in Appendix C.
 |
Caution All configuration is lost when using the factory default reset password. |
You can configure the Cisco Secure Content Accelerator using one of four methods, three of which use the CLI configuration manager.
Additionally, the behaviors of some commands vary depending upon the management method. The configuration information for the commands ip name-server, rdate-server, and ip domain-name can be set remotely, but the configuration information is used only through a serial or telnet connection. The results of the ping and traceroute commands also are dependent upon the management method. When used with the remote management application, these commands are executed and results returned based upon the configuring computer's hardware information. When used with serial or telnet management, the results are based upon the SSL appliance's hardware information.
File name formats differ depending on the management method. When using remote management, you can specify the file name as it appears in the configuring computer's file system. A path must be included, if necessary. When using serial or telnet management, the file name must be entered in any of the following formats:
[<http:// | ftp:// | https:// | tftp:// >] URL
In situations where a file is written, anonymous write access must be configured on the system with these caveats:
Additionally, we provide a guided QuickStart wizard configuration method, available from both the configuration manager and GUI. To use this method for configuration, see Chapter 4. Brief instructions are also included for initiating a management session using the configuration manager.
For instructions on using any of the CLI configuration managers, see Chapter 5 for instructions on using the GUI, see Chapter 6.
1. Attach the included null modem cable to the appliance port marked "CONSOLE". Attach the other end of the null modem cable to a serial port on the configuring computer.
2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings: 9,600 baud, 8 data bits, no parity, 1 stop bit, no flow control.
3. Press Return. Initial information is displayed followed by an SCA> prompt.
4. Enter Privileged and Configuration modes and set the IP address using the following commands. Replace the IP address in the example with the appropriate one.
SCA> enable
SCA# configure
(config[SCA])# ip address 10.1.2.5
(config[SCA])#
|
Note When prompted to supply a file name during serial management, you must supply it as a URL in the form of HOST/PATH/FILENAME using the http://, https://, ftp://, or tftp:// prefix. |
1. Initiate a telnet session with the IP address previously assigned to the appliance.
2. An SCA> prompt is displayed.
|
Note When prompted to supply a file name during a telnet management session, you must supply it as a URL in the form of HOST/PATH/FILENAME using the http://, https://, ftp://, or tftp:// prefix. |
Use the appropriate instructions below to run the CLI configuration manager.
Enter csacfg at a Linux shell prompt.
Enter csacfg at a Unix shell prompt.
To start the configuration manager, use the Start menu and point to Programs>Cisco Systems and click Cisco Secure Content Acc. Manager, or double-click the shortcut on the desktop.
Type Key Name Version MacAddr IPaddr
Cisco Secure Content Accelerator devices are listed with the "CSS-SCA" device type. Note the MAC address of the device you wish to configure. It is used with the "CS-" prefix to identify a specific device when giving commands in the format CS-macaddress, where macaddress is the MAC address of the device.
|
Note Identify an unnamed device as a specific appliance, match the last six digits of the serial number with the MAC address shown. |
For example, entering show device list returns the following list of unattached devices:
CSS-SCA Ru sslDev1 ...
CSS-SCA Ru sslDev2 ...
CSS-SCA Ru sslDev3 ...
CSS-SCA Ru sslDev4 ...
To attach the configuration manager to the device sslDev3, enter this command:
on sslDev3 attach
The auto completer function can assist data entry. See "Editing and Completion Features" in Appendix C for details for using editing and auto completer features.
csacfg> group myGroup create
(group[myGroup])> device sslDev1
(group[myGroup])> device sslDev2
(group[myGroup])> device sslDev4
(group[myGroup])> info
group name: myGroup
number of devices: 3
device: sslDev1
device: sslDev2
device: sslDev4
(group[myGroup])>
To remove a device from the group, use the no form of the command:
(group[myGroup])> no device sslDev2
Enter end to leave Group configuration mode. To send commands to every device in the group, use the on prefix.
on myGroup attach
set on-prefix myGroup
After entering this command, you do not need to use the on prefix when addressing the default target. For example, the on myGroup attach command becomes attach. You can still address another group instead of the default; simply specify its name following the on prefix. Change the on prefix target by re-entering the command, identifying the new group. View the on prefix target by entering show profile.
|
Note Individual devices can also be set as the on prefix default target. Any command without the on prefix defaults to the group or device specified by the set on-prefix command. |
For more information about Group Configuration commands, see "Group Configuration Command Set" in Appendix C.
Attaches or detaches the configuration manager from one or more devices.
attach
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of a user-defined group of devices. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote
Use the simple attach form of the command to attach to a single found device. Use the no form of the command to detach the configuration manager from a single attached device. If an access-level password has been defined, you must enter it when prompted before the configuration manager will attach to the device(s). If a shared secret passphrase has been assigned as part of remote management encryption, you are prompted for it. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
|
Note If you have forgotten the device's access password, see "Factor y Default Reset Password". |
Related Commands
attach ip (Non-Privileged Command Set)
enable (Non-Privileged Command Set)
remote-management enable (Configuration Command Set)
remote-management port (Configuration Command Set)
Attaches or detaches the configuration manager from one or more devices using an alternate remote management port.
attach ip <ipaddr> [port <portid>]
Syntax Description
ipaddr The IP address of the Secure Content Accelerator. portid The TCP service port number.
Usage Guidelines
Availability: Remote
Use the port option to specify a TCP/UDP service port to use for attaching to the device. The remote-management port command must have been used on the device to change the management port from the default. If a shared secret passphrase has been assigned as part of remote management encryption, you are prompted for it. Use the no form of the command to detach the configuration manager from the specified device. If an access-level password has been defined, you must enter it when prompted before the configuration manager can attach to the device.
|
Note If you have forgotten the device's access password, see "Factor y Default Reset Password". |
Related Commands
attach (Non-Privileged Command Set)
enable (Non-Privileged Command Set)
remote-management enable (Configuration Command Set)
remote-management port (Configuration Command Set)
Clears the display, leaving only one prompt line.
clear screenUsage Guidelines
Availability: Remote, Serial, Telnet
Clears the display, leaving only one prompt line.
clsUsage Guidelines
Availability: Remote, Serial, Telnet
Checks the network for new remote devices on the default or, optionally, on the specified TCP service port when using an alternate remote management port.
discover [port <portid>]
Syntax Description
portid The port number.
Usage Guidelines
Availability: Remote
Use the port option to specify a TCP service port to search for devices when using an alternate remote management port.
Related Commands
remote-management port (Configuration Command Set)
Enters or leaves Privileged Mode for one or more attached device.
enable
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of a user-defined group of devices. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If an enable-level password has been defined, you must enter it when prompted. When using remote management, enters Privileged mode for a single, attached device. Using the no form of this command leaves Privileged mode. When using remote configuration, use the on form of the command to specify the target(s) of the command when more than one device is appropriate.
|
Note If you have forgotten the device's enable password, see "Factor y Default Reset Password". |
Related Commands
attach (Non-Privileged Command Set)
attach ip (Non-Privileged Command Set)
See the section "Privileged Command Set".
Quits the configuration manager.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
When executed from the remote configuration manager, closes the configuration manager. When executed from a serial connection, the connection is not closed. If an access password has been configured, you are prompted for it. When executed from telnet, the telnet connection is closed.
Related Commands
quit (Non-Privileged Command Set)
Creates or configures the specified user-defined device group.
group <groupname> [create]
Syntax Description
groupname The name of a user-defined group of devices. create Creates a new device group named groupname and enters Group Configuration Mode for that device group.
Usage Guidelines
Availability: Remote
Use the create flag to create the specified group and enter Group Configuration mode for it. Use the no form of the command to remove the specified group.
Related Commands
See also "Group Configuration Command Set".
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If no command is specified, help information is displayed for all Non-Privileged commands. When using remote configuration, help information is displayed for all Top Level commands.
Displays the results of the specified show command at one second intervals.
monitor <command>
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
The interval between refreshes is set using the set monitor-interval command.
Related Commands
set monitor-interval (Non-Privileged Command Set)
show profile (Non-Privileged Command Set)
Pauses the configuration manager for a specified time or until a key is pressed.
pawsUsage Guidelines
Availability: Remote, Serial, Telnet
Sends ICMP packets to the specified IP address.
ping <ipaddr|name>
Syntax Description
ipaddr The specified destination IP address. name The name of the host to ping (serial or telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
The host name can be used remotely if a domain name has been assigned for the device. When issued from a serial or telnet connection, the command returns information based upon the hardware of the Secure Content Accelerator. When issued from a remote management connection, the command returns information based upon the configuring computer.
Related Commands
ip name-server (Configuration Command Set)
Quits the configuration manager.
quitUsage Guidelines
Availability: Remote, Serial, Telnet
When executed from the remote configuration manager, closes the configuration manager. When executed from a serial connection, the connection is not closed. If an access password has been configured, you are prompted for it. When executed from telnet, the telnet connection is closed.
Related Commands
exit (Non-Privileged Command Set)
Sets the number of seconds between monitor-prefixed command refreshes.
set monitor-interval <value>
Syntax Description
value The number of seconds between refreshes
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to return the monitor interval to default value.
Related Commands
monitor (Non-Privileged Command Set)
show profile (Non-Privileged Command Set)
Sets the entity to address as default when using the on prefix.
set on-prefix <devname|groupname|all>
Syntax Description
devname The name of the Secure Content Accelerator to target groupname The name of the user-defined device group to target
Usage Guidelines
Availability: Remote
Use the no form of the command to clear the default entity.
