AlteonOS 29.0.0 Command Ref

Alteon Application Switch Operating System
Command Reference
Software Version 29.0.0.0
Document ID: RDWR-ALOS-V2900_RG1303
March, 2013
Alteon Application Switch Operating System Command Reference
Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
The AppShape++ Script Files provided by Radware Ltd. are subject to the Special License Terms
included in each of the electronic AppShape++ Script Files and are also subject to Radware's End
User License Agreement, a copy of which (as may be amended from time to time) can be found at
the end of this document or at http://www.radware.com/Resources/eula.html.
Please note that if you create your own scripts using any AppShape++ Scripts provided by Radware,
such self-created scripts are not controlled by Radware and therefore Radware will not be liable for
any malfunctions resulting from such self-created scripts.
Copyright Radware Ltd. 2013. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Les applications AppShape++ Script Files fournies par Radware Ltd. sont soumises aux termes de la
Licence Spciale (Special License Terms) incluse dans chaque fichier lectronique AppShape++
Script Files mais aussi au Contrat de Licence d'Utilisateur Final de Radware qui peut tre modifi de
temps en temps et dont une copie est disponible la fin du prsent document ou l'adresse
suivante: http://www.radware.com/Resources/eula.html.
Nous attirons votre attention sur le fait que si vous crez vos propres fichiers de commande (fichiers
script) en utilisant l'application AppShape++ Script Files fournie par Radware, ces fichiers
script ne sont pas contrls par Radware et Radware ne pourra en aucun cas tre tenue
responsable des dysfonctionnements rsultant des fichiers script ainsi crs.
Copyright Radware Ltd. 2013. Tous droits rservs.
Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels
contenus dans ce guide sont la proprit de Radware Ltd.
Ce guide dinformations est fourni nos clients dans le cadre de linstallation et de lusage des
produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui
pour lequel il a t conu.
Les informations rpertories dans ce document restent la proprit de Radware et doivent tre
conserves de manire confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement pralable crit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert:
Die von Radware Ltd bereitgestellten AppShape++ Scriptdateien unterliegen den in jeder
elektronischen AppShape++ Scriptdatei enthalten besonderen Lizenzbedingungen sowie Radware's
Endbenutzer-Lizenzvertrag (von welchem eine Kopie in der jeweils geltenden Fassung am Ende
dieses Dokuments oder unter http://www.radware.com/Resources/eula.html erhltlich ist). Bitte
beachten Sie, dass wenn Sie Ihre eigenen Skripte mit Hilfe eines von Radware bereitgestellten
AppShape++ Skripts erstellen, diese selbsterstellten Skripte nicht von Radware kontrolliert werden
und Radware daher keine Haftung fr Funktionsfehler bernimmt, welche von diesen selbsterstellten
Skripten verursacht werden.
Copyright Radware Ltd. 2013. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.
Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
This product contains code developed by the OpenSSL Project.
This product includes software developed by the OpenSSL Project. For use in the OpenSSL Toolkit.
(http://www.openssl.org/).
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
This code is hereby placed in the public domain.
This product contains code developed by the OpenBSD Project
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
This product includes software developed by Markus Friedl
This product includes software developed by Theo de Raadt
This product includes software developed by Niels Provos
This product includes software developed by Dug Song
This product includes software developed by Aaron Campbell
This product includes software developed by Damien Miller
This product includes software developed by Kevin Steves
This product includes software developed by Daniel Kouril
This product includes software developed by Wesley Griffin
This product includes software developed by Per Allansson
This product includes software developed by Nils Nordman
This product includes software developed by Simon Wilkinson
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
ALL THE SOFTWARE MENTIONED ABOVE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability
of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for
any particular purpose. It is provided as is without express or implied warranty of any kind.
Notice traitant du copyright

Les programmes intgrs dans ce produit sont soumis une licence d'utilisation limite et ne
peuvent tre utiliss qu'en lien avec cette application.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Ce produit inclut un logiciel dvelopp dans le cadre du projet OpenSSL. Pour un usage dans la bote
outils OpenSSL (http://www.openssl.org/).
Copyright (c) 1998-2005 Le projet OpenSSL. Tous droits rservs. Ce produit inclut la catgorie de
chiffre Rijndael.
Limplmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du
domaine public et distribue sous les termes de la licence suivante:
@version 3.0 (Dcembre 2000)
Code ANSI C code pour Rijndael (actuellement AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>.
Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprs de Radware. Une copie de la licence est rpertorie sur:
Ce code est galement plac dans le domaine public.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Copyright (c) 1983, 1990, 1992, 1993, 1995
Les membres du conseil de lUniversit de Californie. Tous droits rservs.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1.
La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2.
La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
3.
Le nom de luniversit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour
approuver ou promouvoir un produit driv de ce programme sans lobtention pralable dune
autorisation crite.
Ce produit inclut un logiciel dvelopp par Markus Friedl

Ce produit inclut un logiciel dvelopp par Theo de Raadt Ce produit inclut un logiciel dvelopp par
Niels Provos
Ce produit inclut un logiciel dvelopp par Dug Song
Ce produit inclut un logiciel dvelopp par Aaron Campbell Ce produit inclut un logiciel dvelopp
par Damien Miller
Ce produit inclut un logiciel dvelopp par Kevin Steves
Ce produit inclut un logiciel dvelopp par Daniel Kouril
Ce produit inclut un logiciel dvelopp par Wesley Griffin
Ce produit inclut un logiciel dvelopp par Per Allansson
Ce produit inclut un logiciel dvelopp par Nils Nordman
Ce produit inclut un logiciel dvelopp par Simon Wilkinson.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS SY LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALIT MARCHANDE ET DADQUATION UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS LAUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS
SY LIMITER, LACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE DUSAGE,
DE DONNES OU DE PROFITS OU LINTERRUPTION DES AFFAIRES), QUELLE QUEN SOIT LA CAUSE
ET LA THORIE DE RESPONSABILIT, QUIL SAGISSE DUN CONTRAT, DE RESPONSABILIT
STRICTE OU DUN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE
QUELLE QUE FAON QUE CE SOIT DE LUSAGE DE CE LOGICIEL, MME SIL A T AVERTI DE LA
POSSIBILIT DUN TEL DOMMAGE.
Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschrnkten Nutzungslizenz und
knnen nur in Verbindung mit dieser Anwendung benutzt werden.
Dieses Produkt enthlt einen vom OpenSSL-Projekt entwickelten Code.
Dieses Produkt enthlt vom OpenSSL-Projekt entwickelte Software. Zur Verwendung im OpenSSL
Toolkit. (http://www.openssl.org/).
Copyright (c) 1998-2005 The OpenSSL Project. Alle Rechte vorbehalten. Dieses Produkt enthlt die
Rijndael cipher
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
ffentlich zugnglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine
ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter:
Dieser Code wird hiermit allgemein zugnglich gemacht.
Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3.
Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Dieses Produkt enthlt von Markus Friedl entwickelte Software Dieses Produkt enthlt von Theo de
Raadt entwickelte Software Dieses Produkt enthlt von Niels Provos entwickelte Software Dieses
Produkt enthlt von Dug Song entwickelte Software
Dieses Produkt enthlt von Aaron Campbell entwickelte Software Dieses Produkt enthlt von Damien
Miller entwickelte Software Dieses Produkt enthlt von Kevin Steves entwickelte Software Dieses
Produkt enthlt von Daniel Kouril entwickelte Software Dieses Produkt enthlt von Wesley Griffin
entwickelte Software Dieses Produkt enthlt von Per Allansson entwickelte Software Dieses Produkt
enthlt von Nils Nordman entwickelte Software
Dieses Produkt enthlt von Simon Wilkinson entwickelte Software
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.
Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2.
Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (AS IS)

BEREITGESTELLT. JEGLICHE AUSDRCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH,
DOCH NICHT BESCHRNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGNGIGKEIT UND DER
ANWENDBARKEIT FR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.
UNTER KEINEN UMSTNDEN HAFTET DER AUTOR FR DIREKTE ODER INDIREKTE SCHDEN, FR
BEI VERTRAGSERFLLUNG ENTSTANDENE SCHDEN, FR BESONDERE SCHDEN, FR
SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FR FOLGESCHDEN EINSCHLIESSLICH, DOCH
NICHT BESCHRNKT AUF, ERWERB VON ERSATZGTERN ODER ERSATZLEISTUNGEN; VERLUST AN
NUTZUNG, DATEN ODER GEWINN; ODER GESCHFTSUNTERBRECHUNGEN) GLEICH, WIE SIE
ENTSTANDEN SIND, UND FR JEGLICHE ART VON HAFTUNG, SEI ES VERTRGE,
GEFHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLSSIGKEIT
ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST
WENN AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.
Figure 1: Electrical Shock Hazard Label
DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

The following figure is the warning for Radware platforms with dual power supplies.
Figure 2: Dual-Power-Supply-System Safety Warning in Chinese
Translation of Dual-Power-Supply-System Safety Warning in Chinese:

This unit has more than one power supply. Disconnect all power supplies before maintenance to
avoid electric shock.
SERVICING
Do not perform any servicing other than that contained in the operating instructions unless you are
qualified to do so. There are no serviceable parts inside the unit.
HIGH VOLTAGE
Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided
as much as possible and, when inevitable, must be carried out only by a skilled person who is aware
of the hazard involved.
Capacitors inside the instrument may still be charged even if the instrument has been disconnected
from its source of supply.
GROUNDING
Before connecting this device to the power line, the protective earth terminal screws of this device
must be connected to the protective earth in the building installation.
LASER
This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 +
A2:2001 Standard.
FUSES
Make sure that only fuses with the required rated current and of the specified type are used for
replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided.
Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be
made inoperative and be secured against any unintended operation.
LINE VOLTAGE
Before connecting this instrument to the power line, make sure the voltage of the power source
matches the requirements of the instrument. Refer to the Specifications for information about the
correct power rating for the device.
48V DC-powered platforms have an input tolerance of 36-72V DC.
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
Figure 3: Statement for Class A VCCI-certified Equipment
Translation of Statement for Class A VCCI-certified Equipment:

This is a Class A product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this equipment is used in a domestic environment,
radio disturbance may occur, in which case, the user may be required to take corrective action.
Figure 4: Statement for Class B VCCI-certified Equipment
Translation of Statement for Class B VCCI-certified Equipment:

This is a Class B product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this is used near a radio or television receiver in a
domestic environment, it may cause radio interference.
Install and use the equipment according to the instruction manual.
10
KCC KOREA
Figure 5: KCCKorea Communications Commission Certificate of Broadcasting and

Communication Equipment
Figure 6: Statement For Class A KCC-certified Equipment in Korean
Translation of Statement For Class A KCC-certified Equipment in Korean:

This equipment is Industrial (Class A) electromagnetic wave suitability equipment and seller or user
should take notice of it, and this equipment is to be used in the places except for home.
SPECIAL NOTICE FOR NORTH AMERICAN USERS
For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked <HAR>, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:
If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
11
This marking or statement includes the following text warning:

CAUTION
RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Caution To Reduce the Risk of Electrical Shock and Fire
1.
This equipment is designed to permit connection between the earthed conductor of the DC
supply circuit and the earthing conductor equipment. See Installation Instructions.
2.
All servicing must be undertaken only by qualified service personnel. There are not user
serviceable parts inside the unit.
3.
DO NOT plug in, turn on or attempt to operate an obviously damaged unit.
4.
Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5.
Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6.
Do not operate the device in a location where the maximum ambient temperature exceeds
40C/104F.
7.
Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001
AC units for Denmark, Finland, Norway, Sweden (marked on product):
Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!
Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla

varustettuun pistorasiaan
Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt
Unit is intended for connection to IT power systems for Norway only.
Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.
To connect the power connection:

1.
Connect the power cable to the main socket, located on the rear panel of the device.
2.
Connect the power cable to the grounded AC outlet.
CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.
Instructions de scurit
AVERTISSEMENT
Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.
En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et dincendie,
chaque procdure impliquant louverture des panneaux ou le remplacement de composants sera
excute par du personnel qualifi.
Pour rduire les risques dincendie et de chocs lectriques, dconnectez le dispositif du bloc
dalimentation avant de retirer le couvercle ou les panneaux.
12
La figure suivante montre ltiquette davertissement appose sur les plateformes Radware dotes
de plus dune source dalimentation lectrique.
Figure 7: tiquette davertissement de danger de chocs lectriques
AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION

LECTRIQUE (EN CHINOIS)
La figure suivante reprsente ltiquette davertissement pour les plateformes Radware dotes de
deux sources dalimentation lectrique.
Figure 8: Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois)
Traduction de la Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois):
Cette unit est dote de plus dune source dalimentation lectrique. Dconnectez toutes les sources
dalimentation lectrique avant dentretenir lappareil ceci pour viter tout choc lectrique.
ENTRETIEN
Neffectuez aucun entretien autre que ceux rpertoris dans le manuel dinstructions, moins dtre
qualifi en la matire. Aucune pice lintrieur de lunit ne peut tre remplace ou rpare.
HAUTE TENSION
Tout rglage, opration dentretien et rparation de linstrument ouvert sous tension doit tre vit.
Si cela savre indispensable, confiez cette opration une personne qualifie et consciente des
dangers impliqus.
Les condensateurs au sein de lunit risquent dtre chargs mme si lunit a t dconnecte de la
source dalimentation lectrique.
MISE A LA TERRE
Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de
cette unit doivent tre relies au systme de mise la terre du btiment.
LASER
Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
13
FUSIBLES
Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en
remplacement. Lusage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre
vits. Lorsquil est pratiquement certain que la protection offerte par les fusibles a t dtriore,
linstrument doit tre dsactiv et scuris contre toute opration involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source
dalimentation correspond aux exigences de linstrument. Consultez les spcifications propres
lalimentation nominale correcte du dispositif.
Les plateformes alimentes en 48 CC ont une tolrance dentre comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI
Figure 9: Dclaration pour lquipement de classe A certifi VCCI
Traduction de la Dclaration pour lquipement de classe A certifi VCCI:

Il sagit dun produit de classe A, bas sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Si cet quipement est utilis dans un environnement
domestique, des perturbations radiolectriques sont susceptibles dapparatre. Si tel est le cas,
lutilisateur sera tenu de prendre des mesures correctives.
Figure 10: Dclaration pour lquipement de classe B certifi VCCI
Traduction de la Dclaration pour lquipement de classe B certifi VCCI:

Il sagit dun produit de classe B, bas sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Sil est utilis proximit dun poste de radio ou dune
tlvision dans un environnement domestique, il peut entraner des interfrences radio.
Installez et utilisez lquipement selon le manuel dinstructions.
14
KCC Core
Figure 11: KCCCertificat de la commission des communications de Core pour les equipements de
radiodiffusion et communication.
Figure 12: Dclaration pour lquipement de classe A certifi KCC en langue corenne
Translation de la Dclaration pour lquipement de classe A certifi KCC en langue corenne:

Cet quipement est un matriel (classe A) en adquation aux ondes lectromagntiques et le
vendeur ou lutilisateur doit prendre cela en compte. Ce matriel est donc fait pour tre utilis
ailleurs qu la maison.
NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS
Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon dalimentation
homologu UL et certifi CSA 3 - conducteur, [18 AWG], muni dune prise moule son extrmit,
de 125 V, [10 A], dune longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la
connexion europenne, choisissez un cordon dalimentation mondialement homologu et marqu
<HAR>, 3 - conducteur, cble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isole. La
prise lextrmit du cordon, sera dote dun sceau moul indiquant: 250 V, 3 A.
ZONE A ACCS RESTREINT
Lquipement aliment en CC ne pourra tre install que dans une zone accs restreint. CODES
DINSTALLATION
Ce dispositif doit tre install en conformit avec les codes lectriques nationaux. En Amrique du
Nord, lquipement sera install en conformit avec le code lectrique national amricain, articles
110-16, 110 -17, et 110 -18 et le code lectrique canadien, Section 12. INTERCONNEXION DES
UNTES.
Les cbles de connexion lunit RS232 et aux interfaces Ethernet seront certifis UL, type DP-1 ou
DP-2. (Remarque- sils ne rsident pas dans un circuit LPS) PROTECTION CONTRE LES
SURCHARGES.
Un circuit de drivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit
tre intgr au cblage du btiment pour chaque puissance consomme.
BATTERIES REMPLAABLES
Si lquipement est fourni avec une batterie, et quelle est remplace par un type de batterie
incorrect, elle est susceptible dexploser. Cest le cas pour certaines batteries au lithium, les
lments suivants sont donc applicables:
Si la batterie est place dans une zone daccs oprateur, une marque est indique sur la
batterie ou une remarque est insre, aussi bien dans les instructions dexploitation que
dentretien.
Si la batterie est place ailleurs dans lquipement, une marque est indique sur la batterie ou
une remarque est insre dans les instructions dentretien.
15
Cette marque ou remarque inclut lavertissement textuel suivant:

AVERTISSEMENT
RISQUE DEXPLOSION SI LA BATTERIE EST REMPLACE PAR UN MODLE INCORRECT. METTRE AU
REBUT LES BATTERIES CONFORMMENT AUX INSTRUCTIONS.
Attention - Pour rduire les risques de chocs lectriques et dincendie
1.
Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du
circuit lectrique CC et lquipement de mise la terre. Voir les instructions dinstallation.
2.
Tout entretien sera entrepris par du personnel qualifi. Aucune pice lintrieur de lunit ne
peut tre remplace ou rpare.
3.
NE branchez pas, nallumez pas ou nessayez pas dutiliser une unit manifestement
endommage.
4.
Vrifiez que lorifice de ventilation du chssis dans lunit nest PAS OBSTRUE.
5.
Remplacez le fusible endommag par un modle similaire de mme puissance, tel quindiqu sur
ltiquette de scurit adjacente larrive lectrique hbergeant le fusible.
6.
Ne faites pas fonctionner lappareil dans un endroit, o la temprature ambiante dpasse la

valeur maximale autorise. 40C/104F.
7.
Dbranchez le cordon lectrique de la prise murale AVANT dessayer de retirer et/ou de vrifier
le fusible dalimentation principal.
PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit):
Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les
dviations du Danemark. Le cordon inclut un conducteur de mise la terre. Lunit sera
branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas
utilises!
Finlande (tiquette et inscription dans le manuel) - Laite on liitettv

suojamaadoituskoskettimilla varustettuun pistorasiaan
Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt
Lunit peut tre connecte un systme lectrique IT (en Norvge uniquement).
Sude (tiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Pour brancher lalimentation lectrique:

1.
Branchez le cble dalimentation la prise principale, situe sur le panneau arrire de lunit.
2.
Connectez le cble dalimentation la prise CA mise la terre.
AVERTISSEMENT
Risque de choc lectrique et danger nergtique. La dconnexion dune source dalimentation
lectrique ne dbranche quun seul module lectrique. Pour isoler compltement lunit, dbranchez
toutes les sources dalimentation lectrique.
ATTENTION
Risque de choc et de danger lectriques. Le dbranchement dune seule alimentation stabilise ne
dbranche quun module Alimentation Stabilise. Pour Isoler compltement le module en cause, il
faut dbrancher toutes les alimentations stabilises.
Attention: Pour Rduire Les Risques dlectrocution et dIncendie
1.
Toutes les oprations dentretien seront effectues UNIQUEMENT par du personnel dentretien
qualifi. Aucun composant ne peut tre entretenu ou remplace par lutilisateur.
2.
NE PAS connecter, mettre sous tension ou essayer dutiliser une unit visiblement dfectueuse.
3.
Assurez-vous que les ouvertures de ventilation du chssis NE SONT PAS OBSTRUES.
16
4. Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme
capacit, comme indiqu sur ltiquette de scurit proche de lentre de lalimentation qui
contient le fusible.
5. NE PAS UTILISER lquipement dans des locaux dont la temprature maximale dpasse 40
degrs Centigrades.
6. Assurez vous que le cordon dalimentation a t dconnect AVANT dessayer de lenlever et/ou
vrifier le fusible de lalimentation gnrale.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von
qualifiziertem Servicepersonal durchgefhrt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
Figure 13: Warnetikett Stromschlaggefahr
SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FR SYSTEME MIT DOPPELSPEISUNG

Die folgende Abbildung ist die Warnung fr Radware-Plattformen mit Doppelspeisung.
Figure 14: Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung
bersetzung von Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung:

Die Einheit verfgt ber mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von
Stromschlag vor Wartungsarbeiten smtliche Stromversorgungsleitungen ab.
WARTUNG
Fhren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angefhrt sind, es sei
denn, Sie sind dafr qualifiziert. Es gibt innerhalb des Gertes keine wartungsfhigen Teile.
17
HOCHSPANNUNG
Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter
Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie
ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind.
Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn
das Gert von der Stromversorgung abgeschnitten wurde.
ERDUNG
Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der
Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden.
LASER
Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 +
A1:1997 + A2:2001 Standard.
SICHERUNGEN
Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der
angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das
Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der
Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben
bezglich der korrekten elektrischen Werte des Gertes.
Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC. NDERUNGEN DER
TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ
Figure 15: Erklrung zu VCCI-zertifizierten Gerten der Klasse A
bersetzung von Erklrung zu VCCI-zertifizierten Gerten der Klasse A:

Dies ist ein Produkt der Klasse A gem den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt,
knnen elektromagnetische Strungen auftreten. In einem solchen Fall wre der Benutzer
verpflichtet, korrigierend einzugreifen.
18
Figure 16: Erklrung zu VCCI-zertifizierten Gerten der Klasse B
bersetzung von Erklrung zu VCCI-zertifizierten Gerten der Klasse B:

Dies ist ein Produkt der Klasse B gem den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt,
knnen elektromagnetische Strungen auftreten.
Montieren und benutzen Sie das Gert laut Anweisungen im Benutzerhandbuch.
KCC KOREA
Figure 17: KCCKorea Communications Commission Zertifikat fr Rundfunk-und

Nachrichtentechnik
Figure 18: Erklrung zu KCC-zertifizierten Gerten der Klasse A
bersetzung von Erklrung zu KCC-zertifizierten Gerten der Klasse A:

Verkufer oder Nutzer sollten davon Kenntnis nehmen, da dieses Gert der Klasse A fr industriell
elektromagnetische Wellen geeignete Gerten angehrt und dass diese Gerte nicht fr den
heimischen Gebrauch bestimmt sind.
BESONDERER HINWEIS FR BENUTZER IN NORDAMERIKA
Whlen Sie fr den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgefhrt
und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, fr 125 V, [10 A],
mit einer Mindestlnge von 1,5 m [sechs Fu], doch nicht lnger als 4,5 m. Fr europische
Anschlsse verwenden Sie ein international harmonisiertes, mit <HAR> markiertes Stromkabel,
mit 3 Leitern von mindestens 0,75 mm2, fr 300 V, mit PVC-Umkleidung. Das Kabel muss in einem
gegossenen Stecker fr 250 V, 3 A enden.
BEREICH MIT EINGESCHRNKTEM ZUGANG
Das mit Gleichstrom betriebene Gert darf nur in einem Bereich mit eingeschrnktem Zugang
montiert werden.
INSTALLATIONSCODES
Dieses Gert muss gem der landesspezifischen elektrischen Codes montiert werden. In
Nordamerika mssen Gerte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden.
19
VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernetmssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
BERSTROMSCHUTZ
Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr
jede Stromeingabe in der Gebudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen
falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:
Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder einer Erklrung in der Wartungsanleitung.
Diese Markierung oder Erklrung enthlt den folgenden Warntext: VORSICHT

EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT WIRD.
GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.
Denmark - Unit is class I - mit Wechselstromkabel benutzen, dass fr die Abweichungen in

Dnemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine
geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!
Finland - (Markierungsetikett und im Handbuch) - Laite on liitettv

suojamaadoituskoskettimilla varustettuun pistorasiaan
Norway - (Markierungsetikett und im Handbuch) - Apparatet m tilkoples jordet stikkontakt

Ausschlielich fr Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen
Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.
Anschluss des Stromkabels:

1.
Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.
2.
Schlieen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.
VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr
1.
Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe
Montageanleitung.
2.
Wartungsarbeiten jeglicher Art drfen nur von qualifiziertem Servicepersonal ausgefhrt

werden. Es gibt innerhalb des Gertes keine vom Benutzer zu wartenden Teile.
3.
Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen,
einzuschalten oder zu betreiben.
4.
Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT
SIND.
5.
Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der
selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehuse.
6.
Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung
40C berschreitet.
7.
Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prfen.
20
Altitude and Climate Warning

Note: This warning only applies to The People's Republic of China.
1.
Tma 25C
2.
2000m
2000m
DD
2000m
DD
DD.1
2000m 2000m
DD.2
21
Document Conventions
The following describes the conventions and symbols that this guide uses:
Item
Description
Description (French)
Beschreibung (German)
An example scenario
Un scnario dexemple
Ein Beispielszenarium
Possible damage to
equipment, software, or
data
Endommagement
Mgliche Schden an
possible de lquipement, Gert, Software oder
des donnes ou du
Daten
logiciel
Additional information
Informations
complmentaires
Zustzliche
Informationen
A statement and
instructions
Rfrences et
instructions
Eine Erklrung und

Anweisungen
A suggestion or
workaround
Une suggestion ou
solution
Ein Vorschlag oder eine

Umgehung
Example
Caution:
Note:
To
Tip:
Possible physical harm to Blessure possible de
the operator
loprateur
Verletzungsgefahr des
Bedieners
Warning:
22
Table of Contents
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Safety Instructions ......................................................................................................... 8
Altitude and Climate Warning ...................................................................................... 21
Document Conventions ............................................................................................... 22
Chapter 1 Preface................................................................................................. 29
Who Should Use This Book ......................................................................................... 29
How this Book Is Organized ........................................................................................ 29
Related Documentation ............................................................................................... 29
Typographic Conventions ............................................................................................ 30
Chapter 2 The Command Line Interface ............................................................ 31

Connecting to Alteon ................................................................................................... 31
Establishing a Console Connection ..................................................................................... 31
Establishing a Telnet Connection ........................................................................................ 32
Establishing an SSH Connection ......................................................................................... 33
Accessing Alteon ......................................................................................................... 34

CLI Menu ..................................................................................................................... 38
Command Line History and Editing ............................................................................. 38
Idle Timeout ................................................................................................................. 38
Chapter 3 Menu Basics........................................................................................ 39

The Main Menu ............................................................................................................ 39
Menu Summary ........................................................................................................... 39
Global Commands ....................................................................................................... 40
Command Line History and Editing ............................................................................. 42
Command Line Interface Shortcuts ............................................................................. 43
Command Stacking ............................................................................................................. 43
Command Abbreviation ....................................................................................................... 44
Tab Completion ................................................................................................................... 44
Configuration Ranges .......................................................................................................... 44
Chapter 4 The Information Menu ........................................................................ 45

/info
Information Menu ...................................................................................................... 45

/info/sys
System Information Menu .................................................................................................... 47
/info/vadc
23

Table of Contents
vADC Information in the Global Administrator Environment ............................................... 68

/info/l2
Layer 2 Information Menu ................................................................................................... 68
Clearing Entries from the Forwarding Database ................................................................. 71
/info/l3
Layer3 Information Menu .................................................................................................... 80
/info/slb
Layer 4 Information Menu ................................................................................................. 105
/info/bwm
Bandwidth Management Information Menu ....................................................................... 113
/info/security
Security Information .......................................................................................................... 116
/info/link
Link Status Information ..................................................................................................... 117
/info/port
Port Information ................................................................................................................. 118
/info/swkey
Software Enabled Keys ..................................................................................................... 118
/info/dump
Information Dump .............................................................................................................. 119
Chapter 5 The Statistics Menu.......................................................................... 121

/stats
Statistics Menu ...................................................................................................... 121

/stats/sys
System Statistics Menu .....................................................................................................
/stats/port <port number>
Port Statistics Menu ..........................................................................................................
/stats/vadc
vADC Statistics Menu ........................................................................................................
/stats/pmirr
Port Mirroring Statistics Menu ...........................................................................................
/stats/l2
Layer 2 Statistics Menu .....................................................................................................
/stats/l3
Layer 3 Statistics Menu .....................................................................................................
/stats/slb
Server Load Balancing Statistics Menu .............................................................................
/stats/bwm
BWM Statistics Menu ........................................................................................................
/stats/security
Security Statistics ..............................................................................................................
/stats/mp
Management Processor Statistics .....................................................................................
/stats/sp <SP Number>
SP-specific Statistics .........................................................................................................
/stats/pmirr
Port Mirroring Statistics Menu ...........................................................................................
/stats/dump
24
123
125
137
140
141
144
166
219
226
232
236
238

Table of Contents
Dump Statistics ................................................................................................................. 238
Chapter 6 The Configuration Menu .................................................................. 239

/cfg
Configuration Menu ............................................................................................... 239

Viewing, Applying, and Saving Changes .................................................................. 241
Viewing Pending Changes ................................................................................................
Applying Pending Changes ..............................................................................................
Saving the Configuration ..................................................................................................
/cfg/sys
System Configuration .......................................................................................................
/cfg/port <port number>
Port Configuration Menu ...................................................................................................
/cfg/port <port number>/gig
Port Link Configuration .....................................................................................................
/cfg/vadc
vADC Configuration Menu ................................................................................................
/cfg/dashboard
Dashboard Menu ..............................................................................................................
/cfg/pmirr
Port Mirroring Menu ..........................................................................................................
/cfg/pmirr monport
Port-Mirroring Menu ..........................................................................................................
/cfg/bwm
Bandwidth Management Configuration .............................................................................
/cfg/l2
Layer 2 Configuration Menu .............................................................................................
/cfg/l3
Layer 3 Configuration Menu .............................................................................................
/cfg/security
Security Configuration Menu ............................................................................................
/cfg/dump
Dump ................................................................................................................................
/cfg/ptcfg
Saving the Active Switch Configuration ............................................................................
/cfg/gtcfg
Restoring the Active Switch Configuration ........................................................................
241
241
242
243
287
289
290
305
306
306
307
315
331
384
390
390
392
Chapter 7 The SLB Configuration Menu .......................................................... 395

/cfg/slb
SLB Configuration ............................................................................................................. 395
Chapter 8 The Operations Menu....................................................................... 607

/oper
Operations Menu ................................................................................................... 607

/oper/port <port number>
Operations-Level Port Options ......................................................................................... 609
/oper/slb
25

Table of Contents
Operations-Level SLB Options ..........................................................................................

/oper/vrrp
VRRP Operations Menu ....................................................................................................
/oper/bwm
Operations-Level Bandwidth Management Options ..........................................................
/oper/security
Security Menu ...................................................................................................................
/oper/ip
Operations-Level IP Options .............................................................................................
/oper/swkey
Activating Software ...........................................................................................................
/oper/rmkey
Removing Optional Software .............................................................................................
/oper/vadc
vADC Operations Menu ....................................................................................................
/oper/sys
Operational System Menu .................................................................................................
610
613
614
614
616
617
617
617
618
Chapter 9 The Boot Options Menu................................................................... 621

/boot
Boot Options Menu ................................................................................................ 621

/boot/image
Selecting a Software Image to Run ...................................................................................
/boot/conf
Selecting a Configuration Block ........................................................................................
/boot/gtimg
Downloading New Software ..............................................................................................
/boot/reset
Resetting Alteon ................................................................................................................
/boot/cur
Current Boot Options ........................................................................................................
623
624
625
626
627
Chapter 10 The Maintenance Menu.................................................................. 629

/maint
Maintenance Menu ................................................................................................ 629

/maint/sys
System Maintenance Options ...........................................................................................
/maint/fdb
Forwarding Database (FDB) Manipulation Menu ..............................................................
/maint/arp
Address Resolution Protocol Menu ...................................................................................
/maint/route
IP Route Manipulation .......................................................................................................
/maint/ip6
IPv6 Menu .........................................................................................................................
/maint/applog
Application Services Trace Log Menu ...............................................................................
/maint/cachcont
Cache Content List ............................................................................................................
26
632
632
633
634
635
636
637

Table of Contents
/maint/pktcap
Packet Capture Menu .......................................................................................................
/maint/ptdmp <server filename>
System Dump Put .............................................................................................................
/maint/cldmp
Clearing Dump Information ...............................................................................................
/maint/lsdmp
View Dump Statistics ........................................................................................................
/maint/panic
Panic Command ...............................................................................................................
/maint/tsdmp
Technical Support Dump ........................................
637
641
642
642
642
643
Appendix A Alteon Application Switch Operating System Syslog Messages ....

645
Syslog Message Syntax ........................................................................................... 645

Syslog Messages ..................................................................................................... 645
LOG_WARNING ...............................................................................................................
LOG_ALERT .....................................................................................................................
LOG_CRIT ........................................................................................................................
LOG_ERR .........................................................................................................................
LOG_NOTICE ...................................................................................................................
LOG_INFO ........................................................................................................................
645
646
647
647
651
653
Appendix B Alteon Application Switch Operating System SNMP Agent ..... 655
Supported MIBs ........................................................................................................ 655
Enterprise MIB Documents ...............................................................................................
SynOptics MIBs ................................................................................................................
Standard MIBs ..................................................................................................................
SNMPv3 MIBs ..................................................................................................................
655
655
655
656
Supported Traps ....................................................................................................... 656

Generic Traps ................................................................................................................... 656
Spanning Tree Traps ........................................................................................................ 656
Enterprise SNMP Traps .................................................................................................... 657
Appendix C Glossary......................................................................................... 659

Radware Ltd. End User License Agreement....................................................... 663
27

Table of Contents
28
Chapter 1 Preface
This guide describes how to configure and use the Alteon Application Switch Operating System
(AlteonOS) software on the Alteon Application Switches. Throughout this guide, in most cases the
AlteonOS and the Alteon platform are referred to as Alteon. For documentation on installation and
initial configuration of Alteon, see the Radware Alteon Installation and Maintenance Guide.
Who Should Use This Book

This guide is intended for network installers and system administrators engaged in configuring and
maintaining a network. The administrator should be familiar with Ethernet concepts, IP addressing,
the Spanning Tree Protocol, and SNMP configuration parameters.
How this Book Is Organized
The Command Line Interface, page 31 describes how to connect to Alteon and access the
information and configuration menus.
Menu Basics, page 39 provides an overview of the menu system, including a menu map, global
commands, and menu shortcuts.
The Information Menu, page 45 describes how to view Alteon configuration parameters
The Statistics Menu, page 121 describes how to view Alteon performance statistics.
The Configuration Menu, page 239 describes how to configure system parameters, ports,
VLANs, Spanning Tree Protocol, SNMP, Port Mirroring, IP Routing, Port Trunking, and more.
The SLB Configuration Menu, page 395 describes how to configure Server Load Balancing (SLB),
filtering, Global Server Load Balancing (GSLB), and more.
The Operations Menu, page 607 describes how to use commands which affect Alteon
performance immediately, but do not alter permanent configurations (such as temporarily
disabling ports). The menu describes how to activate or deactivate optional software features.
The Boot Options Menu, page 621 describes the use of the primary and alternate Alteon images,
how to load a new software image, and how to reset the software to factory defaults.
The Maintenance Menu, page 629 describes how to generate and access a dump of critical state
information, how to clear it, and how to clear part or all of the forwarding database.
Appendix A - Alteon Application Switch Operating System Syslog Messages, page 645 lists
Alteon syslog messages.
Appendix B - Alteon Application Switch Operating System SNMP Agent, page 655 lists the
Management Interface Bases (MIBs) supported in the Alteon software.
Glossary, page 659 defines the terminology used throughout the book.
Related Documentation
Alteon Application Switch Operating System Release NotesDescribes new features and any
caveats and limitations with the currently released Alteon versions.
Alteon Application Switch Operating System Application GuideDescribes Alteon features and
gives configuration examples.
29

Preface
Alteon Application Switch Operating System Browser-Based Interface (BBI) Quick Guide
Describes of the BBI and how to configure and access it from Alteon.
Radware Alteon Installation and Maintenance GuideIncludes technical specifications of Alteon

platforms, installation instructions, and troubleshooting tools.
Typographic Conventions
The following table describes the typographic styles in this book:
Table 1: Typographic conventions
Typeface or
Symbol
Meaning
Example
AaBbCc123
Bold highlights for names of

commands, files, and
directories within the text, as
well as exact values or
character strings that you
specify.
View the readme.txt file.
AaBbCc123
Courier type appears in

screen image examples.
Main# sys
AaBbCc123
Italics introduce a term,

highlight variables, menu and
tab names, and book titles, and
used for emphasis.
To establish a Telnet session,

enter host# telnet
<IP_address>, where
IP_address is the address of the
FTP server.
For more information, see the
Alteon Application Switch
Operating System Application
Guide.
Optional command items are

host# 1s [-a]
shown inside brackets and can
be used or excluded as the
situation demands. Do not type
the brackets.
<>
Variable names are shown

inside angle brackets. Do not
type the angle brackets.
>> # ssh <switch IP

address>
Separates command options.

The command options are
mutually exclusive. Do not type
the pipe character.
ping <host name> | <IP

address> [tries <(1-32)>
[msec delay]] [-m|-mgmt|d|-data]
30
Chapter 2 The Command Line Interface

As delivered, Alteon is ready to perform basic load balancing functions. Some of the more advanced
features, however, require some administrative configuration before they can be used effectively.
Alteon includes a variety of options for accessing and configuring the system:
A built-in, text-based command line interface (CLI) and menu system for access via local
terminal or remote Telnet session.
SNMP support for access through network management software such as HP OpenView.
The Alteon Application Switch Operating System Browser-Based Interface (BBI).
The CLI is the most direct method for collecting information and performing configuration. Using a
basic terminal, you are presented with a hierarchy of menus that enable you to view information and
statistics about the system, and to perform any necessary configuration.
This chapter explains how to access the CLI.
Connecting to Alteon
You can access the CLI in any one of the following ways:
Using a console connection via the console port
Using a Telnet connection over the network
Using an SSH connection to securely log into another computer over a network
Establishing a Console Connection

To establish a console connection with Alteon, you need the following:
A standard serial cable with a male DB9 connector.
An ASCII terminal or a computer running terminal emulation software set to the parameters
shown in the following table:
Table 2: Console Configuration Parameters
Parameter
Value
Baud Rate
9600
Data Bits
Parity
None
Stop Bits
Flow Control
None
To connect to Alteon through a console

1.
Connect the terminal to the console port using the serial cable.
2.
Power on the terminal.
3.
Press Enter a few times on your terminal. Enter a password for access to the system.
31

The Command Line Interface
For more details on platform technical specifications and initial configuration, see the Radware
Alteon Installation and Maintenance Guide.
Establishing a Telnet Connection

A Telnet connection offers the convenience of accessing Alteon from any workstation connected to
the network. Telnet access provides the same options for user access and administrator access as
those available through the console port.
To configure Alteon for Telnet access, you need to have a device with Telnet software located on the
same network as Alteon. Alteon must have an IP address. Alteon can acquire its IP address in one of
the following ways:
Dynamically, from a BOOTP server on your network. See Using a BOOTP Server, page 32.
Manually, when you configure the IP address.
Note: Before you can use these methods for accessing Alteon, you need to enable Telnet and SSH
using a serial connection.
Using a BOOTP Server

By default, Alteon is set up to request its IP address from a BOOTP server. If you have a BOOTP
server on your network, add the Alteon MAC address to the BOOTP configuration file located on the
BOOTP server. The MAC address can be found on a small white label on the Alteon back panel. The
MAC address can also be found in the System Information menu (see /info/sys System Information
Menu, page 47).
Note: If connecting to the management port, BOOTP is not supported. The port must be manually
configured with the proper IP address.
Running Telnet
You can access the CLI using a Telnet connection once the IP parameters are configured.
To establish a Telnet connection with Alteon

1.
Run the Telnet program on your workstation and issue the Telnet command, followed by the
Alteon IP address:
telnet
2.
32
<IP address>
Enter a password as explained in Establishing an SSH Connection, page 33.

Establishing an SSH Connection

Although a remote network administrator can manage Alteon configuration through Telnet, this
method does not provide a secure connection. The SSH (Secure Shell) protocol enables you to
securely log into another computer over a network to execute commands remotely. As a secure
alternative to using Telnet to manage Alteon configuration, SSH ensures that all data sent over the
network is encrypted and secure.
Note: Alteon can perform only one session of key/cipher generation at a time. As a result, an SSH/
SCP client cannot log in if Alteon is performing key generation at that time, or if another client has
just logged in before this client. Similarly, the system fails to perform the key generation if an SSH/
SCP client is logging in at that time.
The supported SSH encryption and authentication methods are:
Server Host AuthenticationClient RSA-authenticates Alteon at the beginning of every

connection
Key ExchangeRSA
Encryption3DES-CBC, DES
User AuthenticationLocal password authentication, RADIUS
The following SSH clients have been tested:
SSH 1.2.23 and SSH 1.2.27 for Linux (freeware)
SecureCRT 3.0.2 and SecureCRT 3.0.3 (Van Dyke Technologies, Inc.)
F-Secure SSH 1.1 for Windows (Data Fellows)
Note: The Alteon implementation of SSH is based on SSH version 1.5, and supports SSH versions
1.5 through 1.x.xx, and version 2.
Running SSH
You can access the CLI using an SSH connection once the IP parameters are configured and the SSH
service is turned on.
To establish an SSH connection with Alteon

1. Do one of the following:
Run the SSH program on your workstation by issuing the SSH command, followed by the
Alteon IP address.
>> # ssh <switch IP address>
If SecurID authentication is required, use the following command:
>> # ssh -1 ace <switch IP address>

2. When prompted, enter your username and password.
33

Accessing Alteon
Alteon includes seven user access levels, or classes, to enable better management and user
accountability Each access level defines a set of management features and related screens relevant
for that access level. The following is an overview of the different access levels:
UserAllows only temporary changes. Users on this level cannot change anything but can
display information that has no security or privacy implications, such as statistics and current
operational state information.
OperatorAllows only temporary changes. These changes are lost when Alteon is rebooted/
reset. Operators have access to the management features used for daily operations. Because
any changes an operator makes are undone by resetting Alteon, operators cannot severely
impact operation.
AdministratorAllows permanent configuration changes which will persist after a reboot or

reset. Administrators can access configuration functions and troubleshoot problems. Because
administrators can also make temporary (operator-level) changes, they must be aware of the
interactions between temporary and permanent changes.
Access levels are assigned unique user names and passwords. Once you are connected, you are
prompted to enter a password. Table 3 - User Access Levels, page 34 lists the default user names
and passwords for each access level.
Note: Radware recommends that you change default passwords after initial configuration and as
required by your network security policies.
Table 3: User Access Levels
User Account
Description and Tasks

Performed
Password
User
The User has no direct

responsibility for management.
The User can view all status
information and statistics but
cannot make any configuration
changes.
user
SLB Viewer
The SLB Viewer can view SLB

statistics and information, but
cannot make any configuration
changes.
slbview
Available to the vADC

administrator only.
34

User Account

Performed
Password
SLB Operator
The SLB Operator manages

content servers and other
Internet services and their
loads. In addition to viewing all
information and statistics, the
SLB Operator can enable or
disable servers using the SLB
Operation menu.
slboper

administrator only.
Layer 1 Operator
The Layer 1 Operator can

display information on Layer 1
parameters such as LACP and
link information.
l1oper
Layer 2 Operator

display information related to
Layer 2, such as routing and
ARP.
l2oper
Layer 3 Operator

display information related to
Layer 3.
l3oper

administrator only.
Layer 4 Operator
The Layer 4 Operator manages l4oper

traffic on the lines leading to the
shared Internet services. This
user currently has the same
access level as the SLB
Operator.
This level is reserved for future
use to provide access to
operational commands for
operators managing traffic on
the line leading to the shared
Internet services.
administrator only.
Operator
The Operator manages all

Alteon functions. In addition to
SLB Operator functions, the
Operator can reset ports.
oper
35

User Account

Performed
Password
SLB Administrator
The SLB Administrator

configures and manages
content servers and other
Internet services and their
loads. In addition to SLB
Operator functions, the SLB
Administrator can configure
parameters on the SLB menus,
with the exception of not
configuring filters or bandwidth
management.
slbadmin

administrator only.
Layer 3 Administrator
The Layer 3 Administrator

manages Layer 3 features.
l3admin

administrator only.
Layer 4 Administrator
The Layer 4 Administrator

configures and manages traffic
on the lines leading to the
shared Internet services. In
addition to SLB Administrator
functions, the Layer 4
Administrator can configure all
parameters on the SLB menus,
including filters and bandwidth
management.
l4admin

administrator only.
36

User Account

Performed
Password
Administrator
The superuser Administrator

admin
has complete access to all
menus, information, and
configuration commands,
including the ability to change
both the User and Administrator
passwords.
Certificate Administrator
In addition to having User

No default user or password
privileges, the Certificate
Administrator has full access to
the Certificate Repository menu
(/cfg/slb/ssl/certs),
including the ability to view,
import, export, create, update,
and decrypt SSL dump capture.
Unlike other user accounts,
there is no default user called
"crtadmin" and no default
password.
A Certificate Administrator user
cannot log in until a user with
certificate administrative
privileges is defined by the
Administrator.
Note: With the exception of the Administrator, access to each user level can be disabled by setting
the password to an empty value. All user levels below Administrator by default are initially disabled
(empty password) until they are enabled by the Administrator user. This prevents inadvertently
leaving Alteon open to unauthorized users.
37

CLI Menu
Once the Administrator password is verified, you are given complete access. The following is the CLI
Main Menu with Administrator privileges:
[Main Menu]
info
stats
cfg
oper
boot
maint
diff
apply
save
revert
exit
Information Menu
Statistics Menu
Configuration Menu
Operations Command Menu
Boot Options Menu
Maintenance Menu
Show pending config changes [global command]
Apply pending config changes [global command]
Save updated config to FLASH [global command]
Revert pending or applied changes [global command]
Exit [global command, always available]
Note: If you are accessing a User account or Layer 4 Administrator account, some menu options
are not available.
Command Line History and Editing

For a description of global commands, shortcuts, and command line editing functions, see Menu
Basics, page 39.
Idle Timeout
By default, Alteon disconnects your console or Telnet session after five minutes of inactivity. This
function is controlled by the idle timeout parameter, which can be set from 1 to 10080 minutes. For
more information on changing this parameter, see /cfg/sys/syslog System Host Log Configuration,
page 246.
38
Chapter 3 Menu Basics

Use the Alteon Application Switch Command Line Interface (CLI) to view Alteon information and
statistics. In addition, the administrator can use the CLI to perform all levels of configuration.
The various commands are logically grouped into a series of menus and sub-menus. Each menu
displays a list of commands and/or sub-menus that are available, along with a summary of what
each command does. Below each menu is a prompt where you enter any command appropriate to
the current menu.
This chapter describes the Main Menu commands, and provides a list of commands and shortcuts
that are commonly available from all the menus within the CLI.
The Main Menu

The Main Menu appears after you successfully connect and log in. Figure 1 - Main Menu for the
Administrator, page 39 shows the Main Menu for the administrator login.
Note: Some features are not available for the user login.
Figure 1: Main Menu for the Administrator

[Main Menu]
info
stats
cfg
oper
boot
maint
diff
apply
save
revert
exit
Information Menu
Statistics Menu
Configuration Menu
Operations Command Menu
Boot Options Menu
Maintenance Menu
Show pending config changes [global command]
Apply pending config changes [global command]
Save updated config to FLASH [global command]
Revert pending or applied changes [global command]
Exit [global command, always available]
Menu Summary
Information MenuIncludes sub-menus for displaying information about the current system
status, including basic system settings, VLANs, Layer 4 settings, and more.
Statistics MenuIncludes sub-menus for displaying performance statistics. Includes: port, IF,
IP, ICMP, TCP, UDP, SNMP, routing, ARP, DNS, VRRP, and Layer 4 statistics.
Configuration MenuAvailable only using an administrator login. It includes sub-menus for

configuring all Alteon features. Configuration changes are not active until explicitly applied with
the apply command. Changes can be saved to non-volatile memory.
Operations MenuIncludes operations-level commands for immediate and temporary

changes to the configuration. This includes bringing ports temporarily in and out of service,
performing port mirroring, and enabling or disabling Server Load Balancing (SLB) functions. It is
also for activating or deactivating optional software packages.
39

Menu Basics
Boot Options MenuUsed for upgrading the AlteonOS, selecting configuration blocks, and for
resetting Alteon when necessary.
Maintenance MenuUsed for debugging purposes, enabling you to generate a dump of critical
state information, and to clear entries in the forwarding database and the ARP and routing
tables.
Global Commands
Some basic commands are recognized throughout the menu hierarchy. These commands are used
for online help, navigating through menus, and for applying and saving configuration changes.
Note: For help on a specific command, type help.
Table 4: Description of Global Commands
Command
Action
? <command>
Provides more information about a specific command on the current menu. When
used without the command parameter, a summary of the global commands
displays.
or
help
<command>
For example:
>> Standalone ADC - Main# ? diff

Usage: diff [flash]
shows pending changes as differences between
"current config" [or flash] and "new config"
>> Standalone ADC - Main#
.
Displays the current menu.
or
print
..
Goes up one level in the menu structure.
or
up
/
If placed at the beginning of a command, go to the Main Menu. Otherwise, use

this to separate multiple levels in a menu hierarchy placed on the same line.
lines <n>
Sets the number of lines (n) that display on the screen at one time. The default is
24 lines. When used without a value, the current setting displays.
diff
Shows any pending configuration changes.
apply <vadc>
Applies pending configuration changes.

When the vADC Administrator performs an apply, the following prompt displays:
Synchronize configuration changes? [y/n]:

The Global Administrator can optionally apply pending configuraton changes to a
specific vADC.
save <vadc>
Writes configuration changes to non-volatile flash memory.

The Global Administrator can optionally save pending configuraton changes to a
specific vADC.
40

Menu Basics
Command
Action
revert
Removes pending configuration changes between apply commands. Use this

command to restore configuration parameters set since the last apply command.
exit or quit
Exits from the command line interface and log out.

Optional: Use exit now to exit without any further prompts.
ping
Verifies station-to-station connectivity across the network. Syntax:
ping <hostname> | <IP address> [tries <(1-32)> [msec delay]] [m|-mgmt|-d|-data]

where
IP address is the Alteon hostname or IP address.
tries is the number of attempts (1 to 32).
msec delay is the number of milliseconds between attempts.

By default, the -d or -data option for network ports is in effect. If using the
management port, specify the -m or -mgmt option. The DNS parameters
must be configured if specifying hostnames (for more information, see /cfg/
l3/dns Domain Name System Configuration Menu, page 367).
ping6
Verifies an IP address and interface connectivity across the network. Syntax:
ping6 <IP6 address> <Interface number>

For example:
ping6 3001::1234 - for ping6 global unicast address

ping6 fe80::201:2ff:feb1:10e2 20 - for ping6 link-local address
traceroute
Identifies the route used for station-to-station connectivity across the network.
Syntax:
traceroute <host name> | <IP address> [ <max-hops (1-32)> [msec

delay]] [-m|-mgmt|-d|-data]
where
IP address is the hostname or IP address of the target station.
max-hops is the maximum distance to trace (1 to 16 Alteons).
delay is the number of milliseconds for wait for the response.

management port, specify the -m or -mgmt option. The DNS parameters
must be configured if specifying hostnames (for more information, see /cfg/
l3/dns Domain Name System Configuration Menu, page 367).
pwd
Displays the command path used to reach the current menu.
41

Menu Basics
Command
Action
verbose <n>
Sets the level of information displayed on the screen.

Values for n:
0 (Quiet)Nothing appears except errors (not even prompts).
1 (Normal)Prompts and requested output are shown, but no menus.
2 (Verbose)Everything is shown.
When used without a value, the current setting displays.
telnet
Telnets out of the system. Syntax:
<hostname> | <IP address> [port] [-m|-mgmt|-d|-data]

where
IP address is the Alteon hostname or IP address.

management port, specify the -m or -mgmt option.
history
Displays the last 10 commands issued.
pushd
Stores the current location of the menu tree. Optionally, a new path can be
specified. Syntax:
pushd [ <new_path> ]
popd
Takes you one level back to the menu location stored by the last pushd
command.
apply vadcs
Applies changes for all running vADCs with pending configurations. Only available
to the Global Administrator.
save vadcs
Saves active configurations of all running vADCs. Only available to the Global
Administrator.
Command Line History and Editing

You can retrieve and modify previously entered commands using commands or Crtl key sequences.
Table 5: Command Line History and Editing Options
Option
Description
history
Displays a numbered list of the last 10 previously entered commands.
!!
Repeats the last command.
!n
Repeats the nth command shown on the history list.
Ctrl+P
Recalls the previous command from the history list. This can be used multiple
times to work backward through the last 10 commands. The recalled command
can be entered as is, or edited using the editing options listed in this table.
or
up arrow
Ctrl+N
or
Recalls the next command from the history list. This can be used multiple times to
work forward through the last 10 commands. The recalled command can be
entered as is, or edited using the editing options listed in this table.
down arrow
Ctrl+A
42
Moves the cursor to the beginning of command line.

Menu Basics
Table 5: Command Line History and Editing Options
Option
Description
Ctrl+E
Moves the cursor to the end of the command line.
Ctrl+B
Moves the cursor back one position to the left.
or
left arrow
key
Ctrl+F
Moves the cursor forward one position to the right.
or
right arrow
key
Backspace
Erases one character to the left of the cursor position.
or
Delete key
Ctrl+D
Deletes one character at the cursor position.
Ctrl+K
Kills (erases) all characters from the cursor position to the end of the command
line.
Ctrl+L
Redraws the screen.
Ctrl+U
Clears the entire line.
Other keys
Inserts new characters at the cursor position.
Command Line Interface Shortcuts

This section includes a list of CLI shortcuts, including:
Command Stacking, page 43
Command Abbreviation, page 44
Tab Completion, page 44
Configuration Ranges, page 44
Command Stacking
As a shortcut, you can type multiple levels in a menu hierarchy string on a single line, separated by
forward slashes (/). You can enter as many levels as required to access the menu option that you
want.
For example, the keyboard shortcut to access the Spanning Tree Port Configuration menu from the
Main# prompt is:
Main# cfg/12/stg/port
43

Menu Basics
Command Abbreviation
Most commands can be abbreviated by entering the first characters which distinguish the command
from the others in the same menu or sub-menu.
For example, the command shown in Command Stacking, page 43 could also be entered as:
Main# c/12/st/p
Tab Completion
By entering the first letter of a command at any menu prompt and pressing the Tab key, the CLI
displays all commands or options in that menu that begin with that letter. Entering additional letters
further refines the list of commands or options displayed. If only one command fits the input text
when Tab is pressed, that command displays on the command line, waiting to be entered. If you
press the Tab key without any input on the command line, the currently active menu displays.
Configuration Ranges
Most commands support configuration ranges. Configuration ranges allow you to set common
parameters on a range of similar items such as ports or VLANs.
For example, the following command enables the real servers numbered from 1 to 10:
Main# cfg/stb/real 1-10/enable

The following command menu items support both ranges and enable:
Main# /cfg/bwm/cont
Main# /cfg/bwm/policy
Main# /cfg/bwm/group
Main# /cfg/l2/stg
Main# /cfg/l2/trunk
Main# /cfg/l2/vlan
Main# cfg/l2/team
Main# /cfg/l3/if
Main# /cfg/l3/gw
Main# /cfg/l3/nwf
Main# /cfg/l3/rmap
Main# /cfg/l3/vrrp/vr
Main# /cfg/l3/vrrp/vrgroup
Main# /cfg/sec/pgroup
Main# /cfg/slb/real
Main# /cfg/slb/group
Main# /cfg/slb/virt
Main# /cfg/slb/filt
Main# /oper/slb/group
Main# /stat/s
44
Chapter 4 The Information Menu

You can view Alteon configuration information in both the user and administrator command modes
using the sub-menus and commands under the Information menu. This chapter includes the menus,
sub-menus and commands that display Alteon information.
/info
Information Menu
The following is an example of the Information menu and an explanation of the Information menu
options.
Figure 2: Global Administrator Information Menu

[Global - Information Menu]
sys
- System Information Menu
l2
- Layer 2 Information Menu
link
- Show link status
port
- Show port information
vadc
- vADC Summary
swkey
- Show enabled software features
dump
- Dump all information
Figure 3: vADC Administrator or Standalone Information Menu

[Information
sys
l2
l3
slb
bwm
security
link
port
swkey
dump
Menu]
- System Information Menu
- Layer 4-7 Information Menu
- Bandwidth Management Information Menu
- Security Information Menu
- Show link status
- Show enabled software features
- Dump all information
Table 6: Information Menu Options (/info)
Command Syntax and Usage

sys
Displays the System Information menu. To view this menu, see /info/sys System
Information Menu, page 47.
l2
Displays the Layer 2 Information menu. To view this menu, see /info/l2 Layer 2
45

The Information Menu

l3
Displays the Layer 3 Information menu. This menu only appears on the vADC
Administration menu. To view this menu in ADC-VX mode, see /info/l3 Layer3
slb
Displays the Layer 4 Information menu. This menu only appears on the vADC
Administration menu. To view this menu in ADC-VX mode, see /info/slb Layer 4
bwm
Displays the Bandwidth Management Information menu. This menu only appears
on the vADC Administration menu. To view this menu in ADC-VX mode, see /info/
bwm Bandwidth Management Information Menu, page 113.
security
Displays the Security Information menu, from which you can access the current
UDP blast settings and the security status of the port. This menu only appears on
the vADC Administration menu. To view this menu in ADC-VX mode, see /info/
security Security Information, page 116.
link
This command only appears in the Global Administrator environment in ADC-VX
mode.
Displays configuration information about each port, including:
Port number
Port speed (10, 100, 10/100, or 1000)
Duplex mode (half, full, or auto)
Flow control for transmit and receive (no, yes, or auto)
Link status (up or down)
For sample output, see /info/link Link Status Information, page 117.
port <port ID>

mode.
Displays port status information, including:
Port number
Whether the port uses VLAN tagging
Port VLAN ID(PVID)
Port name
VLAN membership
For sample output, see /info/port Port Information, page 118.
46


vadc <vadc ID>|all
Displays a summary of vADC information. This command only appears in the
Global Administrator environment in ADC-VX mode.
The vadc command by itself shows the information for all enabled vADCs. To see
the information for an individual vADC, include the vADC ID. For example, vadc
vadc 65.
To see the information for all enabled and disabled vADCs, enter vadc all.
For sample output, see /info/vadc vADC Information in the Global Administrator
Environment, page 68.
swkey
Displays a list of all the optional software packages that have been activated or
installed. For sample output, see /info/swkey Software Enabled Keys, page 118.
dump
Dumps all information available from the Information menu (the dump output
may be 10K or more, depending on your configuration).
If you want to capture dump data to a file, set your communication software on
your workstation to capture session data prior to issuing the dump command. For
sample output, see /info/dump Information Dump, page 119.
/info/sys
System Information Menu

[System Menu]
snmpv3
general
ps
fan
temp
sslchip
time
log
slog
mgmt
capacity
encrypt
user
dump
SNMPv3 Information Menu

Show general system information
Show power supply information
Show system fan information
Show system temperature information
Show SSL chip information
Show date and time
Show last 64 syslog messages
Show last 64 syslog messages saved in FLASH
Show management port information
Show switch capacity information
Show switch encryption licenses
Show current user status
Dump all system information
Table 7: Information System Menu Options (/info/sys)

snmpv3
Displays the SNMPv3 Information menu. To view the menu, see /info/sys/snmpv3
SNMPv3 System Information Menu, page 49.
47


general
Displays general system information including:
System information such as time, day, and date.
Alteon model name and number. In the vADC Administrator environment in

ADC-VX mode, this is instead the vADC name.
The status of each vADC process.
How long the Alteon has been up.
Time of last boot.
MAC address of the management processor.
IP address of IP interface #1
Hardware order number and part numbers of the mainboard hardware,

management processor board hardware, and gigabit Ethernet board
hardware. In the Global Administrator environment in ADC-VX mode only.
Software image file and version number.
Configuration name.
Login banner, if one is configured.
For sample output and a description of these statistics, see /info/sys/general

General System Information, page 56.
ps
Displays the power supply status.
fan
Displays the fan status.
temp
Displays the temperature status of the Alteon sensors.
sslchip
Displays the SSL chip information.
time
Displays the current time.
log
Displays last 64 syslog messages. For sample output and a description of these
statistics, see /info/sys/log Show Last 64 Syslog Messages, page 57.
slog
Displays the last 64 syslog messages that are saved in flash. For sample output
and a description of these statistics, see /info/sys/slog Last 64 Saved Syslog
Messages, page 58.
mgmt
Displays management port information. For sample output and a description of
these statistics, see /info/sys/mgmt Management Port Information, page 58.
48


capacity gen|l2|l3|slb|port
Displays Alteon capacity information. This output displays the maximum capacity
for the various applications and services that Alteon supports. The output
contains capacity information about capacity units, vADCs, Layer 2, Layer 3, RIP,
OSPF, BGP, Route Maps, Network Filters, VRRP, Layer 4 through 7, which includes
Server Load Balancing (SLB), filters, GSLB, health checks, general information,
and SNMPv3.
For sample output and a description of these statistics, see /info/sys/capacity
System Capacity Information, page 59.
encrypt
Displays the current encryption licenses.
user
Displays the current user names.
dump
Displays all system information. For sample output and a description of these
statistics, see /info/sys/dump System Information Dump, page 67.
/info/sys/snmpv3
SNMPv3 System Information Menu

SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2
Framework by supporting the following:
A new SNMP message format
Security for messages
Access control
Remote configuration of SNMP parameters
For more details on the SNMPv3 architecture, refer to RFC 2271 to RFC 2276.
[SNMPv3 Information Menu]

usm
- Show usmUser table information
view
- Show vacmViewTreeFamily table information
access
- Show vacmAccess table information
group
- Show vacmSecurityToGroup table information
comm
- Show community table information
taddr
- Show targetAddr table information
tparam
- Show targetParams table information
notify
- Show notify table information
dump
- Show all SNMPv3 information
Table 8: SNMPv3 information Menu Options (/info/sys/snmpv3)

usm
Displays User Security Model (USM) table information. To view the table
information, see /info/sys/snmpv3/usm SNMPv3 USM User Table Information,
page 50.
49

Table 8: SNMPv3 information Menu Options (/info/sys/snmpv3)

view
Displays information about view, sub tress, mask, and type of view. For sample
output and a description of these statistics, see /info/sys/snmpv3/view SNMPV3
View Table Information, page 51.
access
Displays view-based access control information. For sample output and a
description of these statistics, see /info/sys/snmpv3/access SNMPv3 Access Table
Information, page 51.
group
Displays information about the group that includes the security model, user
name, and group name. For sample output and a description of these statistics,
see /info/sys/snmpv3/group SNMPv3 Group Table Information, page 52.
comm
Displays the Community table information. For sample output and a description of
these statistics, see /info/sys/snmpv3/comm SNMPv3 Community Table
taddr
Displays the target address table information. For sample output and a
description of these statistics, see /info/sys/snmpv3/taddr SNMPv3 Target
Address Table Information, page 53.
tparam
Displays the Target Parameters table information. For sample output and a
description of these statistics, see /info/sys/snmpv3/tparam SNMPv3 Target
Parameters Table Information, page 53.
notify
Displays the Notify table information. For sample output and a description of
these statistics, see /info/sys/snmpv3/notify SNMPv3 Notify Table Information,
page 54.
dump
Displays all the SNMPv3 information. To view a sample, see /info/sys/snmpv3/
dump SNMPv3 Dump Information, page 55.
/info/sys/snmpv3/usm
SNMPv3 USM User Table Information

The User-based Security Model (USM) in SNMPv3 provides security services such as authentication
and privacy of messages. This security model uses a defined set of user identities displayed in the
Table 9 - USM User Table Information Parameters (/info/sys/snmpv3/usm), page 51. The USM user
table contains information such as:
The user name.
A security name in the form of a string whose format is independent of the security model.
An authentication protocol, which is an indication that the messages sent on behalf of the user
can be authenticated.
The privacy protocol.
50

Table 9: USM User Table Information Parameters (/info/sys/snmpv3/usm)
Field
Description
Engine ID
The SNMPv3 Engine ID lets network managers define the SNMP Engine ID and to
assign the default parameters to SNMP.
The field value is a hexadecimal string. Each byte in hexadecimal character
strings is two hexadecimal digits. Each byte digit can be separated by a period (.)
or a colon (:).
User Name
This is a string that represents the name of the user that you can use to access
Alteon.
Protocol
This indicates whether messages sent on behalf of this user are protected from
disclosure using a privacy protocol. Alteon supports DES algorithm for privacy.
Alteon also supports two authentication algorithms: HMAC-MD5 and HMAC-SHA.
/info/sys/snmpv3/view
SNMPV3 View Table Information

You can control and restrict the access allowed to a group by specifying the groups rights in terms
of a particular MIB view.
View Name
--------------org
viv2only
viv2only
viv2only
viv2only
Subtree
-----------------1.3
1.3
1.3.6.1.6.3.15
1.3.6.1.6.3.16
1.3.6.1.6.3.18
Mask
-----------
Type
---------included
included
excluded
excluded
excluded
Table 10: SNMPv3 View Table Information Parameters (/info/sys/snmpv3/view)
Field
Description
View Name
The view name.
Subtree
The MIB sub-tree as an OID string. A view sub-tree is the set of all MIB object
instances which have a common Object Identifier prefix to their names.
Mask
The bit mask.
Type
Indicates if a family of view sub-trees is included or excluded from the MIB view.
/info/sys/snmpv3/access
SNMPv3 Access Table Information

The access control subsystem provides authorization services.
The vacmAccessTable maps a group name, security information, a context, and a message type
(read or write operation) or notification into a MIB view.
The View-Based Access Control Model defines a set of services that an application can use for
checking access rights of a group. This group's access rights are determined by one of the following
views:
The read-view represents the set of object instances authorized for the group while reading the
objects.
The write-view represents the set of object instances authorized for the group when writing
objects.
The notify-view represents the set of object instances authorized for the group when sending a
notification.
51

Group Name
---------v1v2grp
admingrp
Prefix
------
Model
----snmpv1
usm
Level
-----------noAuthNopriv
authPriv
Match
----exact
exact
ReadV
----iso
iso
WriteV
-----iso
iso
NotifyV
------v1v2only
iso
Table 11: SNMPv3 Access Table Information (/info/sys/snmpv3/access)
Field
Description
Group Name
The group name.
Prefix
The prefix that is configured to match the values.
Model
The security model.

Values: SNMPv1, SNMPv2, USM
Level
The minimum level of security required to gain rights of access.

Values: noAuthNoPriv, authNoPriv, authPriv
Match
The match for the contextName.

Values: exact, prefix
ReadV
The MIB view to which this entry authorizes the read access.
WriteV
The MIB view to which this entry authorizes the write access.
NotifyV
The notify view to which this entry authorizes the notify access.
/info/sys/snmpv3/group
SNMPv3 Group Table Information

A group is a combination of the security model and security name that defines the access rights
assigned to all the security names belonging to that group. The group is identified by a group name.
Sec Model
-----------snmpv1
usm
usm
User Name
----------------------------------vlv2only
adminmd5
adminsha
Group Name
----------v1v2grp
admingrp
admingrp
Table 12: SNMPv3 Group Table Information Parameters (/info/sys/snmpv3/group)
Field
Sec Model
Description
The security model.
Values: USM, SNMPv1, SNMPv2, SNMPv3
User Name
The group name.
Group Name
The group access name.
/info/sys/snmpv3/comm
SNMPv3 Community Table Information

This command displays the community table information stored in the SNMP engine.
Index
Name
User Name
Tag
---------- ---------- -------------------- ---------trap1
public
v1v2only
v1v2trap
52

Table 13: SNMPv3 Community Table Parameters (/info/sys/snmpv3/comm)
Field
Description
Index
The unique index value of a row in this table.
Name
The community string, which represents the configuration.
User Name
The User Security Model (USM) user name.
Tag
The community tag. This tag specifies a set of transport endpoints from which a
command responder application accepts management requests, and to which a
command responder application sends an SNMP trap.
/info/sys/snmpv3/taddr
SNMPv3 Target Address Table Information

This command displays the SNMPv3 target address table information, which is stored in the SNMP
engine.
Name
Transport Addr Port Taglist
Params
---------- --------------- ---- ---------- --------------trap1
47.81.25.66
162 v1v2trap
v1v2param
Table 14: SNMPv3 Target Address Table Information Parameters (/info/sys/snmpv3/taddr)
Field
Description
Name
The locally arbitrary, but unique, identifier associated with this SNMP Target
Address entry.
Transport Addr
The transport addresses.
Port
The SNMP UDP port number.
Taglist
The list of tag values used to select target addresses for a particular SNMP
message.
Params
The value of this object identifies an entry in the snmpTargetParamsTable. The

identified entry contains SNMP parameters used when generating messages to be
sent to this transport address.
/info/sys/snmpv3/tparam
SNMPv3 Target Parameters Table Information

Name
MP Model
------------ -------v1v2param
snmpv2c
User Name
-----------v1v2only
Sec Model
--------snmpv1
Sec Level
--------noAuthNoPriv
Table 15: SNMPv3 Target Parameters Table Information (/info/sys/snmpv3/tparam)
Field
Description
Name
The locally arbitrary, but unique, identifier associated with this SNMP Target
Parameters entry.
MP Model
The Message Processing Model used when generating SNMP messages for this
entry.
53

Table 15: SNMPv3 Target Parameters Table Information (/info/sys/snmpv3/tparam)
Field
Description
User Name
The security name that identifies the entry on whose behalf SNMP messages are
generated using this entry.
Sec Model
The security model used when generating SNMP messages using this entry. The
system may return an inconsistentValue error if an attempt is made to set this
variable to a value for a security model that the system does not support.
Sec Level
The level of security used when generating SNMP messages using this entry.
/info/sys/snmpv3/notify
SNMPv3 Notify Table Information

Name
Tag
-------------------- -------------------v1v2trap
v1v2trap
Table 16: SNMPv3 Notify Table Information (/info/sys/snmpv3/notify)
Field
Description
Name
The locally arbitrary, but unique, identifier associated with this SNMP Notify entry.
Tag
This represents a single tag value used to select entries in the SNMP Target
Address table. Any entry in the SNMP Target Address table that contains a tag
value equal to the value of this entry is selected. If this entry contains a value of
zero length, no entries are selected.
54

/info/sys/snmpv3/dump
SNMPv3 Dump Information

usmUser Table:
User Name
-------------------------------adminmd5
adminsha
v1v2only
Protocol
-------------------------------HMAC_MD5, DES PRIVACY
HMAC_SHA, DES PRIVACY
NO AUTH, NO PRIVACY
vacmAccess Table:
Group Name Prefix Model
Level
Match ReadV
WriteV
---------- ------ ------- ------------ ------ ---------- -------v1v2grp
snmpv1 noAuthNoPriv exact iso
iso
admingrp
usm
authPriv exact iso
iso
vacmViewTreeFamily Table:
View Name
Subtree
-------------------- -----------------------------iso
1
v1v2only
1
v1v2only
1.3.6.1.6.3.15
v1v2only
1.3.6.1.6.3.16
v1v2only
1.3.6.1.6.3.18
vacmSecurityToGroup Table:
Sec Model User Name
---------- ------------------------------snmpv1
v1v2only
usm
adminmd5
usm
adminsha
NotifyV
-----v1v2only
iso
Mask
Type
------------ ---included
included
excluded
excluded
excluded
Group Name
-----------------------------v1v2grp
admingrp
admingrp
snmpCommunity Table:
Index
Name
User Name
Tag
---------- ---------- -------------------- ---------snmpNotify Table:
Name
Tag
-------------------- -------------------snmpTargetAddr Table:
Name
Transport Addr Port Taglist
Params
---------- --------------- ---- ---------- --------------snmpTargetParams Table:
Name
MP Model User Name
Sec Model Sec Level
-------------------- -------- -------------------- --------- ---------
55

/info/sys/general
General System Information

The following is an example of the general system information output:
Figure 4: Global Administrator General System Information

System Information at 4:35:28 Sat Jul 29, 2013
Time zone: No timezone configured (GMT offset -8:00)
Memory profile is Default

Switch is up 24 days, 19 hours, 47 minutes and 48 seconds.
Last boot: 8:47:39 Tue Jul 4, 2013 (power cycle)
Last apply: 11:32:06 Thu Jul 27, 2013
Last save: 13:43:45 Wed Jul 5, 2013
MAC Address
Hardware MainBoard No|Rev
Hardware DB No|Rev
Hardware Serial Number
:
:
:
:
00:03:b2:53:89:00
MEKX-MB-DBS-BP | C.08
MEKX-E4SFP | B.02
31001817
Note - When the measured temperature inside the switch EXCEEDs

the anomaly threshold at 65 degree Celsius or the critical
temperature at 73 degree Celsius different syslog messages
will be generated.
ADC-VX Infrastructure Software Version 28.1.0.0, Image ID 1, active
configuration.
ADC Application Software Version 28.1.0.0, Image ID 3
vADC
Last
Last
Last
1 is up 23 days, 19 hours, 42 minutes and 37 seconds.

boot: 8:52:51 Wed Jul 5, 2013 (unknown reason)
apply: 8:57:23 Wed Jul 5, 2013
save:
vADC
Last
Last
Last

boot: 0:00:06
? (unknown reason)
apply:
save:
56

Figure 5: vADC Administrator or Standalone General System Information

System Information at 16:17:40 Tue Oct 19, 2013
vADC 1
vADC
Last
Last
Last
1 is up 1 day, 2 hours, 23 minutes and 48 seconds.

boot: 13:53:52 Mon Oct 18, 2013 (unknown reason)
apply: 13:55:47 Mon Oct 18, 2013
save: 13:55:50 Mon Oct 18, 2013
MAC Address
:
00:03:b2:81:78:01
Software Version 28.1.0.0 (FLASH image1), active configuration.
Note: The temperature displays only if the temperature of any of the sensors exceeds the anomaly
threshold of the platform. The software sends a warning message if any of the sensors exceed this
temperature threshold. Alteon shuts down if the power supply overheats and the temperature gets
to the critical temperature of the platform. Information about fan failures also displays if one or
more fans are not functioning. For more information on fan failure, see the Radware Alteon
Installation and Maintenance Guide.
/info/sys/time
Show System Time

>> Main# /info/sys/time
4:59:18 Mon Jan 10, 2013
Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00)
DST on second Sunday of March at 02:00
DST off first Sunday of November at 02:00
/info/sys/log
Show Last 64 Syslog Messages

Each syslog message has a criticality level associated with it, included in text format as a prefix to
the log message.
Jan 10 16:29:00 ALERT

192.168.0.1
Jan 10 16:29:02 NOTICE
192.168.0.1operational
Jan 10 16:36:44 ALERT
ip: cannot contact management port default gateway

ip: management port default gateway
ip: default gateway 192.168.0.1 operational
ip: default gateway 192.168.0.1 enabled
system: link down on management port
One of the following prefixes is used, depending on the condition that the administrator is notified
of:
EMERGIndicates the system is unusable.
ALERTIndicates that action should be taken immediately.
CRITIndicates critical conditions.
ERRIndicates error conditions or error operations.
WARNINGIndicates warning conditions.
57

NOTICEIndicates a normal but significant condition.
INFOIndicates an information message.
DEBUGIndicates a debug-level message.
Note: When you apply configuration changes on a peer vADC, a syslog message is sent to the
primary vADC indicating the success or failure of the apply. For example:
Jan 10 16:29:00 system: vADC 1 configuration synchronization failed
/info/sys/slog
Last 64 Saved Syslog Messages

Dec 10 16:29:00
192.168.0.1
Dec 10 16:29:02
operational
Dec 10 16:32:06
Dec 10 16:33:08
Dec 10 16:36:44
ALERT
ip: cannot contact management port default gateway
NOTICE ip: management port default gateway 192.168.0.1

NOTICE ip: default gateway 192.168.0.1 operational
NOTICE ip: default gateway 192.168.0.1 enabled
ALERT system: link down on management port
/info/sys/mgmt
Management Port Information

Management port information:
Speed
Duplex
-----------100
full
MAC address:
00:91:81:2e:bc:bd
Interface information:
192.168.0.44
2001:0:0:0:0:0:0:2131
Gateway information:
192.168.0.1
2001:0:0:0:0:0:0:1
Link
---up
255.255.255.0
/64
192.168.0.255
Use this command to display management port information, including:
Port speed (10/100)
Duplex mode (half, full, any, or auto)
Link (up or down)
MAC address of the system
IP address of the interface
IP address of the gateway
58

/info/sys/capacity
System Capacity Information

The following sample output displays the maximum and currently enabled capacity for various
services and applications from Layer 2 through 7.
Figure 6: System Capacity Information, Global Administrator Environment

Maximum
Current(Enabled)
RESOURCES
Capacity Units
vADC
28
28
3
2(2)
LAYER 2
VLANs
Static Trunk Groups
LACP Trunk Groups
Trunks per Trunk Group
Spanning Tree Groups
Port Teams
Monitor Ports
2048
12
28
8
16
8
1
4(4)
0(0)
GENERAL
Syslog hosts
RADIUS servers
TACACS+ servers
SMTP hosts
Mnet/Mmask
End Users
Panic Dumps
RAM(GB)
Hard Disk(GB)
Cache Usage(MB)
5
2
2
1
128
10
2
16
160
266
0
0
0
0
0
SNMPv3
SNMPv3
SNMPv3
SNMPv3
SNMPv3
16
128
32
16
16
Users
Views
Access Groups
Target Address Entries
Target Params Entries
16(1)
8(0)
24
0
3
5
2
0
0
59

Figure 7: System Capacity Information, vADC Administrator Environment

Maximum
Current(Enabled)
LAYER 2
FDB
FDB per SP
16384
8192
LAYER 3
IP Interfaces
IP Gateways
IP Routes
Static Routes
ARP Entries
Static ARP Entries
Local Nets
DNS Servers
BOOTP Servers
256
4+255
4096
128
8192
128
15
2
2
0(0)
0+0(0+0)
3
0
1
0
0
0
0
RIP Interfaces
256
OSPF
OSPF
OSPF
OSPF
OSPF
LSDB
256
3
16
3
128
12288
0(0)
0(0)
0(0)
0(0)
0(0)
BGP Peers
BGP Route Aggregators
16
16
0(0)
0(0)
Route Maps
Network Filters
AS Filters
32
256
8
0(0)
0(0)
VRRP Routers
VRRP Router Groups
VRRP Interfaces
1024
16
256
0(0)
0(0)
0
SLB (LAYER 4-7)

Real Servers
Server Groups
Virtual Servers
Virtual Services
Real Services
Health check objects
1024
1024
1024
1024
8192
1024
0(0)
0
0(0)
Network Classes
Network Elements
1024
8192
0
0
CONTENT
Content
Content
Content
Content
4096
128
1024
8192
0(0)
60
Interfaces
Areas
Summary Ranges
Virtual Links
Hosts
Limit
CLASS
Rules
Rules per virtual service
Classes
lookup entries
72
0(0)
0(0)

(continued)
Real IDS Servers
IDS Server Groups
62
63
APPLICATION SERVICES
Compression Policies
Compression URL Exception Rule-lists
Compression Browser Exception Rule-lists
Compression URL Rules
Compression Browser Rules
FastView Policies
Caching Rule-lists
Caching Rules
Rules per URL or Browser Rule list
SSL Policies
Client Authentication Policies
HTTP Modification Rule-lists
Rules per HTTP mod Rule-list
HTTP Modification Rules
AppShape++ scripts
AppShape++ scripts per virtual service
49
49
50
500
500
49
49
500
500
49
49
1024
128
250
49
16
0(0)
0(0)
1(1)
0(0)
12(12)
2(0)
0(0)
0(0)
Keys
Certifiate signing requests
Server certificates
Trusted CA certificates
Intermediate CA certificates
Certificate Groups
99
49
99
24
24
128
0
0
0
0
0
0
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
1024
8192
1024
1024
64
2
1024
8
128
8
10240
0(0)
0(0)
0(0)
0(0)
0(0)
2(2)
0(0)
8(8)
0(1)
8(8)
10240(10240)
2048
100
1024
1024
13999909
64
64
8
0(0)
2(1)
0(0)
0(0)
0(0)
0(0)
CERTIFICATE REPOSITORY
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
Domains
Services
Local Servers
Remote Servers
Remote Sites
Failovers per Remote Site
Networks
Geographical Regions
Rules
Metrics Per Rule
DNS Persistence Cache Entries
Filters
SIP UDP Rules Limit
PIPs
Rules for URL Parsing
SLB Sessions
Number of Rports to Vport
Domain Records
Mapping Per Domain Record
0
1
0
1(1)
61

(continued)
LinkLB
N/A
LAYER 4 - PORTS
Port # Client Server
Filter
RTS
BWM
Policies
Contracts
Groups
Contracts per Group
Time Policies per Contract
512
1024
32
8
2
Security
Configuration source IP ACLs
Bogon source IP ACLs
Operations source IP ACLs
Total source IP ACLs
Configuration destination IP ACLs
Operations destination IP ACLs
Total destination IP ACLs
IP DoS attacks prevention
TCP DoS attacks prevention
UDP DoS attacks prevention
ICMP DoS attacks prevention
IGMP DoS attacks prevention
ARP DoS attacks prevention
IPv6 DoS attacks prevention
Total DoS attacks prevention
UDP ports for UDP blast protection
N/A
5120
8192
1024
14340
1024
1024
2052
17
18
6
5
3
5
2
56
5000
GENERAL
Syslog hosts
RADIUS servers
TACACS+ servers
NTP servers
SMTP hosts
Mnet/Mmask
End Users
Panic Dumps
RAM(GB)
Hard Disk(GB)
Cache Usage(MB)
OCSP Cache Entries
5
2
2
2
1
128
11
2
16
160
N/A
50
0
0
0
0
0
0
SNMPv3
SNMPv3
SNMPv3
SNMPv3
SNMPv3
16
128
32
16
16
3
5
2
0
0
62
Users
Views
Access Groups
Target Address Entries
Target Params Entries
0
3(3)
0
0
0
0
0
0
0
0
27
N/A

Figure 8: System Capacity Information, Standalone Environment

Maximum
Current(Enabled)
LAYER 2
FDB
FDB per SP
VLANs
Static Trunk Groups
LACP Trunk Groups
Trunks per Trunk Group
Spanning Tree Groups
Port Teams
Monitor Ports
16384
8192
2048
12
28
8
16
8
1
LAYER 3
IP Interfaces
IP Gateways
IP Routes
Static Routes
ARP Entries
Static ARP Entries
Local Nets
DNS Servers
BOOTP Servers
256
4+255
4096
128
8192
128
15
2
2
0(0)
0+0(0+0)
3
0
1
0
0
0
0
RIP Interfaces
256
OSPF
OSPF
OSPF
OSPF
OSPF
LSDB
256
3
16
3
128
12288
0(0)
0(0)
0(0)
0(0)
0(0)
BGP Peers
BGP Route Aggregators
16
16
0(0)
0(0)
Route Maps
Network Filters
AS Filters
32
256
8
0(0)
0(0)
VRRP Routers
VRRP Router Groups
VRRP Interfaces
1024
16
256
0(0)
0(0)
0
SLB (LAYER 4-7)

Real Servers
Server Groups
Virtual Servers
Virtual Services
Real Services
Health check objects
1024
1024
1024
1024
8192
1024
0(0)
0
0(0)
Network Classes
Network Elements
1024
8192
0
0
Interfaces
Areas
Summary Ranges
Virtual Links
Hosts
Limit
1(1)
0(0)
16(1)
8(0)
72
63

(continued)
CONTENT CLASS
Content Rules
Content Rules per virtual service
Content Classes
Content lookup entries
Real IDS Servers
IDS Server Groups
4096
128
512
8192
62
63
0(0)
APPLICATION SERVICES
Compression Policies
Compression URL Exception Rule-lists
Compression Browser Exception Rule-lists
Compression URL Rules
Compression Browser Rules
FastView Policies
Caching Rule-lists
Caching Rules
Rules per URL or Browser Rule list
SSL Policies
Client Authentication Policies
HTTP Modification Rule-lists
Rules per HTTP mod Rule-list
HTTP Modification Rules
AppShape++ scripts
AppShape++ scripts per virtual service
49
49
50
500
500
49
49
500
500
49
49
1024
128
250
49
16
0(0)
0(0)
1(1)
0(0)
12(12)
2(0)
0(0)
0(0)
Keys
Certifiate signing requests
Server certificates
Trusted CA certificates
Intermediate CA certificates
Certificate Groups
99
49
99
24
24
128
0
0
0
0
0
0
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
N/A
1024
8192
1024
1024
64
2
1024
8
128
8
10240
0(0)
0(0)
0(0)
0(0)
0(0)
2(2)
0(0)
8(8)
0(1)
8(8)
10240(10240)
0(0)
0(0)
2(1)
0(0)
0(0)
0(0)
0(0)
CERTIFICATE REPOSITORY
64
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
Domains
Services
Local Servers
Remote Servers
Remote Sites
Failovers per Remote Site
Networks
Geographical Regions
Rules
Metrics Per Rule
DNS Persistence Cache Entries

(continued)
Filters
SIP UDP Rules Limit
PIPs
Rules for URL Parsing
SLB Sessions
Number of Rports to Vport
Domain Records
Mapping Per Domain Record
2048
100
1024
1024
13999909
64
64
8
LinkLB
N/A
LAYER 4 - PORTS
Port # Client Server
Filter
0(0)
0
1
0
1(1)
RTS
BWM
Policies
Contracts
Groups
Contracts per Group
Time Policies per Contract
512
1024
32
8
2
Security
Configuration source IP ACLs
Bogon source IP ACLs
Operations source IP ACLs
Total source IP ACLs
Configuration destination IP ACLs
Operations destination IP ACLs
Total destination IP ACLs
IP DoS attacks prevention
TCP DoS attacks prevention
UDP DoS attacks prevention
ICMP DoS attacks prevention
IGMP DoS attacks prevention
ARP DoS attacks prevention
IPv6 DoS attacks prevention
Total DoS attacks prevention
UDP ports for UDP blast protection
N/A
5120
8192
1024
14340
1024
1024
2052
17
18
6
5
3
5
2
56
5000
GENERAL
Syslog hosts
RADIUS servers
TACACS+ servers
NTP servers
SMTP hosts
Mnet/Mmask
End Users
Panic Dumps
RAM(GB)
Hard Disk(GB)
Cache Usage(MB)
OCSP Cache Entries
5
2
2
2
1
128
11
2
16
160
N/A
50
0
3(3)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
27
N/A
65

/info/sys/fan
Show Switch Fan Status

>> Main# /info/sys/fan
Fans OK.
/info/sys/temp
Show Switch Temperature Sensor Status

>> Main# /info/sys/temp
Sensor 1 has 44 degree Celsius
Current device temperature is OK
Note:
High temperature is 65-73 degree Celsius
Critical temperature 73 and above degree Celsius
System will shutdown if it reaches Critical temperature
/info/sys/encrypt
Show Encryption Licenses

>> Main# /info/sys/encrypt
AOS contains the following encryption licenses:
BLOWFISH
DES & 3DES
MD5
RC4
SHA 1
/info/sys/user
Show Current User Status

Usernames:
user
slbview
slboper
l4oper
oper
slbadmin
l4admin
admin
enabled
disabled
disabled
disabled
disabled
disabled
disabled
Always Enabled
Switching RADIUS/TACACS AUTH between User and Slbview is disabled

Current User ID table:
66

/info/sys/dump
System Information Dump

>> ADC-VX - System# /info/sys/dump
System Information at 10:05:41 Thu Nov 3, 2013

Alteon Application Switch 5412
Switch is up 2 days, 16 hours, 25 minutes and 2 seconds.
Last boot: 17:40:39 Mon Oct 31, 2013 (reset from Telnet)
Last apply: 17:48:56 Wed Nov 2, 2013
Last save: 12:11:55 Mon Oct 31, 2013
MAC Address
Hardware MainBoard No|Rev
Hardware DB No|Rev
Hardware Serial Number
:
:
:
:
00:03:b2:81:ab:00
MEKX-MB-DBS-BP | C.08
MEKX-E4SFP | B.02
31001072
Note - When the measured temperature inside the switch EXCEEDs

the anomaly threshold at 65 degree Celsius or the critical
temperature at 73 degree Celsius different syslog messages
will be generated.
ADC-VX Infrastructure Software Version 28.1.0.0, Image ID 1, active
configuration.
ADC Application Software Version 28.1.0.0, Image ID 3
vADC
Last
Last
Last

boot: 17:41:14 Mon Oct 31, 2013 (power cycle)
apply: 14:20:43 Wed Nov 2, 2013
save: 15:21:49 Mon Oct 31, 2013
Last 64 syslog messages:

Oct 31 17:40:43 NOTICE system: temperature ok
Oct 31 17:40:43 NOTICE system: fans ok
Oct 31 17:40:44 ALERT
system: Only one Power Supply unit is connected
Oct 31 17:40:47 NOTICE system: link up on port 1
--------------------------------Management port one information:
--------------------------------Speed
Duplex
Link
-------------100
full
up
MAC address:
00:03:b2:81:ab:00
172.2.3.26
255.255.0.0
172.2.255.255
Gateway information:
172.2.1.254
67

/info/vadc
vADC Information in the Global Administrator Environment

This is only available to the Global Administrator in ADC-VX mode. In the following example, there
are 25 available units out of the total 28 that are defined for the system.
Note:
In hot standby redundancy configurations, VRRP status options are MASTER, BACKUP and INIT.
In active-standby redundancy configurations, VRRP status options are ACTIVE, STANDBY and
INIT.
>> Port 1# /info/vadc

Available capacity units: 21(28)
Available system Throughput: 4.90Gbps
Available system SSL (HW): 9800 CPS
Available system Compression: 0.09Gbps
vADC
---1
2
3
4
5
Name/IP
-----------10.203.115.5
10.203.115.1
10.203.115.2
10.203.115.3
10.203.115.4
vADC
---1
2
3
4
5
Name/IP
-----------10.203.115.5
10.203.115.1
10.203.115.2
10.203.115.3
10.203.115.4
Status
------------ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
Status
------------ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
CUs
--4
1
3
2
2
VRRP
Status
-----NONE
NONE
NONE
NONE
NONE
Max SSL
(CPS)
------1400
1400
1400
1400
1400
Max thrput
(Mbps)
---------500
200
200
1000
1200
SSL
limit
----50
50
0
0
0
limit
Ave.SP%
----200
200
200
200
200
------2
2
2
2
2
Max Comp.
(MB)
---------50
50
50
50
50
Comp.limit
---------0
0
100
0
0
/info/l2
Layer 2 Information Menu

Figure 9: Global Administrator Layer 2 Information Menu
[Layer 2 Menu]
lacp
stg
cist
trunk
vlan
team
dump
-
68
Link
Show
Show
Show
Show
Show
Dump
Aggregation Control Protocol Menu

STG information
CIST information
Trunk Group information
VLAN information
port team information
all Layer 2 information

Figure 10: vADC Administrator Layer 2 Information Menu

[Layer 2 Menu]
fdb
lacp
stg
cist
trunk
vlan
team
dump
-
Forwarding Database Information Menu

Link Aggregation Control Protocol Menu
Show STG information
Show CIST information
Show Trunk Group information
Show VLAN information
Show port team information
Dump all Layer 2 information
Table 17: Layer 2 Information Menu Options

fdb
Displays the Forwarding Database Information menu. This menu only appears on
the vADC Administration menu. To view this menu in ADC-VX mode, see /info/l2/
fdb Layer 2 FDB Information Menu, page 70.
lacp
Displays Link Aggregation Control Protocol Information menu. For sample output
and a description of these statistics, see /info/l2/lacp Link Aggregation Control
Protocol Information Menu, page 71.
stg <STG index to display or carriage return for all STGs>

In addition to seeing if Spanning Tree Protocol is enabled or disabled, you can
view the following STP bridge information:
Priority
Hello interval
Maximum age value
Forwarding delay
Aging time
You can also see the following port-specific STP information:
Port number and priority
Cost
State
cist
Display the CIST information.
trunk
When trunk groups are configured, you can view the state of each port in the
various trunk groups. For sample output and a description of these statistics, see
/info/l2/trunk Trunk Group Information, page 78.
69


vlan <VLAN number to display or carriage return to display all VLANs>
Displays VLAN configuration information, including:
VLAN Number
VLAN Name
Status
Port membership of the VLAN
For sample output and a description of these statistics, see /info/l2/vlan VLAN
team
Show port team information.
dump
Displays all Layer 2 information.
/info/l2/fdb
Layer 2 FDB Information Menu

This is only available in the vADC Administrator environment in ADC-VX mode.
The forwarding database (FDB) contains information that maps the media access control (MAC)
address of each known Alteon to the port where the Alteon address was learned. The FDB also
shows which other ports have seen frames destined for a particular MAC address.
[Forwarding Database Menu]

find
- Show a single FDB entry by MAC address
port
- Show FDB entries on a single port
trunk
- Show FDB entries on a single trunk
vlan
- Show FDB entries on a single VLAN
refpt
- Show FDB entries referenced by a single SP
dump
- Show all FDB entries
Note: The master forwarding database supports up to 16K MAC address entries on the MP per
Alteon. Each SP supports up to 8K entries.
Table 18: Layer 2 FDB Information Menu Options (/info/l2/fdb)

find <MAC address> [ <VLAN> ]
Displays a single database entry by its MAC address. You are prompted to enter
the Alteon MAC address. Enter the MAC address using one of the following
formats:
xx:xx:xx:xx:xx:xx. For example, 08:00:20:12:34:56.
xxxxxxxxxxxx. For example, 080020123456.
port <port number, 0 for "unknown">

Displays all FDB entries for a particular port.
70

Table 18: Layer 2 FDB Information Menu Options (/info/l2/fdb)

trunk <trunk group number>
Displays all FDB entries on a single trunk.
vlan <VLAN number (1-4090)>

Displays all FDB entries on a single VLAN.
refpt <SP number (1-4)>

Displays the FDB entries referenced by a single port.
dump
Displays all entries in the forwarding database. For sample output and a
description of these statistics, see /info/l2/fdb/dump Show All FDB Information,
page 71.
/info/l2/fdb/dump
Show All FDB Information

MAC address
VLAN
Port
Trunk
Age State
------------00:0c:29:07:80:d3
00:11:0a:ea:ea:f3
00:14:5e:33:99:e8
---130
130
130
----
----1
1
1
--- ----TRK
TRK
TRK
Referenced
SPs
---------2
1 2
1 2
Learned Referenced
Port
ports
------- ----24
24
9
The following is an explanation of the states:
An address that is in the forwarding (FWD) state means that it has been learned by Alteon.
When in the trunking (TRK) state, the port field represents the trunk group number.
If the state for the port is listed as unknown (UNK), the MAC address has not yet been learned
by Alteon, but has only been seen as a destination address. When an address is in the unknown
state, no outbound port is indicated, although ports which reference the address as a destination
are listed under Reference ports.
If the state for the port is listed as an interface (IF), the MAC address is for a standard VRRP
virtual router.
If the state is listed as a virtual server (VIP), the MAC address is for a virtual server router, a
virtual router with the same IP address as a virtual server.
Clearing Entries from the Forwarding Database

To delete a MAC address from the forwarding database (FDB) or to clear the entire FDB, see /maint/
fdb Forwarding Database (FDB) Manipulation Menu, page 632.
/info/l2/lacp
Link Aggregation Control Protocol Information Menu

The following menu options display the Link Aggregation Control Protocol (LACP) information.
[LACP Menu]
aggr
port
dump
- Show LACP aggregator information for the port

- Show LACP port information
- Show all LACP ports information
71

Table 19: Link Aggregation Control Protocol Information Menu Options (/info/l2/lacp)

aggr <aggregator index 1 to max num ports>
Displays information an LACP aggregator.
port <port index 1 to max num ports>

Displays information of an LACP port.
dump
Displays LACP information of all the ports. Use this dump to verify the state of
ports in an LACP trunk group. For sample output and a description of these
statistics, see /info/l2/lacp/dump LACP Dump Information, page 74.
/info/l2/lacp/aggr
LACP Aggregator Information

Only the Global Administrator can configure aggregator settings. For the vADC Administrator in
ADC-VX mode, this is for informational purposes only.
Aggregator Id 1
---------------------------------------------MAC address
- 00:01:81:2e:a1:d1
Actor System Priority
- 32768
Actor System ID
- 00:01:81:2e:a1:b0
Individual
- FALSE
Actor Admin Key
- 300
Actor Oper Key
- 300
Partner System Priority - 32768
Partner System ID
- 00:0d:29:e3:4a:00
Partner Oper Key
- 1
ready
- TRUE
Number of Ports in aggr - 10
index 0
port 1
index 1
port 2
index 2
port 3
index 3
port 4
index 4
port 5
index 5
port 6
index 6
port 7
index 7
port 8
index 8
port 9
index 9
port 10
72

/info/l2/lacp/port <port number>
LACP Port Information

LACP information for port 1:
lacp_enabled
lacp_admin_enabled
- FALSE
- FALSE
Actor
Actor
Actor
Actor
Actor
Actor
System ID
System Priority
Admin Key
Oper Key
Port Number
Port Priority
00:14:0e:f5:f2:00
32768
1
1
1
32768
Partner Admin System Priority - 0

Partner Oper System Priority - 0
Partner Admin System ID
- 00:00:00:00:00:00
Partner Oper System ID
- 00:00:00:00:00:00
Partner Admin Key
- 0
Partner Oper Key
- 0
Partner Admin Port Number
- 0
Partner Admin Port Priority
- 0
Partner Oper Port Number
- 0
Partner Oper Port Priority
- 0
Actor Admin Port state
Activity:
Active Timeout:
Long
Aggregation:
Synchronization:FALSE
Collecting:
FALSE
Distributing:
Defaulted:
FALSE
Expired:
FALSE
Actor Oper Port state
Activity:
Active
Synchronization:FALSE
Defaulted:
FALSE
Timeout:
Collecting:
Expired:
Long
FALSE
FALSE
Aggregation:
Distributing:
FALSE
FALSE
FALSE
FALSE
Partner Admin Port state

- 0x0
Partner Oper Port state
- 0x0
Individual
- TRUE
Selected Aggregator ID
- 0
Attached Aggregator ID
- 0
ready_n
- FALSE
ntt
- FALSE
selected
- Unselected
port_moved
- FALSE
Collection and Distribution state turned ON!
Rx machine state
Mux machine state
Periodic machine state
- LACP_RX_INIT_STATE
- LACP_MUX_DETACHED_STATE
- LACP_PERIODIC_NO_STATE
73

/info/l2/lacp/dump
LACP Dump Information

Port
attached trunk
aggr
-----------------------------------------------------------------------1
off
1
1
n
32768
--2
off
2
2
n
32768
--3
off
3
3
n
32768
--4
off
4
4
n
32768
--5
off
5
5
n
32768
--6
off
6
6
n
32768
--7
off
7
7
n
32768
--8
off
8
8
n
32768
--9
off
9
9
n
32768
--10
off
10
10
n
32768
--11
off
11
11
n
32768
--12
off
12
12
n
32768
--13
off
13
13
n
32768
--14
off
14
14
n
32768
--15
off
15
15
n
32768
--16
off
16
16
n
32768
--17
off
17
17
n
32768
--18
off
18
18
n
32768
--19
off
19
19
n
32768
--20
off
20
20
n
32768
--21
off
21
21
n
32768
--22
off
22
22
n
32768
--23
off
23
23
n
32768
--24
off
24
24
n
32768
--25
off
25
25
n
32768
--26
off
26
26
n
32768
--27
off
27
27
n
32768
--28
off
28
28
n
32768
---
74
lacp
adminkey
operkey
selected
prio

/info/l2/stg
Layer 2 Spanning Tree Group Information

Only the Global Administrator can configure Spanning Tree Protocol settings. For the vADC
Administrator in ADC-VX mode, this is for informational purposes only.
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so
that Alteon uses only the most efficient path.
Note: Alteon supports up to 16 multiple Spanning Trees or Spanning Tree Groups.
Spanning Tree Group 1: On (STP/PVST)

VLANs: 1 10 20 100 220
Current Root:
8000 00:03:b2:52:21:00
Parameters:
Priority
32768
Path-Cost
5
Hello
2
Port
Priority
Cost
------ ----------1
128
1!
2
128
5!
3
128
0!
4
128
0!
5
128
0!
6
128
0!
7
128
0!
8
128
0!
9
128
0!
10
128
0!
11
128
0!
12
128
0!
13
128
0!
14
128
0!
15
128
0!
16
128
0!
! = Automatic path cost.
MaxAge
20
Port Hello MaxAge FwdDel Aging

2
2
20
15
300
FwdDel
15
Aging
300
State
Designated Bridge
Des Port
---------- ---------------------- -------BLOCKING
8064-00:19:aa:cb:71:80
800b
FORWARDING
8000-00:03:b2:52:21:00
8002
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
Number of topology changes - 179

Time since last topology change - 26 days 23 hours 9 minutes 18 seconds
Alteon uses the IEEE 802.1d Spanning Tree Protocol (STP). In addition to seeing if STP is enabled or
disabled, you can view the following STP bridge information:
Priority
Hello interval
Maximum age value
Forwarding delay
Aging time
Number of topology changes per STG
Topology change time per STG
75

You can also see the following port-specific STP information:
Port number and priority
Cost
State
Designated Bridge
Designated Port
The following table describes the STP parameters:
Table 20: Spanning Tree Parameter Descriptions
Parameter
Description
Priority (bridge) Controls which bridge on the network becomes the STP root bridge.
Hello
Specifies, in seconds, how often the root bridge transmits a configuration bridge
protocol data unit (BPDU). Any bridge that is not the root bridge uses the root
bridge hello value.
MaxAge
Specifies, in seconds, the maximum time the bridge waits without receiving a
configuration bridge protocol data unit before it re-configures the STP network.
FwdDel
Specifies, in seconds, the time that a bridge port has to wait before it changes
from learning state to forwarding state.
Aging
Specifies, in seconds, the time the bridge waits without receiving a packet from a
station before removing the station from the forwarding database.
priority (port)
Helps determine which bridge port becomes the designated port. In a network
topology that has multiple bridge ports connected to a single segment, the port
with the lowest port priority becomes the designated port for the segment.
Cost
Helps determine the designated port for a segment. As a rule, the faster the port,
the lower the path cost. A setting of 0 indicates that the cost is set to the
appropriate default after the link speed has been auto negotiated.
State
The state field shows the current state of the port.

Values:
Designated
Bridge
BLOCKING
LISTENING
LEARNING
FORWARDING
DISABLED
The designated bridge resides closest to the root bridge and is responsible for
forwarding packets from LAN towards the root bridge. This bridge displays as a
character string starting with the bridge priority (1 through 65535) followed by a
hyphen and six-byte Alteon MAC address.
Designated port Identifies a physical port. This is a number that is the numerical sum of the bridge
priority and the actual physical port number. For example, a physical port number
4 with bridge priority 32768 displays as 32678+4=32772.
76

/info/l2/cist
Show Common Internal Spanning Tree (CIST) Information
Note: Alteon supports up to 16 multiple Spanning Trees or Spanning Tree Groups.
---------------------------------------------------------Common Internal Spanning Tree:

VLANs:
1 4-4094
Current Root:
Path-Cost
8000 00:01:81:2e:bc:50
0
Port MaxAge FwdDel

0
20
15
Cist Regional Root:

Path-Cost
8000 00:01:81:2e:bc:50
0
Parameters: Priority MaxAge FwdDel Hops
32768
20
15
20
Port Prio Cost
State Role Designated Bridge
Des Port Hello Type
---- ---- ------- ---- ---- ------------------- -------- ----- ---1
128
20000 DSB
2
128
20000 DSB
3
128
20000 DSB
4
128
20000 DSB
5
128
20000 DSB
6
128
20000 DSB
7
128
20000 DSB
.
.
.
18
128
20000 DSB
19
128
20000 DSB
20
128
20000 DSB
21
128
20000 DSB
22
128
20000 DSB
23
128
20000 DSB
24
128
20000 DSB
25
128
20000 DSB
26
128
20000 DSB
27
128
20000 DSB
28
128
20000 DSB
sslpro 128
20000 DISC DESG 8000-00:01:81:2e:bc:50
801d
2 Shared
77

/info/l2/trunk
Trunk Group Information

Only the Global Administrator can configure trunk group settings. For the vADC Administrator in
ADC-VX mode, this is for informational purposes only.
Trunk groups can provide super-bandwidth, multi-link connections between Alteons or other trunkcapable devices. A trunk group is a group of ports that act together, combining their bandwidth to
create a single, larger virtual link. When trunk groups are configured, you can view the state of each
port in the various trunk groups.
Trunk group 1, bw contract 1024, port state:

1: STG 1 forwarding
2: STG 1 forwarding
Note: If STP on any port in the trunk group is set to forwarding, the remaining ports in the trunk
group are also set to forwarding.
/info/l2/vlan
VLAN Information
>> Main# /info/l2/vlan
VLAN
Name
VADCs
Status BWC Learn Shared Port
---- ---------------------- --------------- ------ ----- ---- ----- ------ --1
Default VLAN
ena
1024
ena
dis
3-15
10
VLAN 10
1
ena
1024
ena
ena
1
20
VLAN 20
1
ena
1024
ena
ena
2
100
VLAN 100
dis
1024
ena
dis
empt
220
VLAN 220
ena
1024
ena
ena
16
This information display includes all configured VLANs and all member ports that have an active link
state. Port membership is represented in slot/port format.
VLAN information includes:
VLAN number
VLAN name
Status
Bandwidth contract if BWM is enabled
Source MAC Address Learning
vADC shared network status
Port membership of the VLAN
/info/l2/team
Status of Port Teams

This Only appears in the Global Administrator environment in ADC-VX mode.
>> Layer 2# team

All port teams are disabled.
78

/info/l2/dump
Layer2 Dump Information

Spanning Tree Group 1: On (STP/PVST)
VLANs: 1 10 20 100 220
Current Root:
8000 00:03:b2:53:89:00
Parameters:
Priority
32768
Path-Cost Port Hello MaxAge FwdDel Aging

0 (null)
2
20
15
15
Hello
2
Port
Priority
Cost
------ ----------1
128
1!
2
128
5!
3
128
0!
4
128
0!
5
128
0!
6
128
0!
7
128
0!
8
128
0!
9
128
0!
10
128
0!
11
128
0!
12
128
0!
13
128
0!
14
128
0!
15
128
0!
16
128
0!
! = Automatic path cost.
MaxAge
20
State
---------FORWARDING
FORWARDING
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
FwdDel
15
Aging
300
Designated Bridge
Des Port
---------------------- -------8000-00:03:b2:53:89:00
8001
8000-00:03:b2:53:89:00
8002
Number of topology changes - 180

Time since last topology change - 0 days 0 hours 1 minutes 12 seconds
VLAN
---1
10
20
100
220
Name
---------------------Default VLAN
VLAN 10
VLAN 20
VLAN 100
VLAN 220
VADCs
Status Learn Shared Ports
------------ ------ ---- ----- ------ ----ena
ena
dis 3-15
1
ena
ena
ena 1
1
ena
ena
ena 2
dis
ena
dis empty
ena
ena
ena 16
All Trunk groups are disabled.

All port teams are disabled.
79

/info/l3
Layer3 Information Menu

This menu and all sub-menus are only accessible in the vADC Administrator environment in ADC-VX
mode.
[Layer 3 Menu]
route
route6
arp
nbrcache bgp
ospf
ospfv3
rip
rsync
ip
vrrp
dump
-
IP Routing Information Menu

IP6 Routing Information Menu
ARP Information Menu
IP6 Neighbor Cache Information Menu
BGP Information Menu
OSPF Routing Information Menu
OSPFv3 Routing Information Menu
RIP Routing Information Menu
Enable Routing table synchronization
Show IP information
Show Virtual Router Redundancy Protocol information
Dump all layer 3 information

route
Displays the IP Routing menu. Using the options of this menu, you can display the
following information for each configured or learned route:
Route destination IP address, subnet mask, and gateway address
Type of route
Tag indicating origin of route
Metric for RIP tagged routes, specifying the number of hops to the destination (1
through 15 hops, or 16 for infinite hops)
The IP interface that the route uses
To view this menu, see /info/l3/route IP Routing Menu, page 81.
route6
Displays the IPv6 Routing Information menu. To view this menu, see /info/l3/route6 IPv6
Routing Information Menu, page 83.
arp
Displays the Address Resolution Protocol (ARP) Information menu. To view this menu,
see /info/l3/arp ARP Information Menu, page 84.
nbrcache
Displays the IPv6 Neighbor Cache menu. To view this menu, see /info/l3/nbrcache IPv6
Neighbor Cache Information Menu, page 87.
bgp
Displays the BGP Information menu. To view this menu, see /info/l3/bgp BGP
ospf
Displays the OSPF Information menu. For details, see /info/l3/ospf OSPF Information
Menu, page 91.
80


ospfv3
Displays the OSPFv3 Information menu. For details, see /info/l3/ospfv3 OSPFv3
ip
Displays IP Information. For sample output, see /info/l3/ip IP Information, page 102.
IP information, includes:
IP interface informationInterface number, IP address, subnet mask, broadcast

address, VLAN number, and operational status.
Default gateway informationMetric for selecting which configured gateway to use,

gateway number, IP address, and health status
IP forwarding informationEnable status, lnet and lmask
Port status
vrrp
Displays the VRRP Information menu. For sample output, see /info/l3/vrrp VRRP
dump
Displays all Layer 3 information.
/info/l3/route
IP Routing Menu
[IP Routing Menu]

find
- Show
gw
- Show
type
- Show
tag
- Show
if
- Show
dump
- Show
a single route by destination IP address

routes to a single gateway
routes of a single type
routes of a single tag
routes on a single interface
all routes
Using these commands, you can display all or a portion of the IP routes currently held in Alteon.
Table 22: Route Information Menu Options (/info/l3/route)

find <IP address (such as, 192.4.17.101)>
Displays a single route by destination IP address.
gw <default gateway address (such as, 192.4.17.44)>

Displays routes to a single gateway.
type indirect|direct|local|broadcast|martian|multicast
Displays routes of a single type. For a description of IP routing types, see Type
Parameters, page 82.
81

Table 22: Route Information Menu Options (/info/l3/route)

tag fixed|static|addr|rip|ospf|bgp|broadcast|martian|vip
Displays routes of a single tag. For a description of IP routing types, see IP Routing Tag
Parameters (info/l3/route/tag), page 82.
if <interface number (1-256)>

Displays routes on a single interface.
dump
Displays all routes configured in Alteon. For more information, see /info/l3/route/dump
Show All IP Route Information, page 82.
/info/l3/route/dump
Show All IP Route Information

Status code: * - best

Destination
Mask
--------------- --------------* 127.0.0.0
255.0.0.0
* 224.0.0.0
224.0.0.0
* 255.255.255.255 255.255.255.255
Gateway
--------------0.0.0.0
0.0.0.0
255.255.255.255
Type
--------martian
martian
broadcast
Tag
Metr If
--------- ---- -martian
martian
broadcast
The following table describes the Type parameters:
Table 23: Type Parameters
Parameter
Description
indirect
The next hop to the host or subnet destination are forwarded through a router at
the gateway address.
direct
Packets are delivered to a destination host or subnet attached to Alteon.
local
Indicates a route to one of the Alteon IP interfaces.
broadcast
Indicates a broadcast route.
martian
The destination belongs to a host or subnet which is filtered out. Packets to this
destination are discarded.
The following table describes the Tag parameters.
Table 24: IP Routing Tag Parameters (info/l3/route/tag)
Parameter
Description
fixed
The address belongs to a host or subnet attached to Alteon.
static
The address is a static route which has been configured on Alteon.
addr
The address belongs to one of the Alteon IP interfaces.
rip
The address was learned by the Routing Information Protocol (RIP).
ospf
The address was learned by Open Shortest Path First (OSPF).
bgp
The address was learned via the Border Gateway Protocol (BGP)
82

Table 24: IP Routing Tag Parameters (info/l3/route/tag)
Parameter
Description
broadcast
Indicates a broadcast address.
martian
The address belongs to a filtered group.
multicast
Indicates a multicast address.
vip
Indicates a route destination that is a virtual server IP address. VIP routes are
needed to advertise virtual server IP addresses via BGP.
/info/l3/route6
IPv6 Routing Information Menu

This menu lets you view IPv6 routing information. The IPv6 routing table stores routes it learns from
network traffic and pre-configured, static routes.
Note: Currently you cannot clear the IPv6 routing table.
[IP6 Routing Menu]

dump
- Show all routes
Table 25: IPv6 Routing Information Menu Options (/info/l3/route6)

dump
Shows all of the IPv6 routes maintained. Since each link-local interface is shown with an
entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each
interface to avoid too many network entries in the table.
83

The following is an sample output of the /info/l3/route6/dump command.
>> Main# /info/l3/route6/dump

IPv6 Forwarding Table:
Destination: 0:0:0:0:0:0:0:0/0
NextHop:
2005:0:0:0:0:0:0:16
Destination: 2005:0:0:0:0:0:0:0/64
NextHop:
0:0:0:0:0:0:0:0
Destination: 2005:0:0:0:0:0:0:1/128
NextHop:
0:0:0:0:0:0:0:0
Destination: 2005:0:0:0:0:0:0:16/128
NextHop:
0:0:0:0:0:0:0:0
Destination: fe80:0:0:0:201:81ff:fe2e:a100/128
NextHop:
0:0:0:0:0:0:0:0
Destination: ff02:0:0:0:0:0:0:1/128
NextHop:
0:0:0:0:0:0:0:0
Destination: ff02:0:0:0:0:0:0:2/128
NextHop:
0:0:0:0:0:0:0:0
Destination: ff02:0:0:0:0:1:ff00:0/128
NextHop:
0:0:0:0:0:0:0:0
Destination: ff02:0:0:0:0:1:ff00:1/128
NextHop:
0:0:0:0:0:0:0:0
Destination: ff02:0:0:0:0:1:ff2e:a100/128
NextHop:
0:0:0:0:0:0:0:0
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
STATIC
LOCAL
LOCAL
STATIC
LOCAL
STATIC
STATIC
STATIC
STATIC
STATIC
Total number of route6 entries: 10
/info/l3/arp
ARP Information Menu

Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet layer. ARP
resolves a physical address from an IP address. ARP queries computers on the local network for
their physical addresses. ARP also maintains IP-to-physical address pairs in its cache memory.
In any IP communication, the ARP cache is consulted to see if the IP address of the router is present
in the ARP cache. Then the corresponding physical address is used to send a packet.
[Address Resolution Protocol Menu]

find
- Show a single ARP entry by IP address
port
- Show ARP entries on a single port
vlan
- Show ARP entries on a single VLAN
mgmt
- Show ARP entries on for the management port
refpt
- Show ARP entries referenced by a single SP
dump
- Show all ARP entries
help
- Show help on the fields of ARP entries
addr
- Show ARP address list
84

The ARP information includes the IP address and MAC address of each entry, address status flags
(see ARP Dump Flag Values, page 87), VLAN and port for the address, and port referencing
information.
Table 26: ARP Information Menu Options (/info/l3/arp)

Displays a single ARP entry by IP address.
port <port number>

Displays the ARP entries on a single port.

Displays the ARP entries on a single VLAN.
mgmt
Displays the ARP entries for the management port.
Example display:
IP address
--------------10.203.153.106
10.203.1.1
10.203.100.130
10.203.153.105
Flags
----C
C
C
C
MAC address
----------------00:50:56:aa:52:cd
00:24:f7:7e:d9:40
00:50:56:aa:52:98
00:50:56:aa:52:cf

Displays the ARP entries referenced by a single SP. For sample output, see /info/l3/
arp/refpt Show ARP Entries on Referenced SP, page 86.
dump
Displays all ARP entries, including:
IP address and MAC address of each entry
Address status flag (see the description in the help entry in this table)
The VLAN and port to which the address belongs
The ports which have referenced the address (empty, if no port has routed traffic
to the IP address shown)
For more information, see /info/l3/arp/dump Show All ARP Entry Information,
page 86.
85

Table 26: ARP Information Menu Options (/info/l3/arp)

help
Displays help on the ARP field entries. For example:
IP addressIP address of ARP entry
Flags
PPermanent ARP entry (not obtained via an ARP request), for example: IP
interface and VIP
RIndirect ARP (cache) entry for IP address reachable via indirect routes
(static/dynamic)
4Layer 4 IP address (VIP)
uUnresolved ARP entry. The MAC address has not been learned.
MAC addressMAC address of the ARP entry
VLANVLAN of this ARP entry
PortPhysical port where this IP address owner is connected
Referenced SPsSPs on which this ARP entry is present
addr
Displays the ARP address list: IP address, IP mask, MAC address, and VLAN flags.
/info/l3/arp/refpt
Show ARP Entries on Referenced SP

Enter SP number: (1-4) 1

IP address
Flags
MAC address
VLAN Port
Shared
--------------- ----- ----------------- ---- ------ -----10.237.25.66
P
00:14:0e:f5:f2:00
6
DIS
10.239.232.66
P
00:14:0e:f5:f2:00
6
DIS
10.239.232.100
P 4 00:14:0e:f5:f2:01
DIS
Referenced SPs
---------------1-4
1-4
1-4
/info/l3/arp/dump
Show All ARP Entry Information

IP address
Flags
MAC address
VLAN Port
Shared
--------------- ----- ----------------- ---- ------ -----10.237.25.66
P
00:14:0e:f5:f2:00
6
DIS
10.239.232.66
P
00:14:0e:f5:f2:00
6
DIS
10.239.232.100
P 4 00:14:0e:f5:f2:01
DIS
Referenced SPs
----------------1-4
1-4
1-4
Referenced ports are the ports that request an ARP entry. As a result, the traffic coming into the
referenced ports contains the destination IP address. From the ARP entry (the referenced ports),
this traffic needs to be forwarded to the egress port (port 6 as shown in the above example).
Note: If you have VMA turned on, the referenced port is the designated port. If you have VMA
turned off, the designated port is the normal ingress port.
86

The following table describes the Flags field values:
Table 27: ARP Dump Flag Values
Flag
Description
Permanent entry created for the Alteon IP interface.
P4
Permanent entry created for Layer 4 proxy IP address or virtual server IP address.
Indirect route entry.
Unresolved ARP entry. The MAC address has not been learned.
ARP entry belongs to a jumbo-capable VLAN.

Jumbo Frames are not supported in this version.
/info/l3/arp/addr
ARP Address List Information

IP address
IP mask
MAC address
--------------- --------------- ----------------192.168.130.45 255.255.255.255 00:01:81:2e:bc:5e
192.168.130.150 255.255.255.255 00:01:81:2e:bc:50
VLAN Flags
---- ----D
130
/info/l3/nbrcache
IPv6 Neighbor Cache Information Menu

This menu lets you dump IPv6 Neighbor Cache information.
[IP6 Neighbor Discovery Protocol Menu]

find
- Show neighbor cache entry by IP address
port
- Show neighbor cache entries on a single port
vlan
- Show neighbor cache entries on a single VLAN
refpt
- Show neighbor cache entries per SP
summary - Show IP6 neighbor cache summary
dump
- Show all IP6 neighbor cache entries
Table 28: IPv6 Neighbor Cache Information Menu (/info/l3/nbrcache)

find <IPv6 address>
Displays neighbor cache entry by IP address.
port <port number>

Displays neighbor cache entries on a single port.
vlan <vlan id>

Displays neighbor cache entries on a single VLAN.
refpt <sp id>

Displays neighbor cache entries per SP.
summary
Displays a summary of IPv6 neighbor cache entries.
87

Table 28: IPv6 Neighbor Cache Information Menu (/info/l3/nbrcache)

dump
Displays all IPv6 neighbor cache entries.
IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors link layer addresses and
reachabilty. ND can also auto-configure addresses and detect duplicate addresses. ND enables
routers to advertise their presence and address prefixes, and to inform hosts of a better next hop
address to forward packets.
Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor such as:
MAC Address
Reachability state (see Table 29 - Neighbor Cache Reachability States, page 88)
Neighbor type (see Table 30 - Neighbor Cache Neighbor Types, page 88)
VLAN
Ingress port
Neighbor Cache entries are added under the following situations:
Entries are added when an IPv6 Interface or Virtual IP is operational.
Reception of ND messages from neighbor.
A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.
The following table describes the reachability states:
Table 29: Neighbor Cache Reachability States
State
Description
Incomplete
The link layer address of the neighbor has not yet been determined.
Reachable
The neighbor is known to have been reachable recently.
Stale
The neighbor is no longer known to be reachable, but until traffic is sent to the
neighbor, no attempt should be made to verify its reachability.
Delay
The neighbor is no longer known to be reachable, and traffic has recently been
sent to the neighbor.
Probe
The neighbor is no longer known to be reachable, and ND messages are sent to

the neighbor to verify reachability.
The following table describes the neighbor types:
Table 30: Neighbor Cache Neighbor Types
Type
Description
Local
Pre-configured addresses on Alteon.
Dynamic
Neighbor addresses learnt from ND.
88

/info/l3/bgp
BGP Information Menu

Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to share routing
information with each other, and advertise information about the segments of the IP address space
they can access within their network with routers on external networks. For more information, see /
cfg/l3/bgp Border Gateway Protocol Configuration, page 361, and the section on BGP in the Alteon
Application Switch Operating System Application Guide.
[BGP Menu]
peer
- Show all BGP peers
summary - Show all BGP peers in summary
dump
- Show BGP routing table
Table 31: BGP Peer Information Menu Options (/info/l3/bgp)

peer
Displays BGP peer information. For sample output, see /info/l3/bgp/peer BGP Peer
information, page 90.
summary
Displays peer summary information such as Autonomous System (AS), message
received, message sent, up/down, and state. For sample output, see /info/l3/bgp/
summary BGP Summary information, page 90.
dump
Displays the BGP routing table. For sample output, see /info/l3/bgp/dump Dump BGP
89

/info/l3/bgp/peer
BGP Peer information

This is only available in the vADC Administrator environment in ADC-VX mode. The following is
sample output:
BGP Peer Information:

3: 2.1.1.1
, version 0, TTL 1
Remote AS: 0, Local AS: 0, Link type: IBGP
Remote router ID: 0.0.0.0,
Local router ID: 1.1.201.5
BGP status: idle, Old status: idle
Total received packets: 0, Total
sent packets: 0
Received updates: 0, Sent updates: 0
Keepalive: 0, Holdtime: 0, MinAdvTime: 60
LastErrorCode: unknown(0), LastErrorSubcode: unspecified(0)
Established state transitions: 0
4: 2.1.1.4
, version 0, TTL 1
Remote AS: 0, Local AS: 0, Link type: IBGP
Remote router ID: 0.0.0.0,
Local router ID: 1.1.201.5
BGP status: idle, Old status: idle
Total received packets: 0, Total sent packets: 0
Received updates: 0, Sent updates: 0
Keepalive: 0, Holdtime: 0, MinAdvTime: 60
LastErrorCode: unknown(0), LastErrorSubcode: unspecified(0)
Established state transitions: 0
/info/l3/bgp/summary
BGP Summary information

sample output:
BGP Peer Summary Information:

Peer
V
AS
-------------------1: 205.178.23.142
4
142
2: 205.178.15.148
0
148
MsgRcvd
-------113
0
MsgSent
-------121
0
Up/Down
--------00:00:28
never
State
-----------established
connect
/info/l3/bgp/dump
Dump BGP Information

sample output:
>> BGP# dump

Status codes:
Network
---------*> 10.0.0.0
*>i205.140.15.0
*
*> 205.178.17.0
13.0.0.0
90
* valid, > best,

Next Hop
---------205.178.21.147
0.0.0.0
205.178.21.147
205.178.21.147
205.178.21.147
i - internal
Metr
LcPrf Wght
----------- ---1
256
1
1
1
128
128
256
Path
-----------147 148 i
0 i
147 i
147 i
256 147 {35} ?

/info/l3/ospf
OSPF Information Menu

Alteon supports the Open Shortest Path First (OSPF) routing protocol. The Alteon implementation
conforms to the OSPF version 2 specifications detailed in Internet RFC 1583.
OSPF is designed for routing traffic within a single IP domain called an Autonomous System (AS).
The AS can be divided into smaller logical units known as areas. In any AS with multiple areas, one
area must be designated as area 0, known as the backbone. The backbone acts as the central OSPF
area. All other areas in the AS must be connected to the backbone. Areas inject summary routing
information into the backbone, which then distributes it to other areas as needed. For more
information on how to configure OSPF, see /cfg/l3/ospf Open Shortest Path First Configuration,
page 346, and the section on OSPF in the Alteon Application Switch Operating System Application
Guide.
[OSPF Information Menu]

general - Show general information
aindex
- Show area(s) information
if
- Show interface(s) information
virtual - Show details of virtual links
nbr
- Show neighbor(s) information
dbase
- Database Menu
sumaddr - Show summary address list
nsumadd - Show NSSA summary address list
routes
- Show OSPF routes
dump
- Show OSPF information
Table 32: OSPF Information Menu (/info/l3/ospf)

general
Displays general OSPF information. For sample output, /info/l3/ospf/general OSPF
General Information, page 92.
aindex <area index [0-2]>

Displays area information for a particular area index. If no parameter is supplied, it
displays area information for all the areas.
if <interface number [1-256]>

Displays interface information for a particular interface. If no parameter is supplied, it
displays information for all the interfaces. For sample output, /info/l3/ospf/if OSPF
Interface Information, page 93.
virtual
Displays information about all the configured virtual links.
nbr <nbr router-id (A.B.C.D)>

Displays the status of a neighbor with a particular router ID. If no router ID is supplied,
it displays the information about all the current neighbors.
dbase
Displays OSPF Database menu. To view this menu, see /info/l3/ospf/dbase OSPF
Database Information, page 93.
sumaddr <area index (0-2)>

Displays the list of summary ranges belonging to non-NSSA areas.
91

Table 32: OSPF Information Menu (/info/l3/ospf)

nsumadd <area index (0-2)>
Displays the list of summary ranges belonging to NSSA areas.
routes
Displays the OSPF routing table. For sample output, /info/l3/ospf/routes OSPF
Information Route Codes, page 95.
dump
Displays all the OSPF information. For sample output /info/l3/ospf/dump OSPF Dump
/info/l3/ospf/general
OSPF General Information

OSPF Version 2
Router ID: 47.80.23.247
Started at 95 and the process uptime is 352315
Area Border Router: yes, AS Boundary Router: no
LS types supported are 6
External LSA count 0
External LSA checksum sum 0x0
Number of interfaces in this router is 2
Number of virtual links in this router is 1
16 new lsa received and 34 lsa originated from this router Total number of
entries in the LSDB 10
Database checksum sum 0x0
Total neighbors are 1, of which
2 are >=INIT state,
2 are >=EXCH state,
2 are =FULL state
Number of areas is 2, of which 3-transit 0-nssa
Area Id : 0.0.0.0
Authentication : none
Import ASExtern : yes
Number of times SPF ran : 8
Area Border Router count : 2
AS Boundary Router count : 0
LSA count : 5
LSA Checksum sum : 0x2237B
Summary : noSummary
92

/info/l3/ospf/if
OSPF Interface Information

Ip Address 10.10.12.1, Area 0.0.0.1, Admin Status UP

Router ID 10.10.10.1, State DR, Priority 1
Designated Router (ID) 10.10.10.1, Ip Address 10.10.12.1
Backup Designated Router (ID) 10.10.14.1, Ip
Address 10.10.12.2
Timer intervals, Hello 10, Dead 40, Wait 1663, Retransmit 5,
Poll interval 0, Transit delay 1
Neighbor count is 1
If Events 4, Authentication type none
/info/l3/ospf/dbase
OSPF Database Information

[OSPF Database
advrtr
asbrsum
dbsumm
ext
nw
nssa
rtr
self
summ
all
Menu]
- LS Database info for an Advertising Router
- ASBR Summary LS Database info
- LS Database summary
- External LS Database info
- Network LS Database info
- NSSA External LS Database info
- Router LS Database info
- Self Originated LS Database info
- Network-Summary LS Database info
- All
Table 33: OSPF Database Information Menu (/info/l3/ospf/dbase

advrtr <router-id (A.B.C.D)>
Displays all the Link State Advertisements (LSAs) in the LS database that have the
advertising router with the specified router ID. For example: 20.1.1.1.
asbrsum <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays ASBR summary LSAs. The following examples include 20.1.1.1 as the example
IP address:
asbrsum adv-rtr 20.1.1.1 Displays ASBR summary LSAs having the

advertising router 20.1.1.1.
asbrsum link_state_id 20.1.1.1 Displays ASBR summary LSAs having the

link state ID 20.1.1.1.
asbrsum self Displays the self-advertised ASBR summary LSAs.
asbrsum (with no parameters)Displays all the ASBR summary LSAs.
93

Table 33: OSPF Database Information Menu (/info/l3/ospf/dbase

dbsumm
Displays the following information about the LS database in a table format:
The number of LSAs of each type in each area.
The total number of LSAs for each area.
The total number of LSAs for each LSA type for all areas combined.
The total number of LSAs for all LSA types for all areas combined.
No parameters are required.
ext <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the AS-external (type 5) LSAs with detailed information of each LSA field. For
an explanation of the command options, see the examples in the absrum command in
this table.
nw <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the network (type 2) LSAs with detailed information of each field of the
LSA.network LS database. For an explanation of the command options, see the examples
in the absrum command in this table.
nssa <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the NSSA (type 7) LSAs with detailed information of each field of the LSAs. or
this table.
rtr <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the router (type 1) LSAs with detailed information of each field of the LSAs. or
this table.
self
Displays all the self-advertised LSAs. No parameters are required.
summ <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the network summary (type 3) LSAs with detailed information of each field of
the LSAs. or an explanation of the command options, see the examples in the absrum
command in this table.
all
Displays all the LSAs.
94

/info/l3/ospf/routes
OSPF Information Route Codes

Codes: IA - OSPF inter area,

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
IA 10.10.0.0/16 via 200.1.1.2
IA 40.1.1.0/28 via 20.1.1.2
IA 80.1.1.0/24 via 200.1.1.2
IA 100.1.1.0/24 via 20.1.1.2
IA 140.1.1.0/27 via 20.1.1.2
IA 150.1.1.0/28 via 200.1.1.2
E2 172.18.1.1/32 via 30.1.1.2
E2 172.18.1.2/32 via 30.1.1.2
E2 172.18.1.3/32 via 30.1.1.2
E2 172.18.1.4/32 via 30.1.1.2
E2 172.18.1.5/32 via 30.1.1.2
E2 172.18.1.6/32 via 30.1.1.2
E2 172.18.1.7/32 via 30.1.1.2
E2 172.18.1.8/32 via 30.1.1.2
/info/l3/ospf/dump
OSPF Dump Information

OSPF Version 2
Router ID: 1.1.1.1
Area Border Router: no, AS Boundary Router: no
0 new lsa received and 0 lsa originated from this router
Total number of entries in the LSDB 0
0 are >=INIT state,
0 are >=EXCH state,
0 are =FULL state
OSPF Neighbors:
Intf NeighborID
---- ----------
Prio
----
State
-----
Address
-------
OSPF LS Database:
OSPF LSDB breakdown for router with ID (1.1.1.1)
No areas enabled.
95

/info/l3/ospfv3
OSPFv3 Information Menu

information on how to configure OSPF, see /cfg/l3/ospfv3 Open Shortest Path First v3 Configuration,
page 354, and the section on OSPF in the Alteon Application Switch Operating System Application
Guide.
[OSPFv3 Information Menu]

general - Show general information
aindex
- Show area(s) information
if
- Show interface(s) information
virtual - Show details of virtual links
nbr
- Show neighbor(s) information
dbase
- Database Menu
sumaddr - Show summary address list
nsumadd - Show NSSA summary address list
routes
- Show OSPFv3 routes
dump
- Show OSPFv3 information
Table 34: OSPFv3 Information Menu (/info/l3/ospfv3)

general
Displays general OSPF information. For sample output, /info/l3/ospfv3/general OSPF v3
General Information, page 97.

Displays area information for a particular area index. If no parameter is supplied, it
displays area information for all the areas.
if <interface number [1-256]>

Displays interface information for a particular interface. If no parameter is supplied, it
displays information for all the interfaces. For sample output, /info/l3/ospfv3/if OSPF v3
Interface Information, page 98.
virtual
Displays information about all the configured virtual links.
nbr <nbr router-id (A.B.C.D)>

Displays the status of a neighbor with a particular router ID. If no router ID is supplied,
it displays the information about all the current neighbors.
dbase
Displays OSPF Database menu. To view this menu, see /info/l3/ospfv3/dbase OSPF v3
Database Information, page 98.
sumaddr <area index (0-2)>

Displays the list of summary ranges belonging to non-NSSA areas.
96

Table 34: OSPFv3 Information Menu (/info/l3/ospfv3)

nsumadd <area index (0-2)>
Displays the list of summary ranges belonging to NSSA areas.
routes
Displays the OSPF v3 routing table. For sample output, /info/l3/ospfv3/routes OSPF v3
Information Route Codes, page 100.
dump
Displays all the OSPF v3 information. For sample output /info/l3/ospfv3/dump OSPF v3
Dump Information, page 100.
/info/l3/ospfv3/general
OSPF v3 General Information

OSPF Version 2
Router ID: 47.80.23.247
Area Border Router: yes, AS Boundary Router: no
LS types supported are 6
External LSA checksum sum 0x0
16 new lsa received and 34 lsa originated from this router Total number of
entries in the LSDB 10
Database checksum sum 0x0
2 are >=INIT state,
2 are >=EXCH state,
2 are =FULL state
Area Id : 0.0.0.0
Authentication : none
Import ASExtern : yes
Number of times SPF ran : 8
Area Border Router count : 2
AS Boundary Router count : 0
LSA count : 5
LSA Checksum sum : 0x2237B
Summary : noSummary
97

/info/l3/ospfv3/if
OSPF v3 Interface Information

Ip Address 10.10.12.1, Area 0.0.0.1, Admin Status UP

Router ID 10.10.10.1, State DR, Priority 1
Designated Router (ID) 10.10.10.1, Ip Address 10.10.12.1
Backup Designated Router (ID) 10.10.14.1, Ip
Address 10.10.12.2
Timer intervals, Hello 10, Dead 40, Wait 1663, Retransmit 5,
Poll interval 0, Transit delay 1
Neighbor count is 1
If Events 4, Authentication type none
/info/l3/ospfv3/dbase
OSPF v3 Database Information

[OSPFv3 Database
advrtr asbrsum dbsumm ext
nw
nssa
rtr
self
summ
all
-
Menu]
LS Database info for an Advertising Router
ASBR Summary LS Database info
LS Database summary
External LS Database info
Network LS Database info
NSSA External LS Database info
Router LS Database info
Self Originated LS Database info
Network-Summary LS Database info
All
Table 35: OSPFv3 Database Information Menu (/info/l3/ospfv3/dbase

advrtr <router-id (A.B.C.D)>
Displays all the Link State Advertisements (LSAs) in the LS database that have the
advertising router with the specified router ID. For example: 20.1.1.1.
asbrsum <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays ASBR summary LSAs. The following examples include 20.1.1.1 as the example
IP address:
asbrsum adv-rtr 20.1.1.1 Displays ASBR summary LSAs having the

advertising router 20.1.1.1.
asbrsum link_state_id 20.1.1.1 Displays ASBR summary LSAs having the

link state ID 20.1.1.1.
98
asbrsum self Displays the self-advertised ASBR summary LSAs.
asbrsum (with no parameters)Displays all the ASBR summary LSAs.

Table 35: OSPFv3 Database Information Menu (/info/l3/ospfv3/dbase

dbsumm
Displays the following information about the LS database in a table format:
The number of LSAs of each type in each area.
The total number of LSAs for each area.
The total number of LSAs for each LSA type for all areas combined.
The total number of LSAs for all LSA types for all areas combined.
No parameters are required.
ext <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the AS-external (type 5) LSAs with detailed information of each LSA field. For
this table.
nw <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the network (type 2) LSAs with detailed information of each field of the
LSA.network LS database. For an explanation of the command options, see the examples
in the absrum command in this table.
nssa <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the NSSA (type 7) LSAs with detailed information of each field of the LSAs. or
this table.
rtr <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the router (type 1) LSAs with detailed information of each field of the LSAs. or
this table.
self
Displays all the self-advertised LSAs. No parameters are required.
summ <adv-rtr (A.B.C.D)> | <link_state_id (A.B.C.D)> | self

Displays the network summary (type 3) LSAs with detailed information of each field of
the LSAs. or an explanation of the command options, see the examples in the absrum
command in this table.
all
Displays all the LSAs.
99

/info/l3/ospfv3/routes
OSPF v3 Information Route Codes

Codes: IA - OSPF inter area,

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
IA 10.10.0.0/16 via 200.1.1.2
IA 40.1.1.0/28 via 20.1.1.2
IA 80.1.1.0/24 via 200.1.1.2
IA 100.1.1.0/24 via 20.1.1.2
IA 140.1.1.0/27 via 20.1.1.2
IA 150.1.1.0/28 via 200.1.1.2
E2 172.18.1.1/32 via 30.1.1.2
E2 172.18.1.2/32 via 30.1.1.2
E2 172.18.1.3/32 via 30.1.1.2
E2 172.18.1.4/32 via 30.1.1.2
E2 172.18.1.5/32 via 30.1.1.2
E2 172.18.1.6/32 via 30.1.1.2
E2 172.18.1.7/32 via 30.1.1.2
E2 172.18.1.8/32 via 30.1.1.2
/info/l3/ospfv3/dump
OSPF v3 Dump Information

OSPFv3 Information:
OSPF RouterId:
2.2.2.2
OSPF Admin State:
Enabled
OSPF ASBR Status:
FALSE
OSPF ABR Status:
TRUE
Number of AS scope Lsa's:
1
Number of received lsa's:
21
Number of new lsa's:
0
Multicast extensions:
0
OSPFv3 Neighbors:
Neighbor 1.1.1.1 on interface 1()
IPv6 Address:
Interface ID:
OPTIONS:
PRIORITY:
STATE:
EVENTS:
fe80:0:0:0:93bd:1aab:cdcd:2a89
1
0x13
1
full(8)
6
Neighbor 3.3.3.3 on interface 2()

IPv6 Address: fe80:0:0:0:aad4:e0ff:d69f:12a6
Interface ID: 2
OPTIONS: 0x13
PRIORITY: 1
STATE: full(8)
EVENTS: 6
100

(continued)
Nbr Table counter: 2
OSPFv3 LS Database:
Link Scope LSAs
Interf
TYPE
1
8
1
8
2
8
2
8
Router ID
1.1.1.1
2.2.2.2
2.2.2.2
3.3.3.3
LS ID
0.0.0.1
0.0.0.1
0.0.0.2
0.0.0.2
AGE CKSUM Sequence

292 8964 80000001
283 4b33 80000001
283 4a60 80000001
288 b8f2 80000001
Link Lsdb Table Counter: 4

AS Scope (External) LSAs
TYPE
Router ID
4005
4.4.4.4
Area Scope LSAs:
AREA ID
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
0.0.0.1
TYPE
2001
2001
2002
2003
2003
2004
2009
2009
2009
2001
2001
2002
2003
2003
2004
2009
2009
2009
LS ID
0.0.0.2
AGE CKSUM
Sequence
282 6fe3 80000002
Router ID
2.2.2.2
3.3.3.3
3.3.3.3
2.2.2.2
3.3.3.3
3.3.3.3
2.2.2.2
3.3.3.3
3.3.3.3
1.1.1.1
2.2.2.2
2.2.2.2
2.2.2.2
2.2.2.2
2.2.2.2
1.1.1.1
2.2.2.2
2.2.2.2
LS ID
0.0.0.3
0.0.0.4
0.0.0.2
0.0.0.3
0.0.0.6
0.0.0.2
0.0.0.4
0.0.0.5
0.0.0.6
0.0.0.0
0.0.0.2
0.0.0.1
0.0.0.4
0.0.0.5
0.0.0.2
0.0.0.1
0.0.0.3
0.0.0.5
AGE CKSUM Sequence

239 40bf 80000004
242 18e2 80000004
243 8c7a 80000001
278 d505 80000001
283 fab8 80000001
86 788f 80000001
239 fb01 80000004
242
6ed 80000004
243 5e27 80000001
243
906 80000003
239 d72f 80000004
243 60b3 80000001
278 7c4d 80000001
237 298e 80000001
85 2eef 80000001
243
801 80000003
239
6f7 80000004
243 1986 80000001
Table 36: OSPFv3 Dump Information Menu (/info/l3/ospfv3/dump

OSPF RouterId
The ID of the current OSPF v3 router.
OSPF Admin State <Enabled|Disabled>

OSPF v3 administrator status.
OSPF ASBR Status <TRUE|FALSE>

Indicates whether this router is an ASBR router.
OSPF ABR Status <TRUE|FALSE>

Indicates whether this router is an ABR router.
101

Table 36: OSPFv3 Dump Information Menu (/info/l3/ospfv3/dump

Number of AS scope Lsa's <int>
The number of Link State Advertisements received from an area which is not directly
connected to this router.
Number of received lsa's <int>

The total number of Link State Advertisements received.
Number of new lsa's <int>

The total number of new Link State Advertisements, excluding existing LSAs.
OSPFv3 Neighbors
The number of OSPF v3 neighbors and their status.
AS Scope (External) LSAs

Lists the LSAs detected on a network external to the system.
Area Scope LSAs

Lists the LSAs detected in other areas and their type.
/info/l3/ip
IP Information
1: 47.80.23.81
255.255.254.0
2: 172.31.4.1
255.255.255.0
3: 172.31.3.1
255.255.255.0
47.80.23.255,
172.31.4.255,
172.31.3.255,
vlan 1, up
vlan 1, up
vlan 1, up
IPv6 Link Local Address Information:

Default gateway information: metric strict
2: 47.80.22.1,
vlan any, up
Current IP forwarding settings: ON, dirbr disabled
Current local networks:
Current IPv6 local networks:
Current Allowed networks:
No allowed IP networks configured.
Current IP port settings:
All other ports have forwarding ON
Current network filter settings:
none
Current route map settings:
Current OSPF settings: ON
Default route none
Router ID: 1.1.1.1
lsdb limit 0
102

/info/l3/vrrp
VRRP Information
Alteon support for Virtual Router Redundancy Protocol (VRRP) provides redundancy between routers
in a LAN. This is done by configuring the same virtual router IP address and ID number on each
participating VRRP-capable routing device. One of the virtual routers is then elected as the master
based on a number of priority criteria, and assumes control of the shared virtual router IP address.
If the master fails, one of the backup virtual routers assumes routing authority and takes control of
the virtual router IP address. For more information on VRRP, see the Alteon Application Switch
Operating System Application Guide.
VRRP information:
9: vrid
9, 2005:0:0:0:0:0:10:9
if 9, renter, prio 101, master
10: vrid 10, 10.10.10.50,
if 1, renter, prio 101, master
20: vrid 20, 2005:0:0:0:0:0:20:20
if 20, renter, prio 105, master, server
Using this command, when virtual routers are configured, you can view the status of each virtual
router. VRRP information includes:
Virtual router number
Virtual router ID and IP address
Interface number
Ownership status
OwnerIdentifies the preferred master virtual router. A virtual router is the owner when the
IP address of the virtual router and its IP interface are the same.
RenterIdentifies virtual routers which are not owned by this Alteon.
Priority valueDuring the election process, the virtual router with the highest priority becomes
master.
Activity status
MasterIdentifies the elected master virtual router.
BackupIdentifies that the virtual router is in backup mode.
Server statusThe server state identifies virtual routers that support Layer 4 services. These
are known as virtual server routers, any virtual router whose IP address is the same as any
configured virtual server IP address.
Proxy statusThe proxy state identifies virtual proxy routers, where the virtual router shares
the same IP address as a proxy IP address. Virtual proxy routers enable redundant Alteons to
share the same IP address, minimizing the number of unique IP addresses that must be
configured.
103

/info/l3/dump
Layer3 Dump Information

This dumps all the information about Layer 3 parameters. This dump is a collection of all the
individual commands described in the sections above.
IP information:
AS number 0
IPv6 Link Local Address Information:
Default gateway information: metric strict
Current IP forwarding settings: ON, dirbr disabled, noicmprd disabled, rtcache
enabled
Current local networks:
None
----------------------------------------------Current IPv6 local networks:
Current Allowed networks:
Current IPv4 allowed networks:
Id
Vlan NetAddress
---- ---- --------------1
220
10.10.10.0 - 10.10.10.3
NetMask
--------------255.255.255.0
Current IP port settings:

All other ports have forwarding ON
Current network filter settings:
none
Current route map settings:
Virtual Router Redundancy is globally turned OFF.
ARP cache information:
ARP cache is empty.
ARP address information:
There are no ARP addresses.
Route table information:
Status code: * - best
Destination
Mask
--------------- --------------* 127.0.0.0
255.0.0.0
* 224.0.0.0
224.0.0.0
* 255.255.255.255 255.255.255.255
104
Gateway
--------------0.0.0.0
0.0.0.0
255.255.255.255
Type
--------martian
martian
broadcast
Tag
Metr If
--------- ---- -martian
martian
broadcast

(continued)
OSPF is disabled.
BGP is disabled.
IPv6 Forwarding Table:
Total number of route6 entries: 0
IPv6 Multicast Routes Table:
IP6 neighbor cache entries:

Total dynamic neighbor cache entries: 0
Total local neighbor cache entries: 0
Other neighbor cache entries: 0
/info/slb
Layer 4 Information Menu

This menu and all sub-menus are only available in the vADC Administrator environment in ADC-VX
mode.
Server Load Balancing (SLB) lets you configure Alteon to balance user session traffic among a pool
of available servers that provide shared services. In an average network that employs multiple
servers without server load balancing, each server usually specializes in providing one or two unique
services. If one of these servers provides access to applications or data that is in high demand, it
can become overused. Placing this kind of strain on a server can decrease the performance of the
entire network as user requests are rejected by the server and then resubmitted by the user
stations. With this software feature, Alteon is aware of the services provided by each server and can
direct user session traffic to an appropriate server, based on a variety of load-balancing algorithms.
For detailed information on this feature, see the Alteon Application Switch Operating System
Application Guide:
[Server Load Balancing Information Menu]

sess
- Session Table Information Menu
gslb
- Global SLB Information Menu
real
- Show real server information
group
- Show real server group information
virt
- Show virtual server information
filt
- Show filter information
port
wlm
- Show Workload Manager information
idshash - Show IDS server selected by hash or minmisses metric
bind
- Show real server selected by hash, phash, or minmisses metric
bind6
- Show IPv6 real server selected by hash, phash, or minmisses
metric
cookie
- Decode the HEX value to get VIP, RIP and Rport
synatk
- Show SYN attack detection information
dump
- Show all layer 4 information
105

Table 37: Layer 4 Information Menu Options (/info/slb)

sess
Displays the Session Table Information menu. To view this menu, see /info/slb/sess
Session Table Information, page 107.
gslb
Displays the Global SLB Information menu. To view this menu, see /info/slb/gslb Global
SLB Information Menu, page 111.
real <real server number (1-1023)>

Displays the real server number, real IP address, MAC address, VLAN, physical port, layer
where the health check is performed, the health check ID and type, and the health check
result.
group <real server group number, 1-1024>

Displays the real server group information, the health check ID and type, and the health
check result.
virt <virtual server number (1-1024)>

Displays the following:
Virtual Server StateVirtual server number, IP address, virtual MAC address.
Virtual Port StateVirtual service or port, server port mapping, real server group,
group backup server, the health check ID and type, and the health check result.
filt <filter ID (1-2048)> |list|allow|deny|redir|nat

Displays the filter number, destination port, real server port, real server group, health
check layer, group backup server, URL for health checks, content class, and real server
group, IP address, backup server, and status.
port <port number>

Displays the physical port number, proxy IP address, filter status, a list of applied filters,
and client and/or server Layer 4 activity.
wlm <work_load_manager_number, 1 to 16>

Displays workload manager information.
idshash <IP address 1 IP address 2>

Displays the Intrusion Detection System server selected by the hash or minmisses
metric.
bind <IP address mask group number>

Displays the real server selected by the hash, phash, or minmisses metric.
bind6 <IPv6 address prefix length IPv6 group number>

Displays the IPv6 real server selected by the hash, phash, or minmisses metric.
cookie <16 or 20 bytes cookie value in HEX as 0xXXXXXXXXXXXXXXXX>

Decodes the hexadecimal value to get the virtual server IP address, real server IP
address, and real server port.
synatk
Displays SYN attack detection information. To identify if the server is under a SYN attack,
the number of new half open sessions is examined within a set period (for example,
every two seconds). This feature requires dbind to be enabled.
106

Table 37: Layer 4 Information Menu Options (/info/slb)

dump
Displays all Layer 4 information. For sample output, see /info/slb/dump Show All Layer 4
/info/slb/sess
Session Table Information

[Session Table Information Menu]
cip
- Show all session entries with source IP address
cip6
- Show all session entries with source IP6 address
cport
- Show all session entries with source port
dip
- Show all session entries with destination IP address
dip6
- Show all session entries with destination IP6 address
dport
- Show all session entries with destination port
pip
- Show all session entries with proxy IP address
pport
- Show all session entries with proxy port
filter
- Show all session entries with matching filter
flag
- Show all session entries with matching flag
port
- Show all session entries with ingress port
real
- Show all session entries with real IP address
sp
- Show all session entries on sp
dump
- Show all session entries
help
- Session entry description
Table 38: Session Information Menu Options (/info/slb/sess)

cip <IP address>
Displays all session entries with client's source IP address.
cip6 <IP6_address>
Display session entries with the specified IPv6 address.
cport <real port>

Displays all session entries with source (client) port.
dip <Destination IP address>

Displays all session entries with the destination IP address.
dip6 <IP6_address>
Display session entries with the specified IPv6 address.
dport <Destination real port>

Displays all session entries with destination port.
pip [v4|v6] <Proxy IP address>

Displays all session entries with proxy IP address.
pport <proxy port>

Displays all session entries with proxy port.
107

Table 38: Session Information Menu Options (/info/slb/sess)

filter <filter ID (1-2048)>
Displays all session entries with matching filter.
flag <E|L|N|P|S|Rt|Ru|Ri|Vi|Vr|Vs|Vm|Vd|U|W>
Displays all session entries with matching flag. For sample output and a description of
these statistics, see Table 39 - Session Dump Information, page 108.
port <port number>

Displays all session entries on the ingress port.
real [v4|v6] <IP address>

Displays all session entries with real server IP address.
sp <port number (1-4)>

Displays all session entries on the processor.
dump v4 | v6
Displays all session entries.
Values:
v4Displays IPv4 information
v6Displays IPv6 information
emptyDisplays all information
In a session entry dump, information similar to the following displays:
3, 01: 1.1.1.1 4586, 2.2.2.1 http -> 1.1.1.2 3567 3.3.3.1 http age 6
f:10 EUSPT c
(1) (2) (3) (4) (5) (6) (7a) (7) (8) (9) (10) (11) (12) (13)
The fields 1 through 13 in this example are described in Table 39 - Session Dump
For a set of more session entry dumps, see Table 40 - Session Dump Examples, page
111.
help
Displays the description of the session entry.
Table 39: Session Dump Information
Field
Description
(1) SP number
Indicates the Switch Processor (SP) number that created the session.
(2) Ingress port
Shows the physical port through which the client traffic enters
Alteon.
(3) Source IP address
Contains the source IP address from the client's IP packet in IPv4 or

IPv6.
(4) Source port
Identifies the source port from the client's TCP/UDP packet.
(5) Destination IP address
Identifies the destination IP address from the client's TCP/UDP

packet.
(6) Destination port
Identifies the destination port from client's TCP/UDP packet.
108

Field
Description
(7a) Proxy IP address
Contains the proxy IP address substituted by Alteon. This field

contains the real server IP address of the corresponding server that
Alteon selects to forward the client packet to for load balancing. If
Alteon does not find a live server, this field contains the same
information as the destination IP address mentioned in field (5).
This field also shows the real server IP address for filtering. No
address is shown if the filter action is Allow, Deny or NAT. It will show
"ALLOW", "DENY" or "NAT" instead.
(7) Proxy Port
Identifies the TCP/UDP source port substituted by Alteon.
(8) Real Server IP Address
For load balancing, this field contains the IP address of the real
server to which Alteon selects to forward a client packet. If Alteon
does not find a live server, this field is the same as destination IP
address (as in row 5). For example:
3,01: 1.1.1.1 1040, 2.2.2.1 http -> 3.3.3.1 http age 10

3,01: 1.1.1.1 6970, 2.2.2.1 rtsp -> 2.2.2.1
21220 age 10 P
For filtering, this field also shows the real server IP address. No
address is shown if the filter action is Allow, Deny or NAT. It will show
ALLOW, DENY or NAT instead. For example:
3,01: 1.1.1.1 1040, 2.2.2.1 http -> 3.3.3.1 http age 10

f:11
2,07: 1.1.1.1 1706, 2.2.2.1 http-> 192.168.4.10
linklb age 8 f:10 E
(9) Server port
This field is the same as the destination port (field 6) for load
balancing, except for the RTSP UDP session. For RTSP UDP session,
this server port is obtained from the client-server negotiation. This
field is the filtering application port for filtering. It is for internal use
only. This field can be urlwcr, wcr, idslb, linkslb or nonat.
(10) Age
This is the session timeout value. If no packet is received within the

value specified, the session is freed. For example, if you define Age
10, then the session is aged out in 10 minutes. If your define Age
160, then the session is aged out in 160 minutes.
The < symbol for the session entry indicates that slowage is used.
The user can configure slowage by using the command /cfg/slb/
adv/slowage.
When the holddown is not triggered, the session age value starts
with total-time-windows, and is decremented by one second until
zero, then resets to the next total-time-windows value.
When the holddown is triggered, the session age starts with (holddur
* 2), and is decremented after every X minutes, where X = 2 * 2 ^
slowage.
(11) Filter number
Indicates the session created by the filtering code as a result of the

IP header keys matching the filtering criteria.
(12) VLAN number
This field is the ingress port's VLAN.
109

Field
Description
(13) Flag
The list of flags include:
(14) Persistent session user

count
110
AcIndicates the session is application capping per-contract

entry.
AccIndicates the session has Application Services Engine

processing.
AuIndicates the session is application capping per-user entry.
BIndicates the session is through a back-end connection with

Application Services Engine processing.
EIndicates the session is established and will be aged out if no

traffic is received within session timeout value.
LIndicates the session is a link load balance session.
NIndicates no NAT, which means the session only translates

the destination MAC when forwarding client traffic to the real
server.
PIndicates the session is a persistent session and is not to be

aged out. Fields (6), (7), and (8) cannot have persistent
sessions.
SIndicates the session is a persistent session and the

application is SSL session ID, or cookie pbind.
RtIndicates the session is an SIP UDP rules session and is in

dependent mode. Some or all dependent rules are not yet
matched.
RmIndicates the session is an SIP UDP rules session and is in

monitor mode.
RrIndicates the session is an SIP UDP rules reverse session.
RtIndicates the session is TCP rate limiting for every client

entry.
RuIndicates UDP rate limiting for every client entry.
RiIndicates the session is ICMP rate limiting per-client entry.
VrIndicates the session is a SIP REGISTER session.
VsIndicates the session is a SIP SUBSCRIBE session.
ViIndicates the session is a SIP INVITE session.
VmIndicates the session is a SIP MESSAGE session.
VdIndicates the session is a SIP NAT data session.
ScIndicates the session is an opened server session used in

connection pooling.
UIndicates the session is Layer 7 delayed binding and Alteon is

trying to open a TCP connection to the real server.
W Indicates the session only translates the destination MAC

when forwarding Layer 7 WCR traffic to the real server.
This counter indicates the number of client sessions created to

associate with this persistent session.

Table 40: Session Dump Examples
Session
Session Entry Dump
L4 HTTP
3,01: 172.21.12.19 1040, 39.2.2.1 http -> 47.81.24.79 http age 4
L4-L7 WCR HTTP
2,16: 172.21.8.200 44687, 172.21.8.51 http -> 192.168.1.11 wcr

age 4 f:12 E
3,01: 172.21.12.19 1040, 39.2.2.1 http -> 47.81.24.79 urlwcr age
6 f:123 E
RTSP
The first session is RTSP TCP control connection.
L4-L7 RTSP
The second session is RTSP UDP data connection.
3,01: 172.21.12.19 4586, 39.2.2.1 rtsp -> 47.81.144.13 rtsp age

10 EU
3,01: 172.21.12.19 6970, 39.2.2.1 21220 -> 47.81.144.13 21220
age 10 P
During client-server port negotiation, the destination port shows "rtsp" and
server port shows "0".
3,01: 172.21.12.19 6970, 39.2.2.1 rtsp -> 47.81.144.13 0 age 10

P
L7 WCR RTSP
3,01: 172.21.12.19 4586, 39.2.2.1 rtsp -> 47.81.144.13 urlwcr

age 10 f:100 EU
3,01: 172.21.12.19 6970, 39.2.2.1 21220 -> 47.81.144.13 21220
age 10 P
Filtering LinkLB
2,07: 10.0.1.26 1706, 205.178.14.84 http -> 192.168.4.10 linklb

age 8 f:10 E
FTP
1,00: 172.31.4.215 80, 172.31.4.200 0 172.31.3.11 age 8 EP c:1

1,09: 172.31.4.215 4098, 172.31.4.200 ftp ->172.31.3.20 ftp age
10 EU
1,09: 172.31.4.215 4102, 172.31.4.200 ftp-data ->172.31.3.20
ftp-data age 10 E
NAT
2,05: 172.21.8.16 2559, 10.0.1.26 http NAT age 2 f:24 E
Persistent session The destination port, real server IP and server port are not shown for persistent
session.
3,00: 0xa476b182, 82.122.141.249 82.122.200.156 age 4 EPS c:3

Note: Refere to the info/slb/cookie command to decode the hexadecimal
value to get the IP address
/info/slb/gslb
Global SLB Information Menu

Alteon running Global SLB selects the most appropriate site to direct the client traffic for a given
domain during the initial client connection.
[Global SLB Information Menu]

virt
- Show Global SLB
site
- Show Global SLB
rule
- Show Global SLB
clntprox - Show Global SLB
geo
- Show Global SLB
pers
- Show Global SLB
dump
- Show all Global
virtual server information

remote site information
rule information
client proximity information
geographical preference information
DNS persistence cache information
SLB information
111

Table 41: Global SLB Information Menu Options (/info/slb/gslb)

virt virtual server number (1-1024)
Displays Global SLB virtual server information, such as the domain name of the virtual
server, the number of the local and remote virtual servers, the number of virtual services
on those virtual servers, and the group of real servers associated with the local and
remote virtual servers.
site
Displays the Global SLB remote site information.
rule
Displays the Global SLB rule information.
clntprox
Displays the Global SLB client proximity information.
geo
Displays the Global SLB geographical preference information.
pers <IP_Address>
Display the Global SLB DNS persistence cache information.
dump
Displays all Global SLB information.
112

/info/slb/dump
Show All Layer 4 Information

Real server state:
1: 160.160.160.1, 00:19:5b:7d:ab:3f, vlan
Real Server Group 1, health icmp (runtime
Virtual Services:
http: vport http
virtual server: 1, IP4 192.168.1.6
2: 160.160.160.2, 00:e0:4c:2c:24:80, vlan
10: 100.100.100.1, 00:19:5b:8b:11:0a, vlan
11: 100.100.100.2, 00:17:9a:b3:8e:af, vlan
8, port 25, health inherit, UP

ICMP)

Virtual server state:

1: IP4 192.168.1.6,
00:03:b2:9c:d5:03
Virtual Services:
http: rport http, group 1, health icmp (ICMP)
Real Servers:
1: 160.160.160.1, group ena, health (runtime ICMP), 0 ms, UP
IDS group state:
Redirect filter state:
Port state:
19:
proxy, client
25:
server
PIP State: port based
/info/bwm
Bandwidth Management Information Menu

mode.
Bandwidth Management (BWM) enables Web site managers to allocate a portion of the available
bandwidth for specific users or applications. It allows companies to guarantee that critical business
traffic, such as e-commerce transactions, receive higher priority versus non-critical traffic. Traffic
classification can be based on user or application information. BWM policies can be configured to set
lower and upper bounds on the bandwidth allocation.
[Bandwidth Management Information Menu]

ipuser
- BWM IP User Entries Information Menu
cont
- Show Bandwidth Management Contract information
Table 42: Bandwidth Management Information

ipuser
Displays the IP User Entries Information menu. To view this menu, see /info/bwm/ipuser
BWM IP User Information Menu, page 114.
cont
Displays the BWM contract information configured on this switch.
113

/info/bwm/ipuser
BWM IP User Information Menu

[BWM IP User Entries Information Menu]
ip
- Show all IP user entries with IP address
cont
- Show all IP user entries for a contract
sp
- Show all IP user entries on sp
dump
- Show all IP user entries
Table 43: BWM IP User Information Menu (/info/bwm/ipuser)

ip <IP address>
Displays the IP user entries for a specific IP address.
cont <BW Contract number, 1-1024>

Displays the IP user entries for a specific BWM contract.
sp <SP number (1-4)>

Displays the IP user entries on the Switch Processor (SP). The same fields as the
cont command display, but only for the specified SP number.
dump
Displays all the IP user entries. For sample output and a description of these
statistics, see /info/bwm/ipuser/dump BWM IP User Information Menu, page 114.
/info/bwm/ipuser/dump
BWM IP User Information Menu

SP Contract IP Address Age Octets Discards Allowed Offered
Rate Rate
-- -------- ---------------- --- ---------- ---------- ----2 11 11.0.1.100 86 21500000 301001440 1953 29297
2 10 11.0.1.100 86 1076600 0 97 97
2 10 11.0.1.107 16 199940 0 97 97
2 10 11.0.1.105 16 198402 0 96 96
2 10 11.0.1.106 16 199940 0 97 97
2 10 11.0.1.103 16 196864 0 96 96
2 10 11.0.1.104 16 204554 0 99 99
2 10 11.0.1.101 16 201478 0 98 98
2 10 11.0.1.102 16 198402 0 96 96
2 10 11.0.1.108 16 199940 0 97 97
2 10 11.0.1.109 16 203016 0 99 99
Field
Description
SP Rate
The Switch Processor number (1 through 4) of the ipuser entry.
Contract Rate
The BWM contract number of the ipuser entry.
IP address
The IP address of the ipuser entry.
Age
The age of the entry in seconds.
114

Field
Description
Octets
The number of octets processed on this ipuser entry.
Discards
The number of octets discarded on this ipuser entry.
Allowed Rate
The rate of traffic allowed for this IP address.
Offered Rate
The rate including the discards for this IP address.
/info/bwm/cont
BWM Contract Information

This command displays information about any configured contracts and the BWM policies applied to
the contracts.
Current Bandwidth Management setting: ON

Policy Enforcement: enabled
BWM history will be mailed in a minute
to 'abcd' at host '100.81.138.26
'
BWM IP user table entries 64k
Contract
Policy
Num Name
Prec Hard Soft Resv
1
123456789012345
2
1 50M
1M
2
vlan
4
1 60M
2M
3
filter
7
20
2M
1M
4
5
1
2M
1M
5
512
1
2M
1M
10
10
1
1M
0K
11
11
1 100M 80M
12
12
1
2M
1M
13
13
1
3M
1M
14
14
1
4M 400K
15
15
1
2M
1M
Per User
Traffic
Limit Key State Shaping
500K
- E
D
500K
- E
D
500K
- E
D
500K
- D
D
500K
- E
D
0K 500K sip
E
D
500K
2M sip
E
D
500K
- E
D
500K
- E
D
100K
- E
D
500K
- E
D
Table 45: BWM Contract Information
Field
Description
Contract
Displays the BWM contract number.
Policy
Displays specific information about a policy applied to a contract, including:
The policy number applied to the contract
PrecThe precedence applied to the policy
HardThe hard limit applied to the policy
SoftThe soft limit applied to the policy
ResvThe reserve limit applied to the policy
115

Table 45: BWM Contract Information
Field
Description
Per User
These two columns display information for an ipuser limit, if applied to the
contract. Includes the following:
LimitThe user rate limit applied to the ipuser.
KeyIf an ipuser rate limit is enforced, this field displays whether the user
limit is enforced on a source IP address (sip) or a destination IP address (dip).
State
Displays whether the BWM contract is enabled (E) or disabled (D).
Traffic Shaping
Displays whether traffic shaping is enabled (E) or disabled (D) for this contract.
/info/security
Security Information
mode.
[Security Information Menu]

port
- Show port security information
ipacl
- Show IP ACL information
udpblast - Show UDP blast protection information
dos
- Show protocol anomaly and DoS attack prevention information
dump
- Show all security information
Table 46: Security Information Menu (/info/security)

port
Displays the current port security settings.
ipacl
Displays the current IP ACL settings.
udpblast
Displays UDP blast protection settings.
dos
Displays DoS protection settings.
dump
Displays all security settings.
116

/info/link
Link Status Information

Use this command to display link status information about each port on an Alteon slot.
The following is an sample output of the /info/link command.
Alias
-----1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Port
---1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Speed
----10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
1000
1000
1000
1000
Duplex
-------any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
full
full
full
full
Flow Ctrl
--TX-----RX-yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
Link
-----down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
The information that displays includes:
Port Alias
Port number
Port speed (10, 100, 10/100, or 1000)
Duplex mode (half, full, any, or auto)
Flow control for transmit and receive (no, yes, or auto)
Link status (up or down)
117

/info/port
Port Information
In the Global Administrator environment, the port information is for all vADCs in ADC-VX
environment.
Alias
-----1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Port
---1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Tag
--n
y
y
y
y
y
n
n
n
n
n
n
n
n
n
n
RMON
---d
d
d
d
d
d
d
d
d
d
d
d
d
d
d
d
PVID
---1
6
6
6
1
1
1
1
1
1
1
1
1
1
1
1
BWC
----1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
NAME
-----------
VLAN(s)
---------------1
1
6
1
6
1
6
1
1
1
1
1
1
1
1
1
1
1
1
Shared
-------DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
The information that displays includes:
Port alias
Port number
Whether the port uses VLAN tagging or not (y or n)
Whether the remote monitor is enabled or disabled
Port VLAN ID (PVID)
Port name
VLAN membership
/info/swkey
Software Enabled Keys

Use this command to check the status of installed software keys. The permanent license displayed in
the output is the last permanent license installed on Alteon.
Notes
If a feature is removed with the /oper/rmkey command, the last permanent license installed
will still be displayed. The output of this command will still list removed features.
Radware temporary evaluation licenses will not be displayed in the command output.
For more information on license keys, see the Radware Alteon Installation and Maintenance Guide.
118

/info/dump
Information Dump
Use this command to dump all information available from the Information Menu (the dump output
may be 10K or more, depending on your configuration). This data is useful for tuning and debugging
Alteon performance.
If you want to capture dump data to a file, set your communication software on your workstation to
capture session data prior to issuing the dump command.
119

120
Chapter 5 The Statistics Menu

Using the sub-menus and commands under the Statistics menu, you can view Alteon performance
statistics in both the user and administrator command modes. This chapter includes the menus,
sub-menus, and commands to display Alteon statistics.
/stats
Statistics Menu
The following is an example of the Statistics menu and an explanation of the Statistics menu
options.
Figure 11: Global Administrator Statistics Menu

[Statistics Menu]
sys
- System Stats Menu
port
- Port Stats Menu
vadc
- vADC Statistics Menu
l2
- Layer 2 Stats Menu
mp
- MP-specific Stats Menu
dump
- Dump all stats
Figure 12: vADC Administrator or Standalone Statistics Menu

[Statistics Menu]
sys
- System Stats Menu
port
- Port Stats Menu
pmirr
- Port Mirroring Stats Menu
l2
l3
slb
- Server Load Balancing (Layer 4-7) Stats Menu
bwm
- Bandwidth Management Stats Menu
security - Security Stats Menu
mp
- MP-specific Stats Menu
sp
- SP-specific Stats Menu
dump
- Dump all stats
Table 47: Statistics Menu Options (/stats)

sys
Displays the System Statistics menu. To view this menu, see /stats/sys System
Statistics Menu, page 123.
port <port number>

Displays the Port Statistics Menu for the specified port. Use this menu to display
traffic statistics on a port-by-port basis. Traffic statistics are included in SNMP
Management Information Base (MIB) objects. To view this menu, see /stats/port
<port number> Port Statistics Menu, page 125.
121

The Statistics Menu
Table 47: Statistics Menu Options (/stats)

vadc <vADC ID | all>
Displays the vADC Statistics menu. This menu appears only on the Global
Administrator menu in ADC-VX mode. To view this menu, see /stats/vadc vADC
Include a vADC ID to see the statistics for a single vADC, or enter all to see the
statistics for all vADCs.
pmirr
Displays the Port Mirroring Statistics menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/pmirr
Port Mirroring Statistics Menu, page 140.
l2
Displays the Layer 2 Statistics menu. To view this menu, see /stats/l2 Layer 2
l3
Displays the Layer3 Statistics menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/l3
Layer 3 Statistics Menu, page 144.
slb
Displays the Server Load Balancing (SLB) menu. This menu appears only in the
vADC Administrator environment in ADC-VX mode. To view this menu, see /stats/
slb Server Load Balancing Statistics Menu, page 166.
bwm
Displays the Bandwidth Management menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/bwm/
hist BWM History Statistics, page 224.
security
Displays the Security Statistics menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/
security Security Statistics, page 226.
mp
Displays the MP-specific Statistics menu. Use this menu to view information on
how management processes and resources are currently being allocated. To view
this menu, see /stats/mp Management Processor Statistics, page 232.
sp <SP number>
Displays the SP-specific Statistics menu. Use this menu to view information on
how switch processes and resources are currently being allocated. This menu
appears only in the vADC Administrator environment in ADC-VX mode. To view
this menu, see /stats/sp <SP Number> SP-specific Statistics, page 236.
dump
Dumps all Alteon statistics. Use this command to gather data for tuning and
debugging performance. If you want to capture dump data to a file, set your
communication software on your workstation to capture session data prior to
issuing the dump command. For details, see /stats/dump Dump Statistics,
page 238.
122

The Statistics Menu
/stats/sys
System Statistics Menu

This menu displays traffic statistics for the entire system.
[System Statistics Menu]

access
- System Access Menu
mgmt
- Show management port stats
ntp
- Show NTP server stats
snmp
- Show SNMP stats
dump
- Dump system stats
Table 48: System Statistics Menu Options (/stats/sys)

access
Displays the System Access menu. To view this menu, see /stats/sys/access System
Access Statistics Menu, page 123
mgmt
Displays interface statistics for the Management Port. For sample output, see /stats/
sys/mgmt Management Port Statistics, page 124.
ntp [clear]
Displays Network Time Protocol (NTP) statistics. You can optionally include the clear
option to delete all NTP statistics.
snmp
Show SNMP statistics.
dump
Dump system statistics.
/stats/sys/access
System Access Statistics Menu

[System Access Statistics Menu]
mgmt
- Show management network stats
vlan
- Show VLAN management access stats
dump
- Dump system access stats
Table 49: System Access Statistics Menu

mgmt
Displays the management network statistics (blocked packets).
In the Global Administrator environment in ADC-VX mode these are the statistics for the
managed vADCs only.
vlan
Displays the VLAN management access statistics (blocked packets).
In the vADC Administrator environment in ADC-VX mode only the statistics for the
associated VLAN display.
123

The Statistics Menu
Table 49: System Access Statistics Menu

dump
Dump system statistics.
/stats/sys/mgmt
Management Port Statistics

The following is sample output for management port statistics, and a description of these statistics:
Management port interface

RX bytes:
RX packets:
RX errors:
RX dropped:
RX overruns:
RX frame errors:
RX multicast:
statistics:
0
TX bytes:
0
TX packets:
0
TX errors:
0
TX dropped:
0
TX overruns:
0
TX carrier errors:
0
TX collisions:
0
0
0
0
0
0
0
Management port statistics are described in the following table:
Table 50: Management Port Statistics (/stats/mgmt)
Statistic
Description
RX bytes
The total number of incoming bytes successfully transferred by the interface.
RX packets
The total number of incoming packets successfully transferred by the

interface.
RX errors
The number of bad packets received.
RX dropped
The number of incoming packets that were dropped due to lack of receive
buffers.
RX overruns
The number of received packets that were dropped because their size
exceeded that of the receive queue.
RX frame errors
The number of incoming packets dropped due to IP framing errors.
RX multicast
The number of multicast packets received.
TX bytes
The total number of outgoing bytes successfully transferred by the interface.
TX packets
The total number of outgoing packets successfully transferred by the

interface.
TX errors
The number of packets dropped due to transmission problems.
TX dropped
The number of packets dropped due to lack of transmit buffers.
TX overruns
The number of packets dropped because size exceeded that of the transmit
queue.
TX carrier errors
Not applicable.
TX collisions
The number of collisions due to congestion on the medium. Collisions occur

when two or more stations are transmitting signals at the same time.
124

The Statistics Menu
/stats/port <port number>
Port Statistics Menu

This menu displays traffic statistics on a port-by-port basis. Traffic statistics include SNMP
Management Information Base (MIB) objects.
In ADC-VX mode, vADC port statistics are only for those ports that are associated with the selected
vADC.
[Port Statistics Menu]

brg
- Show bridging ("dot1") stats
ether
- Show Ethernet ("dot3") stats
if
- Show interface ("if") stats
ip
- Show Internet Protocol ("IP") stats
link
- Show link stats
rmon
- Show RMON stats
dump
- Dump port stats
clear
- Clear all port stats
Table 51: Port Statistics Menu Options (/stats/port)

brg
Displays bridging ("dot1") statistics for the port. For sample output and a description of
these statistics, see /stats/port<port number>/brg Bridging Statistics, page 126.
ether
Displays Ethernet ("dot1") statistics for the port. For sample output and a description of
these statistics, see /stats/port <port number> /ether Ethernet Statistics, page 127.
if
Displays interface statistics for the port. For sample output and a description of these
statistics, see /stats/port <port number> /if Interface Statistics, page 130.
ip
Displays IP statistics for the port. This command appears only in the vADC Administrator
environment in ADC-VX mode. For sample output and a description of these statistics,
see /stats/port <port number> /ip Interface Protocol Statistics, page 131.
link
Displays link statistics for the port. For sample output and a description of these
statistics, see /stats/port <port number> /link Link Statistics, page 132.
rmon
Displays Remote Monitor (RMON) statistics for the port. For sample output and a
description of these statistics, see /stats/port <port number> /rmon RMON Statistics,
page 133.
dump
Displays all the port statistics.
clear
Clears all the statistics on this port.
125

The Statistics Menu
/stats/port<port number>/brg
Bridging Statistics
This menu option lets you display the bridging statistics of the selected port.
Bridging statistics for port 1:

dot1PortInFrames:
dot1PortOutFrames:
dot1PortInDiscards:
dot1TpLearnedEntryDiscards:
dot1BasePortDelayExceededDiscards:
dot1BasePortMtuExceededDiscards:
dot1StpPortForwardTransitions:
63242584
63277826
0
0
NA
NA
0
Port bridging statistics are described in the following table:
Table 52: Port Bridging Statistics (/stats/port/brg)
Statistic
Description
dot1PortInFrames
The number of frames that have been received by this port from its
segment. A frame received on the interface corresponding to this port
is only counted by this object only if it is for a protocol being processed
by the local bridging function, including bridge management frames.
dot1PortOutFrames
The number of frames that have been transmitted by this port to its
segment.
Note: A frame transmitted on the interface corresponding to this
port is only counted by this object only if it is for a protocol being
processed by the local bridging function, including bridge
management frames.
dot1PortInDiscards
Number of valid frames received which were discarded (that is,

filtered) by the forwarding process.
dot1TpLearnedEntry
Discards
The total number of forwarding database entries which have been or

would have been learnt, but have been discarded due to a lack of
space to store them in the forwarding database. If this counter is
increasing, it indicates that the forwarding database is regularly
becoming full (a condition which may have negative performance
effects on the subnetwork). If this counter has a very large value but is
not presently increasing, it indicates that the problem has been
occurring but is not persistent.
dot1BasePortDelay
ExceededDiscards
The number of frames discarded by this port due to excessive transit

delay through the bridge. It is incremented by both transparent and
source route bridges.
dot1BasePortMtu
ExceededDiscards
The number of frames discarded by this port due to excessive size. It is

incremented by both transparent and source route bridges.
dot1StpPortForward
Transitions
The number of times this port has transitioned from the learning state
to the forwarding state.
126

The Statistics Menu
/stats/port <port number> /ether
Ethernet Statistics
This menu option lets you display the ethernet statistics of the selected port.
Ethernet statistics for port 1:

dot3StatsAlignmentErrors:
dot3StatsFCSErrors:
dot3StatsSingleCollisionFrames:
dot3StatsMultipleCollisionFrames:
dot3StatsSQETestErrors:
dot3StatsDeferredTransmissions:
dot3StatsLateCollisions:
dot3StatsExcessiveCollisions:
dot3StatsInternalMacTransmitErrors:
dot3StatsCarrierSenseErrors:
dot3StatsFrameTooLongs:
dot3StatsInternalMacReceiveErrors:
dot3CollFrequencies [1-15]:
0
0
0
0
NA
0
0
0
NA
0
0
0
NA
Port Ethernet statistics are described in the following table:
Table 53: Port Ethernet Statistics (/stats/port/ether)
Statistic
Description
dot3StatsAlignmentErrors
The number of frames received on a particular interface that are not

an integral number of octets in length and do not pass the Frame
Check Sequence (FCS) check.
This number is incremented when the alignmentError status is
returned by the MAC service to the Logical Link Control (LLC) (or
another MAC user). Received frames for which multiple error
conditions are generated are counted exclusively according to the
error status presented to the LLC (as per IEEE 802.3 Layer
Management).
dot3StatsFCSErrors
The number of frames received on a particular interface that are an

integral number of octets in length but do not pass the Frame Check
Sequence (FCS) check. This number does not include frames
received with frame-too-long or frame-too-short errors.
This number is incremented when the frameCheckError status is
returned by the MAC service to the LLC (or another MAC user).
Received frames for which multiple error conditions are obtained are
counted exclusively according to the error status presented to the
LLC (as per IEEE 802.3 Layer Management).
Note: Coding errors detected by the physical layer for speeds
above 10 Mb/s cause the frame to fail the FCS check.
127

The Statistics Menu
Table 53: Port Ethernet Statistics (/stats/port/ether) (cont.)
Statistic
Description
dot3StatsSingleCollisionFrames
The number of successfully transmitted frames on a particular

interface for which transmission is inhibited by exactly one collision.
The counted frame is also counted by the corresponding instance of
either the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts
objects, and is not counted by an instance of the
dot3StatsMultipleCollision-Frame object.
Note: This counter does not increment when the interface is
operating in full-duplex mode.
dot3StatsMultipleCollisionFrames
The number of successfully transmitted frames on a particular

interface for which transmission is inhibited by more than one
collision.
The counted frame is also counted by the corresponding instance of
either the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts
objects, and is not counted by the corresponding instance of the
dot3StatsSingleCollision-Frames object.
dot3StatsSQETest-Errors
The number of times that the SQE TEST ERROR message is

generated by the PLS sub layer for a particular interface. The SQE
TEST ERROR is set in accordance with the rules for the verification of
the SQE detection mechanism in the PLS Carrier Sense Function, as
described in IEEE Std.802.3-1998 Edition, section 7.2.4.6.
dot3StatsDeferredTransmissions
The number of frames for which the first transmission attempt on a

particular interface is delayed because the medium is busy. This
number does not include frames involved in collisions.
dot3StatsLate-Collisions
The number of times that a collision is detected on a particular

interface later than one slotTime into the transmission of a packet.
Five hundred and twelve bit-times corresponds to 51.2 microseconds
on a 10 Mbit/s system. A late collision included in this count is also
considered as a generic collision for purposes of other collisionrelated statistics.
dot3StatsExcessiveCollisions
The number of frames for which transmission on a particular

interface fails due to excessive collisions.
128

The Statistics Menu
Table 53: Port Ethernet Statistics (/stats/port/ether) (cont.)
Statistic
Description
dot3StatsInternalMacTransmitErrors
The number of frames for which transmission on a particular

interface fails due to an internal MAC sub layer transmit error. A
frame is only counted if it is not counted by the corresponding
instance of either the dot3StatsLateCollisions object, the
dot3StatsExcessiveCollisions object, or the dot3StatsCarrierSenseErrors object.
The precise meaning of this count is implementation-specific. In
particular, an instance of this object may represent a count of
transmission errors on a particular interface that are not otherwise
counted.
dot3StatsCarrier-SenseErrors The number of times that the carrier sense condition was lost or
never asserted when attempting to transmit a frame on a particular
interface.
This number is incremented at most once per transmission attempt,
even if the carrier sense condition fluctuates during a transmission
attempt.
dot3StatsFrameToo-Longs
The number of frames received on a particular interface that exceed

the maximum permitted frame size.
This number is incremented when the frameTooLong status is
returned by the MAC service to the LLC (or another MAC user).
Received frames for which multiple error conditions are obtained are
counted exclusively according to the error status presented to the
LLC, as per IEEE 802.3 Layer Management.
dot3StatsInternalMacReceiveErrors
The number of frames for which reception on a particular interface

fails due to an internal MAC sub-layer receive error. A frame is only
counted if it is not counted by the corresponding instance of either
the dot3StatsFrameTooLongs object, the dot3Stats-AlignmentErrors
object, or the dot3StatsFCSErrors object.
The precise meaning of the count is implementation-specific. In
particular, an instance of this object may represent a count of
received errors on a particular interface that are not otherwise
counted.
dot3Coll-Frequencies
The number of individual MAC frames for which the transmission

(successful or otherwise) on a particular interface occurs after the
frame has experienced exactly the number of collisions specified by
the index.
For example, a frame which is transmitted after experiencing exactly
four collisions would be indicated by incrementing only
dot3CollFrequencies [4]. No other instance of dot3CollFrequencies
would be incremented in this example.
129

The Statistics Menu
/stats/port <port number> /if
Interface Statistics
This menu option lets you display the interface statistics of the selected port.
Interface statistics for port 1:

Octets:
UcastPkts:
BroadcastPkts:
MulticastPkts:
Discards:
Errors:
Per second Interface statistics:
Octets:
UcastPkts:
Discards:
Errors:
ifHCIn Counters
51697080313
65356399
0
0
0
0
ifHCOut Counters
51721056808
65385714
6516
0
0
0
0
0
0
0
0
0
0
0
Port interface statistics are described in the following table:
Table 54: Port Interface Statistics Port (/stats/port/if)
Statistic
Description
ifHCInOctets
The number of octets in valid MAC frames received on the interface,

including the MAC header and FCS. This does include the number of
octets in valid MAC control frames received on this interface.
ifHCInUcastPkts
The number of packets delivered by this sub-layer to a higher sublayer, which were not addressed to a multicast or broadcast address
at this sub-layer.
ifHCInBroadcastPkts
The number of packets delivered by this sub-layer to a higher sublayer, which were addressed to a broadcast address at this sublayer.
ifHCInMulticastPkts
The number of packets delivered by this sub-layer to a higher layer

or sub-layer, which were addressed to a multicast address at this
sub-layer. For a MAC layer protocol, this includes both group and
functional addresses.
ifHCInDiscards
The number of inbound packets which were chosen to be discarded

even though no errors had been detected to prevent their being
delivered to a higher-layer protocol. One possible reason for
discarding such a packet could be to free up buffer space.
ifHCInErrors
The sum for this interface of dot3statsAlignmentErrors,

dot3StatsFCSErrors, dot3StatsFrameTooLongs,
dot3StatsInternalMacReceiveErrors and
dot3StatsCarrierSenseErrors.
ifHCOutOctets
The number of octets transmitted in valid MAC frames on this

interface, including the MAC header and FCS. This does not include
the number of octets in valid MAC control frames transmitted on this
interface.
ifHCOutUcastPkts
The total number of packets that higher-level protocols requested to

be transmitted, and which were not addressed to a multicast or
broadcast address at this sub-layer, including those that were
discarded or not sent.
130

The Statistics Menu
Table 54: Port Interface Statistics Port (/stats/port/if) (cont.)
Statistic
Description
ifHCOutBroadcastPkts

be transmitted, and which were addressed to a broadcast address
at this sub-layer, including those that were discarded or not sent.
ifHCOutMulticastPkts

be transmitted, and which were addressed to a multicast address at
this sub-layer, including those that were discarded or not sent. For a
MAC layer protocol, this includes both group and functional
addresses.
ifHCOutDiscards
The number of outbound packets which were chosen to be

discarded even though no errors had been detected to prevent their
being transmitted. One possible reason for discarding such a packet
could be to free up buffer space.
ifHCOutErrors
The sum for this interface of: dot3statsSQETestErrors,

dot3StatsLateCollisions, dot3StatsExcessiveCollisions,
dot3StatsInternalMacTransmitErrors dot3StatsCarrierSenseErrors,
and any errors transmitting a frame on a physical port, such as
invalid port-to-SP mapping, LetterQueueArray corruption, data
mover buffer allocation failure, overflow, and so on.
/stats/port <port number> /ip
Interface Protocol Statistics

This menu option lets you display the interface statistics of the selected port.
IP statistics for port 1:

ipInReceives:
ipInAddrErrors:
ipInUnknownProtos:
ipInDelivers:
ipTtlExceeds:
ipLANDattacks:
0
0
0
0
0
0
ipForwDatagrams:
ipInDiscards:
0
0
Interface protocol statistics are described in the following table:
Table 55: Interface Protocol Statistics (/stats/port/ip)
Statistic
Description
ipInReceives
The total number of input datagrams received from interfaces,

including those received in error.
ipInAddrErrors
The number of input datagrams discarded because the IP address in

their IP header's destination field was not a valid address to be
received on Alteon. This count includes invalid addresses (for
example, 0.0.0.0) and addresses of unsupported classes (for
example, Class E). For entities which are not IP gateways and
therefore do not forward datagrams, this counter includes
datagrams discarded because the destination address was not a
local address.
131

The Statistics Menu
Table 55: Interface Protocol Statistics (/stats/port/ip) (cont.)
Statistic
Description
ipForwDatagrams
The number of input datagrams for which Alteon was not their final
IP destination, resulting in an attempt to find a route to forward
them to that final destination. In entities which do not act as IP
gateways, this counter includes only those packets which were
source-routed via Alteon, and the source-route option was
processed successfully.
ipInUnknownProtos
The number of locally-addressed datagrams received successfully

but discarded because of an unknown or unsupported protocol.
ipInDiscards
The number of input IP datagrams for which no problems were

encountered to prevent their continued processing, but which were
discarded (for example, for lack of buffer space).
Note: This counter does not include any datagrams discarded
while awaiting re-assembly.
ipInDelivers
The total number of input datagrams successfully delivered to IP

user protocols (including ICMP).
ipTtlExceeds
The number of IP datagram for which an ICMP TTL exceeded

message was sent.
ipLANDattacks
The number of packets that have the same source and destination IP
address.
/stats/port <port number> /link
Link Statistics
This menu option lets you display the link statistics of the selected port.
Link statistics for port 1:

linkStateChange:
Link statistics are described in the following table:
Table 56: Link Statistics (/stats/port/link)
Statistics
Description
linkStateChange
The total number of link state changes.
132

The Statistics Menu
/stats/port <port number> /rmon
RMON Statistics
This menu option lets you display the remote monitor statistics of the selected port.
RMON statistics for port 1:

etherStatsDropEvents:
etherStatsOctets:
etherStatsPkts:
etherStatsBroadcastPkts:
etherStatsMulticastPkts:
etherStatsCRCAlignErrors:
etherStatsUndersizePkts:
etherStatsOversizePkts:
etherStatsFragments:
etherStatsJabbers:
etherStatsCollisions:
etherStatsPkts64Octets:
etherStatsPkts65to127Octets:
0
129677
1485
734
712
0
0
0
0
0
0
954
578
35
26
16
8
RMON statistics are described in the following table:
Table 57: Remote Monitor Statistics (/stats/port/rmon)
Statistics
Description
etherStatsDrop Events
The total number of events in which packets were dropped by

the probe due to lack of resources.
Note: This number is not necessarily the number of packets
droppedit is just the number of times this condition has
been detected.
etherStatsOctets
The total number of octets of data (including those in bad

packets) received on the network (excluding framing bits but
including FCS octets).
This object can be used as a reasonable usage estimate (which
is the percent usage of the Ethernet segment). If you require
greater precision, the etherStatsPkts and etherStatsOctets
objects should be sampled before and after a common interval.
As shown in the following example, the differences in the
sampled values are Pkts and Octets, respectively, and the
number of seconds in the interval is Interval. These values
calculate the usage, as follows:
( Pkts ( 9.6 + 6.4 ) + ( Octets 0.8 ) )
Usage = -----------------------------------------------------------------------------------------Interval 10000
The result of this equation is the percent value of usage.
etherStatsPkts
The total number of packets (including bad packets, broadcast

packets, and multicast packets) received.
etherStatsBroadcastPkts
The total number of good packets received that were directed

to the broadcast address.
Note: This does not include multicast packets.
133

The Statistics Menu
Table 57: Remote Monitor Statistics (/stats/port/rmon) (cont.)
Statistics
Description
etherStatsMulticastPkts
The total number of good packets received that were directed

to a multicast address.
Note: This number does not include packets directed to the
broadcast address.
etherStatsCRCAlign Errors
The total number of packets received that had a length

(excluding framing bits, but including Frame Check Sequence
[FCS] octets) of between 64 and 1518 octets, inclusive, but had
either a bad FCS with an integral number of octets (FCS Error),
or a bad FCS with a non-integral number of octets (Alignment
Error).
etherStatsUndersizePkts
The total number of packets received that were less than 64

octets long (excluding framing bits, but including FCS octets)
and were otherwise well-formed.
etherStatsOversizePkts
The total number of packets received that were longer than

1518 octets (excluding framing bits, but including FCS octets)
and were otherwise well formed.
etherStatsFragments
The total number of packets received that were less than 64

octets in length (excluding framing bits but including FCS
octets) and had either a bad FCS with an integral number of
octets (FCS Error). or a bad FCS with a non-integral number of
octets (Alignment Error).
Note: It is expected that etherStatsFragments increments.
This is because it counts both runts (which are normal
occurrences due to collisions) and noise hits. A runt is a
packet that is less than 64 bytes.
etherStatsJabbers
The total number of packets received that were longer than

1518 octets (excluding framing bits, but including FCS octets),
and had either a bad FCS with an integral number of octets
(FCS Error), or a bad FCS with a non-integral number of octets
(Alignment Error).
Note: This definition of jabber is different than the definition
in IEEE-802.3 section 8.2.1.5 (10Base-5) and section
10.3.1.4 (10Base-2). These documents define jabber as the
condition where any packet exceeds 20 milliseconds. The
allowed range to detect jabber is between 20 milliseconds
and 150 milliseconds.
134

The Statistics Menu
Table 57: Remote Monitor Statistics (/stats/port/rmon) (cont.)
Statistics
Description
etherStats-Collisions
The best estimate of the total number of collisions on this

Ethernet segment.
The value returned depends on the location of the RMON probe.
Section 8.2.1.3 (10Base-5) and section 10.3.1.3 (10Base-2) of
IEEE standard 802.3 state that a station must detect a collision
in the receive mode if three or more stations are transmitting
simultaneously. A repeater port must detect a collision when
two or more stations are transmitting simultaneously. As a
result, a probe placed on a repeater port could record more
collisions than a probe connected to a station on the same
segment would.
Probe location plays a much smaller role when considering
10Base-T. 14.2.1.4 (10Base-T) of IEEE standard 802.3 defines
a collision as the simultaneous presence of signals on the DO
and RD circuits (transmitting and receiving at the same time).
A 10Base-T station can only detect collisions when it is
transmitting. As a result, probes placed on a station and a
repeater should report the same number of collisions.
Note: An RMON probe inside a repeater should ideally report
collisions between the repeater and one or more other hosts
(transmit collisions as defined by IEEE 802.3k), plus receiver
collisions observed on any coaxial segments to which the
repeater is connected.
etherStatsPkts64-Octets
The total number of packets (including bad packets) received

that were 64 octets in length (excluding framing bits, but
including FCS octets).
etherStatsPkts65-to127Octets

that were between 65 and 127 octets in length (excluding
framing bits, but including FCS octets).

framing bits but including Frame Check Sequence (FCS)
octets).

framing bits but including FCS octets).

etherStatsPkts-1024to1518Octets The total number of packets (including bad packets) received

135

The Statistics Menu
/stats/port <port number> /dump
Port Dump Statistics

This menu option lets you display dump statistics of the selected port.
Bridging statistics for port 1:

dot1PortInFrames:
1284
dot1PortOutFrames:
142
dot1PortInDiscards:
130
dot1TpLearnedEntryDiscards:
0
dot1BasePortDelayExceededDiscards:
NA
dot1BasePortMtuExceededDiscards:
NA
dot1StpPortForwardTransitions:
2
--------------------------------------------------------Ethernet statistics for port 1:
dot3StatsAlignmentErrors:
0
dot3StatsFCSErrors:
0
dot3StatsSingleCollisionFrames:
0
dot3StatsMultipleCollisionFrames:
0
dot3StatsSQETestErrors:
NA
dot3StatsDeferredTransmissions:
0
dot3StatsLateCollisions:
0
dot3StatsExcessiveCollisions:
0
dot3StatsInternalMacTransmitErrors:
NA
dot3StatsCarrierSenseErrors:
1
dot3StatsFrameTooLongs:
0
dot3StatsInternalMacReceiveErrors:
0
dot3CollFrequencies [1-15]:
NA
--------------------------------------------------------Interface statistics for port 1:
ifHCIn Counters
ifHCOut Counters
Octets:
124166
19560
UcastPkts:
39
27
BroadcastPkts:
631
14
MulticastPkts:
614
101
Discards:
130
0
Errors:
1
0
Per second Interface statistics:
Octets:
0
0
UcastPkts:
0
0
Discards:
0
0
Errors:
0
0
136

The Statistics Menu
(continued)
--------------------------------------------------------IP statistics for port 1:
ipInReceives:
0
ipInAddrErrors:
0
ipForwDatagrams:
0
ipInUnknownProtos:
0
ipInDiscards:
0
IpInDelivers:
0
ipTtlExceeds:
0
ipLANDattacks:
0
--------------------------------------------------------Link statistics for port 1:
linkStateChange:
3
--------------------------------------------------------RMON statistics for port 1:
etherStatsDropEvents:
0
etherStatsOctets:
123840
etherStatsPkts:
1406
etherStatsBroadcastPkts:
698
etherStatsMulticastPkts:
etherStatsCRCAlignErrors:
etherStatsUndersizePkts:
etherStatsOversizePkts:
etherStatsFragments:
etherStatsJabbers:
etherStatsCollisions:
etherStatsPkts64Octets:
669
0
0
0
0
0
0
906
548
35
25
16
8
/stats/vadc
vADC Statistics Menu

This sub-menu only appears on the Global Administrator Statistics menu in ADC-VX mode.
[Global vADC
limit
sp
mp
dump
Statistics Menu]
- vADC throughput limits statistics
- vADC MP-specific Stats Menu
- vADC MP-specific Stats Menu
- Dump all stats
Table 58: Global vADC Statistics Menu

limit
Displays a summary of all vADCs throughput consumption. For sample output and
a description of these statistics, see /stats/vadc/limit vADC Throughput Limit
Statistics, page 138.
137

The Statistics Menu
Table 58: Global vADC Statistics Menu (cont.)

sp
Displays the vADC SP-specific Statistics menu. To view this menu, see /stats/
vadc/sp vADC SP-specific Statistics Menu, page 138.
mp
Displays the vADC MP-specific Statistics menu. To view this menu, see /stats/
vadc/mp vADC vMP-specific (Management Processor) Statistics Menu, page 139.
dump
Displays all vADC statistics for the selected vADC.
/stats/vadc/limit
vADC Throughput Limit Statistics

>> Global - Configuration# /stat/vadc/limit
Enter vADC Number [1-28, all]: all
vADC
Name
Ave. Throughput(MB)
Throughput limit Max Throughput(Mb)
---- -------- ---------------------------------- -----------------1
vADC-1
100
200
2100
2
vADC-2
540
1000
2100
vADC
---1
2
Name
-------vADC-1
vADC-2
Ave. SSL(CPS)
------------------3000
100
SSL limit
---------------4200
500
Max SSL(CPS)
-----------------4200
1400
vADC
---1
2
Name
-------vADC-1
vADC-2
Ave. Compression(MB)
-------------------0
0
Compression limit Max Compression(MB)

----------------- -----------------100
150
0
0
/stats/vadc/sp
vADC SP-specific Statistics Menu

[SP-specific Statistics: vADC 1 Menu]
cpu
- Show CPU utilization
mem
- Show Memory utilization
Table 59: vADC SP-specific Statistics Menu

cpu
Displays resource usage per vADC CPU. For sample output and a description of
these statistics, see /stats/vadc/sp/mem vADC SP Memory Statistics, page 139.
mem
Displays SP memory usage. For sample output and a description of these
statistics, see /stats/vadc/sp/mem vADC SP Memory Statistics, page 139.
138

The Statistics Menu
/stats/vadc/sp/cpu
vADC CPU Statistics

>> Global - vADC 1 SP-specific Statistics# cpu
vADC 1 SP allocation - SP1, SP2
-----------------------------------------------------------------CPU utilization for vADC 1:
cpuUtil1Second:
98%
cpuUtil4Seconds:
98%
cpuUtil64Seconds:
97%
CPU utilization statistics are described in the following table:
Table 60: CPU Statistics (stats/vadc/sp/cpu)
Statistic
Description
cpuUtil1Second
The percentage of CPU usage for the vADC as measured over the
last one-second interval.
cpuUtil4Seconds
last four-second interval.
cpuUtil64Seconds
last 64-second interval.
/stats/vadc/sp/mem
vADC SP Memory Statistics

vADC 1 SP allocation SP 1 Memory utilization
Current memory:
Hi water mark :
Allowed Max:
1511156 KBytes
1511164 KBytes
1624443 KBytes
Table 61: vADC SP Memory Statistics (stats/vadc/sp/mem)
Statistic
Description
Current memory
Current memory usage for the vADC.
Hi water mark
Peak memory usage for the vADC.
Allowed Max
Allowed maximum memory usage for the vADC.
/stats/vadc/mp
vADC vMP-specific (Management Processor) Statistics Menu

[vADC 20 - vMP-specific Statistics: vADC 1 Menu]
cpu
139

The Statistics Menu
MP-specific utilization statistics are described in the following table:
Table 62: vADC vMP-specific Statistics Menu

cpu
Displays CPU utilization for periods of up to 1, 4, and 64 seconds. To view a
sample output and a description of the statistics, see /stats/mp/cpu CPU
/stats/vadc/mp/cpu
vADC CPU Utilization Statistics

This menu option lets you display the CPU utilization statistics on the MP.
CPU utilization:
cpuUtil1Second:
cpuUtil4Seconds:
cpuUtil64Seconds:
100%
100%
100%
Table 63: CPU Statistics (stats/mp/cpu)
Statistic
Description
cpuUtil1Second
last one-second interval.
cpuUtil4Seconds
last four-second interval.
cpuUtil64Seconds
last 64-second interval.
/stats/pmirr
Port Mirroring Statistics Menu

This menu displays port mirroring statistics for all ports.
[Port Mirroring Statistics Menu]

dump
- Show port mirroring stats
clear
- Clear all port mirroring stats
140

The Statistics Menu
Table 64: PMIRR Statistics Menu Options (/stats/pmirr)

dump
Displays all mirrored port statistics.
In many cases, vADCs use dedicated VLANs and shared interfaces for network
connectivity. In such cases, multiple vADCs share an interface, which results in
aggregated port counters. vADC requires that only traffic information relevant to the
specific vADC be counted and displayed. For example, a shared interface supporting 10
vADCs displays a counter per vADC, while counting egress and ingress traffic per vMAC.
The dump option displays traffic on port ingress and egress. For vADC administrators
using port mirroring option, only information related to their vADC displays, that is the
VLAN interface, vMAC of a shared interface, and ports associated only with the target
vADC.
clear
Clears the port statistics.
/stats/l2
Layer 2 Statistics Menu

[Layer 2 Statistics Menu]
fdb
- Show FDB stats
lacp
- Show LACP stats
stg
- Show STG stats
dump
- Dump layer 2 stats
Table 65: Layer 2 Statistics Menu Options (/stats/l2)

fdb
Displays the forwarding database statistics. For sample output and a description of
these statistics, see /stats/l2/fdb FDB Statistics, page 142.
lacp
<port number (1 to max num ports)>

Displays Link Aggregation Control Protocol statistics. For sample output and a
description of these statistics, see /stats/l2/lacp LACP Statistics, page 142.
stg
Displays Spanning Tree Group statistics. For sample output and a description of these
statistics, see /stats/l2/stg Spanning Tree Group Statistics, page 143.
dump
Dump the Layer 2 statistics.
141

The Statistics Menu
/stats/l2/fdb
FDB Statistics
This menu option lets you display statistics regarding the use of the forwarding database, including
the number of new entries, finds, and unsuccessful searches.
FDB statistics:
creates:
current:
lookups:
finds:
find_or_c's:
max:
9611
58
850254
5832
11874
16384
deletes:
hiwat:
lookup fails:
find fails:
overflows:
9553
65
151373
0
0
FDB statistics are described in the following table:
Table 66: Forwarding Database Statistics (/stats/l2/fdb)
Statistic
Description
creates
Number of entries created in the forwarding database.
current
Current number of entries in the forwarding database.
lookups
Number of entry lookups in the forwarding database.
finds
Number of successful searches in the forwarding database.
find_or_c's
Number of entries found or created in the forwarding database.
deletes
Number of entries deleted from the forwarding database.
hiwat
Highest number of entries recorded at any given time in the forwarding database.
lookup fails
Number of unsuccessful searches made in the forwarding database.
find fails
Number of search failures in the forwarding database.
overflows
Number of entries overflowing the forwarding database.
max
Number of maximum forwarding database entries supported by Alteon.
/stats/l2/lacp
LACP Statistics
>> Layer 2 Statistics# lacp 1
port 1
Valid LACPDUs received
Valid Marker PDUs received
Valid Marker Rsp PDUs received
Unknown version/TLV type
Illegal subtype received
LACPDUs transmitted
Marker PDUs transmitted
Marker Rsp PDUs transmitted
142
9394
0
0
0
0
8516
0
0

The Statistics Menu
LACP statistics are described in the following table:
Table 67: LACP Statistics Parameters (/stats/l2/lacp)
Statistic
Description
Valid LACPDUs received
The number of LACPDUs that Alteon received on this port.
Valid Marker PDUs

received
The number of valid marker PDUs that Alteon received on this port.
Valid Marker Rsp PDUs

received
The number of valid marker Responses that Alteon received on this

port.
Unknown version/TLV type The number of unknown versions or type-length-value (TLV) types that
Alteon received on this port.
Illegal subtype received
The number of illegal LACP sub-type received on this port.
LACPDUs transmitted
The number of LACPDUs transmitted out of this port.
Marker PDUs transmitted
The number of marker PDUs transmitted out of this port.
Marker Rsp PDUs

transmitted
The number of marker responses transmitted out of this port.
/stats/l2/stg
Spanning Tree Group Statistics

Spanning Tree Group 1:
Port
Rcv RST/MST Rcv Cfg
------ -----------------1
909
238
2
0
0
3
0
0
4
0
0
5
0
0
6
0
0
7
0
0
8
909
238
9
0
0
10
0
0
11
0
0
12
0
0
13
0
0
14
0
0
15
0
0
16
0
0
Rcv TCN
-------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Xmt RST/MST
----------787
0
0
0
0
0
0
66
0
0
0
0
0
0
0
0
Xmt Cfg
-------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Xmt TCN
------1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
Spanning Tree Group statistics are described in the following table:
Table 68: Spanning Tree Group Statistics Parameters (/stats/l2/stg)
Statistic
Description
Port
The port number.
Rcv RST/MST
The number of MST or RST BPDUs received.
Rcv Cfg
The number of configuration BPDUs received.
Rcv TCN
The number of TCN (Topology Change Notification) messages received.
Xmt RST/MST
The number of MST or RST BPDUs transmitted.
143

The Statistics Menu
Table 68: Spanning Tree Group Statistics Parameters (/stats/l2/stg)
Statistic
Description
Xmt Cfg
The number of configuration BPDUs transmitted.
Xmt TCN
The number of TCN (Topology Change Notification) messages transmitted.
/stats/l3
Layer 3 Statistics Menu

This sub-menu appears only on the vADC Administrator Layer 3 Statistics menu in ADC-VX mode.

ospf
- OSPF Statistics Menu
ospfv3
- OSPF Statistics Menu
ip
- Show IP stats
ip6
- Show IP6 stats
route
- Show route stats
arp
- Show ARP stats
vrrp
- Show VRRP stats
vrrp6
- Show VRRP6 stats
dns
- Show DNS stats
icmp
- Show ICMP stats
if
- Show IP interface ("if") stats
tcp
- Show TCP stats
udp
- Show UDP stats
ifclear - Clear IP interface ("if") stats
ipclear - Clear IP stats
dump
- Dump layer 3 stats
Table 69: Layer 3 Statistics Menu (/stats/l3)

ospf
Displays the OSPF Statistics Menu. To view this menu, see /stats/l3/ospf OSPF
ospfv3
Displays the OSPFv3 Statistics Menu. To view this menu, see /stats/l3/ospfv3 OSPFv3
ip
Displays IP statistics. For sample output, and a description of these statistics, see /
stats/l3/ip IP Statistics, page 151.
ip6
Displays IPv6 statistics. For sample output, and a description of these statistics, see /
stats/l3/ip6 IP6 Statistics Menu, page 153.
route
Displays route statistics. For sample output, and a description of these statistics, see, /
stats/l3/route Route Statistics, page 157.
arp
Displays Address Resolution Protocol (ARP) statistics. For sample output, and a
description of these statistics, see /stats/l3/arp ARP Statistics, page 158.
144

The Statistics Menu
Table 69: Layer 3 Statistics Menu (/stats/l3)

vrrp
When virtual routers are configured, you can display the following protocol statistics for
VRRP:
Advertisements received (vrrpInAdvers)
Advertisements transmitted (vrrpOutAdvers)
Advertisements received, but ignored (vrrpBadAdvers)
For sample output, and a description of these statistics, see /stats/l3/vrrp VRRP
vrrp6
Displays statistical information about IPv6 VRRP support. For sample output, and a
description of these statistics, see /stats/l3/vrrp6 IPv6 VRRP Statistics, page 160.
dns
Displays Domain Name Server/system (DNS) statistics. For sample output, and a
description of these statistics, see /stats/l3/dns DNS Statistics, page 160.
icmp
Displays ICMP statistics. For sample output, and a description of these statistics, see /
stats/l3/icmp ICMP Statistics, page 161.
if
<interface number (1-256)>

Displays IP interface statistics for the management processors. For sample output, and
a description of these statistics, see /stats/l3/if <interface number> Interface
tcp
Displays TCP statistics. For sample output, and a description of these statistics, see /
stats/l3/tcp TCP Statistics, page 164.
udp
Displays UDP statistics. For sample output, and a description of these statistics, see /
stats/l3/udp UDP Statistics, page 165.
ifclear
Clears IP interface statistics.
Note: Because this deletes all IP interface statistics, use caution before executing
this command.
ipclear
Clears IP statistics.
Note: Because this deletes all IP statistics, use caution before executing this
command.
dump
Dumps all Layer 3 statistics. Use this command to gather data for tuning and
debugging Layer 3 performance. If you want to capture dump data to a file, set your
communication software on your workstation to capture session data prior to issuing
the dump command.
145

The Statistics Menu
/stats/l3/ospf
OSPF Statistics Menu

[OSPF stats Menu]
general - Show global stats
aindex - Show area(s) stats
if
- Show interface(s) stats
Table 70: OSPF Statistics Menu (/stats/l3/ospf)

general
Displays global statistics. For sample output, and a description of these statistics, see /
stats/l3/ospf/general OSPF Global Statistics, page 147.
aindex <area index (0-2)>

Displays area index statistics.