Related Commands
group (Non-Privileged Command Set)
show profile (Non-Privileged Command Set)
Displays the ARP cache on the specified device.
show arp
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays copyright information for software and hardware products.
show copyrightsUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show version (Non-Privileged Command Set)
Displays CPU utilization information for one or more devices.
show cpu [continuous] [interval <value>]
Syntax Description
continuous Displays statistics continuously updated at one-second intervals. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the continuous option to have statistics displayed continuously, updated at one-second intervals. Use the interval option to specify an interval for display updates. Press any key to stop displaying statistics. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays current date and time settings on the device.
show dateUsage Guidelines
Availability: Serial, Telnet
Related Commands
rdate-server (Configuration Command Set)
Displays information about the specified device(s).
show device
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays summary information for all Secure Content Accelerators in the same broadcast domain as the configuring computer or found by the configuration manager after launching the configuration manager and using the discover command.
show device listUsage Guidelines
Availability: Remote
Devices are listed in the following format:
Type Key Name Version MacAddr IPaddr
Note the MAC address of the device you wish to configure. It is used with the "CS-" prefix to identify a specific device when giving commands.
Related Commands
discover (Non-Privileged Command Set)
Displays DNS configuration information for one or more devices.
show dns
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
ip domain-name (Configuration Command Set)
show ip domain-name (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)
Displays IP connection information for one or more devices.
show flow
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays group summary information for the specified group.
show group [groupname]
Syntax Description
groupname The name of the user-defined device group.
Usage Guidelines
Availability: Remote
If a group is not specified, information is displayed for all groups.
Related Commands
group (Non-Privileged Command Set)
See the section "Group Configuration Command Set".
Displays the last commands executed.
show historyUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show terminal (Top Level Command Set)
terminal history (Top Level Command Set)
Displays information for the specified Ethernet interface on one or more devices.
show interface [network | server]
Syntax Description
network Displays information for the "Network" interface. server Displays information for the "Server" interface. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
The information includes connection, duplex, speed, and autonegotiation settings. If a single interface is not specified, information is displayed for all interfaces on the device(s). When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show interface errors (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
interface (Configuration Command Set)
See the section "Interface Configuration Command Set".
Displays error information for the specified Ethernet interface on one or more devices.
show interface errors [network | server] [continuous] [interval <value>]
Syntax Description
network Displays information for the "Network" interface. server Displays information for the "Server" interface. continuous Displays errors continuously. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
If a single interface is not specified, errors are displayed for both interfaces. If continuous is specified, error statistics are updated every second. Use the interval option to specify an interval for display updates. Press any key to stop displaying errors. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show interface (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
interface (Configuration Command Set)
See the section "Interface Configuration Command Set".
Displays interface statistics for one or more devices.
show interface statistics [network | server] [continuous] [interval <value>]
Syntax Description
network Displays information for the "Network" interface. server Displays information for the "Server" interface. continuous Displays statistics continuously. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If a single interface is not specified, statistics are displayed for both interfaces. If continuous is specified, statistics are updated every second. Use the interval option to specify an interval for display updates. Press any key to stop displaying statistics. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show interface (Non-Privileged Command Set)
show interface errors (Non-Privileged Command Set)
interface (Configuration Command Set)
See the section "Interface Configuration Command Set".
Displays DNS configuration information for one or more devices.
show ip domain-name
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
ip domain-name (Configuration Command Set)
show dns (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)
Displays DNS configuration information for one or more devices.
show ip name-server
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command when more than one device is appropriate.
Related Commands
ip domain-name (Configuration Command Set)
show dns (Non-Privileged Command Set)
show ip domain-name (Non-Privileged Command Set)
Displays the routing table stored in one or more devices.
show ip routes
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show route (Non-Privileged Command Set)
Displays diagnostic IP, ICMP, TCP, and UDP statistics for one or more devices.
show ip statistics
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays a list of keepalive-monitor IP addresses for one or more devices.
show keepalive-monitor
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
SSL errors from IP addresses specified with the keepalive-monitor command are ignored. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
keepalive-monitor (Configuration Command Set)
Displays memory usage on one or more devices.
show memory [zones]
Syntax Description
zones Specifies memory information for each zone is to be displayed. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
The zones flag is used to display information for each memory zone. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays the diagnostic message buffer for one or more devices.
show messages
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
clear messages (Non-Privileged Command Set)
write messages (Privileged Command Set)
Displays the current state of the IP connection for one or more devices.
show netstat
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays information, by thread, about processes running on one or more devices.
show processes
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays the monitor-interval and on-prefix settings of the if they have been changed from the default settings.
show profile [all]
Syntax Description
all Displays current settings for both monitor-interval and on-prefix.
Usage Guidelines
Availability: Remote
Use the all keyword to display the current configuration of both the monitor-interval and on-prefix.
Related Commands
monitor (Non-Privileged Command Set)
set monitor-interval (Non-Privileged Command Set)
set on-prefix (Non-Privileged Command Set)
Displays the IP address of the RDATE protocol server configuration for one or more devices.
show rdate-server
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays remote management information for one or more devices.
show remote-management
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show telnet (Non-Privileged Command Set)
show web-management (Non-Privileged Command Set)
Displays the RIP status of one or more devices.
show rip
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
rip (Configuration Command Set)
Displays the routing table stored in one or more devices.
show route
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ip routes (Top Level Command Set)
Displays current remote configuration manager, serial, and telnet management connections to the device.
show sessionsUsage Guidelines
Availability: Serial, Telnet
Related Commands
clear line (Privileged Command Set)
Displays SNTP-server information for one or more devices. The SNTP server is used for date and time information.
show sntp-server
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
sntp-server (Configuration Command Set)
Displays SSL summary data for one or more devices.
show ssl
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the section "SSL Configuration Command Set".
Displays summary data for the specified certificate entity loaded on one or more devices.
show ssl cert [certname]
Syntax Description
certname The name of the certificate. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a certificate name, all certificate entity information is displayed When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl errors all (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
show ssl statistics all (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the sections "SSL Configuration Command Set", "Certificate Configuration Command Set", and "Certificate Group Configuration Command Set".
Displays summary data for the specified certificate group loaded on one or more devices.
show ssl certgroup [certgroupname]
Syntax Description
certgroupname The name of the certificate group. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a certificate group, all certificate group information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the sections "SSL Configuration Command Set", "Certificate Configuration Command Set", and "Certificate Group Configuration Command Set".
Displays SSL errors reported on one or more devices.
show ssl errors [continuous] [interval <value>]
Syntax Description
continuous Displays errors continuously. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
(This command must be given on one line.) Displays SSL errors reported on a single device or module. Use the continuous keyword to update the statistics every second. Use the interval keyword to specify an interval for display updates, where value is the interval in seconds. Press any key to stop displaying errors. When using remote configuration, use the on form of the command to specify the target(s) of the command, where devname is the name of a single device or module, groupname is the name of a user-defined device group, and all represents all appropriate devices and modules. The errors displayed when using the continuous or interval keywords are:
| Error | Description |
|---|---|
ACPT | SSL Accept Errors |
SSLW | SSL System Write Errors to Client |
SSLWBC | SSL System Write Broken Connection Errors to Client |
SSLR | SSL System Read Errors from Client |
SSLRBC | SSL System Read Broken Connection Errors from Client |
SVRW | System Write Errors to Remote Server |
SVRWBC | Broken Connection Write Errors to Remote Server |
SVRR | System Read Errors from Remote Server |
SVRRBC | Broken Connection Read Errors from Remote Server |
Related Commands
keepalive-monitor (Configuration Command Set)
show keepalive-monitor (Non-Privileged Command Set)
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the section "SSL Configuration Command Set".
Displays summary data for the specified private key loaded on one or more devices.
show ssl key [keyname]
Syntax Description
keyname The name of the public/private key pair. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a key name, all key information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the sections "SSL Configuration Command Set" and "Key Configuration Command Set".
Displays summary data for the specified security policy on one or more devices.
show ssl secpolicy [polname]
Syntax Description
polname The name of the security policy. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a security policy name, all security policy information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the sections "SSL Configuration Command Set" and "Security Policy Configuration Command Set".
Displays information for the specified configured logical secure server of type server, reverse-proxy server, or backend server on one or more devices.
show ssl server [servname]
Syntax Description
servname The name of the server. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a secure server name, all secure server information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the sections "SSL Configuration Command Set" and "Server Configuration Command Set".
Displays SSL session statistics summed over all secure logical servers on one or more devices.
show ssl session-stats [continuous] [interval <value>]
Syntax Description
continuous Displays statistics continuously. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the continuous keyword to update the statistics every second. Use the interval keyword to specify an interval for display updates. Press any key to stop displaying information. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the section "SSL Configuration Command Set".
Displays SSL statistics summed over all secure logical servers on one or more devices.
show ssl statistics [continuous] [interval <value>]
Syntax Description
continuous Displays statistics continuously. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the continuous keyword to update the statistics every second. Use the interval keyword to specify an interval for display updates. Press any key to stop displaying information. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate. The statistics displayed when using the continuous or interval keywords are:
| Error | Description |
|---|---|
AC | Active Client Connections, Active Server Connections |
AS | Active Sockets |
SNE | SSL Negotiation Errors |
TSE | Total Socket Errors |
CES | Connection Errors to Remote Server |
TCBE | Total Connection Block Errors |
TSCR | Total SSL Connections Refused, Total SSL Connections Rejected |
TCA | Total Connections Accepted |
TROH | Total RSA Operations in Hardware |
TSNS | Total SSL Negotiations Succeeded |
|
Note Values for Active Server Connections and Total SSL Connections Refused are not shown when using the continuous keyword. |
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl session-stats (Non-Privileged Command Set)
ssl (Configuration Command Set)
See the section "SSL Configuration Command Set".