Displays interface statistics.
146

The Statistics Menu
/stats/l3/ospf/general
OSPF Global Statistics

The OSPF general statistics contain the sum total of all OSPF packets received on all OSPF areas and
interfaces.
OSPF stats
---------Rx/Tx Stats:
Rx
--------
Pkts
hello
database
ls requests
ls acks
ls updates
0
23
4
3
7
9
Nbr change s
hello
start
n2way
adjoint ok
negotiation done
exchange done
bad requests
bad sequence
loading done
n1way
rst_ad
down
Timers kickoff
hello
retransmit
lsa lock
lsa ack
dbage
summary
ase export
Tx
-------0
518
12
1
7
7
2
0
2
2
2
2
0
0
2
0
0
1
Intf change Stats:

hello
down
loop
unloop
wait timer
backup
nbr change
4
2
0
0
2
0
5
514
1028
0
0
0
0
0
OSPF general statistics are described in the following table:
Table 71: OSPF General Statistics (stats/l3/ospf/general)
Statistic
Description
Rx/Tx Stats
Rx Pkts
The total of all OSPF packets received on all OSPF areas and interfaces.
Tx Pkts
The total of all OSPF packets transmitted on all OSPF areas and interfaces.
Rx Hello
The total of all Hello packets received on all OSPF areas and interfaces.
Tx Hello
The total of all Hello packets transmitted on all OSPF areas and interfaces.
Rx Database
The total of all Database Description packets received on all OSPF areas
and interfaces.
147

The Statistics Menu
Statistic
Description
Tx Database
The total of all Database Description packets transmitted on all OSPF

areas and interfaces.
Rx ls Requests
The total of all Link State Request packets received on all OSPF areas and
interfaces.
Tx ls Requests
The total of all Link State Request packets transmitted on all OSPF areas
and interfaces.
Rx ls Acks
The total of all Link State Acknowledgement packets received on all OSPF
Tx ls Acks
The total of all Link State Acknowledgement packets transmitted on all

OSPF areas and interfaces.
Rx ls Updates
The total of all Link State Update packets received on all OSPF areas and
interfaces.
Tx ls Updates
The total of all Link State Update packets transmitted on all OSPF areas
and interfaces.
Nbr Change Stats

hello
The total of all Hello packets received from neighbors on all OSPF areas
and interfaces.
Start
The number of neighbors in this state (that is, an indication that Hello
packets should now be sent to the neighbor at intervals of Hello Interval
seconds) across all OSPF areas and interfaces.
n2way
The number of bidirectional communication establishment between this

router and other neighboring routers.
adjoint ok
The number of decisions to be made (again) as to whether an adjacency

should be established or maintained with the neighbor across all OSPF
negotiation done
The number of neighbors in this state wherein the master/slave

relationship has been negotiated, and sequence numbers have been
exchanged, across all OSPF areas and interfaces.
exchange done
The number of neighbors in this state (that is, in an adjacency's final

state) having transmitted a full sequence of Database Description packets,
across all OSPF areas and interfaces.
bad requests
The number of Link State Requests which have been received for a link
state advertisement not contained in the database across all interfaces
and OSPF areas.
bad sequence
The number of Database Description packets which have been received

that either
has an unexpected DD sequence number
unexpectedly has the init bit set
has an Options field differing from the last Options field received in a
Database Description packet
Any of these conditions indicate that some error has occurred during
adjacency establishment for all OSPF areas and interfaces.
loading done
The number of link state updates received for all out-of-date portions of
the database across all OSPF areas and interfaces.
n1way
The number of Hello packets received from neighbors, in which this router
is not mentioned across all OSPF interfaces and areas.
148

The Statistics Menu
Statistic
Description
rst_ad
The number of times the neighbor adjacency has been reset across all
OPSF areas and interfaces.
down
The number of neighboring routers down (that is, in the initial state of a
neighbor conversation) across all OSPF areas and interfaces.
Intf Change Stats

hello
The number of Hello packets sent on all interfaces and areas.
down
The number of interfaces down in all OSPF areas.
loop
The number of interfaces no longer connected to the attached network

across all OSPF areas and interfaces.
unloop
The number of interfaces, connected to the attached network in all OSPF

areas.
wait timer
The number of times the Wait Timer has been run, indicating the end of
the waiting period that is required before electing a (backup) Designated
Router across all OSPF areas and interfaces.
backup
The number of Backup Designated Routers on the attached network for all
OSPF areas and interfaces.
nbr change
The number of changes in the set of bidirectional neighbors associated

with any interface across all OSPF areas.
Timers Kickoff
hello
The number of times the Hello timer has been run (which triggers a Hello
packet to be sent) across all OPSF areas and interfaces.
retransmit
The number of times the Retransmit timer has been run across all OPSF
lsa lock
The number of times the Link State Advertisement (LSA) lock timer has
been run across all OSPF areas and interfaces.
lsa ack
The number of times the LSA ACK timer has been run across all OSPF
dbage
The number of times the database age (Dbage) has been run.
summary
The number of times the Summary timer has been run.
ase export
The number of times the Autonomous System Export (ASE) timer has
been run.
/stats/l3/ospfv3
OSPFv3 Statistics Menu

[OSPFv3 stats Menu]
general - Show global stats
Table 72: OSPFv3 Statistics Menu (/stats/l3/ospfv3)

general
Displays global statistics. For sample output, and a description of these statistics, see /
stats/l3/ospfv3/general OSPFv3 Global Statistics, page 150.
149

The Statistics Menu
/stats/l3/ospfv3/general
OSPFv3 Global Statistics

The OSPF general statistics contain the sum total of all OSPF packets received on all OSPF areas and
interfaces.
OSPFv3 stats
------------PacketSent:
PacketRx:
Num_rx_drop_pkt:
Num_tx_drop_pkt:
Num_rx_bad_pkt:
Num_spf_run:
Last_spf_run:
LSDBTableSize:
NumBadLsReq:
NumSeqMismatch:
72
76
3
0
0
6
221
23
0
0
OSPF general statistics are described in the following table:
Table 73: OSPFv3 General Statistics (stats/l3/ospfv3/general)
Statistic
Description
PacketSent
The total of all OSPF v3 packets transmitted on all OSPF v3 areas and
interfaces.
PacketRx
The total of all OSPF v3 packets received on all OSPF v3 areas and
interfaces.
Num_rx_drop_pkt
The number of OSPF v3 packets received that are dropped (possibly

because the OSPF v3 process is still in the initialization state).
Num_tx_drop_pkt
The number of OSPF v3 packets transmitted that are dropped (possibly

because the OSPF v3 interface has not been created).
Num_rx_bad_pkt
The number of bad OSPF v3 packets received (possibly because of an

incorrect checksum or unknown Link State Advertisement type).
Num_spf_run
The number of times that the OSPF v3 process has restarted.
Last_spf_run
The time at which the last OSPF v3 process restart occurred.
LSDBTableSize
The number of Link State Advertisements in the database table.
NumBadLsReq
The number of incorrect link state requests received (possibly because of

an incorrect area ID or router ID).
NumSeqMismatch
The number of packets received with a non-sequential database

description number.
150

The Statistics Menu
/stats/l3/ip
IP Statistics
IP statistics:
ipInReceives:
ipInAddrErrors:
ipInUnknownProtos:
ipInDelivers:
ipOutDiscards:
ipReasmReqds:
ipReasmFails:
ipFragFails:
ipRoutingDiscards:
ipReasmTimeout:
3115873
35447
500504
2334166
4
0
0
0
0
5
ipInHdrErrors:
ipForwDatagrams:
ipInDiscards:
ipOutRequests:
ipOutNoRoutes:
ipReasmOKs:
ipFragOKs:
ipFragCreates:
ipDefaultTTL:
1
0
0
1010542
4
0
0
0
255
IP statistics are described in the following table:
Table 74: IP Statistics (/stats/l3/ip)
Statistic
Description
ipInReceives
The number of input datagrams received from interfaces, including

those received in error.
ipInHdrErrors
The number of input datagrams discarded due to errors in their IP

headers, including bad checksums, version number mismatch,
other format errors, time-to-live exceeded, errors discovered in
processing their IP options, and so on.
ipInAddrErrors
The number of input datagrams discarded because the IP address

in their IP header's destination field was not a valid address to be
received by Alteon. This count includes invalid addresses (for
example, 0.0.0.0), and addresses of unsupported classes (for
example, Class E). For entities which are not IP gateways and
therefore do not forward datagrams, this counter includes
datagrams discarded because the destination address was not a
local address.
ipForwDatagrams
The number of input datagrams for which Alteon was not their
final IP destination, resulting in an attempt to find a route to
forward them to that final destination. In entities which do not act
as IP gateways, this counter includes only those packets, which
were source-routed via Alteon, and the source- route option
succeeded,
ipInUnknownProtos
The number of locally addressed datagrams received successfully

ipInDiscards
The number of input IP datagrams for which no problems were

encountered that would prevent their continued processing, but
which were discarded (for example, for lack of buffer space).
ipInDelivers
The number of input datagrams successfully delivered to IP user

protocols (including ICMP).
ipOutRequests
The number of IP datagrams which local IP user protocols

(including ICMP) supplied to IP in requests for transmission.
Note: This counter does not include any datagrams counted in
ipForwDatagrams.
151

The Statistics Menu
Table 74: IP Statistics (/stats/l3/ip)
Statistic
Description
ipOutDiscards
The number of output IP datagrams for which no problem was

encountered that would prevent their transmission to their
destination, but which were discarded (for example, for lack of
buffer space).
Note: This counter would include datagrams counted in
ipForwDatagrams if any such packets met this (discretionary)
discard criterion.
ipOutNoRoutes
The number of IP datagrams discarded because no route could be

found to transmit them to their destination.
Note: This counter includes any packets counted in
ipForwDatagrams which meet this no-route criterion. This
includes any datagrams which a host cannot route because all
of its default gateways are down.
ipReasmReqds
The number of IP fragments received which needed to be

reassembled in this Alteon.
ipReasmOKs
The number of IP datagrams successfully re-assembled.
ipReasmFails
The number of failures detected by the IP re-assembly algorithm

(such as it timed out, there were errors, and so on).
Note: This is not necessarily a count of discarded IP fragments,
because some algorithms (notably the algorithm in RFC 815)
can lose track of the number of fragments by combining them
as they are received.
ipFragOKs
The number of IP datagrams that have been successfully

fragmented in this Alteon.
ipFragFails
The number of IP datagrams that have been discarded because

they needed to be fragmented in this Alteon, but could not be. For
example, because their Don't Fragment flag was set.
ipFragCreates
The number of IP datagram fragments that have been generated

as a result of fragmentation in this Alteon.
ipRoutingDiscards
The number of routing entries which were chosen to be discarded

even though they are valid. One possible reason for discarding
such an entry could be to free-up buffer space for other routing
entries.
ipDefaultTTL
The default value inserted into the Time-To-Live (TTL) field of the
IP header of datagrams originated in this Alteon, whenever a TTL
value is not supplied by the transport layer protocol.
ipReasmTimeout
The maximum number of seconds in which received fragments are

held while they are awaiting reassembly in this Alteon.
152

The Statistics Menu
/stats/l3/ip6
IP6 Statistics Menu

>> Layer 3 Statistics# /stat/l3/ip6
------------------------------------------------------IP6 statistics:
InReceives:
20519
InDiscards:
2
InDelivers:
24793
ForwDatagrams:
0
UnknownProtos:
0
InAddrErrors:
0
OutRequests:
34548
OutNoRoutes:
0
ReasmOKs:
0
ReasmFails:
0
IcmpInMsgs:
24793
IcmpInErrors:
4268
IcmpOutMsgs:
12829
IcmpOutErrors:
4271
InEchos:
0
OutEchos:
8538
InEchoReplies:
8536
OutEchoReplies:
0
InDestUnreachs:
4268
OutDestUnreachs:
4271
InPktTooBigs:
0
OutPktTooBigs:
0
InTimeExcds:
0
OutTimeExcds:
0
--------------------------------------------------------ICMP6 statistics:
Interface: 1
InMsgs:
18929
InErrors:
0
InEchos:
0
InEchoReplies:
4268
InNeighborSolicits:
4513
InNeighborAdvertisements:4271
InRouterSolicits:
0
InRouterAdvertisements: 5877
InDestUnreachs:
0
InTimeExcds:
0
InPktTooBigs:
0
InParmProblems:
0
InRedirects:
0
OutMsgs:
4280
OutErrors:
0
OutEchos:
4269
OutEchoReplies:
0
OutNeighborSolicits:
3
OutNeighborAdvertisements:4516
OutRouterSolicits:
0
OutRouterAdvertisements:
1
OutRedirects:
0
---------------------------------------------------------
153

The Statistics Menu
(continued)
Interface: 7
InMsgs:
5864
InErrors:
4268
InEchos:
0
InEchoReplies:
4268
InNeighborSolicits:
122
InNeighborAdvertisements:
3
InRouterSolicits:
0
InRouterAdvertisements: 1471
InDestUnreachs:
4268
InTimeExcds:
0
InPktTooBigs:
0
InParmProblems:
0
InRedirects:
0
OutMsgs:
8549
OutErrors:
4271
OutEchos:
4269
OutEchoReplies:
0
OutNeighborSolicits:
2
OutNeighborAdvertisements:124
OutRouterSolicits:
0
OutRouterAdvertisements:
1
OutRedirects:
0
--------------------------------------------------------IP6 gateway health check statistics:
gateway 5 echo-req
4269 echo-resp
gateway 7 echo-req
4269 echo-resp
4268 fails
0 fails
0
4268
IPv6 statistics are described in the following table:
Table 75: IPv6 Statistics (/stats/l3/ip6)
Statistic
Description
IP6 Statistics Section

InReceives
The number of input datagrams received by the interface,

including those received in error.
InDelivers
The number of datagrams successfully delivered to IPv6 user

protocols (including ICMP).
Note: This counter is incremented at the interface to which
these datagrams were addressed, which may not necessarily
be the input interface for some of the datagrams.
UnknownProtos
The number of locally-addressed datagrams received successfully

these datagrams were addressed which, may not necessarily
be the input interface for some of the datagrams.
OutRequests
The number of IPv6 datagrams which local IPv6 user protocols

(including ICMP) supplied to IPv6 in requests for transmission.
Note: This counter does not include any datagrams counted in
ipv6IfStatsOutForwDatagrams.
ReasmOKs
The number of IPv6 datagrams successfully reassembled.

these datagrams were addressed, which may not necessarily
be the input interface for some of the fragments.
154

The Statistics Menu
Statistic
Description
InDiscards
The number of input IPv6 datagrams for which no problems were

encountered to prevent their continued processing, but which
were discarded (e.g., for lack of buffer space).
ForwDatagrams
The number of output datagrams which this entity received and

forwarded to their final destinations. In entities which do not act
as IPv6 routers, this counter will include only those packets which
were source-routed via this entity, and the source-route
processing was successful.
Note: For a successfully forwarded datagram, the counter of
the outgoing interface is incremented.
InAddrErrors
The number of input datagrams discarded because the IPv6

address in their IPv6 header's destination field was not a valid
address to be received at Alteon. This count includes invalid
addresses (for example, ::0) and unsupported addresses (for
example, addresses with un-allocated prefixes). For entities
which are not IPv6 routers and therefore do not forward
datagrams, this counter includes datagrams discarded because
the destination address was not a local address.
OutNoRoutes
The number of locally generated IP datagrams discarded because

no route could be found to transmit them to their destination.
ReasmFails
The number of failures detected by the IPv6 re-assembly

algorithm (such as timed out, errors, and so on).
Note: This is not necessarily a count of discarded IPv6
fragments, since some algorithms (notably the algorithm in
RFC 815) can lose track of the number of fragments by
combining them as they are received. This counter is
incremented at the interface to which these fragments were
addressed which might not be necessarily the input interface
for some of the fragments.
IcmpInMsgs
The number of ICMP messages received by the interface which

includes all those counted by ipv6IfIcmpInErrors.
Note: The interface to which the ICMP messages were
addressed which may not necessarily be the input interface for
the messages.
IcmpOutMsgs
The number of ICMP messages which this interface attempted to

send.
Note: This counter includes all those counted by
icmpOutErrors
IcmpInErrors
The number of ICMP messages which the interface received but

determined as having ICMP-specific errors (bad ICMP checksums,
bad length, and so on).
155

The Statistics Menu
Statistic
Description
IcmpOutErrors
The number of ICMP messages which this interface did not send
due to problems discovered within ICMP such as a lack of buffers.
This value should not include errors discovered outside the ICMP
layer such as the inability of IPv6 to route the resultant
datagram. In some implementations there may be no types of
error which contribute to this counter's value.
IcmpInEchos
The number of ICMP Echo (request) messages received by the

interface.
ICMP6 Statistics Section

InMsgs
The number of ICMP messages received by the interface which

includes all those counted by ipv6IfIcmpInErrors.
Note: The interface to which the ICMP messages were
addressed which may not necessarily be the input interface for
the messages.
InNeighborSolicits
The number of ICMP Neighbor Solicit messages received by the

interface.
InRouterSolicits
The number of ICMP Router Solicit messages received by the

interface.
InDestUnreachs
The number of ICMP Destination Unreachable messages received

by the interface.
InPktTooBigs
The number of ICMP Packet Too Big messages received by the

interface.
InRedirects
The number of Redirect messages received by the interface.
InErrors
The number of ICMP messages which the interface received but

InEchoReplies
The number of ICMP Echo Reply messages received by the

interface.
InNeighborAdvertisements
The number of ICMP Neighbor Advertisement messages received

by the interface.
InRouterAdvertisements
The number of ICMP Router Advertisement messages received by

the interface.
InTimeExcds
The number of ICMP Time Exceeded messages received by the

interface.
InParmProblems
The number of ICMP Parameter Problem messages received by

the interface.
OutMsgs
The total number of ICMP messages which this interface

attempted to send.
OutEchos
The number of ICMP Echo Request messages sent by the

interface.
OutNeighborSolicits
The number of ICMP Neighbor Solicitation messages sent by the

interface.
OutRouterSolicits
The number of ICMP Router Solicitation messages sent by the

interface.
OutRedirects
The number of Redirect messages sent. For a host, this object is

always zero, since hosts do not send redirects.
156

The Statistics Menu
Statistic
Description
OutErrors
The number of ICMP messages which this interface did not send
due to problems discovered within ICMP, such as a lack of buffers.
This value should not include errors discovered outside the ICMP
layer, such as the inability of IPv6 to route the resultant
datagram. In some implementations there may be no types of
error which contribute to this counter's value.
OutEchoReplies
The number of ICMP Echo Reply messages sent by the interface.
OutNeighborAdvertisements
The number of ICMP Neighbor Advertisement messages sent by

the interface.
OutRouterAdvertistments
The number of ICMP Router Advertisement messages sent by the

interface.
/stats/l3/route
Route Statistics
Route statistics:
ipRoutesCur:
3 ipRoutesHighWater:
3
ipRoutesMax:
4096
--------------------------------------------------------SP Route statistics:
SP
ipRoutesCur
ipRoutesHighWater
ipRoutesMax
--- ------------- ------------------- ------------1
3
3
4096
2
3
3
4096
3
3
3
4096
4
3
3
4096
--------------------------------------------------------RIP statistics:
ripInPkts:
ripDiscardPkts:
0
0
ripOutPkts:
ripRoutesAgedOut:
0
0
BGP statistics:
bgpInPkts:
bgpBadPkts:
bgpRoutesAdded:
bgpRoutesCur:
bgpRoutesIgnored:
0
0
0
0
0
bgpOutPkts:
bgpSessFailures:
bgpRoutesRemoved:
bgpRoutesFailed:
bgpRoutesFiltered:
0
0
0
0
0
Table 76: Route Statistics (/stats/l3/route)
Statistic
Description
Route Statistics and SP Route Statistics

ipRoutesCur
The number of outstanding routes in the route table.
ipRoutesHighWater
The highest number of routes ever recorded in the route table.
ipRoutesMax
The maximum number of supported routes.
157

The Statistics Menu
Table 76: Route Statistics (/stats/l3/route)
Statistic
Description
RIP statistics
ripInPkts
The number of good RIP advertisement packets received.
ripOutPkts
The number of RIP advertisement packets sent.
ripDiscardPkts
The number of RIP advertisement packets received that were

dropped.
ripRoutesAgedOut
The number of routes learned via RIP that has aged out.
BGP statistics
bgpInPkts
The number of BGP packets received.
bgpOutPkts
The number of BGP packets sent.
bgpBadPkts
The number of BGP packets dropped.
bgpSessFailures
The number of failed sessions.
bgpRoutesAdded
The number of routes that were added to the routing table.
bgpRoutesRemoved
The number of routes that were removed from the routing table.
bgpRoutesCur
The number of current BGP routes.
bgpRoutesFailed
The number of BGP routes that failed to add in the routing table.
bgpRoutesIgnored
The number of routes ignored because the peer was not connected
locally or multi-hop was not configured.
bgpRoutesFiltered
The number of routes dropped by the filter.
/stats/l3/arp
ARP Statistics
This menu option lets you display Address Resolution Protocol statistics.
MP ARP statistics:
arpEntriesCur:
2
ArpEntriesHighWater:
2
arpEntriesMax:
8192
--------------------------------------------------------SP ARP statistics:
SP
arpEntriesCur
arpEntriesHighWater
arpEntriesMax
--- --------------- --------------------- --------------1
1
1
8192
2
1
1
8192
3
1
1
8192
4
1
1
8192
ARP statistics are described in the following table:
Table 77: ARP Statistics (/stats/l3/arp)
Statistic
Description
arpEntriesCur
The number of outstanding ARP entries in the ARP table.
arpEntriesHighWater
The highest number of ARP entries ever recorded in the ARP table.
arpEntriesMax
The maximum number of ARP entries that are supported.
158

The Statistics Menu
/stats/l3/vrrp
VRRP Statistics
Alteon Virtual Router Redundancy Protocol (VRRP) support provides redundancy between routers in
a LAN. This is done by configuring the same virtual router IP address and ID number on each
participating VRRP-capable routing device. One of the virtual routers is elected as the master, based
on a number of priority criteria, and assumes control of the shared virtual router IP address. If the
master fails, one of the backup virtual routers assumes routing authority and takes control of the
virtual router IP address.
When virtual routers are configured, you can display the following protocol statistics for VRRP:
Advertisements received (vrrpInAdvers)
Advertisements transmitted (vrrpOutAdvers)
Advertisements received, but ignored (vrrpBadAdvers)
The following is output of VRRP statistics:
VRRP statistics:
vrrpInAdvers:
vrrpOutAdvers:
vrrpBadVersion:
vrrpBadAddress:
vrrpBadPassword:
0
0
0
0
0
vrrpBadAdvers:
vrrpBadVrid:
vrrpBadData:
vrrpBadInterval:
0
0
0
VRRP statistics are described in the following table:
Table 78: VRRP Statistics (/stats/l3/vrrp)
Statistic
Description
vrrpInAdvers
The number of VRRP advertisements that have been received.
vrrpBadAdvers
The number of VRRP advertisements received that were dropped.
vrrpOutAdvers
The number of VRRP advertisements that have been sent.
vrrpBadVersion
The number of VRRP advertisements discarded because of an

incorrect version value.
vrrpBadVrid

incorrect VRID value.
vrrpBadAddress

incorrect address value.
vrrpBadData
The number of VRRP advertisements discarded because of incorrect

miscellaneous data.
vrrpBadPassword

incorrect password.
vrrpBadInterval

incorrect advertisement interval.
159

The Statistics Menu
/stats/l3/vrrp6
IPv6 VRRP Statistics

Alteon supports VRRP for IPv6. The statistics provided by this command are similar to those
provided by the /stats/l3/vrrp command, but are tailored to the IPv6 environment. The
following is sample output for this command:
VRRP6 statistics:
vrrp6InAdvers:
vrrp6BadAdvers:
vrrp6OutAdvers:
vrrp6BadVersion:
vrrp6BadVrid:
vrrp6BadAddress:
vrrp6BadData:
vrrp6BadInterval:
7
0
86801
0
0
0
0
0
IPv6 VRRP statistics are described in the following table:
Table 79: IPv6 VRRP Statistics (/stats/l3/vrrp6)
Statistic
Description
vrrp6InAdvers
The number of VRRP advertisements that have been received.
vrrp6BadAdvers
The number of VRRP advertisements received that were dropped.
vrrp6OutAdvers
The number of VRRP advertisements that have been sent.
vrrp6BadVersion

incorrect version value.
vrrp6BadVrid

incorrect VRID value.
vrrp6BadAddress

incorrect address value.
vrrp6BadData
The number of VRRP advertisements discarded because of incorrect

miscellaneous data.
vrrp6BadPassword

incorrect password.
vrrp6BadInterval

incorrect advertisement interval.
/stats/l3/dns
DNS Statistics
This menu option lets you display Domain Name System statistics:
DNS statistics:
dnsInRequests:
dnsBadRequests:
160
0
0
dnsOutRequests:

The Statistics Menu
DNS statistics are described in the following table:
Table 80: DNS Statistics (/stats/l3/dns)
Statistic
Description
dnsInRequests
The number of DNS request packets that have been received.
dnsOutRequests
The number of DNS response packets that have been transmitted.
dnsBadRequests
The number of DNS request packets received that were dropped.
/stats/l3/icmp
ICMP Statistics
ICMP statistics:
icmpInMgs:
icmpInDestUnreachs:
icmpInParamProbs:
icmpInRedirects:
icmpInEchoReps:
icmpInTimestampsReps:
icmpInAddrMasksReps:
icmpOutErrors:
icmpOutTimeExcds:
icmpOutSrchQuenchs:
icmpOutEchos:
icmpOutTimestamps:
icmpOutAddrMasks:
1090913
6
0
0
1090879
0
0
0
179011
0
1092668
0
0
icmpInErrors:
icmpInTimeExcds:
icmpInSrchQuenchs:
icmpInEchos:
icmpInTimestamps:
icmpInAddrMasks:
icmpOutMsgs:
icmpOutDestOutreachs:
icmpOutParamProbs:
icmpOutRedirects:
icmpOutEchoReps:
icmpOutTimestampReps:
icmpOutAddrMaskReps:
0
0
0
28
0
0
1274902
3195
0
0
28
0
0
ICMP statistics are described in the following table:
Table 81: ICMP Statistics (/stats/l3/icmp)
Statistic
Description
icmpInMsgs
The number of ICMP messages which Alteon received.

Note: This counter includes all those counted by icmpInErrors.
icmpInErrors
The number of ICMP messages which Alteon received but

icmpInDestUnreachs
The number of ICMP Destination Unreachable messages received.
icmpInTimeExcds
The number of ICMP Time Exceeded messages received.
icmpInParmProbs
The number of ICMP Parameter Problem messages received.
icmpInSrcQuenchs
The number of ICMP Source Quench (buffer almost full, stop

sending data) messages received.
icmpInRedirects
The number of ICMP Redirect messages received.
icmpInEchos
The number of ICMP Echo (request) messages received.
icmpInEchoReps
The number of ICMP Echo Reply messages received.
icmpInTimestamps
The number of ICMP Timestamp (request) messages received.
icmpInTimestampReps
The number of ICMP Timestamp Reply messages received.
icmpInAddrMasks
The number of ICMP Address Mask Request messages received.
161

The Statistics Menu
Table 81: ICMP Statistics (/stats/l3/icmp)
Statistic
Description
icmpInAddrMaskReps
The number of ICMP Address Mask Reply messages received.
icmpOutMsgs
The total number of ICMP messages which Alteon attempted to

send.
Note: This counter includes all those counted by icmpOutErrors.
icmpOutErrors
The number of ICMP messages which Alteon did not send due to
problems discovered within ICMP, such as a low buffer. This value
should not include errors discovered outside the ICMP layer, such
as the inability of IP address to route the resultant datagram. In
some implementations there may be no types of errors that
contribute to this counter's value.
icmpOutDestUnreachs
The number of ICMP Destination Unreachable messages sent.
icmpOutTimeExcds
The number of ICMP Time Exceeded messages sent.
icmpOutParmProbs
The number of ICMP Parameter Problem messages sent.
icmpOutSrcQuenchs
The number of ICMP Source Quench (buffer almost full, stop

sending data) messages sent.
icmpOutRedirects
The number of ICMP Redirect messages sent. For a host, this object
is always zero, since hosts do not send redirects.
icmpOutEchos
The number of ICMP Echo (request) messages sent.
icmpOutEchoReps
The number of ICMP Echo Reply messages sent.
icmpOutTimestamps
The number of ICMP Timestamp (request) messages sent.
icmpOutTimestampReps
The number of ICMP Timestamp Reply messages sent.
icmpOutAddrMasks
The number of ICMP Address Mask Request messages sent.
icmpOutAddrMaskReps
The number of ICMP Address Mask Reply messages sent.
/stats/l3/if <interface number>
Interface Statistics
IP interface 1 statistics:
ifInOctets:
48948386
ifInNUCastPkts:
167895
ifInErrors:
0
ifOutOctets:
27100789
ifOutNUcastPkts:
218652
ifOutErrors:
0
ifInUcastPkts:
ifInDiscards:
ifInUnknownProtos:
ifOutUcastPkts:
ifOutDiscards:
ifStateChanges
220553
0
0
441938
0
1
Interface statistics are described in the following table:
Table 82: Interface Statistics (/stats/if)
Statistic
Description
ifInOctets
The number of octets received on the interface, including framing

characters.
ifInUcastPkts
The number of packets delivered by this sub-layer to a higher sublayer which were not addressed to a multicast or broadcast address at
this sub-layer.
162

The Statistics Menu
Table 82: Interface Statistics (/stats/if)
Statistic
Description
ifInNUCastPkts
The number of packets, delivered by this sub-layer to a higher sublayer which were addressed to a multicast or broadcast address at this
sub-layer. This object is deprecated in favor of ifInMulticastPkts and
ifInBroadcastPkts.
ifInDiscards
The number of inbound packets that were chosen to be discarded, even

though no errors had been detected to prevent their being delivered to
a higher-layer protocol. One possible reason for discarding such a
packet could be to free up buffer space.
ifInErrors
For packet-oriented interfaces, the number of inbound packets that

contained errors preventing them from being delivered to a higherlayer protocol. For character-oriented or fixed-length interfaces, the
number of inbound transmission units that contained errors preventing
them from being deliverable to a higher-layer protocol.
ifInUnknownProtos
For packet-oriented interfaces, the number of packets received via the

interface which were discarded because of an unknown or unsupported
protocol. For character-oriented or fixed-length interfaces which
support protocol multiplexing the number of transmission units
received via the interface which were discarded because of an unknown
or unsupported protocol. For any interface which does not support
protocol multiplexing, this counter is always 0.
ifOutOctets
The number of octets transmitted out of the interface, including

framing characters.
ifOutUcastPkts
The number of packets that higher-level protocols requested to be

transmitted, and which were not addressed to a multicast or broadcast
address at this sub-layer, including those that were discarded or not
sent.
ifOutNUcastPkts
The number of packets that higher-level protocols requested to be

transmitted, and which were addressed to a multicast or broadcast
address at this sub-layer, including those that were discarded or not
sent. This object is deprecated in favor of ifOutMulticastPkts and
ifOutBroadcastPkts.
ifOutDiscards
The number of outbound packets, which were chosen to be discarded

even though no errors had been detected to prevent their being
transmitted. One possible reason for discarding such a packet could be
to free up buffer space.
ifOutErrors
For packet-oriented interfaces, the number of outbound packets that

could not be transmitted because of errors. For character-oriented or
fixed-length interfaces, the number of outbound transmission units that
could not be transmitted because of errors.
ifStateChanges
The number of times an interface has transitioned from either down to

up, or from up to down.
163

The Statistics Menu
/stats/l3/tcp
TCP Statistics
TCP statistics:
tcpRtoAlgorithm:
tcpRtoMax:
tcpActiveOpens:
tcpAttemptFails:
tcpInSegs:
tcpRetransSegs:
tcpCurBuff:
tcpCurInConn:
tcpCurLstnConn:
tcpAllocTCBFails:
4
240000
0
0
0
0
0
0
3
0
tcpRtoMin:
tcpMaxConn:
tcpPassiveOpens:
tcpEstabResets:
tcpOutSegs:
tcpInErrs:
tcpCurConn:
tcpCurOutConn:
tcpOutRsts:
0
1600
0
0
0
0
6
0
0
TCP statistics are described in the following table:
Table 83: TCP Statistics (/stats/l3/tcp)
Statistic
Description
tcpRtoAlgorithm
The algorithm that determines the timeout value for retransmitting

unacknowledged octets.
tcpRtoMin
The minimum value permitted by a TCP implementation for the

retransmission timeout, measured in milliseconds. More refined
semantics for objects of this type depend upon the algorithm used to
determine the retransmission timeout. In particular, when the timeout
algorithm is rsre(3), an object of this type has the semantics of the
LBOUND quantity as described in RFC 793.
tcpRtoMax
The maximum value permitted by a TCP implementation for the

retransmission timeout, measured in milliseconds. More refined
semantics for objects of this type depend upon the algorithm used to
determine the retransmission timeout. In particular, when the timeout
algorithm is rsre(3), an object of this type has the semantics of the
UBOUND quantity as described in RFC 793.
tcpMaxConn
The limit on the total number of TCP connections Alteon can support.
In entities where the maximum number of connections is dynamic, this
object should contain the value -1.
tcpActiveOpens
The number of times TCP connections have made a direct transition to

the SYN-SENT state from the CLOSED state.
tcpPassiveOpens

the SYN-RCVD state from the LISTEN state.
tcpAttemptFails

the CLOSED state from either the SYN-SENT state or the SYN-RCVD
state, plus the number of times TCP connections have made a direct
transition to the LISTEN state from the SYN-RCVD state.
tcpEstabResets

the CLOSED state from either the ESTABLISHED state or the CLOSEWAIT state.
tcpInSegs
The number of segments received, including those received in error.

This count includes segments received on currently established
connections.
tcpOutSegs
The number of segments sent, including those on current connections

but excluding those containing only retransmitted octets.
164

The Statistics Menu
Table 83: TCP Statistics (/stats/l3/tcp)
Statistic
Description
tcpRetransSegs
The number of segments retransmitted, meaning the number of TCP

segments transmitted containing one or more previously transmitted
octets.
tcpInErrs
The number of segments received in error (for example, bad TCP

checksums).
tcpCurBuff
The number of outstanding memory allocations from heap by TCP

protocol stack.
tcpCurConn
The number of outstanding TCP sessions that are currently opened.
tcpCurInConn
The number of remotely-initiated TCP connections.
tcpCurOutConn
The number of Alteon-originated TCP connection requests.
tcpCurLstnConn
The number of TCP ports on which Alteon is listening.
tcpOutRsts
The number of TCP segments sent containing the RST flag.
tcpAllocTCBFails
The number of failed attempts to allocate memory to the TCP

transmission control block in MP.
/stats/l3/udp
UDP Statistics
UDP statistics:
udpInDatagrams:
udpInErrors:
54
0
udpOutDatagrams:
udpNoPorts:
43
1578077
UDP statistics are described in the following table:
Table 84: UDP Statistics (/stats/l3/udp)
Statistic
Description
udpInDatagrams
The number of UDP datagrams delivered to Alteon.
udpOutDatagrams
The number of UDP datagrams sent from this Alteon.
udpInErrors
The number of received UDP datagrams that could not be delivered for
reasons other than the lack of an application at the destination port.
udpNoPorts
The number of received UDP datagrams for which there was no

application at the destination port.
165

The Statistics Menu
/stats/slb
Server Load Balancing Statistics Menu

This menu appears only in the vADC Administrator environment in ADC-VX mode.
[Server Load Balancing Statistics Menu]

sp
- SLB Switch SP Stats Menu
gslb
- Global SLB Stats Menu
real
- Show real server stats
group
- Show real server group stats
virt
- Show virtual server stats
realhc
- Show per real health check stats
filt
- Show filter stats
layer7
- Show Layer 7 stats
accel
- Show acceleration stats
http
- Show HTTP stats
pip
- Show PIP stats
ssl
- Show SSL SLB stats
appshape - Show AppShape++ stats
ftp
- Show FTP SLB parsing and NAT stats
rtsp
- Show RTSP SLB stats
dns
- Show DNS SLB stats
wap
- Show WAP SLB stats
maint
- Show maintenance stats
sip
- Show SIP SLB stats
siprule - Show SIP SLB stats
wlm
- Show Workload Manager SASP stats
mirror
- Show Sesssion mirroring stats
clear
- Clear non-operational Server Load Balancing stats
aux
- Show auxiliary session table stats
sap
- Show sap msg server stats
dump
- Dump all SLB statistics
Table 85: SLB Statistics Menu Options (/stats/slb)

sp <SP number>
Displays the Server Load Balancing Statistics menu. To view this menu, see /stats/slb/
sp Server Load Balancing SP Statistics Menu, page 169.
gslb
Displays the Global SLB Statistics menu. To view this menu, see /stats/slb/gslb Global
SLB Statistics Menu, page 174.

Displays the following real server statistics:
Number of times the real server has failed its health checks
Number of sessions currently open on the real server
Total sessions the real server was assigned
Highest number of simultaneous sessions recorded for each real server
Real server transmit/receive octets
For sample output, and a description of these statistics, see /stats/slb/real <real server
number> Real Server SLB Statistics, page 180.
166

The Statistics Menu

group <real server group number (1-1024)>
Displays the following real server group statistics:
Current and total sessions for each real server in the real server group.
Current and total sessions for all real servers associated with the real server group.
Highest number of simultaneous sessions recorded for each real server.
Real server transmit/receive octets. For per-service octet counters, see Per Service
Octet Counters, page 181.
For sample output, and a description of these statistics, see /stats/slb/group <real
server group number> Real Server Group Statistics, page 181.

Displays the following virtual server statistics:
Current and total sessions for each real server associated with the virtual server.
Current and total sessions for all real servers associated with the virtual server.
Highest number of simultaneous sessions recorded for each real server.
Real server transmit/receive octets. For per-service octet counters, see Per Service
For sample output, and a description of these statistics, see /stats/slb/virt <virtual
server number> Virtual Server SLB Statistics, page 182.
realhc <real server number (1-1023)>

Displays the following real server statistics:
Aggregated statistics of the real server per health check
Health check statistic of each instance checking the real server
For sample output, and a description of these statistics, see /stats/slb/realhc <real
server number> Real Server Health Check Statistics, page 183.
filt <filter ID (1-2048)>

Displays the total number of times any filter has been used. For sample output, and a
description of these statistics, see /stats/slb/filt <filter number> Filter SLB Statistics,
page 184.
layer7
Displays the Layer 7 Statistics menu. To view this menu, see /stats/slb/layer7 SLB
Layer7 Statistics Menu, page 184.
accel
Displays the SLB Acceleration Statistics menu. To view this menu, see /stats/slb/accel
SLB Acceleration Statistics Menu, page 188.
http
Displays the HTTP Statistics menu options. To view this menu, see /stats/slb/http HTTP
pip
Displays proxy IP statistics. For sample output, and a description of these statistics, see
/stats/slb/pip Server Load Balancing Proxy IP Statistics, page 205.
167

The Statistics Menu

ssl
Displays the SSL Server Load Balancing Statistics menu. To view this menu, see /stats/
slb/ssl SLB Secure Socket Layer Statistics Menu, page 206.
appshape
Displays the AppShape++ statistics. For sample output, and a description of these
statistics, see /stats/slb/appshape <script id> AppShape++ Statistics, page 208.
ftp
Displays the File Transfer Protocol SLB and Filter menu. To view this menu, see /stats/
slb/ftp File Transfer Protocol SLB and Filter Statistics Menu, page 209.
rtsp
Displays RTSP SLB statistics. For sample output, and a description of these statistics,
see /stats/slb/rtsp RTSP SLB Statistics, page 211.
dns
Displays DNS SLB statistics. For sample output, and a description of these statistics, see
/stats/slb/dns DNS SLB Statistics, page 212.
wap
Displays WAP SLB statistics. For sample output, and a description of these statistics, see
/stats/slb/wap WAP SLB Statistics, page 213.
maint
Displays SLB maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/maint SLB Maintenance Statistics, page 214.
sip
Displays SIP SLB statistics. For sample output, and a description of these statistics, see
/stats/slb/sip SIP SLB Statistics, page 216.
siprule
Displays SIP rule statistics. For sample output, and a description of these statistics, see
/stats/slb/siprule SIP Rule Statistics, page 217.
wlm
<Workload Manager number, (1-16)>

Displays Workload Manager SASP statistics. For sample output, and a description of
these statistics, see /stats/slb/wlm <wlm number> Workload Manager SASP Statistics,
page 218.
mirror
Displays session mirroring statistics. For sample output, and a description of these
statistics, see /stats/slb/mirror Display Workload Manager SASP Statistics, page 219.
clear [y|n]
Clears all non-operating SLB statistics, resetting them to zero. This command does not
reset Alteon and does not affect the following counters:
Counters required for Layer 4 and Layer 7 operations (such as current real server
sessions)
All related SNMP counters
To view the statistics reset by this command, refer /stats/slb/wlm <wlm number>
Workload Manager SASP Statistics, page 218.
168

The Statistics Menu

aux
Displays auxiliary session table statistics.
sap
Displays SAP message server statistics.
dump
Dumps all SLB statistics. Use this command to gather data for tuning and debugging
performance. To save dump data to a file, set your communication software on your
workstation to capture session data prior to issuing the dump command.
/stats/slb/sp
Server Load Balancing SP Statistics Menu

[Server Load Balancing SP Statistics Menu]
real
- Show real server stats
group
- Show real server group stats
virt
- Show virtual server stats
filt
- Show filter stats
maint
pip
- Show PIP stats
clear
- Clear SP stats
Table 86: SP Statistics Menu options (/stats/slb/sp)

Displays the port real server statistics. For sample output, and a description of these
statistics, see /stats/slb/sp/real <real server number> SP Real Server Statistics,
page 170.

Displays the port real server group statistics. For sample output, and a description of
these statistics, see /stats/slb/sp <sp number>/group <real server group number>
SP Real Server Group Statistics, page 170.

Displays virtual server statistics. For sample output, and a description of these
statistics, see /stats/slb/sp <sp number> /virt <virtual server number> SP Virtual
Server Statistics, page 171.

Displays filter statistics. For sample output, and a description of these statistics, see /
stats/slb/sp <sp number> /filt <filter number> SP Filter Statistics, page 171.
maint
Displays the SP maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/sp <sp number> /maint SP Maintenance Statistics,
page 172.
pip
Displays the PIP statistics.
169

The Statistics Menu
Table 86: SP Statistics Menu options (/stats/slb/sp)

clear
Deletes all the SP statistics.
/stats/slb/sp/real <real server number>
SP Real Server Statistics

SP 1 Real server 1 stats:
Current sessions:
Total sessions:
Octets:
Cookie pop out:
Cookie unavailable:
Cookie count:
0
0
0
0
0
0
SP real server statistics are described in the following table:
Table 87: SP Real Server Statistics
Statistic
Description
Current sessions The number of current sessions.

Total sessions
The total number of sessions.
Octets
The number of octets.
Cookie pop out
The number of cookie inserts or rewrites for the real server on the indicated SP.
Cookie
unavailable
The number of cookie inserts or rewrites that failed because of cookie

unavailability for the real server on the indicated SP.
Cookie count
The number of cookies available in the pool for the real server on the indicated SP.
/stats/slb/sp <sp number>/group <real server group number>
SP Real Server Group Statistics

SP 1 Real server group 1 stats:
Real IP address
Current
Sessions
Total
Sessions
Octets
1 130.1.1.1
2 141.20.1.1
---- ------------allpool
0
0
-------0
0
134
-------134
0
11584524
---------------------11584524
170

The Statistics Menu
/stats/slb/sp <sp number> /virt <virtual server number>
SP Virtual Server Statistics

SP 1 Virtual server 1 stats:
Real IP address
1 130.1.1.1
2 141.20.1.1
---- ------------allpool
Current
Sessions
0
0
-------0
Total
Sessions
Octets
0
134
-------134
0
11584524
---------------------11584524
/stats/slb/sp <sp number> /filt <filter number>
SP Filter Statistics
SP 1 Filter 1 stats:
Total firings:
171

The Statistics Menu
/stats/slb/sp <sp number> /maint
SP Maintenance Statistics
SP 1 SLB Maintenance stats:
Maximum sessions:
Current sessions:
4 second average:
64 second average:
Terminated sessions:
Allocation failures:
Non TCP/IP frames:
UDP datagrams:
Incorrect VIPs:
Incorrect Vports:
No available real server:
Filtered (denied) frames:
AE (ignored) frames:
Discard frames:
LAND attacks:
No TCP control bits:
Invalid reset packet drops:
Out of state FIN Pkt drops:
Total IP fragment sessions:
IP fragment sessions:
IP6 fragment discards:
IP6 fragment sessions:
IP fragment table full:
IPF invalid lengths:
IPF Null Payloads:
Fragment Overlaps:
Duplicate fragments:
Session setup limit:
Session setup bucket:
Session setup discards:
Current IP6 sessions:
Incorrect IP6 VIPs:
Incorrect IP6 Vports:
Unrecognized IP6 next header:
Unsupported IP6 ext header:
No route to forward IP6 packet:
IP6 packets drops:
172
1999987
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

The Statistics Menu
(continued)
SIP RULES STATISTICS
Current sip memory allocations:
Total
sip memory allocations:
Total sip memory frees:
Packet drops:
Packets Allowed:
Packets Ratelimit:
Packets Inspected:
Packets Bypassed:
Monitor errors:
Parse errors:
Exceeded Max rules:
0
0
0
0
0
0
0
0
0
0
0
SP maintenance statistics are described in the following table:
Table 88: SP Maintenance Statistics (/stats/slb/sp/maint)
Statistic
Description
Maximum sessions
The maximum number of simultaneous sessions supported.
Current Sessions
The number of session bindings currently in use (the last four and 64
seconds).
Terminated Sessions
The number of sessions removed from the session table because the
server assigned to them failed, and graceful server failure was not
enabled.
Allocation Failures
Indicates instances where Alteon ran out of available sessions for a

port.
TCP Fragments
Indicates the number of TCP fragments encountered by Alteon. Layer

4 processing may not handle TCP fragments, depending on the
configuration.
UDP Datagrams
Indicates that the virtual server IP address and MAC are receiving UDP
frames when UDP balancing is not turned on.
Non TCP/IP Frames
Indicates the number of non-IP based frames received by the virtual

server.
Incorrect VIPs
Indicates the number of times Alteon received a Layer 4 request for a

virtual server which was not configured.
Incorrect Vports
A dropped frames counter that indicates that the virtual server has
received frames for TCP/UDP services that have not been configured.
Normally this indicates a mis-configuration on the virtual server or the
client, but it also may be an indication of a potential security probing
application like SATAN.
No Available Real Server
A dropped frames counter that indicates that all real servers are either
out of service or at their maxcon limit.
Backup Server Activations
This indicates the number of times a real server failure has occurred
and caused a backup server to be brought online.
Overflow Server
Activations
This indicates the number of times a real server has reached the
maxcon limit and caused an overflow server to be brought online.
173

The Statistics Menu
Table 88: SP Maintenance Statistics (/stats/slb/sp/maint)
Statistic
Description
Filtered (Denied) Frames
This indicates the number of frames that were dropped because of one
of the following reasons:
They matched an active filter with the deny action set.
There are no real servers, in the case of redirection filters.
There are no available session entries.
LAND attacks
This counter increases whenever a packet has the same source and
destination IP addresses and ports.
No TCP Control Bits
The number of packets that were dropped because the packet had no
control bits set in the TCP header.
Invalid reset packet drops
The number of packets that were dropped because the packet had an
invalid reset flag set.
Total IP fragment sessions
This represents the total number of fragment sessions Alteon has

processed so far.
Current IP fragment
sessions
This represents the current number of fragment sessions.
IP fragment discards
The number of fragmented packets that are discarded due to lack of

resources.
IP fragment table full
This counter indicates how many times session table is full.
/stats/slb/gslb
Global SLB Statistics Menu

[Global SLB Statistics Menu]
real
- Show Global
virt
- Show Global
site
- Show Global
network
- Show Global
rule
- Show Global
clntprox -
geo
pers
dns
maint
clear
dump
SLB
SLB
SLB
SLB
SLB
remote real server stats

virtual server stats
remote site stats
network preference stats
rule stats
Show Global SLB client proximity stats

Show Global SLB geographical preference stats
Show Global SLB DNS persistence cache stats
Show Global SLB DNS and DNSSEC stats
Show Global SLB maintenance stats
Clear all Global SLB stats
Show all Global SLB stats
Table 89: Global SLB Statistics Menu Options (/stats/slb/gslb)

Displays Global Server Load Balancing (GSLB) real server statistics. The real server
number is the real server ID under which the remote server is configured.
For sample output, and a description of these statistics, see /stats/slb/gslb/real <real
server number> Real Server Global SLB Statistics, page 175.
174

The Statistics Menu
Table 89: Global SLB Statistics Menu Options (/stats/slb/gslb)

Displays GSLB virtual server statistics. For sample output, and a description of these
statistics, see /stats/slb/gslb/virt <virtual server number> Virtual Server Global SLB
site <remote site, 1-64>

Displays Global SLB statistics for the remote site. For sample output, and a
description of these statistics, see /stats/slb/gslb/site Global SLB Site Statistics,
page 177.
network <network, 1-128>

Displays Global SLB statistics for the network.
rule <rule,1-128>
Displays Global SLB statistics for the rule.
clntprox
Displays Global SLB client proximity statistics.
pers
Displays Global SLB DNS persistence cache statistics.
dns
Displays Global SLB DNS and DNSSEC statistics.
geo
Displays Global SLB statistics for the geographical preference.
maint
Displays GSLB maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/gslb/maint Global SLB Maintenance Statistics, page 178.
clear
Deletes all Global SLB statistics.
dump
Displays all Global SLB statistics.
/stats/slb/gslb/real <real server number>
Real Server Global SLB Statistics

For any remote real server configured for GSLB, the following statistics can be viewed:
The number of times one of the following configured threshold values is met:
Session availability capacity (/cfg/slb/gslb/mincon)
Session utilization capacity (/cfg/slb/gslb/sesscap)
CPU utilization capacity (/cfg/slb/gslb/cpucap)
The number of DNS responses directed to the remote real server
The number of HTTP redirects to the remote real server
175

The Statistics Menu
Real server 1 global stats:

Threshold exceeded hits
DNS directs:
HTTP redirects:
5
3210
12
/stats/slb/gslb/virt <virtual server number>
Virtual Server Global SLB Statistics

--------------------------------------------------------Global SLB virtual server 1 stats:
Global SLB virtual server 2 http service stats:
Domain: gslb.foocorp.com
Server IP address
Site DNS directs HTTP redirects preemptions
------ --------------- ---- ----------- ---------------------------v2
200.200.200.1
0
0
2
r4
200.200.200.21
2
0
0
r5
200.200.200.41
3
0
0
r6
200.200.200.61
4
0
0
------ --------------- ---- ----------- ------------------------Totals
0
0
2
------ --------------- ---- ----------- ------------------------Virtual server GSLB statistics are described in the following table:
Table 90: Virtual Server Global SLB Statistics (/stats/slb/gslb/virt)
Statistic
Description
Server
The type of server configuration and server ID number:
v# represents a local virtual server number
r# represents a remote site. Because each remote site is configured on its

peers as if it were a real server (with certain special properties), this number
represents the real server ID on this Alteon under which the remote server is
configured.
IP Address
IP address of the server.
Site
The remote site number.
DNS directs
The number of DNS responses that return the IP address of the corresponding
server.
HTTP redirects
The number of HTTP requests redirected to the corresponding server.
preemptions
The number of times this server has been preempted due to failover preemption.
This means the number of times this Alteon has failed and was preempted from
regaining the sessions it previously owned.
176

The Statistics Menu
/stats/slb/gslb/site
Global SLB Site Statistics

Global SLB remote site 1 stats:
Bad remote site packets received:
0
DSSPv1 remote site updates sent:
0
DSSPv1 remote site updates received:
0
0
0
0
0
471
318
DSSPv4 remote site ClientProx updates sent:
0
DSSPv4 remote site ClientProx updates received:
0
0
0
GSLB site statistics are described in the following table:
Table 91: Global SLB Site Statistics Parameters (/stats/slb/gslb/site)
Statistic
Description
Bad remote site packets

received
The number of bad packets received from remote site.
DSSPv1 remote site

updates sent
The number of remote site updates sent using DSSP version 1.
DSSPv1 remote site

updates received
The number of remote site updates received using DSSP version 1.
DSSPv2 remote site

updates sent
DSSPv2 remote site

updates received
DSSPv3 remote site

updates sent
DSSPv3 remote site

updates received
DSSPv4 remote site

updates sent
DSSPv4 remote site

updates received
DSSPv4 remote site

ClientProx updates sent
The number of remote site client proximity updates sent using DSSP
version 4.
DSSPv4 remote site

ClientProx updates
received
The number of remote site client proximity updates received using

DSSP version 4.
DSSPv5 remote site

updates sent
DSSPv5 remote site

updates received
177

The Statistics Menu
/stats/slb/gslb/maint
Global SLB Maintenance Statistics

Global SLB maintenance stats:
Bad remote site packets received:
0
0
0
0
0
0
0
477
322
0
0
Local site DNS persistence cache entries added:
0
DNS queries received:
0
Bad DNS queries received:
0
DNS responses sent:
0
HTTP requests received:
0
Bad HTTP requests received:
0
HTTP responses sent:
0
Hostname domain hits:
0
Network domain hits:
0
Basic domain hits:
0
Threshold exceeded hits:
0
No server selected for hostname domain:
0
No server selected for network domain:
0
No server selected for basic domain:
0
No matching domain:
0
Last no result domain:
Last source IP:
0.0.0.0
GSLB maintenance statistics are described in the following table:
Table 92: Global SLB Maintenance Statistics (/stats/slb/gslb/maint)
Statistic
Description
Bad remote site packets

received
The number of bad packets received from the remote site. Bad
updates or dropped packets usually indicate that there is a
configuration problem at the local or remote GSLB devices. If bad
updates or dropped packets occur, check the syslog for configuration
error messages.
DSSPv1 remote site updates

sent
The number of DSSP version 1 updates/packets sent to the remote

sites.

received
The number of DSSP version 1 updates/packets received from the

remote sites.

sent

sites.

received

remote sites.

sent

sites.
178

The Statistics Menu
Table 92: Global SLB Maintenance Statistics (/stats/slb/gslb/maint)
Statistic
Description

received

remote sites.

sent

sites.

received

remote sites.

sent

sites.

received

remote sites.
Local site DNS persistence

cache entries added
The number of local site DNS persistence cache entries added.
DNS queries received
The number of DNS queries received.
Bad DNS queries received
The number of bad DNS queries received.
DNS responses sent
The number of DNS responses sent by Alteon that includes DNS

directs and DNS error responses.
HTTP requests received
The number of HTTP requests received.
Bad HTTP requests received
The number of bad/dropped client HTTP requests. Client HTTP GET

request packets that do not contain the entire URL are considered
bad and are dropped.
HTTP responses sent
The number of HTTP responses sent by Alteon that includes HTTP

redirects.
Hostname domain hits
The number of times the DNS queries received matched for the
hostname configured.
Network domain hits
network domain name configured.
Basic domain hits
basic domain name configured.
Threshold exceeded hits
The number of times threshold exceeded hits.
No server selected for

hostname domain
The number of times no server was selected after matching the

hostname domain.
No server selected for

network domain

network domain name.
No server selected for basic

domain

basic domain name.
No matching domain
The number of times the DNS queries received did not match the
hostname, domain name, or the network domain configured.
Last no result domain
The domain in the last DNS query received that did not match the
hostname, domain name, or the network domain configured.
Last source IP
The source IP address of the last DNS query or HTTP request

received.
179

The Statistics Menu
/stats/slb/real <real server number>
Real Server SLB Statistics

Enter real server number (1-1023):
1
Real server 1 stats:
Real server failures:
0
Last time real server up:
7:59:28 Sat Oct
Last time real server failed:
Health check attempts:
4718315
Health check responses:
1887312
Last valid response time:
165241 usecs
Average valid response time:
164615 usecs
Longest valid response time:
443160 usecs
Health check type:
tcp
Last SNMP HC response:
Buddy Health check failures:
0
Current sessions:
0
Total sessions:
0
Highest sessions:
0
Octets
0
8, 2013 (DST)
Note: Octets are provided per server, not per service, unless configured as described in Per Service
Real server SLB statistics are described in the following table:
Table 93: Real Server SLB Statistics (/stats/slb/real)
Statistic
Description
Real server failures
The number of times the real server fails.
Last time real server up
The date and time when the real server was up.
Last time real server failed
The date and time when the real server failed.
Health check attempts
The number of health check attempts.
Health check failures
The number of times the real server failed health checks.
Health check responses
The number of health check responses.
Last valid response time
The last valid real server response time in seconds.
Average valid response time
The average valid real server response time in seconds.
Longest valid response time
The longest valid real server response time in seconds.
Health check type
The health check type.
Last SNMP HC response
The last SNMP health check response.
Buddy Health check failures
The number of times the buddy health check failed.
Current sessions
The number of outstanding sessions that are established to the

particular real server.
Total sessions
The number of sessions that have been established to the particular

real server.
180

The Statistics Menu
Table 93: Real Server SLB Statistics (/stats/slb/real)
Statistic
Description
Highest sessions
The highest number of sessions ever recorded for the particular real
server.
Octets
The number of octets sent by the particular real server.
Per Service Octet Counters

For each load-balanced real server, the octet counters represent the combined number of transmit
and receive bytes (octets). These counters are then added to report the total octets for each virtual
server.
The octet counters are provided per server, not per service.
To configure octet counters on a per-service basis

1. Configure a separate IP address for each service on each server being load balanced.
For example, you can configure IP address 10.1.1.20 for HTTP services, and 10.1.1.21 for FTP
services on the same physical server.
2. On Alteon, configure a real server with a real IP address for each service in step 1.
Using the example from step 1, two real servers are configured for the physical server
(representing each real service). If there were five physical servers providing the two services
(HTTP and FTP), 10 real servers would have to be configured: five for the HTTP services on each
physical server, and five for the FTP services on each physical server.
3. On Alteon, configure one real server group for each type of service, and group each appropriate
real server IP address into the group that handles the specific service.
In keeping with the example in step 1, two groups are configured: one for handling HTTP, and
one for handling FTP.
4. Configure a virtual server and add the appropriate services to that virtual server.
/stats/slb/group <real server group number>
Real Server Group Statistics

Real server group statistics include the following:
Current and total sessions for each real server in the real server group.
Current and total sessions for all real servers associated with the real server group.
The highest number of simultaneous sessions recorded for each real server.
Real server transmit/receive octets. For more information on per-service octet counters, see
Per Service Octet Counters, page 181.
Enter real server group number (1-1024):

1
Real server group 1 stats:
Current
Total
Highest
Real IP address
Sessions Sessions Sessions
Octets
---- ------------------- -------- -------- ---------------------1 OCSFRONTEND1
1
315
4
31543304
2 OCSFRONTEND2
1
240
7
34320779
---- -------------------- -------- -------- ---------------------allpool
2
555
11
65864283
181

The Statistics Menu
/stats/slb/virt <virtual server number>
Virtual Server SLB Statistics

Virtual server statistics include the following:
Current and total sessions for each real server associated with the virtual server.
Current and total sessions for all real servers associated with the virtual server.
The highest number of simultaneous sessions recorded for each real server.
Real server transmit/receive octets. For more information on per-service octet counters, see
Per Service Octet Counters, page 181.
Note: The virtual server IP address is shown on the last line, below the real server IP addresses.
Enter virtual server number (1-1024):

Virtual server 1 stats:
Current
Total
Real IP address
Sessions Sessions
---- ----------------- -------1 OCSFRONTEND1
1
315
2 OCSFRONTEND2
1
240
---- ------------------- -------192.168.130.45
2
555
1
Highest
Sessions
Octets
-------- ---------------------4
31543304
7
34320779
-------- ---------------------11
65864283
When cookie sessions are detected (inserted, rewrite, or passive cookie persistency), additional
statistics are added. For example, with passive cookie persistency:
HTTP header loadbalance stats:

'Cookie' Hits:
1
'Cookie' Misses:
1
Total 'Cookie' Sessions:
2
-----------------------------------------------------------------Persistent Cookie SLB maintenance stats:
Current Total
Highest
Sessions Sessions
Sessions
------------------------- -------- ---------- -------Unique Sessions
1
1
1
Cookie Sessions
1
2
1
Persistent Port Sessions
1
1
1
Notes
Cookie Hits is the number of times an existing cookie was hit in the session table.
Cookie Misses is the number of times a new session did not hit any existing cookie in the session
table.
Alteon can filter virtual server statistics by service. In addition, when a specific HTTP or HTTPS
service is selected with defined content rules, Alteon can filter by rule ID.
For HTTP and HTTPS services, redirect, discard or goto actions are also available. For each action
type there is a unique output.
For example, when an HTTP service is set to redirect traffic to virtual server group 3, the following
output displays:
182

The Statistics Menu
>> vADC 10 - Server Load Balancing Statistics# /stats/slb/vi 1

Enter virtual port (10-65534), application or all [all]:
-----------------------------------------------------------------Virtual server 1 stats:
Virtual server 1 service http
Fallback action:
Action: group 3
Current
Total
Highest
Octets
Real
IP address
Sessions Sessions Sessions
---- ------------------------------------ -------- ---------- ----20
130.1.1.1
1
11
2
18282
22
130.1.1.2
26 6001:0:0:0:0:0:0:10
11
17457
11
8459
---- --------------------------------------- -------- ---------- -2

33
5
44198
Note: When Alteon functions as a gateway between an IPv4 and an IPv6 network, the current
sessions counter may remain low. This is because Alteon closes current sessions as soon as it
receives a FIN packet from the server.
/stats/slb/realhc <real server number>
Real Server Health Check Statistics

Real server health check statistics include the following:
Aggregated statistics of the real server per health check.
Health check statistic of each instance checking the real server.
183

The Statistics Menu
Real 1: 1.1.1.1, UP
Up time: 3 days 1 hours 44 minutes and 22 seconds (80%)
Down time: 2 hours 55 minutes and 33 seconds (18%)
Overflow time: 55 minutes and 33 seconds (2%)
State change: Failure 0, Overflow: 0, blocked 0
Last failure: 11:12:59 Sun Jan 2, 2013
Last overflow:
Instance Health check: myHTTPS, Runtime check https, port 443 UP
Down time: 55 minutes and 33 seconds (7%)
Overflow time: (0%)
Response time: Average 1 msec, Peak: 3 msec, Last valid: 0 msec,
State change: Failure 2, Overflow: 0
Last valid response: 13:12:59 Sun Jan 2, 2013
Last overflow:
Instance Health check: WEB-srv, Runtime check http, port 88 FAILED
Down time: 1 hours 55 minutes and 33 seconds (27%)
Overflow time: (0%)
Response time: Average 1 msec, Peak: 3 msec, Last valid: 0 msec,
State change: Failure 5, Overflow: 0
Last valid response: 13:12:59 Sun Jan 2, 2013
Last overflow:
/stats/slb/filt <filter number>
Filter SLB Statistics

This displays the number of times any filter has been matched.
Filter 1 stats:
Total firings:
1011
/stats/slb/layer7
SLB Layer7 Statistics Menu

redir
- Show URL Redirection stats
str
- Show SLB String stats
maint
- Show Layer 7 Maintenance stats
Table 94: SLB Layer 7 Statistics Menu Options (/stats/slb/layer7)
Command Syntax & Usage

redir
Displays URL Redirection statistics. For sample output, and a description of these
statistics, see /stats/slb/layer7/redir Layer 7 Redirection Statistics, page 185.
184

The Statistics Menu
Table 94: SLB Layer 7 Statistics Menu Options (/stats/slb/layer7)

str
Displays SLB string statistics. For sample output, and a description of these statistics,
see /stats/slb/layer7/str Layer 7 SLB String Statistics, page 186.
maint
Displays Layer 7 maintenance statistics. For sample output, and a description of
these statistics, see /stats/slb/layer7/maint Layer 7 SLB Maintenance Statistics,
page 186.
/stats/slb/layer7/redir
Layer 7 Redirection Statistics

Total
Total
Total
Total
Total
Total
Total
Total
Total
Total
URL based web cache redirection stats:

cache server hits:
origin server hits:
straight to origin server hits:
none-GETs hits:
'Cookie: ' hits:
no-cache hits:
RTSP cache server hits:
RTSP origin server hits:
HTTP redirection hits:
0
0
0
0
0
0
0
0
0
Layer 7 redirection statistics are described in the following table:
Table 95: Layer 7 Redirection Statistics (/stats/slb/layer7/redir)
Statistic
Description
Total cache server hits
The number of HTTP requests redirected to the cache server.
Total origin server hits
The number of HTTP requests forwarded to the origin server.
Total straight to origin

server hits
The number of HTTP requests forwarded from straight to the origin

server.
Total none-GETs hits
The number of none GET requests forwarded to the origin server.
Total 'Cookie:' hits
The number of cookie requests forwarded to the origin server.
Total no-cache hits
The number of requests containing no-cache header forwarded to the

origin server.
Total RTSP cache server

hits
The number of RTSP requests redirected to the cache server.
Total RTSP origin server

hits
The number of RTSP requests forwarded to the origin server.
Total HTTP redirection hits
The number of HTTP requests that were redirected by redirection filter.
185

The Statistics Menu
/stats/slb/layer7/str
Layer 7 SLB String Statistics

SLB String stats:
ID SLB String
1 any
2 www.[abcdefghijklm]*.com
3 www.[nopqrstuvwxyz]*.com
4 www.junk.com
5 www.abc.com
6 www.[abcdefjhijklm]*.org
7 www.[nopqrstuvwxyz]*.org
Hits
1527115
0
0
0
0
0
0
Layer 7 SLB string statistics are described in the following table:
Table 96: Layer 7 SLB String Statistics (/stats/slb/layer7/str)
Statistic
Description
ID SLB String
The user-defined strings used in URL matching.
Hits
The number of instances that are load balanced due to matching the
particular URL ID.
/stats/slb/layer7/maint
Layer 7 SLB Maintenance Statistics

Layer 7 maintenance stats:
Clients reset by switch on client side:
0
Clients reset by switch on server side:
0
Connection Splicing to support HTTP/1.1:
0
Invalid HTTP methods:
0
Aged delayed binding sessions:
0
Half open connections:
0
Switch retries:
0
Random early drops:
0
Requests exceeded 18200 bytes:
0
Invalid 3-way handshakes:
1
Exceeded max frame size:
0
Out of order packet drops:
0
Out of order packets received:
0
Current SP memory units:
10082 Lowest:
Current SP memory units:
5158
Current SEQ buffer entries:
0 Highest:
Current Data buffer use:
0 Highest:
Current SP buffer entries:
0 Highest:
Total Nonzero SEQ Alloc:
0
Total SEQ Buffer Allocs:
0 Total SEQ Frees:
Total Data Buffer Allocs:
1 Total Data Frees:
Alloc Fails - Seq buffers:
0 Alloc Fails - Ubufs:
Max sessions per bucket:
0 Max frames per session:
Max bytes buffered (sess):
0
186
10082
0
1
1
0
1
0
0

The Statistics Menu
SLB Layer 7 maintenance statistics are described in the following table:
Table 97: SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint)
Statistic
Description
Clients reset by switch on

client side
The number of reset frames sent to the client by Alteon during

server connection termination. This means that when Alteon could
not connect to the real sever and the client's retries exceeded the
threshold due to delayed binding, Alteon sends a reset frame to the
client to terminate the connection.
Clients reset by switch on

server side
The number of reset frames sent to the server by Alteon during

server connection termination due to delayed binding.
Connection Splicing to
support HTTP/1.1
The number of connection swapping between different real servers

in supporting multiple HTTP/1.1 client requests.
Invalid HTTP methods
The number of HTTP requests that contain invalid methods sent by

the client.
Aged delayed binding

sessions
The number of aged delayed binding sessions caused by failed

connection initialization between Alteon and the server.
Half open connections
The number of outstanding TCP connections that are half opened.

This increments when Alteon responds to TCP SYN packets and
decrements upon receiving TCP SYN ACK packets from the
requester.
Switch retries
The number of Alteon retries to connect to the real server.
Random early drops
The number of SYN frames dropped when the buffer is low.
Requests exceeded 18200

bytes
The number of GET requests that exceeded 18200 bytes.
Invalid 3-way handshakes
The number of dropped frames because of invalid three-way hand

shakes.
Exceeded max frame size
The number of Alteon-generated frames that exceeded the

maximum allowed frame size.
Out of order packet drops
The number of TCP out of order packets dropped.
Out of order packets received The number of TCP out of order packets received.
Current SP memory units
The currently available SP memory units.
Current SEQ buffer entries
The number of outstanding sequence buffers used.
Highest SEQ buffer entries
The highest number of sequence buffers ever used.
Current Data buffer use
The number of outstanding data buffers used.
Highest Data buffer use
The highest number of data buffers ever used.
Total Nonzero SEQ Alloc
The number of sequence buffers allocated.
Total SEQ Buffer Allocs
The number of sequence buffers allocations.
Total SEQ Frees
The number of sequence buffers that are freed.
Total Data Buffer Allocs
The number of buffers allocated to store client request.
Total Data Frees
The number of buffers freed.
Alloc Fails - Seq buffers
The number of times the sequence buffer allocation failed.
Alloc Fails - Ubufs
The number of times the URL data buffer allocation failed.
Max sessions per bucket
The maximum number of items (sessions) allowed in the session

table hash bucket chain.
187

The Statistics Menu
Table 97: SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint)
Statistic
Description
Max frames per session
The maximum number of frames to be buffered per session.
Max bytes buffered (sess)
The maximum number of bytes to be buffered per session.
/stats/slb/accel
SLB Acceleration Statistics Menu

[Acceleration Statistics Menu]
fastview - FastView Statistics Menu
compress - Compression Statistics Menu
dump
- Dump all acceleration statistics
Table 98: SLB Acceleration Statistics Menu Options (/stats/slb/accel)

fastview
Displays FastView statistics. To view this menu, see /stats/slb/accel/fastview
FastView Statistics Menu, page 188.
compress
Displays compression statistics. To view menu this menu, see /stats/slb/accel/
compress Compression Statistics Menu, page 194.
dump
Dumps all acceleration statistics.
/stats/slb/accel/fastview
FastView Statistics Menu

[FastView Statistics
summary - Show
virt
- Show
cachlist - Show
cachrule - Show
optlist - Show
optrule - Show
dump
- Dump
Menu]
fastview summary stats
fastview per virtual server stats
fastview caching rule-list stats
fastview caching rule-list per rule stats
fastview optimization rule-list stats
fastview optimization rule stats
all fastview statistics

summary
Displays FastView summary statistics. For sample output, and a description of
these statistics, see /stats/slb/accel/fastview/summary FastView Summary
188

The Statistics Menu

virt
Displays caching for the selected virtual server, only if enabled.
Only HTTPS services with an enabled associated caching policy display in the
statistics output.
For sample output, and a description of these statistics, see /stats/slb/accel/
fastview/virt<server number> FastView Statistics per Virtual Service, page 192.
cachlist
Displays statistics for the enabled caching rule lists.
fastview/cachlist FastView Caching Rule-List Statistics, page 193.
cachrule
Displays statistics for the enabled caching rules.
fastview/cachrule FastView Caching Rule Statistics, page 193.
optlist
This parameter is not supported.
optrule
dump
Dumps all caching statistics besides the object list.
189

The Statistics Menu
/stats/slb/accel/fastview/summary
FastView Summary Statistics

>> FastView Statistics# summary
Statistics measuring period is 5 seconds.
-----------------------------------------------------------------Total number of objects served from cache:
0
Cache hits percentage:
0
Cache serving rate (requests/second):
0
Total number of new cached objects:
0
Objects caching rate (objects/seconds):
0
Number of new cached bytes:
0
New cached bytes rate (bytes/seconds):
0
New cached objects average size
-----------------------------------------------------------------Object of size smaller than 10KB:
0
Object of size between 11KB and 50KB:
0
0
Object of size between 101KB and 1MB:
0
Object of size Larger than 1MB:
0
FastView:
-----------------------------------------------------------------Total number of optimized resources:
0
Serving Rate:
0
Total number of combined CSS files:
0
Total number of combined JS files:
0
Total number of inlined CSS files:
0
Total number of inlined JS files:
0
Total pages with image dimensions set:
0
Total pages with comments removed:
0
Total pages with whitespace removed:
0
Total pages with URLs trimmed:
0
Request reduction rate:
0
Uncacheable resources optimization rate:
0
Byte reduction rate:
0
FastView summary statistics are described in the following table:
Statistic
Description
Total number of optimized

resources
Serving Rate
Total number of combined

CSS files
Total number of combined JS

files
Total number of inlined CSS
Total number of inlined JS
Total pages with image

dimensions set
190

The Statistics Menu
Statistic
Description
Total pages with comments

removed
Total pages with whitespace

removed
Total pages with URLs

trimmed
Request reduction rate
Uncacheable resources
optimization rate
Byte reduction rate
191

The Statistics Menu
/stats/slb/accel/fastview/virt<server number>
FastView Statistics per Virtual Service

>> FastView Statistics# virt
Enter virtual server number (1-1024):
<server number>
-----------------------------------------------------------Virtual server <server number> stats:
Virtual service 80 application http FastView policy <policy ID>
-----------------------------------------------------------Total number of objects served from cache:
0
Cache hits percentage:
0
Cache serving rate (requests/second):
0
Total number of new cached objects:
0
Objects caching rate (objects/seconds):
0
Number of new cached bytes:
0
New cached bytes rate (bytes/seconds):
0
New cached objects average size
-----------------------------------------------------------Object of size smaller than 10KB:
0
0
0
Object of size between 101KB and 1MB:
0
Object of size Larger than 1MB:
0
FastView:
-----------------------------------------------------------Total number of optimized resources:
0
Serving Rate:
0
Total number of combined CSS files:
0
Total number of combined JS files:
0
Total number of inlined CSS files:
0
Total number of inlined JS files:
0
Total pages with image dimensions set:
0
Total pages with comments removed:
0
Total pages with whitespace removed:
0
Total pages with URLs trimmed:
0
Request reduction rate:
0
Uncacheable resources optimization rate:
0
Byte reduction rate:
0
FastView statistics per virtual service are described in the following table:
Statistic
Description
Total number of optimized

resources
Serving Rate
Total number of combined

CSS files
Total number of combined JS

files
Total number of inlined CSS
192

The Statistics Menu
Statistic
Description
Total number of inlined JS
Total pages with image

dimensions set
Total pages with comments

removed
Total pages with whitespace

removed
Total pages with URLs

trimmed
Request reduction rate
Uncacheable resources
optimization rate
Byte reduction rate
/stats/slb/accel/fastview/cachlist
FastView Caching Rule-List Statistics

>> FastView Statistics# cachlist
Rule-List ID
Cached Objects
Cached Bytes
---------------------------------------------------------------------1
0
0
2
0
0
10
0
0
My-Cache-rule-list
0
0
rule-list1
0
0
Caching rule list statistics are described in the following table:
Statistic
Description
Rule-List ID
The ID of the rule list for which the statistics display.
Cached Objects
Number of cached objects of the enabled rule list.
Cached Bytes
Number of cached bytes of the enabled rule list.
/stats/slb/accel/fastview/cachrule
FastView Caching Rule Statistics

>> FastView Statistics# cachrule
Enter rule-list id: 1
----------------------------------------------------------------------------Rule-List 1 stats:
Rule number
Rule Name
Cached Objects
Cached Bytes
---------------------------------------------------------------------1
Rule
0
0
Rule-List 1 is associated to the following FastView policies:
Caching rule list statistics are described in the following table:
193

The Statistics Menu
Statistic
Description
Rule number
The ID of the rule for which the statistics display.
Rule Name
The name of the rule for which the statistics display.
Cached Objects
Number of cached objects of the enabled rule list.
Cached Bytes
Number of cached bytes of the enabled rule list.
/stats/slb/accel/fastview/optlist
FastView Optimization Rule-List Statistics

This menu is not supported.
/stats/slb/accel/fastview/optrule
FastView Optimization Rule Statistics

/stats/slb/accel/compress
Compression Statistics Menu

[Compression Statistics Menu]
summary
- Show compression summary stats
virt
- Show compression per virtual server stats
urllist
- Show compression URL rule-list stats
urlrule
- Show compression URL rule-list per rule stats
brwslist - Show compression Browser rule-list stats
brwsrule - Show compression Browser rule-list per rule stats
dump
- Dump all compression statistics
Table 99: Compression Statistics Menu Options (/stats/slb/accel/compress)

summary
Displays compression summary statistics. For sample output, and a description of
these statistics, see /stats/slb/accel/compress/summary Compression Summary
virt
Displays compression for the selected virtual server, only if enabled.
Only HTTP and HTTPS services with enabled an associated compression policy
display in the statistics output.
compress/virt<server number> Compression Statistics per Virtual Service,
page 196.
urllist
Displays compression URL rule list statistics. For sample output, and a description
of these statistics, see /stats/slb/accel/compress/urllist Compression Rule-List
Statistics, page 196
urlrule
Displays compression URL rule per rule-list statistics. For sample output, and a
description of these statistics, see /stats/slb/accel/compress/urlrule Compression
Rule Statistics, page 197.
194

The Statistics Menu
Table 99: Compression Statistics Menu Options (/stats/slb/accel/compress)

brwslist
Displays compression browser rule list statistics. The rule list ID is arranged in
lexicographical order. For sample output, and a description of these statistics, see
/stats/slb/accel/compress/brwslist Compression Browser Rule-List Statistics,
page 198.
brwsrule
Displays compression browser rule per rule list statistics. For sample output, and
a description of these statistics, see /stats/slb/accel/compress/brwsrule
Compression Browser Rule Statistics, page 198.
dump
Dumps all compression statistics.
/stats/slb/accel/compress/summary
Compression Summary Statistics

Uncompressed throughput (KB):
Compressed throughput (KB):
Throughput Compression ratio:
Average object size before compression (KB):
Average object size after compression (KB):
Average object size compression ratio:
0
0
0
0
0
0
Compression summary statistics are described in the following table:
Table 100: Compression Summary Statistics (/stats/slb/accel/compress/summary)
Statistic
Description
Uncompressed Throughput
(KB)
Total throughput of compressible objects before compression.
Compressed Throughput (KB) Total throughput of compressible objects after compression.

Throughput Compression
Ratio
Throughput compression ratio, calculated as the compressed

throughput divided by uncompressed throughput.
Average object size before

Compression (KB)
Average object size before compression.
Average object size after

Compression (KB)
Average object size after compression.
Average object size

compression Ratio
Average compression ratio during measuring period, calculated as

the average uncompressed size divided by the average compressed
size.
195

The Statistics Menu
/stats/slb/accel/compress/virt<server number>
Compression Statistics per Virtual Service

>> Compression Statistics# virt
Enter virtual server number (1-1024): <server number>
Virtual service 80 application http compression policy <policy ID>
Uncompressed throughput (KB):
Compressed throughput (KB):
Throughput Compression ratio:
Average object size before compression (KB):
Average object size after compression (KB):
Average object size compression ratio:
0
0
0
0
0
0
Compression statistics per virtual service are described in the following table:
Table 101: Compression Statistics per Virtual Service (/stats/slb/accel/compress/virt<server

number>)
Statistic
Description
Uncompressed throughput
(KB)
Total throughput of compressible objects before compression per

virtual service.
Compressed Throughput (KB) Total throughput of compressible objects after compression per
virtual service.
Throughput Compression
ratio
Throughput compression ratio, calculated as the compressed

throughput divided by uncompressed throughput per virtual
service.
Average object size before

compression (KB)
Average object size before compression per virtual service.
Average object size after

compression (KB)
Average object size after compression per virtual service.
Average object size

compression ratio
Average compression ratio during measuring period, calculated as

the average uncompressed size divided by average compressed size
per virtual service.
/stats/slb/accel/compress/urllist
Compression Rule-List Statistics

>> Compression Statistics# urllist
Statistics measuring period is 5 second.
Rule-List ID
1
2
10
My-rule-list
rule-list1
196
Matched Objects
Size Before
Size After
Compression Ratio
Compression(KB) Compression(KB)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

The Statistics Menu
Compression rule list statistics are described in the following table:
Table 102: Compression Rule List Statistics (/stats/slb/accel/compress/urllist)
Statistic
Description
Rule-List ID
The ID of the rule list for which the statistics display.
Matched Objects
Number of objects matched by the URL exception policy during the

measuring period for the rule list ID.
Size Before Compression (KB) Object size before compression.

Size After Compression (KB)
Object size after compression.
Compression Ratio
The compression ratio.
/stats/slb/accel/compress/urlrule
Compression Rule Statistics

>>Rule-List My-rule-list stats:
Rule number
Compression
Rule Name
Matched Objects
1
4
10
30
1100
Exception-1-rule
Rule30
My-rule
0
0
0
0
0
Size Before
Size After
0
0
0
0
0
0
0
0
0
0
Ratio
0
0
0
0
0
Compression rule statistics are described in the following table:
Table 103: Compression Rule Statistics (/stats/slb/accel/compress/urlrule)
Statistic
Description
Rule Number
The number of the rule for which the statistics display. The rule
number determines the priority of the rule in the rule list. Rules are
scanned for a match from highest priority (1) to lowest.
Rule Name
Matched Objects
Number of objects matched by this rule during measuring period.

for the rule ID

Compression Ratio
197

The Statistics Menu
/stats/slb/accel/compress/brwslist
Compression Browser Rule-List Statistics

>> Compression Statistics# brwslist
Rule-List ID
Matched Objects
Size Before
Size After
Compression Ratio
1
2
10
My-rule-list
rule-list1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Compression browser rule list statistics are described in the following table:
Table 104: Compression Browser Rule-List Statistics (/stats/slb/accel/compress/brwslist)
Statistic
Description
Rule-List ID
The ID of the rule list for which the statistics display
Matched Objects
Number of objects matched during the measuring period by the

URL exception policy for the rule ID.

Compression Ratio
/stats/slb/accel/compress/brwsrule
Compression Browser Rule Statistics

>>Rule-List My-rule-list stats:
Rule number
Rule Name
Matched Objects
1
4
10
30
1100
Exception-1-rule
Rule30
My-rule
Size Before
Size After Compression
Ratio
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Compression rule statistics are described in the following table:
Table 105: Compression Rule Statistics (/stats/slb/accel/compress/brwsrule)
Statistic
Description
Rule Number
The number of the rule for which the statistics display. The rule
number determines the priority of the rule in the rule list. Rules are
scanned for a match from highest priority (1) to lowest.
Rule Name
198

The Statistics Menu
Table 105: Compression Rule Statistics (/stats/slb/accel/compress/brwsrule)
Statistic
Description
Matched Objects
Number of objects matched by this rule during the measuring

period.