Displays the list of hosts to which diagnostic messages from one or more devices are sent.
show syslog
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
syslog (Configuration Command Set)
Displays system memory and CPU usage for one or more devices.
show system-resources [continuous] [interval <value>]
Syntax Description
continuous Displays statistics continuously. interval Specifies an interval for display updates. value The interval in seconds. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the continuous option to update the information every second. Use the interval option to specify an interval for display updates. Press any key to stop displaying information. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Displays telnet management information for one or more devices.
show telnet
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
telnet access-list (Configuration Command Set)
telnet enable (Configuration Command Set)
telnet port (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
show web-management (Non-Privileged Command Set)
Displays terminal setting information.
show terminalUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show history (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)
Displays configuration manager version information.
show versionUsage Guidelines
Availability: Remote, Serial, Telnet
Displays Web-based GUI management information for one or more devices.
show web-management
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
web-mgmt access-list (Configuration Command Set)
web-mgmt enable (Configuration Command Set)
web-mgmt port (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
show telnet (Non-Privileged Command Set)
Sets the baud for communicating with the Secure Content Accelerator.
terminal baud <1200|2400|4800|9600|19200|38400|115200>
Syntax Description
1200 Sets the baud to 1200. 2400 Sets the baud to 2400. 4800 Sets the baud to 4800. 9600 Sets the baud to 9600. 19200 Sets the baud to 19,200. 38400 Sets the baud to 38,400. 115200 Sets the baud to 115,200.
Usage Guidelines
Availability: Serial
Related Commands
show terminal (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)
Sets the number of commands saved in the history buffer. Use the no form of the command to disable the history list.
terminal history <length>
Syntax Description
length The number of commands to store in the history buffer.
Usage Guidelines
Availability: Remote, Serial, Telnet
The default is 25.
Related Commands
show history (Non-Privileged Command Set)
show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)
Sets the number of lines in a terminal window.
terminal lengthUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)
Enables the terminal pager. Using the no form of the command disables the pager.
terminal pagerUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)
Resets the internal state of the terminal.
terminal resetUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)
Sets the width of the terminal window.
terminal width <width>
Syntax Description
width The desired width of the terminal window.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
Displays the router hops to the specified destination.
traceroute <ipaddr|name>
Syntax Description
ipaddr The destination IP address. name The name of the destination host (serial or telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
When issued from a serial or telnet connection, the command returns information based upon the device's hardware. When issued from the remote configuration manager, the command returns information based upon the configuring computer.
Resets all interface statistics for one or more devices.
clear interface statistics
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show interface (Non-Privileged Command Set)
show interface errors (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
interface (Configuration Command Set)
See "Interface Configuration Command Set".
Clears the IP routing table on one or more devices.
clear ip routes
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ip routes (Non-Privileged Command Set)
show routes (Non-Privileged Command Set)
ip route (Configuration Command Set)
Resets all IP statistics on one or more devices.
clear ip statistics
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ip statistics (Non-Privileged Command Set)
Closes a specified management session.
clear line <sessionId>
Syntax Description
sessionId The session identifier
Usage Guidelines
Availability: Serial
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate. Use the show sessions command to display the open management sessions.
Related Commands
show sessions (Non-Privileged Command Set)
Empties the diagnostic message buffer on one or more devices.
clear messages
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show messages (Non-Privileged Command Set)
write messages (Privileged Command Set)
Resets all SSL session statistics for one or more devices.
clear ssl session-stats
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl errors (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
Resets all SSL statistics for one or more devices.
clear ssl statistics
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
show ssl errors (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
Enters Configuration mode for a device in Privileged mode.
configureUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
See the section "Configuration Command Set".
Writes the running-configuration of a device to a file.
copy running-configuration [filename|url]
Syntax Description
filename The name of the file, including its path. url The URL of the file (serial and telnet only). devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a file name or URL, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.
Related Commands
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)
Writes the running-configuration of a device to its startup-configuration.
copy running-configuration startup-configurationUsage Guidelines
Availability: Serial, Telnet
Related Commands
copy running-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)
Writes the startup-configuration of a device to a file.
copy startup-configuration <url>
Syntax Description
url The URL of the file.
Usage Guidelines
Availability: Serial, Telnet
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)
Writes the startup-configuration of a device to its running-configuration.
copy startup-configuration running-configurationUsage Guidelines
Availability: Serial, Telnet
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)
Uploads a Cisco Secure Content Accelerator image file to the device flash.
copy to flash [filename|url]
Syntax Description
filename The name of the file, including its path. url The URL of the file (serial and telnet only). devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a file name or URL, you are prompted for it. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)
Uploads a saved configuration file and merges it to the running-configuration of a device.
copy to running-configuration [filename|url]
Syntax Description
filename The name of the file, including its path. url The URL of the file (serial and telnet only). devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote
If you do not specify a file name or URL, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)
Uploads a saved configuration file and merges it to the startup-configuration of a device.
copy to startup-configuration [url]
Syntax Description
url The URL of the file.
Usage Guidelines
Availability: Serial, Telnet
If you do not specify a URL, you are prompted for it.
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
Exits Privileged mode for one or more devices.
disable
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
enable (Non-Privileged Command Set)
Erases the running-configuration on one or more devices.
erase running-configuration
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase startup-configuration (Privileged Command Set)
Erases the startup-configuration on one or more devices.
erase startup-configuration
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
Runs the QuickStart wizard for a device.
quick-start
Syntax Description
devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Updates device information in the configuration manager.
refreshUsage Guidelines
Availability: Remote, Serial, Telnet
Reboots one or more devices.
reload
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
The device resumes operation using the startup-configuration stored in the flash memory. You are prompted to confirm restarting the device. When using remote configuration, use the on form of the command to specify the target(s) of the command.
|
Note You are not prompted to reload devices on a device-by-device basis. |
Displays the specified access list for one or more devices.
show access-list [listid]
Syntax Description
listid The access list identifier. devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify an access list id, information for all access lists is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
snmp access-list (Configuration Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)
Displays the running-configuration on one or more devices.
show running-configuration
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show startup-configuration (Privileged Command Set)
write file (Privileged Command Set)
Displays SNMP configuration information for one or more devices.
show snmp
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
no snmp (Configuration Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Displays the startup-configuration on a device.
show startup-configurationUsage Guidelines
Availability: Serial, Telnet
Related Commands
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to flash (Privileged Command Set)
erase start-up-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write flash (Privileged Command Set)
Writes the running-configuration of a device to a file on the file system of the configuring computer.
write file [filename]
Syntax Description
filename The name of the file, including the path. devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote
If you do not supply a file name, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write memory (Privileged Command Set)
Writes the running-configuration to flash memory on one or more devices.
write flash
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group. all A virtual group name targeting all appropriate devices.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Related Commands
copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write memory (Privileged Command Set)
Writes the running-configuration to flash memory on a device.
write memoryUsage Guidelines
Availability: Serial, Telnet
Related Commands
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to flash (Privileged Command Set)
erase startup-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write file (Privileged Command Set)
Writes the diagnostic messages for one or more devices to a file.
write messages [filename]
Syntax Description
filename The name of the file, including the path. devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote
If you do not supply a file name, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.
Related Commands
show messages (Non-Privileged Command Set)
Writes the running-configuration to a file on a remote host.
write network [url]
Syntax Description
url The URL of the file.
Usage Guidelines
Availability: Serial, Telnet
If you do not supply URL information, you are prompted for it.
Related Commands
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
Displays the running-configuration of one or more devices.
write terminal
Syntax Description
devname The name of the Secure Content Accelerator. groupname The name of the user-defined device group.
Usage Guidelines
Availability: Remote, Serial, Telnet
When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.
Adds the specified device to the group list.
device <devname>
Syntax Description
devname The name of the Secure Content Accelerator.
Usage Guidelines
Availability: Remote
Use the no form of the command to remove the specified device from the group list.
Leaves Group Configuration Mode.
endUsage Guidelines
Availability: Remote
Leaves Group Configuration Mode.
exitUsage Guidelines
Availability: Remote
Exits Group Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote
Displays information for a specific command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote
If no command is specified, help information is displayed for all Group Configuration commands.
Displays current information about the device group being created or edited.
infoUsage Guidelines
Availability: Remote
Adds an access list entry to the end of the specified access list. Use the no form of the command to delete the entire specified access list.
access-list <id> <permit | deny> <ipaddr> <mask>
Syntax Description
id The access list identifier. permit Allows access from the addresses specified in the list. deny Locks access from the addresses specified in the list. ipaddr The IP address to add to the specified list. mask The netmask appropriate to the IP address being added to the specified list.