Compression Ratio
/stats/slb/http
HTTP Statistics Menu

[HTTP Statistics Menu]
summary - Show HTTP summary stats
virt
- Show HTTP per virtual server stats
tsummay - Show HTTP transaction summary stats
tvirt
- Show HTTP transaction per virtual server stats
connmng - Show connection management stats
dump
- dump all HTTP statistics
Table 106: HTTP Statistics Menu Options (/stats/slb/http)

summary
Displays compression summary statistics. For sample output, and a description of
these statistics, see /stats/slb/http/summary HTTP Summary Statistics,
page 200.
virt
Displays HTTP statistics for the selected virtual server, only if enabled.
Only HTTP and HTTPS services display in the statistics output.
For sample output, and a description of these statistics, see /stats/slb/http/
virt<server number> HTTP Statistics per Virtual Service, page 201.
tsummary
Displays HTTP transaction summary statistics.
tsummary HTTP Transaction Summary Statistics, page 202.
tvirt
Displays HTTP traffic for the selected virtual server, only if enabled.
For sample output, and a description of these statistics, see /stats/slb/http/tvirt
HTTP Transaction Statistics per Virtual Service, page 202.
connmng
Displays the Connection Management Statistics menu. To view this menu, see /
stats/slb/http/connmng Connection Management Statistics Menu, page 203.
dump
Dumps all HTTP statistics.
199

The Statistics Menu
/stats/slb/http/summary
HTTP Summary Statistics

>> HTTP Statistics# summary
-----------------------------------------------------------------HTTP clients using keep-alive:
0
HTTP 1.0 Percentage:
0
HTTP 1.1 Percentage:
0
HTTP to HTTPS redirections:
0
Average number of requests per connection:
0
Number of responses per content size
-----------------------------------------------------------------Number of responses smaller than 1KB:
0
Number of responses 1KB - 10KB:
0
0
0
Number of responses larger than 100KB:
0
HTTP summary statistics are described in the following table:
Table 107: HTTP Summary Statistics (/stats/slb/http/summary)
Statistic
Description
HTTP clients using keep-alive Number of clients sending a "Connection: Keep-Alive" HTTP header
or using HTTP 1.1.
HTTP 1.0 Percentage
Percent of requests performed using HTTP 1.0 during the measuring

period.
HTTP 1.1 Percentage
Percent of requests performed using HTTP 1.1 during the measuring

period.
HTTP to HTTPS redirections
Number of HTTP redirect location headers updated from HTTP to

HTTPS by Alteon.
Average number of requests

per connection
Average number of requests performed over each client connection,

calculated as the total number of client request divided by the
number of clients side connections.
Number of responses smaller Number of responses for which the reported content size is smaller
than 1KB
than 1 KB.
Number of responses 1KB 10KB
Number of responses for which the reported content size is between

1 KB and 10 KB.

11 KB and 50 KB.

51 KB and 100 KB.
Number of responses larger

than 100KB
Number of responses for which the reported content size is larger

than 100 KB.
200

The Statistics Menu
/stats/slb/http/virt<server number>
HTTP Statistics per Virtual Service

>> HTTP Statistics# virt
Virtual service 80 application http summary
-----------------------------------------------------------------HTTP clients using keep-alive:
0
HTTP 1.0 vs. 1.1 ratio:
0
Average number of requests per connection:
0
Number of responses per content size
-----------------------------------------------------------------Number of responses smaller than 1KB:
0
0
0
0
Number of responses larger than 100KB:
0
HTTP statistics per virtual service are described in the following table:
Table 108: HTTP Statistics per Virtual Service (/stats/slb/http/virt<server number>)
Statistic
Description
HTTP clients using keep-alive Number of clients sending a "Connection: Keep-Alive" HTTP header
or using HTTP 1.1 per virtual service.
HTTP 1.0 vs. 1.1 ratio
Ratio of requests performed using HTTP 1.0 versus HTTP 1.1 during
the measuring period per virtual service.
Average number of requests

per connection
Average number of requests performed over each client connection,

calculated as the total number of client requests divided by the
number of client side connections per virtual service.
Number of responses smaller Number of responses for which the reported content size is smaller
than 1KB
than 1KB per virtual service

1 KB and 10 KB per virtual service.


Number of responses larger

than 100KB
Number of responses for which the reported content size is larger

than 100 KB per virtual service.
201

The Statistics Menu
/stats/slb/http/tsummary
HTTP Transaction Summary Statistics

>> HTTP Statistics# tsummary
Requests - Clients > Alteon:
Requests - Alteon > Servers:
Responses - Servers > Alteon:
Responses - Alteon > Clients:
HTTP transactions rate:
0
0
0
0
0
HTTP transaction summary statistics are described in the following table:
Table 109: HTTP Transaction Summary Statistics (/stats/slb/http/tsummary)
Statistic
Description
Requests - Clients > Alteon
Number of clients requests from Alteon performed in the measuring

period.
Requests - Alteon > Servers
Number of Alteon requests from servers performed in the

measuring period.
Responses - Servers > Alteon Number of server responses to Alteon in the measuring period.
Responses - Alteon > Clients
Number of Alteon responses to clients in the measuring period.
HTTP transactions rate
Transactions per seconds rate, calculated as the total number of

transactions divided by the measuring period.
/stats/slb/http/tvirt
HTTP Transaction Statistics per Virtual Service

>> HTTP Statistics# tvirt
Enter virtual server number (1-1024): <port number>
Virtual service 80 application http
Requests - Clients > Alteon:
Requests - Alteon > Servers:
Responses - Servers > Alteon:
Responses - Alteon > Clients:
HTTP transactions rate:
0
0
0
0
0
HTTP transaction statistics per virtual service are described in the following table:
Table 110: HTTP Transaction Statistics per Virtual Service (/stats/slb/http/tvirt)
Statistic
Description
Number of clients requests from Alteon performed in the measuring

period per virtual service.

measuring period per virtual service.
202

The Statistics Menu
Table 110: HTTP Transaction Statistics per Virtual Service (/stats/slb/http/tvirt)
Statistic
Description
Responses - Servers > Alteon Number of server responses to Alteon in the measuring period per
virtual service.
Number of Alteon responses to clients in the measuring period per

virtual service.
HTTP transactions rate
Transactions per seconds rate, calculated as the total number of

transactions divided by the measuring period per virtual service.
Number of client requests from Alteon performed in the measuring

period per virtual service.

Responses - Servers > Alteon Number of server responses to Alteon in the measuring period per
virtual service.
Number of Alteon responses to clients in the measuring period per

virtual service.
/stats/slb/http/connmng
Connection Management Statistics Menu

[Connection Management Statistics Menu]
summary - Show connection management summary stats
virt
- Show connection management per virtual server stats
pooling - Show connection pooling stats
dump
- Dump all connection management statistics
Table 111: Connection Management Statistics Menu Options (/stats/slb/http/connmng)

summary
Displays connection management summary statistics. For sample output, and a
description of these statistics, see /stats/slb/http/connmng/summary Connection
Management Summary Statistics, page 204.
virt
Displays connection management for the selected virtual server, only if enabled.
connmng/virt<server number> Connection Management Statistics per Virtual
Service, page 204.
pooling
Displays the connection pooling statistics. For sample output, and a description of
these statistics, see /stats/slb/http/connmng/pooling Connection Pooling
Summary Statistics, page 205.
dump
Dumps all connection management statistics.
203

The Statistics Menu
/stats/slb/http/connmng/summary
Connection Management Summary Statistics

>> Connection Management Statistics# summary
-----------------------------------------------------------------Number of server connections:
0
Number of client requests:
0
Connection multiplexing ratio:
0
Connection management summary statistics are described in the following table:
Table 112: Connection Management Summary Statistics (/stats/slb/http/connmng/summary)
Statistic
Description
Number of server connections Number of concurrent back-end server connections in Alteon which
update instantly according to the session table.
Number of client requests
Number of client requests passed to the Application Services

Engine.
Connection multiplexing ratio 100 multiplied by the number of concurrent back-end server
connections, divided by the number of client requests passed to
Application Services Engine.
/stats/slb/http/connmng/virt<server number>
Connection Management Statistics per Virtual Service

>> Connection Management Statistics# virt
Enter virtual server number (1-1024): 1
Virtual service 80 application http
-----------------------------------------------------------------Number of server connections:
0
Number of client requests:
0
Connection multiplexing ratio:
0
HTTP statistics per virtual service are described in the following table:
Table 113: HTTP Statistics per Virtual Service (/stats/slb/http/virt<server number>)
Statistic
Description
Number of server connections Number of concurrent back-end server connections per virtual
service in Alteon which update instantly according to the session
table.
Number of client requests
Number of client requests passed to the Application Services Engine

per virtual service
Connection multiplexing ratio 100 multiplied by the number of concurrent back-end server
connections, divided by the number of client requests passed to
Application Services Engine per virtual service.
204

The Statistics Menu
/stats/slb/http/connmng/pooling
Connection Pooling Summary Statistics

>> Connection Management Statistics# pooling
-----------------------------------------------------------------Connection pooling summary statistics:
Current opened server connections:
0
Active server connections:
0
Available server connections:
0
Total number of aged out client connections:
0
Total number of aged out server connections:
0
Connection pooling summary statistics are described in the following table:
Table 114: Connection Pooling Summary Statistics (/stats/slb/http/connmng/pooling)
Statistic
Description
Current opened server

connections
The pool of server connection. Some connections can be idle and

some active (occupied sessions).
Active server connections
Number of server connections currently occupying sessions (nonidle connections)
Available server connections
Number of server connections currently idle.
Total number of aged out

client connections
The number of times client connections were freed, if the TCP pool
is enabled.
Total number of aged out

server connections
The number of times server connections were freed, if TCP pool is

enabled.
/stats/slb/pip
Server Load Balancing Proxy IP Statistics

>> Main# /stat/slb/pip
Proxy IP address/subnet
---------------------------------------------
Current
sessions
---------------
pport allocation
failure
---------------
Server load balancing proxy IP statistics are described in the following table:
Table 115: Server Load Balancing Proxy IP Statistics (/stats/slb/pip)
Statistic
Description
Proxy IP address/subnet
Displays the list of configured proxy IP addresses and subnets.
Current sessions
Displays the number of free ports for the proxy IP address.
pport allocation failure
Displays the number of port allocation failures due to missing free

ports for the proxy IP address. If the pport allocation failure number
increments even though there are available pports, refer to the PIP
statistics per SP to see which SP ran out of free pports (/stats/slb/
sp Server Load Balancing SP Statistics Menu, page 169).
205

The Statistics Menu
/stats/slb/ssl
SLB Secure Socket Layer Statistics Menu

[SSL Statistics
summary virt
sslid
srvrcert dump
-
Menu]
Show SSL offloading summary stats
Show SSL offloading per virtual server stats
Show SSL ID persistency stats
Show Server Certificates usage statistics
Dump all SSL statistics
Table 116: SSL Statistics Menu Options (/stats/slb/ssl)

summary
Displays SSL offloading summary statistics. For sample output, and a description
of these statistics, see /stats/slb/ssl/summary SSL Offloading Summary
virt
Displays SSL offloading statistics for the selected virtual server, only if enabled.
Only SSL or HTTPS services display in the statistics output.
For sample output, and a description of these statistics, see /stats/slb/ssl/
virt<server number> SSL Offloading Statistics per Virtual Service, page 207.
sslid
Displays SSL ID persistency statistics.
For sample output, and a description of these statistics, see /stats/slb/ssl/sslid
SSL ID Persistency Statistics, page 208.
Note: SSL session ID persistence is not supported when SSL offloading is
enabled and other more advanced persistency features, such as cookie
persistency, are available.
srvrcert
certificate | group | all

Displays all server certificates usage statistics, by certificate name or by
certificate group name.
dump
Dumps all SSL statistics.
/stats/slb/ssl/summary
SSL Offloading Summary Statistics

SSL Offloading Summary Statistics:
New SSL handshakes (Sessions/Seconds):
Reused SSL handshakes (Sessions/Seconds):
Reused SSL handshakes rate:
SSLv2 percentage:
SSLv3 percentage:
TLS 1.0 percentage:
TLS 1.1 percentage:
206
0
0
0
0
0
0
0
0

The Statistics Menu
SSL offloading summary statistics are described in the following table:
Table 117: SSL Offloading Summary Statistics (/stats/slb/ssl/summary)
Statistic
Description
New SSL handshakes

(Sessions/Seconds)
Number of new SSL handshakes between clients and Alteon per

second.
Reused SSL handshakes

(Sessions/Seconds)
Number of existing SSL Handshakes reused by clients to

communicate with Alteon per second.
Reused SSL handshakes rate
Percentage of SSL sessions reusing keys.
SSLv2 percentage
Percentage of sessions using SSL version 2 out of all sessions

during the measuring period.
SSLv3 percentage

during the measuring period.
TLS percentage
Percentage of sessions using TLS out of all sessions during the

measuring period.
/stats/slb/ssl/virt<server number>
SSL Offloading Statistics per Virtual Service

>> SSL Statistics# virt
-------------------------------------------------------------Statistics measuring period is 5 second.
SSL Offloading per Virtual Service Statistics
Virtual service 443 application https SSL policy <policyID>
New SSL handshakes (Sessions/Seconds):
Reused SSL handshakes (Sessions/Seconds):
Reused SSL handshakes rate:
SSLv2 percentage:
SSLv3 percentage:
TLS 1.0 percentage:
TLS 1.1 percentage:
0
0
0
0
0
0
0
0
SSL offloading statistics per virtual service are described in the following table:
Table 118: SSL Offloading Statistics per Virtual Service (/stats/slb/ssl/virt<server number>)
Statistic
Description
New SSL handshakes

(Sessions/Seconds)
Number of new SSL handshakes between clients and Alteon per

second per virtual service.
Reused SSL handshakes

(Sessions/Seconds)
Number of existing SSL handshakes reused by clients to

communicate with Alteon per second per virtual service.
Reused SSL handshakes rate
Percentage of SSL sessions reusing keys per virtual service per

virtual service.
SSLv2 percentage

during the measuring period per virtual service.
207

The Statistics Menu
Table 118: SSL Offloading Statistics per Virtual Service (/stats/slb/ssl/virt<server number>)
Statistic
Description
SSLv3 percentage

during the measuring period per virtual service.
TLS percentage
Percentage of sessions using TLS out of all sessions during the

/stats/slb/ssl/sslid
SSL ID Persistency Statistics

SSL SLB maintenance stats:
SessionId allocation fails:
Total number of SSL ID reassignments:
0
0
Current
Total Highest
Sessions
Sessions Sessions
------------------------- -------- ---------- -------Unique SessionIds
0
0
0
SSL connections
0
0
0
0
0
0
SSL ID persistency statistics are described in the following table:
Table 119: SSL ID Persistency Statistics (/stats/slb/ssl/sslid)
Statistic
Description
SessionId allocation fails
Session ID allocation failures.
Total number of SSL ID

reassignments
Number of SSL ID reassignments.
Unique SessionIds
Number of unique session IDs.
SSL connections
Number of SSL connections.
Number of persistent port sessions.
/stats/slb/appshape <script id>
AppShape++ Statistics
Script ID
Event
Activations
Failures
Aborts
-----------------------------------------------------------------------------error
HTTP_REQUEST
HTTP_RESPONSE
11
11
HTTP_REQUEST
resp
test
HTTP_REQUEST
timeout
HTTP_REQUEST
208

The Statistics Menu
AppShape++ statistics are described in the following table:
Table 120: AppShape++ Statistics (/stats/appshare/)
Statistic
Description
Script ID
The identifier for the AppShape++ script.
Event
The event name that appears in the AppShape++ script ID.
Activations
The number of times that the AppShape++ script or script event was
activated.
Failures
The number of times that the AppShape++ script failed, and the
failure distribution between the script events (how many of the
failures occurred during treatment of each event).
Aborts
The number of times that the AppShape++ script was aborted, and
the abort distribution between the script events (how many of the
aborts occurred during treatment of each event).
/stats/slb/ftp
File Transfer Protocol SLB and Filter Statistics Menu

[FTP SLB parsing
active parsing maint
dump
-
and Filter Statistics Menu]

Show active FTP NAT filter stats
Show FTP SLB parsing server stats
Show FTP maintenance stats
Dump all FTP SLB/NAT stats
/stats/slb/ftp/active
Table 121: FTP SLB Parsing and Filter Statistics Menu Options (/stats/slb/ftp)

active
Displays the active FTP SLB parsing and filter statistics. For sample output, and a
description of these statistics, see /stats/slb/ftp/active Active FTP SLB Parsing and
Filter Statistics, page 209.
parsing
Displays the parsing statistics. For sample output, and a description of these
statistics, see /stats/slb/ftp/parsing Passive FTP SLB Parsing Statistics, page 210.
maint
Displays the maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/ftp/maint FTP SLB Maintenance Statistics, page 210.
dump
Displays all FTP SLB/NAT statistics. For sample output, and a description of these
statistics, see /stats/slb/ftp/dump FTP SLB Statistics Dump, page 211.
Active FTP SLB Parsing and Filter Statistics

Total Active SLB FTP NAT stats(PORT):
Total FTP:
Total New Active FTP Index:
Active FTP NAT ACK/SEQ diff:
0
0
0
209

The Statistics Menu
Active FTP SLB parsing and filter statistics are described in the following table:
Table 122: Active FTP Slb Parsing and Filter Statistics (/stats/slb/ftp/active)
Statistic
Description
Total Active FTP NAT stats

(PORT)
The number of times Alteon receives the port command from the
client.
Total FTP
The number of times Alteon receives both active and passive FTP
connections.
Total New Active FTP Index The number of times Alteon creates a new index due to the port
command from the client.
Active FTP NAT ACK/SEQ
diff
The difference in the numbers of ACK and SEQ that Alteon needs for
packet adjustment.
/stats/slb/ftp/parsing
Passive FTP SLB Parsing Statistics

Total FTP SLB Parsing Stats(PASV):
Total FTP:
Total New FTP SLB parsing Index:
FTP SLB parsing ACK/SEQ diff:
0
0
0
Passive FTP SLB parsing statistics are described in the following table:
Table 123: Passive FTP SLB Parsing Statistics (/stats/slb/ftp/parsing)
Statistic
Description
Total FTP
The number of times Alteon receives both active and passive FTP
connections.
Total New FTP SLB

parsing Index
The number of times Alteon creates a new index in response to the

pasv command from the client.
FTP SLB parsing ACK/SEQ

diff
The difference in the numbers of ACK and SEQ that Alteon needs FTP
SLB parsing.
/stats/slb/ftp/maint
FTP SLB Maintenance Statistics

FTP mode switch error:
FTP SLB maintenance statistics are described in the following table:
Table 124: FTP SLB Maintenance Statistics (/stats/slb/ftp/maint)
Statistic
Description
FTP mode switch error
The number of times Alteon is not able to switch modes from active to
passive, and vice versa.
210

The Statistics Menu
/stats/slb/ftp/dump
FTP SLB Statistics Dump

Total FTP :
Total FTP NAT Filtered:
Total new active FTP NAT Index:
Total new FTP SLB parsing Index:
FTP Active FTP NAT ACK/SEQ diff:
FTP SLB parsing ACK/SEQ diff:
FTP mode switch error:
0
0
0
0
0
0
0
FTP SLB dump statistics are described in the following table:
Table 125: FTP SLB Statistics Dump (/stats/slb/ftp/dump)
Statistic
Description
Total FTP
The number of FTP sessions that occurred.
Total FTP NAT Filtered
The number of FTP NAT filter sessions that occurred.
Total new active FTP NAT

Index
The number of new data sessions created for FTP NAT filter in active
mode.
Total new FTP SLB parsing

Index
The number of times Alteon creates a new index in response to the

pasv command from the client.
FTP Active FTP NAT ACK/SEQ

diff
The number of times the adjustment between ACK and SEQ

occurred on the filter.
FTP SLB parsing ACK/SEQ diff The difference in the number of ACKs and SEQs that Alteon needs
for FTP SLB parsing.
FTP mode switch error
The number of times Alteon could not switch mode from active to
passive, and vice versa.
/stats/slb/rtsp
RTSP SLB Statistics

SP
1
2
3
4
--
Control
Connection
0
0
0
0
---------0
UDP
Streams
Redirect
0
0
0
0
---------0
0
0
0
0
---------0
Connection
Denied
0
0
0
0
---------0
Buffer
Allocs
0
0
0
0
-------0
Alloc
Failures
0
0
0
0
-------0
RTSB SLB statistics are described in the following table:
Table 126: RTSP SLB Statistics (/stats/slb/rtsp)
Statistic
Description
ControlConnection
The number of TCP connections for RTSP control connections.
UDP Streams
The number of UDP connections for data channels. The number

depends upon the type of media player being used.
211

The Statistics Menu
Table 126: RTSP SLB Statistics (/stats/slb/rtsp)
Statistic
Description
Redirect
The number of times the connection was redirected.
ConnectionDenied
The number of times the connections were denied due to the

shortage of resources or the real server being down.
BufferAllocs
The number of buffer allocations used.
AllocFailures
The number of times the buffer allocation failed.
/stats/slb/dns
DNS SLB Statistics

Total
Total
Total
Total
Total
Total
Total
number
number
number
number
number
number
number
of
of
of
of
of
of
of
TCP DNS queries:

UDP DNS queries:
invalid DNS queries:
multiple DNS queries:
domain name parse errors:
failed real server name matches:
DNS parsing internal errors:
0
0
0
0
0
0
0
DNS SLB statistics are described in the following table:
Table 127: DNS SLB Statistics (/stats/slb/dns)
Statistic
Description
Total number of TCP DNS

queries
The number of DNS queries received through TCP connections.
Total number of UDP DNS

queries
The number of DNS queries received through UDP requests.
Total number of invalid

DNS queries
The number of malformed DNS queries received.
Total number of multiple

DNS queries
The number of DNS queries that contain more than one domain name
to be resolved. Currently, only one domain name resolution per
request is supported.
Total number of domain

name parse errors
The number of DNS queries that have short or invalid domain names
to be resolved.
Total number of failed real

server name matches
The number of times the user failed to find a real server that has the
same Layer 7 strings that match the domain name to be resolved.
Total number of DNS

parsing internal errors
The number of out of memory and other unexpected errors the user
receives while processing the DNS query.
212

The Statistics Menu
/stats/slb/wap
WAP SLB Statistics

This command displays all of the RADIUS and WAP related counters.
WAP Maintenance stats:

current sessions:
0
allocation failures:
0
incorrect VIPs:
0
incorrect Vports:
0
no available real server:
0
requests to wrong SP:
0
-----------------------------------------------------------------TPCP External Notification stats:
add session reqs:
0
del session reqs:
0
req fails- SP dead:
0
req fails- SP dead:
0
-----------------------------------------------------------------RADIUS Snooping stats:
acct reqs:
0
acct wrap reqs:
0
acct start reqs:
0
acct update reqs:
0
acct stop reqs:
0
acct bad reqs:
0
acct reqs(FIP):
0
acct reqs(no FIP):
0
add session reqs:
0
del session reqs:
0
req fails- SP dead:
0
req fails- DMA:
0
WAP SLB statistics are described in the following table:
Table 128: WAP SLB Statistics (/stats/slb/wap)
Statistic
Description
WAP Maintenance stats

current sessions
The number of session bindings currently in use.
allocation failures
Number of instances where Alteon ran out of available bindings for a

port.
incorrect VIPs
The number of times Alteon received a Layer 4 request for a virtual

server which was not configured.
incorrect Vports
received frames for TCP/UDP services that have not been
configured. Normally this indicates a mis-configuration on the
virtual server or the client.
no available real server
A dropped frames counter that indicates that all real servers are
either out of service or at their maxcon limit.
requests to wrong SP
The number of session add or delete requests sent to the wrong SP.
TPCP External Notification stats

add session reqs
The number of WAP session add requests via TPCP.
req fails- SP dead
The number of add request failures due to a non-functional target

SP.
RADIUS Snooping stats

acct reqs
The number of RADIUS Accounting frames received.
213

The Statistics Menu
Table 128: WAP SLB Statistics (/stats/slb/wap)
Statistic
Description
acct wrap reqs
The number of wrapped RADIUS Accounting frames received.
acct start reqs
The number of RADIUS Accounting Start frames received.
acct update reqs
The number of RADIUS Accounting Update frames.
acct stop reqs
The number of RADIUS Accounting Stop frames received.
acct bad reqs
The number of bad RADIUS Accounting frames received.
add session reqs
The number of WAP session add requests via RADIUS snooping.
del session reqs
The number of WAP session delete requests via RADIUS snooping.
req fails- SP dead
The number of add or delete request failures due to a nonfunctional target SP.
req fails- DMA
The number of add or delete requests failed due to a DMA write

failure.
/stats/slb/maint
SLB Maintenance Statistics

Maximum sessions:
Current sessions:
4 second average:
64 second average:
Terminated sessions:
Allocation failures:
UDP datagrams:
Non TCP/IP frames:
Incorrect VIPs:
Incorrect Vports:
Packets drops: vip is not up
No available real server:
Backup server activations:
Overflow server activations:
Filtered (denied) frames:
AE (ignored) frames:
Discard frames:
LAND attacks:
No TCP control bits:
Invalid reset packet drops:
Out of State FIN Pkt drops:
cookies regenerated:
Free Cookie pool entries:
Total IP fragment sessions:
Current IP4 fragment sessions
Current IP6 fragment sessions
IP fragment table full:
Current IPF buffer sessions:
Highest IPF buffer sessions:
IPF buffer alloc fails:
IPF SP buffer alloc fails:
SP buffer too low:
214
13999909
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
665600
0
0
0
0
0
0
0
0
0
0
0

The Statistics Menu
SLB Maintenance statistics are described in the following table.
Table 129: Server Load Balancing Maintenance Statistics (/stats/slb/maint)
Statisti
Description
Maximum sessions
The maximum number of simultaneous sessions supported.
Current Sessions
The number of session bindings currently in use (the last four and 64
seconds).
Terminated Sessions
The number of sessions removed from the session table because the
server assigned to them failed, and graceful server failure was not
enabled.
Allocation Failures
The number of instances when Alteon ran out of available sessions for
a port.
TCP Fragments
The number of TCP fragments encountered by Alteon. Layer 4

processing might not handle TCP fragments, depending on the
configuration.
UDP Datagrams
The number of times that the virtual server IP address and MAC are
receiving UDP frames when UDP balancing is not turned on.
Non TCP/IP Frames
The number of non-IP based frames received by the virtual server.
Incorrect VIPs
The number of times Alteon received a Layer 4 request for a virtual

server which was not configured.
Incorrect Vports
received frames for TCP/UDP services that have not been configured.
Normally this indicates a mis-configuration on the virtual server or the
client, but it may indicate a potential security probing application, like
SATAN.
No Available Real Server
A dropped frames counter that indicates that all real servers are either
out of service or at their maxcon limit.
Backup Server Activations
The number of times a real server failure has occurred and caused a
backup server to be brought online.
Overflow Server
Activations
The number of times a real server has reached the maxcon limit and
caused an overflow server to be brought online.
Filtered (Denied) Frames
The number of frames that were dropped because they matched an

active filter with the deny action set.
LAND attacks
This counter increases whenever a packet has the same source and
destination IP addresses and ports.
No TCP Control Bits
The number of packets that were dropped because the packet had no
control bits set in the TCP header.
Invalid reset packet drops
The number of packets that were dropped because the packet had an
invalid reset flag set.
Out of State FIN Pkt drops
The number of out of state FIN packets dropped.
cookies regenerated
The number of times cookies were regenerated on the MP. Regeneration is required when the cookies reach the minimum cookie
threshold available for a given real server on a given SP.
Free Cookie pool entries
The number of empty entries, meaning, that contain no cookies. Use

this statistic primarily for debugging.
Total IP fragment sessions
The number of fragment sessions processed by Alteon.
215

The Statistics Menu
Table 129: Server Load Balancing Maintenance Statistics (/stats/slb/maint)
Statisti
Description
Current IP4 fragment

sessions
The current IPv4 fragment sessions.
IP4 fragment discards
The number of IPv4 fragments discarded.
Current IP6 fragment

sessions
The current number of IPv6 fragment sessions.
IP6 fragment discards
The number of IPv6 fragments discarded.
IP fragment table full
The number of times the IP fragment table is full.
Current IPF buffer sessions The current number of IP fragment buffer sessions.
Highest IPF buffer sessions The number of highest IP fragment buffer sessions.
IPF buffer alloc fails
The number of times the IP fragment buffer allocation failed.
IPF SP buffer alloc fails
The number of times IP fragment SP buffer allocation fails.
SP buffer too low
The number of times the SP buffer is low.
Exceeded 50 OOO packets
The number of times an IP fragment exceeded 50 OOO packets.
IPF invalid lengths
The number of IP fragment invalid lengths.
IPF null Payloads
The number of IP fragment null payloads.
Fragment Overlaps
The number of fragment overlaps.
Duplicate fragments
The number of duplicate fragments.
Free Service pool entries
The number of free service pool entries.
Current IP6 sessions
The current number of IPv6 sessions.
Incorrect IP6 VIPs
The number of incorrect IPv6 VIPs.
Incorrect IP6 Vports
The number of incorrect IPv6 vports.
Unrecognized IP6 next

header
The number of unrecognized IPv6 next headers.
Unsupported IP6 ext

header
The number of unsupported IPv6 ext headers.
No route to forward IP6

packet
The number of times no route to forward IPv6 packet.
IP6 packets drops
The number of IPv6 packets dropped.
/stats/slb/sip
SIP SLB Statistics

SIP Stats:
Total number
Total number
Total number
Total number
Total number
Total number
216
of
of
of
of
of
of
SIP
SIP
SIP
SIP
SIP
SIP
Client Parse Errors

Server Parse Errors
Unknown Method packets
Incomplete Messages
Filter Parse Errors
SDP NAT
:
:
:
:
:
:
0
0
0
0
0
0

The Statistics Menu
SIP SLB statistics are described in the following table:
Table 130: SIP SLB Statistics (/stats/slb/sip)
Statistic
Description
Total number of SIP Client

Parse Errors
The number of errors encountered during client processing when

parsing an incoming SIP packet.
Total number of SIP Server

Parse Errors
The number of errors encountered during server processing when

Total number of SIP Unknown The number of packets received with methods not known to the SIP
Method packets
parser on Alteon.
Total number of SIP
Incomplete Messages
The number of packets received which do not have the complete SIP
message in a single packet.
Total number of SIP Filter

Parse Errors
The number of errors encountered during filter processing when

Total number of packets with

SIP SDP NAT
The number of packets received that have SIP SDP NAT information.
/stats/slb/siprule
SIP Rule Statistics

SIP Rule Stats:
Total number of Packets Bypassed
Total number of Packets Dropped
Total number of Packets Ratelimited
Total number of Packets Allowed
Total number of Packets Inpsected
Total number of monitor errors
Total number of times max rules exceeded
Current sip memory allocations
Total sip memory allocations
Total sip memory frees
:
:
:
:
:
:
:
:
:
:
0
0
0
0
0
0
0
0
0
0
SIP rule statistics are described in the following table:
Table 131: SIP Rule Statistics (/stats/slb/siprule)
Statistic
Description
Total number of Packets

Bypassed
The number of packets for the bypassed SIP UDP rule processing. The
following are the possible reasons for this:
Memory is unavailable
SIP UDP processing errors

Dropped
The number of instances when SIP UDP rule action is Deny.

Ratelimited
The number of rate limited packets.

Allowed
The number of packets allowed by SIP UDP rules processing. The

following are the possible reasons for this:
SIP rules processing is performed, but memory is unavailable
No match
217

The Statistics Menu
Table 131: SIP Rule Statistics (/stats/slb/siprule)
Statistic
Description

Inspected
The number of packets inspected by SIP UDP rules.
Total number of monitor

errors
THe number of errors due to the monitor mode contract.
Total number of times max THe number of instances when a packet matches
rules exceeded
MAX_RULES_PER_SESSION. SIP rule processing stops if there are
more than five matches.
Current sip memory
allocations
Memory allocated by the SIP UDP rules engine.
Total sip memory

allocations
Total SIP memory allocations.
Total sip memory frees
Memory freed by the SIP UDP rules engine.
/stats/slb/wlm <wlm number>
Workload Manager SASP Statistics

Server Load Balancing Statistics# /st/sl/wlm 1
--------------------------------------------------------Workload Manager 1 Statistics:
Registration Requests:
1
Registration Replies:
1
Registration Reply Errors:
0
Deregisteration Requests:
1
Deregisteration Replies:
1
Deregisteration Reply Errors:
0
Set LB State Requests:
Set LB State Replies:
Set LB State Reply Errors:
1
1
0
Set Member State Requests:

Set Member State Replies:
Set Member State Reply Errors:
0
0
0
Send Weights Messages received:

Send Weights Message Parse Errors:
Total Messages with Invalid LB Name:
Total Messages with Invalid Group Name:
Total Messages with Invalid Real Server Name:
Messages with Invalid SASP Header:
Messages with parse errors:
Messages with Unsuppored Message Type:
47
0
0
0
0
0
0
0
/stats/slb/wlm <wlm number>/clear
Clear Workload Manager SASP Statistics

This command clears statistics for the specified Workload Manager.
218

The Statistics Menu
/stats/slb/mirror
Display Workload Manager SASP Statistics

>> Server Load Balancing Statistics# mirror
-------------------------------------------------------Session Mirroring Stats:
Total Create Session Messages

Total Update Session Messages
Total Delete Session Messages
Total Create Data Session Messages
Total Update Data Session Messages
Total Delete Data Session Messages
Total Sessions Created
Total Sessions Updated
Total Sessions Deleted
Total Data Sessions Created
Total Data Sessions Updated
Total Data Sessions Deleted
Session table full
Unvailable pport
Session already present
Session not found
Control session not found
Invalid SP
Rx
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Tx
0
0
0
0
0
0
/stats/bwm
BWM Statistics Menu

[Bandwidth Management Statistics Menu]
port
- Switch Port Contract Stats Menu
cont
- BW Contract stats
rcont
- BW Contract rate stats
hist
- BW History stats
maint
- Show BWM maint statistics
ipusers - Show BWM IP user stats for iplimit contracts
dump
- Dump all BWM statistics
clear
- Clear BWM statistics
Table 132: Bandwidth Management Statistics Menu Options (/stats/bwm)

port <port number>
Displays the Switch Port Contract Statistics menu. To view this menu, see /stats/bwm/
port <port number> BWM Switch Processor Statistics Menu, page 220.
cont <BW Contract number (1-1024)>

Displays Bandwidth Management contract statistics. For sample output, and a
description of these statistics, see /stats/bwm/cont <contract number> BWM Contract
219

The Statistics Menu
Table 132: Bandwidth Management Statistics Menu Options (/stats/bwm)

rcont <BW Contract number (1-1024)>
Displays Bandwidth Management contract rate statistics. For sample output, and a
description of these statistics, see /stats/bwm/rcont BWM Contract Rate Statistics,
page 222.
hist
Displays Bandwidth Management history statistics. For sample output, and a description
of these statistics, see /stats/bwm/hist BWM History Statistics, page 224.
maint
Displays Bandwidth Management maintenance statistics. For sample output, and a
description of these statistics, see /stats/bwm/maint BWM Maintenance Statistics,
page 225.
ipusers
Displays Bandwidth Management IP user statistics for iplimit contracts. Each IP address
is limited to the user limit configured in /cfg/bwm/cont <contract number> Bandwidth
Management Contract Configuration, page 309, and as shown in /stats/bwm/cont
<contract number> BWM Contract Statistics, page 222.
For sample output, and a description of these statistics, see /stats/bwm/ipusers BWM IP
Users Statistics, page 226.
dump
Displays all Bandwidth Management statistics.
clear
Clears all Bandwidth Management statistics.
/stats/bwm/port <port number>
BWM Switch Processor Statistics Menu

[Bandwidth Management Port Statistics Menu]
cont
- BW Contract stats
rcont
- BW Contract rate stats
Table 133: Management Port Statistics Menu Options (/stats/bwm/sp)

cont <BW Contract number (1-1024)>
Displays Bandwidth Management contract statistics. For sample output, and a
description of these statistics, see /stats/bwm/port <port number> /cont BWM
Switch Processor Contract Statistics, page 221.
rcont <BW Contract number (1-1024)>

Displays Bandwidth Management contract rate statistics. For sample output, and a
description of these statistics, see /stats/bwm/port <port number> /rcont BWM
Switch Processor Rate Contract Statistics, page 221.
220

The Statistics Menu
/stats/bwm/port <port number> /cont
BWM Switch Processor Contract Statistics

>> Bandwidth Management Port Statistics# cont
----------------------------------------------------------BW Contract statistics
Contract Name
Octets Discards Total Pkts BufUsed BufMax
-------- ------- ------- ---------- ---------- ------- --1024
Default
0
0
0
0
16320
/stats/bwm/port <port number> /rcont
BWM Switch Processor Rate Contract Statistics

This display repeats its output when the printed lines are less than the configured CLI lines per
screen. If the CLI lines are configured at zero per screen, the display continues to repeat its output
until you type a key on the console or Telnet session.
You can configure the number of CLI lines per screen using the global (hidden) command: lines
<number of lines>. For example:
>> AAS - Bandwidth Management Statistics# lines

Current lines-per-screen: 24
>> AAS - Bandwidth Management Statistics# lines ?
lines
sets lines-per-screen 0-300, zero for infinite
BW Contract statistics
Cont
---5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
Rate
Buf
Name
(Kbps)
Octets
Discards TotalPkts Used BufMax
-------------------- -------- ---------- ---------- --------- ------ ----0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
221

The Statistics Menu
/stats/bwm/cont <contract number>
BWM Contract Statistics

Cont Name
Octets
Discards
Total Pkts BufUsed BufMax Reject
---- ------------------- --------- ---------- -------------- ------ -----1022 Reserved
0
0
0
0 261120
0
1023 Reserved
0
0
0
0 261120
0
1024 Default
48291516
0
309561
0 261120
0
The following description of statistics applies on a specific port for all enabled contracts. This
displays enabled contracts only.
Table 134: Bandwidth Management Contract Statistics (/stats/bwm/cont)
Statistic
Description
Contract
The contract number.
Name
The contract name.
Octets
The number of octets that are being transmitted through a particular contract
since Alteon was booted.
Discards
The number of octets that are being discarded because of more traffic than the
bandwidth contract limit permits.
Total Pkts
The number of packets classified for that contract.
BufUsed
The current amount of buffer space used to store the packets that is waiting to be
transmitted.
BufMax
Maximum buffer space used to store the packets before they can be transmitted.
Alteon starts dropping the packets of a particular contract after the maximum
buffer space allocated for that contract is being occupied.
/stats/bwm/rcont
BWM Contract Rate Statistics

This command displays the rate statistics of all the enabled contracts.
This display repeats its output when the printed lines are less than the configured CLI lines per
screen. If the CLI lines are configured at zero per screen, the display continues to repeat its output
until you type a key on the console or Telnet session.
You can configure the number of CLI lines per screen using the global (hidden) command: lines
<number of lines>. For example:
>> AAS - Bandwidth Management Statistics# lines

Current lines-per-screen: 24
>> AAS - Bandwidth Management Statistics# lines ?
lines
sets lines-per-screen 0-300, zero for infinite
222

The Statistics Menu
Cont
---5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
Rate
Buf
Name
(Kbps)
Octets
Discards TotalPkts Used BufMax
-------------------- -------- ---------- ---------- --------- ------ ----0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
Bandwidth Management contract rate statistics are described in the following table:
Table 135: Bandwidth Management Contract Rate Statistics (/stats/bwm/rcont)
Statistic
Description
Contract
The contract number.
Name
The contract name.
Rate (in Kbps)
Rate at which the packets are going out of Alteon on a particular contract.
Octets
The number of octets that are being transmitted through a particular contract
since Alteon was booted.
Discards
The number of octets that are being discarded because of more traffic than the
bandwidth contract limits.
BufUsed
The current amount of buffer space used to store the packets that is waiting to be
transmitted.
BufMax
Maximum buffer space used to store the packets before they can be transmitted.
Alteon starts dropping the packets of a particular contract after the maximum
buffer space allocated for that contract is being occupied.
223

The Statistics Menu
/stats/bwm/hist
BWM History Statistics

You can dump the statistics kept in the SMTP history buffer, which includes e-mail entries. The
sampling is done at one-minute intervals.
This dump is only for the contracts that are enabled and that have the history command turned on,
and when the e-mail option is enabled.
BW History statistics
Switch IP!Cont
alPkts
TimeStamp
Name
Octets
Discards
YyyyMmDd:Hr:Mi/GMT
--------------- ---- -------------------------------- ---------- --------------- --------------------192.168.214.33
5
0
0
0 20110223:10:11/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:11/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:11/ +0:00
192.168.214.33 1024
Default
936
0
6 20110223:10:11/ +0:00
192.168.214.33
5
0
0
0 20110223:10:12/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:12/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:12/ +0:00
192.168.214.33 1024
Default
1872
0
12 20110223:10:12/ +0:00
192.168.214.33
5
0
0
0 20110223:10:13/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:13/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:13/ +0:00
192.168.214.33 1024
Default
2808
0
18 20110223:10:13/ +0:00
192.168.214.33
5
0
0
0 20110223:10:14/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:14/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:14/ +0:00
192.168.214.33 1024
Default
3744
0
24 20110223:10:14/ +0:00
192.168.214.33
5
0
0
0 20110223:10:15/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:15/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:15/ +0:00
224

The Statistics Menu
Bandwidth Management history statistics are described in the following table:
Table 136: Bandwidth Management History Statistics (/stats/bwm/hist)
Statistic
Description
Contract
The contract number for which history is enabled.
Octets
The number of octets sent out on a particular contract.
Discards
The number of octets discarded because of more traffic than the bandwidth
contract limit permits.
TimeStamp
The time the packets were received or discarded.
/stats/bwm/maint
BWM Maintenance Statistics

BWM Maint statistics
-----------------------------------------------------------------Maint Stats for rate limiting contracts
Discard pkts 0
Discard octets 0
Out pkts 309639
Out octets 48303684
Transmit failed 0
User Limit entry allocation failures 0
-----------------------------------------------------------------Maint Stats for traffic shaping contracts
QFull Discard pkts 0
QFull Discard octets 0
Out of buffers pkts 0
Out of buffers pkts 0
Transmit failed 0
TDT set when qfull 0
TDT set between soft and hard 0
TDT set at soft 0
-----------------------------------------------------------------Maint Stats for User Statistics
Total User Statistics updates from SP 0
Total number of user statistics send messages 1
Total number of times user statistics are send 0
Total number of packets sent 0
-----------------------------------------------------------------Maint Stats for Egress bandwidth
Total Egress packets 0
Discard pkts 0
Discard Octets 0
225

The Statistics Menu
/stats/bwm/ipusers
BWM IP Users Statistics

This displays the number of BWM IP user entries for each BWM contract for each SP.
BWM IP users statistics

Contract
SP1
SP2
SP3
SP4
Total
------ ------ ------ ------ ------- -------10
0
10
0
0
10
11
0
10
0
0
10
------ ----- ------ ------- -------0
20
0
0
20
/stats/security
Security Statistics
This sub-menu appears only in the vADC Administrator environment in ADC-VX mode.
[Security Statistics Menu]

ipacl
- IP ACL Statistics Menu
udpblast - UDP Blast Protection Statistics Menu
dos
- Protocol Anomaly and DoS Attack Prevention Statistics Menu
pgroup
- Show pattern match group statistics
ratelim - Show rate limiting statistics
dump
- Dump all security statistics
Table 137: Security Statistics Menu Options (/stats/security

dos
Displays the DOS Attack Statistics menu. To view this menu, see /stats/security/dos
DOS Attack Statistics Menu, page 227.
ipacl
Displays the IP Address Access Control List Statistics menu. To view this menu, see /
stats/security/ipacl IP Access Control List Statistics Menu, page 229.
udpblast
Displays the UDP Blast Statistics menu. To view this menu, see /stats/security/
udpblast UDP Blast Statistics Menu, page 230.
pgroup
Displays the pattern match group statistics. For sample output, and a description of
these statistics, see /stats/security/pgroup UDP Pattern Match Statistics, page 231.
ratelim
Displays the rate limiting statistics. For sample output, and a description of these
statistics, see /stats/security/ratelim Rate Limiting Statistics, page 231.
dump
Displays all security statistics.
226

The Statistics Menu
/stats/security/dos
DOS Attack Statistics Menu

[Protocol Anomaly and DoS Attack Prevention Statistics Menu]
port
- Show port protocol anomaly and DoS attack prevention statistics
dump
- Dump all protocol anomaly and DoS attack prevention statistics
clear
- Clear all protocol anomaly and DoS attack prevention statistics
help
- Protocol anomaly and DoS attack prevention description
Table 138: DOS Attacks Statistics Menu Options (/stats/security/dos)

port <port number>
The number of times the packets were dropped for each of the following types of DOS
attacks, on the selected port only:
iplen, ipversion, broadcast, loopback, land, ipreserved, ipttl, ipprot, ipoptlen,
fragmoredont, fragdata, fragboundary, fraglast, fragdontoff, fragopt, fragoff,
fragoversize, tcplen, tcpportzero, blat, tcpreserved, nullscan, fullxmasscan, finscan,
vecnascan, xmasscan, synfinscan, flagabnormal, syndata, synfrag, ftpport, dnsport,
seqzero, ackzero, tcpoptlen, udplen, udpportzero, fraggle, pepsi, rc8, snmpnull,
icmplen, smurf, icmpdata, icmpoff, icmptype, igmplen, igmpfrag, igmptype, arplen,
arpnbcast, arpnucast, arpspoof, garp, ip6len, ip6version.
Alteon can protect ports against a variety of Denial of Service (DOS) attacks, including
Port Smurf, LandAttack, Fraggle, Nullscan, Xmascan, PortZero, and ScanSynFin. You
should enable DOS protection on ports connected to any network that could be the
source of an attack.
For a detailed description of DOS attacks, refer to the Alteon Application Switch
dump
Displays the number of times the packets were dropped on Alteon, for each of the DOS
attacks as listed in the port command.
clear
Deletes all DOS attack statistics.
help
Displays a description of each type of DOS attack by name and how it works. For sample
output, see Figure 12 - vADC Administrator or Standalone Statistics Menu, page 228.
227

The Statistics Menu
/stats/security/dos/help
DoS Help
/security/dos/help
iplen
: IPv4 packets with bad IP header or payload length.
ipversion
: IPv4 packets with IP version not 4.
broadcast
: IPv4 packets with broadcast source or destination IP
[0.0.0.0,255.255.255.255].
loopback
: IPv4 packets with loopback source or destination IP [127.0.0.0/
8].
land
: IPv4 packets with same source and destination IP.
ipreserved : IPv4 packets with IP reserved bit is set.
ipttl
: IPv4 packets with small IP TTL.
ipprot
: IPv4 packets with IP protocol greater than highest allowable IP pr
otocol.
ipoptlen
: IPv4 packets with bad IP options length.
fragmoredont: IPv4 packets with more fragments and don't fragment bits are set.
fragdata
: IPv4 packets with more fragments bit is set and small payload.
fragboundary: IPv4 packets with more fragments bit is set and payload not at 8byte boundary.
fraglast
: IPv4 packets last fragment without payload.
fragdontoff : IPv4 packets with non-zero fragment offset and don't fragment
bits are set.
fragopt
: IPv4 packets with non-zero fragment offset and IP options.
fragoff
: IPv4 packets with small non-zero fragment offset.
fragoversize: IPv4 packets with non-zero fragment offset and oversize payload.
tcplen
: TCP packets with bad TCP header length.
tcpportzero : TCP packets with source or destination port is zero.
blat
: TCP packets with SIP!=DIP and SPORT=DPORT.
tcpreserved : TCP packets with TCP reserved bit is set.
nullscan
: TCP packets with all control bits are zero.
fullxmasscan: TCP packets with all control bits are set.
finscan
: TCP packets with only FIN bit is set.
vecnascan : TCP packets with only URG or PUSH or URG|FIN or
PSH|FIN or URG|PSH bits are set.
xmasscan
: TCP packets with FIN, URG and PSH bits are set.
synfinscan : TCP packets with SYN and FIN bits are set.
flagabnormal: TCP packets with abnormal control bits combination.
syndata
: TCP packets with SYN bit is set and with payload.
synfrag
: TCP packets with SYN bit is set and more fragments bit is set.
ftpport
: TCP packets with SPORT=20, DPORT<1024 and SYN bit is set.
dnsport
: TCP packets with SPORT=53, DPORT<1024 and SYN bit is set.
seqzero
: TCP packets with sequence number is zero.
ackzero
: TCP packets with acknowledgement number is zero and ACK bit is
set.
228

The Statistics Menu
(continued)
tcpoptlen
: TCP packets with bad TCP options length.
udplen
: UDP packets with bad UDP header length.
udpportzero : UDP packets with source or destination port is zero.
fraggle
: UDP packets to broadcast destination IP (x.x.x.255).
pepsi
: UDP packets with SPORT=19, DPORT=7 or SPORT=7, DPORT=19.
rc8
: UDP packets with SPORT=7 and DPORT=7.
snmpnull
: UDP packets with DPORT=161 and without payload.
icmplen
: ICMP packets with bad ICMP header length.
smurf
: ICMP ping requests to a broadcast destination IP (x.x.x.255).
icmpdata
: ICMP packets with zero fragment offset and large payload.
icmpoff
: ICMP packets with large fragment offset.
icmptype
: ICMP packets with type is unassigned or reserved.
igmplen
: IGMP packets with bad IGMP header length.
igmpfrag
: IGMP packets with more fragments bit is set or non-zero fragment
offset.
igmptype
: IGMP packets with type is unassigned or reserved.
arplen
: ARP request or reply packets with bad length.
arpnbcast
: ARP request packets with non broadcast destination MAC.
arpnucast
: ARP reply packets with non unicast destination MAC.
arpspoof : ARP request or reply packets with mismatch source with sender MACs
or destination with target MACs.
garp
: ARP request or reply packets with same source and destination IP.
ip6len
: IPv6 packets with bad header length.
ip6version : IPv6 packets with IP version not 6.
/stats/security/ipacl
IP Access Control List Statistics Menu

[IP ACL Statistics Menu]
dump
- IP address access control Stats
clear
- Clear all access control Stats
Table 139: IPACL Security Statistics Menu Options (/stats/security/ipacl)

dump
Displays the accumulated blocked packets for each source or destination IP address and
mask pair in the access control list. For sample output, and a description of these
statistics, see /stats/security/ipacl/dump IP Access Control List Statistics Dump,
page 230.
clear
Deletes all the statistics of accumulated blocked packets.
229

The Statistics Menu
/stats/security/ipacl/dump
IP Access Control List Statistics Dump

IP ACL stats:
Source IP ACL hits: 0
Source IP Addr Mask
Type
--------------------------- ----Destination IP ACL hits: 0
Dest IP Addr
Mask
Type
--------------- --------------- ----No destination IP ACLs created
/stats/security/udpblast
UDP Blast Statistics Menu

[UDP Blast Statistics Menu]
dump
- UDP Blast Stats
clear
- Clear all UDP Blast Stats
Table 140: UDP Blast Statistics Menu Options (/stats/security/udpblast)

dump
Displays all the accumulated blocked packets for each port, and the current packet
rate per second. For sample output, and a description of these statistics, see, /stats/
security/udpblast/dump UDP Blast Dump Statistics, page 230.
clear
Deletes all the accumulated blocked packets.
/stats/security/udpblast/dump
UDP Blast Dump Statistics

UDP blast protection stats:
UDP Port
Blocked Packets
-------------------------
Current Packet Rate/Second

--------------------------
UDP blast dump statistics are described in the following table:
Table 141: UDP Blast Dump Statistics (/stats/security/udpblast/dump)
Statistic
Description
UDP Port
UDP ports that experienced UDP blast attacks.
Blocked Packets
The number of blocked packets.
Current Packet Rate/ The current rate of packet to the UDP port.
Second
230

The Statistics Menu
/stats/security/pgroup
UDP Pattern Match Statistics

This displays how many times each configured pattern group has been matched and a subsequent
filtering action performed. Pattern groups are configured in the /cfg/security/pgroup <pattern group
number> Pattern Matching Menu, page 389.
Pattern Match Group stats:

ID Name
1
Hits
0
/stats/security/ratelim
Rate Limiting Statistics

Rate limiting stats:
TCP:
Total hold downs triggered:
Current per-client state entries:
0
0
UDP:
0
0
ICMP:
0
0
Role limiting statistics are described in the following table:
Table 142: Rate Limiting Statistics (/stats/security/ratelim)
Statistic
Description
Total holds down

triggered
The total number of packets dropped after the holddown period expired.
Current per-client state The total number of per-client state entries for TCP/UDP/ICMP rate
entries
limiting.
231

The Statistics Menu
/stats/security/dump
Dump Statistics for Security

IP ACL stats:
Source IP ACL hits: 0
Source IP Addr Mask
Type
--------------- --------------- ----No source IP ACL's created
Destination IP ACL hits: 0
Dest IP Addr
Mask
Type
--------------- --------------- ----No destination IP ACL's created
-----------------------------------------------------------------UDP blast protection stats:
UDP Port
Blocked Packets
Current Packet Rate/Second
-------------------------------------------------Protocol anomaly and DoS attack prevention is disabled for all ports.
-----------------------------------------------------------------Pattern Match Group stats:
ID Name
Hits
-----------------------------------------------------------------Rate limiting stats:
TCP:
0
0
UDP:
0
0
ICMP:
0
0
/stats/mp
Management Processor Statistics

[MP-specific Statistics Menu]
pkt
- Show Packet and TCP stats
tcb
- Show All TCP control blocks in use
ucb
- Show All UDP control blocks in use
sfd
- Show All Socket FD in use
cpu
mem
- Show memory stats
232

The Statistics Menu
Table 143: Management Processor Statistics Menu Options (/stats/mp)

pkt
Displays packet statistics to check for leads and load. For sample output, and a
description of these statistics, see, /stats/mp/pkt MP Packet Statistics, page 233.
tcb
Displays all TCP control blocks that are in use. For sample output, and a description of
these statistics, see, /stats/mp/tcb TCP Statistics, page 234.
ucb
Displays all UDP control blocks that are in use. For sample output, and a description of
these statistics, see, /stats/mp/ucb UCB Statistics, page 235.
sfd
Displays all socket file descriptors that are in use. For sample output, and a description
of these statistics, see, /stats/mp/sfd MP-SpecificSFD Statistics, page 235.
cpu
Displays CPU utilization for periods of up to 1, 4, and 64 seconds. For sample output,
and a description of these statistics, see, /stats/mp/cpu CPU Statistics, page 236.
mem
Displays memory statistics.
/stats/mp/pkt
MP Packet Statistics
Packet counts:
allocs:
mediums:
smalls:
alloc fails:
TCP counts:
allocs:
current:
alloc fails:
TCP6 counts:
allocs:
2674683
0
0
0
frees:
mediums hi-watermark:
smalls hi-watermark:
packet discards:
2674683
2
3
0
21191
0
0
frees:
current hi-watermark:
alloc discards:
21191
1
0
frees:
Packet statistics are described in the following table:
Table 144: Packet Statistics (/stats/mp/pkt)
Statistic
Description
Packet counts
allocs
Number of packet allocations from the packet buffer pool by the TCP/IP
protocol stack.
frees
Number of times the packet buffers are freed (released) to the packet
buffer pool by the TCP/IP protocol stack.
mediums
Number of packet allocations with a size between 128 to 1536 bytes from
the packet buffer pool by the TCP/IP protocol stack.
233

The Statistics Menu
Table 144: Packet Statistics (/stats/mp/pkt)
Statistic
Description
jumbos
Number of packet allocations with a size between 1536 bytes to 9K bytes

from the packet buffer pool by the TCP/IP protocol stack.
smalls
Number of packet allocations with a size less than 128 bytes from the
packet buffer pool by the TCP/IP protocol stack.
alloc fails
Number of packet allocation failures from the packet buffer pool by the
TCP/IP protocol stack.
frees
Number of packets freed from the packet buffer pool by the TCP/IP
protocol stack.
mediums hi-watermark
The highest number of packet allocations with a size between 128 to 1536
bytes from the packet buffer pool by the TCP/IP protocol stack.
jumbos hi-watermark
The highest number of packet allocations with a size between 1536 bytes
to 9K bytes from the packet buffer pool by the TCP/IP protocol stack.
smalls hi-watermark
The highest number of packet allocations with a size less than 128 bytes
from the packet buffer pool by the TCP/IP protocol stack.
packet discards
The number of packets that are discarded by the MP. The packets are
discarded because buffer resources are not available, or the buffer
threshold is reached and the low priority packets are discarded.
TCP counts
allocs
The number of TCP packet allocations from MP memory by the TCP/IP

protocol stack.
current
The number of TCP packet allocations from MP memory by the TCP/IP

protocol stack.
alloc fails
The number of TCP packet allocation failures from MP memory by the TCP/
IP protocol stack.
frees
The number of times the TCP packet buffers are freed (released) to MP
memory by the TCP/IP protocol stack.
current hi-watermark
The highest number of TCP packet allocation from MP memory by the TCP/
IP protocol stack.
alloc discards
The number of TCP packets that are discarded by the MP. The packets are
discarded because MP memory resources are not available.
/stats/mp/tcb
TCP Statistics
All TCP allocated control blocks:
13f8dbb0: 0.0.0.0
0 <=> 10.203.114.152
13f8da80: 0.0.0.0
0 <=> 0.0.0.0
13f8c6b0: 10.205.102.173
3227 <=> 10.203.114.152
0a4ea4c0: 10.203.114.152
0 <=> 0.0.0.0
13f8cbc0: 0.0.0.0
0 <=> 0.0.0.0
234
443
443
23
23
23
listen
listen
established
listen
listen

The Statistics Menu
The TCP statistics in the sample display are described in the following table:
Table 145: MP Specified TCP Statistics (/stats/mp/tcb)
Column
Description
Memory
In the sample display: 13f8dbb0, 13f8da80, and so on
Destination IP address
In the sample display: 0.0.0.0, 0.0.0.0, 10.205.102.173, and so on
Destination port
In the sample display: 0, 0, 3227, and so on
Source IP
In the sample display: 10.203.114.152, and so on
Source port
In the sample display: 443, 443, 23, and so on
State
In the sample display: listen, listen, established, and so on
/stats/mp/ucb
UCB Statistics
All UDP allocated control blocks:
161: listen
1985: listen
3122: listen
The UCB statistics in the sample display are described in the following table:
Table 146: UCB Statistics on MP (/stats/mp/ucb)
Column
Description
UDP port number

In the sample display: 161, 1985, 3122
State
In the sample display: listen, listen, listen
/stats/mp/sfd
MP-SpecificSFD Statistics
All Socket FD allocated:
0 -1 17 0a4ea4c0: 0.0.0.0
server
1 -1 35 00000000: 10.203.1.1
client
2 -1 22 13f8dbb0: 0.0.0.0
server
3 0 36 13f8c6b0: 10.205.102.173
server
0 <=> 10.203.114.152
23
0 <=> 10.203.114.152
accept
ICMP
0 <=> 10.203.114.152
443
listen
TCP
23
accept
TCP
39692 <=> 10.203.114.152
listen
TCP
235

The Statistics Menu
/stats/mp/cpu
CPU Statistics
CPU utilization:
cpuUtil1Second:
cpuUtil4Seconds:
cpuUtil64Seconds:
100%
100%
100%
The CPU statistics are described in the following table:
Table 147: CPU Statistics (stats/mp/cpu)
Statistic
Description
cpuUtil1Second
The percentage of CPU utilization as measured over the last onesecond interval.
cpuUtil4Seconds
The percentage of CPU utilization as measured over the last foursecond interval.
cpuUtil64Seconds
The percentage of CPU utilization as measured over the last 64second interval.
/stats/sp <SP Number>
SP-specific Statistics
[SP-specific Statistics Menu]
maint
clear
- Clear maintenance stats
cpu
mem
- Show memory stats
Table 148: SP Specific Statistics (/stats/sp)

maint
Displays internal statistics, Layer 2 FDB maintenance statistics, and MP DOS shield
statistics. For sample output, and a description of these statistics, see, /stats/sp <SP
number> /maint SP-specific Maintenance Statistics, page 237.
clear
Deletes all the maintenance statistics.
cpu
Displays what percentage of the CPU has been utilized. For sample output, and a
description of these statistics, see, /stats/mp/cpu CPU Statistics, page 236.
mem
Displays the memory utilization statistics: the current memory size, the high water
mark and the allowed maximum.
236

The Statistics Menu
/stats/sp <SP number> /maint
SP-specific Maintenance Statistics

Maintenance statistics for SP 1:
Receive Letter success from MP:
558694
Receive Letter success from SP 2:
0
Receive Letter success from SP 3:
0
Receive Letter errors from MP:
0
Receive Letter errors from SP 2:
0
Receive Letter errors from SP 3:
0
Send Letter success to MP:
309698
Send Letter success to SP 2:
0
Send Letter success to SP 3:
0
Send Letter failures to MP:
0
Send Letter failures to SP 2:
0
Send Letter failures to SP 3:
0
learnErrNoddw:
0
resolveErrNoddw:
ageMPNoddw:
0
deleteMiss:
pfdbFreeEmpty:
0
arpDiscards:
0
icmpDiscards:
tcpDiscards:
0
udpDiscards:
Sp - Application Services Engine Statistics
----------------------------------------------------Client frames sent : Success:
0
Client frames sent : Failed:
0
Server frames sent : Success:
0
Server frames sent : Failed:
0
Packets received:
4
Packets dropped:
4
Invalid frames received:
0
Invalid Session index:
0
Memory allocation failures:
0
Letter sent to sp success:
0
Letter sent to sp failed:
0
Packet buffers allocated:
4
Packet buffers freed:
4
Packet allocation failures:
0
sameWire:
0
flood:
learn_SA:
0
match_SA:
match_DA:
0
move_SA:
resolve_DA_req:
0
resolve_DA_resp:
aged_entries:
0
old_entries:
age_zero:
0
deleted_entries:
delete mismatches:
0
VRRP MAC delete attempts:
0
age mismatches:
0
fill mismatches:
0
0
0
0
0
0
0
0
0
0
0
237

The Statistics Menu
/stats/sp/cpu
CPU Statistics
CPU utilization for SP 1:
cpuUtil1Second:
cpuUtil4Seconds:
cpuUtil64Seconds:
6%
6%
6%
The CPU utilization statistics on the SP are described in the following table:
Table 149: CPU Statistics (stats/sp/cpu)
Statistic
Description
cpuUtil1Second
The percentage of CPU utilization as measured over the last one-second

interval.
cpuUtil4Seconds
The percentage of CPU utilization as measured over the last four-second

interval.
cpuUtil64Seconds
The percentage of CPU utilization as measured over the last 64-second

interval.
/stats/pmirr
Port Mirroring Statistics Menu

[Port Mirroring Statistics Menu]
dump
- Port Mirroring Stats
clear
- Clear all Port Mirroring Stats
Table 150: Port Mirroring

dump
Displays the port number, and the statistics of the traffic on the ingress and egress
ports.
clear
Deletes all the port mirroring statistics.
Caution: Use this command carefully as it deletes all statistics permanently.
/stats/dump
Dump Statistics
Use the dump command to dump all Alteon statistics available from the Statistics menu. It can be as
large 40K or more, depending on your configuration. Use this data to tune or debug performance.
If you want to capture dump data to a file, set your communication software on your workstation to
capture session data prior to issuing the dump commands.
238
Chapter 6 The Configuration Menu

Using the sub-menus and commands under the Configuration menu, you can make, view, and save
configuration changes. This chapter includes the menus, sub-menus, and commands used for Alteon
configuration.
Because it constitutes a very large part of the configuration sub-menus, the menu options under the
Server Load Balancing menu (/cfg/slb) are located in the chapter The SLB Configuration Menu,
page 395.
/cfg
Configuration Menu
The following is an example of the Configuration menu and an explanation of the Configuration
menu options.
Figure 13: vADC Global Administrator Configuration Menu

[Configuration
sys
port
vadc
dashboard
l2
dump
ptcfg
gtcfg
Menu]
- System-wide Parameter Menu
- Port Menu
- vADC Management Menu
- Dashboard Menu
- Layer 2 Menu
- Dump current configuration to script file
- Backup current configuration to FTP/TFTP server
- Restore current configuration from FTP/TFTP server
Figure 14: vADC Administrator or Standalone Configuration Menu

[Configuration Menu]
sys
- System-wide Parameter Menu
pmirr
- Port Mirroring Menu
bwm
- Bandwidth Management Menu
l2
- Layer 2 Menu
l3
- Layer 3 Menu
slb
- Server Load Balancing (Layer 4-7) Menu
security - Security Menu
dump
- Dump current configuration to script file
ptcfg
- Backup current configuration to FTP/TFTP server
gtcfg
- Restore current configuration from FTP/TFTP server
Table 151: Configuration Menu Options (/cfg)

sys
Displays the System menu. To view this menu, see /cfg/sys System Configuration,
page 243.
239

The Configuration Menu

port <port number>
Displays the Port menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/port <port number> Port
Configuration Menu, page 287.
vadc
Displays the vADC menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/vadc vADC Configuration
Menu, page 290.
dashboard
Displays the Dashboard menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/dashboard Dashboard Menu,
page 305.
pmirr
Displays the Port Mirroring menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/sys System Configuration,
page 243.
bwm
Displays the Bandwidth Management menu. This menu only appears on the Global vADC
menu in ADC-VX mode. To view this menu, see /cfg/bwm Bandwidth Management
Configuration, page 307.
l2
Displays the Layer 2 menu. To view this menu, see /cfg/l2 Layer 2 Configuration Menu,
page 315.
l3
Displays the Layer 3 menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/l3 Layer 3 Configuration
Menu, page 331.
slb
Displays the Server Load Balancing menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see The SLB
security
Displays the Security menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/security Security
dump
Dumps the current configuration to a script file. For details, see /cfg/dump Dump,
page 390.
240


ptcfg <v4 or v6 ip address|hostname [-v4|-v6]> <filename> <-tftp|username
password> [-mgmt|-data] [-scp]>
Backs up the current configuration to the file server. For details, see /cfg/ptcfg Saving
the Active Switch Configuration, page 390.
gtcfg <v4 or v6 ip address|hostname [-v4|-v6]> <filename> <-tftp|username

password> [-mgmt|-data] [-scp]
Restores the current configuration from the file server. For details, see /cfg/gtcfg
Restoring the Active Switch Configuration, page 392.
Viewing, Applying, and Saving Changes

As you use the configuration menus to set parameters, the changes you make do not take effect
immediately. All changes are considered pending until you explicitly apply them. Also, any changes
are lost the next time Alteon boots unless the changes are explicitly saved.
While configuration changes are in the pending state, you can do the following:
Viewing Pending Changes, page 241
Applying Pending Changes, page 241
Saving the Configuration, page 242
Viewing Pending Changes

You can view all pending configuration changes by entering diff at the menu prompt.
Note: The diff command is a global command, which means you can enter it at any prompt in the
CLI hierarchy.
Applying Pending Changes

To make your configuration changes active, you must apply them. To apply configuration changes,
enter apply at any prompt in the CLI.
Notes
The apply command is a global command, which means you can enter it at any prompt in the
CLI hierarchy.
All configuration changes take effect immediately when applied, except for starting the Spanning
Tree Protocol (STP). To turn STP on or off, you must apply the changes, and save them (see
Saving the Configuration, page 242).
241

Saving the Configuration

In addition to applying the configuration changes, you can save them to flash memory.
Note: If you do not save the changes, they will be lost the next time the system reboots
To save a configuration change
>> # save
When you save configuration changes, the changes are saved to the active configuration block. The
configuration being replaced by the save is first copied to the backup configuration block. If you do
not want the previous configuration block copied to the backup configuration block, enter the
following command:
>> # save n
You can decide which configuration you want to run the next time you reset Alteon. Your options
include:
Active configuration block
Backup configuration block
Factory default configuration
You can view all pending configuration changes that have been applied but not saved to flash
memory using the diff flash command. It is a global command that can be executed from any
prompt in the CLI hierarchy.
To select the configuration to run at the next system reset, see /boot/conf Selecting a Configuration
Block, page 624.
242

/cfg/sys
System Configuration
This menu includes parameters such as user and administrator privilege mode passwords, Webbased management settings, and management of the access list.
Figure 15: Global Administrator System Menu

[System Menu]
syslog
mmgmt
sync
radius
tacacs
ntp
ssnmp
limitcu
health
access
date
time
timezone
idle
notice
bannr
smtp
hprompt
bootp
cur
Syslog Menu
Management Port Menu
Global admin configuration Sync Menu
RADIUS Authentication Menu
TACACS+ Authentication Menu
NTP Server Menu
System SNMP Menu
Enable/disable limit resources of vADCs to the max assigned CUs
System Health Check Menu
System Access Menu
Set system date
Set system time
Set system timezone (daylight savings)
Set timeout for idle CLI sessions
Set login notice
Set login banner
Set SMTP host
Enable/disable display hostname (sysName) in CLI prompt
Enable/disable use of BOOTP
Display current system-wide parameters
Figure 16: vADC Administrator or Standalone System Menu

[System Menu]
syslog
mmgmt
radius
tacacs
ssnmp
health
access
alerts
report
idle
notice
bannr
smtp
hprompt
bootp
cur
Syslog Menu
Management Port Menu
RADIUS Authentication Menu
TACACS+ Authentication Menu
System SNMP Menu
System Health Check Menu
System Access Menu
Alerts Threshold Menu
Central Management Reporting Menu
Set timeout for idle CLI sessions
Set login notice
Set login banner
Set SMTP host
Enable/disable display hostname (sysName) in CLI prompt
Enable/disable use of BOOTP
Display current system-wide parameters
243

Table 152: System Configuration Menu Options (/cfg/sys)

syslog
Displays the Syslog menu. To view this menu, see /cfg/sys/syslog System Host Log
mmgmt
Displays the Management Port menu. To view this menu, see /cfg/sys/mmgmt
Management Port Configuration Menu, page 247.
sync
Displays the Global Administrator Sync menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /cfg/sys/sync Global
Administrator Sync Menu, page 252.
radius
Displays the RADIUS Server menu. To view this menu, see /cfg/sys/radius RADIUS
Server Configuration, page 254.
tacacs
Displays TACACS+ Server menu. To view this menu, see /cfg/sys/tacacs TACACS+
Server Configuration Menu, page 255.
ntp
Displays the Network Time Protocol (NTP) Server menu. This menu only appears in the
Global Administrator environment in ADC-VX mode. To view this menu, see /cfg/sys/ntp
NTP Server Configuration, page 257.
ssnmp
Displays the System SNMP menu. To view this menu, see /cfg/sys/ssnmp System SNMP
limitcu
Enables or disables limiting resources of vADCs to the maximum number of assigned
CUs. This option only appears in the Global Administrator environment in ADC-VX mode.
health
Displays System Health Check menu. To view this menu, see /cfg/sys/health System
Health Check Configuration Menu, page 270.
access
Displays System Access menu. To view this menu, see /cfg/sys/access System Access
Control Configuration, page 271.
alerts
Displays System Alerts menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/sys/alerts Configure the
System Alerts, page 284.
report
Displays the Reporting menu. To view this menu, see /cfg/sys/report Configuring Device
Performance Monitoring (DPM) Reporting Parameters, page 285.
date
Configures the system date. This command only appears in the Global Administrator
environment in ADC-VX mode.
244

Table 152: System Configuration Menu Options (/cfg/sys)

time
Configures the system time using a 24-hour clock format. This command only appears in
the Global Administrator environment in ADC-VX mode.
timezone
Configures the system time zone. This command only appears in the Global
Administrator environment in ADC-VX mode. To view sample output, see /cfg/sys/
timezone Configure the Timezone, page 286.
idle <idle timeout in minutes; affects both console and Telnet>

Sets the idle timeout for CLI sessions.
Values: 110080 minutes
Default: 5 minutes
notice <max 1024 char multi-line login notice
'-' to end>
Displays the login notice immediately before the Enter password: prompt. This notice
can contain up to 1024 characters and new lines.
bannr
<string, maximum 80 characters>

Configures a login banner of up to 80 characters. When a user or administrator logs in,
the login banner displays. It is also displayed as part of the output from the /info/sys
command.
smtp <SMTP host name [-v4 | -v6]| v4 or v6 IP address>

Sets the Simple Mail Transfer Protocol (SMTP) host, which is used for sending Bandwidth
Management history information.
The following prompts appear when using this command:
Current SMTP host: 0.0.0.0

Enter new SMTP host (and IP version) or IP address:
hprompt disable|enable
Enables or disables displaying of the hostname (the system administrator's name) in the
CLI.
bootp disable|enable
Enables or disables the use of BOOTP. If you enable BOOTP, Alteon queries its BOOTP
server for all of the IP parameters.
Default: disable
cur
Displays the current system parameters.
245

/cfg/sys/syslog
System Host Log Configuration
Note: Alteon supports the RFC 3164 standard for syslogs.
[Syslog Menu]
sesslog
hst1
hst2
hst3
hst4
hst5
console
log
audit
email
cur
Session Log Menu

Set IP address of first syslog host
Set IP address of second syslog host
Set IP address of third syslog host
Set IP address of fourth syslog host
Set IP address of fifth syslog host
Enable/disable console output of syslog messages
Enable/disable syslogging of features
Enable/disable Audit Trail
Enable/disable emailing the syslog messages
Display current syslog settings
Table 153: System Configuration Menu Options (/cfg/sys/syslog)

sesslog
Displays the Session Log menu. To view this menu, see /cfg/sys/syslog/sesslog Session
Log Menu, page 247.
hst<1-5> <Syslog Server IP (v4 or v6)> <Severity[0-7]> <facility[0-7]>

Sets the IP address of the first through the fifth syslog hosts, along with the severity and
facility for this syslog host.
Severity levels include:
0 (Emergency)The system is unusable.
1 (Alert)Corrective action must be taken immediately.
2 (Critical)The condition of the system is critical.
3 (Error)The system has errors that should be corrected.
4 (Warning)The system is sending a warning.
5 (Notice)The condition of the system is normal, but with significant conditions that
need attention.
6 (Informational)The system is working, but sending information about certain

unfavorable conditions.
7 (Debug)The system is sending debug-level messages.
console disable|enable
Enables or disables delivering syslog messages to the console. When necessary, disabling
the console ensures Alteon is not affected by syslog messages.
Default: enable
log <feature|all
enable|disable>
Displays a list of features for which syslog messages can be generated. You can enable or
disable specific features (such as VLANs, GSLB, filtering), or enable or disable the syslog
on all available features.
246

Table 153: System Configuration Menu Options (/cfg/sys/syslog)

audit disable|enable
Enables or disables the logging of details of all configuration changes to the syslog server.
When enabled, Radware recommends that you do not configure multiple parameters in
the same CLI command line.
Note: Enabling this feature may increase the Management Processor (MP) CPU usage
temporarily if the configuration changes are very large.
email
Enables or disables emailing syslog messages. When enabled, sets the minimum severity
of the events that Alteon reports by email, the sender email address, and recipient email
address.
Default: disabled
cur
Displays the current syslog settings.
/cfg/sys/syslog/sesslog
Session Log Menu

The Session Log menu lets you turn session logging on and off, and define which fields are included
in the session log sent from a real server or NAT device.
[Session Log Menu]

fields
- Set session fields to log
on
- Turn session logging ON
off
- Turn session logging OFF
cur
- Display current session log settings
Table 154: Session Log Menu Options (/cfg/sys/syslog/sesslog)

fields
Includes the real server and/or NAT fields in the session log.
on
Enables session logging.
off
Disables session logging.
cur
Displays the current session logging settings.
/cfg/sys/mmgmt
Management Port Configuration Menu

The management port is a Gigabit Ethernet port used exclusively to manage Alteon. While Alteon
can be managed from any network port, the management port devotes a port to management that
could otherwise be for processing data and traffic. This port manages the switch using either Telnet
CLI, SNMP, or HTTP. This port is isolated from and does not participate in the networking protocols
that run on the network ports.
247

Notes
The management port must be configured with a static IP address, subnet mask, broadcast
address, and default gateway, and must be enabled before it can be used. If this port is
disabled, the network ports have to perform all Alteon management, other than the
management using the console. If this port is enabled, the factory default settings for some of
the management features remain with the network ports. You can change the defaults by
configuring these features to permanently use the management port, or in some cases, by using
the operational commands to set these options on a one-time basis.
The management port does not support BOOTP.
To configure port 6 / MNG 1 as a management port for dedicated out-of-band management on

the 4408 platform, first enable the physical port with the command /boot/mgmt ena. Then use
the command /cfg/sys/mmgmt ena to enable the management port. For more information,
see the section on configuring management ports in the Radware Alteon Installation and
Maintenance Guide.
To configure MNG 1 as a management port for dedicated out-of-band management on an Alteon

platform other than the 4408, first enable the physical port with the command /boot/mgmt
ena. Then use the command /cfg/sys/mmgmt ena to enable the management port. For more
information, see the section on configuring management ports in the Radware Alteon
Installation and Maintenance Guide.
Figure 17: vADC Global Administrator Management Port Menu

[Management Port Menu]
port
- Management Port Phy Menu
addr
- Set IP address
mask
- Set subnet mask
gw
- Set default gateway address
addr6
- Set IPv6 address
prefix6 - Set IPv6 prefix length
gw6
- Set IPv6 default gateway address
ena
- Enable management port
dis
- Disable management port
intr
- Set interval between gateway ping attempts
retry
- Set number of failed attempts to declare gateway DOWN
cur
- Display current configuration
248

Figure 18: vADC Administrator Management Port Menu

addr
- Set IP address
mask
- Set subnet mask
gw
addr6
- Set IPv6 address
gw6
ena
- Enable management port
dis
- Disable management port
intr
retry
dns
- Set default port for DNS
ntp
- Set default port for NTP
radius
- Set default port for RADIUS
tacacs
- Set default port for TACACS+
smtp
- Set default port for SMTP
snmp
- Set default port for SNMP traps
syslog
- Set default port for SYSLOG
tftp
- Set default port for FTP/TFTP/SCP
ocsp
- Set default port for OCSP
wlm
- Set default port for Workload Manager
report
- Set default port for Reporting server
bootp
- Set default port for BOOTP
cur
Figure 19: Standalone Management Port Menu

net
- Management Port Network Menu
intr
retry
dns
- Set default port for DNS
ntp
- Set default port for NTP
radius
- Set default port for RADIUS
tacacs
- Set default port for TACACS+
smtp
- Set default port for SMTP
snmp
- Set default port for SNMP traps
syslog
- Set default port for SYSLOG
tftp
- Set default port for FTP/TFTP/SCP
ocsp
- Set default port for OCSP
wlm
- Set default port for Workload Manager
report
- Set default port for Reporting server
bootp
- Set default port for BOOTP
cur
Table 155: Management Port Menu Options (/cfg/sys/mmgmt)

port
Displays the Management Port Link menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /cfg/sys/mmgmt/
port Management Port Link Menu, page 251.
249


addr <IP address (such as, 192.4.17.101)>
Sets the IP address.
mask <subnet mask (such as, 255.255.255.0)>

Sets the subnet mask.
gw <gateway address (such as, 192.4.17.1)>

Sets the IP address for the default gateway.
addr6 <IP6 address (eg, 3001:0:0:0:0:0:abcd:12 or 3001::abcd:12 or any)>

Sets the IPv6 address.
prefix6 <IPv6 prefix length (eg, 64)>

Sets the IPv6 prefix length.
gw6 <default gateway IPv6 address (eg, 3001:0:0:0:0:0:abcd:1234 or

3001::abcd:1234)>
Sets the IPv6 default gateway address.
ena
Enables the management port.
dis
Disables the management port.
intr <interval (0 - 60 seconds)>

Sets the interval between gateway ping attempts.
retry <number of attempts (1-120)>

Sets the number of failed ping attempts before a gateway is declared down.
dns default port mgmt|data

Sets DNS over the management or data ports. This command only appears in the vADC
Administrator environment in ADC-VX mode.
Default: data
ntp default port mgmt|data

Sets NTP over the management or data ports. This command only appears in the vADC
Default: data
radius default port mgmt|data

Sets RADIUS over the management or data ports. This command only appears in the
vADC Administrator environment in ADC-VX mode.
Default: data
tacacs mgmt|data
Sets TACACS+ over the management or data ports. This command only appears in the
vADC Administrator environment in ADC-VX mode.
Default: data
250


smtp default port mgmt|data
Sets SMTP over the management or data ports. This command only appears in the vADC
Default: data
snmp default port mgmt|data

Sets SNMP trap host over the management or data ports. This command only appears in
the vADC Administrator environment in ADC-VX mode.
Default: data
syslog default port mgmt|data

Sets syslog host access over the management or data ports. This command only appears
in the vADC Administrator environment in ADC-VX mode.
Default: data
tftp default port mgmt|data

Sets TFTP over the management or data port. This command only appears in the vADC
Default: data
ocsp default port mgmt|data

Sets the default port for OSCP. This command only appears in the vADC Administrator
Default: data
wlm ["mgmt"|"data"]
Sets the default port for the workload manager. This command only appears in the vADC
report ["mgmt"|"data"]
Sets the default port for the reporting server. This command only appears in the vADC
bootp disable|enable
Enables or disables the use of BOOTP. If you enable BOOTP, Alteon queries its BOOTP
server for all of the IP parameters. This command only appears in the vADC
Default: disable
cur
Displays the current configuration.
/cfg/sys/mmgmt/port
Management Port Link Menu

[Management Port Link Menu]
speed
- Set link speed
mode
- Set full or half duplex mode
auto
- Set autonegotiation
cur
- Display current link configuration
251

Table 156: Management Port Link Menu Options (/cfg/sys/mgmt/port)

speed 10|100|any
Sets the speed of the link with the management port.
Default: any
mode full|half|any
Sets half- or full-duplex mode.
Default: any
auto on|off
Sets auto-negotiation for the port.
Default: on
cur
Displays the current link configuration.
/cfg/sys/sync
Global Administrator Sync Menu
This menu only appears in the Global Administrator environment in ADC-VX mode. After a vADC is
created, its configuration must be synchronized with its neighboring (peer) vADCs in order for all
vADCs to coordinate. To do this, the Global Administrator must associate the peers with the vADC.
Note: For a VX administrator, this synchronization command is operated through the management
interface and cannot be operated from the data ports.
[Global - Sync Menu]

peer
- Set peer system address
cur
- Display pending configuration
Table 157: Global Administrator Sync Menu Options (/cfg/sys/sync)

peer
Displays the Peer Switch menu. To view this menu, see /cfg/sys/sync/peer Peer Switch
Menu, page 253.
cur
Displays pending configuration changes for all peers.
252

/cfg/sys/sync/peer
Peer Switch Menu

When you enter the Peer Switch menu, you are prompted to enter the peer number (1 through 5).
After entering the peer number, a menu similar to the following displays:
[Peer Switch 1 Menu]

addr
- Set peer switch IP address
ena
- Enable peer switch
dis
- Disable peer switch
range
- Set synchronization target for a range of vADCs
del
- Delete peer switch
cur
- Display current peer switch configuration
Table 158: Peer Switch Menu Options (/cfg/sys/sync/peer)

addr
Enters or edits the IP address for the peer. This supports both IPv4 and IPv6 addresses.
ena
In order for the vADC to recognize the peer, you must enable it.
dis
If you disable the peer, it is not longer synchronized with the vADC.
range
Sets the associated range of vADCs to be synchronized. You can enter a combination of
single vADCs and ranges of vADCs. For example: 1, 3-5, 8.
Note: If you change the vADC range (for example, from 1, 3-5, 8 to 1, 3, 8), the
vADCs that you removed from the range remain active on the peer vADC, but the
primary vADC no longer synchronizes its configuration changes with the removed
vADCs. The Global Administrator can later choose to manually delete these vADCs
from the peer vADC.
del
Deletes the current peer.
cur
Displays pending configuration changes for all peers.
Example display:
Current peer switch: 1

10.104.216.22.
enabled
range 1-4
253

/cfg/sys/radius
RADIUS Server Configuration

[RADIUS Server Menu]
prisrv
- Set primary RADIUS server address
secsrv
- Set secondary RADIUS server address
secret
- Set primary RADIUS server secret
secret2 - Set secondary RADIUS server secret
port
- Set RADIUS port
retries - Set RADIUS server retries
timeout - Set RADIUS server timeout (seconds)
secbd
- Enable/disable RADIUS secure backdoor for telnet/ssh/http
on
- Turn RADIUS authentication ON
off
- Turn RADIUS authentication OFF
cur
- Display current RADIUS configuration
Table 159: RADIUS Server Configuration Menu Options (/cfg/sys/radius)

prisrv <IP address (v4 or v6)>
Sets the primary RADIUS server address.
Current primary RADIUS server:

Enter new primary RADIUS server (v4 or v6):
secsrv <IP address (v4 or v6)>
Sets the secondary RADIUS server address.
Current secondary RADIUS server:

Enter new secondary RADIUS server (v4 or v6):
secret
<1-32 character secret>

This is the shared secret password between Alteon and the primary RADIUS servers.
secret2 <1-32 character secret>

This is the shared secret password between Alteon and the secondary RADIUS servers.
port <RADIUS port to configure, default 1645>

Enter the number of the UDP port to be configured.
Values: 15003000
Default: 1645
retries <RADIUS server retries (1-3)>

Sets the number of failed authentication requests before switching to a different RADIUS
server.
Default: 3 requests
timeout <RADIUS server timeout seconds (1-10)>

Sets the time before a RADIUS server authentication attempt is considered to have
failed.
Default: 3 seconds
254

Table 159: RADIUS Server Configuration Menu Options (/cfg/sys/radius)

secbd disable|enable
Enables or disables the RADIUS secure back door for Telnet, SSH, HTTP, and serial
console connections.
Values:
enabledThe notacacs/admin and noradius/admin user accounts can log in from

the serial console only.
User accounts configured under cfg/sys/access/user/uid can log in from the
serial console and from the CLI console (using Telnet, SSH, or HTTP).
disabledThere is no access to Alteon until the authorization servers are reachable

again.
Default: disabled
on
Enables the RADIUS server.
off
Disables the RADIUS server.
cur
Displays the current RADIUS server parameters.
/cfg/sys/tacacs
TACACS+ Server Configuration Menu

TACACS (Terminal Access Controller Access Control System) is an authentication protocol that allows
a remote access server to forward a user's logon password to an authentication server to determine
whether access can be allowed to a given system.
TACACS is an encryption protocol, and therefore less secure than the TACACS+ and Remote
Authentication Dial-In User Service (RADIUS) protocols. Both TACACS and TACACS+ are described
in RFC 1492.
The TACACS+ protocol is considered more reliable than RADIUS, as TACACS+ uses the Transmission
Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS
combines authentication and authorization in a user profile, whereas TACACS+ separates the two
operations.
The Alteon TACACS+ protocol implementation supports customers that have Cisco's TACACS+
protocol as their network security feature. In addition, TACACS+ offers the following advantages
over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only, in authentication requests.
Supports decoupled authentication, authorization, and accounting.
You can also display the privilege level of users who are logged in by issuing the who command.
255

[TACACS+ Server
prisrv
secsrv
secret
secret2 port
retries timeout secbd
cmap
cauth
clog
clogname on
off
cur
-
Menu]
Set primary TACACS+ server address
Set secondary TACACS+ server address
Set primary TACACS+ server secret
Set secondary TACACS+ server secret
Set TACACS+ TCP port
Set TACACS+ server retries
Set TACACS+ server timeout (seconds)
Enable/disable TACACS+ secure backdoor for telnet/ssh/http
Enable/disable TACACS+ new privilege level mapping
Enable/disable TACACS+ command authorization
Enable/disable TACACS+ command logging
Display accounting log name
Turn TACACS+ authentication ON
Turn TACACS+ authentication OFF
Display current TACACS+ configuration
Table 160: TACACS+ Server Menu Options (/cfg/sys/tacacs)

prisrv <IP address (v4 or v6)>
Defines the primary TACACS+ server address.
Current primary TACACS+ server:

Enter new primary TACACS+ server (v4 or v6):
secsrv <IP address (v4 or v6)>
Defines the secondary TACACS+ server.
Enter new secondary TACACS+ server (v4 or v6):

Secondary TACACS+ server address.
secret <1-32 character secret>
This is the shared secret between Alteon and the primary TACACS+ servers.
secret2 <1-32 character secret>

This is the shared secret between Alteon and the secondary TACACS+ servers.
port <TACACS+ port configure, default 49>

Enter the number of the TCP port to be configured.
Values: 165000
Default: 49
retries <TACACS+ server retries, 1-3>

Sets the number of failed authentication requests before switching to a different
TACACS+ server.
Default: 3 requests
timeout <TACACS+ server timeout seconds, 1-15>

Sets the time before a TACACS+ server authentication attempt is considered to have
failed.
Default: 4 seconds
256

Table 160: TACACS+ Server Menu Options (/cfg/sys/tacacs)

secbd disable|enable
Enables or disables the TACACS+ secure back door for Telnet, SSH, HTTP, and serial
console connections. When enabled, indicates the access in the absence of TACACS+
servers.
enabledThe notacacs/admin and noradius/admin user accounts can log in from

the serial console only.
User accounts configured under cfg/sys/access/user/uid can log in from the
serial console and from the CLI console (using Telnet, SSH, or HTTP).
disabledThere is no access to Alteon until the authorization servers are reachable

again.
Default: disabled
cmap disable|enable
Enables or disables TACACS+ new privilege level mapping. When enabled, this increases
the privilege level from default 0-9 to 0-22.
cauth disable|enable
Enables or disables TACACS+ command authorization.
clog disable|enable
Enables or disables TACACS+ command logging. When enabled, Alteon sends command
log messages to the TACACS+ server when configured by user.
on
Enables the TACACS+ server
off
Disables the TACACS+ server
cur
Displays the current TACACS+ configuration parameters.
/cfg/sys/ntp
NTP Server Configuration

This menu lets you synchronize the Alteon clock to a Network Time Protocol (NTP) server. By
default, this option is disabled.
[NTP Server Menu]

prisrv
- Set primary NTP server address
secsrv
- Set secondary NTP server address
intrval - Set NTP server resync interval
tzone
- Set NTP timezone offset from GMT
on
- Turn NTP service ON
off
- Turn NTP service OFF
cur
- Display current NTP configuration
257

Table 161: NTP Server Configuration Menu Options (/cfg/sys/ntp)

prisrv <primary NTP server IP address (v4 or v6)>
Prompts for the IP address of the primary NTP server to which you want to synchronize
the Alteon clock.
Current primary NTP server

Enter new primary NTP server (v4 or v6):
secsrv <secondary NTP server IP address (v4 or v6)>
Prompts for the IP address of the secondary NTP server to which you want to
synchronize the Alteon clock.
Current secondary NTP server

Enter new secondary NTP server v4 or v6):
intrval <resync interval in minutes>
Specifies how often Alteon re-synchronizes its clock with the NTP server.
Default: 1440 minutes
tzone <offset from GMT, in HH:MM>

Prompts for the NTP time zone offset, in hours and minutes, of the Alteon you are
synchronizing from Greenwich Mean Time (GMT).
on
Enables the NTP synchronization service.
off
Disables the NTP synchronization service.
cur
Displays the current NTP service settings.
/cfg/sys/ssnmp
System SNMP Configuration Menu

Alteon supports SNMP-based network management. In the SNMP model of network management, a
management station (client/manager) accesses a set of variables known as MIBs (Management
Information Base) provided by the managed device (agent). If you are running an SNMP network
management station on your network, you can manage Alteon using the following standard SNMP
MIBs:
MIB II (RFC 1213)
Ethernet MIB (RFC 1643)
Bridge MIB (RFC 1493)
An SNMP agent is a software process on the managed device that listens on UDP port 161 for SNMP
messages. Each SNMP message sent to the agent contains a list of management objects to retrieve
or to modify. SNMP parameters that can be modified include:
System name
System location
System contact
Use of the SNMP system authentication trap function
258

Read community string
Write community string
Trap community strings
Notes
If the traps are configured to be sent from an SNMP data port, the source address of the
received trap is the IP of the interface defined in the /cfg/sys/ssnmp/trsrc command.
If the traps are configured to be sent from an SNMP management port, the source address of
the received traps is the management interface IP.
[System SNMP Menu]

snmpv3
- SNMPv3 Menu
name
- Set SNMP "sysName"
locn
- Set SNMP "sysLocation"
cont
- Set SNMP "sysContact"
rcomm
- Set SNMP read community string
wcomm
- Set SNMP write community string
trap1
- Set first SNMP trap host address
trap2
- Set second SNMP trap host address
trsrc
- Set SNMP trap source interface
timeout - Set timeout for the SNMP state machine
auth
- Enable/disable SNMP "sysAuthenTrap"
linkt
- Enable/disable SNMP link up/down trap
cur
- Display current system SNMP configuration
Table 162: SNMP Configuration Menu Options (/cfg/sys/ssnmp)

snmpv3
Displays the SNMPv3 menu. To view this menu, see /cfg/sys/ssnmp/snmpv3 SNMPv3
name <new string (maximum 64 characters)>

Configures the name for the system.
Note: Values: 164 charactersOnly use non-special alphanumeric characters.
locn <new string (maximum 64 characters)>

Configures the name of the system location.
Values: 164 characters
cont <new string (maximum 64 characters)>

Configures the name of the system contact.
rcomm <new SNMP read community string (maximum 32 characters)>

Configures the SNMP read community string. The read community string controls SNMP
get access to Alteon.
Default: public
259

Table 162: SNMP Configuration Menu Options (/cfg/sys/ssnmp) (cont.)

wcomm <new SNMP write community string (maximum 32 characters)>
Configures the SNMP write community string. The write community string controls SNMP
set and get access to Alteon.
Default: private
trsrc <interface number (1-256)>

Defines the interface number for SNMP trap source interface. This command lets you
select one of the configured interfaces as the source interface using the interface
number.
Note: This command is applicable only to SNMPv1 and SNMPv2 traps because only
they contain the source IP address that can be set with this command. The SNMPv3
packets do not contain this field.
Note: This commmand is relevant only if the SNMP traps are configured to be sent
from an Alteon data port (/cfg/sys/mmgmt/snmp data).
trap1 <new SNMP trap host IP address v4 or v6)>

Sets the first SNMP trap host address.
Current first SNMP trap host address:

Enter first SNMP trap host address (v4 or v6):
trap2 <new SNMP trap host IP address v4 or v6)>
Sets the second SNMP trap host address.
Current second SNMP trap host address:

Enter second SNMP trap host address (v4 or v6):
timeout <SNMP state machine timeout minutes, 1-30>
Defines the timeout period for the SNMP state computer. When you use diff and apply,
memory is allocated to store the output of the command. The timeout period determines
when the resources/memory allocated for the output will be freed.
auth disable|enable
Enables or disables the use of the system authentication trap facility.
Default: disable
linkt <port
disable|enable>
Enables or disables the sending of SNMP link up and link down traps.
Default: enable
cur
Displays the current STP port parameters.
260

/cfg/sys/ssnmp/snmpv3
SNMPv3 Configuration Menu

SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2
Framework by supporting the following:
A new SNMP message format
Security for messages
Access control
Remote configuration of SNMP parameters
For more details on the SNMPv3 architecture, refer to RFC 2271 and RFC 2276.
[SNMPv3 Menu]
usm
view
access
group
comm
taddr
tparam
notify
v1v2
cur
usmUser Table menu

vacmViewTreeFamily Table menu
vacmAccess Table menu
vacmSecurityToGroup Table menu
community Table menu
targetAddr Table menu
targetParams Table menu
notify Table menu
Enable/disable V1/V2 access
Display current SNMPv3 configuration
Table 163: SNMPv3 Configuration Menu Options (/cfg/sys/ssnmp/snmpv3)

usm <usmUser number [1-16]>
Displays the User Security Model Configuration menu. The menu is used to create a
user security model (USM) entry for an authorized user. You can also configure this
entry through SNMP.
To view this menu, see /cfg/sys/ssnmp/snmpv3/usm User Security Model
view <vacmViewTreeFamily number [1-128]>

Displays the User SNMPv3 View Configuration menu. The menu is used to create
different MIB views.
To view this menu, see /cfg/sys/ssnmp/snmpv3/view SNMPv3 View Configuration
Menu, page 264.
access <vacmAccess number [1-32]>

Displays the View-based Access Control Model Configuration menu.
This menus is used to specify access rights. The View-based Access Control Model
defines a set of services that an application can use for checking user access rights.
You need access control when you have to process retrieval or modification requests
from an SNMP entity.
To view this menu, see /cfg/sys/ssnmp/snmpv3/access View-based Access Control
Model Configuration Menu, page 265.
261

Table 163: SNMPv3 Configuration Menu Options (/cfg/sys/ssnmp/snmpv3) (cont.)

group <vacmSecurityToGroup number [1-16]>
Displays the SNMPv3 Group Configuration menu.
A group maps the user name to the access group names and their access rights
needed to access SNMP management objects. A group defines the access rights
assigned to all names that belong to a particular group.
To view this menu, see /cfg/sys/ssnmp/snmpv3/group SNMPv3 Group Configuration
Menu, page 266.
comm <snmpCommunity number [1-16]>

Displays the SNMPv3 Community Table Configuration menu.
The community table contains objects for mapping community strings and versionindependent SNMP message parameters.
To view this menu, see /cfg/sys/ssnmp/snmpv3/comm SNMPv3 Community Table
taddr <snmpTargetAddr number [1-16]>

Displays the SNMPv3 Target Address Table Configuration menu.
This menu is used to configure destination information, consisting of a transport
domain and a transport address (also known as a transport endpoint). The SNMP MIB
provides a mechanism for performing source address validation on incoming requests,
and for selecting community strings based on target addresses for outgoing
notifications.
To view this menu, see /cfg/sys/ssnmp/snmpv3/taddr SNMPv3 Target Address Table
tparam <target params index [1-16]>

Displays the SNMPv3 Target Parameters Table Configuration menu.
This menu is used to configure SNMP parameters, consisting of message processing
model, security model, security level, and security name information. There may be
multiple transport endpoints associated with a particular set of SNMP parameters, or a
particular transport endpoint may be associated with several sets of SNMP parameters.
To view this menu, see /cfg/sys/ssnmp/snmpv3/tparam SNMPv3 Target Parameters
Table Configuration Menu, page 269.
notify <notify index [1-16]>

Displays the SNMPv3 Notify Table Configuration menu.
A notification application typically monitors a system for particular events or
conditions, and generates notification class messages based on these events or
conditions.
To view this menu, see /cfg/sys/ssnmp/snmpv3/notify SNMPv3 Notify Table
v1v2 disable|enable
Enables or disables the access to SNMP version 1 and version 2.
Default: enable
cur
Displays the current SNMPv3 configuration.
262

/cfg/sys/ssnmp/snmpv3/usm
User Security Model Configuration Menu

You can use a defined set of user identities using this Security Model. An SNMP engine must have
the knowledge of the applicable attributes of a user.
This menu helps you create a user security model entry for an authorized user. You need to provide
a security name to create the USM entry.
[SNMPv3 usmUser 1 Menu]

name
- Set USM user name
auth
- Set authentication protocol
authpw
- Set authentication password
priv
- Set privacy protocol
privpw
- Set privacy password
del
- Delete usmUser entry
cur
- Display current usmUser configuration
Table 164: User Security Model Configuration Menu Options (/cfg/sys/ssnmp/snmpv3/usm)

name <32 character name>
Configures a string that represents the name of the user. This is the login name that you
need to access the system.
auth md5|sha|none
Configures the authentication protocol.
Values: HMAC-MD5-96, HMAC-SHA-96, none
Default: none
authpw
If you selected an authentication algorithm using the auth command, you need to
provide a password. Otherwise, you will get an error message during validation. This
command lets you create or change your authentication password.
priv des|none
Configures the type of privacy protocol on your Alteon. The privacy protocol protects
messages from disclosure.
Values:
des (CBC-DES Symmetric Encryption Protocol)If you specify this privacy protocol,
ensure that you have selected one of the authentication protocols (MD5 or HMACSHA-96) with the auth command.
noneIf you select none, you will get an error message.
privpw
Creates or changes the privacy password.
del
Deletes the USM user entries.
cur
Displays the USM user entries.
263

/cfg/sys/ssnmp/snmpv3/view
SNMPv3 View Configuration Menu

[SNMPv3 vacmViewTreeFamily 1 Menu]
name
- Set view name
tree
- Set MIB subtree(OID) which defines a family of view subtrees
mask
- Set view mask
type
- Set view type
del
- Delete vacmViewTreeFamily entry
cur
- Display current vacmViewTreeFamily configuration
Table 165: SNMPv3 View Menu Options (/cfg/sys/ssnmp/snmpv3/view)

Defines the name for a family of view sub-trees.
tree <object identifier, such as,. 1.3.6.1.2.1.1.1.0, max 32 characters>

Defines MIB tree which, when combined with the corresponding mask, defines a family of
view sub-trees.
mask <bitmask, max size 32 characters>

Defines the bit mask which, in combination with the corresponding tree, defines a family
of view sub-trees.
type included|excluded
Indicates whether the corresponding instances of vacmViewTreeFamilySubtree and
vacmViewTreeFamilyMask define a family of view sub-trees, by either including or
excluding them from the MIB view.
del
Deletes the vacmViewTreeFamily group entry.
cur
Displays the current vacmViewTreeFamily configuration.
264

/cfg/sys/ssnmp/snmpv3/access
View-based Access Control Model Configuration Menu

The View-based Access Control Model defines a set of services that an application can use for
checking access rights of the user. Access control is needed when the user has to process SNMP
retrieval or modification requests from an SNMP entity.
[SNMPv3 vacmAccess 1 Menu]

name
- Set group name
prefix
- Set content prefix
model
- Set security model
level
- Set minimum level of security
match
- Set prefix only or exact match
rview
- Set read view index
wview
- Set write view index
nview
- Set notify view index
del
- Delete vacmAccess entry
cur
- Display current vacmAccess configuration
Table 166: View-based Access Control Model Menu Options (/cfg/sys/ssnmp/snmpv3/access)

Defines the group name.
prefix <32 character name>

Defines the context name. An SNMP context is a collection of management information
that an SNMP entity can access. An SNMP entity has access to many contexts. For more
information on naming the management information, see RFC 2571, the SNMP
Architecture document. The View-based Access Control Model defines a table that lists
the locally available contexts by contextName.
model usm|snmpv1|snmpv2
Selects the security model to be used.
level noAuthNoPriv|authNoPriv|authPriv
Defines the minimum level of security required to gain access rights.
Values:
noAuthNoPrivThe SNMP message is sent without authentication and without using

a privacy protocol.
authNoPrivThe SNMP message is sent with authentication but without using a

privacy protocol.
authPrivThe SNMP message is sent to both with authentication and using a privacy
protocol.
match exact|prefix
Values:
exactAll the rows whose contextName exactly matches the prefix are selected.
prefixAll the rows where the starting octets of the contextName exactly match the
prefix are selected.
265

Table 166: View-based Access Control Model Menu Options (/cfg/sys/ssnmp/snmpv3/access)

rview <32 character view name>
This is a 32-character long read view name that lets you read access to a particular MIB
view.
If the value is empty, or if there is no active MIB view having this value, no access is
granted.
wview <32 character view name>

This is a 32-character long write view name that lets you write access to the MIB view.
If the value is empty, or if there is no active MIB view having this value, no access is
granted.
nview <32 character view name>

This is a 32 -character long notify view name that lets you notify access to the MIB view.
del
Deletes the View-based Access Control entry.
cur
Displays the View-based Access Control configuration.
/cfg/sys/ssnmp/snmpv3/group
SNMPv3 Group Configuration Menu

[SNMPv3 vacmSecurityToGroup 1 Menu]
model
uname
- Set USM user name
gname
- Set group name
del
- Delete vacmSecurityToGroup entry
cur
- Display current vacmSecurityToGroup configuration
Table 167: SNMPv3 Group Menu Options (/cfg/sys/ssnmp/snmpv3/group)

Defines the security model.
uname <32 character name>

Sets the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name. For more
information, see /cfg/sys/ssnmp/snmpv3/usm User Security Model Configuration Menu,
page 263.
gname <32 character name>

The name for the access group as defined in /cfg/sys/ssnmp/snmpv3/access/
name. For more information, see /cfg/sys/ssnmp/snmpv3/access View-based Access
Control Model Configuration Menu, page 265
del
Deletes the vacmSecurityToGroup entry.
cur
Displays the current vacmSecurityToGroup configuration.
266

/cfg/sys/ssnmp/snmpv3/comm
SNMPv3 Community Table Configuration Menu

This menu is used to configure the community table entry. The configured entry is stored in the
community table list in the SNMP engine. This table is used to configure community strings in the
Local Configuration Datastore (LCD) of SNMP engine.
[SNMPv3 snmpCommunityTable 1 Menu]

index
- Set community index
name
- Set community string
uname
- Set USM user name
tag
- Set community tag
del
- Delete communityTable entry
cur
- Display current communityTable configuration
Table 168: SNMPv3 Community Table Configuration Menu Options (/cfg/sys/ssnmp/snmpv3/

comm)

index <32 character name>
Configures the unique index value of a row in this table.

Defines the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name. For more
information, see /cfg/sys/ssnmp/snmpv3/usm User Security Model Configuration Menu,
page 263.

Defines a readable 32-character long string that represents the corresponding value of
an SNMP community name in a security model.
tag <list of tag string, max 255 characters>

Configures a tag that specifies a set of transport endpoints to which a command
responder application sends an SNMP trap.
del
Deletes the community table entry.
cur
Displays the community table configuration.
267

/cfg/sys/ssnmp/snmpv3/taddr
SNMPv3 Target Address Table Configuration Menu

This menu is used to configure the target transport entry. The configured entry is stored in the
target address table list in the SNMP engine. This table of transport addresses is used in the
generation of SNMP messages.
[SNMPv3 snmpTargetAddrTable 1 Menu]

name
- Set target address name
addr
- Set target transport address IP
port
- Set target transport address port
taglist - Set tag list
pname
- Set targetParams name
feature - Enable/disable traps for selected features
del
- Delete targetAddrTable entry
cur
- Display current targetAddrTable configuration
Table 169: Target Address Table Menu Options (/cfg/sys/ssnmp/snmpv3/taddr)

Configures the local arbitrary, but unique identifier, target address name associated with
this entry.
addr <transport address IP (v4 or v6)>

Configures a transport address IP that can be used in the generation of SNMP traps.
Current Transport address IP:

Enter new Transport address IP (v4 or v6):
port <transport address port>
Configures a transport address port that can be used in the generation of SNMP traps.
taglist <list of tag string, max 255 characters>

Configures a list of tags that are used to select target addresses for a particular
operation.
pname <32 character name>

Defines the name as defined in /cfg/sys/ssnmp/snmpv3/tparam/name. For more
information, see /cfg/sys/ssnmp/snmpv3/tparam SNMPv3 Target Parameters Table
feature <feature|all> <enable|disable>

Configures a list of features for which trap messages should be generated. You can
enable or disable specific features (such as VLANs, GSLB, SLB, filtering, and so on), or
enable or disable traps on all available features for this specific target.
Default: all, enable
del
Deletes the Target Address Table entry.
cur
Displays the current Target Address Table configuration.
268

/cfg/sys/ssnmp/snmpv3/tparam
SNMPv3 Target Parameters Table Configuration Menu

You can configure the target parameters entry and store it in the target parameters table in the
SNMP engine. This table contains parameters that are used to generate a message. The parameters
include the message processing model (for example: SNMPv3, SNMPv2c, SNMPv1), the security
model (for example: USM), the security name, and the security level (noAuthnoPriv, authNoPriv, or
authPriv).
[SNMPv3 snmpTargetParamsTable 1 Menu]

name
- Set target params name
mpmodel - Set message processing model
model
uname
- Set USM user name
level
- Set minimum level of security
del
- Delete targetParamsTable entry
cur
- Display current targetParamsTable configuration
Table 170: Target Parameters Table Configuration Menu Options (/cfg/sys/ssnmp/snmpv3/

tparam)

Configures the local arbitrary, but unique identifier, that is associated with this entry.
mpmodel snmpv3|snmpv1|snmpv2c
Configures the message processing model that is used to generate SNMP messages.
Selects the security model to be used when generating the SNMP messages.

Defines the name that identifies the user in the USM table (see /cfg/sys/ssnmp/
snmpv3/usm User Security Model Configuration Menu, page 263) on whose behalf the
SNMP messages are generated using this entry.
level noAuthNoPriv|authNoPriv|authPriv
Selects the level of security to be used when generating the SNMP messages using this
entry.
Values:
noAuthNoPrivThe SNMP message is sent without authentication and without using

a privacy protocol.
authNoPrivThe SNMP message is sent with authentication but without using a

privacy protocol.
authPrivThe SNMP message is sent to both with authentication and using a

privacy protocol.
del
Deletes the targetParamsTable entry.
cur
Displays the current targetParamsTable configuration.
269

/cfg/sys/ssnmp/snmpv3/notify
SNMPv3 Notify Table Configuration Menu

SNMPv3 uses Notification Originator to send out traps. A notification typically monitors a system for
particular events or conditions, and generates Notification-Class messages based on these events or
conditions.
[SNMPv3 snmpNotifyTable 1 Menu]

name
- Set notify name
tag
- Set notify tag
del
- Delete notifyTable entry
cur
- Display current notifyTable configuration
Table 171: Notify Table Menu Options (/cfg/sys/ssnmp/snmpv3/notify)

Defines a local arbitrary, but unique identifier, associated with this SNMP notify entry.
tag <list of tag string, max 255 characters>

Configures a tag of 255 characters maximum that contains a tag value which is used to
select entries in the Target Address Table. Any entry in the snmpTargetAddrTable that
matches the value of this tag is selected.
del
Deletes the notify table entry.
cur
Displays the current notify table configuration.
/cfg/sys/health
System Health Check Configuration Menu

This menu only appears in the Global Administrator environment in ADC-VX mode.
[System TCP Health Menu]

add
- Add TCP services to listen for health check
rem
- Remove TCP services from listening
on
- Turn system TCP health services ON
off
- Turn system TCP health services OFF
cur
- Display current TCP health services configuration
Table 172: System Health Check Configuration Menu Options (/cfg/sys/health)

add <TCP port (2-65534)>
Adds TCP services to listen to the health checks. Specify a TCP service port number, such
as 80 for HTTP.
Health check scripts cannot be run using protocols with SSL encapsulation (HTTPS, FTPS,
and so on).
rem <TCP port (2-65534)>

Removes TCP services that were added for listening to health checks. Specify a TCP
service port number, such as 80 for HTTP.
270

Table 172: System Health Check Configuration Menu Options (/cfg/sys/health)

on
Turns on the TCP health check services.
off
Turns off the TCP health check services.
cur
Displays the current TCP health check services configuration.
/cfg/sys/access
System Access Control Configuration

Figure 20: Global Administrator System Access Control Menu
[System Access Menu]
mgmt
- Management Network Access Menu
port
- Port Management Access Menu
user
- User Access Control Menu (passwords)
https
- HTTPS (Web) Server Access Menu
sshd
- SSH Server Menu
xml
- XML Configuration Access Menu
http
- Enable/disable HTTP (Web) server access
wport
- Set HTTP (Web) server port number
snmp
- Set SNMP access control
tnet
- Enable/disable Telnet server access
tnport
- Set Telnet server port number rlimit
- Set max rate of ARP,
BPDU, ICMP, TCP, or UDP packets to MP
cur
- Display current system access configuration
Figure 21: vADC Administrator System Access Control Menu

[System Access Menu]
mgmt
- Management Network Access Menu
vlan
- VLAN Management Access Menu
user
- User Access Control Menu (passwords)
https
- HTTPS (Web) Server Access Menu
sshd
- SSH Server Menu
xml
- XML Configuration Access Menu
http
- Enable/disable HTTP (Web) server access
wport
- Set HTTP (Web) server port number
snmp
tnet
- Enable/disable Telnet server access
tnport
- Set Telnet server port number
rlimit
- Set max rate of ARP, ICMP, TCP, or UDP packets to MP
cur
- Display current system access configuration
271

Table 173: System Access Configuration Menu Options (/cfg/sys/access)

mgmt
Displays the Management Configuration menu. To view this menu, see /cfg/sys/access/
mgmt Management Networks Menu, page 273.
port
Displays the Port Management Access menu. This menu only appears on standalone
systems. To view this menu, see /cfg/sys/access/port Port Management Access Menu,
page 274.
vlan
Displays the VLAN Management Access menu. To view this menu, see /cfg/sys/access/
user User Access Control Menu, page 275.
user
Displays the User Access Control menu. To view this menu, see /cfg/sys/access/user
User Access Control Menu, page 275.
https
Displays HTTPS Server Access menu. To view this menu, see /cfg/sys/access/https
HTTPS Access Configuration Menu, page 279.
sshd
Displays the SSH Server Access menu. To view this menu, see /cfg/sys/access/sshd SSH
Server Menu, page 281.
http disable|enable
Enables or disables HTTP (Web) access to the Browser-Based Interface (BBI).
Default: disable
wport <TCP port number (1-65535)>

Sets the port used for serving Web content.
Default: 80 (HTTP)
Note: If Global Server Load Balancing (GSLB) is to be used, set this to a different
port (such as 8080).
snmp disable|read-only|read-write
Sets the SNMP user access level to either disabled, read-only, or read-write.
tnet
Enables or disables Telnet access to Alteon.
Default: disable
Note: This command is available only if you are connected to Alteon through the
console port.
tnport <TCP port number>

The TCP port number that the Telnet server listens for Telnet sessions. Sets an optional
Telnet server port number when the server listens for Telnet sessions on a non-standard
port.
272

Table 173: System Access Configuration Menu Options (/cfg/sys/access)

rlimit <arp|bpdu|icmp|tcp|udp> <max rate, 0-65535 (pkts/sec)>
Sets Alteon-wide rate limiting on traffic entering Alteon over applicable protocols.
Specify which protocol you want to limit and the maximum rate by which the maximum
number of packets per second that is allowed to enter Alteon.
Values in standalone mode: ARP, BPDU, ICMP, TCP, UDP
Values in vADC mode: ARP, ICMP, TCP, UDP
Values in ADC-VX mode: BPDU
Default (standalone and ADC-VX): 20 BDPU
default (vADC): no limit defined
Note: Radware recommends that the rate is left with the factory default of 20 BDPU
packets for each port and for every second.
cur
/cfg/sys/access/mgmt
Management Networks Menu

This menu is used to define IP address ranges which are allowed to access Alteon for management
purposes. Alteon supports up to 128 management networks.
[Management Networks Menu]

add
- Add IPv4 management network
rem
- Remove IPv4 management network
add6
- Add IPv6 management network
rem6
- Remove IPv6 management network
arem
- Remove all management networks
cur
- Display current management networks
Table 174: Management Network Menu Options (/cfg/sys/access/mgmt)

add mgmt_network_address mgmt_network_mask management_access_protocol
Adds a defined network through which Alteon access is allowed through Telnet, SNMP,
SSH, HTTP, or HTTPS. You can select all or any of these protocols. If you want to add all
these protocol types to the specified network, use the option all.
rem mgmt_network_address mgmt_network_mask management_access_protocol

Removes the specified management network address, management network mask, and
management access protocol.
Enter Management Network IPv4 Address:

Enter Management Network Mask: 255.255.255.255
Enter Management Access protocol(all|telnet|ssh|http|https|snmp):
273

Table 174: Management Network Menu Options (/cfg/sys/access/mgmt)

add6 <management network IPv6 address> <management network prefix>
<all|telnet|ssh|http|https|snmp>
Adds IPv6 management network.

2001::2314
Enter Management Network Prefix [1-128]: 64
rem6 <management network IPv6 address> <management network prefix>
<all|telnet|ssh|http|https|snmp>
Removes IPv6 management network.

Enter Management Network Prefix [1-128]: 64
arem
Removes all the configured management networks at once. This works on both IPv4 and
IPv6 networks.
cur
/cfg/sys/access/port
Port Management Access Menu
Note: This menu only appears on standalone systems, and not n ADC-VX mode.
[Port Management
add
aadd
rem
arem
cur
-
Access Menu]
Add port with management access
Add all ports with management access
Remove port from management access
Remove all ports from management access
Display current ports with management access
Table 175: Port Management Access Menu Options

add <port_number>
Adds a port with management access.
aadd
Adds all ports with management access.
rem <port_number>
Removes a port from management access.
274

Table 175: Port Management Access Menu Options

arem
Removes all ports from management access.
cur
Displays the port numbers that currently have management access.
/cfg/sys/access/vlan
VLAN Management Access Menu

This menu only appears in the vADC Administrator environment in ADC-VX mode.
[VLAN Management Access Menu]

add
- Add VLAN with management access
aadd
- Add all VLAN's with management access
rem
- Remove VLAN from management access
arem
- Remove all VLAN's from management access
cur
- Display current VLAN's with management access
Table 176: VLAN Management Access Menu Options (/cfg/sys/access/vlan)

add
Adds management access to a specific VLAN.
aadd
Adds management access to all VLANs.
rem
Removes management access from a specific VLAN.
arem
Removes management access from all VLANs.
cur
Displays the VLANs which currently have management access.
/cfg/sys/access/user
User Access Control Menu

Figure 22: Global Administrator User Access Control Menu
[User Access Control Menu]
uid
- User ID Menu
usrpw
- Set user password (user)
opw
- Set operator password (oper)
admpw
- Set administrator password (admin)
cur
- Display current user status
275

Figure 23: vADC Administrator or Standalone User Access Control Menu

[User Access Control Menu]
uid
- User ID Menu
usrpw
svpw
- Set SLB viewer password (slbview)
sopw
- Set SLB operator password (slboper)
l4opw
- Set L4 operator password (l4oper)
opw
sapw
- Set Slb administrator password (slbadmin)
l4apw
- Set L4 administrator password (l4admin)
admpw
switch
- Switch RADIUS/TACACS authentication between User and Slbview
cur
Note: Passwords can be a maximum of 15 characters. To disable a user account, set the user
password to empty.
Table 177: User Access Control Menu Options (/cfg/sys/access/user)

uid <User ID, 1-11>
Displays the User ID menu. To view this menu, see /cfg/sys/access/user/uid System
User ID Configuration Menu, page 278.
usrpw
Sets the user (user) password. The user has no direct responsibility for Alteon
management. The user can view status information and statistics, but cannot make any
configuration changes.
svpw
Sets the SLB View user (slbview) password. The SLB Viewer can view Alteon
information, SLB statistics, and information, but cannot make any configuration
changes. This command only appears in the vADC Administrator environment in ADC-VX
mode.
sopw
Sets the SLB operator (slboper) password. The SLB operator manages Web servers and
other Internet services and their loads. The SLB operator can view all Alteon information
and statistics, and can enable or disable servers using the Server Load Balancing
Configuration menus.
Access includes user functions.
This command only appears in the vADC Administrator environment in ADC-VX mode.
l4opw
Sets the Layer 4 operator (l4oper) password. The Layer 4 operator manages traffic on
the lines leading to the shared Internet services. The Layer 4 operator can view all
Alteon information and statistics.
Access includes slboper functions.
276

Table 177: User Access Control Menu Options (/cfg/sys/access/user)

opw
Sets the operator (oper) password. The operator manages all functions of Alteon, and
can view all information and statistics, and can reset ports or the entire Alteon.
Access includes l4oper functions.
sapw
Sets the SLB administrator (slbadmin) password. The SLB administrator configures and
manages Web servers and other Internet services and their loads, and can view all
Alteon information and statistics, but can configure changes only on the Server Load
Balancing menus.
Note: The Filter menu options are not accessible to the SLB administrator.
l4apw
Sets the Layer 4 administrator (l4admin) password. The Layer 4 administrator
configures and manages traffic on the lines leading to the shared Internet services, and
can view all Alteon information and statistics, and can configure parameters on the
Server Load Balancing menus, with the exception of not being able to configure filters.
Access includes slbadmin functions.
admpw
Sets the administrator (admin) password. The superuser administrator has complete
access to all menus, information, and configuration commands, including the ability to
change both the user and administrator passwords.
Access includes oper and l4admin functions.
switch
Switches the RADIUS/TACACS authentication between the user and SLB viewer.
cur
Displays the current user status.
277

/cfg/sys/access/user/uid
System User ID Configuration Menu

This feature allows users to operate the real servers assigned to them. Using this menu you can list
the current status of the real server including the real server number, the real server name, the
operational state of the real server, and the number of current sessions. You can enable or disable
the real servers and change the password for accessing these real servers.
[User ID 1 Menu]
cos
- Set class of service
name
- Set user name
pswd
- Set user password
backdoor - Enable / disable backdoor access
crtmng
- Enable/disable certificate management permissions
add
- Add real server
rem
- Remove real server
ena
- Enable user ID
dis
- Disable user ID
del
- Delete user ID
cur
- Display current user configuration
Table 178: User ID Configuration Menu Options (/cfg/sys/access/user/uid)

cos
<user|l1oper|l2oper|l3oper|slbview|slboper|l4oper|oper|crtadmin|l3admin|slbadm
in|l4admin|admin>
Sets the Class of Service (CoS) to define the user's authority level. Alteon classes
(levels) include:
User (user)
Layer 1 Operator (l1oper) (appears only on the Global Administrator menu)
Layer 2 Operator (l2oper) (appears only on the Global Administrator menu)
Layer 3 Operator (l3oper) (appears only on the vADC Administrator menu)
SLB Viewer (slbview) (appears only on the vADC Administrator menu)
SLB Operator (slboper) (appears only on the vADC Administrator menu)
Layer 4 Operator (l4oper) (appears only on the vADC Administrator menu)
Operator (oper)
Certificate Administrator (crtadmin) (appears only on the vADC Administrator menu)
Layer 3 Administrator (l3admin) (appears only on the vADC Administrator menu)
SLB Administrator (slbadmin) (appears only on the vADC Administrator menu)
Layer 4 Administrator (l4admin) (appears only on the vADC Administrator menu)
Administrator (admin)
For more information on these security levels, see Accessing Alteon, page 34.
name <8 char max>

Defines the user name.
278

Table 178: User ID Configuration Menu Options (/cfg/sys/access/user/uid)

pswd <15 char max>
Sets the user password.
backdoor [d | e]
Enables or disables user access even when RADIUS or TACACS+ authentication is not
available.
Note: This applies to RADIUS and TACACS+ authentication when they are enabled but
still not available)
crtmng
Enables or disables certificate repository management permissions. When enabled, the
user is granted full access to the certificate repository.
Note: This is not available to non-administration users.
add <real server number, 1-1023>

Assigns a real server access to this user.
rem <real server number, 1-1023>

Removes a real server access from this user.
ena
Enables the user ID.
dis
Disables the user ID.
del
Deletes the user ID.
cur
Displays the current user ID configuration.
/cfg/sys/access/https
HTTPS Access Configuration Menu

Figure 24: Global Administrator HTTPS Access Configuration
[HTTPS Server Access Menu]
https
- Enable/disable HTTPS server access
port
- Set HTTPS server port number
generate - Generate self-signed HTTPS server certificate
key-imp - Import HTTPS server certificate
cert-imp - Import HTTPS server certificate
certdel - Delete HTTPS server certificate
certsave - Save HTTPS server certificate
cur
- Display current HTTPS server access configuration
279

Figure 25: vADC Administrator or Standalone HTTPS Access Configuration

[HTTPS Server Access Menu]
https
- Enable/disable HTTPS server access
port
- Set HTTPS server port number
cert
generate
key-imp
cert-imp
certdel
certsave
cur
-Associate HTTPS server certificate from certificate repository

- Generate self-signed HTTPS server certificate
- Import HTTPS server certificate
- Import HTTPS server certificate
- Delete HTTPS server certificate
- Save HTTPS server certificate
- Display current HTTPS server access configuration
Table 179: HTTPS Access Configuration Menu Options (/cfg/sys/access/https)

https
Enables or disables BBI access (Web access) using HTTPS.
port <TCP port number>

Defines the HTTPS Web server port number.
cert
Associates the HTTPS server certificate from the certificate repository. This command
only appears in the Global Administrator environment in ADC-VX mode.
key-imp
Imports the HTTPS server certificate key.
cert-imp
Imports the HTTPS server certificate.
generate
Lets you generate a certificate to connect to the SSL to be used during the key
exchange. A default certificate is created when HTTPS is enabled for the first time. You
can create a new certificate defining the information that you want to be used in the
various fields. For example:
Country Name (2 letter code) [ ]: CA
State or Province Name (full name) []: Ontario
Locality Name (for example, city) []: Ottawa
Organization Name (for example, company) []: Radware
Organizational Unit Name (for example, section) []: Alteon
Common Name (for example, user's name) []: Mr Smith
Email (for example, email address) []:
You are asked to confirm if you want to generate the certificate. It takes approximately
30 seconds to generate the certificate, and then Alteon restarts the SSL agent.
certdel
Deletes the HTTPS server certificate from a flash memory used when Alteon is rebooted.
certsave
Allows the client, or the Web browser, to accept the certificate and save the certificate to
flash memory to be used when Alteon is rebooted.
280

Table 179: HTTPS Access Configuration Menu Options (/cfg/sys/access/https)

cur
Displays the current SSL Web access configuration.
/cfg/sys/access/sshd
SSH Server Menu

Figure 26: Global Administrator HTTPS Access Configuration
[SSH Server Menu]
intrval - Set interval for generating the RSA server key
hkeygen - Generate the RSA host key
skeygen - Generate the RSA server key
sshport - Set SSH server port number
nologin - Enable/disable SSH no login display
sshv1
- Enable ssh v1 support
scpadm
- Set SCP-only admin password
ena
- Enable SCP apply and save
dis
- Disable SCP apply and save
on
- Turn SSH server ON (SSHv1/SSHv2)
off
- Turn SSH server OFF
cur
- Display current SSH server configuration
Figure 27: vADC Administrator or Standalone HTTPS Access Configuration

[SSH Server Menu]
intrval - Set interval for generating the RSA server key
hkeygen - Generate the RSA host key
skeygen - Generate the RSA server key
sshport - Set SSH server port number
sshv1
- Enable ssh v1 support
scpadm
- Set SCP-only admin password
ena
- Enable SCP apply and save
dis
- Disable SCP apply and save
on
- Turn SSH server ON (SSHv1/SSHv2)
off
- Turn SSH server OFF
cur
- Display current SSH server configuration
Table 180: SSH Server Menu Options (/cfg/sys/access/sshd)

intrval
Sets the interval for generating the RSA server key.
hkeygen
Generates the RSA host key.
skeygen
Generates the RSA server key.
281

Table 180: SSH Server Menu Options (/cfg/sys/access/sshd)

sshport <TCP_port_number>
Sets the server port number.
nologin enable | disable

Enables or disables SSH no login display. Only appears in the vADC Administrator
sshv1
enable | disable
Enables or disables SSH version 1 support.
scpadm
Sets the SCP-only admin password.
scpadm
Sets the SCP-only admin password.
ena
Enables the SCP apply and save.
dis
Disables the SCP apply and save.
on
Sets the SSH server to on.
off
Sets the SSH server to off.
cur
Displays the current SSH server configuration.
Console Port-only Commands

The /cfg/sys/access/sshd menu contains commands that are only accessible if connected to
Alteon through the console port:
Table 181: SSH Server Menu Console Port-only commands

hkeygen
Generates an RSA host key.
skeygen
Generates an RSA server key.
intrval <0 - 24>

Sets the interval in hours for when the RSA server key is regenerated.
scpadmin
Enables the usage of the SCP administrator password.
282

Table 181: SSH Server Menu Console Port-only commands

nologin
Enables or disables hiding the SSH login display.
Default: disabled
When nologin is set to disabled, when logging in via SSH or Telnet, the output of /info/
sys/general is automatically printed.

dis
Disables the SCP apply and save.
off
Sets the SSH server to off.
/cfg/sys/access/xml
XML Configuration Access Menu

[XML Config Access Menu]
xml
- Enable/disable XML config access
port
- Set XML server port number
gtcert
- Import XML client certificate
delcert - Delete XML client certificate
dispcert - Display XML client certificate
debug
- Debug XML operations
cur
- Display current XML config access configuration
Table 182: XML Configuration Menu Options

xml
Enables or disables XML access. For sample output, see /cfg/sys/access/xml/xml
Enabling or Disabling XML Access, page 284
port <TCP_port_number>
Sets the XML server port number.
gtcert
Imports an XML client certificate.
delcert
Deletes an XML client certificate.
dispcert
Displays the current XML certificate.
debug
Toggles debug mode on or off.
Enabling XML debugging causes all commands in the XML file to be echoed to the
console, and prefaces each command one with either running XML cmd: or Invalid XML
cmd:. All responses to the commands are also sent to the console.
cur
Displays the current XML configuration.
283

/cfg/sys/access/xml/xml
Enabling or Disabling XML Access

Current XML access: disabled
Pending new XML access: enabled
Enter new XML access [d/e]:
/cfg/sys/alerts
Configure the System Alerts

[Alerts Threshold Menu]
interval - Set threshold detection interval
thrput
- Set throughput license alert threshold
sslcps
- Set SSL CPS license alert threshold
compress - Set compression license alert threshold
sesstble - Set threshold for session table utilizations
cur
- Display current alerts threshold configuration
Table 183: Alerts Threshold Menu

interval
Sets the interval for which the threshold detection is checked.
Default: 1 minute
thrput
Sets the throughput license alert threshold. If you set the value to 0, there is no alarm.
Values: 099 percent
Default: 90
sslcps
Sets the SSL CPS license percentage for the threshold alert.
Values: 099 percent
Default: 90
compress
Sets the compression license alert threshold.
Values: 099 percent
Default: 90
sesstble
Sets the session table threshold as a usage percentage of total capacity.
Values: 1100 percent
Default: high70, critical90
cur
Displays the current alerts threshold configuration.
284

/cfg/sys/report
Configuring Device Performance Monitoring (DPM) Reporting Parameters

When Device Performance Monitoring (DPM) is enabled (set to on), Alteon sends its performance
data to APSolute Vision. APSolute Vision processes the data and can display the information in the
Device Performance Monitoring Web interface.The DPM Web interface includes alerts, dashboards
with current monitoring data, and reports with historical data.
DPM requires a valid license installed on the associated APSolute Vision server.
Note: For DPM to work you must enable it, and you must globally enable DAM (Direct Access Mode)
for each virtual service that you are monitoring.
You can launch the DPM Web interface from the APSolute Vision client. The DPM interface launches
in the default browser.
You can configure the reporting level granularity for DPM reporting. For more information, see the
report command in the /cfg/slb/virt <server number>/service/http Virtual Server HTTP Service
For more information on DPM, refer to the APSolute Vision User Guide.
[report Menu]
port
on
off
cur
Set TCP port number for reporting communication

Globally turn Reporting ON
Globally turn Reporting OFF
Display current reporting configuration
Table 184: Alerts Threshold Menu

port
Sets the TCP port number for reporting communication.
Values: 010000
Default: 3030
on
Globally enables reporting communication.
Default: off
off
Globally disables reporting communication.
Default: off
cur
Displays the current reporting configuration.
285

/cfg/sys/timezone
Configure the Timezone

Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) None - disable timezone setting
Enter the number of your choice: 2
Please select a country.
1) Anguilla
18) Ecuador
35) Paraguay
2) Antigua & Barbuda
19) El Salvador
36) Peru
3) Argentina
20) French Guiana
37) Puerto Rico
4) Aruba
21) Greenland
38) St Kitts & Nevis
5) Bahamas
22) Grenada
39) St Lucia
6) Barbados
23) Guadeloupe
40) St Pierre & Miquelon
7) Belize
24) Guatemala
41) St Vincent
8) Bolivia
25) Guyana
42) Suriname
9) Brazil
26) Haiti
43) Trinidad & Tobago
10) Canada
27) Honduras
44) Turks & Caicos Is
11) Cayman Islands
28) Jamaica
45) United States
12) Chile
29) Martinique
46) Uruguay
13) Colombia
30) Mexico
47) Venezuela
14) Costa Rica
31) Montserrat
48) Virgin Islands (UK)
15) Cuba
32) Netherlands Antilles 49) Virgin Islands (US)
16) Dominica
33) Nicaragua
17) Dominican Republic 34) Panama
Enter the number of your choice:
286

/cfg/port <port number>
Port Configuration Menu

The Port menu lets you configure settings for individual ports. This menu is enabled by default. Port
configuration differs for the various Alteon Application Switch platforms. The following table
describes the port configuration and numbering for each platform:
Table 185: Port Configuration and Numbering
Platform
10/100/1000Base-T Copper 1000 Mbps

10GbE
Port Numbers
SFP GBIC
GBIC Port
Port Numbers Numbers
40GbE
GBIC Port
Numbers
Alteon Application
Switch 4024
1926
318
N/A
N/A
Alteon Application
Switch 4408
16
78
N/A
N/A
Alteon Application
Switch 4416
112
1316
N/A
N/A
Alteon Application
Switch 5412
18
912
1316 (XFP)
N/A
Alteon Application
Switch 5224
1926
318
12 (SFP+)
N/A
Note: When port 6/MNG

is configured as a
management port for
dedicated out-of-band
management, only ports
15 are available for
configuring.
Note: The LC jack is used for connecting Gigabit Ethernet fiber optic segments. The SFP modules
are not shipped with the product.
For more information on connectors, refer to the Radware Alteon Installation and Maintenance
Guide.
[Port 1 Menu]
gig
pvid
alias
name
rmon
tag
iponly
ena
dis
cur
Gig Phy Menu

Set default port VLAN id
Set port alias
Set port name
Enable/Disable RMON for port
Enable/disable VLAN tagging for port
Enable/disable allow IP related frames at ingress
Enable port
Disable port
Display current port configuration
287

Table 186: Port Configuration Menu Options (/cfg/port)

gig
If a port is configured to support Gigabit Ethernet, this displays the Gigabit Ethernet
Physical Link menu. To view this menu, see /cfg/port <port number>/gig Port Link
pvid <VLAN number, 1-4090>

Sets the default VLAN number which is used to forward frames which are not VLAN
tagged.
Default: 1
alias <15 characters string>

Set an alias for the port number.
name <64 character string>
|none
Sets a name for the port. The assigned port name appears next to the port number on
some information and statistics screens.
Default: none
rmon disable|enable
Disables or enables RMON for this port.
Default: disable
tag disable|enable
Disables or enables VLAN tagging for this port.
Default: disable
iponly disable|enable
Disables or enables allowing only IP-related frames.
Default: disable
ena
Enables the port.
dis
Disables the port.
To temporarily disable a port without changing its configuration attributes, see /oper/port
<port number> Operations-Level Port Options, page 609.
cur
Displays the current port parameters.
288

/cfg/port <port number>/gig
Port Link Configuration

You can set the port parameters using the Gigabit port configuration menu:
[GE Copper
speed
mode
fctl
auto
cur
Link Menu]
- Set link speed
- Set duplex mode
- Set flow control
- Set auto negotiate
- Display current ge copper link configuration
Note: Because the speed and mode parameters cannot be set for XFP Ethernet ports, these options
do not appear on the XFP Link menu.
Link menu options appear on the gig port configuration menu. Using these configuration menus, you
can set port parameters such as speed, flow control, and negotiation mode for the port link.
Table 187: Port Link Configuration Menu Options (/cfg/port <port number>/gig)

speed 10|100|any
Sets the link speed. Not all options are valid on all ports.
Values:
10 Mbps
100 Mbps
anyfor automatic detection
Default: any
This menu appears only if a Gigabit Ethernet port is selected.
mode full|half|any
Sets the operating mode.
Values:
Full-duplex
Half-duplex
anyfor auto negotiation
Default: any
This menu appears only if a Gigabit Ethernet port is selected.
fctl both|none
Sets the flow control.
Values:
bothBoth receive and transmit flow control
noneNo flow control
Default: both
289

Table 187: Port Link Configuration Menu Options (/cfg/port <port number>/gig) (cont.)

auto on|off
Enables or disables auto-negotiation for the port.
cur
Displays the current port parameters.
/cfg/vadc
vADC Configuration Menu

This menu only appears in the Global Administrator environment in ADC-VX mode. When you access
this menu, you are prompted to enter a vADC number (ID), with a range of 1 to 28 characters.
Notes
To see what vADCs have been defined already, use the /info/vadc menu or the /cfg/dump
command.
You must create at least one vADC ID with a name to access the vADC menu.
If all capacity units have been assigned, regardless of the number of available vADCs left on the
license, if you try to add another vADC the following error message displays:
Note: All capacity units have been allocated
If you are creating a new vADC capacity unit, you are prompted to use the vADC creation dialog
(see vADC Creation Dialog, page 290).
If you have entered an existing vADC capacity unit, the vADC menu displays (see vADC Menu,
page 292).
vADC Creation Dialog

If you are creating a new vADC capacity unit, you must first use the vADC creation dialog. The
following prompts display in the dialog, one at a time:
Table 188: vADC Creation Dialog
Prompt
Description
Do you wish to import a configuration file? [y/n]: If you enter n, you go to the Enter vADC Name
prompt.
Enter hostname or IP address of FTP/TFTP/

SCP server:
Enter name of file on FTP/TFTP/SCP server:
Enter username for FTP/SCP server or hit

return for TFTP server:
Enter password for username on FTP/SCP

server:
Enter "scp" or hit return for FTP server:
Enter vADC name:

Enter throughput limit in Mbps:
290
Minimum: 200 Mbps

Prompt
Description
Do you want to configure edit the default

acceleration settings? [y/n]
If you enter n, you go to the Enter VLAN

number prompt.
Enter SSL CPS limit:
Enter Compression limit:
Enter Cache RAM allocation (MB):
Enter VLAN number to be added:
Values:
For software SSL: 05000 CPS
For hardware SSL: 040000 CPS
Values: 01.5 Gbps

Minimum: 20% of the vADC allocated RAM
(configurable from within the vADC)
Do you want to configure Allowed Networks? [y/

n]:
If you enter n, you go to the vADC management

IP address prompt.
Enter VLAN number:
Values:14090
If the VLAN selected is not a shared interface,

the following prompts display:
For non-shared interfaces only:
Enter allowed IP version[v4,v6]:
The v6 option is only available if IPv6 is

enabled.
Enter allowed IP network:
If no IP address is entered, the capacity

unit can use any IP network.
Enter subnet:
Enter as required.
Do you want to assign additional IP

network to the allowed list? [y/n]:
If you enter y, you are prompted to add

another IP address.
If the VLAN selected is a shared interface, the

following prompts display:
For shared interfaces only:
Vlan # is a shared Interface, do you wish

to limit Shared interface Vlan # allowed
IP range? [Y/N]
For more information on allowed

networks, see /cfg/vadc/allow vADC
Allowed IP Networks, page 301.
Enter Allowed Network Number (1-1024):
See above comment.
Enter allowed IP Version[v4,v6]:
Vlan IP interface:
The v6 option is only available if IPv6 is

enabled.
Beginning of IP range:
As required.
This allows allocating specific addresses

out of a larger shared subnet.
End of the range for a larger shared

subnet.
If you enter y, you are prompted to add

another IP address.
End of IP range:
IP range subnet:
Do you want to assign additional IP

network to the allowed list? [y/n]:
The following prompts display:
Enter vADC management IP address(v4 or

v6):
Enter vADC management subnet mask:
Enter vADC management default gateway(v4

or v6):
Enter the vADC management information.
291

Prompt
Description
Do you wish to use a different vADC ID for peer? If you enter n, you go to the Enable vADC
[y/n]:
prompt.
Do you wish to use a different vADC name for
peer? [y/n]:
If you enter y, you are prompted for a name for

the peer.
Enter vADC Peer management address(v4 or v6): Enter the vADC peer management information.
Enter vADC management subnet mask:
Enter vADC Peer management gateway
address(v4 or v6):
Do you wish to enable vADC? [y/n]:
For the vADC to be usable, you must enable it.
After using the vADC creation dialog, the vADC menu displays (see vADC Menu, page 292). Any
values that you did not configure with the dialog are configured through the vADC menu.
If you enter apply, if a neighboring (peer) vADC is defined, you are prompted to synchronize the
new vADC with the peer. If you reply y and receive confirmation, save the new configuration.
Note: When the VX synchronizes the vADC configuration with its peer, all configuration parameters
are synchronized except the number of capacity units (CU) and whether they are enabled or
disabled.
vADC Menu
[vADC 20 Menu]
sys
add
rem
name
cu
limit
allow
users
swf
ena
dis
del
cur
-
Enable system services

Add Vlan
Remove Vlan
vADC Name
Update Capacity Units
Maximum throughput allowed
Allocate allowed IP networks
vADC Users Menu
Enable/Disable software features
Enable vADC
Disable vADC
Delete vADC
Display current vADC configuration
Table 189: vADC Menu

sys
Displays the vADC System Services menu. To view this menu, see /cfg/vadc/sys vADC
System Services Configuration, page 294.
292


add
Specifies the VLAN number to add for the vADC.
Values: 14090
Note: VLAN configuration changes to an active vADC may cause configuration conflicts
on the vADC.
rem
Specifies the VLAN number to remove.
Values: 14090
Note: VLAN configuration changes to an active vADC may cause configuration conflicts
on the vADC.
name
Specifies a new vADC name. This further identifies the vADC capacity unit. You must
enter a name for the vADC to later access the vADC menu.
cu
Specifies new number of capacity units.
Note: If all capacity units have been assigned, regardless of the number of available
vADCs left on the license, if you try to add another vADC the following error message
displays:
Note: All capacity units have been allocated

Values: 128
limit [thrput <number>|ssl <number>|compress <number>]

Specifies the throughput, SSL, or compression limit for the vADC:
thrputThe available throughput for vADC allocation is determined by the Alteon

throughput license. If you try to allocate throughput greater than the available global
throughput license, an error message similar to the following displays:
Error: Cannot allocate throughput to vADC 20. Please upgrade your

global throughput license
Values: 200 Mbps20 Gbps
Default: 200 Mbps
If required, you can adjust the value in increments of 100 Mbps.
sslThe available SSL CPS for vADC allocation.

Values:
For software SSL: 05000 CPS
For hardware SSL: 040000 CPS
If required, you can adjust the value in increments of 10 CPS.
compressThe available compression for vADC allocation.

Values: 01.5 Gbps
If required, you can adjust the value in increments of 10 Mbps.
allow
Displays the vADC Allow menu. To view this menu, see /cfg/vadc/allow vADC Allowed IP
Networks, page 301.
293


users
Displays the vADC User Access Control menu. To view this menu, see /cfg/vadc/users
vADC User Access Control Menu, page 302
swf
Displays the vADC Software Features menu. To view this menu, see /cfg/vadc/users
vADC User Access Control Menu, page 302
ena
Enables the vADC capacity unit.
dis
Disables the vADC capacity unit.
del
Deletes the vADC capacity unit.
cur
Displays the current configuration of the vADC.
/cfg/vadc/sys
vADC System Services Configuration

A vADC capacity unit can use Alteon system services in one of the following modes:
Use dedicated services defined by the vADC administrator.
Inherit the Alteon system services from the Global Administrator context as defined under these
menus.
The following table describes how system services are handled:
Service
Description
Syslog
vADC specific unless specifically defined.
AAA services:
RADIUS
TACACS
Date and time (including Inherited by default.

time zone settings)
Timeout for idle CLI
sessions
Inherited by default.
SMTP services
Peer target
294

From the System Services menu you can reconfigure the system services as necessary.
[vADC system services Menu]

mmgmt
- Management Port Menu
peer
- Sync Peer Management Port Menu
sync
- Assign target appliance for configuration sync
haid
- Set HA-ID value
syslog
- System Syslog Servers
radius
- System RADIUS Servers
tacacs
- System TACACS Servers
access
- System Access Menu
idle
- System timeout for idle CLI sessions
smtp
- System SMTP host
cur
- Display current vADC system parameters
Table 190: vADC System Menu

mmgmt
Displays the Management Port menu. To view this menu, see /cfg/vadc/sys/mmgmt
vADC Management Port Configuration, page 296.
peer
Displays the Sync Peer Management Port menu. To view this menu, see /cfg/vadc/sys/
peer vADC Sync Peer Management Configuration, page 297.
sync
Assigns the target appliance for the configuration synchronization. For sample output,
see /cfg/vadc/sys/sync vADC Sync Peer Management Assignment, page 298.
haid <0-63>
Sets the HA ID value to modify the assigned MAC addresses of vADCs.
Notes:
HA ID 0 is the legacy mode set automatically by Alteon for upgrade purposes, where
the HA ID value does not appear in the VRRP packet.
HA ID 64 is for internal use, for upgrades from lower versions.
syslog
Displays the Syslog menu. To view this menu, see /cfg/vadc/sys/syslog vADC Syslog
radius
Displays the RADIUS menu. To view this menu, see /cfg/vadc/sys/radius vADC RADIUS
tacacs
Displays the TACACS menu. To view this menu, see /cfg/vadc/sys/radius vADC RADIUS
access
Displays the System Access menu. To view this menu, see /cfg/vadc/sys/access vADC
System Access Configuration, page 299.
idle
Displays the System Idle menu. To view this menu, see /cfg/vadc/sys/idle vADC System
Idle Configuration, page 300.
295

Table 190: vADC System Menu

smtp <SMTP host name or IP address>
Displays the System Idle menu. To view this menu, see /cfg/vadc/sys/idle vADC System
Idle Configuration, page 300.
cur
Displays the current vADC system parameters.
/cfg/vadc/sys/mmgmt
vADC Management Port Configuration

[Global - vADC 1 vADC Management Port menu]
addr
- Set IP address
mask
- Set subnet mask
gw
addr6
- Set IPv6 address
gw6
delegate - Enable/Disable service delegation from global to vADC
lock
- Lock access for vADC Administration
unlock
- Unlock access for vADC Administration
cur
- Display current settings
Table 191: vADC Management Port Menu

mask <subnet mask (such as, 255.255.255.0)>

gw <gateway address (such as, 192.4.17.1)>

Sets the IP address for the default gateway.
addr6
prefix6
gw6 <gateway address>

Sets the IPv6 address for the default gateway.
delegate
Enables or disables global to vADC service delegation of the management port.
lock
Locks usage of the management port for the vADC Administrator.
unlock
Unlocks usage of the management port for the vADC Administrator.
296


cur
/cfg/vadc/sys/peer
vADC Sync Peer Management Configuration

This option enables the Global Administrator to set the peer synchronization parameters.
[Global - vADC 1 sys/peer Menu]

ID
- Set Peer vADC ID
name
- Set Peer name
addr
- Set IP address
mask
- Set subnet mask
gw
addr6
- Set IPv6 address
gw6
cur
- Display current peer settings
Table 192: vADC Sync Peer Management Menu

ID
Sets the peer vADC ID.
name
Sets a unique name for this peer vADC ID.
addr
mask
gw
Sets the default gateway address.
addr6
prefix6
gw6
Sets the IPv6 default gateway address.
cur
Displays the current peer settings.
297

/cfg/vadc/sys/sync
vADC Sync Peer Management Assignment

This option enables the Global Administrator to assign peer switches to vADCs.
When prompted, set the peer ID to assign it to a vADC.
[Peer Switch Addresses]

Peer switch 1:
Peer switch 2:
Peer switch 3:
Peer switch 4:
Peer switch 5:
Enter peer switch (1-5):
10.1.1.1,
20.1.1.1,
30.1.1.1,
40.1.1.1,
0.0.0.0 ,
enabled
enabled
enabled
enabled
disabled
/cfg/vadc/sys/syslog
vADC Syslog Configuration

[Global - vADC 1 Syslog Menu]
lock
unlock
cur
Table 193: vADC Syslog Server Menu

delegate
Enables or disables global-to-vADC service delegation of the syslog configuration.
lock
Locks usage of global syslog servers for the vADC Administrator.
unlock
Unlocks usage of global syslog servers for the vADC Administrator.
cur
Displays the current syslog configuration.
/cfg/vadc/sys/radius
vADC RADIUS Configuration

[Global - vADC System RADIUS Servers Menu]
lock
unlock
cur

delegate
Enables or disables global to vADC service delegation of RADIUS servers.
298


lock
Locks usage of RADIUS servers for the vADC Administrator.
unlock
Unlocks usage of RADIUS servers for the vADC Administrator.
cur
Displays the current RADIUS configuration.
/cfg/vadc/sys/tacacs
vADC TACACS Configuration

[Global - vADC 1 vADC System TACACS+ Servers Menu]
lock
unlock
cur

delegate
Enables or disables global to vADC service delegation of TACACS+ servers.
lock
Locks usage of global TACACS+ servers for the vADC Administrator.
unlock
Unlocks usage of global TACACS+ servers for the vADC Administrator.
cur
Displays the current global TACACS+ configuration.
/cfg/vadc/sys/access
vADC System Access Configuration

[Global - vADC 1 sys/access Menu]
http
- Enable/disable HTTP (Web) access
https
- Enable/disable HTTPS (Secure Web) access
snmp
sshd
- Enable/disable SSH access
tnet
- Enable/disable Telnet access
lock
- Lock access for vADC Administrator
unlock
- Unlock access for vADC Administrator
cur
299

Table 196: vADC System Access Menu

http
Enables or disables HTTP (Web) access.
https
Enables or disables HTTPS (Secure Web) access.
snmp
Enables or disables SNMP access control.
sshd
Enables or disables SSH access.
tnet
Enables or disables Telnet access to Alteon. You see this command only if you are
connected to Alteon through the console port.
Default: disable
lock
Locks access for the vADC Administrator.
unlock
Unlocks access for the vADC Administrator.
cur
Displays the current system access configuration.
/cfg/vadc/sys/idle
vADC System Idle Configuration

[Global - vADC 1 vADC Idle CLI Session Menu]
delegate - Enable/Disable global to vADC service delegation
lock
unlock
cur

delegate
Enables or disables global to vADC service delegation of global idle servers.
lock
Locks usage of global idle servers for the vADC Administrator.
unlock
Unlocks usage of global idle servers for the vADC Administrator.
cur
Displays the current global idle configuration.
300

/cfg/vadc/sys/smtp
vADC System SMTP Configuration

[Global - vADC 1 vADC SMTP Host Menu]
delegate - Enable/Disable global to vADC service delegation
lock
unlock
cur

delegate
Enables or disables global to vADC service delegation of global SMTP servers.
lock
Locks usage of global SMTP servers for the vADC Administrator.
unlock
Unlocks usage of global SMTP servers for the vADC Administrator.
cur
Displays the current global SMTP configuration.
/cfg/vadc/allow
vADC Allowed IP Networks

Allowed networks are a list of IP networks that a vADC is limited to using. This lets you control the
way vADCs connect with the infrastructure, while providing each vADC with complete autonomy.
If no allowed network is defined, by default the vADC administrator is able to set any IP subnet to
any assigned interface and interface type.
[vADC allowed
add
rem
cur
IP networks Menu]
- Add IP network to the allowed vADC list
- Remove IP network from the allowed vADC list
- Display current vADC allowed IP networks
Table 199: vADC Allowed Networks Menu

add
Enter an IP network to the allowed vADC list. If you enter no value, the vADC capacity
unit can be used by any VLAN. You are also prompted to enter the IP version of the VLAN.
Shared interfaces are unique and, although part of a subnet, an entire subnet cannot be
assigned to a specific vADC because a vADC does not have visibility in its neighboring
vADC configurations. As a result, vADCs can create outages by assigning a duplicate IP
address.
Alteon detects if the assigned VLAN is a shared interface and prompts you to provide a
range of IP addresses to avoid this problem. Using this option, you can create IP
interfaces from the respective subnet, but is limited to the assigned address range.
rem
Remove an IP network from the allowed vADC list.
301

Table 199: vADC Allowed Networks Menu

cur
Displays the current configuration of allowed IP networks.
/cfg/vadc/users
vADC User Access Control Menu

You can create a user of any type with any authorization level for a vADC. If granted permission, you
can delete such users from within the vADC. If you delete a user created by the Global
Administrator, you can create another similar user in the future for recovery purposes.
[Global - vADC 20 User Access Control Menu]

uid
- User ID Menu
usrpw
sopw
- Set SLB operator password (slboper)
l4opw
- Set L4 operator password (l4oper)
opw
sapw
- Set Slb administrator password (slbadmin)
l4apw
- Set L4 administrator password (l4admin)
admpw
cur
Table 200: vADC User Access Control Menu

uid <User ID, 1-10>
Displays the User ID menu. To view this menu, see /cfg/vadc/users/uid System User ID
usrpw
Sets the user (user) password. The user has no direct responsibility for Alteon
management. The user can view status information and statistics, but cannot make any
configuration changes.
sopw
Sets the SLB operator (slboper) password. The SLB operator manages Web servers and
other Internet services and their loads. The SLB operator can view all Alteon information
and statistics, and can enable or disable servers using the Server Load Balancing
Configuration menus.
Access includes user functions.
l4opw
Sets the Layer 4 operator (l4oper) password. The Layer 4 operator manages traffic on
the lines leading to the shared Internet services. The Layer 4 operator can view all Alteon
information and statistics.
Access includes slboper functions.
opw
Sets the operator (oper) password. The operator manages all functions of Alteon, and
can view all information and statistics, and can reset ports or the entire Alteon.
302


sapw
Sets the SLB administrator (slbadmin) password. The SLB administrator configures and
manages Web servers and other Internet services and their loads, and can view all Alteon
information and statistics, but can configure changes only on the Server Load Balancing
menus.
Note: The Filter menu options are not accessible to the SLB administrator.
l4apw
Sets the Layer 4 administrator (l4admin) password. The Layer 4 administrator
configures and manages traffic on the lines leading to the shared Internet services, and
can view all Alteon information and statistics, and can configure parameters on the
Server Load Balancing menus, with the exception of not being able to configure filters.
Access includes slbadmin functions.
admpw
Sets the administrator (admin) password. The superuser administrator has complete
access to all menus, information, and configuration commands, including the ability to
change both the user and administrator passwords.
Access includes oper and l4admin functions.
cur
Displays the current user status.
/cfg/vadc/users/uid
System User ID Configuration Menu

This feature allows users to operate the real servers assigned to them. Using this menu you can list
the current status of the real server including the real server number, the real server name, the
operational state of the real server, and the number of current sessions. You can enable or disable
the real servers and change the password for accessing these real servers.
[User ID 1 Menu]
cos
- Set class of service
name
- Set user name
pswd
- Set user password
backdoor - Set user backdoor access
crtmng
- Enable/disable certificate management permissions
ena
- Enable user ID
dis
- Disable user ID
del
- Delete user ID
cur
- Display current user configuration
303

Table 201: User ID Configuration Menu Options (/cfg/vadc/users/uid)

cos
<user|l3oper|slbview|slboper|l4oper|oper|crtadmin|l3admin|slbadmin|l4admin|adm
in>
Sets the Class of Service (CoS) to define the user's authority level. Alteon classes
(levels) include:
User (user)
Layer 3 Operator (l3oper)
SLB Viewer (slbview)
SLB Operator (slboper)
Layer 4 Operator (l4oper)
Operator (oper)
Certificate Administrator (crtadmin)
Layer 3 Administrator (l3admin)
SLB Administrator (slbadmin)
Layer 4 Administrator (l4admin)
Administrator (admin)
For more information on these security levels, see Accessing Alteon, page 34.
name <8 char max>

Defines the user name.
pswd <15 char max>

Defines the user password.
backdoor [d | e]
Enables or disables user access even when RADIUS or TACACS+ authentication is not
available.
Note: This applies to RADIUS and TACACS+ authentication when they are enabled but
still not available)
crtmng
Enables or disables certificate management permissions.
ena
Enables the user ID.
dis
Disables the user ID.
del
Deletes the user ID.
cur
Displays the current user ID configuration.
304

/cfg/vadc/swf
vADC Software Features Menu

The Global Administrator can enable or disable the following software features for a particular vADC,
provided that there are licenses for these features:
GlobalGlobal Server Load Balancing
ITMBandwidth Management plus Security
LLBInbound Link Load Balancing
ADoSAdvanced Denial of Service Protection
[vADC software features Menu]

ena
- Enable software feature
dis
- Disable software feature
cur
- Display current software features state

ena
Enables the selected software feature.
dis
Disables the selected software feature.
cur
Displays the current software feature settings.
/cfg/dashboard
Dashboard Menu
Each vADC has an accompanying dashboard that monitors the processing power and throughput
usage relative to the total allocated resources. The dashboard provides a centralized view of this
data so the Global Administrator can preemptively identify potential application and user issues and
needs by verifying the health, resource usage, and activity of the vADC.
[Dashboard Menu]
interval - Set
vadc
- Set
range
- Set
view
- Set
chart
- Set
the sampling interval

vADC to monitor through the resource dashboard
default time range
default view type
default chart type
Table 203: Dashboard menu options (/cfg/dashboard)

interval
Sets the sampling interval.
vadc
Sets the vADC to be monitored through the resource dashboard.
305

Table 203: Dashboard menu options (/cfg/dashboard)

range
Sets the default time range.
view throughput|cpu|both(throughput\cpu)
Sets the default view type.
chart
Sets the default chart type.
/cfg/pmirr
Port Mirroring Menu

This menu only appears in the vADC Administrator environment in ADC-VX mode. The Port Mirroring
menu is used to configure, enable, and disable the monitored port. When enabled, network packets
being sent to and/or received from a target port are duplicated and sent to a monitor port. By
attaching a network analyzer to the monitor port, you can collect detailed information about your
network performance and usage. Port mirroring is disabled by default.
[Port Mirroring
mirror
monport cur
-
Menu]
Enable/Disable Mirroring
Configure Monitor Port
Display All Mirrored and Monitored Ports and VLANs
Table 204: Port Mirroring menu options (/cfg/pmirr)

mirror disable|enable
Enables or disables port mirroring
monport <monitoring port (port to mirror to)>

Displays the Port-Mirroring menu to configure the port. To view this menu, see /cfg/
pmirr monport Port-Mirroring Menu, page 306.
cur
Displays the current settings of the mirrored and monitoring ports.
/cfg/pmirr monport
Port-Mirroring Menu
[Port 1 Menu]
add
- Add "Mirrored" port and VLANs
rem
- Rem "Mirrored" port and VLANs
cur
- Display current Port-based Port Mirroring configuration
306

Table 205: Port-Based Port-Mirroring Menu Options (/cfg/pmirr/monport)

add <mirrored port (port to mirror from)
index or Carriage Return for all vlans>
direction (in, out, or both)
vlan
Adds the port to be mirrored, including the direction. You need to specify the direction
because:
If the source port of the frame matches the mirrored port, and the mirrored direction
is ingress or both (ingress and egress), the frame is sent to the mirrored port.
If the destination port of the frame matches the mirrored port, and the mirrored
direction is egress or both, the frame is sent to the monitoring port.
VLAN-based port mirroring lets you monitor traffic based on VLANs associated with a
port. You can add specific VLANs to a be monitored even if there are multiple VLANs
associated with that port. If you do not specify a VLAN, all traffic on that port will be
mirrored.
rem <mirrored port (port to mirror from)

vlans>
vlan index or Carriage Return for all
Removes the mirrored port.
cur
Displays the current settings of the monitoring port. For example:
>> Port 1# cur

Monitoring port (Mirrored port,direction,vlans)
1
none
/cfg/bwm
Bandwidth Management Configuration

Bandwidth Management (BWM) enables Web site managers to allocate a portion of the available
bandwidth for specific users or applications. It helps companies guarantee that critical business
traffic, such as e-commerce transactions, receive higher priority versus non-critical traffic. Traffic
classification can be based on user or application information. BWM policies can be configured to set
lower and upper bounds on the bandwidth allocation.
Note: BWM is a software key-enabled feature that requires you to purchase a license and a key. For
more information on enabling BWM, see /oper/swkey Activating Software, page 617.
307

By default, BWM is turned off. For more information, refer to the Alteon Application Switch Operating
System Application Guide.
[Bandwidth Management Menu]

cont
- Contract Menu
policy
- Policy Menu
group
- Group Menu
user
- Set SMTP server user name
report
- Set IP address of Reporting server
entries - Set number of entries in the BWM IP user table
frequen - Set the frequency of BWM statistics in minutes
email
- Enable/disable sending BWM statistics via email
force
- Enable/disable enforce policies
on
- Globally turn Bandwidth Management processing ON
off
- Globally turn Bandwidth Management processing OFF
cur
- Display current Bandwidth Management configuration
Note: Up to 1024 bandwidth management contracts can be configured.
Table 206: Bandwidth Management Menu Options (/cfg/bwm)

cont <BW contract number (1-1024)>
Displays the Bandwidth Management Contract menu. To view this menu, see /cfg/bwm/
cont <contract number> Bandwidth Management Contract Configuration, page 309.
To manage bandwidth, you must create one or more bandwidth management contracts.
Alteon uses these contracts to limit individual traffic flows. For more details, refer to the
Alteon Application Switch Operating System Application Guide.
By default, this option is disabled.
policy <BW policy number (1-512)>

Displays the Bandwidth Management Policy menu. To view this menu, see /cfg/bwm/
policy <policy number> Bandwidth Management Policy Configuration, page 312.
Bandwidth policies are bandwidth limitations defined for any set of frames, specifying the
guaranteed bandwidth rates. A bandwidth policy is often based on a rate structure where
a Web host could charge a customer for bandwidth utilization. For more details, see the
group <BW Group number (1-32)>

Displays the Bandwidth Management Group menu. To view this menu, see /cfg/bwm/
group Bandwidth Management Group Configuration Menu, page 313.
user <user name>

Sets the SMTP user name to whom the history statistics will be mailed.
Default: none
report <server IP address (v4 or v6)>

Sets the IPv4 or IPv6 address of the reporting server.
entries <64k|128k|256k|512k>
Sets the number of entries in the Bandwidth Management IP user table.
308

Table 206: Bandwidth Management Menu Options (/cfg/bwm)

frequen <1-1440 minutes, 0 for default behavior>
Sets the frequency of BWM e-mail in minutes.
Default: 0
email disable|enable
Enables or disables sending BWM statistics using e-mail.
When disabled, these statistics are sent using a socket mechanism.
force disable|enable
Enables or disables the enforcement of bandwidth policy on the traffic.
When disabled, the reordering of the packets does not occur. The packets exit in the
order they come in. This means that no bandwidth limit is applied on the queues.
Default: enable
on
Globally enables Bandwidth Management.
off
Globally disables Bandwidth Management.
cur
Displays the current Bandwidth Management configuration.
/cfg/bwm/cont <contract number>
Bandwidth Management Contract Configuration

[BW Contract 1 Menu]
timepol - Time policy Menu
name
- Set Contract name
policy
- Set Contract Policy
prec
- Set Contract Precedence
iptype
- Set user (IP address) limiting type for this contract
iplimit - Enable/disable user (IP address) limiting for this contract
maxsess - Set maximum number of sessions per user or contract
history - Enable/disable Saving Contract stats history
wtos
- Enable/disable overwriting IP TOS for this Contract
mononly - Enable/disable monitor-only mode for this Contract
shaping - Enable/disable traffic shaping - disable is rate limiting
wtcpwin - Enable/disable overwriting TCP Window for this Contract
ena
- Enable BW Contract
dis
- Disable BW Contract
del
- Delete BW Contract
cur
- Display current BW Contract configuration
309

Table 207: Bandwidth Management Policy Menu Options (/cfg/bwm/cont)

timepol <BW Contract time policy number (1-2)>
Displays the Time Policy menu. To view this menu, see /cfg/bwm/cont <contract
number> /timepol <Contract time policy number> BWM Contract Time Policy

Sets the name for this Bandwidth Management contract. For example:
>> BW Contract 1# name

Current BW Contract name:
Enter new BW Contract name:
policy <Bandwidth policy number (1-512)>
Sets the policy number for this Bandwidth Management contract.
Default: 64
prec <Bandwidth precedence value (1-255)>

Sets the precedence value for this Bandwidth Management contract.
Default: 1
iptype <sip|dip>
Defines the IP type for this contract, whether the user (IP address) limiting is enforced
by the source IP address (SIP), or the destination IP address (DIP).
pmirr <port | none>

Defines a port to mirror contract packets to.
portEnter a valid port to enable this feature.
nonDisable this feature.
Note: This command is available in maintenance mode only.
iplimit disable|enable
Enables or disables user (IP address) limiting for this contract. If enabled, each IP
address is limited to the user limit configured using /cfg/bwm/policy <policy number>
Bandwidth Management Policy Configuration, page 312.
maxsess <maximum sessions (0-65534)>

Sets the maximum number of sessions per user or contract.
Default: 0
history disable|enable
Disables or enables saving statistics for this contract on the server.
Default: enable
wtos disable|enable
Disables or enables overwriting the IP Type of Service (TOS) for this contract.
Default: disable
mononly disable|enable
Enables or disables monitor-only mode for this contract. This is used for design and
auditing purposes only. Statistics are generated, but no shaping or limiting applies to this
contract.
310

Table 207: Bandwidth Management Policy Menu Options (/cfg/bwm/cont)

shaping disable|enable
Disables or enables shaping of the traffic for this contract. In this context, shaping means
buffering a packet and keeping it ready to be sent.
wtcpwin disable|enable
Enables or disables overwriting TCP Window for this contract. By overwriting the default
window size, you can modify the TCP window size to a lower value so that when the
packet arrives carrying the bytes within that window size, the receiver of that packet
does not have to wait for acknowledgement. This may help reduce the traffic congestion.
Note: Do not set the value to lower than 1500 bytes. For details, refer to the Alteon
ena
Enables this Bandwidth Management contract.
dis
Disables this Bandwidth Management contract.
del
Removes this contract.
cur
Displays the current Bandwidth Management contract configuration.
/cfg/bwm/cont <contract number> /timepol <Contract time policy number>
BWM Contract Time Policy Configuration Menu

This menu lets you configure different policies based on the time.
[BW Contract 1
day
from
to
policy
enable
disable
delete
cur
Time Policy 1 Menu]

- Set Time Policy day
- Set Time Policy from hour
- Set Time Policy to hour
- Set Time Policy
- Enable Time Policy
- Disable Time Policy
- Delete Time Policy
- Display current Time Policy configuration
Table 208: BWM Contract Time Policy Configuration Menu Options (/cfg/bwm/timepol)

day <mon|tue|wed|thu|fri|sat|sun|weekday|weekend|everyday>
Defines the days of the week, weekdays (Monday to Friday), weekend (Saturday and
Sunday) or everyday. The default is everyday.
from <1-12am/pm>
Defines the time from where you need to start the time in hours. If am or pm is not
specified, the switch will default to am for numbers lower than 12 and will default to pm
for numbers 13 or higher.
311

Table 208: BWM Contract Time Policy Configuration Menu Options (/cfg/bwm/timepol)

to <1-12am/pm>
Sets the end limit of time in hours. If am or pm is not specified, the switch will default to
am for numbers lower than 12 and will default to pm for numbers 13 or higher.
policy <BW Policy number, 1-512>

Defines the policy number for the contract.
enable
Enables the Time Policy command on the switch.
disable
Disables the Time Policy command on the switch.
delete
Deletes the current Time Policy.
cur
Displays the current Time Policy configuration on the switch. For example:
Time Policy 1:
Day everyday, From Hour 12 a.m., To Hour 12 a.m., Policy 512, disabled
/cfg/bwm/policy <policy number>
Bandwidth Management Policy Configuration

[Policy 1 Menu]
hard
soft
resv
userlim utos
otos
buffer
del
cur
-
Set hard Limit

Set soft Limit
Set Reservation Limit
Set per user (IP address) Limit
Set underlimit (soft limit) TOS
Set overlimit (soft limit) TOS
Set Buffer Limit
Delete BW Policy
Display current Policy configuration
Table 209: Bandwidth Management Policy Menu Options (/cfg/bwm/pol)

hard <0k-5000k|1m-1000m>
Sets the hard bandwidth limit for this policy. This is the highest amount of bandwidth
available to this policy.
Default: 2000 kbps
soft <0k-5000k|1m-1000m>
Sets the soft bandwidth limit for this policy.
Default: 1000 kbps
312

Table 209: Bandwidth Management Policy Menu Options (/cfg/bwm/pol)

resv <0k-5000k|1m-1000m>
Sets the reserve limit for this policy. This is the amount of bandwidth always available to
this policy.
Default: 500 kbps
userlim <0k-5000k|1m-1000m>
Sets the bandwidth limit for each IP address in the contract traffic.
utos <BW Policy TOS (0-255)>

Sets the new utos (underlimit TOS) value to overwrite the original TOS value if the traffic
for this contract is under the soft limit.
Default: 0 (Alteon does not overwrite the TOS value)
otos <BW Policy TOS (0-255)>

Sets the new otos (over the limit TOS) value to overwrite the original TOS value if the
traffic for this contract is over the soft limit.
Default: 0 (Alteon does not overwrite the TPS value)
buffer <Maximum buffer space (bytes) (8192-128000)>

Sets the buffer limit for this policy.
Default: 8192 bytes
del
Deletes the Bandwidth Management policy.
cur
Displays the current value of the Bandwidth Management policy configuration.
/cfg/bwm/group
Bandwidth Management Group Configuration Menu

[BW Group 1 Menu]
add
- Add Contract to this group
rem
- Remove Contract from this group
del
- Delete BW Group
cur
- Display current BW Group configuration
Table 210: Bandwidth Management Group Menu Options (/cfg/bwm/group)

add <BW Contract number, 1-1023 excluding default>
Adds a contract to this group.
rem <BW Contract number, 1-1023 excluding default>

Removes a contract from this group.
del
Deletes this Bandwidth Management group.
313

Table 210: Bandwidth Management Group Menu Options (/cfg/bwm/group)

cur
Displays all current Bandwidth Management group configurations.
/cfg/bwm/cur
Bandwidth Management Current Configuration

Current Bandwidth Management setting: ON
Policy Enforcement: enabled
SMTP server user name:
Reporting Server IP Address: 0.0.0.0
BWM IP user table entries: 16k
Cont Name
Policy Prec TOS State Shaping Monitor IPlimit TCPwin
---- ---------------- ---- --- ----- ------- ------- ------- -----999 test
512
1
D
E
D
D
by sip
D
1022 Reserved
511 255
D
M
D
E
dis
D
1023 Reserved
511 255
D
M
D
E
dis
D
1024 Default
0
D
E
D
dis
D
*Default contract gets all the BW that is available on
a port after the active contracts reserved BW is taken.
Policy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
314
Hard Soft Resv oTOS uTOS Buffer

25M
20M 500K 150 100
16320
10M
8M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320
2M
1M 500K
0
0
16320

/cfg/l2
Layer 2 Configuration Menu

Figure 28: Global Administrator Layer 2 Menu
[Layer 2 Menu]
mrst
stg
trunk
lacp
vlan
team
cur
-
Multiple Spanning Tree/Rapid Spanning Tree Menu

Spanning Tree Menu
Trunk Group Menu
VLAN Menu
Port Teaming Menu
Display current Layer 2 parameters
Figure 29: vADC Administrator or Standalone Layer 2 Menu

[Layer 2 Menu]
vlan
- VLAN Menu
cur
- Display current Layer 2 parameters
Table 211: Layer 2 Configuration Menu Options (/cfg/l2)

mrst
Displays the Multiple Spanning Tree menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /cfg/l2/mrst
Multiple Spanning Tree Menu, page 316.
stg <group number [1-16]>

Displays the Spanning Tree Group menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /cfg/l2/stg
Spanning Tree Group Configuration, page 318.
trunk <trunk group number>

Displays the Trunk Group menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/l2/trunk <trunk group
number> Trunk Configuration, page 322.
lacp
Displays the Link Aggregation Control Protocol (LACP) menu. This menu only appears in
the Global Administrator environment in ADC-VX mode. To view this menu, see /cfg/l2/
lacp Link Aggregation Control Protocol Menu, page 323.

Displays the VLAN menu. To view this menu, see /cfg/l2/vlan <VLAN number> VLAN
team
Displays the Port Team menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/l2/team <team number>
Port Team Configuration, page 330.
cur
Displays the current Layer 2 parameters.
315

/cfg/l2/mrst
Multiple Spanning Tree Menu

This menu only appears on the Global Administrator Statistics menu in ADC-VX mode.
[Multiple Spanning Tree Menu]

cist
- Common and Internal Spanning Tree Menu
name
- Set MST region name
version - Set Version of this MST region
maxhop
- Set Maximum Hop Count for MST (4 - 60)
mode
- Spanning Tree Mode
on
- Globally turn Multiple Spanning Tree (MSTP/RSTP) ON
off
- Globally turn Multiple Spanning Tree (MSTP/RSTP) OFF
cur
- Display current MST parameters
Table 212: Multiple Spanning Tree Menu Options

cist
Displays the Common and Internal Spanning Tree menu. To view this menu, see /cfg/l2/
mrst/cist Common Internal Spanning Tree Menu, page 316.
name <1-32 character region name>

Sets the MST region name.
version <version number 1-65535>

Sets the MST region version.
maxhop <max hops 4-60>

Sets the maximum MST hop count.
mode mstp|rstp
Sets the spanning tree mode.
on
Sets the spanning tree on (Bridge MSTP/RSTP runs normally).
off
Sets the spanning tree off (Bridge MSTP/RSTP does not run).
cur
Displays the current MST parameters.
/cfg/l2/mrst/cist
Common Internal Spanning Tree Menu

[Common Internal Spanning Tree Menu]
brg
- CIST Bridge parameter Menu
port
- CIST Port parameter Menu
default - Default Common Internal Spanning Tree and Member parameters
cur
- Display current CIST parameters
316

Table 213: Multiple Spanning Tree CIST Bridge Menu Options

brg
Displays the CIST Bridge parameter menu. To view this menu, see /cfg/l2/stg/brg
Bridge Spanning Tree Configuration, page 319.
port <port_number>
Sets the port number.
default
Resets the STG and group member parameters to the factory default.
cur
Displays the current values of all objects that can be set from this menu.
/cfg/l2/mrst/cist/brg
CIST Bridge Menu

[CIST Bridge Menu]
prior
- Set CIST bridge
mxage
- Set CIST bridge
fwd
- Set CIST bridge
cur
- Display current
Priority (0-65535)
Max Age (6-40 secs)
Forward Delay (4-30 secs)
CIST bridge parameters
Table 214: Multiple Spanning Tree CIST Bridge Menu Options

prior <new bridge Priority, 0-65535>
Sets the bridge priority.
mxage <new bridge Max Age, 6-40 secs>

Sets the port number.
fwd <new bridge Forward Delay, 4-30 secs>

Sets the CIST bridge forward delay.
cur
Displays the current values of all objects that can be set from the CIST bridge menu. For
sample output, see /cfg/l2/mrst/cist/brg cur Current Configuration for CIST Bridge,
page 317.
/cfg/l2/mrst/cist/brg cur
Current Configuration for CIST Bridge

>> CIST Bridge# cur
----------------------------------------------------------Current Common Internal Spanning Tree settings:
Bridge params: Priority MaxAge FwdDel
32768
20
15
317

Table 215: CIST bridge configuration
Statistic
Description
Priority
The current CIST Bridge priority setting.

Values: 065535
The current CIST Bridge maximum aging setting.
MaxAge
Values: 640 seconds

The current CIST Bridge forwarding delay setting.
FwdDel
Values: 430 seconds
/cfg/l2/stg
Spanning Tree Group Configuration

When multiple paths exist on a network, the Spanning Tree Protocol (STP) configures the network so
that an Alteon uses only the most efficient path. STP detects and eliminates logical loops in a
bridged or switched network. STP forces redundant data paths into a standby (blocked) state. When
multiple paths exist, STP configures the network so that an Alteon uses only the most efficient path.
If that path fails, STP automatically sets up another active path on the network to sustain network
operations. As a result, STP is used to prevent loops in the network topology.
Alteon supports the IEEE 802.1p Spanning Tree Protocol (STP), and supports up to 16 instances of
spanning trees or spanning tree groups. Each VLAN can be placed in only one spanning tree group
per Alteon, except for the default spanning tree group (STG 1). The default group can have more
than one VLAN. All other spanning tree groups (2 through 16) can have only one VLAN associated
with them.
STP can be enabled or disabled for each port. Multiple spanning trees can be enabled on tagged or
untagged ports. For a detailed description of this feature, see the Alteon Application Switch
[Spanning Tree Group 1 Menu]

brg
- Bridge parameter menu
port
- Port parameter menu
add
- Add VLAN(s) to Spanning Tree Group
remove - Remove VLAN(s) from Spanning Tree Group
clear
- Remove all VLANs from Spanning Tree Group
on
- Globally turn Spanning Tree ON
off
- Globally turn Spanning Tree OFF
default - Default Spanning Tree and Member parameters
untgpvst - Enable/Disable sending PVST frames on untagged ports
cur
- Display current bridge parameters
Note: When VRRP is used for active-active redundancy, STP must be enabled.
Table 216: Spanning Tree Configuration Menu (/cfg/l2/stp)

brg
Displays the Bridge Spanning Tree menu. To view this menu, see /cfg/l2/stg/brg Bridge
Spanning Tree Configuration, page 319.
318

Table 216: Spanning Tree Configuration Menu (/cfg/l2/stp)

port <port number>
Displays the Spanning Tree Port menu. To view this menu, see /cfg/l2/stg <STG Group
Index> /port <port #> Spanning Tree Port Configuration, page 321.
add <VLAN numbers (1-4090)>

Associates a VLAN with a spanning tree and requires an external VLAN ID as a parameter.
remove <VLAN numbers, 1-4095 (802.1d & RSTP) / 2-4094 (MSTP)>

Breaks the association between a VLAN and a spanning tree and requires an external
VLAN ID as a parameter.
clear
Removes all VLANs from a spanning tree.
on
Globally enables STP. STP is turned on by default.
off
Globally disables STP.
default
Resets the STG and group member parameters to the factory default.
untgpvst
Enables or disables sending PVST frames on untagged ports.
cur
Displays the current STP parameters.
/cfg/l2/stg/brg
Bridge Spanning Tree Configuration

[Bridge Spanning Tree Menu]
prior
- Set bridge Priority [0-65535]
hello
- Set bridge Hello Time [1-10 secs]
mxage
- Set bridge Max Age (6-40 secs)
fwd
- Set bridge Forward Delay (4-30 secs)
aging
- Set bridge Aging Time (1-65535 secs, 0 to disable)
cur
- Display current bridge parameters
Spanning tree bridge parameters affect the global Alteon STP operation. They include:
Bridge priority
Bridge hello time
Bridge maximum age
Forwarding delay
Bridge aging time
When you configure the STP bridge parameters, you must use the following formulas to make your
calculations:
2 X (fwd-1) mxage
2 X (hello+1) mxage
319

Table 217: Bridge Spanning Tree Menu Options (/cfg/l2/stp/brg)

prior <new bridge priority (0-65535)>
Configures the bridge priority. The bridge priority controls which bridge on the network is
the STP root bridge. To make this Alteon the root bridge, configure the bridge priority
lower than all other Alteons and bridges on your network. The lower the value, the
higher the bridge priority.
Values: 065535
Default: 32768
hello <new bridge hello time (1-10 secs)>

Configures the bridge hello time. The hello time specifies how often the root bridge
transmits a configuration bridge protocol data unit (BPDU). Any bridge that is not the
root bridge uses the root bridge hello value.
Values: 110 seconds
Default: 2 seconds
mxage <new bridge max age (6-40 secs)>

Configures the bridge maximum age. The maximum age specifies the maximum time the
bridge waits without receiving a configuration bridge protocol data unit before it reconfigures the STP network.
Values: 640 seconds
Default: 20 seconds
fwd <new bridge Forward Delay (4-30 secs)>

Configures the bridge forward delay parameter. The forward delay specifies the amount
of time that a bridge port has to wait before it changes from the listening state to the
learning state and from the learning state to the forwarding state.
Values: 430 seconds
Default: 5 seconds
aging <new bridge Aging Time (1-65535 secs, 0 to disable)>

Configures the forwarding database aging time. The aging time specifies the amount of
time the bridge waits without receiving a packet from a station before removing the
station from the forwarding database.
Values: 165535 seconds
Default: 300 seconds
To disable aging, set the parameter to 0.
cur
Displays the current bridge STP parameters.
320

/cfg/l2/stg <STG Group Index> /port <port #>
Spanning Tree Port Configuration

[Spanning Tree
prior
cost
link
edge
blkbpdu on
off
cur
-
Port 1 Menu]
Set port Priority (0-255)
Set port Path Cost
Set port link type (auto,p2p,or shared; default: auto)
Enable/disable edge port
Enable/disable forwarding bpdu's on STG off
Turn port's Spanning Tree ON
Turn port's Spanning Tree OFF
Display current port Spanning Tree parameters
Spanning Tree port parameters are used to modify STP operation on an individual port basis. STP
port parameters include:
Port priority
Port path cost
Table 218: Spanning Tree Port Menu (/cfg/l2/stp/port)

prior <new port Priority (0-255)>
Configures the port priority. The port priority is used to determine which bridge port
becomes the designated port. In a network topology that has multiple bridge ports
connected to a single segment, the port with the lowest port priority becomes the
designated port for the segment.
Values: 0255
Default: 128
cost <new port Path Cost (0-65535, 0 for default)>

Configures the port path cost. The port path cost is used to determine the designated
port for a segment. Generally speaking, the faster the port, the lower the path cost.
Values: 065535
A value of 0 indicates that the default cost is computed for an auto-negotiated link
speed.
Default: 10 for 100 Mbps ports, 1 for Gigabit ports
link auto|p2p|shared
Sets the port link type:
Values: auto, p2p, shared
Default: auto
edge disable|enable
Enables or disables the edge port.
blkbpdu disable|enable
Block BPDU - enables or disables blocking the forwarding of the configuration bridge
protocol data units (BPDU), when the spanning tree is turned off.
Applicable in VX and standalone modes.
on
Enables STP on the port. STP is turned on by default for the port.
321

Table 218: Spanning Tree Port Menu (/cfg/l2/stp/port)

off
Disables STP on the port.
cur
Displays the current STP port parameters.
/cfg/l2/trunk <trunk group number>
Trunk Configuration
Trunk groups can provide super-bandwidth and multi-link connections between Alteon or other trunk
capable Alteons. A trunk group is a group of ports that act together, combining their bandwidth to
create a single, larger virtual link. When trunk groups are configured, you can view the state of each
port in the various trunk groups. Up to 12 trunk groups can be configured, with the following
restrictions:
Any physical port can belong to no more than one trunk group.
Up to eight ports or trunks can belong to the same trunk group.
The best performance is achieved when all ports in a trunk are configured for the same speed.
Trunking Alteons must comply with Cisco EtherChannel technology.
[Trunk group 1 Menu]

name
- Set descrptive trunk name
add
- Add port to trunk group
rem
- Remove port from trunk group
ena
- Enable trunk group
dis
- Disable trunk group
del
- Delete trunk group
cur
- Display current Trunk Group configuration
Table 219: Trunk Configuration Menu Options (/cfg/l2/trunk)

name < name(31 chars Max)>
Defines a descriptive name for the trunk.
add <port number>

Adds a physical port to the current trunk group.
rem <port number>

Removes a physical port from the current trunk group.
ena
Enables the current trunk group.
dis
Turns the current trunk group off. By default, the trunk group is empty and disabled.
del
Removes the current trunk group configuration.
322

Table 219: Trunk Configuration Menu Options (/cfg/l2/trunk)

cur
Displays the current trunk group parameters.
/cfg/l2/lacp

Alteon supports the IEEE 802.3ad standard. At the core of the 802.3ad standard is the Link
Aggregation Control Protocol (LACP). This protocol allows the user to group several physical ports
into one logical port (LACP trunk group) with any device that supports the IEEE 802.3ad standard
(LACP). You can configure the trunk groups manually (static trunks), as well as configure dynamic
trunk group using the IEEE 802.3ad standard (LACP trunks).
The maximum number of configurable trunk groups is 40, including 12 user configurable trunks and
28 LACP trunks, depending upon the maximum number of ports in Alteon. The maximum number of
active physical ports in any trunk group is eight, and the number of standby ports is also eight.
The 802.3ad standard allows two or more standard Ethernet links to form a single Layer 2 link using
LACP. Link aggregation is a method of grouping physical link segments of the same media type and
speed in full duplex, and treating them as if they were part of a single, logical link segment. If a link
in a LACP trunk group fails, traffic is reassigned dynamically to the remaining links of the LACP trunk
group or is assigned to the standby LACP links.
Note: For detailed information about this standard, refer to IEEE 802.3ad-2000.
LACP automatically determines which member links can be aggregated and then aggregates them.
It provides for the controlled addition and removal of physical links for the link aggregation.
Each external Alteon port can have one of the following LACP modes:
off (default)The user can configure this port to a regular static trunk group. When the system
initializes, all ports are in off mode by default.
activeThe port is capable of forming an LACP trunk. This port initiates negotiation with the
partner system port by sending LACPDU (Link Aggregation Control Protocol Data Unit) packets.
passiveThe port is capable of forming an LACP trunk. This port only responds to the
negotiation requests sent from an LACP active port.
Each LACP active or passive port needs an admin key, an operational key, and an aggregator for
LACP to start negotiation on these ports. You need to assign the same admin key to a group of ports
to make them aggregatable. The link can generate a Link Aggregation ID (LAG ID) based on the
operational key. All the aggregatable ports must have the same LAG ID. You can form an active
LACP trunk group with all the ports that have the same LAG ID.
For detailed information on this protocol, refer to the Alteon Application Switch Operating System
Application Guide.
[LACP Menu]
name
sysprio
timeout
port
cur
Set descriptive
Set LACP system
Set LACP system
LACP port Menu
Display current
LACP system name

priority
timeout scale for timing out partner info
LACP configuration
323

Table 220: Link Aggregation Control Protocol Menu Options (/cfg/l2/lacp)

name < name (31 characters only) >
Defines a descriptive name for the LACP system.
sysprio <1-65535>
Defines the system priority value. Lower numbers provide higher priority.
System priority is used when there are more than eight ports configured with the same
adminkey. The system priority, in conjunction with port priority, decides which eight ports
should be combined to form a trunk group between two Alteons. The rest of the ports
stay in standby mode to substitute for any failed ports.
Values: 165535
Default: 32768
timeout <short|long>
Defines the timeout period before invalidating LACP data from a remote partner.
Values:
short3 seconds
long90 seconds
Default: long
port <port number>
Displays the LACP Port menu. To view this menu, see /cfg/l2/lacp Link Aggregation
Control Protocol Menu, page 323.
cur
Displays the current LACP configuration.
/cfg/l2/lacp/port <port number>
LACP Port Configuration Menu

[LACP Port 1 Menu]
mode
- Set LACP mode
prio
- Set LACP port priority
adminkey - Set LACP port admin key
cur
- Display current LACP port configuration
324

Table 221: Link Aggregation Control Protocol Port Configuration Menu Options (/cfg/l2/lacp/
port)

mode <off for no LACP or active or passive>
Values:
offTurn LACP off for this port. You can use this port to manually configure a static
trunk.
activeTurn LACP on and set this port to active. Only active ports initiate
negotiation with the partner system port by sending the LACPDU packets.
passiveTurn LACP on and set this port to passive mode. Passive ports do not
initiate negotiation, but only respond to the negotiation requests from active ports.
Default: off
prio <1-65535>
Sets the priority value for the selected port. Lower numbers provide higher priority.
Default: 128
adminkey <1-65535>
Sets the admin key for this port. Only ports with the same admin key and oper key
(operational state generated internally) can form an LACP trunk group.
cur
Displays the current LACP configuration for this port.
/cfg/l2/vlan <VLAN number>
VLAN Configuration
VLANs are commonly used to split up groups of network users into manageable broadcast domains
to create logical segmentation of workgroups, and to enforce security policies among logical
segments. This menu is used to configure VLAN attributes, change the status of the VLAN, delete
the VLAN, and change the port membership of the VLAN.
By default, the VLAN menu option is disabled except VLAN 1, which is always enabled.
Figure 30: Global Administrator VLAN Menu

[VLAN 1 Menu]
name
stg
add
rem
def
jumbo
learn
shared
ena
dis
del
cur
Set VLAN name

Assign VLAN to a Spanning Tree Group
Add port to VLAN
Remove port from VLAN
Define VLAN as list of ports
Enable/disable Jumbo Frame support
Enable/disable smac learning
Enable/disable VLAN sharing between vADCs
Enable VLAN
Disable VLAN
Delete VLAN
Display current VLAN configuration
325

Figure 31: vADC Administrator VLAN Menu

[VLAN 1 Menu]
ip6nd
cont
nonip
lla
cur
IP6 Neighbor Discovery Menu

Set BW contract
Set BW Contract for non-IP traffic
Enable/disable IPv6 LLA generation
Figure 32: Standalone VLAN Menu

[VLAN 1 Menu]
name
ip6nd
stg
cont
nonip
add
rem
def
jumbo
learn
lla
ena
dis
del
cur
Set descriptive VLAN name

IP6 Neighbor Discovery Menu
Assign VLAN to a Spanning Tree Group
Set BW contract
Set BW Contract for non-IP traffic
Add port to VLAN
Remove port from VLAN
Define VLAN as list of ports
Enable/disable Jumbo Frame support
Enable/disable smac learning
Enable/disable IPv6 LLA generation
Enable VLAN
Disable VLAN
Delete VLAN
Table 222: VLAN Configuration Menu Options (/cfg/l2/vlan)

name
Assigns a name to the VLAN or changes the existing name. This is not relevant for vADC
Administrator.
Default: The first VLAN name
ip6nd
Displays the IPv6 Neighbor Discovery menu This menu is used to enable or disable
sending IPv6 Router Advertisement packets from this interface. To view this menu, see /
cfg/l2/vlan/ip6nd IPv6 Neighbor Discovery Menu, page 328.
stg <Spanning Tree Group index (1-16)>

Assigns a VLAN to a spanning tree group. This is not relevant for vADC Administrator.
cont <BW Contract number, (1-1024)>

Sets the Bandwidth Management contract for this VLAN. This command only appears in
the vADC Administrator environment.
Default: 1024
nonip <BW Contract number, 1-1024>

Sets the Bandwidth Management contract for non-IP traffic for this VLAN. This command
only appears in the vADC Administrator environment in ADC-VX mode.
Default: 1024
326

Table 222: VLAN Configuration Menu Options (/cfg/l2/vlan)

lla d|e
Enables or disables automatic static IPv6 link-local address generation. This command
only appears in the vADC Administrator environment in ADC-VX mode.
Values:
e (enable)A static IPv6 link-local address is generated automatically.
d (disable)A static IPv6 link-local address is not generated automatically. To

manually configure a static IPv6 link-local address for the VLAN, use the lladdr
command.
Default: disable
lladdr <IP6 address (eg, FE80:0:0:0:0:0:abcd:12 or FE80::abcd:12 or any).

Configures a static IPv6 link-local address for the VLAN. To use this command, automatic
generation of a link-local address must be disabled (see the lla command).
add <port number>

Adds ports or trunk groups to the VLAN membership. This is not relevant for vADC
Administrator.
rem <port number>

Removes ports or trunk groups from this VLAN. This is not relevant for vADC
Administrator.
def <list of port numbers>

Defines which ports are members of this VLAN. Every port must be a member of at least
one VLAN. This is not relevant for vADC Administrator.
Default: 128 for VLAN 1
jumbo disable|enable
Enables or disables jumbo frame support on this VLAN. You need to reset Alteon using
the /boot/reset command to enable jumbo frames.
Jumbo Frames are not supported in this version.
learn disable|enable
Enables or disables source MAC address learning on this VLAN. This is not relevant for
vADC Administrator.
shared
Enables or disables VLAN sharing between vADCs. For more information, see vADC
Creation Dialog, page 290. This command only appears in the vADC Administrator
ena
Enables this VLAN. This is not relevant for vADC Administrator.
dis
Disables this VLAN without removing it from the configuration. This is not relevant for
vADC Administrator.
del
Deletes this VLAN. This is not relevant for vADC Administrator.
cur
Displays the current VLAN configuration.
327

Note: All ports must belong to at least one VLAN. Any port which is removed from a VLAN and
which is not a member of any other VLAN is automatically added to default VLAN 1. You cannot
remove a port from VLAN 1 if the port has no membership in any other VLAN. Also, you cannot add
a port to more than one VLAN unless the port has VLAN tagging turned on (see the tag command in
/cfg/port <port number> Port Configuration Menu, page 287).
/cfg/l2/vlan/ip6nd
IPv6 Neighbor Discovery Menu

This menu is used to configure the sending of IPv6 Neighbor Discovery router advertisements from
this interface.
[IP6 Neighbor
rtradv
retrans
minint
maxint
mtu
chlim
mflag
oflag
rtime
rltime
pltime
vltime
opinfo
apinfo
Discovery Menu]
- Enable/disable router advertisement
- Set retransmission interval
- Set minimum interval between router advertisements
- Set maximum interval between router advertisements
- Set MTU
- Set current hop limit field
- Set managed address configuration flag
- Set other address configuration flag
- Set reachable time
- Set life time
- Set preferred life time
- Set valid life time
- Set On-link flag in prefix
- Set Autonomous address configuration flag in prefix
Table 223: IPv6 Neighbor Discovery Menu Options

rtradv disable | enable
Enables or disables the sending of IPv6 Neighbor Discovery router advertisements from
this interface.
rtradv disable | enable

Enables or disables the sending of IPv6 Neighbor Discovery router advertisements from
this interface.
retrans
Sets the retransmission interval.
Current Retransmission interval: 0

Enter new Retransmission interval [0-4294967295]:
minint
Sets the minimum interval between router advertisements.
Current minimum interval: 200

Enter new minimum interval [3-1800]:
328


maxint
Sets the maximum interval between router advertisements.
Current maximum interval: 600

Enter new maximum interval [4-1800]:
mtu
Sets the MTU.
Current mtu: none

Enter new mtu: [1280 - 1800| none]
chlim
Sets the current hop limit field.
Current hop limit: 64

Enter new hop limit [0-255]:
mflag
Sets the managed address configuration flag.
Current managed address configuration flag: disabled

Enter new managed address configuration flag [d/e]:
oflag
Sets the other address configuration flag.
Current other stateful configuration flag: disabled

Enter new other stateful configuration flag [d/e]:
rtime
Sets the reachable time.
Current reachable time: disabled

Enter new reachable time [0-3600000]:
rltime
Sets the life time.
Current life time: disabled

Enter new life time [0-9000 | none ]:
pltime
Sets the referred life time.
Current preferred life time: 604800

Enter preferred life time [0 - 4294967295]:
vltime
Sets the valid life time.
Current valid life time: 2592000

Enter new
valid life time [0 - 4294967295]:
329


opinfo
Sets the on-link flag in prefix information.
Current on-link flag in prefix info: enabled

Enter new on-link flag in prefix info [d/e]:
apinfo
Sets the autonomous address configuration flag in prefix.
Current autonomous flag in prefix info: enabled

Enter new autonomous flag in prefix info [d/e]:
/cfg/l2/team <team number>
Port Team Configuration

Port teams are used to operationally link ports and interfaces together. This menu only appears in
the vADC Administrator environment in ADC-VX mode.
[Port team 1 Menu]

name
- Set descriptive team name
addport - Add port to team
remport - Remove port from team
addtrunk - Add trunk group to team
remtrunk - Remove trunk group from team
ena
- Enable port team
dis
- Disable port team
del
- Delete port team
cur
- Display current port team configuration
The following menu outlines the commands in this menu:
Table 224: Port Team Configuration Menu

name < name(31 chars Max)>
Defines a descriptive name for the team.
addport <port number>

Adds the specified port to the current team.
remport <port number>

Removes the specified port from the current team.
addtrunk <trunk group number>

Adds a trunk group to the current team.
remtrunk <trunk group number>

Removes a trunk group from the current team.
ena
Enables the port team.
330

Table 224: Port Team Configuration Menu

dis
Disables the port team.
del
Deletes the port team.
cur
Displays the current port team configuration.
/cfg/l3
Layer 3 Configuration Menu

[Layer 3 Menu]
if
gw
route
arp
frwd
nwf
rmap
rip
ospf
ospfv3
bgp
port
dns
bootp
vrrp
rtrid
metrc
cur
Interface Menu
Default Gateway Menu
Static Route Menu
ARP Menu
Forwarding Menu
Network Filters Menu
Route Map Menu
Routing Information Protocol Menu
Open Shortest Path First (OSPF) Menu
Open Shortest Path First for IPv6 (OSPFv3) Menu
Border Gateway Protocol Menu
IP Port Menu
Domain Name System Menu
Bootstrap Protocol Relay Menu
Virtual Router Redundancy Protocol Menu
Set router ID
Set default gateway metric
Display current IP configuration

Displays the IP Interface menu. To view this menu, see /cfg/l3/if <interface number> IP
Interface Configuration, page 333.
gw <default gateway number (1-259)>

Displays the IP Default Gateway menu. To view this menu, see /cfg/l3/gw <gateway
number> Default IP Gateway Configuration, page 334.
route
Displays the IP Static Route menu. To view this menu, see /cfg/l3/route IP Static Route
331


arp
Displays the Address Resolution Protocol menu. To view this menu, see /cfg/l3/arp ARP
frwd
Displays the IP Forwarding menu. To view this menu, see /cfg/l3/frwd IP Forwarding
nwf <Network filter number (1-256)>

Displays the Network Filter Configuration menu. To view this menu, see /cfg/l3/nwf
Network Filter Configuration Menu, page 340.
rmap <route map number (1-32)>

Displays the Route Map menu. To view this menu, see /cfg/l3/rmap <route map
number> Route Map Configuration Menu, page 341.
rip
Displays the Routing Interface Protocol menu. To view this menu, see /cfg/l3/rip Routing
Information Protocol Configuration, page 344.
ospf
Displays the OSPF menu. To view this menu, see /cfg/l3/ospf Open Shortest Path First
ospfv3
Displays the Open Shortest Path First v3 menu. To view this menu, see /cfg/l3/ospfv3
Open Shortest Path First v3 Configuration, page 354.
bgp
Displays the Border Gateway Protocol menu. To view this menu, see /cfg/l3/bgp Border
Gateway Protocol Configuration, page 361.
port <port number>

Displays the IP Port menu. To view this menu, see /cfg/l3/port <port number> IP
Forwarding Port Configuration Menu, page 366.
dns
Displays the IP Domain Name System menu. To view this menu, see /cfg/l3/dns Domain
Name System Configuration Menu, page 367.
bootp
Displays the Bootstrap Protocol menu. To view this menu, see /cfg/l3/bootp Bootstrap
Protocol Relay Configuration Menu, page 368.
vrrp
Displays the Virtual Router Redundancy Protocol menu. To view this menu, see /cfg/l3/
vrrp VRRP Configuration Menu, page 368.
rtrid <IP address (such as, 192.4.17.101)>

Defines the router ID.
metrc strict|roundrobin
Sets the default gateway metric to strict or roundrobin. For more information on
gateway metrics, see /cfg/l3/metrc <metric name> Default Gateway Metrics, page 383.
Default: strict
332


cur
Displays the current IP configuration.
/cfg/l3/if <interface number>
IP Interface Configuration
[IP Interface 1 Menu]
ipver
- Set IP version
addr
- Set IP address
mask
- Set subnet mask/prefix len
vlan
- Set VLAN number
relay
- Enable/disable BOOTP relay
ena
- Enable IP interface
dis
- Disable IP interface
del
- Delete IP interface
cur
- Display current interface configuration
Alteon can be configured with up to 256 IP interfaces. Each IP interface represents Alteon on an IP
subnet on your network. The interface option is disabled by default.
Table 226: IP Interface Menu Options (/cfg/l3/if)

ipver <IP version (v4 or v6)>
Sets the IP version.
addr <IP address (such as 192.4.17.101 for IPv4 or 3001::abcd:5678 for IPv6)>
Configures the IP address of the Alteon interface using dotted decimal notation for IPv4
and colon notation for IPv6.
mask <IP subnet mask for IPv4 or prefix length for IPv6 (such as 255.255.255.0
for IPv4 or 64 for IPv6)
Configures the IP subnet address mask for the interface using dotted decimal notation
for IPv4 or prefix length for IPv6.