Usage Guidelines
Availability: Remote, Serial, Telnet
To activate the access list, you must also use the remote-management access-list, snmp access-list, telnet access-list, or web-mgmt access-list commands. A device can have up to 999 configured access lists.
|
Note Configuring an access list automatically sets up an implied access denial. For example, if you have set up an access list containing the IP addresses of remote hosts allowed to access the appliance, all other IP addresses have access denied. If you configure a single access list denying access from IP addresses in that list, all other IP addresses are denied access as well. |
Examples
The following example specifies the host with the IP address 10.1.2.3 to be the only remote host to configure the Secure Content Accelerator.
access-list 2 permit 100.1.2.3 0.0.0.0
The following example specifies only remote hosts on the identified subnet can configure the Secure Content Accelerator.
access-list 1 permit 100.128.0.0 0.0.255.255
Related Commands
show access-list (Privileged Command Set)
remote-management access-list (Configuration Command Set)
snmp access-list (Configuration Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)
Leaves Configuration Mode and returns to Privileged Mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Configuration Mode and returns to Privileged Mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Configuration commands
Sets the identification name for the current Secure Content Accelerator.
hostname <devname>
Syntax Description
devname The name to assign to the current device.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to clear the hostname of the current device.
|
Note The command prompt reflects the new name the next time Configuration mode is entered. |
Enters Interface Configuration mode for the specified Ethernet interface of the current device.
interface <network|server>
Syntax Description
network Enters Interface Configuration Mode for the "Network" interface. server Enters Interface Configuration Mode for the "Server" interface.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show interface (Non-Privileged Command Set)
show interface errors (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
See also "Interface Configuration Command Set".
Sets the IP address for the current Secure Content Accelerator.
ip address <<ipaddr> [netmask <netmask>]>|<ipaddr/netabbr>>
Syntax Description
ipaddr The IP address to assign to the device. netmask <netmask> The netmask for the device. netabbr The netmake abbreviation.
Usage Guidelines
Availability: Remote, Serial, Telnet
If the netmask is not specified, a default value calculated from the user-provided IP address is used. Use the no form of the command to clear the IP address for the current device.
Related Commands
ip route default (Configuration Command Set)
Sets the default domain name for the device.
ip domain-name <name>
Syntax Description
name The domain name.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show ip domain-name (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)
ip name-server (Configuration Command Set)
Sets the one or more name servers to use with the device.
ip name-server <ipaddr>
Syntax Description
ipaddr The IP address of the Domain Name Server.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show ip domain-name (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)
ip domain-name (Configuration Command Set)
Adds a static route entry for the specified destination IP address to the device routing table.
ip route <destip> <mask> <gatewayip> [metric <hops>]
Syntax Description
destip The destination IP address. mask The netmask appropriate to the destination IP address. gatewayip The next-hop router address for the destination IP address. metric Specifies the total number of hops to the destination IP address hops The number of hops to the destination IP address.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to delete the specified static route entry from the device's routing table.
Related Commands
show ip routes (Non-Privileged Command Set)
show route (Non-Privileged Command Set)
Sets the default route for the current device.
ip route default <ipaddr>
Syntax Description
ipaddr The IP address of the default router to use.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to clear the IP address for the default router.
Related Commands
ip address (Configuration Command Set)
Indicates that SSL errors from the specified IP address are to be ignored.
keepalive-monitor <ipaddr>
Syntax Description
ipaddr The source IP address from which SSL errors are to be ignored.
Usage Guidelines
Availability: Remote, Serial, Telnet
Up to two IP addresses, set individually, are allowed.
Related Commands
show keepalive-monitor (Non-Privileged Command Set)
Enables secure and non-secure traffic to pass through the single "Network" Ethernet port. Use the no form of the command to return the device to dual-port mode.
mode one-portUsage Guidelines
Availability: Serial
Use the no form of the command to clear the IP address.
|
Note Though completers and help information are available in all management options, the command is only valid via serial management. |
Enables pass through of non-SSL traffic. This is the default configuration.
mode pass-thruUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to block non-SSL traffic pass through.
Sets the access- or enable-level password for the current Secure Content Accelerator.
password <access|enable>
Syntax Description
access Sets or clears the device attach-level password. enable Sets or clears the device enable-level password. passphrase The password.
Usage Guidelines
Availability: Remote, Serial, Telnet
The access password is used when attaching to the device during a remote management session.You are prompted to enter and verify the password. Use the no form of the command to clear the access- or enable-level password for the current device.
Specifies and RDATE-protocol server to be used for date and time information on the device.
rdate-server <ipaddr>
Syntax Description
ipaddr The IP address of the RDATE server.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to clear the server assignment.
Related Commands
show date (Non-Privileged Command Set)
Stores the registration code of the device.
registration-code <code>
Syntax Description
code The registration code of the device.
Usage Guidelines
Availability: Remote, Serial, Telnet
Assigns the specified IP access list to the remote management subsystem.
remote-management access-list <id>
Syntax Description
id The identifier corresponding to an access list configured on the current device.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to clear the IP access list assignment in the remote management subsystem. The access list still exists but is no longer used by the remote management subsystem.
Related Commands
access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show access-list (Top Level Command Set)
show remote-management (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)
Enables remote management for the current device.
remote-management enableUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to disable remote management of the current device.
|
Note Remote management is enabled by default. |
Related Commands
access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
telnet enable (Configuration Command Set)
web-mgmt enable (Configuration Command Set)
Sets the encryption method for remote management sessions.
remote-management encryption <ARC4|AES|DES>
Syntax Description
ARC4 Sets the remote management encryption method to ARC4 (compatible with RC4™ RSA Data Security). AES Sets remote management encryption method to AES. DES Sets remote management encryption method to DES.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use this command after setting a passphrase using the remote-management shared-secret command. Encryption begins the next time the configuration manager accesses the Secure Content Accelerator.
Related Commands
remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
Sets the TCP service port used for remote management to the current device. Use the no form of the command to clear the port specification and return to the default communication port.
remote-management port <portid>
Syntax Description
portid The TCP service port to be used to remotely manage the current device.
Usage Guidelines
Availability: Remote, Serial, Telnet
This port is used at the next attach. You must enter a reload command to activate the new remote management port.
Related Commands
discover (Non-Privileged Command Set)
remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
Sets the secret passphrase used for encryption. Use the no form of the command to clear the passphrase.
remote-management shared-secret <passphrase>
Syntax Description
passphrase The passphrase used with encrypted management.
Usage Guidelines
Availability: Serial
You are prompted for this passphrase the next time a management connection with the device is requested.
Related Commands
remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
Enables Routing Interface Protocol (RIP) for the current device.
rip [v1|v2]
Syntax Description
v1 Specifies RIP v1. v2 Specifies RIP v2.
Usage Guidelines
Availability: Remote, Serial, Telnet
If a single RIP version is not specified, both versions are enabled. Using the no form of the command disables RIP completely if you do not specify a version to disable.
Examples
The following example activates RIP version 1. The first command enables both RIP versions. The second command disables on RIP v2. This has the same result as using the command rip v1.
rip
no rip v2
Related Commands
show rip (Non-Privileged Command Set)
Disables SNMP and clears all SNMP data.
no snmp |
Note The device must be rebooted (reloaded) before this command takes effect. |
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show snmp (Non-Privileged Command Set)
snmp access-list (Non-Privileged Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Assigns an existing access list to be used with the SNMP subsystem.
snmp access-list <id>
Syntax Description
id The identifier corresponding to an access list configured on the current device.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to remove the specified access list. The access list still exists but is no longer used by the SNMP subsystem.
Related Commands
access-list (Configuration Command Set)
no snmp (Configuration Command Set)
remote-management access-list (Configuration Command Set)
show access-list (Non-Privileged Command Set)
show snmp (Non-Privileged Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)
Assigns contact information for the SNMP subsystem. Use the no form of the command to remove the contact information.
snmp contact <contactInfo>
Syntax Description
contactInfo The string containing the contact information. Contact information must be entered within quotes.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Assigns a default community for the SNMP subsystem to use when sending trapping information.
snmp default community <comName>
Syntax Description
comName The string containing the community name. The string may contain up to 60 characters with no spaces. This information is not entered within quotes.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to clear the community name.
Related Commands
no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Enables SNMP using the current SNMP configuration.
snmp enableUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to disable SNMP without clearing SNMP data.
|
Note The device must be rebooted (reloaded) before this command takes effect. |
Related Commands
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Assigns location information for the SNMP subsystem.
snmp location <locInfo>
Syntax Description
locInfo The string containing the location information. This information is entered within quotes.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to clear the location information.
Related Commands
no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Assigns a destination for SNMP trap messages.
snmp trap-host <v1|v2c> <ipaddr> [community]
Syntax Description
v1 Specifies SNMP version 1. v2c Specifies SNMP version 2c. ipaddr The IP address of the computer receiving the messages. community The SNMP community. If a community is specified with the snmp default community command, you do not need to specify a community with this command. If you wish trap messages to be sent to a community other than the default community, you must specify a community when giving this command.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Enables device event trap messages to be sent for a specific trap-type event and event filter.
snmp trap-type enterprise <config-changed|cpu-utilization| ssl-cert-expire|ssl-cert-invalid|ssl-certify-fail| ssl-neg-failure|ssl-total-connections|ssl-tps> [threshold <threshold>] [hysteresis <lowvalue> <highvalue>]
Syntax Description
config-changed Specifies trapping for device configuration changes. cpu-utilization Specifies trapping for CPU utilization levels. ssl-cert-expire Specifies trapping for errors caused by expired certificates. ssl-cert-invalid Specifies trapping for errors caused by invalid certificates. ssl-certify-fail Specifies trapping for certificate authorization failures. ssl-neg-failure Specifies trapping for SSL negotiation failures. ssl-total-connections Specifies trapping for total SSL connection levels. ssl-tps Specifies trapping for SSL transactions per second levels. threshold <value1> [<value2>] Specifies the threshold option to specify one or more threshold levels, where appropriate. (Threshold values are inappropriate for the config-changed option.) Threshold value1 is the low level and optional threshold value2 is the high level. Values must be entered as integers and are inclusive. A device is considered to be at a low level until the high level value (value2) is exceeded; a device is considered to be at a high level until it reaches or exceeds the low level value (value1). If no threshold values are specified, the default values are used. If only one threshold value is specified, it is used as both the high and low level value; otherwise, two-level thresholding behavior occurs using the default or user-specified levels for each value.