Configures the VLAN number for this interface. Each interface can belong to one VLAN,
though any VLAN can have multiple IP interfaces in it.
relay disable|enable
Enables or disables the BOOTP relay on this interface.
Default: enable
ena
Enables this IP interface.
dis
Disables this IP interface.
333

Table 226: IP Interface Menu Options (/cfg/l3/if)

del
Removes this IP interface.
cur
Displays the current interface settings.
/cfg/l3/gw <gateway number>
Default IP Gateway Configuration

[Default gateway 1 Menu]
ipver
- Set IP version
addr
- Set IP address
intr
- Set interval between ping attempts
retry
vlan
- Set VLAN number
prio
- Set priority of default gateway route
arp
- Enable/disable ARP only health checks
ena
- Enable default gateway
dis
- Disable default gateway
del
- Delete default gateway
cur
- Display current default gateway configuration
Note: Alteon can be configured with up to 255 gateways. Gateways 1 to 4 are reserved for default
gateway load balancing. Gateways 5 to 259 are used for load-balancing of VLAN-based gateways.
This option is disabled by default.
For information about configuring which gateway is selected when multiple default gateways are
enabled, see /cfg/l3/metrc <metric name> Default Gateway Metrics, page 383.
Table 227: Default Gateway Options (/cfg/l3/gw)

addr <default gateway address (such as, 192.4.17.44 for IPv4 or 3001::abcd:1234
for IPv6)>
Configures the IP address of the default IP gateway using dotted decimal notation for
IPv4 and colon notation for IPv6.
intr <0-60 seconds>

Alteon pings the default gateway to verify that it is up. This command sets the time
between health checks.
Default: 2 seconds
334

Table 227: Default Gateway Options (/cfg/l3/gw)

retry <number of attempts (1-120)>
Sets the number of failed health check attempts required before declaring this default
gateway inoperative.
Values: 1120 attempts
Default: 8 attempts

Sets the VLAN to be assigned to this default IP gateway.
prio <high|low>
Enables you to change the priority of the default gateway route to either high or low,
relative to learned default routes.
highThe default gateway route is always preferred over learned default routes,
such as from the OSPF, BGP, or RIP protocols.
lowThe learned default routes are always preferred over the default gateway route.
Note: By default, the learned default route has a higher priority than the configured
default gateway route.
arp disable|enable
Enables or disables Address Resolution Protocol (ARP) health checks.
Default: disable
ena
Enables the gateway for use.
dis
Disables the gateway.
del
Deletes the gateway from the configuration.
cur
Displays the current gateway settings.
/cfg/l3/route
IP Static Route Configuration

[IP Static Route Menu]
ip4
- IP4 Static Route Menu
ip6
- IP6 Static Route Menu
This menu provides access to the switch static route configuration functionality.
Table 228: IP Static Route Configuration Menu Options (cfg/l3/route)

ip4
Displays the IPv4 Static Route menu. To view this menu, see /cfg/l3/route/ip4 IPv4
Static Route Menu, page 336.
335


ip6
Displays the IPv6 Static Route menu. To view this menu, see /cfg/l3/route/ip6 IPv6
Static Route Configuration Menu, page 336.
/cfg/l3/route/ip4
IPv4 Static Route Menu

This menu is used to configure IPv4 static routes.
[IP4 Static
add
rem
cur
Route Menu]
- Add IP4 static route
- Remove IP4 static route
- Display current IP4 static route configuration

add <destination
mask
gateway> [interface number]
Adds a static route. To complete the entry, enter a destination IP address, destination
subnet mask, and gateway address. Enter all addresses using dotted decimal notation.
If a gateway address is 0.0.0.0., the route becomes a black hole route. Packets routed to
such a destination will be dropped.
You can define up to 1024 static routes.
rem <destination
mask>
Removes a static route. The destination address of the route to remove must be
specified using dotted decimal notation.
cur
Displays the current IPv4 static routes.
/cfg/l3/route/ip6
IPv6 Static Route Configuration Menu

This menu is used to configure IPv6 static routes.
[IP6 Static
add
rem
cur
336
Route Menu]
- Add IP6 static route
- Remove IP6 static route
- Display current IP6 static route configuration


add <destination
prefix length
next hop> [interface number]
Adds a static route. To complete the entry, enter a destination IPv6 address, prefix
length, and next hop address. Enter all information using the IPv6 addressing format.
You can define up to 1024 static routes.
Note: You can use a link-local address a gateway in the static route. For more
information on link-local addresses, see /cfg/l2/vlan <VLAN number> VLAN
rem <destination
prefix length>
Removes a static route. The destination address of the route to remove must be
specified using the IPv6 addressing format.
cur
Displays the current IPv6 static routes.
/cfg/l3/arp
ARP Configuration Menu

The Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet layer.
ARP resolves a physical address from an IP address. ARP queries computers on the local network for
their physical addresses. ARP also maintains IP-to-physical address pairs in its cache memory.
In any IP communication, the ARP cache is consulted to see if the IP address of the computer or the
router is present in the ARP cache. The corresponding physical address is used to send a packet.
[ARP Menu]
static
rearp
cur
- Static ARP Menu

- Set re-ARP period in minutes
- Display current ARP configuration
Table 231: ARP Configuration Menu Options (/cfg/l3/arp)

static
Displays Static ARP menu. To view this menu, see /cfg/l3/arp/static ARP Static
rearp <2-120 minutes>

Defines re-ARP period in minutes.
cur
Displays the current ARP configurations.
337

/cfg/l3/arp/static
ARP Static Configuration Menu

Static ARP entries reside permanently in the ARP cache and do not age out like the ARP entries that
are learnt dynamically. Static ARP entries enable Alteon to reach hosts without sending an ARP
broadcast request to the network. Static ARPs are also useful in communicating with devices that do
not respond to ARP requests. Static ARPs can also be configured on some gateways as protection
against malicious ARP cache corruption and possible DoS attacks.
Note: Alteon allows the static ARP configuration to be retained over reboots.
[Static ARP Menu]

add
- Add a permanent ARP entry
del
- Delete an ARP entry
cur
- Display current static ARP configuration
Table 232: ARP Static Configuration Menu Options (/cfg/l3/arp/static)

add <IP address
MAC address
VLAN number
port number>
Adds a permanent ARP entry.
del <IP address (such as, 192.4.17.101)>

Deletes a permanent ARP entry.
cur
Displays the current static ARP configuration.
/cfg/l3/frwd
IP Forwarding Configuration Menu

[IP Forwarding Menu]
local
- Local network definition for route caching Menu
allowednetwork - Allowed Networks list
dirbr
- Enable/disable forwarding directed broadcasts
noicmprd - Enable/disable No ICMP Redirects
rtcache - Enable/disable SP Route caching
on
- Globally turn IP Forwarding ON
off
- Globally turn IP Forwarding OFF
cur
- Display current IP Forwarding configuration
Table 233: IP Forwarding Configuration Menu Options (/cfg/l3/frwd)

local
Displays the Local Network Route Caching Definition menu, used to define local networks
for route caching. Up to 15 local networks (lnets) can be configured.
To view this menu, see /cfg/l3/frwd/local Local Network Route Caching Definition Menu,
page 339.
338

Table 233: IP Forwarding Configuration Menu Options (/cfg/l3/frwd)

allowednetwork
Displays allowed network definitions.
dirbr disable|enable
Enables or disables forwarding directed broadcasts.
Default: disable
noicmprd disable | enable

Enables or disables no ICMP redirects.
rtcache disable | enable

Enables or disables SP route caching.
With SP route caching, each SP keeps its own copy of the IP FDB in which routes for
learned destination station addresses are cached. In very busy or large flat networks,
this cache can fill quickly and lead to connectivity issues. Disabling the SP route cache
forces the SP to use the SP Route Prefix table to determine where to forward a packet.
This information is based on the known network prefixes in the routing table.
Default: disable
on
Enables IP forwarding (routing). Forwarding is turned on by default.
off
Disables IP forwarding (routing).
cur
Displays the current IP forwarding settings.
/cfg/l3/frwd/local
Local Network Route Caching Definition Menu

This menu is used for adding local networks by setting the local network address and netmask for
the route cache, and for removing local networks.
[IP Local Networks Menu]

add
- Add local network definition
add6
- Add local network v6 definition
rem
- Remove local network definition
rem6
- Remove local network v6 definition
cur
- Display current local network definitions
Table 234: IP Local Networks Menu Options (/cfg/l3/frwd/local)

add <local network address
local network mask>
Adds a definition for a local network. For details, see Defining IP Address Ranges for the
Local Route Cache, page 340.
add6 <local network IPv6 address
prefix length>
Adds a definition for an IPv6 local route.
339

Table 234: IP Local Networks Menu Options (/cfg/l3/frwd/local)

rem <local network address
local network mask>
Removes a definition for a local network.
rem6 <local network IPv6 address
prefix length>
Removes a definition for an IPv6 local route.
cur
Displays the current local network definitions.
Defining IP Address Ranges for the Local Route Cache

The Local Route cache lets you use resources more efficiently by reducing the size of the ARP table.
The /cfg/l3/frwd/local/add parameters define a range of addresses that will be cached. The
local network address is used to define the base IP address in the range which will be cached, and
the local network mask is the mask which is applied to produce the range. To determine if a route
should be added to the memory cache, the destination address is masked (bitwise and) with the
local network mask, and checked against the local network address.
By default, the local network address and mask are both set to 0.0.0.0. This produces a range that
includes all Internet addresses for route caching: 0.0.0.0 through 255.255.255.255.
Addresses to be cached are subnets that are directly connected, and for which there is an interface
configured. To limit the route cache to your local hosts, you could configure the parameters as
shown in the examples in Table 235 - Local Routing Cache Address Example Ranges, page 340:
Table 235: Local Routing Cache Address Example Ranges
Local Host Address Range
Address
Mask
0.0.0.0127.255.255.255
0.0.0.0
128.0.0.0
128.0.0.0255.255.255.255
128.0.0.0
128.0.0.0
205.32.0.0205.32.255.255
205.32.0.0
255.255.0.0
Note: All addresses that fall outside the defined range are forwarded to the default gateway. The
default gateways must be within range.
/cfg/l3/nwf
Network Filter Configuration Menu

[IP Network Filter 1 Menu]
ipver
- Set IP version
addr
- IP Address
mask
- IP Subnet mask
enable
- Enable Network Filter
disable - Disable Network Filter
delete
- Delete Network Filter
cur
- Display current Network Filter configuration
340

Table 236: IP Network Filter Menu Options (/cfg/l3/nwf)

ipver
Enables IPv6 network filters for use by OSPFv3.

Sets the starting IP address for this filter.
Default: 0.0.0.0
mask <IP4 subnet mask (such as, 255.255.255.0)

64)>
IP6 mask prefix len (eg,
Sets the IP subnet mask that is used with /cfg/l3/nwf/addr to define the range of IP
addresses that will be accepted by the peer when the filter is enabled.
For the Border Gateway Protocol (BGP), assign the network filter to a route map, then
assign the route map to the peer.
Default: 0.0.0.0
enable
Enables the network filter configuration.
disable
Disables the network filter configuration.
delete
Deletes the network filter configuration.
cur
Displays the current the network filter configuration. For example:
Current Network Filter 1:

addr 0.0.0.0, mask 0.0.0.0, disabled
/cfg/l3/rmap <route map number>
Route Map Configuration Menu

Route maps control and modify routing information.
[IP Route Map

alist
aspath
ap
lp
metric
type
prec
weight
enable
disable
delete
cur
1
-
Menu]
Access List number
AS Filter Menu
Set as-path prepend of the matched route
Set local-preference of the matched route
Set metric of the matched route
Set OSPF metric-type of the matched route
Set the precedence of this route map
Set weight of the matched route
Enable route map
Disable route map
Delete route map
Display current route map configuration
341

Table 237: Routing Map Menu Options (/cfg/l3/rmap)

alist <number (1-8)>
Displays the Access List menu. To view this menu, see /cfg/l3/rmap <route map
number> /alist <access list number> IP Access List Configuration Menu, page 343.
aspath <number (1-8)>

Displays the Autonomous System (AS) Filter menu. To view this menu, see /cfg/l3/rmap
<route map number> /aspath <autonomous system path> Autonomous System Filter
Path, page 343.
ap <AS number> [
<AS number>
] [ <AS number> ]|none
Sets the AS path preference of the matched route.

1 to 3 path preferences (AS number) can be configured.
lp <(value 0-4294967294)>
|none
Sets the local preference of the matched route, which affects both inbound and
outbound directions. The path with the higher preference is preferred.
metric <(value 0-4294967294)>
|none
Sets the metric of the matched route.
type <value (1|2)>
|none
Assigns the type of OSPF metric.
Type 1External routes are calculated using both internal and external metrics.
Type 2External routes are calculated using only the external metrics. Type 2
routes have more cost than Type 1.
noneRemoves the OSPF metric.
Default: 1
prec <value (1-255)>

Sets the precedence of the route map. The smaller the value, the higher the
precedence.
Default: 10
weight <value (0-65534)>
|none
Sets the weight of the route map.
enable
Enables the route map.
disable
Disables the route map.
delete
Deletes the route map.
cur
Displays the current route configuration.
342

/cfg/l3/rmap <route map number> /alist <access list number>
IP Access List Configuration Menu

[IP Access List
nwf
metric action enable disable delete cur
-
1 Menu]
Network Filter number
Metric
Set Network Filter action
Enable Access List
Disable Access List
Delete Access List
Display current Access List configuration
Table 238: IP Access List Menu Options (/cfg/l3/rmap/alist)

nwf <network filter number (1-256)>
Sets the network filter number. For more information, see /cfg/l3/nwf Network Filter
metric <(1-4294967294)>
|none
Sets the metric value in the AS-External (ASE) LSA.
action permit|deny or p|d

Permits or denies an action for the access list.
enable
Enables the access list.
disable
Disables the access list.
delete
Deletes the access list.
cur
Displays the current access list configuration.
/cfg/l3/rmap <route map number> /aspath <autonomous system path>
Autonomous System Filter Path

[AS Filter 1 Menu]
as
- AS number
action - Set AS Filter action
enable - Enable AS Filter
disable - Disable AS Filter
delete - Delete AS Filter
cur
- Display current AS Filter configuration
Table 239: AS Filter Menu Options (/cfg/l3/rmap/aspath)

as <AS number (1-65535)>
Sets the Autonomous System (AS) filter's path number.
343

Table 239: AS Filter Menu Options (/cfg/l3/rmap/aspath)

action permit|deny or p|d
Permits or denies an AS filter action.
enable
Enables the AS filter.
disable
Disables the AS filter.
delete
Deletes the AS filter.
cur
Displays the current AS filter configuration.
/cfg/l3/rip
Routing Information Protocol Configuration

The Routing Information Protocol (RIP) is an interior gateway protocol (IGP). RIP is one of a class of
algorithms known as a distance vector algorithm. The distance or hop count is used as the metric to
determine the best path to a remote network or host where the hop count does not exceed 15 hops,
assuming a cost of one for each network. RIP uses broadcast User Datagram protocol (UDP) data
packets to exchange routing information.
RIP sends routing information updates every 30 seconds. This update contains known networks and
the distances (hop count) associated with each hop. For RIP1, no mask information is exchanged
the natural mask is always applied by the router receiving the update. For RIP2, mask information is
sent.
There are two timers associated with each route: a timeout, and a garbage-collection timer. Upon
expiration of the timeout timer, the route is no longer valid but it is retained in the routing table for
a short time so that neighbors can be notified that the route has been dropped. Upon expiration of
the garbage-collection timer, the route is finally removed from the routing table. The timeout timer
is set for 180 seconds, and the garbage-collection timer is set for 120 seconds by default.
This menu is used for configuring globally RIP parameters. RIP is turned off by default.
[Routing Information Protocol Menu]

if
- RIP Interface Menu
update
- Set update period in seconds
vip
- Enable/disable vip advertisement
statc
- Enable/disable static routes advertisement
on
- Globally turn RIP ON
off
- Globally turn RIP OFF
current - Display current RIP configuration
Table 240: Routing Information Protocol Menu (/cfg/l3/rip)

if <Interface Number (1-256)>
Displays the RIP Interface menu. To view this menu, see /cfg/l3/rip/if RIP Interface
Menu, page 345.
344

Table 240: Routing Information Protocol Menu (/cfg/l3/rip)

update <update period (1-120 seconds)>
Sets the RIP update period.
Default: 30 seconds
vip disable|enable
Enables or disables the advertisement of virtual IP addresses as host routes. If a VIP
route exists in a routing table, it is always advertised except when it is included in
another network route that is already being advertised.
Note: If all real servers behind a VIP go down, the route gets removed from the
routing table, and is not advertised. If you disable all the real servers using an
operation command, the VIP route does not get eliminated from the routing table,
and Alteon continues to advertise the route.
statc disable|enable
Enables or disables the advertisement of static routes.
on
Globally turns RIP on.
off
Globally turns RIP off.
cur
Displays the current RIP configuration.
/cfg/l3/rip/if
RIP Interface Menu

[RIP Interface
version
supply
listen
poison
trigg
mcast
default
metric
auth
key
enable
disable
current
1
-
Menu]
Set RIP version
Enable/disable supplying route updates
Enable/disable listening to route updates
Enable/disable poisoned reverse
Enable/disable triggered updates
Enable/disable multicast updates
Set default route action
Set metric
Set authentication type
Set authentication key
Enable interface
Disable interface
Display current RIP interface configuration
Table 241: RIP Menu Options

version 1|2|both
Sets the RIP version.
Default: 2
345

Table 241: RIP Menu Options

supply disable|enable
Enables or disables supplying route updates. When enabled, Alteon supplies routes to
other routers.
Default: enable
listen
disable|enable
When enabled, Alteon stores routing information from other routers.
Default: enabled
poison disable|enable
When enabled, Alteon uses split horizon with poisoned reverse. When disabled, Alteon
uses split horizon only.
Default: disable
mcast disable|enable
Enables or disables triggered updates.
Default: enable
default none|listen|supply|both
Sets the default route action.
Default: none
metric <value [1-15]>

Sets metric value for this RIP interface.
Default: 1
auth
none|password
Sets the type of authentication.
Default: none
key <key|none (to remove existing key value)>

Sets the authentication key.
Default: none
enable
Enables the interface.
disable
Disables the interface.
current
Displays the current values of all objects that can be set from this menu.
/cfg/l3/ospf
Open Shortest Path First Configuration

346

information on how to configure OSPF, refer to the Alteon Application Switch Operating System
Application Guide.
[Open Shortest Path First Menu]

aindex
- OSPF Area (index) Menu
range
- OSPF Summary Range Menu
if
- OSPF Interface Menu
virt
- OSPF Virtual Links Menu
md5key
- OSPF MD5 Key Menu
host
- OSPF Host Entry Menu
redist
- OSPF Route Redistribute Menu
lsdb
- Set the LSDB limit for external LSA
default - Export default route information
on
- Globally turn OSPF ON
off
- Globally turn OSPF OFF
cur
- Display current OSPF configuration
Table 242: OSPF Configuration Menu Options (/cfg/l3/ospf)

Displays the Area Index menu. This area index does not represent the actual OSPF area
number. To view this menu, see /cfg/l3/ospf/aindex Area Index Configuration Menu,
page 348.
range <range number (1-16)>

Displays the Summary Routes menu for up to 16 IP addresses. To view this menu, see /
cfg/l3/ospf/range OSPF Summary Range Configuration Menu, page 349.

Displays the OSPF Interface configuration menu. To view this menu, see /cfg/l3/ospf/if
OSPF Interface Configuration Menu, page 350.
virt <virtual link (1-3)>

Displays the Virtual Links menu used to configure OSPF for a virtual link. To view this
menu, see /cfg/l3/ospf/virt OSPF Virtual Link Configuration Menu, page 351.
md5key <key ID (1-255)>

Displays the OSPF MD5 Key menu to assign a string to MD5 authentication key. To view
this menu, see /cfg/l3/ospf/md5key OSPF MD5 Key Configuration Menu, page 352.
host <host entry number (1-128)>

Displays the OSPF Host Entry menu for configuring OSPF for the host routes.
To view this menu, see /cfg/l3/ospf/host OSPF Host Entry Configuration Menu, page 353
Up to 128 host routes can be configured. Host routes are used for advertising network
device IP addresses to external networks to perform server load balancing within OSPF.
It also makes Area Border Route (ABR) load sharing and ABR failover possible.
redist
<fixed|static|rip|ebgp|ibgp>
Displays the Route Distribution menu. To view this menu, see /cfg/l3/ospf/redist
<fixed|static|rip|ebgp|ibgp> OSPF Route Redistribution Configuration Menu.,
page 354.
lsdb <LSDB limit (0-2000, 0 for no limit)>

Sets the link state database limit.
347

Table 242: OSPF Configuration Menu Options (/cfg/l3/ospf)

default <metric (1-16777215)
metric-type 1|2>
|none
Sets one default route among multiple choices in an area. None means no default.
on
Enables OSPF.
off
Disables OSPF.
cur
Displays the current OSPF configuration settings.
/cfg/l3/ospf/aindex
Area Index Configuration Menu

[OSPF Area (index) 1 Menu]
areaid - Set area ID
type
- Set area type
metric - Set stub area metric
auth
- Set authentication type
spf
- Set time interval between two SPF calculations
enable - Enable area
disable - Disable area
delete - Delete area
cur
- Display current OSPF area configuration
Table 243: Area Index Configuration Menu Options (/cfg/l3/ospf/aindex)

areaid <IP address>
Defines the IP address of the OSPF area number.
type transit|stub|nssa
Defines the type of area. For example, when a virtual link has to be established with the
backbone, the area type must be defined as transit.
Transit areaAllows area summary information to be exchanged between routing

Alteons. Any area that is not a stub area or NSSA is considered to be transit area.
Stub areaAn area where external routing information is not distributed. Typically,
a stub area is connected to only one other area.
NSSANot-So-Stubby Area (NSSA) is similar to a stub area with additional

capabilities. For example, routes originating from within the NSSA can be
propagated to adjacent transit and backbone areas. External routes from outside
the AS can be advertised within the NSSA but are not distributed into other areas.
metric <metric value (1-65535)>

Configures a stub area to send a numeric metric value. All routes received via that stub
area carry the configured metric to potentially influencing routing decisions.
Metric value assigns the priority for choosing the Alteon for the default route. The metric
type determines the method for influencing routing decisions for external routes.
348

Table 243: Area Index Configuration Menu Options (/cfg/l3/ospf/aindex)

auth none|password|md5
Values:
NoneNo authentication required.
PasswordAuthenticates simple passwords so that only trusted routing Alteons can

participate.
MD5Used when MD5 cryptographic authentication is required.
spf <interval (0-255)>

Sets time interval between two successive SPF (shortest path first) calculations of the
shortest path tree using Dijkstra's algorithm.
enable
Enables the OSPF area.
disable
Disables the OSPF area.
delete
Deletes the OSPF area.
cur
Displays the current OSPF configuration.
/cfg/l3/ospf/range
OSPF Summary Range Configuration Menu

[OSPF Summary
addr
mask
aindex
hide
enable
disable
delete
cur
Range 1 Menu]
- Set IP address
- Set IP mask
- Set area index
- Enable/disable hide range
- Enable range
- Disable range
- Delete range
- Display current OSPF summary range configuration
Table 244: OSPF Summary Range Configuration Menu Options (/cfg/l3/ospf/range)

addr <IP Address (such as, 192.4.17.101)>
Displays the base IP address for the range.
mask <IP address (such as, 192.4.17.101>

Displays the IP address mask for the range.

Displays the area index.
hide disable|enable
Hides the OSPF summary range.
349

Table 244: OSPF Summary Range Configuration Menu Options (/cfg/l3/ospf/range)

enable
Enables the OSPF summary range.
disable
Disables the OSPF summary range.
delete
Deletes the OSPF summary range.
cur
Displays the current OSPF summary range.
/cfg/l3/ospf/if
OSPF Interface Configuration Menu

[OSPF Interface
aindex prio
cost
hello
dead
trans
retra
key
mdkey
enable disable delete cur
-
1 Menu]
Set area index
Set interface router priority
Set interface cost
Set hello interval in seconds
Set dead interval in seconds
Set transit delay in seconds
Set retransmit interval in seconds
Set MD5 key ID
Enable interface
Disable interface
Delete interface
Display current OSPF interface configuration
Table 245: OSPF Interface Configuration Menu Options (/cfg/l3/ospf/if)

Displays the OSPF area index.
prio <priority value (0-255)>

Displays the assigned priority value to Alteon OSPF interfaces.
A priority value of 127 is the highest and 1 is the lowest. A priority value of 0 specifies
that the interface cannot be used as Designated Router (DR) or Backup Designated
Router (BDR).
cost <cost value (1-65535)>

Displays cost set for the selected path: preferred or backup. Usually the cost is inversely
proportional to the bandwidth of the interface. Low cost indicates high bandwidth.
hello <value (1-65535)>

Displays the interval in seconds between the hello packets for the interfaces.
350

Table 245: OSPF Interface Configuration Menu Options (/cfg/l3/ospf/if)

dead <value (1-65535)>
Displays the health parameters of a hello packet, which is set for an interval in seconds
before declaring a silent router to be down.
trans <value (0-3600)>

Displays the transit delay in seconds.
retra <value (0-3600)>

Displays the retransmit interval in seconds.
key <key |none>

Sets the authentication key to clear the password.
mdkey <key ID (1-255)>
|none
Assigns an MD5 key to the interface.
enable
Enables the OSPF interface.
disable
Disables the OSPF interface.
delete
Deletes the OSPF interface.
cur
Displays the current settings for OSPF interface.
/cfg/l3/ospf/virt
OSPF Virtual Link Configuration Menu

[OSPF Virtual
aindex
hello
dead
trans
retra
nbr
key
mdkey
enable
disable
delete
cur
Link 1 Menu]
- Set area index
- Set hello interval in seconds
- Set dead interval in seconds
- Set transit delay in seconds
- Set retransmit interval in seconds
- Set router ID of virtual neighbor
- Set authentication key
- Set MD5 key ID
- Enable interface
- Disable interface
- Delete interface
- Display current OSPF interface configuration
351

Table 246: OSPF Virtual Link Configuration Menu Options (/cfg/l3/ospf/virt)

Displays the OSPF area index.

Displays the authentication parameters of a hello packet, which is set to be in an
interval of seconds.

Displays the health parameters of a hello packet, which is set to be in an interval of
seconds.
Default: 40 seconds

Displays the delay in transit in seconds.
Default: 1 second

Default: 5 seconds
nbr <nbr router ID (IP address)>

Displays the router ID of the virtual neighbor.
Default: 0.0.0.0
key <key> |none

Displays the password (from 1 to 8 characters) for each virtual link.
Default: none
mdkey <key ID (1-255)>
|none
Sets the MD5 key ID for each virtual link.

Default: none
enable
Enables OSPF virtual link.
disable
Disables OSPF virtual link.
delete
Deletes OSPF virtual link.
cur
Displays the current OSPF virtual link settings.
/cfg/l3/ospf/md5key
OSPF MD5 Key Configuration Menu

[OSPF MD5 Key
key
delete
cur
352
1
-
Menu]
Delete key
Display current MD5 key configuration

Table 247: OSPF MD5 Key Configuration Menu Options (/cfg/l3/ospf/md5key)

key <key, up to 16 chars>
Sets the authentication key, from 1 to 16 characters, for this OSPF packet.
delete
Deletes the authentication key for this OSPF packet.
cur
Displays the current MD5 key configuration.
/cfg/l3/ospf/host
OSPF Host Entry Configuration Menu

[OSPF Host Entry 1 Menu]
addr
- Set host entry IP address
aindex - Set area index
cost
- Set cost of this host entry
enable - Enable host entry
disable - Disable host entry
delete - Delete host entry
cur
- Display current OSPF host entry configuration
Table 248: OSPF Host Entry Configuration Menu Options (/cfg/l3/ospf/host)

Displays the base IP address for the host entry.

Displays the area index of the host.
cost <cost value [1-65535]>

Displays the cost value of the host.
enable
Enables the OSPF host entry.
disable
Disables the OSPF host entry.
delete
Deletes the OSPF host entry.
cur
Displays the current OSPF host entries.
353

/cfg/l3/ospf/redist <fixed|static|rip|ebgp|ibgp>
OSPF Route Redistribution Configuration Menu.

[OSPF Redistribute Fixed Menu]
add
- Add rmap into route redistribution list
rem
- Remove rmap from route redistribution list
export - Export all routes of this protocol
cur
- Display current route-maps added
Table 249: OSPF Route Redistribution Menu Options (/cfg/l3/ospf/redist)

add <(route map (1-32)
route map (1-32))> |all
Adds a route map to the route redistribution list. The routes of the redistribution protocol
matched by the route maps in the route redistribution list are redistributed.
To add specific route maps, enter routing map numbers one per line, with NULL at the
end.
To add all 32 route maps, enter all.
rem <(route map (1-32)
route map (1-32))> ... |all
Removes the route map from the route redistribution list.

To remove specific route maps, enter routing map numbers one per line, with NULL at
end.
To remove all 32 route maps, enter all.
export <metric (1-16777215)
metric type (1|2)>
|none
Exports the routes of this protocol as external OSPF A1S-external LSAs in which the
metric and metric type are specified. To remove a previous configuration and stop
exporting the routes of the protocol, enter none.
cur
Displays the current route map settings.
/cfg/l3/ospfv3
Open Shortest Path First v3 Configuration

Alteon supports the Open Shortest Path First (OSPF) version 3 routing protocol. The Alteon
implementation conforms to the OSPF version 3 specifications detailed in Internet RFC 5340.
354

information on how to configure OSPF, refer to the Alteon Application Switch Operating System
Application Guide.
[Open Shortest
aindex
range
if
virt
host
redist
default on
off
cur
-
Path First v3 Menu]

OSPFv3 Area (index) Menu
OSPFv3 Summary Range Menu
OSPFv3 Interface Menu
OSPFv3 Virtual Links Menu
OSPFv3 Host Entry Menu
OSPFv3 Route Redistribute Menu
Export default route information
Globally turn OSPFv3 ON
Globally turn OSPFv3 OFF
Display current OSPFv3 configuration
Table 250: OSPFv3 Configuration Menu Options (/cfg/l3/ospfv3)

Displays the Area Index menu. This area index does not represent the actual OSPF area
number. To view this menu, see /cfg/l3/ospfv3/aindex Area Index Configuration Menu,
page 356.
range <range number (1-16)>

Displays the OSPFv3 Summary Range menu for up to 16 IP addresses. To view this
menu, see /cfg/l3/ospfv3/range OSPFv3 Summary Range Configuration Menu,
page 357.

Displays the OSPFv3 Interface menu. To view this menu, see /cfg/l3/ospfv3/if OSPFv3
Interface Configuration Menu, page 358.
virt <virtual link (1-3)>

Displays the OSFPv3 Virtual Link menu used to configure OSPF for a virtual link. To view
this menu, see /cfg/l3/ospfv3/virt OSPFv3 Virtual Link Configuration Menu, page 359.
host <host entry number (1-128)>

Displays the OSPFv3 Host Entry menu for configuring OSPF for the host routes.
To view this menu, see /cfg/l3/ospfv3/host OSPFv3 Host Entry Configuration Menu,
page 360
Up to 128 host routes can be configured. Host routes are used for advertising Alteon
network IP addresses to external networks to perform server load balancing within
OSPF. It also makes Area Border Route (ABR) load sharing and ABR failover possible.
redist
<fixed|static>
Displays the OSPFv3 Redistribute menu. To view this menu, see /cfg/l3/ospfv3/redist
<fixed|static> OSPFv3 Route Redistribution Configuration Menu., page 361.
default <metric (1-16777215)
metric-type 1|2>
|none
Sets one default route among multiple choices in an area. None means no default.
on
Enables OSPFv3.
355

Table 250: OSPFv3 Configuration Menu Options (/cfg/l3/ospfv3)

off
Disables OSPFv3.
cur
Displays the current OSPFv3 configuration settings.
/cfg/l3/ospfv3/aindex
Area Index Configuration Menu

[OSPFv3 Area (index) 1 Menu]
areaid - Set area ID
type
- Set area type
metric - Set stub area metric
mtype
- Set metric type
trole
- Set translator role
summary - Set area summary propagation state
spf
- Set time interval between two SPF calculations
enable - Enable area
disable - Disable area
delete - Delete area
cur
- Display current OSPFv3 area configuration
Table 251: Area Index Configuration Menu Options (/cfg/l3/ospfv3/aindex)

areaid <IP address>
Defines the IP address of the OSPF area number.
type transit|stub|nssa
Defines the type of area. For example, when a virtual link has to be established with the
backbone, the area type must be defined as transit.
Transit areaAllows area summary information to be exchanged between routing

Alteons. Any area that is not a stub area or NSSA is considered to be transit area.
Stub areaAn area where external routing information is not distributed. Typically,
a stub area is connected to only one other area.
NSSANot-So-Stubby Area (NSSA) is similar to a stub area with additional

capabilities. For example, routes originating from within the NSSA can be
propagated to adjacent transit and backbone areas. External routes from outside
the AS can be advertised within the NSSA but are not distributed into other areas.
metric <metric value (1-65535)>

Configures a stub area to send a numeric metric value. All routes received via that stub
area carry the configured metric to potentially influencing routing decisions.
Metric value assigns the priority for choosing the Alteon for the default route. The metric
type determines the method for influencing routing decisions for external routes.
mtype <v3|compare-cost|noncompare-cost>
Defines the stub metric type.
Default: v3
356

Table 251: Area Index Configuration Menu Options (/cfg/l3/ospfv3/aindex)

trole <always|candidate>
Defines the translator role.
Default: candidate
summary <ena|dis>
Sets the summary import state.
Default: dis
spf <interval (0-255)>

Sets time interval between two successive SPF (shortest path first) calculations of the
shortest path tree using Dijkstra's algorithm.
enable
Enables the OSPFv3 area.
disable
Disables the OSPFv3 area.
delete
Deletes the OSPFv3 area.
cur
Displays the current OSPFv3 configuration.
/cfg/l3/ospfv3/range
OSPFv3 Summary Range Configuration Menu

[OSPFv3 Summary
addr
prefix aindex hide
-
Range 1 Menu]
Set IPv6 address
Set IPv6 prefix length
Set area index
Enable/disable hide range
Enable range
Disable range
Delete range
Display current OSPFv3 summary range configuration
Table 252: OSPFv3 Summary Range Configuration Menu Options (/cfg/l3/ospfv3/range)

addr <IP Address (such as, 192.4.17.101)>
Displays the base IP address for the range.
prefix
Sets the length of the IPv6 prefix.

Displays the area index.
hide disable|enable
Hides the OSPF v3 summary range.
357

Table 252: OSPFv3 Summary Range Configuration Menu Options (/cfg/l3/ospfv3/range)

enable
Enables the OSPF v3 summary range.
disable
Disables the OSPF v3 summary range.
delete
Deletes the OSPF v3 summary range.
cur
Displays the current OSPF v3 summary range.
/cfg/l3/ospfv3/if
OSPFv3 Interface Configuration Menu

[OSPFv3 Interface 1 Menu]
prio
- Set interface router priority
cost
- Set interface cost
hello
- Set hello interval in seconds
dead
- Set dead interval in seconds
trans
- Set transit delay in seconds
retra
- Set retransmit interval in seconds
enable - Enable interface
disable - Disable interface
delete - Delete interface
cur
- Display current OSPFv3 interface configuration
Table 253: OSPFv3 Interface Configuration Menu Options (/cfg/l3/ospfv3/if)

Displays the OSPF v3 area index.
prio <priority value (0-255)>

Displays the assigned priority value to Alteon OSPF v3 interfaces.
A priority value of 127 is the highest and 1 is the lowest. A priority value of 0 specifies
that the interface cannot be used as Designated Router (DR) or Backup Designated
Router (BDR).
cost <cost value (1-65535)>

Displays cost set for the selected path: preferred or backup. Usually the cost is inversely
proportional to the bandwidth of the interface. Low cost indicates high bandwidth.

Displays the interval in seconds between the hello packets for the interfaces.

Displays the health parameters of a hello packet, which is set for an interval in seconds
before declaring a silent router to be down.
358

Table 253: OSPFv3 Interface Configuration Menu Options (/cfg/l3/ospfv3/if)

Displays the transit delay in seconds.

enable
Enables the OSPF v3 interface.
disable
Disables the OSPF v3 interface.
delete
Deletes the OSPF v3 interface.
cur
Displays the current settings for the OSPF v3 interface.
/cfg/l3/ospfv3/virt
OSPFv3 Virtual Link Configuration Menu

[OSPFv3 Virtual
aindex hello
dead
trans
retra
nbr
-
Link 1 Menu]
Set area index
Set hello interval in seconds
Set dead interval in seconds
Set transit delay in seconds
Set retransmit interval in seconds
Set router ID of virtual neighbor
Enable interface
Disable interface
Delete interface
Display current OSPFv3 interface configuration
Table 254: OSPFv3 Virtual Link Configuration Menu Options (/cfg/l3/ospfv3/virt)

Displays the OSPF v3 area index.

Displays the authentication parameters of a hello packet, which is set to be in an
interval of seconds.

Displays the health parameters of a hello packet, which is set to be in an interval of
seconds.
Default: 40 seconds

Displays the delay in transit in seconds.
Default: 1 second
359

Table 254: OSPFv3 Virtual Link Configuration Menu Options (/cfg/l3/ospfv3/virt)

Default: 5 seconds
nbr <nbr router ID (IP address)>

Displays the router ID of the virtual neighbor.
Default: 0.0.0.0
enable
Enables OSPF v3 virtual link.
disable
Disables OSPF v3 virtual link.
delete
Deletes OSPF v3 virtual link.
cur
Displays the current OSPF v3 virtual link settings.
/cfg/l3/ospfv3/host
OSPFv3 Host Entry Configuration Menu

[OSPFv3 Host Entry 1 Menu]
addr
- Set host entry IPv6 address
cost
- Set cost of this host entry
enable - Enable host entry
disable - Disable host entry
delete - Delete host entry
cur
- Display current OSPFv3 host entry configuration
Table 255: OSPFv3 Host Entry Configuration Menu Options (/cfg/l3/ospfv3/host)

Displays the base IP address for the host entry.

Displays the area index of the host.
cost <cost value [1-65535]>

Displays the cost value of the host.
enable
Enables the OSPF v3 host entry.
disable
Disables the OSPF v3 host entry.
360

Table 255: OSPFv3 Host Entry Configuration Menu Options (/cfg/l3/ospfv3/host)

delete
Deletes the OSPF v3 host entry.
cur
Displays the current OSPF v3 host entries.
/cfg/l3/ospfv3/redist <fixed|static>
OSPFv3 Route Redistribution Configuration Menu.

[OSPFv3 Redistribute Fixed Menu]
add
- Add rmap into route redistribution list
rem
- Remove rmap from route redistribution list
export - Export all routes of this protocol
cur
- Display current route-maps added
Table 256: OSPFv3 Route Redistribution Menu Options (/cfg/l3/ospfv3/redist)

add <(route map (1-32)
route map (1-32))> |all
Adds a route map to the route redistribution list. The routes of the redistribution protocol
matched by the route maps in the route redistribution list are redistributed.
To add specific route maps, enter routing map numbers one per line, with NULL at the
end.
To add all 32 route maps, enter all.
rem <(route map (1-32)
route map (1-32))> ... |all
Removes the route map from the route redistribution list.

To remove specific route maps, enter routing map numbers one per line, with NULL at
end.
To remove all 32 route maps, enter all.
export <metric (1-16777215)
metric type (1|2)>
|none
Exports the routes of this protocol as external OSPF AS-external LSAs in which the
metric and metric type are specified. To remove a previous configuration and stop
exporting the routes of the protocol, enter none.
cur
Displays the current route map settings.
/cfg/l3/bgp
Border Gateway Protocol Configuration

The Border Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to
share routing information with each other, and advertise information about the segments of the IP
address space they can access within their network with routers on external networks. BGP lets you
decide what is the "best" route for a packet to take from your network to a destination on another
network, rather than simply setting a default route from your border routers to your upstream
providers. You can configure BGP either within an autonomous system or between different
361

autonomous systems. When run within an autonomous system, it is called internal BGP (iBGP).
When run between different autonomous systems, it is called external BGP (eBGP). BGP is defined in
RFC 1771.
The Border Gateway Protocol menu lets you configure Alteon to receive routes and to advertise
static routes, fixed routes, and virtual server IP addresses with other internal and external routers.
BGP is turned off by default.
[Border Gateway Protocol Menu]

peer
- Peer menu
aggr
- Aggregation menu
as
- Set Autonomous System (AS) number
maxpath - Set Max AS Path Length
pref
- Set Local Preference
on
- Globally turn BGP ON
off
- Globally turn BGP OFF
cur
- Display current BGP configuration
Note: Fixed routes are subnet routes. There is one fixed route per IP interface.
Table 257: Border Gateway Protocol Menu (/cfg/l3/bgp)

peer <peer number (1-16)>
Displays the BGP Peer menu used to configure each BGP peer. Each border router, within
an autonomous system (AS), exchanges routing information with routers on other
external networks. To view this menu, see /cfg/l3/bgp/peer <peer number> BGP Peer
aggr <aggregate number (1-16)>

Displays the Aggregation menu. To view this menu, see /cfg/l3/bgp/aggr <aggregate
number> BGP Aggregate Routing Configuration Menu, page 366.
as <autonomous system number (1-65535)>

Sets the Autonomous System Number (ASN) for this autonomous system.
An AS is the unit of a router policy, either a single network or a group of networks, that
is controlled by a common network administrator on behalf of an administrative entity
(such as a university, a business enterprise, or a business division). An AS is assigned a
globally unique number called an ASN. An autonomous system shares routing
information with other autonomous systems using the Border Gateway Protocol (BGP).
maxpath <max AS path length (1-127)>

Limits the maximum length of an accepted AS Path. Paths greater than this value are
ignored. This is designed to protect the MP CPU, memory resources, and routing table
from BGP-based attacks, BGP errors and probes designed to locate BGP speaking
devices that do not limit the maximum AS Path.
Default: 50
pref <preference (0-4294967294)>

Sets the local preference. The path with the higher value is preferred.
When multiple peers advertise the same route, use the route with the shortest AS path
as the preferred route if you are using eBGP, or use the local preference if you are using
iBGP.
362

Table 257: Border Gateway Protocol Menu (/cfg/l3/bgp)

on
Globally turns BGP on.
off
Globally turns BGP off.
cur
Displays the current BGP configuration.
/cfg/l3/bgp/peer <peer number>
BGP Peer Configuration Menu

This menu is used to configure BGP peers, which are border routers that exchange routing
information with routers on internal and external networks. The peer option is disabled by default.
[BGP Peer 1 Menu]

redist - Redistribution menu
addr
- Set remote IP address
ras
- Set remote autonomous system number
hold
- Set hold time
alive
- Set keep alive time
advert - Set min time between advertisements
retry
- Set connect retry interval
orig
- Set min time between route originations
ttl
- Set time-to-live of IP datagrams
addi
- Add rmap into in-rmap list
addo
- Add rmap into out-rmap list
remi
- Remove rmap from in-rmap list
remo
- Remove rmap from out-rmap list
enable - Enable peer
disable - Disable peer
delete - Delete peer
cur
- Display current peer configuration
Table 258: BGP Peer Configuration Options (/cfg/l3/bgp/peer)

redist
Displays the BGP Redistribution menu. To view this menu, see /cfg/l3/bgp/peer/redist
BGP Redistribution Configuration Menu, page 365.

Defines the IP address for the specified peer (border router), using dotted decimal
notation.
Default: 0.0.0.0
ras <AS number (0-65535)>

Sets the remote autonomous system number for the specified peer.
363

Table 258: BGP Peer Configuration Options (/cfg/l3/bgp/peer)

hold <hold time (0, 3-65535)>
Sets the period of time that will elapse before the peer session is torn down because
Alteon has not received a "keep alive" message from the peer.
Default: 90 seconds
alive <keepalive time (0, 1-21845)>

Sets the keep-alive time for the specified peer in seconds.
Default: 0
advert <min adv time (1-65535)>

Sets the time in seconds between advertisements.
retry <connect retry interval (1-65535)>

Sets the connection retry interval in seconds.
orig <min orig time (1-65535)>

Sets the minimum time between route originations in seconds.
ttl <number of router hops (1-255)>

Time-to-live (TTL) is a value in an IP packet that tells a network router whether the
packet has been in the network too long and should be discarded. TTL specifies a certain
time span in seconds that, when exhausted, causes the packet to be discarded. The TTL
is determined by the number of router hops the packet is allowed before it must be
discarded.
This command specifies the number of router hops that the IP packet can make. This
value is used to restrict the number of hops the advertisement makes. It is also used to
support multi-hops, which allow BGP peers to talk across a routed network.
Default: 1
addi <route map ID (1-32)>

Adds a route map into the in-route map list.
addo <route map ID (1-32)>

Adds a route map into the out-route map list.
remi <route map ID (1-32)>

Removes a route map from the in-route map list.
remo <route map ID (1-32)>

Removes a route map from the out-route map list.
ena
Enables this peer configuration.
dis
Disables this peer configuration.
del
Deletes this peer configuration.
cur
Displays the current BGP peer configuration.
364

/cfg/l3/bgp/peer/redist
BGP Redistribution Configuration Menu

[Redistribution
metric default rip
ospf
fixed
static vip
cur
-
Menu]
Set default-metric of advertised routes
Set default route action
Enable/disable advertising RIP routes
Enable/disable advertising OSPF routes
Enable/disable advertising fixed routes
Enable/disable advertising static routes
Enable/disable advertising VIP routes
Display current redistribution configuration
Table 259: BGP Redistribution Configuration Menu Options (/cfg/l3/bgp/peer/redist)

metric <metric (1-4294967294)>
|none
Sets default metric of advertised routes.
default none|import|originate|redistribute
Sets default route action.
Values:
NoneNo routes are configured.
ImportImport these routes.
OriginateAlteon sends a default route to peers even though it does not have any
default routes in its routing table.
RedistributeDefault routes are either configured through a default gateway or

learned through other protocols and redistributed to peer. If the routes are learned
from a default gateway configuration, you must enable static routes because the
routes from the default gateway are static routes. Similarly, if the routes are learned
from a certain routing protocol, you must enable that protocol in this redistribute
sub-menu.
rip disable|enable
Enables or disables advertising RIP routes.
ospf disable|enable
Enables or disables advertising OSPF routes.
fixed disable|enable
Enables or disables advertising fixed routes.
static disable|enable
Enables or disables advertising static routes.
vip disable|enable
Enables or disables advertising VIP routes.
cur
Displays the current redistribution configuration.
365

/cfg/l3/bgp/aggr <aggregate number>
BGP Aggregate Routing Configuration Menu

This menu lets you configure aggregate routing to condense the number of routes between internal
and external peer routers.
[BGP Aggr 1 Menu]

addr
- Set aggregation IP address
mask
- Set aggregation network mask
enable - Enable aggregation
disable - Disable aggregation
delete - Delete aggregation
current - Display current aggregation configuration
Table 260: BGP Aggregate Menu Options (/cfg/l3/ip/bgp/aggr)

addr <IP address, such as 192.4.17.101>
Adds the IP address to the selected aggregate.
mask <IP subnet mask, such as 255.255.255.0>

Sets the IP mask for the selected aggregate.
enable
Enables the selected aggregate.
disable
Disables the selected aggregate.
delete
Deletes the selected aggregate.
current
Displays the current aggregate configuration.
/cfg/l3/port <port number>
IP Forwarding Port Configuration Menu

The Layer 3 Port menu lets you turn IP forwarding on or off on a port-by-port basis. By default, the
port forwarding option is turned on.
[IP Forwarding Port 1 Menu]

on
- Turn Forwarding ON
off
- Turn Forwarding OFF
cur
- Display current port configuration
Table 261: IP Forwarding Port Configuration Menu Options (/cfg/l3/port)

on
Enables IP forwarding for the current port.
off
Disables IP forwarding for the current port.
366

Table 261: IP Forwarding Port Configuration Menu Options (/cfg/l3/port)

cur
Displays the current IP forwarding settings.
/cfg/l3/dns
Domain Name System Configuration Menu

The Domain Name System (DNS) menu is used for defining the primary and secondary DNS servers
on your local network, and for setting the default domain name served by Alteon services. DNS
parameters must be configured prior to using hostname parameters with the ping, traceroute, and
tftp commands.
[Domain Name System Menu]

prima
- Set IP address of primary DNS server
secon
- Set IP address of secondary DNS server
dname
- Set default domain name
cur
- Display current DNS configuration
Table 262: Domain Name System Menu Options (/cfg/l3/dns)

prima <IP address>
You are prompted to set the IP address for your primary DNS server. For example:
Current primary DNS server:

Enter new primary DNS server (v4 or v6):
secon <IP address>
You are prompted to set the IP address for your secondary DNS server. If the primary
DNS server fails, the configured secondary is used instead. For example:
Current secondary DNS server:

Enter new secondary DNS server (v4 or v6):
dname <dotted DNS notation>
|none
Sets the default domain name.

For example:
mycompany.com
cur
Displays the current Domain Name System (DNS) settings.
367

/cfg/l3/bootp
Bootstrap Protocol Relay Configuration Menu

The Bootstrap Protocol (BOOTP) Relay menu is used to allow hosts to obtain their configurations
from a Dynamic Host Configuration Protocol (DHCP) server. The BOOTP configuration enables Alteon
to forward a client request for an IP address to two DHCP/BOOTP servers with IP addresses that
have been configured on Alteon.
The Bootstrap Protocol Relay menu is turned off by default.
[Bootstrap Protocol Relay Menu]

addr
- Set IP address of BOOTP server
addr2
- Set IP address of second BOOTP server
on
- Globally turn BOOTP relay ON
off
- Globally turn BOOTP relay OFF
cur
- Display current BOOTP relay configuration
Table 263: Bootstrap Protocol Relay Configuration Menu Options (/cfg/l3/bootp)

Sets the IP address of the BOOTP server.
addr2 <IP address (such as, 192.4.17.101)>

Sets the IP address of the second BOOTP server.
on
Globally turns on BOOTP relay.
off
Globally turns off BOOTP relay.
cur
Displays the current BOOTP relay configuration.
/cfg/l3/vrrp
VRRP Configuration Menu

Alteon Virtual Router Redundancy Protocol (VRRP) support provides redundancy between routers in
a LAN. This is done by configuring the same virtual router IP address and ID number on each
participating VRRP-capable routing device. One of the virtual routers is then elected as the master
368

based on a number of priority criteria, and assumes control of the shared virtual router IP address.
If the master fails, one of the backup virtual routers assumes routing authority and takes control of
the virtual router IP address.
[Virtual Router
vr
vrgroup group
if
track
ospf
autosmir hotstan on
off
holdoff srvPbkp Standby
cur
-
Redundancy Protocol Menu]

VRRP Virtual Router Menu
VRRP Virtual Router Vrgroup Menu
VRRP Virtual Router Group Menu
VRRP Interface Menu
VRRP Priority Tracking Menu
OSPF cost adjustment
Periodically send session mirror request to VRRP Master
Enable/disable hot-standby processing
Globally turn VRRP ON
Globally turn VRRP OFF
Globally set VRRP hold off time
Enable/disable server processing on standby switch for ActiveDisplay current VRRP configuration
Note: The IP address of a VRRP virtual interface router (VIR) and virtual server router (VSR) must
be in the same IP subnet as the interface to which it is assigned.
By default, VRRP is disabled. Alteon has extended VRRP to also include virtual servers, allowing for
full active-active redundancy over Layer 4. For more information on VRRP, see the High Availability
chapter in the Alteon Application Switch Operating System Application Guide.
Table 264: Virtual Router Redundancy Protocol Options (/cfg/l3/vrrp)

vr <virtual router number (1-1024)>
Displays the VRRP Virtual Router menu. This menu is used for configuring up to 1024
virtual routers. To view this menu, see /cfg/l3/vrrp/vr <router number> Virtual Router
vrgroup <virtual router vrgroup number (1-16)>

Displays the VR Group menu. To view this menu, see /cfg/l3/vrrp/group Virtual Router
Group Configuration, page 378.
group
Displays the VRRP Virtual Router Group menu, used to combine all virtual routers
together as one logical entity. Group options must be configured when using two or
more Alteons in a hot-standby failover configuration where only one Alteon is active at
any given time. To view the menu, see /cfg/l3/vrrp/group Virtual Router Group

Displays the VRRP Virtual Router Interface menu. To view this menu, see /cfg/l3/vrrp/if
<interface number> VRRP Interface Configuration, page 381.
track
Displays the VRRP Tracking menu. This menu is used for weighting the criteria used
when modifying priority levels in the master router election process. To view this menu,
see /cfg/l3/vrrp/track VRRP Tracking Configuration, page 382.
369

Table 264: Virtual Router Redundancy Protocol Options (/cfg/l3/vrrp)

ospf
Configures the OSPF cost increment. To disable OSPF cost adjustment, when prompted,
enter the new cost increment as 0.
autosmir
Synchronizes the sessions from master to backup automatically at the configured time
of day every configured period (daily, weekly, monthly). To disable autosmir, when
prompted, enter the date as 0, month as 0, and the year as 0.
hotstan disable|enable
Enables or disables hot-standby processing, in which two or more Alteons provide
redundancy for each other.
Default: disable
Note: When you enable hot-standby for a VR group, the currently set priority for the
VR group is increased by 2.
on
Globally enables VRRP.
off
Globally disables VRRP.
holdoff <0-255 seconds>

Globally suspends VRRP operation for the specified interval.
srvPbkp
Enables or disables server processing on the standby Alteon for active-standby.
cur
Displays the current VRRP parameters.
/cfg/l3/vrrp/vr <router number>
Virtual Router Configuration Menu

This menu is used to configure up to 256 virtual routers for this Alteon. A virtual router is defined by
its virtual router ID and an IP address. On each VRRP-capable routing Alteon participating in
redundancy for this virtual router, a virtual router is configured to share the same virtual router ID
and IP address.
Virtual routers are disabled by default.
Note: The VRRP3 VRID for an IPv6 VRRP configuration has a range of 1 to 255.
370

[VRRP Virtual Router 1 Menu]

track
- Priority Tracking Menu
ipver
- Set IP version
vrid
- Set virtual router ID
addr
- Set IP address
if
- Set interface number
prio
- Set renter priority
ospf
- OSPF cost adjustment
adver
- Set advertisement interval
preem
- Enable or disable preemption
share
- Enable or disable sharing
ena
- Enable virtual router
dis
- Disable virtual router
del
- Delete virtual router
cur
- Display current VRRP virtual router configuration
Table 265: VRRP Virtual Router Options (/cfg/l3/vrrp/vr)

track
Displays the VRRP Priority Tracking menu for this virtual router.
To view this menu, see /cfg/l3/vrrp/vr <router number> /track Virtual Router Priority
Tracking Configuration Menu, page 373.
Tracking is a proprietary extension to VRRP, used for modifying the standard priority
system used for electing the master router. Tracking is not needed if sharing is enabled
(see the share command in this table).
ipver v4|v6
Sets the version of the Internet Protocol supported by this virtual router.
Default: v4
vrid
<virtual router ID (1-1024)>

Defines the virtual router ID. This is used in conjunction with the addr command to
define a virtual router. To create a pool of VRRP-enabled routing Alteons which can
provide redundancy for each other, each participating VRRP Alteon must be configured
with the same virtual router, meaning one that shares the same vrid and addr
combination.
For standard virtual routers (where the virtual router IP address is not the same as
any virtual server):
Values: 1255
Default: 1
For virtual server routers where the virtual router IP address is the same as the
virtual server can be any integer:
Values: 11024
Default: 1
All vrid values must be unique within the VLAN to which the virtual router's IP interface
belongs.
371


addr <IP address>
Defines the IP address for this virtual router using the notation appropriate to the IP
version supported by this virtual router. This is used in conjunction with the vrid to
configure the same virtual router on each participating VRRP Alteon.
IPv4 addresses use a dotted decimal notation (for example, as 192.168.0.1).
IPv6 addresses use a hexadecimal format (for example, 2006:0:0:0:0:0:20:64).
Default: 0.0.0.0

Selects an Alteon IP interface. If the IP interface has the same IP address as the addr
(see in this table), this Alteon is considered the "owner" of the defined virtual router. An
owner has a special priority of 255 (highest) and always assumes the role of the master
router, even if it must preempt another virtual router which has assumed master routing
authority. This preemption occurs even if the preem option is disabled (see in this
table).
Values: 1256
Default: 1
prio
<priority (1-254)>
Defines the election priority bias for this virtual server.
Note: When you enable hot-standby for a vrgroup, the currently set priority for the
vrgroup is increased by 2.
During the master router election process, the routing Alteon with the highest virtual
router priority number wins. If there is a tie, the Alteon with the highest IP interface
address wins. If this virtual router's IP address (addr) is the same as the one used by
the IP interface, the priority for this virtual router is automatically set to 255 (highest).
When priority tracking is used (/cfg/l3/vrrp/track or /cfg/l3/vrrp/vr #/
track), this base priority value can be modified according to a number of performance
and operational criteria.
Values: 1254
Default: 100
ospf
Updates the OSPF cost increment for this virtual router. To disable OSPF cost
adjustment, when prompted, enter the new cost increment as 0.
adver <seconds (1-255)>

Defines the time interval between VRRP master advertisements.
Values: 1255 seconds.
Default: 1
preem
disable|enable
Enables or disables master preemption. When enabled, if this virtual router is in backup
mode but has a higher priority than the current master, this virtual router preempts the
lower priority master and assumes control.
Note: Even when preem is disabled, this virtual router always preempts any other
master if this Alteon is the owner (the IP interface address and virtual router addr are
the same).
Default: enable
372


share disable|enable
Enables or disables virtual router sharing, a proprietary extension to VRRP. When
enabled, this Alteon processes any traffic addressed to this virtual router, even when in
backup mode.
Default: enable
ena
Enables this virtual router.
dis
Disables this virtual router.
del
Deletes this virtual router.
cur
Displays the current configuration information for this virtual router.
/cfg/l3/vrrp/vr <router number> /track
Virtual Router Priority Tracking Configuration Menu

This menu is used for modifying the priority system used when electing the master router from a
pool of virtual routers. Various tracking criteria can be used to bias the election results. Each time
one of the tracking criteria is met, the priority level for the virtual router is increased by an amount
defined through the VRRP Tracking menu (see /cfg/l3/vrrp/track VRRP Tracking Configuration,
page 382).
Criteria are tracked dynamically, continuously updating virtual router priority levels when enabled. If
the virtual router preemption option (see preem in /cfg/l3/vrrp/group/track Virtual Router Group
Priority Tracking Configuration, page 380) is enabled, this virtual router can assume master routing
authority when its priority level rises above that of the current master.
Some tracking criteria (such as vrs, ifs, and ports) apply to standard virtual routers (virtual interface
routers). Other tracking criteria (such as l4pts, reals, and hsrp) apply to virtual server routers,
which perform Layer 4 Server Load Balancing functions. A virtual server router is defined as any
virtual router whose IP address (addr) is the same as any configured virtual server IP address.
[VRRP Virtual
vrs
ifs
ports
l4pts
reals
hsrp
hsrv
cur
Router 1 Priority Tracking Menu]

- Enable/disable tracking master virtual routers
- Enable/disable tracking other interfaces
- Enable/disable tracking VLAN switch ports
- Enable/disable tracking L4 switch ports
- Enable/disable tracking L4 real servers
- Enable/disable tracking HSRP
- Enable/disable tracking HSRP by VLAN
373

Table 266: VRRP Priority Tracking Menu Options (/cfg/l3/vrrp/vr/track)

vrs disable|enable
When enabled, the priority for this virtual router is increased for each virtual router in
master mode on this Alteon. This is useful for ensuring that traffic for any particular
client/server pairing is handled by the same Alteon, increasing routing and load
balancing efficiency.
Default: disable
ifs disable|enable
When enabled, the priority for this virtual router is increased for each IP interface active
on this Alteon. An IP interface is considered active when there is at least one active port
on the same VLAN. This helps elect the virtual routers with the most available routes as
the master.
Default: disable
ports disable|enable
When enabled, the priority for this virtual router is increased for each active port on the
same VLAN. A port is considered active if it has a link and is forwarding traffic. This
helps elect the virtual routers with the most available ports as the master.
Default: disable
l4pts disable|enable
When enabled for virtual server routers (VSRs) and virtual interface routers (VIRs), the
priority for this virtual router is increased for each physical port which has active Layer 4
processing on this Alteon. This helps elect the main Layer 4 Alteon as the master.
Default: disable
reals disable|enable
When enabled for virtual server routers, the priority for this virtual router is increased
for each healthy real server behind the virtual server IP address of the same IP address
as the virtual router on this Alteon. This helps elect the Alteon with the largest server
pool as the master, increasing Layer 4 efficiency.
Default: disable
hsrp
disable|enable
The Hot Standby Router Protocol (HSRP) is used with some types of routers for
establishing router failover. In networks where HSRP is used, enable this option to
increase the priority of this virtual router for each Layer 4 client-only port that receives
HSRP advertisements. Enabling HSRP helps elect the Alteon closest to the master HSRP
router as the master, optimizing routing efficiency.
Default: disable
hsrv
disable|enable
Hot Standby Router on VLAN (HSRV) is used to work in VLAN-tagged environments.
Enable this option to increment only that vrrp instance that is on the same VLAN as the
tagged HSRP master flagged packet.
Default: disable
cur
Displays the current configuration for priority tracking for this virtual router.
374

/cfg/l3/vrrp/vrgroup
Virtual Router Group Menu

The Virtual Router Group feature allows for the failover of individual groups of VIRs and VSRs. When
Web hosting is shared between two or more customers on a single Alteon VRRP, you can group VIRs
and VSRs to serve the high availability of a specific customer. If failover occurs on a customer link,
the group of VIRs and VSRs associated with that customer alone will fail over to the backup Alteon.
The VIRs and VSRs configured for the other customers on the master Alteon are not affected.
Up to 16 virtual router groups (vrgroups) can be configured.
Note: Virtual Router Group failover requires that you enable preemption for the group using the
/cfg/l3/vrrp/vrgroup/preem command.
[VRRP Virtual
track
name
add
rem
prio
ospf
trackvr
adver
preem
share
ena
dis
del
cur
Router Vrgroup 1 Menu]

- Set virtual router group name
- Add virtual router to group
- Remove virtual router from group
- Set priority for virtual router group
- Set track virtual router for group
- Set advertisement interval for group
- Enable/disable preemption for group
- Enable/disable sharing for group
- Enable virtual router group
- Disable virtual router group
- Delete virtual router group
- Display current VRRP virtual router group configuration
Table 267: Virtual Router Group Menu Options (/cfg/l3/vrrp/vrgroup)

track
Displays the VRRP Priority Tracking menu for this virtual router group. To view this
menu, see /cfg/l3/vrrp/group/track Virtual Router Group Priority Tracking Configuration,
page 380.
Tracking is a proprietary extension to VRRP used for modifying the standard priority
system for electing the master router.
name
Defines the virtual router group name.
add <virtual router number (1-1024)>

Adds a virtual router to the group. Each virtual router group can have up to 64 virtual
routers.
rem <virtual router number (1-1024)>

Removes a virtual router from the group.
375

Table 267: Virtual Router Group Menu Options (/cfg/l3/vrrp/vrgroup)

prio <1-254>
Defines the election priority bias for this virtual router group.
address wins. If this virtual router's IP address (addr) is the same as the one used by the
IP interface, the priority for this virtual router is automatically set to 255 (highest).
When priority tracking is used (/cfg/l3/vrrp/vrgroup #/track), this base priority
value can be modified according to a number of performance and operational criteria.
Values: 1254
Default: 100
ospf
Updates the OSPF cost increment for this virtual router group. To disable OSPF cost
trackvr <virtual router number (0-1024)>

Sets one of the virtual routers in a group as the main virtual router. If the main virtual
router fails, the entire group fails.
adver <1-255 seconds>

Sets the advertisement interval for the group.
preem disable|enable
Enables or disables preemption for the group.
Enables or disables sharing for the group.
ena
Enables the virtual router group.
dis
Disables the virtual router group.
del
Deletes the virtual router group.
cur
Displays the current VRRP virtual router group configuration.
376

/cfg/l3/vrrp/vrgroup <vrgroup number> /track
Virtual Router Group Priority Tracking Configuration Menu

This menu is used to modify the priority system used when electing the master router from a pool of
virtual routers. Various tracking criteria can be used to bias the election results. Each time one of the
tracking criteria is met, the priority level for the virtual router is increased by an amount defined
through the VRRP Tracking menu (see /cfg/l3/vrrp/track VRRP Tracking Configuration, page 382).
Criteria are tracked dynamically, continuously updating virtual router priority levels when enabled.
[VRRP Vrgroup 1 Priority Tracking Menu]

ifs
- Enable/disable tracking interfaces
ports
l4pts
reals
hsrp
hsrv
cur
- Display current VRRP vrgroup tracking configuration
Table 268: Virtual Router Group Priority Tracking Menu Options (/cfg/l3/vrrp/vrgroup/track)

ifs disable|enable
When enabled, the priority is increased for each IP interface active in this virtual router
group. An IP interface is considered active when there is at least one active port in the
same VLAN. This helps elect the virtual routers with the most available routes as the
master.
Default: disable
When enabled, the priority is increased for each active port in the VLAN in this virtual
router group. A port is considered active if it has a link and is forwarding traffic. This
helps elect the virtual routers with the most available ports as the master.
Default: disable
When enabled for virtual server routers, the priority is increased for each physical port
which has active Layer 4 processing in this virtual router group. This helps elect the
main Layer 4 Alteon as the master.
Default: disable
When enabled for virtual server routers, the priority is increased for each healthy real
server behind the virtual server IP address of the same IP address as the virtual router
in this virtual router group. This helps elect the Alteon with the largest server pool as
the master, increasing Layer 4 efficiency.
Default: disable
hsrp disable|enable
The Hot Standby Router Protocol (HSRP) is used with some types of routers for
establishing router failover. In networks where HSRP is used, enable this option to
increase the priority of this virtual router group for each Layer 4 client-only port that
receives HSRP advertisements. Enabling HSRP helps elect the Alteon closest to the
master HSRP router as the master, optimizing routing efficiency.
Default: disable
377

Table 268: Virtual Router Group Priority Tracking Menu Options (/cfg/l3/vrrp/vrgroup/track)

hsrv disable|enable
Enable this option to increment only that vrrp instance in the virtual router group that is
on the same VLAN as the tagged HSRP master flagged packet.
Default: disable
cur
Displays the current configuration for priority tracking for this virtual router group.
/cfg/l3/vrrp/group
Virtual Router Group Configuration

The Virtual Router Group menu is used for associating all virtual routers into a single logical virtual
router, which forces all virtual routers on the Alteon to either be master or backup as a group. A
virtual router is defined by its virtual router ID and an IP address. On each VRRP-capable routing
Alteon participating in redundancy for this virtual router, a virtual router is configured to share the
same virtual router ID and IP address.
Note: This option is required only when using at least two Alteons in a hot-standby failover
configuration, where only one Alteon is active at any time.
[VRRP Virtual
track
ipver
vrid
if
prio
ospf
adver
preem
share
ena
dis
del
cur
Router Group Menu]

- Set IP version
- Set virtual router ID
- Set interface number
- Set renter priority
- Set advertisement interval
- Enable or disable preemption
- Enable or disable sharing
- Enable virtual router
- Disable virtual router
- Delete virtual router
Table 269: VRRP Virtual Router Group Options (/cfg/l3/vrrp/group)

track
Displays the VRRP Priority Tracking menu for the virtual router group.
To view this menu, see /cfg/l3/vrrp/track VRRP Tracking Configuration, page 382.
Tracking is a proprietary extension to VRRP, used for modifying the standard priority
system used for electing the master router. Tracking is not needed if sharing (the share
option) is enabled.
378


ipver v4|v6
Sets the version of the Internet Protocol supported by the virtual router group.
Default: v4
vrid
<virtual router ID (1-255)>

Defines the virtual router ID for this group.

Selects an Alteon IP interface.
Values: 1256
Default: 1
prio
<priority (1-254)>
Defines the election priority bias for this virtual router group.
address wins. If this virtual router's IP address (addr) is the same as the one used by the
IP interface, the priority for this virtual router is automatically be set to 255 (highest).
When priority tracking is used (/cfg/l3/vrrp/track or /cfg/l3/vrrp/vr #/
track), this base priority value can be modified according to a number of performance
and operational criteria.
Values: 1254
Default: 100
ospf
Updates the OSPF cost increment for this virtual router group. To disable OSPF cost
adver <1-255>
Defines the time interval between VRRP master advertisements.
Values: 1255 (for IPv4, in seconds; for IPv6, in centiseconds)
Default: 1 for IPv4; 100 for IPv6
Note: Radware recommends that the default value of 100 or above is used for IPv6
interfaces to avoid a high load on the Alteon management CPU.
preem disable|enable
Enables or disables master preemption. When enabled, if the virtual router group is in
backup mode but has a higher priority than the current master, this virtual router
preempts the lower priority master and assumes control.
Note: Even when preem is disabled, this virtual router always preempts any other
master if this Alteon is the owner (the IP interface address and virtual router addr are
the same).
Default: enable
Enables or disables virtual router sharing, a proprietary extension to VRRP. When
enabled, this Alteon processes any traffic addressed to this virtual router, even when in
backup mode.
Default: enable
379


ena
Enables the virtual router group.
dis
Disables the virtual router group.
del
Deletes the virtual router group.
cur
Displays the current configuration information for the virtual router group.
/cfg/l3/vrrp/group/track
Virtual Router Group Priority Tracking Configuration
Note: If Virtual Router Group Tracking is enabled, the tracking option is available only under group
option. The tracking setting for the other individual virtual routers is ignored.
[Virtual Router Group Priority Tracking Menu]

ifs
- Enable/disable tracking other interfaces
ports
l4pts
reals
hsrp
hsrv
cur
- Display current VRRP Group Tracking configuration
Table 270: Virtual Router Group Priority Tracking Options (/cfg/l3/vr/group/track)

ifs disable|enable
When enabled, the priority for this virtual router is increased for each other IP interface
active on this Alteon. An IP interface is considered active when there is at least one
active port on the same VLAN. This helps elect the virtual routers with the most available
routes as the master.
Default: disable
When enabled, the priority for this virtual router is increased for each active port on the
same VLAN. A port is considered active if it has a link and is forwarding traffic. This helps
elect the virtual routers with the most available ports as the master.
Default: disable
When enabled for virtual server routers, the priority for this virtual router will be
increased for each physical switch port which has active Layer 4 processing on this
switch. This helps elect the main Layer 4 switch as the master. This command is disabled
by default.
380

Table 270: Virtual Router Group Priority Tracking Options (/cfg/l3/vr/group/track)

When enabled for virtual server routers, the priority for this virtual router is increased
for each healthy real server. This helps elect the Alteon with the largest server pool as
the master, increasing Layer 4 efficiency.
Default: disable
hsrp disable|enable
Enables Hot Standby Router Protocol (HSRP) for this virtual router group. HSRP is used
with some types of routers for establishing router failover. In networks where HSRP is
used, enable this option to increase the priority of this virtual router for each Layer 4
client-only port that receives HSRP advertisements. This helps elect the Alteon closest to
the master HSRP router as the master, optimizing routing efficiency.
Default: disable
hsrv disable|enable
Enable this option to increment only that vrrp instance that is on the same VLAN as the
tagged HSRP master flagged packet.
Default: disable
cur
Displays the current configuration for priority tracking for this virtual router.
/cfg/l3/vrrp/if <interface number>
VRRP Interface Configuration

This menu is used to configure VRRP authentication parameters for the IP interfaces used with the
virtual routers.
[VRRP Interface
auth
passw
del
cur
-
1 Menu]
Set authentication types
Set plain-text password
Delete interface
Display current VRRP interface configuration
Table 271: VRRP Interface Menu Options (/cfg/l3/vrrp/if)

auth none|password
Defines the type of authentication to be used:
passw
noneNo authentication.
passwordPassword authentication.
<password>
Defines a plain text password. This password is added to each VRRP packet transmitted
by this interface when password authentication is chosen (see the auth command in this
table).
381

Table 271: VRRP Interface Menu Options (/cfg/l3/vrrp/if)

del
Clears the authentication configuration parameters for this IP interface. The IP interface
itself is not deleted.
cur
Displays the current configuration for this IP interface's authentication parameters.
/cfg/l3/vrrp/track
VRRP Tracking Configuration

This menu is used to set weights for the various criteria used to modify priority levels during the
master router election process. Each time one of the tracking criteria is met (see /cfg/l3/vrrp/vr
<router number> /track Virtual Router Priority Tracking Configuration Menu, page 373), the priority
level for the virtual router is increased by an amount defined through this menu.
These priority tracking options only define increment values. These options do not affect the VRRP
master router election process until options under the VRRP Virtual Router Priority Tracking menu
are enabled.
[VRRP Tracking Menu]

vrs
- Set priority increment for virtual router tracking
ifs
- Set priority increment for IP interface tracking
ports
- Set priority increment for VLAN switch port tracking
l4pts
- Set priority increment for L4 switch port tracking
reals
- Set priority increment for L4 real server tracking
hsrp
- Set priority increment for HSRP tracking
hsrv
- Set priority increment for HSRP by VLAN tracking
cur
- Display current VRRP Priority Tracking configuration
Table 272: VRRP Tracking Options (/cfg/l3/vrrp/track)

vrs <0-254>
Defines the priority increment value for virtual routers in master mode detected on this
Alteon.
Values: 1254
Default: 2
ifs <0-254>
Defines the priority increment value for active IP interfaces detected on this Alteon.
Values: 1254
Default: 2
ports <0-254>
Defines the priority increment value for active ports on the virtual router's VLAN.
Values: 1254
Default: 2
382

Table 272: VRRP Tracking Options (/cfg/l3/vrrp/track)

l4pts <0-254>
Defines the priority increment value for physical ports with active Layer 4 processing.
Values: 1254
Default: 2
reals <0-254>
Defines the priority increment value for healthy real servers behind the virtual server
router.
Values: 1254
Default: 2
hsrp
<0-254>
Defines the priority increment value for ports with Layer 4 client-only processing that
receive HSRP broadcasts.
Values: 1254
Default: 10
hsrv
<0-254>
Defines the priority increment value for VRRP instances that are on the same VLAN.
Values: 1254
Default: 10
cur
Displays the current configuration of priority tracking increment values.
/cfg/l3/metrc <metric name>
Default Gateway Metrics

If multiple default gateways are configured and enabled, a metric can be set to determine which
primary gateway is selected:
Table 273: Default Gateway Metrics (/cfg/l3/metrc)
Metric
Description
strict
The gateway number determines its level of preference. Gateway 1 acts as the
preferred default IP gateway until it fails or is disabled, at which point the next in
line takes over as the default IP gateway.
roundrobin
This provides basic gateway load balancing. Alteon sends each new gateway
request to the next healthy, enabled gateway in line. All gateway requests to the
same destination IP address are resolved to the same gateway.
383

/cfg/security
Security Configuration Menu

[Security Menu]
port
ipacl
udpblast dos
pgroup
seclog
pdepth
cur
-
Port Security Menu

IP ACL Menu
UDP Blast Protection Menu
Protocol Anomaly and DoS Attack Prevention Menu
Pattern Match Group Menu
Set rate threshold for security logging
Set packet depth for pattern matching
Display current Security configuration
Table 274: Security Configuration Menu Options (/cfg/security)

port <port number>
Displays the Port Security menu. To view this menu, see /cfg/security/port Port Security
Menu, page 385.
ipacl
Displays the IP address Access Control menu. To view this menu, see /cfg/security/ipacl
IP Address Access Control List Configuration Menu, page 386.
udpblast
Displays the UDP Blast menu. To view this menu, see /cfg/security/udpblast UDP Blast
Protection Configuration Menu, page 388.
dos
Displays the Protocol Anomaly and DoS Attack Prevention menu. To view this menu, see
/cfg/security/dos Anomaly and Denial of Service Attack Prevention Menu, page 388.
pgroup <pattern group ID (1-128)>

Displays the Pattern Match Group menu. To view this menu, see /cfg/security/pgroup
<pattern group number> Pattern Matching Menu, page 389.
seclog <rate threshold packets/sec, 0-1048576 (0, no rate threshold)>

Defines the rate threshold for security logging by the number of packets per second. Any
packets above the current threshold is logged.
pdepth <# of packets, 1-255|none>

Defines the search window for pattern matching beginning from the start of the packet
stream. The window is defined in units of packets.
cur
Displays the current security configuration.
384

/cfg/security/port
Port Security Menu

[Port 1 Menu]
bogon
ipacl
udpblast
dos
add
aadd
rem
arem
help
cur
Enable/disable bogon IP ACL

Enable/disable IP ACL
Enable/disable UDP blast protection
Enable/disable protocol anomaly and DoS attack prevention
Add protocol anomaly/DoS attack to prevention
Add all protocol anomaly/DoS attack to prevention
Remove protocol anomaly/DoS attack from prevention
Remove all protocol anomaly/DoS attack from prevention
Protocol anomaly and DoS attack prevention description
Display current port configuration
Table 275: Port Security Menu Options

bogon <enable|disable>
Enables or disables bogon IP ACL.
ipacl <enable|disable>
Enables or disables IP ACL.
udpblast <enable|disable>
Enables or disables UDP blast protection.
dos <enable|disable>
Enables or disables protocol anomaly and DoS attack prevention.
add <iplen | ipversion | broadcast | loopback | land

| ipreerved |ipttl| ipprot | ipoptlen |
fragmoredont | fragdata | fragboundary | fraglast
| fragdontoff | fragopt | fragoff | frag oversize | tcplen
| tcportzero| blat | tcpreserved | nullscan | fullxmasscan
| finscan | vecnascan |xmasscan | synfinscan | flagabnormal
| syndata | synfrag | ftpport |dnsport | seqzero
|ackzero | tcpoptlen | udplen | udpportzero | fraggle
| pepsi | rc8 | snmpnull | icmplen | smurf | icmpdata
| icmpoff | icmp-type | igmplen | igmpfrag | igmptype
| arplen | arpnbcast | arpncast | arpspoof | garp
| ip6len | ip6version>
Adds protocol anomalies and/or DoS attacks to be prevented.
aadd
Adds all protocol anomalies and DoS attacks to be prevented for the port.
385

Table 275: Port Security Menu Options

rem <iplen | ipversion | broadcast | loopback | land
| ipreerved |ipttl| ipprot | ipoptlen | fragmoredont
| fragdata | fragboundary | fraglast| fragdontoff | fragopt | fragoff | frag
oversize | tcplen | tcportzero| blat
| tcpreserved | nullscan | fullxmasscan | finscan | vecnascan |
xmasscan | synfinscan | flagabnormal | syndata | synfrag
| ftpport | dnsport | seqzero |ackzero | tcpoptlen
| udplen | udpportzero | fraggle | pepsi | rc8
| snmpnull | icmplen | smurf | icmpdata | icmpoff
| icmp-type | igmplen | igmpfrag | igmptype | arplen
| arpnbcast | arpncast | arpspoof | garp | ip6len
| ip6version>
Removes protocol anomalies and/or DoS attacks to be prevented.
arem
Removes all protocol anomalies and DoS attacks to be prevented for the port.
help
Describes the protocol anomalies and DoS attacks that are being prevented.
cur
Displays the current port configuration. For example:
Current port 1:
<bogon disabled, ipacl disabled, udpblast disabled, dos disabled>
/cfg/security/ipacl
IP Address Access Control List Configuration Menu

Alteon can be configured with IP access control lists (ACLs) composed of ranges of client IP
addresses that are to be denied access to Alteon. When traffic ingresses Alteon, the client source or
destination IP address is checked against this pool of addresses. If a match is found, the client traffic
is blocked.
[IP ACL Menu]

add
rem
add6
rem6
arem
dadd
drem
dadd6
drem6
darem
list
syslog
cur
386
Add configuration source IPv4 Address

Remove configuration source IPv4 Address
Add configuration source IPv6 Address
Remove configuration source IPv6 Address
Remove all configuration source IP Address
Add configuration destination IPv4 Address
Remove configuration destination IP Address
Add configuration destination IPv6 Address
Remove configuration destination IPv6 Address
Remove all configuration destination IP Address
Display IP ACLs
Set IP ACL syslog settings
Display all IP Address

Table 276: IP Address ACL Menu Options (/cfg/sec/ipacl)

add <IP address
IP mask>
Adds a range of source IPv4 addresses to be denied, defined by the IP address pair.
The following prompts display when using this command:
Enter IPv4 address:

Enter IPv4 subnet mask [default 255.255.255.255]:
rem <IP address/mask pair index>
Removes a range of source IPv4 addresses to be denied, defined by the IP address pair
index.
Enter IPv4 address:

add6 <IPv6 address> <IP prefix length>
Adds a range of source IPv6 addresses to be denied, defined by the IP address pair.
Enter IPv6 address:

Enter IPv6 subnet prefix [1-128, default 64]:
rem6 <IPv6 address> <IP prefix length>
Removes a range of source IPv6 addresses to be denied, defined by the IP address pair
index.
Enter IPv6 address:

Enter IPv6 subnet prefix [1-128, default 64]:
arem
Removes all configuration source IP addresses.
dadd <IP address
IP subnet >
Adds a configuration destination IPv4 address.

Enter IPv4 address:

drem <IP address
IP subnet >
Removes a configuration destination IPv4 address.

Enter IPv4 address:

syslog <threshold | time | none>
Sets method for sending the IP ACL syslog, defined by the threshold, time, and none
parameters.
cur
Displays current IP addresses ranges in the Access Control List.
387

/cfg/security/udpblast
UDP Blast Protection Configuration Menu

Malicious attacks over UDP protocol ports are a common way to bring down real servers. Alteon can
be configured to restrict the amount of traffic allowed on any UDP port, as a result ensuring that
back-end servers are not flooded with data and become disabled.
You can specify a series of UDP port ranges and the allowed packet limit for that range. When the
maximum number of packets per second is reached, UDP traffic is shut down on those ports.
Alteon supports up to 5000 UDP port numbers, using any integer from 1 to 65535. The maximum
port range is 5000. If the first port number is 300, the last number that can be used is 5300. While
you can configure multiple port ranges, the sum of ranges cannot exceed the maximum of 5000
ports.
[UDP Blast Protection Menu]

add
- Add UDP port/range for UDP blast protection
rem
- Remove UDP port/range for UDP blast protection
default - Set default packet rate for UDP blast protection
cur
- Display all UDP ports/ranges for UDP blast protection
Table 277: UDP Blast Protection Menu Options (/cfg/sec/udpblast)

add <UDP port number or range (first-last)>
[packet rate]
Adds UDP port or range for UDP blast protection, as well as the maximum packet rate
per second. If the number of packets on this port range exceeds the maximum packet
rate per second, UDP traffic is dropped.
rem <UDP port number or range (first-last)>

Removes UDP port or range for UDP blast protection.
default <packet rate>

Defines the default packet rate for UDP blast protection.
cur
Displays all UDP blast protection ports.
/cfg/security/dos
Anomaly and Denial of Service Attack Prevention Menu

[Protocol Anomaly and DoS Attack Prevention Menu]
ipttl
- Set the smallest allowable IP ttl for ipttl
ipprot
- Set the highest allowable IP protocol for ipprot
fragdata - Set the smallest allowable IP fragment payload for fragdata
fragoff - Set the smallest allowable IP fragment offset for fragoff
syndata - Set the largest allowable TCP SYN payload for syndata
icmpdata - Set the largest allowable ICMP payload for icmpdata
icmpoff - Set the largest allowable ICMP fragment offset for icmpoff
help
- Protocol anomaly and DoS attack prevention description
cur
- Display current protocol anomaly and DoS attack prevention
388

Table 278: Anomaly and DoS Menu Options (/cfg/security/dos)

ipttl <IPv4 TTL, 0-255>
Sets the smallest allowable IP TTL for IPTTL.
ipprot <highest allowable IPv4 protocol [0-255]>

Set the highest allowable IP protocol for IP protection. For example:
Current highest allowable IPv4 protocol: 137

Enter new highest allowable IPv4 protocol [0-255]:
fragdata <IPv4 fragment payload size in bytes, 16-248>
Sets the smallest allowable IP fragment payload.
fragoff <IPv4 fragment offset in multiples of 8 bytes, 1-255>

Sets the smallest allowable IP fragment offset.
syndata <TCP packet payload size in bytes, 0-255>

Sets the largest allowable IP SYN payload.
icmpdata <ICMP packet payload size in bytes, 1-9026>

Sets the largest allowable ICMP payload.
icmpoff <ICMP fragment offset in multiples of 8 bytes, 1-8190>

Sets the largest allowable ICMP fragment offset.
help
Description of the anomaly and DoS attacks that are being prevented.
cur
Displays the current protocol anomaly and DoS attack prevention settings. For example:
Current protocol anomaly and DoS attack prevention settings:

ipttl 1, ipprot 137, fragdata 32, fragoff 4, syndata 0,
icmpdata 800, icmpoff 101
/cfg/security/pgroup <pattern group number>
Pattern Matching Menu

When a virus or other attack contains multiple patterns or strings, it is useful to combine them into
one group and give the group a name that is easy to remember.
When a pattern group is applied to a deny filter, Alteon matches any of the strings or patterns within
that group before denying and dropping the packet. Up to five patterns can be combined into a
single pattern group. Configure the binary or ASCII pattern strings, group them into a pattern
group, name the pattern group, and then apply the group to a filter.
The filtering commands in Alteon Advanced Denial of Service Pack let the administrator define
groups of patterns. By applying the patterns and groups to a deny filter, the packet content can be
detected and thus denied access to the network.
Alteon supports up to 1024 pattern matching groups.
[Pattern Match
name
add
rem
del
cur
Group 1 Menu]
- Set pattern group name
- Add SLB string to group
- Remove SLB string from group
- Delete pattern group
389

Table 279: Pattern Matching Group Menu Options (/cfg/sec/pgroup)

|none
Specifies a descriptive name for this pattern group.
add <string ID>

Adds a pre-configured SLB string to this pattern group by the string ID number. To
configure SLB strings, use /cfg/slb/layer7/slb/add as described in /cfg/slb/layer7/
slb Server Load Balance Resource Menu, page 462.
To view existing strings and their ID numbers, use /cfg/slb/layer7/slb/cur as
described in /cfg/slb/layer7/slb Server Load Balance Resource Menu, page 462.
Note: You can only add the binary or ASCII strings to a pattern matching group. Up to
five patterns can be combined into a single pattern group.
rem <SLB string ID>

Removes an SLB string from this pattern group.
del
Deletes the pattern group.
cur
Displays the current configuration of this pattern group.
/cfg/dump
Dump
The dump program writes the current configuration to the terminal screen. The configuration
displays with parameters that have been changed from the default values. The screen display can be
captured, edited, and placed in a script file, which can be used to configure other Alteons through a
Telnet connection.
When using Telnet to configure a new Alteon, paste the configuration commands from the script file
in the Alteon CLI. The active configuration can also be saved or loaded via TFTP, as described at /
cfg/gtcfg Restoring the Active Switch Configuration, page 392.
/cfg/ptcfg
Saving the Active Switch Configuration

The vADC Administrator uses ptcfg to upload the vADC Administrator level configuration of an
existing vADC to a specified destination on the file server.
The Global Administrator uses ptcfg to upload both the Global and vADC Administrator level
configurations of one or all existing vADCs to a destination on the file server.
The following is the syntax for ptcfg used by the vADC administrator, where hostname is the TFTP or
FTP server IP address or hostname, and filename is the name of the target script configuration file:
Figure 33: vADC Administrator Active Switch Configuration Restoration

Configuration# ptcfg <hostname> <filename> <-tftp | username password> [-mgmt |
-data] <scp>
390

The following is the ptcfg prompt and a description of the import options for the Global
Administrator:
Figure 34: Global Administrator Active Switch Configuration Restoration

Select Backup option [all/gobal/vadc]:
Table 280: Active Switch Configuration Restoration Menu Options (/cfg/ptcfg)

all
This option enables the Global Administrator to backup the complete system
configuration - Administrator (VX) and vADC files.
In ADC-VX mode, this option Only appears in the Global Administrator environment.
When prompted, set the following parameters:
Enter hostname (and IP version) or IP address of FTP/TFTP/SCP

server:
Enter username for FTP/SCP server or hit return for TFTP server:
global
This option enables the Global Administrator to back up the Administrator (VX)
configuration.
Enter hostname or IP address of FTP/TFTP/SCP server:

server:
Enter vADC number: [1-28, all]:
vadc
This enables the Global Administrator to back up vADC configuration files from an
existing vADC and define the type of file to back up.
allCreates a backup of all vADC configuration files. In ADC-VX mode, this option
Only appears in the Global Administrator environment.

server:
vadminCreates a vADC Administrator level backup file, containing the

configuration information available to the vADC administrator.

server:
391

/cfg/gtcfg
Restoring the Active Switch Configuration

Table 281: gtcfg Menu Options (/cfg/gtcfg)

select backup option [adc/cfe]
Values:
ADC imports a backed-up Alteon configuration file.
CFE imports the XML file exported from the SFE. This is a mandatory operation
required to set up a CFE banch. The output is a target script configuration file for
each CFE branch configuration.
The vADC Administrator and the Global Administrator can restore the active configuration as
follows:
vADC AdministratorRestores the active configuration of an existing vADC.
Global AdministratorCreate a new vADC or restore the active configuration of an existing

dedicated ADC or vADC with the commands found in the specified configuration file. The Global
Administrator can import vADC Administrator configuration files to create a new vADC or to
replace the active configuration of an existing dedicated ADC or vADC.
For both administrators, the file can contain a full configuration or an Alteon configuration. The
configuration loaded is not activated until the apply command is used. If the apply command is
found in the configuration script file loaded using this command, the apply action is performed
automatically.
The following is the syntax for gtcfg used by the vADC administrator, where hostname is the TFTP or
FTP server IP address or hostname, and filename is the name of the target script configuration file:
Figure 35: vADC Administrator Active Switch Configuration Restoration

Configuration# gtcfg <hostname> <filename> <-tftp | username password> [-mgmt |
-data] <scp>
The following is the gtcfg prompt and a description of the import options for the Global
Administrator:
Figure 36: Global Administrator Active Switch Configuration Restoration

Select Import option [all/vadc/padc]:
392

Table 282: Active Switch Configuration Restoration Menu Options (/cfg/gtcfg)

all
Enables the Global Administrator to perform a complete system recovery and restores all
current settings.
Note: If the configuration file includes the configurations for both the ADC-VX
environment and the vADCs (meaning that the ptcfg/all command was previously
entered), then all files are recovered. If the configuration file includes the
configurations for ADC-VX only (meaning that the ptcfg/global command was
previously entered), then only the ADC-VX configuration is recovered and a default
configuration is set for all vADCs.
In ADC-VX mode, this option only appears in the Global Administrator environment.
Enter hostname or IP address of FTP/TFTP/SCP server:

Note: The vADC Web certificates are not automatically applied with this command.
They must be applied manually.
vadc
Enables the Global Administrator to import vADC configuration files to an existing vADC
and define the type of file to recover.
allCreates a new vADC from the settings of the recovery file or replace an existing
one. In ADC-VX mode, this option Only appears in the Global Administrator
environment.
Enter
Enter
Enter
Enter
vADC number: [1-28]:

hostname or IP address of FTP/TFTP/SCP server:
name of file on FTP/TFTP/SCP server:
username for FTP/SCP server or hit return for TFTP server:
vadminCreates a vADC Administrator level backup file, containing the

configuration information available to the vADC administrator. This option requires a
vADC to exist in the system.
Enter
Enter
Enter
Enter
vADC number: [1-28]:

Note: The vadcs web certificates are not automatically applied with this command;
they must be applied manually.
393

Table 282: Active Switch Configuration Restoration Menu Options (/cfg/gtcfg)

padc
Enables the Global Administrator to create a new vADC from the configuration files of a
physical, standalone ADC or to replace one or all existing vADCs with the configuration
files of a physical, standalone ADC. In ADC-VX mode, this option Only appears in the
Global Administrator environment.
Enter
Enter
Enter
Enter
394

vADC number: [1-28, all]:
Chapter 7 The SLB Configuration Menu

Server Load Balancing (SLB) lets you configure Alteon to balance user session traffic among a pool
of available servers that provide shared services. In an average network that employs multiple
servers without SLB, each server usually specializes in providing one or two unique services. If one
of these servers provides access to applications or data that is in high demand, it can become
overused. Placing this kind of strain on a server can decrease the performance of the entire network
as user requests are rejected by the server and then resubmitted by the user stations. With this
feature, Alteon is aware of the services provided by each server and can direct user session traffic to
an appropriate server, based on a variety of load-balancing algorithms.
This chapter discusses how to use the CLI to configure SLB. For detailed information on this feature,
refer to the Alteon Application Switch Operating System Application Guide.
This menu only appears on the vADC Administrator environment in ADC-VX mode.
/cfg/slb
SLB Configuration
The following is an example of the Layer 4 menu and an explanation of the Layer 4 menu options.
[Layer 4 Menu]
real
group
virt
layer7
accel
ssl
filt
port
nwclss
gslb
wap
sync
adv
linklb
advhc
pip
peerpip appshape sipspat wlm
on
off
cur
-
Real Server Menu

Real Server Group Menu
Virtual Server Menu
Layer 7 Resource Definition Menu
Accleration Menu
SSL Menu
Filtering Menu
Layer 4 Port Menu
Network Class Menu
Global SLB Menu
WAP Menu
Config Synch Menu
Layer 4 Advanced Menu
Inbound Linklb Menu
Layer 4 Advanced Health Check Menu
Proxy IP Address Menu
Peer Proxy IP Address Menu
AppShape++ Menu
Enable/disable SIP SPAT
Workload Manager Menu
Globally turn Layer 4 processing ON
Globally turn Layer 4 processing OFF
Display current Layer 4 configuration
395

The SLB Configuration Menu
Table 283: Server Load Balancing Configuration Menu Options (/cfg/slb)

Displays Real Server Layer 7 menu for configuring real servers. To view this menu, see /
cfg/slb/real <server number> Real Server SLB Configuration, page 398.

Displays the Real Server Group SLB menu for placing real servers into real server
groups. To view this menu, see /cfg/slb/group <real server group number> Real Server
Group SLB Configuration, page 408.

Displays the Virtual Server SLB menu for defining virtual servers. To view this menu, see
/cfg/slb/virt <virtual server number> Virtual Server SLB Configuration, page 417.
layer7
Displays the Layer 7 SLB Resource Definition menu. To view this menu, /cfg/slb/layer7
Layer 7 SLB Resource Definition Menu, page 461.
accel
Displays the Acceleration SLB menu. To view this menu, see /cfg/slb/accel Acceleration
SLB Configuration, page 486.
ssl
Displays the SSL SLB menu for configuring SSL offloading. To view this menu, see /cfg/
slb/ssl SSL SLB Configuration, page 504.

Displays the SLB Filter menu for filtering and application redirection. To view this menu,
see /cfg/slb/filt <filter number> SLB Filter Menu, page 529.
port <port number>

Displays the Port SLB menu for setting physical port states for Layer 4 activity. To view
this menu, see /cfg/slb/port <port number> Port SLB Menu, page 545.
nwclss <network class id>

Displays the Network Class Configuration menu. To view this menu, see /cfg/slb/nwclss
<network class ID> Network Class Configuration Menu, page 548.
gslb
Displays the Global SLB menu for configuring Global Server Load Balancing (GSLB). To
view this menu, see /cfg/slb/gslb Global SLB Configuration, page 549.
wap
Displays the WAP menu for configuring Alteon for using the Wireless Application Protocol
(WAP). To view this menu, see /cfg/slb/wap WAP Configuration, page 564.
sync
Displays the Synchronize Peer menu. To view this menu, see /cfg/slb/sync Synchronize
Peer Configuration, page 565.
adv
Displays the Advanced Layer 4 menu. To view this menu, see /cfg/slb/adv Advanced
Layer 4 Configuration, page 568.
396


linklb
Displays the Inbound Link Load Balancing menu. To view this menu, see /cfg/slb/linklb
Inbound Link Load Balancing Configuration Menu, page 575.
advhc
Displays the Advanced Health Check menu. To view this menu, see /cfg/slb/advhc
Advanced Health Check Menu, page 577.
pip
Displays the Proxy IP Address menu. When a PIP is defined, client address information
in Layer 4 requests is replaced with the proxy IP address. To view this menu, see /cfg/
slb/pip Proxy IP Address Menu, page 605.
peerpip
Displays the Peer Proxy IP Address menu. When this command is enabled, an Alteon
forwards traffic from a peer Alteon using Layer 2, without performing server processing
on the packets of that peer Alteon. This happens because the peers are aware of each
other's proxy IP addresses. This prevents the dropping of a packet, or the packet being
sent to the backup Alteon in the absence of the proxy IP address of the peer.
To view this menu, see /cfg/slb/peerpip SLB Peer Proxy IP Address Menu, page 606.
appshape
Displays the AppShape++ Repository menu for managing AppShape++ scripts. To view
this menu, see /cfg/slb/appshape AppShape++ Script Management, page 563.
sipspat disable | enable

Enables or disables translation of the source port in SIP responses.
When enabled, when the server uses a source port different than the application port in
its response, Alteon translates the source port to the application port before forwarding
a response to the client.
wlm
Displays the Workload Management menu for the workload management of servers. To
view this menu, see /cfg/slb/wlm Workload Management Menu, page 606.
on
Globally turns on Layer 4 software services for SLB and application redirection. This
option can be performed only after the optional Layer 4 software is enabled (see /oper/
swkey Activating Software, page 617).
Note: Filters configured to allow, deny, or perform Network Address Translation (NAT)
on traffic do not require Layer 4 software to be activated. These filters are not
affected by the setting SLB on or off.
Application redirection filters, however, require Layer 4 software services. Layer 4
processing must be turned on before redirection filters will work.
off
Globally disables Layer 4 services. All configuration information remains in place (if
applied or saved), but the software processes no longer are active on Alteon.
Note: Filters configured to allow, deny, or perform Network Address Translation (NAT)
on traffic do not require Layer 4 software to be activated. These filters are not
affected by the setting SLB on or off.
Application redirection filters, however, require Layer 4 software services. Layer 4
processing must be turned on before redirection filters will work.
397


cur
Displays the current SLB configuration.
/cfg/slb/real <server number>
Real Server SLB Configuration

Use this menu to configure information about real servers that participate in a server pool for SLB or
application redirection. The minimum required parameters for real server SLB configuration are:
Real server IP address
Real server enabled (disabled by default)
[Real Server 1 Menu]

health
- Set specific health check for this server
adv
- Real Server Advanced Menu
layer7
- Layer 7 Command Menu
ids
- IDS Command Menu
thrsh
- thrsh Command Menu
ipver
- Set IP version
rip
- Set IP addr of real server
name
- Set real server name
weight
- Set weight for real server
maxcon
- Set maximum number of connections
tmout
- Set minutes inactive connection remains open
backup
- Set backup real server
preempt - Enable/Disable backup preemption
inter
- Set interval between health checks
retry
- Set number of failed attempts to declare server DOWN
restr
- Set number of successful attempts to declare server UP
overflo - Enable/Disable backup on overflow
addport - Add real port to server
remport - Remove real port from server
ena
- Enable real server
dis
- Disable real server
del
- Delete real server
cur
- Display current real server configuration
Table 284: Real Server Configuration Menu Options (/cfg/slb/real)

health <health check id|inherit|NoCheck>
Sets a health check for this server.
Values:
<health check id>Sets the specified health check for the server.
inheritThe server inherits the group health check.
NoCheckRemoves health checks from this server.
Note: Setting a specific health check for a server overrides the group health check
settings.
398

Table 284: Real Server Configuration Menu Options (/cfg/slb/real) (cont.)

adv
Displays the Real Server Advanced menu. To view this menu, see /cfg/slb/real/adv Real
Server Advanced Menu, page 403.
layer7
Displays the Real Server Layer 7 menu. To view this menu, see /cfg/slb/real <server
number>/layer7 Real Server Layer 7 Configuration, page 405.
ids
Displays the Real Server IDS (Intrusion Detection System) menu. To view this menu, see
/cfg/slb/real <real server number>/ids Real Server IDS Configuration Menu, page 406.
thrsh
Displays the Real Server Threshold menu for setting a threshold per group for the
number of concurrent connections. To view this menu, see /cfg/slb/real <real server
number>/thrsh Real Server Threshold Menu, page 407
ipver <v4 | v6>

Sets the IP version of the real server.
rip <real server IP address>

Sets the IP address of the real server. The format of the IP address depends on the IP
version specified using the ipver command. When using this command, the address
entered is pinged to determine if the server is up, and the administrator is warned if the
server does not respond.
name <string, maximum 31 characters>
|none
Defines an alias for each real server. This lets the network administrator quickly identify
the server by a natural language keyword value.
weight
<real server weight (1-48)>

Sets the weighting value that this real server is given in the load balancing algorithms.
Higher weighting values force the server to receive more connections than the other
servers configured in the same real server group. A setting of 10 assigns the server
roughly 10 times the number of connections as a server with a weight of 1.
Values: 148
Default: 1
399


maxcon <max connections, 0-2000000> [<mode, physical/logical]
Sets the maximum number of connections that this server should simultaneously
support. This sets a threshold as an artificial barrier, where new connections are not
issued to this server if the maxcon limit is reached. New connections are issued again to
this server once the number of current connections has decreased below the maxcon
setting.
If all servers in a real server group for a virtual server reach their maxcon limit at the
same time, client requests are sent to the backup/overflow server or backup/overflow
server group. If no backup servers or server group are configured, client requests are
dropped by the virtual server.
Values:
maxconWhen set to 0, the number of connections is unlimited.

Default: 2000000
modeOptional, sets the maximum connection mode.

Values: physical, logical
Default: physical
Real servers with the same IP address must be set to the same maximum connection
(maxcon) mode.
Real servers with the same IP address set to maxcon mode physical must all have the
same maxcon value. The maxcon value is the maximum number of connections that the
real servers support jointly.
Real servers with the same IP address set to maxcon mode logical can each have
different maxcon values. The maxcon value is the maximum number of connections that
each logical real server supports individually.
tmout <even number of minutes (2-32768)>

Sets the number of minutes an inactive session remains open, in even numbered
increments.
Every client-to-server session being load balanced is recorded in the session table. When
a client makes a request, the session is recorded in the table. The data is transferred until
the client ends the session, and the session table entry is then removed.
In certain circumstances, such as when a client application is abnormally terminated by
the client's system, TCP and UDP connections remain registered in the binding table. In
order to prevent table overflow, these orphaned entries must be aged out of the binding
table.
Also use this option to set the number of minutes to wait before removing orphan table
entries.
This option is also used with the persistent option (see the pbind command from /cfg/
slb/virt <server number> /service <virtual port or application name> Virtual Server
Service Configuration, page 419). When pbind is activated, this option sets how long an
idle client is allowed to remain associated with a particular server.
Values: 232768 minutes, in even numbered increments.
Default: 10
400


backup <real server number (1-1023)>
|none
Sets the real server used as the backup or overflow server for this real server.
To prevent loss of service if a particular real server fails, use this option to assign a
backup real server number. If the real server becomes inoperative, Alteon activates the
backup real server until the original becomes operative again.
The backup server is also used in overflow situations. If the real server reaches its
maximum connections (maxcon) limit, the backup comes online to provide additional
processing power until the original server becomes desaturated.
The same backup or overflow server may be assigned to more than one real server at the
same time
preempt disable | enable

Enables or disables backup preemption. For more information about backup preemption,
see the Alteon Application Switch Operating System Application Guide.
Default: enable
inter [1-600|inherit]
Sets the interval (in seconds) between real server health verification attempts.
Determining the health for each real server is a basic function for SLB. By default, Alteon
checks the health of a real server using ICMP.
Once servers are attached to groups which, in turn, are attached to services, Alteon
checks the availability of the services running on the server using the health checks
configured for the group. However, it is possible to override this behavior and configure
for each real server its own health checks.
This option lets you choose the time between health checks, or use the interval defined
within the health check itself.
Values:
0Disables health checking for the server.
1-600Sets the interval (in seconds) between real server health verification
attempts.
inheritTakes the value from the health check that checks the server.
Default: inherit
retry [1-63|inherit]
Sets the number of failed health check attempts required before declaring this real server
inoperative, or uses the value defined within the health check itself.
Values:
1-63
Default: inherit
401


restr [1-63|inherit]
Sets the number of successful health check attempts required before declaring a TCP and
UDP service operational, or uses the value defined within the health check itself.
Values:
1-63
Default: inherit
overflo enable|disable
Enables or disables backup upon overflow.
addport <real server port (265534)>

Adds multiple service ports to the server.
remport <real server port (265534)>

Removes multiple service ports from the server.
remote disable|enable
Enables or disables remote site operation for this server. This option should be enabled
when the real IP address represents a remote server (real or virtual) that Alteon accesses
as part of its GSLB network. For more information, see the Alteon Application Switch
Default: disable
fasthc disable|enable
Enables or disables fast health checking.
Values:
EnableThe real server goes down operationally as soon as the physical port
connected to the real server goes down.
DisableThe real server goes down only after the configured health check interval.
Default: enable
ena
You must perform this command to enable this real server for Layer 4 service. When
enabled, the real server can process virtual server requests associated with its real
server group. When using the apply and save commands, this option enables this real
server for operation until explicitly disabled.
For an operations-level command to enable SLB, see /oper/slb/ena on /oper/slb
Operations-Level SLB Options, page 610.
dis
Disables this real server from Layer 4 service. A disabled server no longer processes
virtual server requests as part of the real server group to which it is assigned. This
option, when the apply and save commands are used, disables this real server until it is
explicitly re-enabled.
Note: This option does not perform a graceful server shutdown.
402


del
Deletes this real server from the Layer 4 switching software configuration. This removes
the real server from operation within its real server groups.
Note: Use this command with caution, as it will delete any configuration options that
have been set for this real server. This option does not perform a graceful server
shutdown.
cur
Displays the current configuration information for this real server.
/cfg/slb/real/adv
Real Server Advanced Menu

[Real Server 1 Advanced Menu]
pip
- Proxy IP Menu
avail
- Set Global SLB availability for real server
remote
- Enable/disable Global SLB remote site operation
buddyhc - Buddy Server Menu
fasthc
- Enable/disable fast health check operation
submac
- Enable/disable source MAC address substitution
subdmac - Enable/disable destination MAC address substitution
cur
- Display current real server advanced configuration
Table 285: Real Server Advanced Menu Options

pip
Displays the Proxy IP menu. To view this menu, see /cfg/slb/real/adv/pip Proxy IP Menu,
page 404.
avail <server weight, 1-48>

Sets the weight of the server when performing the Global Server Load Balancing (GSLB)
decision using the availability metric.
remote <enable|disable>
Enables or disables Global SLB remote site operations.
buddyhc
Displays the Buddy Server Health Check menu. To view this menu, see /cfg/slb/real/adv/
buddyhc Buddy Server Health Check Menu, page 405.
fasthc
<enable|disable>
Enables or disables fast health checking.
403

Table 285: Real Server Advanced Menu Options

submac <enable|disable>
Enables or disables source MAC address substitution (per real service).
Typically (default), the source MAC is not modified for the packets going to the servers in
an SLB environment and the client request is forwarded to the server with the MAC
address of the client. However, if you enable this command, Alteon substitutes the client
source MAC address, for the packets going to the server, with the Alteon MAC address.
Note: Source MAC address substitution can also be enabled globally, using the
command /cfg/slb/adv/submac.
Global submac configuration supersedes the per real service configuration.
Default: disable
subdmac <enable|disable>
Enables or disables destination MAC address substitution.
cur <enable|disable>
Displays the current real server advanced configuration.
/cfg/slb/real/adv/pip
Proxy IP Menu
[Proxy IP Menu]
mode
addr
nwclss
cur
-
Set proxy IP mode

Set PIP address/subnet for this real server
Set PIP network class for this real server
Display current Proxy IP configuration
Table 286: Proxy IP Menu Options

mode <disable|enable|address|nwclss>
Enables or disables proxy IP selection based on the IP address or IP network class.
Default: enable
addr
Sets the IPv4 and/or IPv6 PIP address or subnet. When a subnet is configured with a
subnet mask other than 255.255.255.255, PIP persistency mode can be selected.
Options:
404
IPv4 PIP address or none
IPv4 PIP mask
IPv6 PIP prefix
PIP persistency

Table 286: Proxy IP Menu Options

nwclss
Sets the IPv4 and/or IPv6 network class as PIP, and enables PIP persistency mode.
Options:
IPv4 PIP network class or none
PIP persistency
cur
Displays the current proxy configuration.
/cfg/slb/real/adv/buddyhc
Buddy Server Health Check Menu

[Real server
addbd delbd cur
-
1 Buddy Menu]
Add Buddy Server
Delete Buddy Server
Display current buddy server configuration
Table 287: Buddy Server Health Check Menu Options

addbd <real server number 1-1023
real server group 1-1024
service 10-65534>
real server group 1-1024
service 10-65534>
Adds a buddy server.
delbd <real server number 1-1023
Deletes a previously added buddy server.
cur
Displays the current buddy server configuration.
/cfg/slb/real <server number>/layer7
Real Server Layer 7 Configuration

Use this menu to enter commands and strings for Layer 7 processing.
[Real Server
addlb
remlb
cookser
exclude
ldapwr
cur
1
-
Layer 7 Commands Menu]

Add SLB string for content load balance
Remove SLB string for content load balance
Enable/disable cookie assignment server
Enable/disable exclusionary string matching
Enable/disable LDAP Write server
Display current real server configuration
Table 288: Layer 7 Commands Menu Options (/cfg/slb/real/layer7)

addlb <defined SLB string ID, 1-1024>
Adds the pre-defined URL load-balance string ID to the real server.
405

Table 288: Layer 7 Commands Menu Options (/cfg/slb/real/layer7)

remlb <defined SLB string ID, 1-1024>
Removes the pre-defined URL load-balance string ID from the real server.
cookser disable|enable
Enables or disables the real server to handle client requests that do not contain a cookie.
Use this option if you want to designate a specific server to assign cookies only. This
server receives the client request, assigns the cookie, and embeds the IP address of the
real server that handles the subsequent requests from the client.
Default: dsable
exclude disable|enable
Enables or disables exclusionary string matching.
Default: disable
ldapwr disable|enable
Enables or disables the LDAP write server.
There are two types of LDAP servers: read servers and write servers. You need to use
read servers when you only want to browse the directory. You need to use write servers
when you want to modify the directory on the server. The write server can conduct both
read and write operations.
cur
Displays the current real server configuration.
/cfg/slb/real <real server number>/ids
Real Server IDS Configuration Menu

The Intrusion Detection System (IDS) is a type of security management system for computers and
networks. An IDS gathers and analyzes information from various areas within a computer or a
network to identify possible security breaches, which include both intrusions (attacks from outside
the organization) and misuse (attacks from within the organization). For more information on IDSs,
[Real Server
idsvlan
idsport
oid
comm
cur
1
-
IDS Menu]
Set Vlan ID for ID Server
Set Port for ID Server
Override OID for SNMP HC
Override community string for SNMP HC
Display current real server configuration
Table 289: IDS Configuration Menu options (/cfg/slb/real/ids)

idsvlan <vlan number (1-4090)>
Defines the VLAN ID for the Intrusion Detection Server.
idsport <port number> | none

Defines the port for Intrusion Detection Server.
Values: 1maximum_number_of_ports_on_the_device
406

Table 289: IDS Configuration Menu options (/cfg/slb/real/ids)

oid <SNMP health check object identifier to override group OID>
Specifies the object identifier (OID). This OID overrides the OID for SNMP health checks.
comm <SNMP health check community string to override group community string>
Overrides the community string for SNMP health checks.
cur
Displays the current real server configuration.
/cfg/slb/real <real server number>/thrsh
Real Server Threshold Menu

Use this menu to configure concurrent connections threshold values for real servers.
[Real Server 1 Threshold Menu]

connections - Set concurrent connections threshold values for real server
cur
- Display current real server threshold configuration
Table 290: Real Server Group Threshold Menu Options (/cfg/slb/group<real server group
number>/thrsh)

connections <Critical|High>
Sets the connection threshold for system errors.
Values:
CriticalSets the connection threshold for critical system errors.
HighSets the connection threshold for high system errors.
Range: 0-2000000
cur
Displays the current group threshold configuration.
407

/cfg/slb/group <real server group number>
Real Server Group SLB Configuration

Use this menu to group together real servers into real server groups. Each real server group should
consist of all the real servers which provide a specific service for load balancing. Each group must
consist of at least one real server. Each real server can belong to more than one group. Use real
server groups both for SLB and application redirection.
[Real Server Group 1 Menu]

name
- Set descriptive real server group name
ipver
- Set IP version
metric
- Set metric used to select next server in group
rmetric - Set metric used to select next rport in server
health
- Set group health check
content - Set basic health check content
slowstr - Set slow start time
backup
- Set backup real server or group
secbkp
- Set second backup group
realthr - Set real server failure threshold
minthrsh - Set minimum threshold limit for Minimum Server Bypass
maxthrsh - Set maximum threshold limit for Minimum Server Bypass
idsrprt - Set Intrusion Detection Port
advhlth - Set an advance group health check formula
mhash
- Set minmisses hash parameter
wlm
- Set Workload Manager number
secret
- Set RADIUS secret
viphlth - Enable/disable VIP health checking in DSR mode
ids
- Enable/disable Intrusion Detection
idsfld
- Enable/disable Intrusion Detection Group Flood
oper
- Enable/disable the access to this group for operator
ena
- Enable real server in this group
dis
- Disable real server in this group
add
- Add real server
rem
- Remove real server
del
- Delete real server group
cur
- Display current group configuration
Table 291: Real Server Group Configuration Menu Options (/cfg/slb/group)

name <maximum 31 characters>
|none
Defines an alias for each real server group. This lets the network administrator quickly
identify the server group by a natural language keyword value.
ipver <v4 | v6 | mixed >

Sets the IP version of the real server group.
metric leastconns|svcleast|roundrobin|minmisses|hash|response|bandwidth|phash
Sets the load balancing metric used for determining which real server in the group is the
target of the next client request. For more information, see Server Load Balancing
Metrics, page 415.
Default: leastconns
408

Table 291: Real Server Group Configuration Menu Options (/cfg/slb/group) (cont.)

rmetric
Sets the load balancing metric used for determining which port in the real server is the
target of the next client request.
health <health check object|inherit>

Sets a specific health check for this server, or uses the value defined within the health
check itself.
Values:
<health check object>Sets the specified health check for the server.
noneTakes the value from the group health check that checks the server.
Default: tcp
content <filename |/ host / filename>
|none
Defines the specific content which is examined during health checks (maximum 127
characters). The content depends on the type of health check specified in the health
option (see in this table).
slowstr [0-600]
Sets the server slow start time limit.
Values: 0600
Default: 0 (indicates the feature is disabled)
backup r<real server number (1-1023)>
|g <group number (1-1024)>
|none
Sets the real server or real server group used as the backup or overflow server or server
group for this real server group.
To prevent loss of service if the entire real server group fails, use this option to assign a
backup real server or real server group number. If the real server group becomes
inoperative, Alteon activates the backup real server or server group until one of the
original real servers becomes operative again.
The backup server or server group is also used in overflow situations. If all the servers in
the real server group reach their maximum connections (maxcon) limit, the backup
server or server group comes online to provide additional processing power until one of
the original servers becomes desaturated.
The same backup or overflow server or server group may be assigned to more than one
real server group at the same time.
Default: none
secbkp
Configures the second backup group in addition to an existing backup group.
realthr <real servers (1-15, 0 for disabled)>

Specifies a minimum number of real servers available. If the number reaches this
minimum limit, a syslog alert message is sent to the configured syslog servers stating
that the real server threshold has been reached for the that server load balancing group.
Values: 015
Default: 0 (indicates the feature is disabled)
409


minthrsh
Sets the down threshold (also called the minimum threshold). When the number of
active real servers reaches this threshold, the group status changes to down.
Note: When determining the down threshold, secondary backups and buddy servers
are not counted as active real servers.
Values: 11023
Default: 0
maxthrsh
Sets the restore threshold (also called the maximum threshold). When the number of
active real servers reaches this threshold, the group status changes to up.
Note: When determining the restore threshold, secondary backups and buddy servers
are not counted as active real servers.
Values: 11024
Default: 1
idsrprt <real server port (2-65534)> |any

Sets real server port for the Intrusion Detection Server (IDS).
advhlth
(1&2|3..), 128
|none
Defines an advanced health check formula expression for the real servers. This lets you
create a boolean expression to health check the real server group based on the state of
the virtual services.
This command supports two boolean operators, AND and OR, used to manipulate TRUE
and FALSE values. Using parentheses with the boolean operators, you can create a
boolean expression to state the health of the server group.
This command also supports a string expression which is up to 128 characters long. You
can also set the formula expression as none.
mhash 24|32 <number of sip bits used for minmisses hash>

Defines the minmisses hash parameter for this real server.
Values:
24The minmiss algorithm uses the upper 24 bits of the source IP address to
calculate the real server that the traffic should be sent to when the minmiss metric is
selected.
32Select all 32 bits of the source IP address to hash to the real server.
Default: 24 bits
wlm <1 - 16>
| none
Sets the Workload Manager number.
410


secret <1 - 32> | none
Alteon encrypts a password during the execution of the RSA Message Digest Algorithm
(MD5), and the RADIUS server decrypts a password during verification.
This value must be the same as the secret value of the RADIUS server of the group.
Alteon uses this RADIUS secret value while performing heath checks for this group of
RADIUS servers. If the secret value is not configured for the real server group, Alteon
uses the global secret value which is configured with the /cfg/slb/advhc/secret
command (see /cfg/slb/advhc Advanced Health Check Menu, page 577) during health
checks for that group of RADIUS servers.
Values: 132 alphanumeric characters
viphlth disable|enable
Enables or disables VIP health checking in a service.
Values:
EnableVIP health checking only works when the service has the DSR (Direct
Server Return) feature enabled.
DisableAlteon uses RIP to perform all health checks, whether DSR is enabled or
disabled.
Default: enable
ids disable|enable
Enables or disables Intrusion Detection Server (IDS) load balancing for the designated
real server group.
This feature can only be configured on real server groups between 1 and 63.
idsfld disable|enable
Enables or disables the Intrusion Detection flood.
Values:
EnablePackets are copied to all IDS servers in the IDS group.
DisablePackets are only copied to the load balanced IDS server within the IDS
group.
oper disable|enable
Enables or disables the real server group operation.
ena <real server number, 1-1023>

Enables a real server in this group gracefully or on a per group basis. For example, if a
real server is a member of more than one group, you can configure this real server to
accept requests from all the groups or any number of groups of which that this real
server is a member.
dis <real server number, 1-1023>

Disables a real server in this group gracefully or on a per group basis.
add <real server number (1-1023)>

Adds a real server to this real server group. You are prompted to enter the number of the
real server to add to this group.
rem <real server number (1-1023)>

Removes a real server from this real server group. You are prompted for the ID number
for the real server to remove from this group.
411


del
Deletes this real server group from the Layer 4 software configuration. This removes the
group from operation under all virtual servers to which it is assigned.
Note: Use this command with caution. If you remove the only group that is assigned
to a virtual server, the virtual server will become inoperative.
cur
Displays the current configuration parameters for this real server group.
SLB Health Check Types

Using the /cfg/slb/group/health command, you can specify the type of health check for the
group of real servers.
>> Real Server Group 1# health

Current health check type:
Pending new health check type:
Enter health check type:
tcp
sipoptions
The health check options are described in the following table. For a more detailed description of
these health check options, refer to the Alteon Application Switch Operating System Application
Guide.
Table 292: SLB Health Check Types (/cfg/slb/group/health)
Type and Description

link
Link health checks are performed at the Layer 1 (physical) level, and are used on servers
that do not respond to any other type of health check (for example, Intrusion Detection
Servers - IDSs).
arp
Sends an ARP request for Layer 2 health checking.
icmp
For Layer 3 health checking, pings the server.
tcp
Opens and closes a TCP/IP connection to the server for TCP service.
http
For the HTTP service, use HTTP/1.1 GET when a host header is required, to check that
the URL content is specified in the /cfg/slb/group/content command. Otherwise,
an HTTP/1.0 GET occurs. HTTP health check is successful if you get a return code of
200.
Note: If content is not specified, the health check is performed using the / character.
httphead
Enables Alteon to declare if the server is up by locating the URL header and not waiting
until all the URL contents are received. You can use this command to test the validity and
access to the hypertext links, or to look for any recent modification to the URL.
412


dns
Checks that the domain name specified in the /cfg/slb/group/content command
can be resolved by the server.
pop3
For user mail service, checks that the user:password account specified in the /cfg/
slb/group/content command exists on the server.

smtp
For mail-server services, checks that the user specified in the /cfg/slb/group/
content command is accessible on the server.

nntp
For newsgroup services, checks that the newsgroup name specified in the /cfg/slb/
group/content command is accessible on the server.
ftp
For FTP services, checks that the filename specified in the /cfg/slb/group/content
command is accessible on the server through anonymous login.
imap
For user mail service, checks that the user:password value specified in the /cfg/slb/
group/content command exists on the server.
sslh
Enables Alteon to query the health of the SSL servers by sending an SSL client Hello
packet, and then verify the contents of the server's Hello response. During the
handshake, the user and server exchange security certificates, negotiate an encryption
and compression method, and establish a session ID for each session.
sslhv3
Enables SSL healthcheck for version 3.
radius-auth, radius-acc, radius-aa

For RADIUS remote access server authentication, checks that the user:password value
specified in the /cfg/slb/group/content command exists in Alteon and the server.
To perform application health checking to a RADIUS server, the network administrator
must also configure the /cfg/slb/advhc/secret parameter (see /cfg/slb/advhc
Advanced Health Check Menu, page 577). The secret value is a field of up to 32
alphanumeric characters used by Alteon to encrypt a password during the execution of
the RSA Message Digest Algorithm (MD5), and by the RADIUS server to decrypt the
password during verification.
script <1 - 64>

Enables using script-based health checks in a send/expect format to check for application
and content availability.
Values: 164, denoting the script number
udpdns
Enables health checking using UDP DNS queries.
413


wsp
Enables connectionless WSP content health checks for WAP gateways. The content under
/cfg/slb/adv/waphc (see /cfg/slb/advhc Advanced Health Check Menu, page 577)
must also be configured.
wtp
Enables connection-oriented WTP+WSP content health checks for WAP gateways. The
content under /cfg/slb/adv/waphc (see /cfg/slb/advhc Advanced Health Check
Menu, page 577) must also be configured
wtls
Provides Wireless Transport Layer Security (WTLS) Hello-based health checks for
encrypted and connection-oriented WTLS traffic on port 9203.
ldap
Sets the health check type to LDAP.
LDAP health checks enable Alteon to determine if the LDAP server is alive. This health
check consists of three LDAP messages over one TCP connection: a bind request, a bind
result, and an unbind request.
Alteon sends an anonymous bind request to the server. If the server is up, it sends the
bind result message and Alteon marks the server as alive. Alteon must send an unbind
request so that the server does not hold resources indefinitely. The administrator can
choose LDAP version 2 or 3, as both versions are compatible with Alteon.
snmp
<1 - 5>
Enables using SNMP-based health checks.
Values: 165, denoting the script number
tftp
Sets the health check type to TFTP.
This protocol enables the user to request a file from the server. At regular intervals,
Alteon transmits TFTP read requests (RRQ) to all servers in the group. The health check
is successful if the server responds to the RRQ. The health check fails if Alteon receives
an error packet from the real server.
rtsp
Sets the health check type to RTSP.
The RTSP health check can operate with or without content. If there is no content
configured, Alteon issues an RTSP OPTIONS method. If content is supplied, Alteon issues
an RTSP DESCRIBE method. If the response to either method is RTSP/200, then the
health check passes. If this is not the response, the health check fails.
sip
Sets the health check type to sip.
You can perform the SIP (Session Initiation Protocol) health checks by using an SIP PING
request. You must enable UDP to perform SIP load balancing.
sipoptions
Sets the health check type to sipoptions.
wts
Sets the health check type to wts.
414


dhcp
Sets the health check type to dhcp.
This health check type can operate with or without content. The following content types
can be configured:
requestUse a DHCP request instead of an inform packet.
srequestUse a DHCP request with a source port of 68.
strictUse DHCP information, but with a source port of 68.
If no content is specified, this indicates using a DHCP inform with the UDP offset source
port.
Server Load Balancing Metrics

Using the /cfg/slb/group/content/metric command, you can set a number of metrics for
selecting which real server in a group gets the next client request.
Table 293: Real Server Group Metrics (/cfg/slb/group/metric)
Metric and Description

minmisses
The minmisses (minimum misses) metric is optimized for application redirection. When
it is specified for a real server group performing application redirection, all requests for a
specific IP destination address are sent to the same server. This is useful in caching
applications, helping to maximize successful cache hits. The best statistical load
balancing is achieved when the IP address destinations of load balanced frames are
spread across a broad range of IP subnets.
Minmisses can also be used for SLB. When specified for a real server group performing
SLB, all requests from a specific client are sent to the same server. This is useful for
applications where client information must be retained on the server between sessions.
Server load with this metric becomes most evenly balanced as the number of active
clients increases.
hash
Like the minmisses metric, the hash metric uses IP address information in the client
request to select a server.
For application redirection, all requests for a specific IP destination address are sent to
the same server. This is particularly useful for maximizing successful cache hits.
For SLB, all requests from a specific client are sent to the same server. This is useful for
applications where client information must be retained between sessions.
Use this metric if the statistical load balancing achieved using minmisses is not as
optimal as desired. Although the hash metric can provide more even load balancing at
any given instance, it is not as effective as minmisses when servers leave and re-enter
service.
If the load balancing statistics indicate that one server is processing significantly more
requests over time than other servers, consider using this metric.
415

Table 293: Real Server Group Metrics (/cfg/slb/group/metric)
Metric and Description

leastconns
With the leastconns (least connections) option, the number of connections currently
open on each real server is measured in real time. The server with the fewest current
connections is considered to be the best choice for the next client connection request.
This option is the most self-regulating, with the fastest servers typically getting the most
connections over time, due to their ability to accept, process, and shut down connections
faster than slower servers.
roundrobin
With the round-robin option, new connections are issued to each server in turn. The first
real server in this group gets the first connection, the second real server gets the next
connection, followed by the third real server, and so on. When all the real servers in this
group have received at least one connection, the issuing process starts over with the
first real server.
response
This is the real server response time. With this option, Alteon monitors and records the
time that each real server takes to reply to a health check. Use the response time to
adjust the real server weights. The weights are adjusted so they are inversely
proportional to a moving average of response time.
bandwidth
With the bandwidth option, the real server weights are adjusted so they are inversely
proportional to the number of octets that the real server processes during a given
interval. The higher the bandwidth used, the smaller is the weight assigned to that
server.
phash
The phash metric uses the best features of the hash and minmiss metrics. With phash
enabled, Alteon supports an even load distribution (hash) and stable server assignment
(minmiss) even when a server in the group goes down. With the phash metric, the first
hash always is the same even if a real server is down. If the first hash hits a dead server,
it rehashes for that request based on the actual number of servers that are up. This
results in a request always being sent to a server that is up.
svcleast
The svcleast (least connections per service) metric is an extension of the leastconns
metric. When using this metric, Alteon selects the real server based only on the number
of active connections for the service which is load balanced, and not the total number of
connections active on the server. For example, when selecting a real server for a new
HTTP session, a real server serving one HTTP connection and 20 FTP connections takes
precedence over a real server serving two HTTP connections only.
Note: Using the leastconns, roundrobin, hash, and phash metrics, when real servers are configured
with weights (see the weight option in Table 284 - Real Server Configuration Menu Options (/cfg/
slb/real), page 398), a higher proportion of connections are given to servers with higher weights.
This can improve load balancing among servers of different performance levels. Weights are not
applied when using the minmisses metrics.
416

/cfg/slb/virt <virtual server number>
Virtual Server SLB Configuration

Use this menu to configure the virtual servers which are the target for client requests for SLB. The
minimum required parameters for virtual servers are:
Creating a virtual server IP address
Adding a TCP or UDP port and real server group
Enabling the virtual server (disabled by default)
[Virtual Server
service ipver
vip
vname
srcnet
dname
cont
weight
avail
avpersis nat
addrule remrule layer3
creset
ena
dis
del
cur
-
1 Menu]
Virtual Service Menu
Set IP version
Set IP addr of virtual server
Set name of virtual server
Set Source Network Class
Set domain name of virtual server
Set BW Contract
Set Global SLB weight for virtual server
Set Global SLB availability for virtual server
Enable/disable GSLB availability persistence
Set NAT address for VIP
Add Global SLB rule to domain
Remove Global SLB rule from domain
Enable/disable layer 3 only balancing
Enable/disable client connection reset for invalid VPORT
Enable virtual server
Disable virtual server
Delete virtual server
Display current virtual configuration
Table 294: Virtual Server Configuration Menu Options (/cfg/slb/virt)

service <virtual port or name>
Displays the Virtual Server Service menu. The virtual port name can be a well-known
port name, such as HTTP, FTP, the service number, and so on. To view this menu and the
list of well-known ports, see /cfg/slb/virt <server number> /service <virtual port or
application name> Virtual Server Service Configuration, page 419.
Values: 1065534

vip <virtual server IP address for IPv4 or IPv6>

Sets the IP address of the virtual server using dotted-decimal notation. The virtual
server created within Alteon responds to ARPs and PINGs from network ports as if it was
a normal server. Client requests directed to the virtual server's IP address are balanced
among the real servers available to it through real server group assignments.
417


dname <64 character domain name> | none
Sets the domain name for this virtual server. The domain name typically includes the
name of the company or organization, and the Internet group code (.com, .edu, .gov,
.org, and so on). For example: foocorp.com.
It does not include the hostname portion (www, www2, ftp, and so on).
To define the hostname, see the hname command in this table. To clear the dname,
specify the name as none.
vname <32 character virtual server name> | none

Sets the name of the virtual server.
srcnet <32 character source network class>|none

Sets the source network class for this virtual server. For more information on network
classes, see /cfg/slb/nwclss <network class ID> Network Class Configuration Menu,
page 548.
cont <BWM contract (1-1024)>

Enter a new Bandwidth Management (BWM) contract for this virtual service. By default,
all services under this virtual server are assigned this BWM contract. However, the BWM
contract can be changed for a selected virtual server with /cfg/slb/virt <number>
/service <number> /cont.
All the frames that match this virtual server services are assigned this BWM contract if
the previously assigned contract for the frame has lower or equal precedence to the
virtual server contract.
Default number of contracts: 1024
weight
Sets the global server weight for the virtual server. The higher the weight value, the
more connections that are directed to the local site. The response time of this site is
divided by this weight before the best site is assigned to a client. Remote site response
times are divided by the real server weight before selection occurs.
Default: 1
avail
Sets the Global Server Load Balancing (GSLB) availability for the virtual server.
avpersis
Enables or disables Global Server Load Balancing (GSLB) availability persistence for the
virtual server.
nat
Sets the IP address of a NAT device. For use when an Alteon sits behind a NAT device.
Two Alteons, each behind a separate NAT device, connect using the IP address of each
others NAT device, instead of a virtual IP address, in DNS response and DSSP
communication.
418


addrule <rule, 1-128>
Adds a GSLB rule to the domain. The rule allows the server that is selected for GSLB to
use a different metric preference based on time of the day. Each domain has one or
more rules. Each rule has a metric preference list. The server selected for GSLB selects
the first rule that matches the domain, and starts with the first metric in the preference
list of the rule.
Default: rule 1
remrule <rule, 1-128>

Removes a GSLB rule from the domain.
layer3 <enable|disable>
Normally, use the client IP address with the client Layer 4 port number to produce a
session identifier. When enabled, Alteon uses only the client IP address as the session
identifier. It associates all the connections from the same client with the same real
server while any connection exists between them.
This option is necessary for some server applications where state information about the
client system is divided across different simultaneous connections, and also in
applications where TCP fragments are generated.
If the real server to which the client is assigned becomes unavailable, the Layer 4
software allows the client to connect to a different server.
Default: disable
creset enable|disable
Enables or disables client connection reset for an invalid virtual port.
preempt enable|disable
Enables or disables GSLB failover preemption.
ena
Enables this virtual server. This option activates the virtual server so that it can service
client requests sent to its defined IP address.
dis
This option disables the virtual server so that it no longer services client requests.
del
This command removes this virtual server from operation and deletes it from the Layer
4 switching software configuration.
Note: Use this command with caution, as it deletes the options that have been set
for this virtual server.
cur
Displays the current configuration of the specified virtual server.
/cfg/slb/virt <server number> /service <virtual port or application name>
Virtual Server Service Configuration

Use this menu to configure services assigned to a virtual server based on the selected application.
Each virtual server can be configured to support up to eight services, limited to a total of 1023
services per Alteon. Using this option, the following well-known TCP/UDP applications ports can be
specified:
419

Notes
For all applications without a well-known port, you can select Basic-SLB as the application.
The service number specified on Alteon must match the service specified on the server.
Table 295: Well-Known Application Ports
Number
TCP/UDP
Applications
Number TCP/UDP Number

Application
TCP/UDP Application
20
ftp-data
79
finger
179
bgp
21
ftp
80
http
194
irc
22
ssh
109
pop2
389
ldap
23
telnet
110
pop3
443
https
25
smtp
119
nntp
520
rip
37
time
123
ntp
554
rtsp
42
name
143
imap
1812
radius-auth
43
whois
144
news
1813
radius-acc
53
domain
161
snmp
1985
hsrp
69
tftp
162
snmptrap
Only relevant parameters for application you specify appear in the service menu.
Each application has its own service configuration menu. The first menu example displays the BasicSLB service configuration menu and includes commands common to all services. The subsequent
menu examples are application-specific and the command descriptions are only for those commands
that are specific to that application. For all common commands, refer to the Basic-SLB configuration
menu.
The following is the list of the application-specific menus that are described in this section:
Table 296: List of Application-Specific Virtual Service Menus
Menu
Description
basic-slb
For the application-specific commands, see /cfg/slb/virt <server number>/

service/basic-slb Virtual Server Basic SLB Service Configuration Menu, page 421.
https

service/https Virtual Server HTTPS Service Configuration Menu, page 427.
http

service/http Virtual Server HTTP Service Configuration Menu, page 435.
ssl

service/ssl Virtual Server SSL Service Configuration Menu, page 447.
dns

service/dns Virtual Server DNS Service Configuration Menu, page 452.
ftp

service/ftp Virtual Server FTP Service Configuration Menu, page 454.
420

Table 296: List of Application-Specific Virtual Service Menus
Menu
Description
rtsp

service/rtsp Virtual Server RTSP Service Configuration Menu, page 455.
Note: Select virtual service port 554 to configure RTSP traffic. To view the
menu for configuring virtual services on port 554 for RTSP, see Cookie-Based
Persistence, page 444.
wts
For the application-specific commands, see /cfg/slb/virt <server number> /

service/wts Virtual Server WTS Service Configuration Menu, page 456.
sip

service/sip Virtual Server Session Initiation Protocol Service Configuration Menu,
page 458.
ldap

service/ldap Virtual Server LDAP Service Configuration Menu, page 460.
/cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu

[Virtual Server
appshape protocol pip
ssl
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
clsrst
frag
nonat
direct
mirror
winsize0 sesslog del
cur
-
22 66 basic-slb Service Menu]

AppShape++ Menu
Set protocol for this virtual service (TCP/UDP)
Proxy IP Menu
SSL Load Balancing Menu
Set real server group number
Set real port
Set hostname
Set BW contract for this virtual service
Set persistent binding type
Set hash parameter
Set minutes inactive connection remains open
Set in minutes for inactive persistent connection
Enable/disable/forceproxy delayed binding
Enable/disable send RST on connection close
Enable/disable remapping UDP server fragments
Enable/disable only substituting MAC addresses
Enable/disable direct access mode
Enable/disable session mirroring
Enable/disable using window size zero in SYN+ACK
Enable/disable session logging
Delete virtual service
Display current virtual service configuration
421

Table 297: Virtual Server Basic-SLB Service Configuration Options (/cfg/slb/virt/service/basicslb)

appshape
Displays the AppShape++ menu for managing AppShape++ scripts. To view this menu,
see /cfg/slb/virt/service/basic-slb/appshape AppShape++ Menu, page 425.
protocol tcp|udp|stateless
Sets the protocol (TCP/UDP) for a virtual port (disabled by default).
Values:
TCP, UDPYou can configure this option if the services to be load balanced include
UDP and TCP.
For example, DNS uses UDP and TCP. In those environments, you must activate UDP
balancing for the particular virtual servers that clients will communicate with using
UDP.
statelessNo session table entry is created. Because no session is created, you have
to bind to a new server every time.
Note: If applying a filter to the same virtual server IP address on which UDP load
balancing is enabled, disable caching on that filter for optimal performance. For more
information, see the cache command in /cfg/slb/filt <filter number> /adv Filter
Advanced Menu, page 534.
pip
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu, page 426.
ssl
Displays the SSL Load balancing menu. To view this menu, see /cfg/slb/ssl SSL SLB

Sets a real server group for this service.
You are prompted to enter the number of the real server group to add to this service.
Values: 11024
Default: 1
rport <real server port (0-65534)>

Defines the real server TCP or UDP port assigned to this service. By default, this is the
same as the virtual port (service virtual port). If rport is configured to be different than
the virtual port defined in /cfg/slb/virt <number> /service <virtual port>,
Alteon maps the virtual port to this real port.
hname <hostname>
|none
Sets the hostname for a service added. Use this in conjunction with dname (see in this
table) to create a full host or domain name for individual services.
Values:
422
hostnameFor example, to add a hostname for Web services, you could specify
www as the hostname. If a dname of foocorp.com is defined, "" would be the full
host or domain name for the service.
noneClears the hostname for a service.


cont <BWM Contract (0-1024), 0 for VIP default>
Sets a Bandwidth Management contract for this virtual service.
Default: 1024
Note: If you enter 0 for the service contract, it carries the value entered for the virtual
server IP (vip) contract.
pbind clientip|disable
Enables or disables persistent bindings for a real server. This may be necessary for some
server applications where state information about the client system is retained on the
server over a series of sequential connections, such as with SSL (Secure Socket Layer,
HTTPS), Web site search results, or multi-page Web forms.
Values:
clientipUses the client IP address as an identifier, and associates all connections

from the same client with the same real server until the client becomes inactive, and
the connection is aged out of the binding table. The connection timeout value (set in
the Real Server menu) controls how long these inactive but persistent connections
remain associated with their real servers. When the client resumes activity after their
connection has been aged out, they are connected to the most appropriate real
server based on the load balancing metric.
An alternative approach may be to use the real server group metrics minmisses or
hash. For more information, see Server Load Balancing Metrics, page 415.
With clientip enabled, HTTP and HTTPS traffic from the same client map to the same
server regardless of the load balancing metric used, because the services are related,
while different services from the same client may not map to the same server.
disableDisables persistent binding if it has previously been enabled for a particular

application.
Default: disable
thash sip|sip+sport
Defines the hash parameter. Tunable hash lets the user select different parameters for
computing the hash value used by the hash, phash, and minmisses SLB metrics. For
example, the source IP address, or both source IP address and source port. If you do not
select any hash parameter, Alteon uses the default hash parameter sip.
tmout
Checks the time, in minutes, when an inactive connection remains open.
ptmout
Checks the time, in minutes, for an inactive persistent connection.
423


dbind disable|enable|forceproxy
Enables or disables Layer 4 delayed binding or full proxy mode for TCP service and ports:
enableProtects the server from Denial of Service (DoS) attacks.
forceproxyEnables full proxy mode using the Application Service Engine and
enables TCP Optimization.
Forces Alteon to perform a back-end TCP handshake no Layer 7 application services
(such as SSL offloading, caching, compression, or HTTP modifications) are in use,
and when no Layer 7 requests are coming from the client. If the server does not
respond within a configured period, Alteon moves to the next server.
Enables Alteon to perform persistency for HTTP cookies in multiple packets which do
not arrive in the correct order, and to reorder the packets.
Default: disable
clsrst disable|enable
Enables or disables client reset.
Values:
disableWhen Alteon receives a FIN message from the client, it performs a graceful
closure of both client-side and server-side sessions.
enableWhen Alteon receives a FIN message from the client, it closes the serverside session entry using RST for fastage.
Note: To enable session reset on connection close, full proxy mode (forceproxy)
must be disabled.
Default: disable
frag disable|enable
Enables or disables remapping server fragments for a virtual port.
Default: enable
nonat disable|enable
Enables or disables substituting only the MAC address of the real server. This does not
substitute IP addresses. Use this feature for Direct Server Return (DSR) in a one-armed
load balancing configuration, so that frames returning from the server to the client do not
have to pass through Alteon.
Default: disable
direct disable|enable
Enables or disables Direct Access Mode (DAM) on the selected virtual service. This takes
precedence over the command to globally enable or disable DAM on Alteon.
424


Enables or disables session mirroring on the selected virtual service. When implementing
session mirroring, note the following:
Session mirroring is supported in VRRP active-standby and hot-standby

configurations.
Session mirroring is only supported for Layer 4 SLB sessions and static NAT filtering
sessions.
Session mirroring is supported only for the following protocols and filters:
SIP
FTP
NAT filters
Layer 4 SLB with delayed binding
Session mirroring is not supported for the following protocols and filters:
Active-active VRRP
RTSP
Layer 7 SLB
Allow, deny, redir filters
Session mirroring is not supported in IPv6 Server Load Balancing sessions.
A direct interswitch link between the master and backup Alteons is necessary to
route the NAAP packets.
winsize0 disable|enable
Enables or disables the winsize0 setting. A 0 window blocks data from being accepted.
Other packets such as ACK, RST, and URG are accepted while transmitting data.
sesslog
Enables or disables session logging.
del
Removes this virtual service from operation and deletes it from the Layer 4 switching
software configuration.
Note: Use this command with caution, as it will delete the options that have been set
for this virtual service.
cur
Displays the current configuration of services on the specified virtual server.
/cfg/slb/virt/service/basic-slb/appshape
AppShape++ Menu
[AppShape++ Menu]
add
- Add AppShape++ script to service
rem
- Remove AppShape++ script from service
arem
- Remove all AppShape++ scripts from service
cur
- Display service AppShape++ scripts configuration
425

Table 298: AppShape++ Menu Options (/cfg/slb/virt/service/basic-slb/appshape)

add <priority (1-16)> <script ID>
Adds an AppShape++ script to the virtual service, and defines its priority (1-16). The
priority determines the order in which the script runs relative to the other AppShape++
scripts that are associated with the virtual service.
Values: 116
rem <priority (1-16)>

Removes an AppShape++ script from the virtual service.
arem
Removes all AppShape++ scripts from the virtual service.
cur
Displays the current AppShape++ scripts for the virtual service.
/cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu
[Proxy IP Menu]
mode
addr
nwclss
cur
-
Set proxy IP mode

Set PIP address/subnet for this virtual service
Set PIP network class for this virtual service
Display current Proxy IP configuration
Table 299: Proxy IP Menu Options (/cfg/slb/virt/service/basic-slb/pip)

mode disable|ingress|egress|address|nwclss
Enables or disables proxy IP selection based on the ingress port or VLAN, egress port or
VLAN, IP address or IP network class. By default, the SP selects the proxy IP address
based on the ingress port or VLAN.
addr
Sets the IPv4 and/or IPv6 PIP address or subnet. When a subnet is configured, PIP
persistency mode can be selected.
Options:
IPv4 PIP mask
IPv6 PIP prefix
PIP persistency
nwclss
Sets the IPv4 and/or IPv6 network class as PIP, and enables PIP persistency mode.
Options:
426
PIP persistency

Table 299: Proxy IP Menu Options (/cfg/slb/virt/service/basic-slb/pip)

cur
Displays the current PIP configuration.
/cfg/slb/virt <server number>/service/https
Virtual Server HTTPS Service Configuration Menu

The following menu example is application-specific and includes only the application-specific
commands. For all common commands, refer to /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
[Virtual Server
name
http
cntrules appshape action
pip
ssl
group
redirect group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
clsrst
nonat
direct
mirror
winsize0 ckrebind sesslog del
cur
-
33 443 https Service Menu]

Set descriptive virtual service name
HTTP Load Balancing Menu
Content Based Services Rules Menu
AppShape++ Menu
Set action type of this service
Proxy IP Menu
Set application redirection URL
Set real port
Set hostname
Set hash parameter
Enable/disable server rebalancing when cookie is absent
Table 300: Virtual Server HTTPS Service Configuration Options (/cfg/slb/virt/service/https)

name
Sets a descriptive name for the virtual service.
http
Displays the HTTP Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/http/http HTTP Load Balancing Menu, page 440.
From this menu, you can enable or disable HTTP redirection for Global Server Load
Balancing (GSLB) on a per VIP basis. Disabling HTTP redirection causes GSLB to use a
proxy IP address for HTTP.
427


cntrules
Displays the Content-Based Services Rule menu. The maximum number of rules per
virtual service is 128. The rule number defines the rule priority.
Note: Alteon performs HTTP Layer 7 content switching before applying any
modifications and is based on the original requests.
To view this menu, see /cfg/slb/virt<server number>/service/https/cntrules ContentBased Services Rule Menu, page 433.
appshape++
action group|redirect|discard
Sets the action type of this virtual service when no match is found in the HTTP content
rule.
Values:
groupLoad balances the traffic between the servers defined in the group field after
performing all other of the service's actions.
redirectPerforms application redirection for HTTP and HTTPS services based on the
settings of the redirect command (see in this table).
discardDrops the session.
Default: group
pip
ssl <srvrcert|sslpol|cur>
Displays the SSL Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/https/ssl SSL Load Balancing Menu, page 434.

See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
428


redirect
Sets the application redirection location of this virtual service.
The redirection location should be defined in one string, which includes the following
parameters:
ProtocolHTTP or HTTPS. Mandatory.
PortThe port to be set in the URL. The default value is the well-known port of the
redirect protocol. Optional.
For example, if the protocol is set to HTTPS, the default port is 443. If the protocol is
set to HTTP, the default port is 80. The delimiter between the hostname and the port
must be ":".
HostnameThe URL of the host. The delimiter between the protocol and the
hostname must be "://". Mandatory.
PathA path, file name and file type. The delimiter between the protocol and the
hostname must be "/". You can configure both the original path and a new additional
path element. Optional.
For example: $protocol://$hostname/newdir/$path
QueryA complete or partial query string. The delimiter between the protocol and
the hostname must be "?". Optional.
To use the same value as in the request, use the following construct:
$PROTOCOL, $PORT, $HOST, $PATH, $QUERY

For example :
http://www.mysite.com:8080/mypath
http://$HOST/new/$PATH
https://$HOST:$PORT/$PATH?$QUERY
429


When configuring an SSL-based virtual service, how the rport value is set is usually
dependent on whether encryption between Alteon and the back-end servers is enabled
(meaning that there is back-end encryption). The back-end encryption setting is part of
the associated SSL policy configuration using the bessl (back-end listening port)
command (see a description of this command in /cfg/slb/ssl/sslpol SSL Policy Menu,
page 514). The following describes how rport is set based on the bessl setting:
When Alteon offloads SSL traffic from the servers, and back-end encryption is not
used, the servers are usually configured to listen on port 80. Therefore, rport is
automatically set to 80.
When Alteon offloads SSL traffic from the servers, and back-end encryption is used,
the servers are usually configured to listen on port 443. Therefore, rport is
automatically set to 443. For more information, see /cfg/slb/virt <server number>/
Notes:
You can also configure SSL offloading for other protocols encrypted by SSL by using
SSL as the application type. To select the virtual service application type, see /cfg/
Service Configuration, page 419.
When using the SSL application type, HTTP-based capabilities such as setting HTTP
redirection conversion, setting the SSL client information, or passing authentication
policy information to the back-end servers are not available. Also, this capability is
not supported for protocols that include special treatment of SSL, such as FTPS,
SMPTS and POPS.
If your network environment requires it, you can change the default back-end listening
port.
Notes:
If you have associated an SSL policy to a virtual service but have not yet configured
the SSL policy, the default value of the listening port is set as the same value as the
virtual service port. When you eventually set the back-end encryption using the bessl
command, you receive a message similar to the following, based on how you
configure the back-end listening port:
Note: You may want to update rport in the following virtual

services associating this SSL policy:
virt 1 service 443 HTTPS
430
If you set rport to 0 (meaning that no specific port is defined), Alteon determines the
back-end listening port based on the SSL policy definition and dynamically sets the
real port as appropriate.


hname <hostname>
|none
Sets the hostname for a service added. Use this in conjunction with dname (see in this
table) to create a full host or domain name for individual services.
Values:
hostnameFor example, to add a hostname for Web services, you could specify
www as the hostname. If a dname of foocorp.com is defined, "" would be the full
host or domain name for the service.
noneClears the hostname for a service.

pbind clientip|cookie <p|r|i> |sslid|disable

Values:

cookieThis option uses a cookie defined in the HTTP header or placed in the URI for
hashing. For more information on the cookie option, see Cookie-Based Persistence,
page 444.
Pbind cookie is only relevant for the HTTP or HTTPS applications.
If the cookie expiration time is greater than the /cfg/slb/virt x/service x/
ptmout value, timed out requests will not be persistent.
For detailed information on cookie-based persistence, see the Persistence chapter in
the Alteon Application Switch Operating System Application Guide.
sslidThis option is for Secure Sockets Layer (SSL), which is a set of protocols built
on top of TCP/IP that allows an application server and user to communicate over an
encrypted HTTP session. SSL provides authentication, non-repudiation, and security.
The session ID is a value comprising 32 random bytes chosen by the SSL server that
gets stored in a session hash table. By enabling the sslid option, all subsequent SSL
sessions which present the same session ID are directed to the same real server.

application.
Default: disable
431


thash sip|sip+sport
tmout
ptmout
Values:
must be disabled.
Default: disable
frag disable|enable
ckrebind disable|enable
Used for cookie insert mode and determines how to handle the subsequent requests in a
TCP session. When enabled, Server Load Balancing occurs for subsequent requests that
reach Alteon without a cookie.
sesslog
432


del
cur
/cfg/slb/virt<server number>/service/https/cntrules
Content-Based Services Rule Menu

Content-based service rules consist of a protocol-specific matching content class and an action. A
rule can be added, removed, or copied. The rules are evaluated according to their priority, with the
lowest number getting evaluated first. The maximum number of rules in a rule list is 128. All rules
are evaluated, and all matching rules are performed.
Tip: Radware recommends that you leave a gap between rule numbers that you create so you can
easily place future rules within the current hierarchy. For example, create rules 1, 5, and 10 in the
event that new rule 3 should be placed between rules 1 and 5, or new rule 7 should be placed
between rules 5 and 10.
Note: Alteon performs HTTP Layer 7 content switching before applying any modifications and is
based on the original requests.
[HTTPS Content Rule 1 Menu]

name
- Set descriptive content rule name
cntclss - Set content class for this rule
action
- Set action type for this rule
group
- Set real server group number for this rule
redirect - Set application redirection location for this rule
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
- Display current rule configuration
Table 301: Content Based Services Rule Menu Options (/cfg/slb/virt/service/https/cntrules)

name
Sets the descriptive name for the content rule.
cntclss
Sets the content class for this rule. This parameter is mandatory for enabled rules.
For content class updates, use the /cfg/slb/layer7/slb/cntclss HTTP Content Class Menu,
page 463.
433

Table 301: Content Based Services Rule Menu Options (/cfg/slb/virt/service/https/cntrules)

rule.
Values:
Default: group

Sets a real server group for this service. You are prompted to enter the number of the
real server group to add to this service.
Values: 11024
Default: 1
redirect
Sets the application redirection location of this rule.

For example:
copy
Copies the rule to another index in the same virtual service. This option can also be used
to change the priority of a rule.
ena
Enables the rule.
dis
Disables the rule.
del
Deletes the rule.
cur
Displays the current rule configuration.
/cfg/slb/virt <server number>/service/https/ssl

[SSL Load Balancing Menu]
srvrcert - Set SSL server certificate for this virtual service
sslpol
- Set SSL policy for this virtual service
cur
- Display current SSL configuration
434

Table 302: Configuration Options (/cfg/slb/virt/service/https/ssl)

srvrcert
Sets the SSL server certificate or certificate group for this virtual service.
The server certificate and certificate group can be defined at /cfg/slb/ssl/certs.
sslpol
Sets the SSL policy for this virtual service.
cur
Displays the current SSL configuration.
/cfg/slb/virt <server number>/service/http
Virtual Server HTTP Service Configuration Menu

[Virtual Server
name
http
cntrules appshape action
pip
group
redirect rport
hname
cont
pbind
thash
report
tmout
ptmout
dbind
clsrst
nonat
direct
mirror
winsize0 ckrebind sesslog del
cur
-
22 234 http Service Menu]

Set descriptive virtual service name
Content Based Services Rules Menu
AppShape++ Menu
Set action type of this service
Proxy IP Menu
Set application redirection URL
Set real port
Set hostname
Set hash parameter
Set report granularity level
Enable/disable server rebalancing when cookie is absent
435

Table 303: Virtual Server HTTP Service Configuration Options (/cfg/slb/virt/service/http)

name
Sets the descriptive name of the virtual service.
http
Displays the HTTP Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/http/http HTTP Load Balancing Menu, page 440.
From this menu, you can enable or disable HTTP redirection for Global Server Load
Balancing (GSLB) on a per VIP basis. Disabling HTTP redirection causes GSLB to use a
proxy IP address for HTTP.
cntrules
Displays the Content-Based Services Rule menu. The maximum number of rules per
virtual service is 128. The rule number defines the rule priority.
To view this menu, see /cfg/slb/layer7 Layer 7 SLB Resource Definition Menu, page 461.
appshape++
rule.
Values:
Default: group
pip

436


redirect
Sets the application redirection location of this virtual service.
The redirection location should be defined in one string, which includes the following
parameters:
ProtocolHTTP or HTTPS. Mandatory.
PortThe port to be set in the URL. The default value is the well-known port of the
redirect protocol. Optional.
For example, if the protocol is set to HTTPS, the default port is 443. If the protocol is
set to HTTP, the default port is 80. The delimiter between the hostname and the port
must be ":".
HostnameThe URL of the host. The delimiter between the protocol and the
hostname must be "://". Mandatory.
PathA path, file name and file type. The delimiter between the protocol and the
hostname must be "/". You can configure both the original path and a new additional
path element. Optional.
For example: $protocol://$hostname/newdir/$path
QueryA complete or partial query string. The delimiter between the protocol and
the hostname must be "?". Optional.

For example :

hname <hostname>
|none


437


pbind clientip|cookie <p|r|i>|disable
Values:

cookieThis option uses a cookie defined in the HTTP header or placed in the URI for
hashing. For more information on the cookie option, see Cookie-Based Persistence,
page 444.
Pbind cookie is only relevant for the HTTP or HTTPS applications.
For detailed information on cookie-based persistence, see the Persistence chapter in
the Alteon Application Switch Operating System Application Guide.

application.
Default: disable
thash sip|sip+sport
report <service|real>
Sets the reporting level for Device Performance Monitoring (DPM). When DPM is enabled,
performance statistics are sent to APSolute Vision for display in the Device Performance
Monitoring Web interface. The DPM Web interface includes alerts, dashboards with
current monitoring data, and reports with historical data.
Note: For DPM to work you must enable it (see /cfg/sys/report Configuring Device
Performance Monitoring (DPM) Reporting Parameters, page 285), and you must
enable DAM (Direct Access Mode) for each virtual service that you are monitoring.
By default, statistics are gathered per virtual service. When you require more granular
reports, you can select an extended reporting level per virtual service (per real server
associated with that service).
Values:
serviceDPM statistics are gathered and displayed per virtual service.
realDPM statistics are gathered and displayed per real server per virtual service.
Default: service
For more information on DPM, see the APSolute Vision User Guide.
438


tmout
ptmout
Values:
must be disabled.
Default: disable
ckrebind disable|enable
Used for cookie insert mode and determines how to handle the subsequent requests in a
TCP session. When enabled, Server Load Balancing occurs for subsequent requests that
reach Alteon without a cookie.
sesslog
del
cur
439

/cfg/slb/virt <server number>/service/http/http

[HTTP Load Balancing Menu]
httpslb - Set content based server selection
comppol - Set compression policy for this virtual service
fastpol - Set FastView policy for this virtual service
errcode - Set error code update
urlchang - Set URL adjustments for page location changes in servers
pathhide - Set URL path obfuscation
textrep - Set free text replacement for server responses
httpmod - Set HTTP content modification rule-list
connmgt - Set connection management for HTTP traffic
clntprox - Set client proximity processing type for Global SLB
urlcont - Set BW cont of an SLB string specific to this service
rcount
- Set multi response count
parselen - Set buffer length for content based selection
parselmt - Enable/disable buffer limit for content based selection
urinorm - Enable/disable URI normalization for HTTP modification and
content matching
xforward - Enable/disable X-Forwarded-For for proxy mode
cloaksrv - Enable/disable server cloaking
redirect - Enable/disable HTTP/HTTPS redirection for Global SLB
cur
- Display current HTTP configuration
Table 304: HTTP Load Balancing Menu Options (/cfg/slb/virt/service/http/http)

httpslb urlslb|host|cookie|browser|urlhash|headerhash|others
Sets content-based server selection for the following applications:
urlslbEnables or disables URL SLB.
hostEnables or disables for virtual hosting.
cookieEnables or disables cookie-based SLB for cookie-based preferential load

balancing. You are prompted for the following: cookie name, starting point of the
cookie value, number of bytes to be extracted, enable or disable checking for cookie
in URI. The length of the cookie value must be 28.
For a description of the cookie options, see Cookie-Based Persistence, page 444.
browserEnables or disables SLB, based on browser type.
urlhashEnables or disables URL hashing based on URI.
headerhashHashes on any HTTP header value.
othersRequires inputs for a particular header field.
You can combine or select applications to load balance using the and and/or or
operators. For example:
httpslb <application>
httpslb application and|or
<application>
comppol
Displays the Compression Policy menu for setting the compression policy for this virtual
service. To view this menu, see /cfg/slb/accel/compress/comppol <compression policy
ID> Compression Policy Menu, page 488.
440


fastpol
Displays the FastView Policy menu for setting the FastView policy for this virtual service.
To view this menu, see /cfg/slb/accel/fastview/fastpol <policy ID (alphanumeric)>
FastView Policy Menu, page 497.
errcode disable|enable|clear
Controls server response codes. You can change the error code generated by the server,
edit the error reason, or redirect to a different HTTP location. You can define multiple
error codes per service if all use the same behavior.
Values:
enableEnables this option. You are prompted to configure the following

parameters:
Match error codesThe error codes to be matched.
HTTP RedirectionDetermines whether or not to redirect to a different HTTP

location:
yRedirect. You are prompted to enter the URL to which to redirect, and the
error code.
nDo not redirect. You are prompted to enter a new error code and the
error reason.
disableDisables this option.
clearClears the current error code configuration.
Default: disable
urlchang disable|enable|clear
Changes URLs in server responses. You can adjust to changes made on servers, making
them transparent to end-users, by matching the hostname, URL, page, and page type,
and updating the URL, page, and page type.
Values:
enableWhen you enable this option, you are prompted to configure the following
parameters:
Hostname match typeEnter one of the following hostname types to determine

how to match the hostname you provide for the hostname to match
parameter:
sufxSuffix
prefxPrefix
eqEquals
inclIncludes
anyIf you enter any, the prompt skips to the path match type parameter.
Hostname to matchEnter the hostname to be matched based on the selected
hostname match type.
Examples:
If you set the type to eq, if the hostname to match is set to
www.radware.com, then only www.radware.com matches.
If you set the type to prefx, if the hostname to match is set to www.radware,
then www.radware.com, www.radware1.com, www.radware1111.com,
and www.radwareabcgtalk.com match.
441


(continued)
Path match typeThe path you provide for the path the match parameter:
sufxSuffix
prefxPrefix
eqEquals
inclIncludes
anyIf you enter any, the prompt skips to the page name to match
parameter.
Path to matchThe path to be matched based on the selected path match type.
Page name to matchThe page name to be matched.
Page type to matchThe page type to be matched.
Path action typeEnter one of the following path action types:
insertThe following path section is inserted:
>> Enter path to insert []:

>>Insert the specified path before or after the matched
section? [b/a]:
replaceThe following path section is replaced:
>>Enter new path to replace the matched section:
removeThe matched path section is removed.

noneNo action is taken.
New page nameThe new page name to be used for the path change or none.
New type nameThe new page type to be used for the path change or none.
disableDisables this option.
clearClears the current URL change configuration.
Default: disable
442


pathhide disable|enable|clear
Enhances security by hiding page locations. You can modify server responses by
removing HTTP headers that include information about the server machine and OS.
By default server resource cloaking is disabled.
When you enable this option, configure the following parameters:
Hostname match typeThe path type that determines how to match the path you
provide in the next parameter.
sufxsuffix
prefxprefix
eqequals
inclincludes
anyany
Hostname to matchThe hostname to be matched based on the selected hostname

type.
Path match typeThe path type that determines how to match the path you provide
in the next parameter.
sufxsuffix
prefxprefix
eqequals
inclincludes
anyany
Path to matchThe path to be matched based on the selected path type.
textrep disable|enable|clear
Replaces or removes free text in server responses.
By default server resource cloaking is disabled.
When you enable this option, configure the desired action:
replaceThe matched text to be replaced and then enter the replacement text.
removeThe matched text to be removed.
httpmod
Sets an HTTP modification rule list. After setting an HTTP Modification rule list, you can
configure it. To view this menu, see /cfg/slb/layer7/httpmod HTTP Modification Rule-List
Menu, page 470.
connmgt enabled|disabled|pooling
Sets connection management for HTTP traffic.
Values:
enabledEnables connection management.
disabledDisables connection management.
poolingEnables or disables connection pooling for HTTP traffic
clntprox
Sets the client proximity processing type for GSLB.
Values: http, https, none
Default: none
443


urlcont
Sets the Bandwidth Management contract of an SLB string specific to this service.
rcount
Sets the multi-response count.
parselen enable|disable
Sets the parsing buffer length for content-based selection.
parselmt enable|disable
Enables or disables parse the limit for content-based selection.
urinorm enable|disable
Enables or disables the URI normalization for HTTP modification and content matching.
xforward enable|disable
Enables or disables the URI normalization for HTTP modification and content matching.
Note: To enable X-Forwarded-For, you need to either set delayed binding to full proxy
mode and configure a PIP or enable DAM.
cloaksrv enable|disable
Enables or disables modification of server responses by replacing HTTP headers that
include information about the server computer and operating system.
redirect enable|disable
Enables or disables HTTP and HTTPS redirection for GSLB.
cur
Displays the current HTTP configuration.
Cookie-Based Persistence
Use the cookie option to establish cookie-based persistence. Table 305 - Cookie Persistence Options
(/cfg/slb/virt/service/http/http/cookie), page 445 describes the cookie sub-options. For more
information on cookie-based persistence, refer to the Alteon Application Switch Operating System
Application Guide.
444

Table 305: Cookie Persistence Options (/cfg/slb/virt/service/http/http/cookie)
Option
Description
mode
Specifies one of the following modes for cookie-based persistence:
pPassive mode. In this mode, the network administrator configures the Web
server to embed a cookie in the server response that Alteon looks for in
subsequent requests from the same client.
rRewrite mode, or active cookie mode. In this mode, Alteon, and not the
network administrator, generates the cookie value on behalf of the server.
Alteon intercepts this persistence cookie and rewrites the value to include
server-specific information before sending it to the client.
iInsert mode. In this mode, when a client sends a request without a cookie,
the server responds with the data, and Alteon inserts a persistence cookie into
the data packet. Alteon uses this cookie to bind to the appropriate server.
The following are insert mode options:
Domain nameThe domain for which the cookie is valid. Enter y to enable
this option.
pathThe subset of URLs on the origin server to which this cookie applies.
secure flagWhen enabled, this directs the user agent to use a secure
connection to obtain content associated with the cookie. Enter y to enable
this option.
Insert cookie mode expiration parameters are as follows:
<MM/dd/yy[@hh:mm]> (e.g. 12/31/01@23:59)

... a date
... a duration <days[:hours[:minutes]]> (e.g. 45:30:90)
... or none <return>
name
The name of the cookie.
offset
The starting point of the cookie value.

Values: 164
length
The number of bytes to extract. For cookie rewrite, the length must be 8 or 16.
URI
Searches for a cookie in the URI.
Values: 164
Values:
eEnable. Searches for a cookie name or value in the URI.
dDisable. Searches for cookie in the HTTP header.
/cfg/slb/virt<server number>/service http/cntrules
Content-Based Services Rule Menu

Content-based service rules consist of a protocol-specific matching content class and an action. A
rule can be added, removed, or copied. The rules are evaluated according to their priority, with the
lowest number getting evaluated first. The maximum number of rules in a rule list is 128. All rules
are evaluated, and all matching rules are performed.
445

[HTTP Content
name
cntclss
action
group
redirect
copy
ena
dis
del
cur
Rule 1 Menu]
- Set descriptive content rule name
- Set content class for this rule
- Set action type for this rule
- Set real server group number for this rule
- Set application redirection location for this rule
- Copy rule
- Enable rule
- Disable rule
- Delete rule
Table 306: Content Based Services Rule Menu Options (/cfg/slb/virt/service/http/cntrules)

name
Sets the descriptive name for the content rule.
cntclss
Sets the content class for this rule. This parameter is mandatory for enabled rules.
For content class updates, use the /cfg/slb/layer7/slb/cntclss HTTP Content Class Menu,
page 463.
rule.
Values:
Default: group

Sets a real server group for this service. You are prompted to enter the number of the
real server group to add to this service.
Values: 11024
Default: 1
redirect
Sets the application redirection location of this rule.

For example:
446

Table 306: Content Based Services Rule Menu Options (/cfg/slb/virt/service/http/cntrules)

copy
Copies the rule to another index in the same virtual service. This option can also change
the priority of a rule.
ena
Enables the rule.
dis
Disables the rule.
del
Deletes the rule.
cur
/cfg/slb/virt <server number>/service/ssl
Virtual Server SSL Service Configuration Menu

[Virtual Server
ssl
appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
clsrst
nonat
direct
mirror
cur
-
33 125 ssl Service Menu]

AppShape++ Menu
Proxy IP Menu
Set real port
Set hostname
Set hash parameter
447

Table 307: Virtual Server SSL Service Configuration Options (/cfg/slb/virt/service/ssl)

ssl <srvrcert|sslpol|cur>
Displays the SSL Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/ssl/ssl SSL Load Balancing Menu, page 451.
appshape++
pip

448


(meaning that there is back-end encryption). The back-end encryption setting is part of
the associated SSL policy configuration using the bessl (back-end listening port)
command (see a description of this command in /cfg/slb/ssl/sslpol SSL Policy Menu,
page 514). The following describes how rport is set based on the bessl setting:
automatically set to 443. For more information, see /cfg/slb/virt <server number>/
Notes:
You can also configure SSL offloading for other protocols encrypted by SSL by using
SSL as the application type. To select the virtual service application type, see /cfg/
Service Configuration, page 419.
When using the SSL application type, HTTP-based capabilities such as setting HTTP
redirection conversion, setting the SSL client information, or passing authentication
policy information to the back-end servers are not available. Also, this capability is
not supported for protocols that include special treatment of SSL, such as FTPS,
SMPTS and POPS.
If your network environment requires it, you can change the default back-end listening
port.
Notes:
If you have associated an SSL policy to a virtual service but have not yet configured
the SSL policy, the default value of the listening port is set as the same value as the
virtual service port. When you eventually set the back-end encryption using the bessl
command, you receive a message similar to the following, based on how you
configure the back-end listening port:
Note: You may want to update rport in the following virtual

services associating this SSL policy:
If you set rport to 0 (meaning that no specific port is defined), Alteon determines the
back-end listening port based on the SSL policy definition and dynamically sets the
real port as appropriate.
hname <hostname>
|none

449


pbind clientip|sslid|disable
Values:

sslidThis option is for Secure Sockets Layer (SSL), which is a set of protocols built
on top of TCP/IP that allows an application server and user to communicate over an
encrypted HTTP session. SSL provides authentication, non-repudiation, and security.
The session ID is a value comprising 32 random bytes chosen by the SSL server that
gets stored in a session hash table. By enabling the sslid option, all subsequent SSL
sessions which present the same session ID are directed to the same real server.

application.
Default: disable
thash sip|sip+sport
tmout
ptmout
450


Values:
must be disabled.
Default: disable
sesslog
del
See /cfg/slb/virt <server number>/service/basic-slb Virtual Server Basic SLB Service
cur
See /cfg/slb/virt <server number>/service/basic-slb Virtual Server Basic SLB Service
/cfg/slb/virt <server number>/service/ssl/ssl

[SSL Load Balancing Menu]
srvrcert - Set SSL server certificate for this virtual service
sslpol
- Set SSL policy for this virtual service
cur
- Display current SSL configuration
451

Table 308: Configuration Options (/cfg/slb/virt/service/ssl/ssl)

srvrcert
Sets the SSL server certificate or certificate group for this virtual service.
The server certificate and certificate group can be defined using /cfg/slb/ssl/certs
Certificate Repository Menu, page 505.
sslpol
Sets the SSL policy for this virtual service.
cur
Displays the current SSL configuration.
/cfg/slb/virt <server number>/service/dns
Virtual Server DNS Service Configuration Menu

[Virtual Server
protocol appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dnstype dbind
nonat
dnsslb
direct
mirror
cur
-
452
1 53 dns Service Menu]

AppShape++ Menu
Proxy IP Menu
Set real port
Set hostname
Set hash parameter
Set DNS type for this service (DNS, DNSSEC)
Enable/disable DNS query load balancing

Table 309: Virtual Server DNS Service Configuration Options (/cfg/slb/virt/service/dns)

Values:


application.
Default: disable
dnstype
Sets the DNS type for this service.
Values: dns, dnssec, both
dnsslb
Enables or disables DNS-based Layer or content load balancing.
453

/cfg/slb/virt <server number>/service/ftp
Virtual Server FTP Service Configuration Menu

[Virtual Server
appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
nonat
ftpp
mirror
sesslog del
cur
-
22 145 ftp Service Menu]

AppShape++ Menu
Proxy IP Menu
Set real port
Set hostname
Set hash parameter
Enable/disable FTP SLB parsing for virtual server
Table 310: Virtual Server FTP Service Configuration Options (/cfg/slb/virt/service/ftp)

Values:


application.
Default: disable
454

Table 310: Virtual Server FTP Service Configuration Options (/cfg/slb/virt/service/ftp)

ftpp disable|enable
Enables or disables FTP SLB parsing for this virtual server.
When this option is enabled, Alteon modifies the appropriate FTP method or command to
support FTP servers on a private network for both active and passive FTP modes. To do
this, Alteon looks deeper into the packet and modifies the port command for active FTP,
or the entering the passive mode command for passive FTP.
Note: This command appears only when the virtual service is set to ftp or service port
21.
Default: disable
/cfg/slb/virt <server number>/service/rtsp
Virtual Server RTSP Service Configuration Menu

[Virtual Server
appshape pip
group
hname
rtspslb thash
tmout
ptmout
softgrid nonat
nortsp
sesslog del
cur
-
223 554 rtsp Service Menu]

AppShape++ Menu
Proxy IP Menu
Set hostname
Set RTSP URL load balancing type
Set hash parameter
Enable/disable SoftGrid load balancing
Enable/disable only RTSP SLB
Table 311: Virtual Server RTSP Service Configuration Options (/cfg/slb/virt/service/rtsp)

rtspslb hash|patternMatch|l4hash|none
Sets the rtspslb type.
Values:
hashRTSP parses the URL and hashes the URL to select a server to load balance.
patternMatchAlteon matches the string or pattern within the URL to select a server
based on the string configured on the real server.
l4hashConfigures Server Load Balancing to be based on the Layer 4 hash metric.
noneRTSP uses Layer 4 metrics to select a server to load balance.
Default: hash
softgrid <Enable|disable>
Enables or disables SoftGrid load balancing.
455

Table 311: Virtual Server RTSP Service Configuration Options (/cfg/slb/virt/service/rtsp)

nortsp <Enable|disable>
Enables or disables RTSP SLB for DSR configuration.
/cfg/slb/virt <server number> /service/wts
Virtual Server WTS Service Configuration Menu

[Virtual Server
wts
appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
nonat
direct
mirror
cur
-
223 555 wts Service Menu]

WTS Load Balancing Menu
AppShape++ Menu
Proxy IP Menu
Set real port
Set hostname
Set hash parameter
Table 312: Virtual Server WTS Service Configuration Options (/cfg/slb/virt/service/wts)

wts
Displays the WTS Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/wts/wts WTS Load Balancing Menu, page 457.
456

Table 312: Virtual Server WTS Service Configuration Options (/cfg/slb/virt/service/wts)

Values:


application.
Default: disable
/cfg/slb/virt <server number>/service/wts/wts
WTS Load Balancing Menu

[WTS Load Balancing Menu]
userhash - Enable userhash when there is no Session Dir. Server
ena - Enable WTS loadbalancing and persistence
dis - Disable WTS loadbalancing and persistence
cur - Display current WTS configuration
Table 313: WTS Load Balancing Menu Options (/cfg/slb/virt/service/wts/wts)

userhash
Enables user hash if there is no session director server in the server platform.
ena [true|false]
Enables WTS load balancing.
dis [true|false]
Disables WTS load balancing.
cur
Displays the current WTS configuration.
457

/cfg/slb/virt <server number>/service/sip
Virtual Server Session Initiation Protocol Service Configuration Menu

[Virtual Server
sip
protocol appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
frag
nonat
direct
mirror
cur
-
223 5060 sip Service Menu]

SIP Load Balancing Menu
AppShape++ Menu
Proxy IP Menu
Set real port
Set hostname
Set hash parameter
Enable/disable remapping UDP server fragments
Table 314: Virtual Server Session Initiation Protocol Service Configuration Options (/cfg/slb/
virt/service/sip)

sip
Displays the SIP Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/sip/sip SIP Load Balancing Menu, page 459.
From this menu, you can enable or disable Session Initiation Protocol (SIP) server load
balancing. When enabled, you can configure SIP service on the service port 5060 for a
virtual server. SIP is an application-level control protocol for creating, modifying, and
terminating sessions with one or more participants (refer to RFC 3261). Alteon supports
both TCP- and UDP-based SIP servers. Using SIP, you can load balance MCS (Multimedia
Communication Server) proxy servers. MCS is a UDP-based SIP-enabled application
Server. Microsoft LCS server is supported.
Notes:
458
You need to activate Direct Access Mode (DAM) perform SIP load balancing.
You can use only minmiss as the load-balancing metric, because load balancing is
performed based on the Call-ID.

virt/service/sip)

Values:


application.
Default: disable
/cfg/slb/virt <server number>/service/sip/sip
SIP Load Balancing Menu

[SIP Load Balancing Menu]
sip
- Enable/disable SIP load balancing
sdpnat - Enable/disable SIP SDP Media Portal NAT
hashlen - Set length for hashing (4- 256 bytes)
cur
- Display current SIP configuration
Note: Layer 7 SIP load balancing is supported only in UDP and not in TCP. You must enable UDP for
SIP service.
Table 315: SIP Load Balancing Menu Options(/cfg/slb/virt/service/sip/sip)

sip
Enables or disables SIP load balancing.
Values:
e (enable)When enabled, you can scan and hash calls based on a SIP Call-ID
header to an MCS server. You need to turn Direct Access Mode (DAM) on to perform
SIP load balancing. You can use only minmiss as the load balancing metric because
load balancing is performed based on the Call-ID.
d (disable)When disabled, load balancing is based on Layer 4 tuple values.
459

Table 315: SIP Load Balancing Menu Options(/cfg/slb/virt/service/sip/sip)

sdpnat
Enables SIP SDP Media Portal NAT.
hashlen
Determines the number of bytes from the Call-ID that are used as input to the hash
function.
cur
Displays the current SIP configuration.
/cfg/slb/virt <server number>/service/ldap
Virtual Server LDAP Service Configuration Menu

[Virtual Server
appshape pip
group
rport
hname
cont
thash
tmout
nonat
direct
reset
ldapslb mirror
sesslog del
cur
-
223 389 ldap Service Menu]

AppShape++ Menu
Proxy IP Menu
Set real port
Set hostname
Set hash parameter
Enable/disable session reset when session age out
Enable/disable L7 LDAP SLB
virt/service/ldap)

reset disable|enable
Enables or disables session reset when the session ages out.
ldapslb disable|enable
Enables or disables Layer 7 LDAP server load balancing.
460

/cfg/slb/layer7
Layer 7 SLB Resource Definition Menu

[Layer 7 Resource Definition Menu]
slb
- Server Load Balancing Menu
httpmod - HTTP content modification rule-lists Menu
redir
- Web Cache Redirection Menu
sdp
- SIP SDP Menu
rule
- SIP UDP rule Menu
dbindtm - Set timeout for incomplete delayed binding connections
cur
- Display current Layer 7 configuration
Table 317: Layer 7 Resource Definition Menu Options (/cfg/slb/layer7)

redir
Displays the Web Cache Redirection menu. To view this menu, see /cfg/slb/layer7/redir
Web Cache Redirection Menu, page 483.
slb
Displays the Server Load Balance Resource menu. To view this menu, see /cfg/slb/
layer7/slb Server Load Balance Resource Menu, page 462.
httpmod
Displays the HTTP Modification Rule-List menu. To view this menu, see /cfg/slb/layer7/
httpmod HTTP Modification Rule-List Menu, page 470.
sdp
Displays the SDP Mapping menu. To view this menu, see /cfg/slb/layer7/sdp SDP
Mapping Menu, page 484.
rule
Displays the SIP UDP Rule menu. To view this menu, see /cfg/slb/layer7/rule SIP UDP
Rule Menu, page 485.
dbindtm <10-60 seconds>

Sets the timeout for incomplete delayed binding connections.
Values: 160 seconds
cur
Displays the current Layer 7 configuration.
461

/cfg/slb/layer7/slb
Server Load Balance Resource Menu

[Server Load Balance Resource Menu]
cntclss - Application Content Class menu
message - Set HTTP error message
addstr
- Add SLB string for content based server selection
remstr
- Remove SLB string for content based server selection
rename
- Rename SLB string for content based server selection
addmeth - Add HTTP method type
remmeth - Remove HTTP method type
case
- Enable/disable case sensitive for string matching
cont
- Set BW contract for the SLB string
cur
Table 318: Server Load Balance Resource Menu Options (/cfg/slb/layer7/slb)

cntclss
Displays the HTTP Content Class menu. To view this menu, see /cfg/slb/layer7/slb/
cntclss HTTP Content Class Menu, page 463.
message <64 byte error message>

Sets the message that displays when an error occurs.
Default message: "No available server to handle this request
addstr
<l7lkup|pattern>
Defines a string for Server Load Balancing or filtering using either a Layer 7 lookup
string or a pattern match.
Values:
l7lkupDefines a string for server load balancing or for Layer 7 lookup.
patternChoose between ASCII or binary strings on a specific offset of the IP

frame. These strings are only for filtering string pattern matching.
Defines an SLB string for content-based server selection using either a Layer 7 lookup
string or a pattern match.
Values:
l7lkupValues: http, dns, other
http
dnsUse a known DNS name or number for the DNS query type, or select any.
For example: DNS name A, DNS number 1
After selecting the DNS type and the DNS query type, you are prompted for the
DNS hostname. Provide the full FQDN on which you want to load balance.
other
patternChoose between ASCII or binary strings on a specific offset of the IP

frame. These strings are only for filtering string pattern matching.
remstr <SLB string ID>

Removes this SLB string from the real server.
rename <SLB string ID
SLB string>
Renames the SLB string for load balancingcontent-based server selection.
462

Table 318: Server Load Balance Resource Menu Options (/cfg/slb/layer7/slb)

addmeth <Method, 1-32 characters>
Adds HTTP request methods. HTTP allows an open-ended set of methods to indicate the
purpose of a request. Alteon supports 22 request methods by default. The GET and
HEAD methods must be supported by all general-purpose servers. All other methods are
optional. You can view a list of supported default methods using the cur command in
this menu.
Method names are case-sensitive.
Alteon supports both HTTP 1.0 and HTTP 1.1 for performing HTTP request methods.
remmeth <Method ID>

Removes an HTTP method.
case disable|enable
Enables or disables case sensitivity for string matching.
Values:
enableEnables case sensitivity for string matching.
disableIf you disable case sensitivity, all load balancing strings and all the request
strings need to be converted to lowercase before doing any string comparison.
cont <SLB string ID [1-1024]> <BW contract number [1-1024]>

Sets the Bandwidth Management contract for a specified string for the SLB string ID.
cur
Displays the currently configured SLB strings and their associated string IDs (index
numbers) and the supported HTTP request methods.
/cfg/slb/layer7/slb/cntclss
HTTP Content Class Menu

[HTTP Content
name
hostname
path
filename
filetype
header
cookie
text
xmltag
logexp
copy
del
cur
Class myclass Menu]

- Set descriptive HTTP content class name
- URL Hostname lookup Menu
- URL Path lookup Menu
- URL File Name lookup Menu
- URL File Type lookup Menu
- Header lookup Menu
- Cookie lookup Menu
- Text lookup Menu
- XML Tag lookup Menu
- Set logical expression between classes
- Copy HTTP content class
- Delete HTTP content class
- Display current HTTP content class
463

Table 319: HTTP Content Class Menu Options (/cfg/slb/layer7/slb/cntclss)

name
Sets a descriptive name for this HTTP class.
hostname
Displays the Hostname menu. Enter the hostname ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/hostname HTTP Content Class Hostname Menu,
page 465.
path
Displays the Path menu. Enter the path ID to display the menu. To view this menu, see
/cfg/slb/layer7/slb/cntclss/path HTTP Content Class Path Menu, page 465.
filename
Displays the File Name menu. Enter the filename ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/filename Content Class File Name Menu,
page 466.
filetype
Displays the File Type menu. Enter the filetype ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/filetype Content Class File Type Menu, page 467.
header
Displays the Header menu. Enter the header ID to display the menu. To view this menu,
see /cfg/slb/layer7/slb/cntclss/header Content Class Header Menu, page 467.
cookie
Displays the Cookie menu. Enter the cookie ID to display the menu. To view this menu,
see /cfg/slb/layer7/slb/cntclss/cookie Content Class Cookie Menu, page 468.
text
Displays the Text menu. Enter the text ID to display the menu. To view this menu, see /
cfg/slb/layer7/slb/cntclss/text Content Class Text Menu, page 469.
xmltag
Displays the XML Tag menu. Enter the XML tag ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/xmltag Content Class XML Tag Menu, page 469.
logexp
Sets the logical expression between classes.
The following logical operators are supported:
&AND
|OR
!NOT
()Brackets
copy
Copies the HTTP content class.
del
Deletes the HTTP content class.
cur
Displays the currently configured HTTP content class.
464

/cfg/slb/layer7/slb/cntclss/hostname
HTTP Content Class Hostname Menu

Defines the hostname ID to display the Hostname menu. Up to 128 hostnames can be defined per
class.
Enter hostname id: myhostname

[Hostname myhostname Menu]
hostname- Set hostname to match
match
- Set match type
copy
- Copy hostname
del
- Delete hostname
cur
- Display current hostname configuration
Table 320: Content Class Hostname Menu Options (/cfg/slb/layer7/slb/cntclss/hostname)

hostname
Sets the hostname to be matched for the rule to take effect.
match [sufx|prefx|equal|include|regex]
Defines the match criteria of the defined string.
Default: include
copy
Copies the hostname element to another element ID in the same class.
del
Deletes the hostname element.
cur
Displays the currently configured hostname.
/cfg/slb/layer7/slb/cntclss/path
HTTP Content Class Path Menu

Enter path id: mypath
[Path mypath Menu]
path
- Set path to match
match
- Set match type
case
copy
- Copy path
del
- Delete path
cur
- Display current path configuration
Table 321: Content Class Path Menu Options (/cfg/slb/layer7/slb/cntclss/path)

path
Sets the path to be matched for the rule to take effect.
465

Table 321: Content Class Path Menu Options (/cfg/slb/layer7/slb/cntclss/path)

Defines the path match criteria of the defined string.
Default: include
case
Enables or disables case sensitivity for string matching.
copy
Copies the path.
del
Deletes the path.
cur
Displays the currently configured path.
/cfg/slb/layer7/slb/cntclss/filename
Content Class File Name Menu

Enter filename id: myfilename
[File name myfilename Menu]
filename - Set file name to match
match
- Set match type
case
copy
- Copy file name
del
- Delete file name
cur
- Display current file name configuration
Table 322: Content Class File Name Menu Options (/cfg/slb/layer7/slb/cntclss/filename)

filename
Sets the file name to be matched for the rule to take effect.
Default: include
case
Enables or disables case sensitivity for matching.
copy
Copies the file name.
del
Deletes the file name.
cur
Displays the currently configured file name.
466

/cfg/slb/layer7/slb/cntclss/filetype
Content Class File Type Menu

Enter filetype id: myfiletype
[File type myfiletype Menu]
filetype - Set file type to match
match
- Set match type
case
copy
- Copy file type
del
- Delete file type
cur
- Display current file type configuration
Table 323: Content Class File Type Menu Options (/cfg/slb/layer7/slb/cntclss/filetype)

filetype
Sets the file type to be matched for the rule to take effect.
Default: include
case
copy
Copies the file type.
del
Deletes the file type.
cur
Displays the currently configured file type.
/cfg/slb/layer7/slb/cntclss/header
Content Class Header Menu

Enter header id: myheader
[Header myheader Menu]
header
- Set header to match
match
- Set match type
case
copy
- Copy header
del
- Delete header
cur
- Display current header configuration
Table 324: Content Class Header Menu Options (/cfg/slb/layer7/slb/cntclss/header)

header
Sets the header to be matched for the rule to take effect. The header string match is
separated into header name and header value. The match type is separated into name
and value.
467

Table 324: Content Class Header Menu Options (/cfg/slb/layer7/slb/cntclss/header)

match [eq|incl|regex]
Default: include
case
copy
Copies the header.
del
Deletes the header.
cur
Displays the currently configured header.
/cfg/slb/layer7/slb/cntclss/cookie
Content Class Cookie Menu

Enter cookie id: mycookie
[Cookie mycookie Menu]
cookie
- Set cookie to match
match
- Set match type
case
copy
- Copy cookie
del
- Delete cookie
cur
- Display current cookie configuration
Table 325: Content Class Cookie Menu Options (/cfg/slb/layer7/slb/cntclss/cookie)

cookie
Sets the cookie to be matched for the rule to take effect. The cookie string match is
separated into cookie name and cookie value. The match type is separated into name
and value.
match [eq|incl|regex]
Default: include
case
copy
Copies the cookie.
del
Deletes the cookie.
cur
Displays the currently configured cookie.
468

/cfg/slb/layer7/slb/cntclss/text
Content Class Text Menu

Enter text id: mytext
[Text mytext Menu]
text
- Set text to match
match
- Set match type
area
- Set lookup area
case
copy
- Copy text
del
- Delete text
cur
- Display current text configuration
Table 326: Content Class Text Menu Options (/cfg/slb/layer7/slb/cntclss/text)

text
Sets the text to be matched for the rule to take effect.
match [include|regex]
Default: include
area
Defines the lookup area.
case
copy
Copies the text.
del
Deletes the text.
cur
Displays the currently configured text.
/cfg/slb/layer7/slb/cntclss/xmltag
Content Class XML Tag Menu

Enter XML tag id: myxml
[XML tag myxml Menu]
xmltag
- Set XML tag to match
match
- Set match type
case
copy
- Copy XML tag
del
- Delete XML tag
cur
- Display current XML tag configuration
469

Table 327: Content Class XML Tag Menu Options (/cfg/slb/layer7/slb/cntclss/xmltag)

xmltag
Sets the XML path to be matched for the rule to take effect. The XML tag string match is
separated into XML tag name and XML tag value. The match type is separated into name
and value.
To indicate the path to a specific value, use / as a delimiter between tag names. For
example: student/name.
To indicate a lookup on a tag attribute, use the @ sign between the path and the
attribute name. For example: student@name
match
path[eq|sufx] value[eq|include|regex]
Defines the match criteria of the defined string. You are prompted to enter the following:
New matching type for the XML tag path: eq, sufx
New matching type for XML tag value: eq, include, regex
case
copy
Copies the XML tag.
del
Deletes the XML tag.
cur
Displays the currently configured XML tag.
/cfg/slb/layer7/httpmod
HTTP Modification Rule-List Menu

[HTTP Modification rule-list <Rule List> Menu]
name
- Set HTTP rule-list name
rule
- Rule Configuration Menu
copy
- Copy rule-list
ena
- Enable rule-list
dis
- Disable rule-list
del
- Delete rule-list
cur
- Display current rule-list configuration
Table 328: HTTP Modification Rule-List Menu

name
Sets the HTTP modification rule list name.
470

Table 328: HTTP Modification Rule-List Menu

rule
Displays the HTTP Modification Rule menu based on the rule list ID, rule number, and
HTTP element you are prompted to provide. This determines which HTTP element the
rule is based on. To view these element-based menus, see /cfg/slb/layer7/httpmod/rule
HTTP Modification Rule Menu, page 471.
The rule configuration is element-dependant. After setting the element, the rule cannot
be updated.
You can create rules for the following HTTP elements:
url Set actions for the protocol (HTTP or HTTPS), port, host, path, page name, and
page type.
headerReplace, remove, or insert a matched header.
cookieRemove or insert a matched cookie.
filetypeReplace a matched file type.
statuslineReplace a matched status line.
textReplace or remove a matched text.
copy
You can duplicate an entire rule list by copying the rule list to a destination rule list
name.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the HTTP
modification rule list to be operational, you must first enable and apply it.
dis
Disables a rule list to make it non-operational.
del
Deletes this HTTP modification rule list.
cur
Displays the current HTTP modification rule list configuration. Rules display in numerical
order.
/cfg/slb/layer7/httpmod/rule
HTTP Modification Rule Menu

HTTP modification rules are based on different types of HTTP elements. A rule can be added,
removed, or copied. The rules are evaluated according to their priority, with the lowest number
getting evaluated first. The maximum number of rules in a rule list is 128.
All rules are evaluated, and all matching rules are performed.
471

The following are the rule type menus, based on the HTTP element you enter at the prompt:
Figure 37 - URL Modification Menu, page 472
Figure 38 - Header Modification Menu, page 475
Figure 39 - Cookie Modification Menu, page 477
Figure 40 - File Type Modification Menu, page 479
Figure 41 - Status Line Modification Menu, page 480
Figure 42 - Text Modification Menu, page 481
Figure 37: URL Modification Menu

[url Modification <Rule List> <Rule Name> 1 Menu]
name
- Set rule name
action
- Rule action parameters menu
match
- Match condition parameters menu
directn - Set rule modification direction
body
- Set modifications to also be done in the HTTP body
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
Table 329: URL Modification Menu Options

name
The name of the rule that displays in the rule list.
action
Displays the URL Action menu, used to determine which action the URL rule
performs.
From the URL Action menu, you can set actions for the following parameters:
ProtocolHTTP or HTTPS. Default: HTTP
PortThe port to be set in the URL. Default: 0, meaning:
When the match port is not 0, the port is removed from the URL.
When the match port is not 0, and the port parameter is 0 for both match
and action, the port in the URL remains unchanged. That is, if it was
explicitly specified it remains as it is, if it was not specified it remains not
specified.
HostThe host action type can be set to insert, replace, or remove:
InsertInserts additional text to the hostname, either before or after the

matched text.
ReplaceReplaces the matched text in the hostname with other text.
RemoveRemoves the matched text from the hostname.
NoneNo action is taken.
Note: Replace and remove are not allowed when the host match type is set to
any.
472


When a host match is set, an action must be specified. To use the same host,
use the replace action with the same text string in the match.
action
(continued)
Example:
Host match type prefix and the host to match www.a match all hosts that
start with www.a. Using host action Insert After with host to insert bbb results
in the following: host www.a.com is modified to www.abbb.com, and host
www.az.com is modified to www.abbbz.com.
PathPath action type can be set to insert, replace, or remove.
InsertInserts additional text to the path, either before or after the

matched text.
ReplaceReplaces the matched text in the path with another text.
RemoveRemoves the matched text from the path.
NoneNo action is taken.
Note: Replace and remove are not allowed when the Path Match Type is set to
Any.
When using a path match, an action must be specified. To use path match as
the match criteria only and use the same path, use the replace action with the
same text string in the match.
Example:
Path match type include and path to match abc match any path that contains
abc, such as /abc/, /a/abc, and so on. Using path action remove results in
the following: path abc is removed, and path de/abc/xyz is modified to de/
xyz.
PagenameA new page name. Leave this action empty to remove the matched
page name.
Note: When both match and action are empty, no operation is performed.
PagetypeA new page type. Leave this action empty to remove the matched
page type.
Note: When both match and action are empty, no operation is performed.
473


match
Displays the URL Match menu to define the match criteria.
Note: This menu is only for the URL element rules.
Set the match parameters according to the configured rule direction (see the
directn command in this table). When the direction is set to bidirectional, set the
match parameters to match the server response.
From the URL Match menu, you can set match criteria for the following:
ProtocolHTTP or HTTPS. Default: HTTP
PortThe port used in the URL. Default: 0, meaning a match when the port is
not explicitly specified in the URL, resulting in using the default port for the
specified protocol (80 for HTTP, 443 for HTTPS).
Note: When the port is 0 for both match and action, this implies that the port
parameter is not checked (the rule is matched regardless of the port that is in the
URL) and not changed.
Host
Host match type can be set to suffix, prefix, equal, include, or any.
Any implies that any host will match.
Host to match indicates the value for the match.