Usage Guidelines
Availability: Remote, Serial, Telnet
(This command must be entered on one line.) Use the no form of the command to disable the specified event trap-type. The table below shows trap-type minimum, maximum, and default levels for each value argument. Except in the case of cpu-utilization, the levels indicate actual values; cpu-utilization levels indicate percentage of use.
| Trap-Type | Value1 Min | Value1 Max | Value1 Default | Value2 Min | Value2 Max | Value2 Default |
|---|---|---|---|---|---|---|
cpu-utilization | 1 | 99 | 75 | 1 | 99 | 90 |
ssl-tps | 1 | 2500 | 170 | 1 | 2500 | 190 |
ssl-total-connections | 1 | 10000 | 600 | 1 | 10000 | 800 |
Related Commands
no snmp (Configuration Command Set)
show snmp (Top Level Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
Enables generic SNMP traps.
snmp trap-type genericUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to disable generic SNMP traps.
Related Commands
no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
Assigns an SNTP server.
sntp-server <ipaddr>
Syntax Description
ipaddr The IP address of the SNTP server.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to remove the SNTP server information.
Related Commands
show sntp-server (Non-Privileged Command Set)
Enters SSL Configuration mode for the current device.
sslUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
See the section "SSL Configuration Command Set".
Adds the specified IP address to the syslog list for the device.
syslog <ipaddr>
Syntax Description
ipaddr The IP address of the device to receive syslog messages.
Usage Guidelines
Availability: Remote, Serial, Telnet
Using the no form of the command removes the specified IP address from the syslog list of the current device. Up to four IP addresses can be specified. Syslog messages are sent to all hosts at the IP addresses in this list.
Related Commands
show syslog (Non-Privileged Command Set)
Assigns an existing access list to be used with telnet management requests.
telnet access-list <id>
Syntax Description
id The identifier corresponding to an access list configured on the current device.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to remove the specified access list. The access list still exists but is no longer used by the telnet subsystem.
Related Commands
access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
show telnet (Non-Privileged Command Set)
telnet enable (Configuration Command Set)
telnet port (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)
Allows telnet management sessions for the device. Use the no form of the command to disable telnet management access.
telnet enableUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show telnet (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
telnet port (Configuration Command Set)
Specifies the TCP service port to use for telnet management sessions.
telnet port <portid>
Syntax Description
portid The TCP service port to be used to manage the current device via a telnet session.
Usage Guidelines ;
Availability: Remote, Serial, Telnet
Use the no form of the command to return the telnet management port to the default setting. The port assignment is used at the next attach.
Related Commands
show telnet (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
telnet enable (Configuration Command Set)
Specifies the time zone of the device's location.
timezone <zone>
Syntax Description
zone The time zone identifier.
Usage Guidelines
Availability: Serial, Telnet
The zone is entered in the form of Standard Time Zone identifier|GMT offset (integer)|Daylight Savings Time Zone identifier. For example, MST7MDT is used for Mountain Standard/Daylight Savings Time. The alphabetic strings are used for display; the integer is used for date and time computation. The alphabetic strings are optional; the GMT offset integer is not.
Related Commands
show date (Non-Privileged Command Set)
Assigns an existing access list to be used with web browser-based management requests.
web-mgmt access-list <id>
Syntax Description
id The identifier corresponding to an access list configured on the current device.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to remove the specified access list. The access-list still exists but is no longer used by the Web management subsystem.
Related Commands
access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
show web-management (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
web-mgmt enable (Configuration Command Set)
web-mgmt port (Configuration Command Set)
Allows web browser-based management sessions for the device. Use the no form of the command to diable web browser-based management access.
web-mgmt enableUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
show web-management (Non-Privileged Command Set)
web-mgmt access-list (Configuration Command Set)
web-mgmt port (Configuration Command Set)
Specifies the TCP service port used for management with the Web-based GUI.
web-mgmt port <portid>
Syntax Description
portid The TCP service port to be used to manage the current device via the GUI.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to return the GUI management port to the default setting. The port assignment is used at the next attach.
Related Commands
access-list (Configuration Command Set)
show web-management (Non-Privileged Command Set)
web-mgmt access-list (Configuration Command Set)
web-mgmt enable (Configuration Command Set)
Sets the current Ethernet interface to autonegotiation, canceling any existing forced duplex or speed setting.
autoUsage Guidelines
Availability: Remote, Serial, Telnet
Forces the current Ethernet interface to full or half duplex.
duplex <full|half>
Syntax Description
full Sets the current interface to full duplex. half Sets the current interface to half duplex.
Usage Guidelines
Availability: Remote, Serial, Telnet
Exits Interface Configuration mode and returns to Configuration mode.
endLeaves Interface Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Interface Commands
Forces the speed of the current Ethernet interface to 10 Mbps or 100 Mbps.
speed <10|100>
Syntax Description
10 Sets the current interface speed to 10 Mbps. 100 Sets the current interface speed to 100 Mbps.
Usage Guidelines
Availability: Remote, Serial, Telnet
Creates and/or configures the specified backend server and enters Backend Server Configuration mode for that server.
backend-server <servname> [create]
Syntax Description
servname The name of the backend server. create Creates a new backend server named servname and enters Backend Server Configuration mode for that object.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove the specified backend server. A device can have a total of 255 servers in any combination of backend, reverse-proxy, or standard secure servers. When a backend server has been specified for removal, all connections are allowed to finish before the backend server is actually removed. Backend server names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Backend server names must begin wih an alphabetic character or underscore and have a limit of 15 characters.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
See the section "Backend Server Configuration Command Set".
Creates and/or configures the specified certificate object and enters Certificate configuration mode for that object.
cert <certname> [create]
Syntax Description
certname The name of the certificate object. create Creates a new certificate object named certname and enters Certificate Configuration mode for that object.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove the specified certificate object. You cannot remove a certificate referenced by a server. A device can have up to 511 certificate objects. Certificate names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Certificate names must begin wih an alphabetic character or underscore and have a limit of 127 characters.
Examples
The following example creates a certificate object named myCert and enters Certificate Configuration mode for the certificate object myCert.
cert myCert create
Related Commands
show ssl cert (Non-Privileged Command Set)
See the section "Certificate Configuration Command Set".
Creates and/or configures the specified certificate group and enters Certificate Group Configuration mode for the certificate group.
certgroup <certgroupname> [create]
Syntax Description
certgroupname The name of the certificate group. create Creates a new certificate group named certgroupname and enters Certificate Group Configuration mode for that object.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove the specified certificate group. You cannot remove a certificate group referenced by a server. A device can have up to 63 certificate groups. Certificate group names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Certificate group names must begin wih an alphabetic character or underscore and have a limit of 15 characters.
Examples
The following example creates a certificate object named myCertGroup and enters Certificate Group Configuration mode for certificate group myCertGroup.
cert myCertGroup create
Related Commands
show ssl certgroup (Top Level Command Set)
See the section "Certificate Group Configuration Command Set".
Exits SSL Configuration mode and returns to Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves SSL Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Generates a certificate signing request and/or self-signed certificate.
gencsr <key <keyname>> [newhdr] [digest md5|sha1] [output <filename|url>]
Syntax Description
keyname The name of the key generated. newhdr Inserts the word "NEW" into the CSR header. This is required by some older CAs. digest Displays a digest form of the certificate. md5 Displays a digest form of the certificate in MD5 format. sha1 Displays a digest form of the certificate in SHA1 format. output Outputs the certificate file for backup purposes. filename The name of the certificate file. url The location of the certiicate file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
A device can up to 255 key objects.
Examples
The following example uses a key object named myGenKey, displays the certificate digest in MD5 format, and saves the certificate file named myCertFile.
gencsr key myGenKey digest md5 output myCertFile
Related Commands
See the section "Key Configuration Command Set".
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all SSL Commands
Imports and processes a PKCS#12 file to create certificate and key objects.
import pkcs12 <name> [filename|url]
Syntax Description
name The user-defined name for the certificate and key objects. filename The path and name of the file on the local file system. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a file name or URL, you are prompted for it.
Related Commands
import pkcs7 (SSL Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
Imports and processes a PKCS#7 file to create a certificate objects and a certificate group.
import pkcs7 <name> <der|pem> [prefix <prefixText>] [filename]|url]
Syntax Description
name The user-defined name of the certificate group object. der Indicates the file is DER-encoded. pem Indicates the file is PEM-encoded. prefix Indicates a prefix should be used when naming certificate objects. prefixText The prefix used for the certificate names in the chain. filename The path and name of the file on the local file system. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a file name or URL, you are prompted for it.
Related Commands
import pkcs12 (SSL Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
Creates and/or configures the specified key object.
key <keyname> [create]
Syntax Description
keyname The name of the key. create Creates a new key association named keyname and enters Key Configuration mode for that object.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove a key. You cannot delete a key referenced by a server. A device can have up to 255 key objects. Key names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Key names must begin wih an alphabetic character or underscore and have a limit of 15 characters.
Examples
The following example creates a key association named mykey and enters Key Configuration mode for the key association mykey.
key mykey create
Related Commands
show ssl key (Non-Privileged Command Set)
See the section "Key Configuration Command Set".
Creates and/or configures the specified reverse-proxy server and enters Reverse-Proxy Server Configuration mode for that server.
reverse-proxy-server <servname> [create]
Syntax Description
servname The name of the reverse-proxy server. create Creates a new reverse-proxy server named servname and enters Reverse-Proxy Server Configuration mode for that object.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove the specified reverse-proxy server. A device can have a total of 255 servers in any combination of backend, reverse-proxy, or standard secure servers. When a reverse-proxy server has been specified for removal, all connections are allowed to finish before the reverse-proxy server is actually removed. Reverse-proxy server names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Reverse-proxy server names must begin wih an alphabetic character or underscore and have a limit of 15 characters.
Related Commands
show ssl (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
See the section "Reverse-Proxy Server Configuration Command Set".
Creates and/or configures the specified security policy and enters Security Policy Configuration mode for the security policy.
secpolicy <polname> [create]
Syntax Description
polname The name of the security policy. create Creates a new security policy named polname and enters Security Policy Configuration mode for that object.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove a security policy. You cannot delete a security policy referenced by a logical secure server. Security policy names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Security policy names must begin wih an alphabetic character or underscore and have a limit of 15 characters.
Examples
The following example creates a security policy named mypolicy and enters Security Policy Configuration mode for the security policy mypolicy.
secpolicy mypolicy create
Related Commands
show ssl secpolicy (Non-Privileged Command Set)
See the section "Security Policy Configuration Command Set".
Creates and/or configures the specified standard secure server and enters Server Configuration mode for that server.
server <servname> [create]
Syntax Description
servname The name of the logical secure server. create Creates a new logical secure server named polname and enters Server Configuration mode for that server.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to remove a server. A device can have a total of 255 servers in any combination of backend, reverse-proxy, or standard secure servers. When a secure server has been specified for removal, all connections are finished before the server is actually removed. Server names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Server names must begin wih an alphabetic character or underscore and have a limit of 15 characters.
Related Commands
show ssl server (Non-Privileged Command Set)
See the section "Server Configuration Command Set".
Activates the current suspended backend server if enough information has been configured.
activateUsage Guidelines
Availability: Remote, Serial, Telnet
All backend servers are created as active servers by default.
Related Commands
suspend (Backend Server Configuration Command Set)
Assigns a certificate group to be used for server certificate authentication.
certgroup serverauth <certgroupname>
Syntax Description
certgroupname The name of the certificate group.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to disable server authentication using the certificate group. When using the no form of the command, you need not specify any certificate group name. Only one certificate group can be used.
Related Commands
certgroup (SSL Configuration Command Set)
show ssl certgroup (Non-Privileged Command Set)
See also "Certificate Group Configuration Command Set".
Exits Backend Server Configuration mode, activates all changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Exits Backend Server Configuration mode, activates all changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Backend Server Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Backend Server Configuration Commands.
Displays current information about the logical secure server being edited or created.
infoUsage Guidelines
Availability: Remote, Serial, Telnet
Sets the specified IP address for the backend server.
ip address <ipaddr> [netmask <mask>]
Syntax Description
ipaddr The IP address to assign to the backend server. netmask <mask> The netmask valid for the IP address.
Usage Guidelines
Availability: Remote, Serial, Telnet
Using the no form of the command clears the IP address for the backend server.
Specifies the TCP service port through which non-secure connections are received.
localport <port|default>
Syntax Description
port The used to transfer non-secure traffic. default Sets the port specification to 80.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
remoteport (Backend Server Configuration Command Set)
Specifies a host for logging of URL requests.
log-url <ipaddr>
Syntax Description
ipaddr The IP address of the host for the log.
Usage Guidelines
Availability: Remote, Serial, Telnet
Specifies the TCP service port through which redirected secure connections are sent.
remoteport <port|default>
Syntax Description
port The used to transfer secure traffic. default Sets the port specification to 443.
|
Caution Traffic sent on this TCP service port is not secured by SSL during transmission to the server. It must be secured by another means. |
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
localport (Backend Server Configuration Command Set)
Creates an association between this server and the specified security policy.
secpolicy <polname|all|default|strong|weak>
Syntax Description
polname The name of the configured security policy. all All pre-loaded security policies. default Default security policy set. strong Strong security policy set. weak Weak security policy set.
Usage Guidelines
Availability: Remote, Serial, Telnet
Several default security policies are preloaded into the SSL device. To see a list of all loaded default and user-defined security policies, use the show ssl secpolicy command.
Related Commands
secpolicy (SSL Configuration Command Set)
show ssl secpolicy (Non-Privileged Command Set)
See the section "Security Policy Configuration Command Set".
Enables server certificate authentication.
serverauth enableUsage Guidelines
Availability: Remote, Serial, Telnet
Using the no form of the command disables server certificate authentication.
Related Commands
certgroup serverauth (Backend Server Configuration Command Set)
serverauth ignore (Backend Server Configuration Command Set)
Specifies the server authentication errors to ignore.
serverauth ignore all | none|signature-failure|expired-date| cert-not-yet-valid|invalid-ca|domain-name
Syntax Description
all Ignore all server authentication errors. non Do not ignore server authentication errors. signature-failure Ignore certificate signature failure errors. expired-date Ignore certificate expiration errors. cert-not-yet-valid Ignore errors caused by using the certificate before it is valid. invalid-ca Ignore errors caused by an unrecognized CA. domain-name Ignore errors due to an invalid domain name.
Usage Guidelines
Availability: Remote, Serial, Telnet
Any combination of options can be used currently. Use the no form of the command to cease ignoring the specific server authentication error.
Related Commands
certgroup serverauth (Backend Server Configuration Command Set)
serverauth enable (Backend Server Configuration Command Set)
Enables session caching.
session-cache enableUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to disable session caching.
Related Commands
session-cache size (Backend Server Configuration Mode)
session-cache timeout (Backend Server Configuration Mode)
Specifies the size of the session cache.
session-cache size <cachesize>
Syntax Description
cachesize The number of sessions to be cached. The default is 1024. The acceptable range is 1 to 76,800.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache enable (Backend Server Configuration Mode)
session-cache timeout (Backend Server Configuration Mode)
Specifies the session cache length before being timed out.
session-cache timeout <seconds>
Syntax Description
seconds Specifies the number of seconds before the cache times out.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache enable (Backend Server Configuration Mode)
session-cache size (Backend Server Configuration Mode)
Suspends the function of the backend server.
suspend [now]
Syntax Description
now Suspends actions of the backend server immediately.
Usage Guidelines
Availability: Remote, Serial, Telnet
This command behaves in three ways:
Related Commands
activate (Backend Server Configuration Mode)
Enables the backend server to function as a transparent proxy (default).
transparentUsage Guidelines
Availability: Remote, Serial, Telnet
When transparent proxy behavior is disabled, the device accepts connections on the IP address of the Secure Content Accelerator rather than on the server address. The no form of the command is used to disable this behavior.
Pastes a binary hex-encoded X509 certificate into the configuration manager.
binhex [value]
Syntax Description
value The certificate that has been copied into the cut buffer.
Usage Guidelines
Availability: Remote, Serial, Telnet
After the command is entered, you are prompted to paste the certificate from the cut buffer. You can use a text editor to copy the certificate from a file. After the certificate is pasted, you must press Enter twice to complete the command.
Loads a DER-encoded X509 certificate file into the current object.
der [certfilename|url]
Syntax Description
certfilename The name of the DER-encoded certificate file. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not enter the file name or URL, you are prompted for it.
Exits Certificate Configuration mode, activates all valid changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Exits Certificate Configuration mode, activates all valid changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Certificate Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Certificate Configuration Commands
Usage Guidelines
Availability: Remote, Serial, Telnet
Displays current information about the certificate object being created or edited.
infoLoads a PEM-encoded X509 certificate into the current certificate object.
pem [certfilename|url]
Syntax Description
certfilename The name of the PEM-encoded certificate file. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not enter the file name or URL, you are prompted for it.
Related Commands
pem-paste (Certificate Configuration Command Set)
Allows a PEM-encoded X.509 certificate to be pasted into the configuration manager.
pem-pasteUsage Guidelines
Availability: Remote, Serial, Telnet
After the command is entered, you are prompted to paste a certificate from the cut buffer. You can use a text editor to copy the certificate from a file. After the certificate is pasted, you must press Enter twice to complete the command.
Related Commands
pem (Certificate Configuration Command Set)
Adds the specified, existing certificate object into the current certificate group.
cert <certObject>
Syntax Description
certObject The name of the certificate object.
Usage Guidelines
Availability: Remote, Serial, Telnet
Up to 64 certificate objects are allowed per certificate group. Use the no form of the command to remove the specified certificate from the certificate group.
Related Commands
cert (SSL Configuration Command Set)
See the section "Certificate Configuration Command Set".
Exits Certificate Group Configuration mode, activates all changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Exits Certificate Group Configuration mode, activates all changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Certificate Group Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Certificate Group Commands
Displays current information about the certificate group being created or edited.
infoUsage Guidelines
Availability: Remote, Serial, Telnet
Allows a binary hex-encoded X.509 key to be pasted into the configuration manager.
binhex [value]
Syntax Description
value The key that has been copied into the cut buffer.
Usage Guidelines
Availability: Remote, Serial, Telnet
After the command is entered, you are prompted to paste the key from the cut buffer. You can use a text editor to copy the key from a file. After the key is pasted, you must press Enter twice to complete the command.
Loads a DER-encoded X509 key file into the current key object.
der [keyfilename|url]
Syntax Description
keyfilename The name of the DER-encoded key file. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not enter the file name or URL, you are prompted for it.
Exits Key Configuration mode, activates all changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Exits Key Configuration mode, activates all changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Key Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Generates an RSA key.
genrsa [bits <512|1024>] [encrypt <des|des3>] [seed <seedstring>] [output <filename|url>]
Syntax Description
bits Specifies the key strength. 512 Specifies the key to be 512-bit strength. 1024 Specifies the key to be 1024-bit strength. encrypt Encrypts the generated key for display. des Specifies DES to be used for the encrypted key displayed. des3 Specifies DES3 to be used for the encrypted key displayed. seed Specifies a seed string to be used for key generation. seedstring The string used to generate the key. output Writes the PEM-encoded key file to disk. filename The name of the PEM-encoded key file. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If the encrypt keyword is not used, the key is not be displayed.
Examples
The following example generates a 1024-bit key using the seed string lemon. The key is displayed once using DES encryption. The resulting key is stored on the device as well as exported to a PEM-encoded file named mykey.pem.
genrsa bits 1024 encrypt des seed lemon output mykey.pem
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Key Configuration Commands
Displays current information about the key being created or edited.
infoUsage Guidelines
Availability: Remote, Serial, Telnet
Loads a private key exported from IIS 4 only into the key entity.
net-iis [keyfilename|url]
Syntax Description
key-filename The name of the key file. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not enter the file name and path, you are prompted for it.
Loads a PEM-encoded X.509 private key into the key entry.
pem [keyfilename|url]
Syntax Description
key-filename The name of the PEM-encoded key file. url The location of the file (serial and telnet only).
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not enter the file name and path, you are prompted for it.
Related Commands
pem-paste (Key Configuration Command Set)
Allows a PEM-encoded X.509 key to be pasted into the configuration manager.
pem-pasteUsage Guidelines
Availability: Remote, Serial, Telnet
After the command is entered, you are prompted to paste a key from the cut buffer. You can use a text editor to copy the key from a file. After the key is pasted, you must press Enter twice to complete the command.
Activates the current suspended reverse-proxy server if enough information has been configured.
activateUsage Guidelines
Availability: Remote, Serial, Telnet
All reverse-proxy servers are created as active servers by default.
Related Commands
suspend (Reverse-Proxy Server Configuration Command Set)
Assigns a certificate group to be used for server certificate authentication.
certgroup serverauth <certgroupname>
Syntax Description
certgroupname The name of the certificate group.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to disable server authentication using the certificate group. When using the no flag, you need not specify any certificate group name. Only one certificate group can be used.
Related Commands
certgroup (SSL Configuration Command Set)
show ssl certgroup (Non-Privileged Command Set)
See also "Certificate Group Configuration Command Set".
Exits Reverse-Proxy Server Configuration mode, activates all changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Exits Reverse-Proxy Server Configuration mode, activates all changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Reverse-Proxy Server Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [<command>]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Reverse-Proxy Server Configuration Commands
Displays current information about the reverse-proxy server being edited or created.
infoUsage Guidelines
Availability: Remote, Serial, Telnet
Specifies the TCP service port through which non-secure connections are received.
localport <port|default>
Syntax Description
port The used to transfer non-secure traffic. default Sets the port specification to 80.
Usage Guidelines
Availability: Remote, Serial, Telnet
Specifies a host for logging of URL requests.
log-url <ipaddr>
Syntax Description
ipaddr The IP address of the host for the log.
Usage Guidelines
Availability: Remote, Serial, Telnet
Creates an association between this server and the specified security policy.
secpolicy <polname|all|default|strong|weak>
Syntax Description
polname The name of the configured security policy. all All pre-loaded security policies. default Default security policy set. strong Strong security policy set. weak Weak security policy set.
Usage Guidelines
Availability: Remote, Serial, Telnet
Several default security policies are preloaded into the SSL device. To see a list of all loaded default and user-defined security policies, use the show ssl secpolicy command.
Related Commands
secpolicy (SSL Configuration Command Set)
show ssl secpolicy (Non-Privileged Command Set)
See the section "Security Policy Configuration Command Set".
Enables server certificate authentication.
serverauth enableUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
certgroup serverauth (Reverse-Proxy Configuration Command Set)
serverauth ignore (Reverse-Proxy Server Configuration Command Set)
Specifies the server authentication errors to ignore.
serverauth ignore <all | none|signature-failure|expired-date| cert-not-yet-valid|invalid-ca|domain-name>
Syntax Description
all Ignore all server authentication errors. non Do not ignore server authentication errors. signature-failure Ignore certificate signature failure errors. expired-date Ignore certificate expiration errors. cert-not-yet-valid Ignore errors caused by using the certificate before it is valid. invalid-ca Ignore errors caused by an unrecognized CA. domain-name Ignore errors due to an invalid domain name.
Usage Guidelines
Availability: Remote, Serial, Telnet
Any combination of options can be used currently. Use the no form of the command to cease ignoring the specific server authentication error.
Related Commands
certgroup serverauth (Reverse-Proxy Server Configuration Command Set)
serverauth enable (Reverse-Proxy Server Configuration Command Set)
Enables session caching.
session-cache enableUsage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache size (Reverse-Proxy Server Configuration Mode)
session-cache timeout (Reverse-Proxy Server Configuration Mode)
Specifies the size of the session cache.
session-cache size <cachesize>
Syntax Description
cachesize The number of cached sessions. The default is 1024. The acceptable range is 1 to 76,800.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache enable (Reverse-Proxy Server Configuration Mode)
session-cache timeout (Reverse-Proxy Server Configuration Mode)
Specifies the session cache length before being timed out.
session-cache timeout <seconds>
Syntax Description
seconds Specifies the number of seconds before the cache times out.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache enable (Reverse-Proxy Server Configuration Mode)
session-cache size (Reverse-Proxy Server Configuration Mode)
Suspends the function of the backend server.
suspend [now]
Syntax Description
now Suspends actions of the backend server immediately.
Usage Guidelines
Availability: Remote, Serial, Telnet
This command behaves in three ways:
Related Commands
activate (Reverse-Proxy Server Configuration Mode)
Creates a customized security policy for the current SSL device.
crypto <strong | weak | all | ARC4-MD5 | ARC4-SHA | DES-CBC3-MD5 | DES-CBC3-SHA | DES-CBC-MD5 | DES-CBC-SHA | EXP-ARC2-MD5 | EXP-ARC4-MD5 | EXP-ARC4-SHA | EXP-DES-CBC-SHA | EXP1024-ARC2-CBC-MD5 | EXP1024-ARC4-MD5 | EXP1024-ARC4-SHA | EXP1024-DES-CBC-SHA | NULL-MD5 | NULL-SHA >Syntax Description
The following table shows the characteristics of each crytptographic algorithm.
| Cryptographic Scheme | Encryption | Message Authentication | Key Exchange | Security Policy Assignments |
|---|---|---|---|---|
ARC4-MD5 | ARC41 (128) | MD5 | RSA (1024) | strong, default, all |
ARC4-SHA | ARC41 (128) | SHA1 | RSA (1024) | strong, default, all |
DES-CBC3-MD5 | 3DES (168) | MD5 | RSA (1024) | strong, all |
DES-CBC3-SHA | 3DES (168) | SHA1 | RSA (1024) | strong, all |
DES-CBC-MD5 | DES (56) | MD5 | RSA (1024) | strong, all |
DES-CBC-SHA | DES (56) | SHA1 | RSA (1024) | strong, all |
EXP-ARC2-MD5 | ARC22 (40) | MD5 | RSA (512) | weak, all |
EXP-ARC4-MD5 | ARC41 (40) | MD5 | RSA (512) | weak, default, all |
EXP-ARC4-SHA | ARC41 (40) | SHA1 | RSA (512) | weak, default, all |
EXP-DES-CBC-SHA | DES (40) | SHA1 | RSA (512) | weak, all |
EXP1024-ARC2-CBC-MD5 | ARC22 (40) | MD5 | RSA (1024) | weak, default, all |
EXP1024-ARC4-MD5 | ARC41 (40) | MD5 | RSA (1024) | weak, default, all |
EXP1024-ARC4-SHA | ARC41 (40) | SHA1 | RSA (1024) | weak, default, all |
EXP1024-DES-CBC-SHA | DES (40) | SHA1 | RSA (1024) | weak, all |
NULL-MD5 | None | MD5 | None | weak, default, all |
NULL-SHA | None | SHA1 | None | weak, default, all |
Usage Guidelines
Availability: Remote, Serial, Telnet
(This command must be entered on one line.) You can identify either individual ciphers or use the strong, weak, default, or all keywords to specify cipher sets. The no form of this command is used to remove a cipher or set of ciphers. You must specify which algorithm(s) to remove following the no crypto command. For example, using the commands crypto ARC4-MD5 and crypto ARC4-SHA loads both schemes into the current user-defined security policy. Additionally, you can alter the preset cryptography schemes specified for the current security policy. If you enter crypto weak and no crypto NULL-MD5 commands, the NULL-MD5 cryptography scheme is removed from the current security policy.
|
Note "ARC4"is compatible with RC4™ RSA Data Security. "ARC2" is compatible with RC2™ RSA Data Security. The "strong" policy includes ARC4-MD5, ARC4-SHA, DES-CBC3-MD5, DES-CBC3-SHA, DES-CBC-MD5, and DES-CBC-SHA. The "weak" policy includes all policies prefixed with "EXP-" "NULL-". These policies are considered to be export-level policies. |
Exits Security Policy Configuration mode, activates all changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
Exits Security Policy Configuration mode, activates all changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Security Policy Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Security Policy Configuration Commands
Displays current information about the security policy being edited or created.
infoUsage Guidelines
Availability: Remote, Serial, Telnet
Activates the current logical secure server if enough information has been configured.
activateRelated Commands
suspend (Server Configuration Command Set)
Sets the specified certificate for use by the server.
cert <certname | default | default-1024 | default 512>
Syntax Description
certname The name of the certificate. default The pre-loaded default certificate. default-1024 The pre-loaded 1024-bit default certificate. default-512 The pre-loaded 512-bit default certificate.
Usage Guidelines
Availability: Remote, Serial, Telnet
Only one certificate is allowed per server. If you enter this command with a different certificate, that reference replaces the earlier one.
Related Commands
certificate (SSL Configuration Command Set)
show ssl cert (Non-Privileged Command Set)
See also "Certificate Configuration Command Set".
Enables the specified certificate group to be used as a certificate chain. The no form of the command is used to disable certificate chaining.
certgroup chain certgroupname
Syntax Description
certgroupname The name of the certificate group.
Usage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to remove a certificate group association. When using the no flag, you need not specify any certificate group name. Only one certificate chain is allowed.
Related Commands
certgroup (SSL Configuration Command Set)
show ssl certgroup (Non-Privileged Command Set)
See also "Certificate Group Configuration Command Set".
Assigns a certificate group to be used as a certificate trust list for client certificate authentication.
certgroup clientauth <certgroupname>
Syntax Description
certgroupname The name of the certificate group.
Usage Guidelines
Availability: Remote, Serial, Telnet
The no form of the command is used to disable client authentication using the certificate group. When using the no flag, you need not specify any certificate group name. Only one certificate chain can be used.
Related Commands
clientauth enable (Server Configuration Command Set)
clientauth error (Server Configuration Command Set)
clientauth verifydepth (Server Configuration Command Set)
Enables client certificate authentication.
clientauth enableUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to disable client certificate authentication.
Related Commands
certgroup enable (Server Configuration Command Set)
clientauth error (Server Configuration Command Set)
clientauth verifydepth (Server Configuration Command Set)
Specifies the client certificate authentication errors to ignore.
clientauth error <cert-not-provided|cert-not-yet-valid|cert-has-expired| cert-revoked|cert-has-invalid-ca|cert-has-signature-failure|cert-other-error|all> <fail|failhtml|ignore|redirect <url>>
Syntax Description
cert-not-provided Certificate was not provided for authentication. cert-not-yet-valid The certificate is not valid yet. cert-has-expired The certificate has expired. cert-revoked The certificate has been revoked. cert-has-invalid-ca The certificate has an invalid CA. cert-has-signature- failure The signature on the certificate failed. cert-other-error Any other certificate authentication error. all All certificate authentication errors, including those listed above. fail The client is disconnected abruptly. failhtml The SSL handshake is continued and the client is sent a static HTML error page listing the reason for the error. Then the SSL session is disconnected. ignore The server silently ignores the authentication error and continues the SSL connection. redirect The SSL handshake is continued and the client is redirected to another HTML page specified by the url argument. The SSL session is disconnected. url The location of the error page for redirection.
Usage Guidelines
Availability: Remote, Serial, Telnet
Any combination of options can be used currently. Use the no form of the command to cease ignoring the specific client authentication error.
Related Commands
certgroup clientauth (Server Configuration Command Set)
clientauth enable (Server Configuration Command Set)
clientauth verifydepth (Server Configuration Command Set)
Specifies the level of certificate within the certificate group to use when verifying client certificates.
clientauth verifydepth <depth>
Syntax Description
depth The number of certificates within the certificate group to use for authentication.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
certgroup clientauth (Server Configuration Command Set)
clientauth enable (Server Configuration Command Set)
clientauth error (Server Configuration Command Set)
Exits Server Configuration mode, activates all changes, and returns to SSL Configuration mode.
endUsage Guidelines
Availability: Remote, Serial, Telnet
When an export browser version connects to a server using 1024-bit keys, this allows the RSA key exchange (the SSL handshake) to be negotiated using a dynamically created 512-bit key. Using ephemeral RSA ensures the device complies with United States commerce laws.
ephrsaUsage Guidelines
Availability: Remote, Serial, Telnet
The default is no ephemeral RSA. Use the no form of the command to disable ephemeral RSA.
Exits Server Configuration mode, activates all changes, and returns to SSL Configuration mode.
exitUsage Guidelines
Availability: Remote, Serial, Telnet
Leaves Server Configuration Mode and returns to Top Level mode.
finishedUsage Guidelines
Availability: Remote, Serial, Telnet
Displays help information for the specified command.
help [command]
Syntax Description
command The name of the command.
Usage Guidelines
Availability: Remote, Serial, Telnet
If you do not specify a command, help information is displayed for all Server Configuration Commands
Specifies the header information to pass to backend HTTP servers.
httpheader <session|server-cert|client-cert|pre-filter|prefix <prefixString>>
Syntax Description
session Adds SSL session information to the HTTP stream. server-cert Adds the server certificate to the HTTP stream. client-cert Adds the client certificate to the HTTP stream. pre-filter Pre-filters the client header. prefix Allows a prefix string to be added to the HTTP stream. prefixString The string to use as a header prefix.
Usage Guidelines
Availability: Remote, Serial, Telnet
(This command must be entered on one line.) Any combination of options can be used currently. Use the no form of the command to cease using the specific option.
Displays current information about the logical secure server being edited or created.
infoUsage Guidelines
Availability: Remote, Serial, Telnet
Sets the specified IP address for the logical secure server. Using the no form of the command clears the IP address for the logical secure server.
ip address <ipaddr> [netmask <mask>]
Syntax Description
ipaddr The IP address to assign to the secure server. netmask <mask> The netmask valid for the IP address.
Usage Guidelines
Availability: Remote, Serial, Telnet
Sets the specified key for use by the server.
key <keyname | default | default-1024 | default 512>
Syntax Description
keyname The name of the key. default The pre-loaded default key. default-1024 The pre-loaded 1024-bit default key. default-512 The pre-loaded 512-bit default key.
Usage Guidelines
Availability: Remote, Serial, Telnet
Only one key is allowed per server. If you enter this command with a different key, that reference replaces the earlier one.
Related Commands
key(SSL Configuration Command Set)
show ssl key (Non-Privileged Command Set)
See also "Key Configuration Command Set".
Specifies the port on which the secure server receives SSL traffic. The SSL traffic is decrypted and sent to the real server using the TCP service port previously specified with the remoteport command.
localport <port|default>
Syntax Description
port The TCP service port through which SSL traffic is received by the current secure logical server. default Returns the setting to the default of 443.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
remoteport (Server Configuration Command Set)
sslport (Server Configuration Command Set)
Specifies a host for logging of URL requests.
log-url <ipaddr>
Syntax Description
ipaddr The IP address of the host for the log.
Usage Guidelines
Availability: Remote, Serial, Telnet
Enables server redirection.
redirectUsage Guidelines
Use the no form of the command to disable server redirection.
Specifies the TCP service port through which non-secure connections is sent.
remoteport <port|default>
Syntax Description
port The non-secure port used to send clear text traffic to the server. default Sets the non-secure port specification to 80.
|
Caution Traffic sent on this TCP service port is not secured by SSL during transmission to the server. It must be secured by another means. |
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
localport (Server Configuration Command Set)
sslport (Server Configuration Command Set)
Creates an association between this server and the specified security policy.
secpolicy <polname|all|default|strong|weak>
Syntax Description
polname The name of the configured security policy. all All pre-loaded security policies. default Default security policy set. strong Strong security policy set. weak Weak security policy set.
Usage Guidelines
Availability: Remote, Serial, Telnet
Several default security policies are preloaded into the SSL device. To see a list of all loaded default and user-defined security policies, use the show ssl secpolicy command.
Related Commands
secpolicy (SSL Configuration Command Set)
show ssl secpolicy (Non-Privileged Command Set)
See the section "Security Policy Configuration Command Set".
Enables session caching.
session-cache enableUsage Guidelines
Availability: Remote, Serial, Telnet
Use the no form of the command to disable session caching.
Related Commands
session-cache size (Server Configuration Mode)
session-cache timeout (Server Configuration Mode)
Specifies the size of the session cache.
session-cache size <cachesize>
Syntax Description
cachesize The number of sessions. The default is 1024. The acceptable range is 1 to 76,800.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache enable (Server Configuration Mode)
session-cache timeout (Server Configuration Mode)
Specifies the session cache length before being timed out.
session-cache timeout <seconds>
Syntax Description
seconds Specifies the number of seconds before the cache times out.
Usage Guidelines
Availability: Remote, Serial, Telnet
Related Commands
session-cache enable (Server Configuration Mode)
session-cache size (Server Configuration Mode)
Specifies the port on which the logical secure server receives SSL traffic. The SSL traffic is decrypted and sent to the physical server using the TCP service port previously specified with the remoteport command.
sslport <port|default>
Syntax Description
port The TCP service port through which SSL traffic is received by the current secure logical server. default Returns the setting to the default of 443.
Usage Guidelines
Availability: Remote, Serial, Telnet
|
Note This command has the same effects as the localport command and is included only for backwards compatibility. |
Related Commands
localport (Server Configuration Command Set)
remoteport (Server Configuration Command Set)
Suspends the function of the server.
suspend [now]
Syntax Description
now Suspends actions of the server immediately.
Usage Guidelines
Availability: Remote, Serial, Telnet
This command behaves in three ways:
Related Commands
activate (Server Configuration Mode)
Enables to servers to function as a transparent proxy (default). The no form of the command is used to disable this behavior.
transparentUsage Guidelines
Availability: Remote, Serial, Telnet
When transparent proxy behavior is disabled, the device accepts connections on the IP address of the Secure Content Accelerator rather than on the server address.
Posted: Mon Aug 19 22:06:23 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.