This parameter is not required when the match type is set to any.
Example:
Host match type prefix and host to match www.a match all hosts that
start with www.a, such as www.a.com and www.abc.com.
Path
Path match type can be set to suffix, prefix, equal, include, or any.
This parameter is not required when match type is set to any. Any implies
that any non-empty path match.
Path to match indicates the value for the match.

This parameter is not required when the match type is set to any.
Example:
Path match type include and path to match abc match any path that has
abc in it, such as /abc/ and /a/abc.
Page NameUsed for an exact match of the page name.

For example: hostname.domainname/path/pagename.pagetype
Page TypeUsed for an exact match of the page type.

For example: hostname.domainname/path/pagename.pagetype
474


directn
Determines the rule direction:
RequestOnly client requests are inspected for modification.
ResponseOnly server responses are inspected for modification.
BidirectionalThe modification is done on the server response, and the reverse

modification is done on the subsequent client request. For example, you can
remove the complete path from the response so that the same path is added to
the subsequent request.
body
Enables URL modification in the body.
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Figure 38: Header Modification Menu

[Header Modification <Rule List> <Rule Name> 1 Menu]
name
- Set rule name
action
- Set rule action
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
Table 330: Header Modification Menu Options

name
475


action
Determines which of the following actions the header rule performs:
insertInserts the header field and value at the beginning of the header area.
A value match means a complete word within the value of the header.
Header fieldThe header field that is inserted.

Alteon lets you optionally use predefined variables in the header field.
These variables represent dynamic values that are read from the actual
traffic. For a list of these variables, see Replacement Values for HTTP
Modification Rule Elements, page 482.
ValueThe value that is inserted into the header field.

Alteon lets you optionally use predefined variables in the value. These
variables represent dynamic values that are read from the actual traffic. For
a list of these variables, see Replacement Values for HTTP Modification Rule
Elements, page 482.
Element to matchOne of the following match criteria:
urlThe host and path to match.

headerThe header field and value to match.
cookieThe cookie key and cookie value to match.
filetypeThe file type to match.
statuslineThe status code and status text to match.
textThe text to match.
regexThe regex to match.
noneNo match criteria is defined.
Notes:
If you define match criteria, the insert is performed only if the match is met.
Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
The length of the cookie value must be 28.
replaceReplaces the matched header name and value with the new header
name and value specified.
Header FieldThe header field to be replaced.

Alteon lets you optionally use predefined variables in the header field.
ValueThe value that will be replaced.

Alteon lets you optionally use predefined variables in the value. These
Elements, page 482.
476
New header fieldThe new header field.
New ValueThe new value.
removeThe entire matching header field is removed
Header FieldThe header field to be removed.
ValueThe value that will be removed from the header field.


directn
This determines the rule direction:
BidirectionalThe modification is done on the server response and the reverse

modification is done on the subsequent client request. For example, you can
remove the complete path from the response so that the same path is added to
the subsequent request
copy
priority of a rule.
ena
dis
del
Deletes this rule.
cur
Figure 39: Cookie Modification Menu

[cookie Modification <Rule List> <Rule Name> 1 Menu]
name
- Set rule name
action
- Set rule action
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
Table 331: Cookie Modification Menu Options

name
This is the name of the rule that displays in the rule list.
477


action
Determines which of the following actions the cookie rule performs:
Notes:
If the cookie expiration time is greater than the /cfg/slb/virt x/service

x/ptmout value, timed out requests will not be persistent.
The length of the cookie value must be 28.
insertInserts the following values into the header field:
Cookie keyThe cookie key that is inserted.

Alteon lets you optionally use predefined variables in the cookie key. These
Elements, page 482.
Cookie valueThe cookie value that is inserted.

Alteon lets you optionally use predefined variables in the cookie value.
Cookie pathThe cookie path.
Cookie domainThe cookie domain.
Insert-cookie expirationThe date or duration of the cookie insertion

expiration.
Cookie expirationThe cookie expiration.
replaceReplaces the matched cookie key and value with the new specified key
and value:
Cookie keyThe cookie key to be replaced.

Alteon lets you optionally use predefined variables in the cookie key. These
Elements, page 482.
Cookie valueThe cookie value.

Alteon lets you optionally use predefined variables in the cookie value.
New cookie keyThe new cookie key.
New cookie valueThe new cookie value.
removeThe entire key=value pair is removed from the header. The value
specified determines if the header should be removed.
Cookie keyThe cookie key to be removed.
Cookie valueThe cookie value to be removed.
directn
478
RequestThe cookie header is modified.
ResponseThe Set-Cookie header is modified.


copy
Copies a rule to another rule number in the same rule list. This can also be used to
change the priority of a rule.
ena
dis
del
Deletes this rule.
cur
Figure 40: File Type Modification Menu

[statusline Modification <Rule List> <Rule Name> 1 Menu]
name
- Set rule name
action
- Set rule action
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
Table 332: File Type Modification Menu Options

name
action
Determines which of the following actions the file type rule performs.
replaceReplaces the matched file type with the new file type:
File typeThe file type to be replaced.
New file typeThe new file type.
noneNo action is performed.
directn
Determines the rule direction.
Note: For element file type, the direction is automatically set to request and
cannot be updated.
479

Table 332: File Type Modification Menu Options

copy
ena
dis
del
Deletes this rule.
cur
Figure 41: Status Line Modification Menu

[statusline Modification <Rule List> <Rule Name> 1 Menu]
name
- Set rule name
action
- Set rule action
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
Table 333: Status Line Modification Menu Options

name
action
Determines which of the following actions the status line rule performs:
replaceReplaces the matched status line with the new status line:
Status codeThe status code to be replaced.
Status lineThe status line to be replaced.

Alteon lets you optionally use predefined variables in the status line. These
Elements, page 482.
480
New status codeThe new status code.
New status lineThe new status line.
noneNo action is performed.

Table 333: Status Line Modification Menu Options

directn
Determines the rule direction.
Note: For element status line, the direction is automatically set to request and
cannot be updated.
copy
ena
dis
del
Deletes this rule.
cur
Figure 42: Text Modification Menu

[text Modification <Rule List> <Rule Name> 1 Menu]
name
- Set rule name
body
- Set modifications to also be done in the HTTP body
action
- Set rule action
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
Table 334: Text Modification Menu Options

name
body include|exclude
Enables or disables text modification in the body.
Default: exclude
481

Table 334: Text Modification Menu Options

action
Determines which of the following actions the text rule performs:
replaceReplaces the matched text with the new text:
TextThe text to be replaced.

Alteon lets you optionally use predefined variables in the text. These
Elements, page 482.
New textThe new text.
removeRemoves the matched text with the text.
TextThe text to be removed.
directn
copy
priority of a rule.
ena
dis
del
Deletes this rule.
cur
Replacement Values for HTTP Modification Rule Elements

Alteon lets you optionally use predefined variables in HTTP modification rules. These variables
represent dynamic values that are read from the actual traffic.
These variables can be used in conjunction with static text. For example:
External-IP-port:$VIP:$VIP_Port
Note: The $ character represents a variable. The string $$ represents the real $ character in the
replacement value text.
Value
Description
$Blank
Used to remove the content of a field in an update rule.i
$Client_IP
The original client IP as it appears in the request from Alteon.
482

Value
Description
$Client_Port
The original client port as it appears in the request from Alteon.
$VIP_IP
The original destination IP as it appears in the request that arrives from Alteon.
$VIP_Port
The original destination port as it appears in the request from Alteon.
$Server_IP
The IP address of the server that was selected by Alteon for this session.
$Server_Port
The destination port to which traffic is forwarded when sent to the server.
i Only valid with the replacement of status line text.
/cfg/slb/layer7/redir
Web Cache Redirection Menu

[Web Cache Redirection Menu]
urlal
- Enable/disable auto-ALLOW for non-GETs to origin servers
cookie
- Enable/disable auto-ALLOW for Cookie to origin servers
nocache - Enable/disable no-cache control header to origin servers
hash
- Enable/disable URL hashing based on URI
header
- Enable/disable server loadbalance based on HTTP header
cur
- Display current WCR configuration
Table 335: Web Cache Redirection Menu Options (/cfg/slb/layer7/redir)

urlal disable|enable
Enables or disables auto-allow for non-GETs to origin servers.
enableAlteon redirects all non-GET requests to the origin server.
disableAlteon compares the URI against the expression table to determine if all
non-GET requests should be redirected to a cache server or origin server.
Default: enable
cookie disable|enable
Enables or disables auto-allow for cookie to origin servers:
enableAlteon redirects all requests that contain Cookie: in the HTTP header to the
origin server.
disableAlteon compares the URI against the expression table to determine if it

should redirect all requests that contain Cookie: in the HTTP header to a cache
server or origin server.
Default: disable0
nocache disable|enable
Enables or disables no-cache control header to origin servers:
enableAlteon redirects all requests that contain Cache-Control: no-cache in

HTTP/1.1 header, or Pragma: no-cache in HTTP/1.0 header, to the origin server.
disableAlteon compares the URI against the expression table to determine if it

should redirect requests that contain Cache-Control: no-cache in HTTP/1.1
header, or Pragma: no-cache in HTTP/1.0 header, to a cache server or origin
server.
Default: enable
483

Table 335: Web Cache Redirection Menu Options (/cfg/slb/layer7/redir)

hash disable|enable
<number (1-255)>
Enables or disables URL hashing based on the URI:
enableYou can set the length of URI used to hash into the cache server by
specifying a number from 1 to 255.
disableAlteon only uses the host header field to calculate the hash key.
Default: disable
header disable|enable host|useragent|others

Enables or disables Server Load Balancing based on the HTTP header.
Default: disabled
cur
Displays the current URL expression table.
/cfg/slb/layer7/sdp
SDP Mapping Menu

[SDP Mapping Menu]
add - Add SDP mapping
rem - Remove SDP mapping
cur - Display current SDP mapping configuration
Table 336: SDP Mapping Menu Options

add
private IP
public IP
Adds SDP mapping.
rem
private IP
Removes SDP mapping.
cur
Displays the current SDP mapping configuration.
484

/cfg/slb/layer7/rule
SIP UDP Rule Menu

FlexiRules control the SIP over UDP traffic, and enhances SIP security in the network. Multiple rules
can be configured, including five severity levels.
For more information about FlexiRules for SIP over UDP traffic, see the Alteon Application Switch
[SIP UDP rule

hdrfld
content
contract
message
severity
addrule
delrule
ena
dis
del
cur
1
-
Menu]
SIP UDP Header field name
SIP UDP Header field content
BWM contract for this rule
Alert message for this rule
Severity for this rule
Add Dependent rules
Delete Dependent rules
Enable this rule
Disable this rule
Remove this rule
Display current rule
Table 337: SIP UDP Rule Menu Options (/cfg/slb/layer7/rule)

hdrfld <header field name>
Displays and lets you modify the current header field name.
The supported header field names include:
from
to
replyto
via
method
reqline
callid
cseq
contact
expires
contentlen
sdpcontent
content <content>
Displays and lets you modify the current header content.
contract <1 to 1024>

Displays and lets you modify the current BWM contract.
Values: 11024
message <message>
Displays the alert message after the rule is completed.
485

Table 337: SIP UDP Rule Menu Options (/cfg/slb/layer7/rule)

severity <1 to 5>
The rule severity.
Values: 15
addrule <1 to 100>

Displays and lets you modify the current dependent rule number.
For the dependent rules, Alteon does not undergo each and every rule check, but only
checks them for a match.
Values: 1100
delrule <rule number>

Deletes the dependent rule.
ena
Enables the current rule.
del
Deletes the current rule.
cur
Displays the current rule information
/cfg/slb/accel
Acceleration SLB Configuration

[Acceleration
compress
fastview
cur
Menu]
- Compression Menu
- Web Performance Optimization Menu
- Display current acceleration configuration
Table 338: SLB Acceleration Menu Options

compress
Displays the Compression menu. To view this menu, see /cfg/slb/accel/compress
Compression Menu, page 487.
fastview
Displays the FastView menu. To view this menu, see /cfg/slb/accel/fastview FastView
Menu, page 496.
cur
Displays the current acceleration configuration.
486

/cfg/slb/accel/compress
Compression Menu
[Compression Menu]
comppol - Compression Policy Menu
urllist - Compression URL Exceptions Rule-Lists Menu
brwslist - Compression Browser Exceptions Rule-Lists Menu
on
- Globally turn compression ON
off
- Globally turn compression OFF
cur
- Display current compression configuration
Table 339: Compression Menu

comppol
Displays the Compression Policy menu. To view this menu, see /cfg/slb/accel/compress/
comppol <compression policy ID> Compression Policy Menu, page 488.
urllist
Displays the Compression URL Rule-List menu. To view this menu, see /cfg/slb/accel/
compress/urllist <URL rule-list ID> Compression URL Exception Rule-List Menu,
page 490.
brwslist
Displays the Compression Browser Rule-List menu. To view this menu, see /cfg/slb/accel/
compress/brwslist Compression Browser Exception Rule-Lists Menu, page 493.
on
For the compression support to be operational, you must set compression to on.
Default: off
off
When set to off, compression support is non-operational.
Note: If you have already configured compression support and you then set
compression to off, all applied or saved configuration changes are preserved, but the
compression processes is no longer operational.
Default: off
cur
Displays the current compression configuration settings.
487

/cfg/slb/accel/compress/comppol <compression policy ID>
Compression Policy Menu

Use the Compression Policy menu to configure a compression policy. A compression policy defines
the compression behavior required for the virtual service to which it is associated. A single
compression policy can be associated to multiple virtual services if they share the same compression
configuration.
The maximum number of policies is 1024. The compression policy is identified by an alphanumeric
ID.
[Compression Policy <compression policy ID> Menu]

name
- Set descriptive policy name
algrthm - Set preferred compression algorithm
complvl - Set compression level
minsize - Set minimum object size to be compressed
maxsize - Set maximum object size to be compressed
urllist - Set compression URL exceptions rule-list
brwslist - Set compression browser exceptions rule-list
brwspred - Enable/Disable predefined browser exceptions rule-list
compsrv - Enable/Disable compression by real server
ena
- Enable policy
dis
- Disable policy
del
- Delete policy
cur
- Display current policy configuration
Table 340: Compression Policy Menu

name
An optional descriptive string in addition to the policy ID.
algrthm
Defines the preferred compression algorithm used by Alteon, where the client can receive
both gzip and Deflate compressed content.
The prompt displays the current preferred compression algorithm. Enter the new
preferred compression algorithm, if required.
Values: gzip, deflate
Default: gzip
complvl
Sets the compression level.
The prompt displays the current compression level. Set the new compression level, if
required.
Note: Because raising the compression level requires more CPU resources and usually
only results in a small adjustment to the compression ratio, changing this default
should be done with care.
Values: 19
Default: 1
488


minsize
Defines the minimum file size to be compressed to avoid wasting resources on files that
are already small and do not require a large amount of bandwidth in order to be
transferred as is.
Values: 165535 bytes
Default: 10240 (10 KB)
maxsize
Defines the maximum value of the file sizes (according to their Content Length header) of
the object to be compressed. Use this to avoid attempting to compress files that are very
big, for which the compression time will be long and high latency may occur.
Values: 12000000000 bytes, unlimited
Default: 10485760 (100 MB)
urllist
Optionally associates a compression URL exceptions rule list to the compression policy.
This lets you define compression exceptions rule lists based on an objects URL (file/
folder). These exceptions are evaluated first, making them the most low-level means of
defining compress or don't-compress behavior.
For details on creating URL exception rule lists, see /cfg/slb/accel/compress/urllist <URL
rule-list ID> Compression URL Exception Rule-List Menu, page 490.
Default: none
brwslist
Optionally associates a browser exceptions rule list to the compression policy. You may
want to do this to skip the compression of certain objects that create a problem when
uncompressed, or that require too much resources with little benefit (such as PDFs and
PPT folders, or for specific browser types (user-agents)).
This lets you define compression exceptions rule lists based on User-Agent (Browser
type) or Content-type (file type). These exceptions are evaluated after the compression
URL exceptions, meaning they can be overridden by the compression URL exceptions.
For details on creating browser exception rule lists, see /cfg/slb/accel/compress/brwslist
Compression Browser Exception Rule-Lists Menu, page 493.
Default: none
brwspred
Enable or disables workarounds for known browser compression-related limitations using
a predefined browser exception rule list. For details on the predefined browser rule list,
see Predefined Browser Rule Table, page 496.
Values: disabled, enabled
Default: disabled
489


compsrv
When compression is enabled on Web servers, and an Accept Encoding header is received
in clients requests, the Web server attempts to compress the content on its own, wasting
CPU resources and affecting its performance. When this option is disabled, it deletes the
Accept Encoding header from requests sent to the server to prevent it from performing
compression and ensures that only Alteon compresses content, preserving server's
performance.
Values: disabled, enabled
Default: disabled
ena
When you configure the compression policy, it is disabled by default. In order for
compression to work, you must enable and apply the compression policy.
dis
Disables a compression policy to make it non-operational.
del
Deletes this compression policy.
cur
Displays the current compression policy configuration.
/cfg/slb/accel/compress/urllist <URL rule-list ID>
Compression URL Exception Rule-List Menu

This is a list of compression exception rules based on an objects URL (file/folder). These rules are
evaluated first before browser exception and browser limitation rules. If there is a match with the
URL exception rule, no further comparisons are made. This rule list behavior (first match and exit)
lets you define exceptions within exceptions by defining low-level rules first and more general rules
to be evaluated after them.
[Compression URL Rule-List Rulelist1 Menu]

name
- Set compression URL rule-list name
rule
- Compression URL Rule Menu
copy
- Copy rule-list
ena
- Enable rule-list
dis
- Disable rule-list
del
- Delete rule-list
cur
Table 341: Compression URL Rule-List Menu

name
A descriptive name of the URL Exceptions Rule List.
rule
Displays the Compression URL Rule menu. To view this menu, see /cfg/slb/accel/
compress/urllist/rule <rule_number> Compression URL Rule-list Menu, page 491.
490

Table 341: Compression URL Rule-List Menu (cont.)

copy
Duplicates an entire rule list by copying the rule list to a destination rule list name.
ena
When you configure the URL exception rule list, it is disabled by default. For the URL rule
list to be operational, you must first enable and apply it.
dis
Disables a rule list to make it non-operational
del
Deletes this URL exceptions rule list.
cur
Displays the current URL exception rule list configuration. Rules display in numerical
order.
/cfg/slb/accel/compress/urllist/rule <rule_number>
Compression URL Rule-list Menu

URL compression exceptions rules are based on an objects URL (file/folder). A rule can be added,
removed, or copied. The rules are evaluated according to their priority, with the lowest number
getting evaluated first. The maximum number of rules in a rule list is 512.
After a rule is matched and acted upon, the remaining rules in the list are not evaluated for that
object. Rules display in numerical order.
[Compression URL Rule-list Rulelist1 Rule 1 Menu]

name
- Set rule name
domainm - Set domain matching method
domain
- Set domain to be matched by this rule
urlm
- Set URL matching method
url
- Set URL to be matched by this rule
compress - Enable/Disable compression
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
491

Table 342: Compression URL Rule-list Menu

name
domainm
Determines how domain matching should be evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
Values: text, regexp, any (any domain)
Default: any
domain
Optionally defines the domain matching configuration (the virtual host) for which this rule
applies. Use this parameter only when the domain matching method is not set to any.
Example: radware.com
urlm
Determines how URL matching should be evaluated.
Values: text, regexp, any (any URL)
Default: any
url
Determines the URL of the specific object (file/folder) to be matched by this rule. Use this
field only when the URL matching method is not any. The URL can be full or partial
according to the level of granularity required by the configuration.
Example: \Radware\user\documents
compress
Alternately enables or disables compression as the rule action.
enabledThe matched response is compressed.
disabledThe matched response is not compressed.
Default: disabled
copy
priority of a rule.
ena
When you configure the URL exception rule list, it is disabled by default. For the rule to be
operational, you must first enable and apply it.
dis
del
Deletes this rule.
492

Table 342: Compression URL Rule-list Menu (cont.)

cur
/cfg/slb/accel/compress/brwslist
Compression Browser Exception Rule-Lists Menu

This is a list of compression exception rules based on the user agent (browser type) and/or contenttype (file type). These rules skip the compression of certain objects that create issues when
uncompressed or that require too many resources with little benefit (for example, PDFs and PPT
folders). Browser exception rules are evaluated after the URL exception rules are evaluated, so they
are more general than the URL exceptions.
The rule list behavior (first match and exit) lets you define exceptions within exceptions by defining
low-level rules first, and more general rules after them.
The predefined browser exception rule list is a list of rules that address known issues in commonly
used browsers which cause them to mishandle specific types of compressed content. The Predefined
Browser Limitation Rule-List cannot be modified or deleted. To customize it, you must first copy the
rule list to a new browser exception rule list. This exception list is evaluated last, after the URL
exception and browser exception lists, and therefore can be overridden by both the user-defined
browser exception rule list and the URL rule list.
If you want to create a new browser exceptions rule list by copying the predefined browser
exceptions rule list, enter predefined.
[Compression Browser Rule-List <Rule List Name> Menu]

name
- Set descriptive compression browser rule-list name
rule
- Compression Browser Rule Menu
copy
- Copy rule-list
ena
- Enable rule-list
dis
- Disable rule-list
del
- Delete rule-list
cur
Table 343: Compression Browser Rule-List Menu

name
Note: If you are accessing the predefined browser exception rule list, you cannot
change the rule list name.
rule
Displays the Compression Browser Rule menu. To view this menu, see /cfg/slb/accel/
compress/brwslist/rule Compression Browser Rule Menu, page 494.
Note: If you are accessing the predefined browser exception rule list, you cannot
change any of the rule attributes. For a list of the predefined browser exceptions list
rules, see Predefined Browser Rule Table, page 496.
copy
Duplicates an entire rule list by copying the rule list to a destination rule list ID.
493

Table 343: Compression Browser Rule-List Menu (cont.)

ena
When you configure the browser exception rule list, it is disabled by default. For the
browser exception rule list to be operational, you must first enable and apply it.
Note: If you are accessing the predefined browser exceptions rule list, it is enabled by
default.
dis
Note: If you are accessing the predefined browser exceptions rule list, you can also
disable the predefined browser exceptions rule list.
del
Deletes this browser exception rule list.
Note: If you are accessing the predefined browser exceptions rule list, you cannot
delete the predefined browser rule list.
cur
Displays the current browser exceptions rule list configuration (including the predefined
browser exception rule list). Rules display in numerical order.
/cfg/slb/accel/compress/brwslist/rule
Compression Browser Rule Menu

Browser compression exceptions rules are based on an objects user agent (browser type) and/or
content type (file type). A rule can be added, removed, or copied. The maximum number of rules in
a rule list is 512.
The rules are evaluated according to their priority, with the lowest number getting evaluated first.
After a rule is matched and acted upon, the remaining rules in the list are not evaluated for that
At the prompt enter the rule number to determine its priority:
>> Compression Browser Rule-List url1# rule

Enter compression Browser Exception Rule Number (1-51200):
A menu similar to the following displays:
[Compression Browser Rule-list Rulelist 1 Rule 1 Menu]

name
- Set descriptive rule name
agentm
- Set user agent matching method
agent
- Set user agent to be matched by this rule
contentm - Set content type matching method
content - Set content type to be matched by this rule
compress - Enable/Disable compression
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur
494

Table 344: Compression Browser Rule Menu

name
agentm
Determines how user agent matching should be evaluated.
Values: text, regexp, any (any domain)
Default: any
agent
The optional agent matching configuration defines the user agent string for which this
rule applies. Use this parameter only when agent matching method is not set to any.
contentm
Determines how content type matching should be evaluated.
Values: text, regexp, any (any content type)
Default: any
content
Determines the content of the specific object to be matched by this rule. Use this
parameter only when the content matching method is not set to any.
compress
Enables or disables compression as the rule action:
enabledThe matched response is compressed.
disabledThe matched response is not compressed.
Default: disabled
copy
priority of a rule.
ena
When you configure the rule, it is disabled by default. For the rule to be operational, you
must first enable and apply it.
dis
del
Deletes this rule.
cur
495

Predefined Browser Rule Table

The following is a list of the rules in the predefined browser exceptions rule list, and their attributes:
Rule
Number
Name
UA
Method
User Agent
CT
Method
Content Type
Compress
200
Any Browser
text
Compress HTML
text
text/html
Enabled
300
Any Browser
Compress text
text
text
text/plain
Enabled
400
Any Browser Do text

Not Compress
JPEG
text
image/jpeg
Disabled
500
Any Browser Do text

Not Compress
GIF
text
image/gif
Disabled
600
Any Browser Do text

Not Compress
PNG
text
image/png
Disabled
700
Firefox
Compress TAR
text
application/xtar
Enabled
800
Any Browser Do text

Not Compress
TAR
text
application/xtar
Disabled
900
MSIE higher
than 7
Compress All
regex
MSIE ([789].[0- text

9]+|1[01].[09]+)
Enabled
1100
MSIE 6 SP2
Compress All
text
MSIE 6.0;
Windows NT
5.1; SV1
text
Enabled
1200
Opera
Compress PDF
regex
Opera[ ,/][^35]
text
application/pdf
Enabled
1300
MSIE Do Not
Compress PDF
text
MSIE
text
application/pdf
Disabled
1400
Old Browser Do text

Not Compress
Mozilla/4
text
text
Firefox
Disabled
/cfg/slb/accel/fastview
FastView Menu
[FastView Menu]
fastpol cachlist optlist memcache on
off
cur
-
496
FastView Policy Menu

Caching Exceptions Rule-Lists Menu
Optimization Exceptions Rule-Lists Menu
Set memory percentage allocation for cache
Globally turn FastView on
Globally turn FastView off
Display current FastView configuration


fastpol
Displays the FastView Policy menu. To view this menu, see /cfg/slb/accel/fastview/fastpol
<policy ID (alphanumeric)> FastView Policy Menu, page 497.
cachlist
Displays the caching Rule-List menu. To view this menu, see /cfg/slb/accel/fastview/
cachlist <rule-list id> Caching Exceptions Rule-List Menu, page 500.
optlist
Displays the optimization Rule-List menu. To view this menu, see /cfg/slb/accel/fastview/
optlist <rule-list ID> Optimization Exceptions Rule-List Menu, page 503.
memcache
A global parameter that defines the maximum percentage of RAM to be allocated for
caching.
Values: 150
Default: 20
Notes:
A log and a syslog message are sent when use of the allocated caching space
exceeds 80% or falls below 80%.
A log is sent when the space allocated for caching is full.
Changing the memory allocation clears all cache content.
on
For FastView support to be operational, you must set FastView to on.
Default: off
off
When set to off, FastView support is non-operational.
If you have already configured FastView support and you then set FastView to off, all
applied or saved configuration changes are preserved but the FastView processes are no
longer operational.
Note: Changing FastView to off clears all cached content.
Default: off
cur
Displays the current FastView configuration.
/cfg/slb/accel/fastview/fastpol <policy ID (alphanumeric)>
FastView Policy Menu

Use this menu to configure a FastView policy. The FastView policy defines the caching behavior
required for the virtual service to which it is associated. A single FastView policy can be associated to
multiple virtual services if they share the same caching configuration. The FastView policy is
identified by an alphanumeric ID.
Note: Alteon version 29.0 does not include FastView advanced capabilities as an integrated
software module. Radware's FastView Advanced Web Performance Optimization solution is available
as a standalone solution. For more information, see www.radware.com/Solutions/Enterprise/
ApplicationNetworking/ApplicationAcceleration.aspx.
497

[FastView Policy wpo1 Menu]

name
- Set policy name
caching - Caching behavior menu
cachlist - Set cache exceptions rule list
optlist - Set optimization exceptions rule list
cmntrm
- Enable/Disable Remove Comments
csscmbn - Enable/Disable CSS Combining
cssinlin - Enable/Disable CSS Inlining
dyncache - Enable/Disable Dynamic Caching
imgdim
- Enable/Disable Image Dimensions Preset
jscmbn
- Enable/Disable JavaScript Combining
jsinlin - Enable/Disable JavaScript Inlining
trimurl - Enable/Disable Trim URLs
wtspcrm - Enable/Disable Remove Whitespace
ena
- Enable policy
dis
- Disable policy
del
- Delete policy
cur

policy id <0-32 alphanumeric>
Sets the identifier for the FastView optimization policy.
Default: none
name
Sets the descriptive name for the FastView optimization policy.
Default: none
caching
Displays the Caching menu, from which you can manually configure caching behavior. To
view this menu, see /cfg/slb/accel/fastview/fastpol <policy ID (alphanumeric)>/caching
Caching Menu, page 499.
cachlist
Sets the list of rules that define which items are excluded from FastView Web caching.
A FastView caching rule list can be associated to a FastView policy to define exceptions
that prevent caching for matched resources. For more details on creating caching rule
lists, see /cfg/slb/accel/fastview/cachlist <rule-list id> Caching Exceptions Rule-List
Menu, page 500.
optlist
cmntrm
csscmbn
cssinlin
498


dyncache
imgdim
jscmbn
jsinlin
trimurl
wtspcrm
ena <policy id>

Enables a FastView policy.
dis <policy id>

Disables a FastView policy. You can disable a FastView policy even when it is associated
with a virtual service.
del <policy id>

Deletes a FastView policy.
cur
Displays the current FastView configuration, including the list of defined domains and the
services with which a FastView policy is associated.
/cfg/slb/accel/fastview/fastpol <policy ID (alphanumeric)>/caching
Caching Menu
Use this menu to configure caching parameters for FastView. The FastView policy defines the caching
behavior required for the virtual service to which it is associated. A single FastView policy can be
associated to multiple virtual services if they share the same caching configuration. The FastView
policy is identified by an alphanumeric ID.
[Caching Menu]
expire
minsize
maxsize
store
cur
Set maximum expiration time

Set minimum object size to be stored
Set maximum object size to be stored
Set behavior for storing new object in cache
Display current caching configuration
499


expire
The maximum expiration time, in seconds, for a serving object from cache.
If the server header expiration time is longer than the maximum expiration time, the
maximum expiration time value overrides the server header expiration time.
If the server header or configuration using the cache URL rule list expiration time is
shorter than the maximum expiration time, the object is served according to either
the header or the rule list configuration (see /cfg/slb/accel/fastview/fastpol <policy
ID (alphanumeric)> FastView Policy Menu, page 497).
Note: Alteon updates the client browser with the expiration time only if browser
caching is enabled with the browser command, as described in this table.
Values: 6043,200,000 seconds (~500 days)
Default: 86400 (24 hours)
minsize
The minimum object size to be stored, in bytes, in cache.
Values: 165536
Default: 1024 (1 KB)
Radware recommends that you reduce the minimum cache object size to 1 byte when
using .css or JavaScript inlining, as described in /cfg/slb/accel/fastview/fastpol <policy ID
(alphanumeric)> FastView Policy Menu, page 497.
maxsize
The maximum object size to be stored, in bytes, in cache.
Values: 1512,000,000
Default: 1048576 (1 MB)
store
An optional setting that defines caching behavior for storing new objects in cache.
Values:
srvrhdrRespect the cache directive specified by the Web application using HTTP
headers. Caching is performed according to caching headers sent by the back-end
servers.
cacheallCache all content regardless of specified cache directives. For example, the
Private header is not respected when cacheall is used.
Note: If you choose to cache all content, Radware highly recommends using the URL
exceptions rule list as a black list, specifying what should not be cached.
Default: srvrhdr
cur
Displays the current FastView caching configuration.
/cfg/slb/accel/fastview/cachlist <rule-list id>
Caching Exceptions Rule-List Menu

The rule list behavior (first match and exit) enables you to define exceptions within exceptions by
defining low-level rules first and more general rules after them. To associate a caching rule list to a
FastView policy, use the command /cfg/slb/accel/fastview/fastpol <id>/cachlist.
500

>> vADC 1 - FastView# cachlist

Enter Caching rule-list id: 1
-------------------------------------------------------[Rule-List 1 Menu]
name
- Set caching rule-list name
rule
- Caching Rule Menu
copy
- Copy rule-list
ena
- Enable rule-list
dis
- Disable rule-list
del
- Delete rule-list
cur

name
A descriptive name of the FastView caching rule list.
rule
Displays the Rule-list Rule menu. To view this menu, see /cfg/slb/accel/fastview/cachlist
<rule-list id>/rule <rule number> Caching Exceptions Rule-List Rule Menu, page 501.
copy
Duplicates an entire rule list by copying the rule list to a destination rule list name.
ena
When you configure the FastView caching rule list, it is disabled by default. For the
FastView rule list to be operational, you must first enable and apply it.
dis
del
Deletes this rule list.
cur
Displays the current URL caching rule list configuration. Rules display in numerical order.
/cfg/slb/accel/fastview/cachlist <rule-list id>/rule <rule number>
Caching Exceptions Rule-List Rule Menu

FastView optimization rules are based on an objects URL (file/folder). A rule can be added,
removed, or copied. The maximum number of rules in a rule list is 512.
The rules are evaluated according to their priority, with the lowest number getting evaluated first.
Once a rule is matched and acted upon, the remaining rules in the list are not evaluated for that
At the prompt enter the rule number to determine its priority:
>> Rule-List 4# rule

Enter Caching rule number (1-51200):
501

Radware recommends that you use numbers such as 10 or 20 for easier future editing.
A menu similar to the following displays:
[Rule-list 1 Rule 1 Menu]

name
- Set caching rule name
domainm - Set domain matching method
domain
- Set domain to be matched by this rule
urlm
- Set URL matching method
url
- Set URL to be matched by this rule
expire
- Set maximum expiration time
cache
- Enable/Disable caching
copy
- Copy rule
ena
- Enable rule
dis
- Disable rule
del
- Delete rule
cur

name
domainm
Rules can be limited to a specific virtual domain or match any domain. This parameter
determines how domain matching should be evaluated.
Values: any, regex, text
Default: any
domain
Optionally defines the domain matching configuration (virtual host) for which this rule
applies. Use this parameter only when domain matching method is not set to any.
Example: radware.com
urlm
Determines how URL matching is evaluated.
Values: any, regex, text
Default: any
url
Determines the URL of the specific object (file/folder) to be matched by this rule. This
parameter is used only when the URL matching method is not set to any. The URL can be
full or partial according to the level of granularity required by the configuration.
Example: /Radware/user/documents
502


expire
The expiration time is part of the rule's action. This parameter defines the maximum
time, in seconds, for a cache object to remain in cache.
Note: The expiration time is functional only if caching is set to enabled.
If you set this value to 0, the cache time is set according to the minimum time from the
server header (Expires or Max-Age headers) and the cache policy Max-time-to-cache
parameter. This lets you create rules that force caching without affecting the time set by
the servers. This is useful when you create a general rule for No-Cache and want to
create an exception within it.
Values: 043,200,400 seconds
Default: 86400
cache
Enables or disables caching and further FastView processing as the rule action.
enabledThe matched response is cached and processed by FastView for web

optimization.
disabledThe matched response is neither cached nor processed by FastView for

web optimization.
Default: disabled
copy
priority of a rule.
ena
When you configure the rule, it is disabled by default. For the rule to be operational, you
must first enable and apply it.
dis
del
Deletes this rule.
cur
/cfg/slb/accel/fastview/optlist <rule-list ID>
Optimization Exceptions Rule-List Menu

503

/cfg/slb/ssl
SSL SLB Configuration

Use this menu for configuring the components for SSL offloading, including the certificate repository,
SSL policies, and client authentication policies. For more information on configuring SSL Offloading,
see the appropriate chapter in the Alteon Application Switch Operating System Application Guide.
[SSL Menu]
certs
sslpol
authpol
on
off
cur
Certificate Repository Menu

SSL Policy Menu
Client Authentication Policy Menu
Globally turn SSL on
Globally turn SSL off
Display current SSL configuration
Table 345: SSL Menu

certs
Displays the Certificate Repository menu. To view this menu, see /cfg/slb/ssl/certs
Certificate Repository Menu, page 505.
sslpol
Displays the SSL Policy menu. To view this menu, see /cfg/slb/ssl/sslpol SSL Policy Menu,
page 514.
authpol
Displays the Client Authentication Policy menu. To view this menu, see /cfg/slb/ssl/
authpol Client Authentication Policy Menu, page 522.
on
For SSL offloading to be operational, you must set caching to on.
Default: Off
off
When set to off, SSL offloading support is non-operational.
If you have already configured SSL offloading support and you then set compression to
off, all applied or saved configuration changes will be preserved but the compression
processes will no longer be operational.
Default: Off
cur
Displays the current SSL configuration settings.
504

/cfg/slb/ssl/certs
Certificate Repository Menu

Certificate Repository Menu]
srvrcert - Server Certificate Menu
request - Certificate Signing Request Menu
key
- Key Menu
trustca - Trusted CA Certificate Menu
intermca - Intermediate CA Certificate Menu
group
- Certificates Group Menu
defaults - Set certificate default values
import
- Import certificates
export
- Export certificates
cur
- Display certificates configuration
Table 346: Certificate Repository Menu

srvrcert
Displays the Server Certificate menu. To view this menu, see /cfg/slb/ssl/certs/srvrcert
Server Certificate Menu, page 508.
request
Displays the Certificate Signing Request menu. To view this menu, see /cfg/slb/ssl/
certs/request Certificate Signing Request Menu, page 509.
key
Displays the Key menu. To view this menu, see /cfg/slb/ssl/certs/key Key Menu,
page 511.
trustca
Displays the Trusted CA Certificate menu. To view this menu, see /cfg/slb/ssl/certs/
trustca Trusted CA Certificate Menu, page 511.
Note: You must first import into Alteon a trusted CA before using this menu.
intermca
Displays the Intermediate CA Certificate menu. To view this menu, see /cfg/slb/ssl/
certs/intermca Intermediate CA Certificate Menu, page 512.
Note: You must first import into Alteon an Intermediate CA before using this menu.
group
Displays the Certificates Group menu. To view this menu, see /cfg/slb/ssl/certs/group
Certificate Group Menu, page 513.
505


defaults
Sets the following default values used when generating new certificates or signing
requests:
Country Name The country where the organization is located. 2-character string.
For example: US
State or Province NameThe full name of the state or province. For example:
California
Locality nameName of the city. For example: Los Angeles
Organization Name Name of the organization. For example: My Company, Inc.
Organizational Unit NameDepartment or unit within the organization. For

example: Accounting
EmailAny e-mail address that you want to include within the certificate. For
example: admin@company.com
Note: You must apply your changes to the default values for them to apply to new
generated certificates.
For more information on generating new certificate signing requests, see /cfg/slb/ssl/
certs/request Certificate Signing Request Menu, page 509.
506


import
In addition to generating keys, signing requests, or certificates, the following
components can be imported into Alteon:
Key
Server certificate
Certificate and key
Intermediate CA certificate
Trusted CA certificate
2424-SSL, SSL configuration
All components except the certificate and key should be imported in PEM format. The
certificate and key component should be imported in PKCS#12 format.
Note: The maximum file size for importing SSL components (excluding 2424-SSL
configuration) is 200 KB.
For more information on these components, see the section on offloading SSL
encryption and authentication in the Alteon Application Switch Operating System
Application Guide.
Note: This command requires that you have a secure connection.
When you use this command, you are prompted for the following information:
Component typeThe component type from the component type list.
Component IDAn ID for the component.
Key passphraseThe same passphrase used to encrypt the private keys so you can
decrypt them.
Import from text or file The source type of the import. The certificate and key
component type can only be imported from a file:
textYou are prompted to copy and paste the text of the component.
file You are prompted to provide the hostname or IP address of the SCP
server, name of the file on the SCP server, and the username and password for
the SCP server.
If are migrating your SSL configuration from an Alteon 2424-SSL platform to Alteon
version 27.0.0.0 or later, select the 2424-SSL component type. For detailed procedures
on migrating the SSL configuration of an Alteon 2424-SSL platform, refer to Migrating
the SSL Offloading Configuration of the Alteon Application Switch 2424-SSL to AlteonOS
version 27.0.0.0. When importing this configuration, all associated certificates are
imported by default, including server certificates, intermediate CA certificates, and
trusted CA certificates.
507


export
You can export the following component types to another location, either sending a CSD
to CA, or backing up these components:
Key
Server certificate
Certificate and key
Certificate Signing Request (CSR)
Intermediate CA certificate
Trusted CA certificate
For more information on these components, see the section on offloading SSL
encryption and authentication in the Alteon Application Switch Operating System
Application Guide.
Note: This command requires that you have a secure connection.
When you use this command, you are prompted for the following information:
Component typeThe component type from the component type list.
Component IDAn ID for the component.
Key passphraseThe passphrase to encrypt the exported private key.
Export to text or fileThe destination type of the export. The certificate and key
component type can only be exported to a file:
textYou are prompted to copy and paste the text of the component
file You are prompted to provide the hostname or IP address of the SCP
server, name of the file on the SCP server, and the username and password for
the SCP server.
cur
Displays the current certificate repository settings, including all certificates, keys, and
groups, as well as the certificate associations with virtual services and policies.
/cfg/slb/ssl/certs/srvrcert
Server Certificate Menu

Use this menu to generate, view, or delete a server certificate. The server certificate configuration
includes the attributes needed to perform SSL handshaking and enable the decryption and
encryption of the traffic related to the virtual service.
Along with an SSL policy, you must associate a server certificate with an SSL-based virtual service
for SSL offloading to be functional. You can associate only a single server certificate to a virtual
service.
[Server certificate Cert1 Menu]

name
- Set certificate name
generate - Create or update self-signed server certificate
del
- Delete server certificate
cur
- Display current server certificate configuration
508

Table 349: Server Certificate Menu

name
An optional descriptive name of the server certificate in addition to the certificate ID.
generate
When you generate a certificate, you are prompted to provide the following:
Note: The certificate can be based on an existing key or request created with the
same ID.
Key sizeLarger key sizes offer an increased level of security. Radware recommends
that certificates have a key size of 1024 bits or more. Using a certificate of this size
makes it very difficult to forge a digital signature or decode an encrypted message.
Values: 512, 1024, 2048, 4096
Default: 1024
Hash algorithmThe hash algorithm to sign the certificate.

Values: md5, sha1, sha256, sha384, sha512
Default: sha1
Common nameThe domain name of the organization. Mandatory.

Example: www.radware.com
Use certificate default values:
yUse the default values you defined in the Certificate Repository menu.
nYou are prompted to provide these values.
Validation periodDuration (in days) that the certificate remains valid.

Values: 1-3650 days (10 years)
Default: 365 (1 year)
If this is a new server certificate with no associated Certificate Signing Request (CSR)
and/or key, after generating the server certificate, a CSR and/or key is also created.
del
Deletes this certificate.
cur
Displays the current server certificate settings.
/cfg/slb/ssl/certs/request
Certificate Signing Request Menu

Use this menu to configure a Certificate Signing Request (CSR). The CSR is sent to a Certificate
Authority to receive authorization for the server certificate you are creating.
[Certificate signing request CSR1 Menu]

name
- Set Certificate Signing Request name
generate - Create or update Certificate Signing Request
del
- Delete Certificate Signing Request
cur
- Display current Certificate Signing Request configuration
509

Table 350: Certificate Signing Request Menu

name
An optional descriptive name of the CSR in addition to the CSR ID.
generate
When you generate a CSR, you are prompted to provide the following:
Notes:
The CSR can be based on an existing key or request created with the same ID.
This command requires that you have a secure connection.
Key sizeLarger key sizes offer an increased level of security. Radware recommends
that certificates have a key size of 1024 bits or more. Using a certificate of this size
makes it very difficult to forge a digital signature or decode an encrypted message.
Values: 512, 1024, 2048
Default: 1024
Hash algorithmThe hash algorithm to sign the certificate.

Values: md5, sha1, sha256, sha384, sha512
Default: sha1
Common nameThe domain name of the organization. Mandatory.

Example: www.radware.com
Use certificate default values
yUse the default values you defined in the Certificate Repository menu.
nYou are prompted to provide these values.
Validation periodDuration (in days) that the certificate will remain valid.
Values: 1-3650 days (10 years)
Default: 365 (1 year)
To complete the certificate signing process, export the request and send it to signing
Certificate Authority (CA).
When the signed certificate is received from the CA, import it to Alteon using the same ID
as the request you created. For more information on importing a signed certificate, see /
cfg/slb/ssl/certs Certificate Repository Menu, page 505.
del
Deletes this CSR.
cur
Displays the current CSR settings.
510

/cfg/slb/ssl/certs/key
Key Menu
Use this menu to configure a key.
[Key Key1 Menu]

name
generate del
cur
-
Set key name

Generate new key
Delete key
Display current key configuration
Table 351: Certificate Key Menu

name
An optional descriptive name of the key in addition to the key ID.
generate
Creates a new key. Use this value when creating or regenerating a server certificate and/
or CSR.
Values: 512, 1024, 2048
Default: 1024
del
Deletes this key. When deleting a key, its associated server certificate and CSR are also
deleted.
cur
Displays the current key settings.
/cfg/slb/ssl/certs/trustca
Trusted CA Certificate Menu

Use this menu to view and/or delete Trusted CA certificates. Trusted CA certificates are not created
in Alteonyou must first import them. You must specify the trusted client CA certificate or group of
trusted client CA certificates for Alteon to recognize which client certificates to accept. Certificates
are selected from the ones imported to the certificate repository. For more information on importing
a Trusted CA certificate, see /cfg/slb/ssl/certs Certificate Repository Menu, page 505.
To use a certificate, you associate it to a client authentication policy. For more information on
associating a Trusted CA certificate to a client authentication policy, see /cfg/slb/ssl/authpol Client
Authentication Policy Menu, page 522.
Note: This menu is available also through a non-secure connection.
[Trusted Client's CA Certificate ClientCA1 Menu]

name
del
- Delete trusted client's CA certificate
cur
- Display current trusted client's CA certificate configuration
511

Table 352: Trusted Clients CA Certificate Menu

name
A descriptive name of the Trusted CA certificate in addition to the Trusted CA certificate
ID.
del
Deletes a Trusted CA certificate.
If the certificate is associated with a certificate group or client authentication policy, you
must remove the deleted certificate reference from the associated client authentication
policies and/or certificate groups.
cur
Displays the current Trusted CA certificate settings.
/cfg/slb/ssl/certs/intermca
Intermediate CA Certificate Menu

Use this menu to view and/or delete Intermediate CA certificates. Intermediate CA certificates are
not created in Alteonyou must first import them. For more information on importing an
Intermediate CA certificate, see /cfg/slb/ssl/certs Certificate Repository Menu, page 505.
Use Intermediate CA certificates when the CA providing the virtual service's server certificate is not
directly trusted by the end-users Web browsers. This is typical in an organization that has its own
CA server for generating server's certificates. To construct the trust chain from the users browser
list of trusted CAs to the organization's CA server, an intermediate CA certificate or chain of
certificates can be provided.
This is an optional configuration that lets you bind an intermediate Certificate Authority (CA)
certificate to an SSL policy. You can also create a group of intermediate certificates (a complete CA
chain) and bind it to an SSL policy. For more information on associating an Intermediate CA
certificate to an SSL policy, see /cfg/slb/ssl/sslpol SSL Policy Menu, page 514.
[Intermediate
name
del
cur
CA Certificate IntermCA1 Menu]

- Delete intermediate CA certificate
- Display current intermediate CA certificate configuration
Table 353: Intermediate CA Certificate Menu

name
A descriptive name of the Intermediate CA certificate in addition to the Intermediate CA
certificate ID.
del
Deletes a Intermediate CA group.
If the certificate is associated with a certificate group or SSL policy, you must remove the
deleted certificate reference from the associated SSL policies and/or certificate groups.
cur
Displays the current Intermediate CA settings.
512

/cfg/slb/ssl/certs/group
Certificate Group Menu

Use this menu to configure Trusted CA certificate and/or Intermediate CA certificate groups. The
maximum number of groups you can create are 128.
For more information on associating a Trusted CA certificate, or group of certificates, to a client
authentication policy, see /cfg/slb/ssl/authpol Client Authentication Policy Menu, page 522.
For more information on associating an Intermediate CA certificate, or group of certificates, to an
SSL policy, see /cfg/slb/ssl/sslpol SSL Policy Menu, page 514.
Note: This menu is available also through a non-secure connection.
[Group Group1
name
type
default
add
rem
del
cur
Menu]
- Set descriptive group name
- Set group type
- Set certificate to use for clients with no SNI support
- Add certificate to the group
- Remove certificate from the group
- Delete certificate group
- Display current certificate group configuration
Table 354: Certificate Group Menu

name
An optional descriptive name of the group in addition to the group ID.
type srvrcert|trustca|intermca
Sets the group type. All certificates in the group must be from the same type.
Values:
srvrcertThe group that contains a list of server certificates.
trustcaThe group that contains a list of trusted client certificate's CA.
intermcaThe group that contains a list of intermediate CA certificates, building a

chain of CAs up to a root CA. When sent to clients, the intermediate certificate chain
is ordered according to RFC (from server to root).
Default: intermca
default
Sets the certificate to use for clients with no SNI support.
Note: Use this option for TLS SNI configuration and is only applicable for groups of
type srvrcert.
add
Adds a certificate to the group.
Maximum number of certificates: 256
rem
Removes a certificate from the group.
513

Table 354: Certificate Group Menu

del
Deletes a certificate group.
cur
Displays the current certificate group settings.
/cfg/slb/ssl/sslpol
SSL Policy Menu

Use this menu to configure an SSL policy. The SSL policy defines the SSL offloading behavior
required for the virtual service to which it is associated. A single SSL policy can be associated to
multiple virtual services if they share the same SSL configuration. The maximum number of policies
is 1024.
An SSL policy should be associated to an SSL or HTTPS service. For more information on associating
SSL policies to virtual services, see the section on SSL policies in the Alteon Application Switch
SSL Policy Policy_1 Menu]

name
- Set descriptive policy name
passinfo - Pass SSL Information to Backend Servers Menu
frver
- Allowed Frontend SSL Protocol Version Menu
bever
- Allowed Backend SSL Protocol Version Menu
cipher
- Set allowed cipher-suites in frontend SSL
intermca - Set Intermediate CA certificate chain
becipher - Set allowed cipher-suites in backend SSL
authpol - Set client authentication policy
convuri - Set Host regex for HTTP redirection conversion
fessl
- Enable/Disable frontend SSL encryption
bessl
- Enable/Disable backend SSL encryption
convert - Enable/Disable HTTP redirection conversion
ena
- Enable policy
dis
- Disable policy
del
- Delete Policy
cur
Table 355: SSL Policy Menu

name
An optional descriptive name of the policy in addition to the policy ID.
passinfo
Displays the SSL Policy Passinfo menu. To view this menu, see /cfg/slb/ssl/sslpol/
passinfo SSL Policy Passinfo Menu, page 519.
frver
Displays the SSL Policy front-end SSL protocol version menu. To view this menu, see /
cfg/slb/ssl/sslpol/frver SSL Policy Front-end Version Menu, page 521.
514


bever
Displays the SSL Policy back-end SSL protocol version menu. To view this menu, see /
cfg/slb/ssl/sslpol/bever SSL Policy Back-end Version Menu, page 522.
cipher
When establishing an SSL connection, the client and server negotiate a cipher suite,
exchanging cipher suite codes in the client Hello and server Hello messages which
specifies a combination of cryptographic algorithms for the connection.
The key exchange and authentication algorithms are typically public key algorithms. The
message authentication codes are derived from cryptographic hash functions using the
HMAC construction for TLS, and a non-standard pseudorandom function for SSL. This is
the cipher suite used by the client during the SSL handshake.
You can optionally set which cipher suite is allowed during the SSL handshake. For
example, if you select rsa, only traffic with the RSA cipher suite is allowed to reach the
Alteon service that is using this SSL policy.
When you enter this command, the currently set cipher suite and allowed values display:
rsaCipher suite using RSA key exchange.
allAll cipher suites.
pci-dss-compliancePayment Card Industry Data Security Standard ALL:!SSLv2

:!ADH:!LOW:!EXP:-DHE-RSA-AES256-SHA:-DHE-RSA-AES128-SHA (! Means NOT).
all-non-null-ciphersAll cipher suites except the NULL ciphers and ciphers offering
no authentication, which must be explicitly enabled.
sslv3SSL v3.0 cipher suites.
tlsv1TLS v1.0 cipher suites
exportExport encryption algorithms including 40- and 56-bit.
lowLow exception cipher suites, currently using 64- or 56-bit encryption

algorithms but excluding export cipher suites. Alteon adds RC4-SHA and RC4-MD5 to
the LOW category and removes SSLv2 ciphers.
mediumMedium encryption cipher suites, currently using 128-bit encryption
highHigh encryption cipher suites. Currently key lengths are larger than 128 bits.
rsa-rc4-128-md5Cipher suites using RSA key exchange, 128-bit RC4 for

encryption and MD5 for MAC.
rsa-rc4-128-sha1Cipher suite using RSA key exchange, 128-bit RC4 for encryption
and SHA1 hash for MAC.
rsa-des-sha1Cipher suite using RSA key exchange, 3DES for encryption and SHA1
hash for MAC.
rsa-3des-sha1Cipher suite using RSA key exchange, 3DES for encryption and
SHA1 hash for MAC.
rsa-aes-128-sha1Cipher suite using RSA key exchange, 128-bit AES for encryption
rsa-aes-256-sha1Cipher suite using RSA key exchange, 256-bit AES for encryption
user-definedAlteon supports all ciphers supported by the accepted OpenSSL

format. For more information, refer to the OpenSSL documentation.
Default: rsa
515


intermca
Use Intermediate CA certificates when the CA providing the virtual service's server
certificate is not directly trusted by the end-users Web browsers. This is typical in an
organization that has its own CA server for generating server's certificates. To construct
the trust chain from the users browsers list of trusted CAs to the organization's CA
server, an intermediate CA certificate or chain of certificates can be provided.
This is an optional configuration that lets you bind an intermediate CA certificate to the
SSL policy. You can also create a group of intermediate certificates (a complete CA chain)
and bind it to the SSL policy.
For more information on importing an intermediate CA certificate and/or creating a CA
chain using a certificate group, see /cfg/slb/ssl/certs/srvrcert Server Certificate Menu,
page 508.
Values:
certAssociate the intermediate CA certificate ID.
groupAssociate a new CA group ID.
noneDo not use an intermediate CA.
becipher
If you enable back-end encryption, you can set the cipher strength to use during the
back-end SSL handshake using the becipher option.
Values:
low-"Low" exception cipher suites, currently using 64- or 56-bit encryption

algorithms but excluding export cipher suites. Alteon adds RC4-SHA and RC4-MD5 to
the LOW category and remove SSLv2 ciphers.
medium-"Medium" encryption cipher suites, currently using 128-bit encryption.
high-"High" encryption cipher suites. Currently key lengths are larger than 128 bits.
Note: For back-end encryption, Alteon plays the client role and negotiates the session
key. HIGH implies highest security is used for the session key and allows back-end
encryption to be as secure as the front-end SSL, or even use higher security than the
front-end connection. You can use LOW for front-end and HIGH for back-end
connection.
authpol
Displays the Client Authentication Policy menu. To view this menu, see /cfg/slb/ssl/
authpol Client Authentication Policy Menu, page 522.
With this menu, you can optionally define a client authentication policy that authenticates
the clients identity as a further operation of the SSL handshake.
516


convuri
When using HTTP redirection conversion, you can define a regex to further expand the
URIs included in redirection conversion.
Notes:
This option is only available if HTTP redirection conversion is enabled (see the
convert command in this table).
Simple wildcards, such as question marks and asterisks are not considered regex and
will not result in the desired behavior. The regex match for the simple wildcard
asterisk (*) is dot-asterisk (.*)
Example
If a user requests the www.ab.com/base_redirect.html page, and the request is
redirected by the server to www.bb.com/Redirect/Path/redirect_page.html, if the
redirect was from ab.com to ab.com/some-other-path, no regular expression is
needed because this is the same host.
In this example, the redirect was from ab.com to bb.com. This works only when the
regular expression matches the host (the new host). As a result, the regular expression
should be set to include bb.com for the conversion to be performed on it.
fessl
There may be cases where the connection to the client is clear-text (HTTP or other TCP
protocol) and the server connection must be encrypted (HTTPS or SSL).
If your network environment requires it, you can Option to disable front-end encryption
in order to support clear-text front-end to SSL on back-end.
Values: d (disabled), e (enabled)
Default: e
517


bessl
Processing SSL traffic can result in significant overhead for a server. The front-end and
back-end architecture enables the front-end (Alteon) to handle the SSL decryption.
If your network environment requires it, you can enable additional encryption for the
back-end servers. For example, your organization may require data to be encrypted
internally in addition to externally. Additionally, if you want to change the back-end
listening port (real port, or rport), see /cfg/slb/virt <server number>/service/http Virtual
Server HTTP Service Configuration Menu, page 435.
Because a new SSL connection is established between Alteon and the back-end servers,
a lighter encryption algorithm can be used on this more protected network segment in
order to improve performance. For more information, see the becipher command in this
table.
Note: When back-end encryption is enabled, Radware recommends using
multiplexing.
(meaning that there is back-end encryption). The following describes how rport is set
based on the bessl setting:
If your network environment requires it, you can change the default rport value. For
more information, see /cfg/slb/virt <server number> /service <virtual port or application
name> Virtual Server Service Configuration, page 419.
Default: d
518


convert
When Alteon performs SSL encryption for the back-end servers, the servers receive the
requests in HTTP format. When the servers redirect to another page or site (using HTTP
headers in response to the location header), they send the redirect to Alteon using HTTP.
When sending the response back to the clients, Alteon modifies the server's redirection
location URL appearing in the HTTP header from HTTP:// to HTTPS://.
Note: When back-end SSL encryption is enabled, this option is not relevant.
The modification is performed automatically whenever the hostname in the client's
request matches the hostname in the server's response, or when matching criteria are
met. Matching criteria can consist of a regex that represents the hostname and defined
for the convuri parameter.
Notes:
When SSL policy protocol redirection and HTTP header and body modifications are
enabled on the same service, and the server sends a 302 Redirect response, the
protocol of the new location is always set to HTTPS to enable the redirect location to
work for the clients. This is enforced in addition to (and regardless of) the setting in
the HTTP modification rule. For more information about HTTP modifications, see /cfg/
slb/virt <server number>/service/http Virtual Server HTTP Service Configuration
Menu, page 435.
Simple wildcards, such as question marks and asterisks are not considered regex and
will not result in the desired behavior. The regex match for the simple wildcard
asterisk (*) is dot-asterisk (.*)
ena
When you configure the SSL policy, it is disabled by default. In order for SSL offloading to
work, you must enable and apply the SSL policy.
dis
When you configure the SSL policy, it is disabled by default. Select disable to make it
non-operational.
del
Deletes this SSL policy.
cur
Displays the current SSL policy settings.
/cfg/slb/ssl/sslpol/passinfo
SSL Policy Passinfo Menu

The SSL Client Information (passinfo) settings are part of an optional configuration that, when
enabled, instructs Alteon to pass the client's SSL information to the back-end servers using HTTP
headers. For example, you may decide that clients with 56-bit ciphers are handled by group1 while
users with 128-bit ciphers are handled by group2. This is also useful when secure sites require a
minimum cipher by the client.
By default, all parameters are not set, meaning that Alteon does not pass the clients SSL
information to the back-end servers.
519

Notes
If the chosen field is empty in the incoming-traffic, Alteon displays this field without any value.
You cannot configure an empty field name in the configuration.
When a cache policy is enabled on a virtual service, and the cache serves the pages according to
the client requests, Alteon does not send the SSL information to the back-end server.
This feature is HTTP-dependent and cannot be used with simple SSL offloading, when traffic is
directly decrypted and sent to the back-end servers with no manipulation per any SSL protocol.
[SSL Policy Policy_1 Passinfo Menu]

cipher
- Set pass cipher-suite information to backend server
version - Set pass SSL version information to backend server
bits
- Set pass cipher bits information to backend server
frontend - Enable/Disable add Front-End-Https: on header
comply
- Enable/Disable X-SSL header compatible with 2424SSL headers
cur
- Display current passinfo configuration
Table 356: Pass SSL Information to Backend Servers Menu

cipher
If you want to pass information about the SSL cipher suite to the back-end servers, enter
the SSL cipher suite header to be used in the HTTP header using this command. For more
information on defining which cipher suites are defined for an SSL policy, see the
discussion of the cipher command under /cfg/slb/ssl/sslpol SSL Policy Menu, page 514.
Default Header: Cipher-Suite
version
If you want to pass information about the SSL version to the back-end servers, enter the
SSL version header to be used in the HTTP header using this command.
Default Header: SSL-Version
bits
If you want to pass the number of bits used for encryption by the cipher to the back-end
servers, enter the bits header to be used in the HTTP header using this command.
Default Header: Cipher-Bits
frontend
When Alteon performs front-end SSL offloading for certain types of applications (for
example, Outlook Web-Access (OWA)), these applications can adjust their behavior if
they are made aware" that there is front-end SSL offloading. To indicate this to the
application, a special "Front-End-HTTPS" HTTP header can be added to requests.
Values: enabled, disabled
comply
Enables or disables X-SSL header compatible with 2424-SSL headers.
Values: enable, disable
cur
Displays the current status of the SSL policy passinfo configuration.
520

/cfg/slb/ssl/sslpol/frver
SSL Policy Front-end Version Menu

The SSL Policy Front-end Version menu lets you explicitly select supported SSL protocol versions in
the front-end connection.
[SSL Policy 1 frver Menu]

ssl3
- Enable/Disable frontend SSLv3 protocol version
tls10
- Enable/Disable frontend TLS1.0 protocol version
tls11
- Enable/Disable frontend TLS1.1 Protocol version
cur
- Display current frontend SSL protocol version configuration
Table 357: SSL Policy Front-end Version Menu (/cfg/slb/ssl/sslpol/frver)

ssl3
Enables or disables front-end SSLv3 protocol version support.
If SSL v3 support is disabled, the client SSLv3 Hello is rejected; no tunnel setup is
performed and the connection is terminated.
If a client sends an SSLv3 Hello message using the SSLv2 structure, Alteon continues the
handshake as an SSLv3 handshake.
Default: enabled
tls10
Enables or disables front-end TLS1.0 protocol version support.
If TLS1.0 support is disabled, the client TLS1.0 SSL Hello is rejected; no tunnel setup is
Note: If only TLS1.0 is enabled and the client sends a TLS1.1 Hello, a TLS1.0
handshake will be performed successfully.
Default: enabled
tls11
Enables or disables front-end TLS1.1 protocol version support.
If TLS1.1 support is disabled, the client TLS1.1 SSL Hello is rejected; no tunnel setup is
Note: If only TLS1.0 is enabled and the client sends a TLS1.1 Hello, a TLS1.0
handshake will be performed successfully.
Note: If only TLS1.1 is enabled and the client sends a TLS1.0 Hello, the handshake is
rejected.
Default: enabled
cur
Displays the current front-end SSL protocol version configuration.
521

/cfg/slb/ssl/sslpol/bever
SSL Policy Back-end Version Menu

The SSL Policy Back-end Version menu lets you explicitly select supported SSL protocol versions in
the back-end connection.
[SSL Policy 1 bever Menu]

ssl3
- Enable/Disable backend SSLv3 protocol version
tls10
- Enable/Disable backend TLS1.0 protocol version
tls11
- Enable/Disable backend TLS1.1 Protocol version
cur
- Display current backend SSL protocol version configuration
Table 358: SSL Policy Back-end Version Menu (/cfg/slb/ssl/sslpol/bever)

ssl3
Enables or disables back-end SSLv3 protocol version support for opening an SSL client
connection.
Default: enabled
tls10
Enables or disables back-end TLS1.0 protocol version support for opening an SSL client
connection.
Default: enabled
tls11
Enables or disables back-end TLS1.1 protocol version support for opening an SSL client
connection.
TLS1.1 is the highest protocol version supported. When enabled, Alteon opens an SSL
backend connection using TLS1.1 SSL Hello.
Default: enabled
cur
Displays the current back-end SSL protocol version configuration.
/cfg/slb/ssl/authpol
Client Authentication Policy Menu

This menu is used to configure an authentication policy. When you enter the Authentication Policy
menu, you are prompted to enter an authentication policy ID. The maximum number of policies is
1024.
When using SSL offloading, you can optionally define a client authentication policy that
authenticates the clients identity. You associate a client authentication policy to an SSL policy, and
the SSL policy, in turn, is associated to a virtual service.
522

For more information on client authentication policy, see the section on offloading SSL encryption
and authentication in the Alteon Application Switch Operating System Application Guide.
Client Authentication Policy Policy_1 Menu]

name
- Set policy name
validity - Certificate Validation Check Menu
passinfo - Pass Certificate Information to Backend Servers Menu
trustca - Set trusted client's CA certificate
cadepth - Set maximum depth to search the trusted CA in the CA certificate
chain
caverify - Set certificate's CA verification level
failurl - Set URL for redirection when client authentication fails
ena
- Enable policy
dis
- Disable policy
del
- Delete Policy
cur
This menu is used for configuring a client authentication policy.
Table 359: Client Authentication Policy Menu

name
An optional descriptive name of the policy in addition to the policy ID.
validity
Displays the Certificate Validation Check menu. To view this menu, see /cfg/slb/ssl/
authpol/validity Certificate Validation Check Menu, page 524.
passinfo
Displays the Pass Certificate Information to Backend Servers menu. To view this menu,
see /cfg/slb/ssl/authpol/passinfo Pass Certificate Information to Backend Servers Menu,
page 526.
trustca
You must specify the trusted client CA certificate or group of trusted client CA certificates
to enable Alteon to recognize which client certificates to accept. Certificates are selected
from the ones imported to the certificate repository. For more information about
importing client Trusted CA certificates to Alteon, see /cfg/slb/ssl/certs/trustca Trusted
CA Certificate Menu, page 511.
Values:
certTrusted client CA certificate.
groupTrusted client CA certificate group.
cadepth
You can set the maximum intermediate CAs in the CA chain that Alteon searches to
validate the link between the client's certificate to the specified trusted client CA
certificate.
When prompted, the current maximum depth to search the trusted client CA
configuration displays. Enter the new maximum depth to search, if required.
Values: 19
Default: 2
523

Table 359: Client Authentication Policy Menu

caverify
Specifies the certificate's CA verification level.
Values:
require (default)Alteon requires the clients certificate. If not provided or if it does

not match the trusted CA, the authentication fails.
optionalAlteon requires the clients certificate. If not provided, the client is passed
on for Application-based authentication. If provided, the certificate is checked against
the trusted CA for a match (and OCSP if specified).
noneAlteon requires the clients certificate. The client is allowed to continue with or
without a valid certificate.
failurl
Specifies the URL to which clients are redirected if client authentication fails.
ena
You must enable the authentication policy for it take effect. For more information, see the
authpol command under /cfg/slb/ssl/sslpol SSL Policy Menu, page 514.
dis
Disables this policy, making it non-operational.
del
Deletes this client authentication policy.
cur
Displays the current client authentication policy settings.
/cfg/slb/ssl/authpol/validity
Certificate Validation Check Menu

When authenticating a client during the SSL handshake process, Alteon sends a client certificate
request to the client. To complete the handshake, the client then sends the client certificate to
Alteon to be validated. If the certificate is valid, the handshake process is complete on both sides of
the transaction and the data is sent from the client. If the certificate is not valid, the session is
terminated.
Note: If the same client certificate arrives at two different SPs, a Online Certificate Status Protocol
(OCSP) query is sent to the OCSP that responded, even if the OCSP is cache-enabled.
524

Client Authentication Policy Policy_1 Validation Menu]

method
- Set certificate validation check method
staturi - Set static URI for OCSP validation requests
uriprior - Set OCSP URI priority
cachtime - Set OCSP response cache time
timedev - Set OCSP response time deviation
algorthm - Set allowed signing algorithm for the OCSP response
vchain
- Enable/Disable validating every CA certificate in the CA chain
using OCSP
secure
- Enable/Disable secure OCSP response by sending random nonce
with the request
cur
- Display current validity configuration
Table 360: Certificate Validation Check Menu

method
The certificate validation check verifies that the client's certificate has not been revoked
by the CA before completing the handshake. The validation check is performed using
OCSP.
Values: OCSP, none
Default: none
staturi
OCSP authenticates the client certificate status by checking the revocation status using
data stored on a remote OCSP server. Client credentials are based on SSL certificates.
The OCSP static URI specifies the destination of OCSP validation requests. It is used
under one of the following conditions:
The OCSP static URI is not embedded in the certificate.
The OCSP static URI embedded in the certificate does not answer.
URI precedence is set to staturi.
Note: You must include either the http:// or https:// prefix.
uriprior
Sets the priority for sending OCSP validation requests between the URI embedded in the
client certificate and the defined static URI (see the staturi command in this table).
Values: clientcert, staticuri
Default: clientcert
cachtime
Sets the time span for which validated OCSP responses are cached. Since CA servers
update the CRLs on the OCSP server periodically (every 12 hours or 24 hours), there is
no need to overload the OCSP server with repetitive OCSP requests for the same
certificate. Caching is per client authentication policy, and entries are not shared
between policies.
Values: 0180000
Default: 1
525

Table 360: Certificate Validation Check Menu

timedev
OCSP servers sign their responses to avoid tampering. These signatures include a
timestamp to mitigate replay attacks of older responses. If there is a deviation between
the OCSP timestamp and the Alteon clock, a replay attack is suspected. However, you
can set a grace time (deviation time) between the Alteon clock (NTP recommended) and
the OCSP response timestamp, so that such a response is not failed.
Values: 03600
Default: 75
algorthm
Sets the specific signature algorithms allowed for signing OCSP responses.
Values: all, md5, sha1, sha256, sha384, sha512
Default: all
vchain
When validation of certificate chains is enabled, an OCSP request is sent for every
certificate in the chain of CAs to the trusted client CA. When disabled, an OCSP request is
sent for the client certificate only.
Note: The URIs used for these OCSP requests are the ones embedded in the CA
certificates themselves.
Default: disabled
secure
When enabled, a random nonce number is sent with OCSP requests to prevent a manin-the-middle replay attack of older OCSP responses.
Default: enabled
cur
Displays the current status for all validity settings.
/cfg/slb/ssl/authpol/passinfo
Pass Certificate Information to Backend Servers Menu

The authentication policy passinfo option lets you pass the client's certificate information in the HTTP
headers to the back-end servers so they can use user identity information.
By default, all parameters are not set, meaning that the certificate information is not passed to the
to back-end servers.
Notes
If the chosen field is empty in the incoming-traffic, Alteon displays this field without any value.
You cannot configure an empty field name in the configuration.
When a caching policy is enabled on a virtual service, and the cache serves the pages according
to the client requests, Alteon does not send the client authentication information to the back-end
server.
This feature is HTTP-dependent and cannot be used with simple SSL offloading, when traffic is
directly decrypted and sent to the back-end servers with no manipulation per any SSL protocol.
526

Client Authentication Policy Policy_1 Passinfo Menu]

version - Pass certificate version information to backend server
serial
- Pass certificate serial-number to backend server
algo
- Pass certificate Signature Algorithm to backend server
issuer
- Pass certificate issuer information to backend server
nbefore - Pass certificate 'Not Before' Validity Date to backend
server
nafter
- Pass certificate 'Not After' Validity Date to backend server
subject - Pass certificate subject to backend server
keytype - Pass certificate Public Key Type to backend server
md5
- Pass certificate MD5 hash to backend server
cert
- Pass certificate information to backend server
charset - Set the character set to be used for information
comply
- Enable/Disable headers format to comply with 2424SSL headers
cur
- Display current passinfo configuration
Table 361: Client Authentication Policy Passinfo Menu

version
Passes the certificate version information to the back-end servers.
Default Header: CCRT-Version
serial
Passes the certificate serial number to the back-end servers.
Default Header: CCRT-SN
algo
Passes the certificate signature algorithm to the back-end servers.
Default Header: CCRT-SignatureAlgo
issuer
Passes the certificate issuer to the back-end servers.
Default Header: CCRT-Issuer
nbefore
Passes the certificate not before validity dates information to the back-end servers.
Default Header: CCRT-NotBefore
nafter
Passes the certificate not after validity dates information to the back-end servers.
Default Header: CCRT-NotAfter
subject
Passes the certificate subject information to the back-end servers.
Default Header: CCRT-Subject
keytype
Passes the certificate public key type information to the back-end servers.
Default Header: CCRT-PublicKeyType
527

Table 361: Client Authentication Policy Passinfo Menu

md5
Passes the certificate MD5 hash information to the back-end servers.
Default Header: CCRT-MD5Hash
cert
Passes the certificate information to the back-end servers.
If you select y to pass this information, you are prompted for the following:
Either the header or value.

Default Header: CCRT-Certificate
The new Certificate Header Lines Format.

Values:
MultiNew lines are started by a return.
SingleText is wrapped to the next line.
Default: multi
charset
Passes the information character set to the back-end servers.
Note: When using ASCII encoding for sending certificate details, Alteon uses slash (/)
as the delimiter between information fields. When using Unicode encoding for sending
the certificate details, Alteon uses comma (,) as the delimiter.
Values: ascii, unicode
Default: ascii
comply
Enables or disables using the 2424-SSL-compliant header format.
cur
Displays the current pass information status for all settings.
528

/cfg/slb/filt <filter number>
SLB Filter Menu

Alteon supports up to 2048 traffic filters. Each filter can be configured to allow, deny, redirect or
perform Network Address Translation (NAT) on traffic according to a variety of address and protocol
specifications, and each physical port can be configured to use any combination of filters. This
command is disabled by default.
[Filter 1
Menu]
adv
- Filter Advanced Menu
name
- Set filter name
smac
- Set source MAC address
dmac
- Set destination MAC address
ipver
- Set Filter IP version
sip
- Set source IP address or network class
smask
- Set source IP mask
dip
- Set destination IP address or network class
dmask
- Set destination IP mask
proto
- Set IP protocol
sport
- Set source TCP/UDP port or range
dport
- Set destination TCP/UDP port or range
cntclass - Set content class ID
action
- Set action
group
- Set real server group for redirection
rport
- Set real server port for redirection
nat
- Set which addresses are network address translated
vlan
- Set vlan id
invert
- Enable/disable filter inversion
ena
- Enable filter
dis
- Disable filter
del
- Delete filter
cur
- Display current filter configuration
The following actions are required for filtering:
Defining that address, masks, and/or protocol that will be affected by the filter.
Defining the filter action (allow, deny, redirect, nat).
Enabling the filter.
Adding the filter to a port.
Enabling filtering on the port
Table 362: Filter Configuration Menu Options (/cfg/slb/filt)

adv
Displays the Filter Advanced menu. To view this menu, see /cfg/slb/filt <filter number> /
adv Filter Advanced Menu, page 534.
There are several options available from this menu that can be used to provide more
information through syslog. The types of information include:
IP protocol
TCP/UDP ports
TCP flags
ICMP message type
529


name <31 character name> |none
Assigns a name to a filter.
smac any| <MAC address (such as, 00:60:cf:40:56:00)>

Sets the source MAC address.
Default: any
dmac any| <MAC address (such as, 00:60:cf:40:56:00)>

Sets the destination MAC address.
Default: any
ipver
<IP version (v4, v6)>

Sets the IP version that the filter uses.
sip <IP4 address (eg, 192.4.17.101) | IP6 address (eg,

3001:0:0:0:0:0:abcd:1234 or 3001::abcd:1234)> | <network class id>
If defined, traffic with this source IP address is affected by this filter.
Values:
IPv4 addressIP address in dotted decimal notation.
IPv6 addressIP address in colon notation.
Network class IDNetwork class ID as defined using /cfg/slb/nwclss <network class

ID> Network Class Configuration Menu, page 548.
anyAny IP address version.
A range of IP addresses is produced when used with the smask (see in this table).
Default: any, if the source MAC address (smask) is any
smask <IP4 subnet mask (such as, 255.255.255.0)>

64)>
| <IP6 prefix length (eg,
This IP address mask is used with the source IP (sip) to select the traffic which this filter
affects. For more information on defining IP address ranges, see Defining IP Address
Ranges for Filters, page 533.
dip <IP4 address (eg, 192.4.17.101)> | <IP6 address (eg,

3001:0:0:0:0:0:abcd:1234 or 3001::abcd:1234)> | <network class id>
If defined, traffic with this destination IP address is affected by this filter.
Values:
IPv4 addressIP address in dotted decimal notation.
IPv6 addressIP address in colon notation.
Network class IDNetwork class ID as defined using /cfg/slb/nwclss <network class

ID> Network Class Configuration Menu, page 548.
anyAny IP address version.
A range of IP addresses is produced when used with the dmask (see in this table). For
more information, see Defining IP Address Ranges for Filters, page 533.
Default: any, if the source MAC address (smask) is any
dmask <IP4 subnet mask (such as, 255.255.255.0)> | <IP6 prefix length (eg, 64)>
This IP address mask is used with the destination IP (dip) to select traffic which this filter
affects.
530


proto any| <number> | name
If defined, traffic from the specified protocol is affected by this filter. Specify the protocol
number, name, or any.
Default: any
The following are some of the well-known protocols:
Number
Name
1
2
6
17
58
89
112
icmp
igmp
tcp
udp
icmp6
ospf
vrrp
sport any| <name> | <port> | <port> - <port>

If defined, traffic with the specified TCP or UDP source port are affected by this filter.
Specify the port number, range, name, or any.
Default: any
The following are some of the well-known ports:
Number
Name
20
21
22
23
25
37
42
43
53
69
70
79
80
109
110
ftp-data
ftp
ssh
telnet
smtp
time
name
whois
domain
tftp
gopher
finger
http
pop2
pop3
dport any| <name>
| <port> | <port> - <port>
If defined, traffic with the specified real server TCP or UDP destination port is affected by
this filter. Specify the port number, range, name, or any.
Default: any
For a list of the well-known ports, see the sport command in this table.
cntclass
Specifies the current and new content class ID.
531


action allow|deny|redir|nat|goto
Specifies the action this filter takes:
Note: IPv6 filters support the allow, deny, and redirection actions.
allowAllows the frame to pass.
denyDiscards frames that fit this filter's profile. This can be used for building basic
security profiles.
redirRedirects frames that fit this filter's profile, such as for Web cache redirection.
In addition, Layer 4 processing must be activated (see the /cfg/slb/on command in /
cfg/slb SLB Configuration, page 395).
natPerforms generic Network Address Translation (NAT). This can be used to map
the source or destination IP address and port information of a private network
scheme to and from the advertised network IP address and ports. This is used in
conjunction with the nat option (see in this table), and can also be combined with
proxies.
gotoSpecifies a target filter ID that the filter search should jump to when a match
occurs. This causes filter processing to jump to a designated filter, effectively
skipping over a block of filter IDs. Filter searching action continues from the
designated filter ID.
To specify the new filter to goto, use the /cfg.slb/filt/adv/goto command.
Default: allow

The real server group to which redirected traffic is sent. This applies only when redir is
specified at the filter action.
Values: 11024
Default: 1

Defines the real server TCP or UDP port to which redirected traffic is sent.
Note: This option applies only when redir is specified as the filter action (see in this
table).
For valid Layer 4 health checks, rport must be configured whenever TCP protocol traffic is
redirected. Also, if transparent proxies are used for NAT on Alteon (see the pip option in
/cfg/slb/port <port number> Port SLB Menu, page 545), rport must be configured for all
application redirection filters.
Default: 0
nat source|dest
When nat is set as the filter action (see in this table), this option specifies if NAT is
performed on the source or the destination information.
Values:
sourceThe frame's source IP address (sip) and port number (sport) are replaced
with the destination IP address (dip) and port number (dport) values.
destThe frame's destination IP address (dip) and port number (dport) are replaced
with the source IP address (sip) and port number (sport) values.
Default: dest
532


vlan any| <VLAN ID (1 - 4090)>
Sets the ID of the VLAN that is filtered, matching the Alteon VLAN ID to the VLAN ID of
the incoming packet.
This command allows enables you to configure filters on a per VLAN basis, and applies a
filter to a VLAN that already has been configured. A VLAN has a set of member ports. By
applying this filter to a VLAN, the filter does not get applied to all the member ports of
this VLAN. You have to manually add the filter to the port.
Default: any (Alteon matches any VLAN ID of the incoming packet)
invert disable|enable
Inverts the filter logic, meaning if the conditions of the filter are met, do not act, and if
the conditions for the filter are not met, perform the assigned action.
Note: When using filter inversion for IPv6, the Neighbor Solicitations (NSol) are
filtered out if no appropriate NSol filter was set up before inversion.
Default: disable
ena
Enables this filter.
dis
Disables this filter.
del
Deletes this filter.
cur
Displays the current configuration of the filter.
Defining IP Address Ranges for Filters

You can specify a range of IP addresses to filter both the traffic source and/or destination IP
addresses. When a range of IP addresses is needed, the sip (source) or dip (destination) defines the
base IP address in the desired range, and the smask (source) or dmask (destination) is the mask
which is applied to produce the range.
For example, to determine if a client request's destination IP address should be redirected to the
cache servers attached to a particular Alteon, the destination IP address is masked (bitwise AND)
with the dmask, and then compared to the dip.
Example
You can configure Alteon with two filters so that each handles traffic filtering for one half of the
Internet. To do this, define the following parameters:
Table 363: Example Filtering IP Address Ranges
Filter
Internet Address Range
dip
dmask
#1
0.0.0.0 - 127.255.255.255
0.0.0.0
128.0.0.0
#2
128.0.0.0 - 255.255.255.255
128.0.0.0
128.0.0.0
533

/cfg/slb/filt <filter number> /adv
Filter Advanced Menu

[Filter 1 Advanced Menu]
8021p
- 802.1p Advanced Menu
tcp
- TCP Advanced Menu
ip
- IP Advanced Menu
layer7
- Layer 7 Advanced Menu
proxyadv - Proxy Advanced Menu
redir
- Redirection Advanced Menu
security - Security Menu
icmp
- Set ICMP message type
cont
- Set BW contract
revcont - Set BW contract for the reverse session
tmout
- Set NAT or L7 lookup session timeout
idsgrp
- Set IDS server group for intrusion detection SLB
idshash - Set hash parameter for intrusion detection SLB
thash
- Set hash parameter for Filter
mcvlan
- Set MCAST NAT egress VLAN Id
goto
- Set GOTO filter ID
rtsrcmac - Enable/disable return to source mac addr
reverse - Enable/disable creating session for reverse side traffic
cache
- Enable/disable caching sessions that match filter
l3filter - Set the layer 3 filter
sesslog - Enable/disable session logging
log
- Enable/disable logging
mirror
- Enable/disable session mirroring
nbind
- Enable/disable subnet binding for redirection
cur
- Display current advanced filter configuration
Table 364: Advanced Filter Menu (/cfg/slb/filt/adv)

8021p
Displays the 802.1p Advanced menu. IEEE 802.1p is the specification for prioritizing the
network traffic at the Layer 2 level in your Alteon. To view this menu, see /cfg/slb/filt
<filter number> /adv/8021p 802.1p Advanced Menu, page 537.
Using this menu, you can preserve 802.1p bits in all the frames that pass through
Alteon.
tcp
Displays the TCP Advanced menu. To view this menu, see /cfg/slb/filt <filter number> /
adv/tcp TCP Advanced Menu, page 538.
ip
Displays the IP Advanced menu. To view this menu, see /cfg/slb/filt <filter number> /
adv/ip IP Advanced Menu, page 539.
layer7
Displays the Layer 7 Advanced menu. To view this menu, see /cfg/slb/filt <filter
number> /adv/layer7 Layer 7 Advanced Filter Configuration Menu, page 539.
proxyadv
Displays the Proxy Advanced menu. To view this menu, see /cfg/slb/filt/adv/proxyadv
Proxy Advanced Menu, page 542.
534


redir
Displays the to Redirection Advanced menu. To view this menu, see /cfg/slb/filt<filter
number>/adv/redir Redirection Advanced Menu, page 542.
security
Displays the Security Menu. To view this menu, see /cfg/slb/filt <filter number> /adv/
security SLB Filter Advanced Security Menu, page 543.
icmp
message type |any|

Sets the ICMP message type. For a list of ICMP message types, see ICMP Message
Types, page 536. For a detailed description of filtering and ICMP, see the Alteon
Default: any
cont <BWM Contract (1-1024)>

Sets the Bandwidth Management contract.
Default: 1024
revcont <BW Contract (1-1024)>

Sets the Bandwidth Management contract for the reverse traffic session. This lets you
assign a different Bandwidth Management contract from the one configured on the
ingress filter.
tmout <even number of minutes (4-32768)>

Sets the session timeout in an even number of minutes.
Default: 4 minutes
idsgrp <real server group number (1-1024)>
|none
Sets the IDS server group for Intrusion Detection System (IDS) server load balancing.
When filtering is used for IDSLB, each filter added to an IDSLB-enabled port can be
assigned a unique IDS real server group.
idshash sip|dip|both
Sets the hash metric parameter for Intrusion Detection System (IDS) server load
balancing:
Values:
sipSource IP
dipDestination IP
both
thash auto|sip|dip|both|sip+sport|dip32
Selects the hash parameter to use for filter redirection.
sipPerforms tunable hash on source IP address for this filter.
dipPerforms tunable hash on destination IP address for this filter.
bothPerforms tunable hash on both source IP address and the destination IP

address at the same time.
sip+sportPerforms tunable hash on both source IP address and source port at the
same time.
dip32Performs tunable hash on a 32-bit destination IP address for the filter.
Default: auto
535


mcvlan <VLAN ID (1-4090)>
Sets the MCAST NAT egress VLAN ID.
goto <filter ID>

Specifies a target filter ID that the filter search should jump to when a match occurs.
Filter searching continues from the designated filter ID. To use this feature, the action
on this filter (see in this table) must be set to goto.
rtsrcmac disable|enable
Enables or disables the return of traffic to the source MAC address.
reverse disable|enable
Enables or disables the creation of a session for traffic coming from the reverse side to
avoid inspecting traffic in both directions.
cache disable|enable
Enables or disables caching sessions that match the filter.
Note: Use caution when applying cache-enabled and cache-disabled filters to the
same port. A cache-enabled filter creates a session entry so that Alteon can bypass
checking for subsequent frames that match the same criteria.
The cache should be disabled if applying a filter to virtual server IP address when
performing UDP load balancing (see the udp option under /cfg/slb/virt <server
number> /service <virtual port or application name> Virtual Server Service
Configuration, page 419/).
Default: enable
sesslog
log disable|enable
Enables or disables generating syslog messages when a filter is matched.
Default: disable
Enables or disables session mirroring on all filters.
nbind
Enables or disables subnet binding for redirection.
cur
Displays the current advanced filter configuration.
ICMP Message Types

The following ICMP message types are used with the /cfg/slb/filt/adv/icmp command. You
can list all ICMP message types with the /cfg/slb/filt/adv/icmp list command.
Table 365: ICMP Message Types
Type #
Message Type
Description
echorep
ICMP echo reply
destun
ICMP destination unreachable
536

Table 365: ICMP Message Types
Type #
Message Type
Description
quench
ICMP source quench
redir
ICMP redirect
echoreq
ICMP echo request
rtradv
ICMP router advertisement
10
rtrsol
ICMP router solicitation
11
timex
ICMP time exceeded
12
param
ICMP parameter problem
13
timereq
ICMP timestamp request
14
timerep
ICMP timestamp reply
15
inforeq
ICMP information request
16
inforep
ICMP information reply
17
maskreq
ICMP address mask request
18
maskrep
ICMP address mask reply
/cfg/slb/filt <filter number> /adv/8021p
802.1p Advanced Menu

This feature lets you filter IP packets based on the 802.1p bits in the packet's VLAN header. The
802.1p bits specify the priority that you should give to the packets while forwarding them. The
packets with higher (non-zero) priority bits are given forwarding preference over packets with
numerically lower priority bits value.
[802.1p Advanced Menu]

value - Set 802.1p value
match - Enable/disable 802.1p value matching
cur
- Display current 802.1p configuration
Table 366: 802.1p Advanced Menu Options (/cfg/slb/filt/adv/8021p)

value <0-7>
Defines the 802.1p value. The value is the priority bits information in the packet
structure.
match <disable|enable>
Enables or disables matching of 802.1p value. When the Management Processor (MP)
reuses the packet to send to the destination, Alteon matches the original priority bits
information with the priority bits information after the frame processing is complete.
cur
Displays the current 802.1p configuration.
537

/cfg/slb/filt <filter number> /adv/tcp
TCP Advanced Menu

These commands can be used to configure packet filtering for specific TCP flags.
[TCP Advanced Menu]

urg
- Enable/disable TCP URG matching
ack
- Enable/disable TCP ACK matching
psh
- Enable/disable TCP PSH matching
rst
- Enable/disable TCP RST matching
syn
- Enable/disable TCP SYN matching
fin
- Enable/disable TCP FIN matching
ackrst - Enable/disable TCP ACK or RST matching
cur
- Display current TCP configuration
Table 367: Advanced Filter TCP Menu (/cfg/slb/filt/adv/tcp)

urg disable|enable
Enables or disables TCP URG (urgent) flag matching.
Default: disable
ack disable|enable
Enables or disables TCP ACK (acknowledgement) flag matching.
Default: disable
psh disable|enable
Enables or disables TCP PSH (push) flag matching.
Default: disable
rst disable|enable
Enables or disables TCP RST (reset) flag matching.
Default: disable
syn disable|enable
Enables or disables TCP SYN (synchronize) flag matching.
Default: disable
fin disable|enable
Enables or disables TCP FIN (finish) flag matching.
Default: disable
ackrst disable|enable
Enables or disables TCP acknowledgement or reset flag matching.
Default: disable
cur
Displays the current Access Control List (ACL) TCP filter configuration.
538

/cfg/slb/filt <filter number> /adv/ip
IP Advanced Menu
[IP Advanced Menu]
tos
- Set IP Type of Service
tmask - Set IP TOS mask
newtos - Set new IP TOS
length - Set IP maximum packet length
option - Enable/disable IP option matching
cur
- Display current IP configuration
Table 368: IP Advanced Menu Options (/cfg/slb/filt /adv/ip)

tos <0-255>
Sets the IP type of service (ToS) and the value of the type of service. For more
information on ToS, refer to RFC 1340 and RFC 1349.
tmask <0-255>
Sets the IP type of service mask.
newtos <0-255>
Sets the new IP type of service.
length <IP packet length (in bytes), 64-65535> |any

Defines the limit of the IP packet's length, including the IPv4 or IPv6 IP header. Any
packet equal or exceeding the specified length does not match the filter. This option
supports both IPv4 and IPv6 packets.
option <disable|enable>
Enables or disables IP option matching.
cur
Displays the current advanced IP settings for the selected filter.
/cfg/slb/filt <filter number> /adv/layer7
Layer 7 Advanced Filter Configuration Menu

[Layer 7 Advanced Menu]
sip
- Layer 7 SIP Menu
urlcont - Set BW cont of an URL path specific to this filter
addrd
- Add HTTP redirection mapping
remrd
- Remove HTTP redirection mapping
addstr
- Add string for layer 7 filtering
remstr
- Remove string for layer 7 filtering
httphash - Set HTTP header hash parameter for filter
rdsnp
- Enable/disable WAP RADIUS Snooping
rdswap
- Enable/disable RADIUS/WAP Persistence
ftpa
- Enable/disable active FTP NAT
l7lkup
- Enable/disable layer 7 content lookup
parseall - Enable/disable layer 7 lookup (parsing) of all packets
invert
- Enable/disable invert action for layer 7 string matching
cur
- Display current layer 7 configuration
539

Table 369: Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/layer7)

sip
Displays the Layer 7 SIP menu. To view this menu, see /cfg/slb/filt <num> /adv/layer7/
sip Layer 7 SIP Menu, page 541.
urlcont <URL path ID
BW contract>
Sets the URL path Bandwidth (BW) contract for this filter. Only use this command when a
string is shared by multiple filters and each filter requires a separate bandwidth.
addrd [1>2]
Adds an HTTP redirection mapping. Strings are defined using the /cfg/slb/layer7/
slb/add command.
Using this command, if the filter matches on the first string ID it sends back an HTTP
redirection message to the client that contains information in the second string ID.
remrd <string id to redirect from (1-1024)
string id to redirect to (2-1024)>
Removes an HTTP redirection mapping that was added using the addrd command (see in
this table).
addstr <string id (1-1024)>

Adds the string ID to this filter for Layer 7 filtering. The string is defined using the /cfg/
slb/layer7/slb/add command.
remstr <string id (1-1024)>

Removes the string ID for Layer 7 filtering. The string is defined using the /cfg/slb/
layer7/slb/add command.
rdsnp <disable|enable>
Enables or disables WAP RADIUS snooping on this filter.
RADIUS snooping lets Alteon examine RADIUS accounting packets for client information.
This information is needed to add to or delete static session entries in Alteon's session
table so that it can perform the required persistency for load balancing. For more details,
rdswap enable|disable
Enables or disables WAP RADIUS persistence on this filter. This feature allows for RADIUS
and WAP persistence by binding both RADIUS accounting and WAP sessions to the same
server.
A WAP client is first authenticated by the RADIUS server on UDP port 1812. The server
replies with a RADIUS Accept or Reject frame. Alteon forwards this reply to the Remotre
Access Service (RAS). After the RAS receives the RADIUS accept packet, it sends a
RADIUS accounting start packet on UDP port 1813 to the bound server. Alteon snoops on
the RADIUS accounting start packet for the framed IP address attribute. The framed IP
address attribute is used to rebind the RADIUS accounting session to a new server. For
more details, refer to the Alteon Application Switch Operating System Application Guide.
ftpa disable|enable
Enables or disables active FTP Client Network Address Translation (NAT). When a client in
active FTP mode sends a PORT command to a remote FTP server, Alteon examines the
data part of the frame and replace the client 's private IP address with a proxy IP (PIP)
address. The real server port (rport) is replaced with a proxy port (PPORT), that is
(PIP:PPORT).
Default: disable
540

Table 369: Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/layer7)

l7lkup disable|enable
Enables or disables Layer 7 lookup on this filter. When enabled, the filter performs a
lookup on Layer 7 content such as HTTP strings or headers. When combined with a filter
action, this feature enables content-intelligent redirection or content-intelligent deny
filtering.
parseall disable|enable
Enables or disables parsing of all packets in a session where Layer 7 lookup is being
performed.
disableLayer 7 lookup is turned off for the remaining packets in the session.
enabledNormally all data packets in a session are examined by the filter. However,
some sessions may contain only one packet containing the Layer 7 content. Once this
packet is found, subsequent packets are ignored.
Default: enable
cur
Displays the current Advanced Layer 7 configuration of the filter, including the RADIUS
and WAP persistence settings.
/cfg/slb/filt <num> /adv/layer7/sip
Layer 7 SIP Menu

[Layer 7 SIP Menu]
rtpcont - Set BW contract for the SIP RTP sessions
sipp
- Enable/disable SIP parsing
sips
- Enable/disable SIP UDP filtering
cur
- Display current SIP configuration
Table 370: Layer 7 SIP Menu Options (/cfg/slb/filt/adv/layer7/sip)

rtpcont <BW contract>
Sets the Bandwidth (BW) contract for the SIP RTP sessions.
sipp <enable|disable>
Enables or disables SIP parsing.
sips <enable|disable>
Enables or disables SIP UDP filtering.
This command is available only to the vADC Administrator in ADC-VX mode.
cur
Displays the current advanced SIP configuration.
541

/cfg/slb/filt/adv/proxyadv
Proxy Advanced Menu

[Proxy Advanced Menu]
proxyip - Set client proxy IP address
epip
- Enable/disable pip selection based egress port/vlan
proxy
- Enable/disable client proxy
cur
- Display current proxy configuration
Table 371: Proxy Advanced Menu Options

proxyip <IP_address>
Sets the client proxy IP address.
epip <enable|disable>
Enables or disables PIP selection based on the outgoing port or VLAN.
proxy <enable|disable>
Enables or disables client proxy.
cur
Displays all proxy statistics.
/cfg/slb/filt<filter number>/adv/redir
Redirection Advanced Menu

[Redirection Advance Menu]
fwlb
- Enable/disable firewall redirect hash method
linklb
- Enable/disable WAN link load balancing
vpnflood - Enable/disable two way VPN load balancing
dbind
- Enable/disable delayed binding for redirection
pbind
- Enable/disable persistent binding for redirection
rtproxy - Enable/disable redirect to proxy server
cur
- Display current redirection configuration
Table 372: Redirection Advanced Menu Options

fwlb
Enables or disables the firewall redirect hash method. For more information on firewall
load balancing, see the Alteon Application Guide Operating System Application Guide.
linklb
Enables or disables WAN link load balancing. For more information on configuring
inbound link load balancing, see /cfg/slb/linklb Inbound Link Load Balancing
vpnflood
Enables or disables two-way Virtual Private Network (VPN) load balancing. For more
information on VPN load balancing, see the Alteon Application Guide Operating System
Application Guide.
542

Table 372: Redirection Advanced Menu Options

dbind
Enables or disables delayed binding for redirection. For more information on delayed
binding, see the Alteon Application Guide Operating System Application Guide.
pbind
Enables or disables persistent binding for redirection. For more information on persistent
binding, see the Alteon Application Guide Operating System Application Guide.
rtproxy
Enables or disables traffic redirection to a proxy server.
cur
Displays all current redirection settings.
/cfg/slb/filt <filter number> /adv/security
SLB Filter Advanced Security Menu

[Security Menu]
ratelim addgrp
remgrp
pmatch
matchall parsechn parseall cur
-
Rate Limiting Menu

Add pattern match group for layer 7 filtering
Remove pattern match group for layer 7 filtering
Enable/disable pattern matching
Enable/disable match-all criteria for layer 7 filtering
Enable/disable chained pgroup match criteria for l7 filtering
Enable/disable pattern string lookup (parsing) of all packets
Display current Security configuration
Table 373: Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/security)

ratelim
Displays the Rate Limiting menu. To view this menu, see /cfg/slb/filt <filter number> /
adv/security/ratelim Advanced Security Rate Limiting Configuration Menu, page 544.
The protocol-based rate limiting limits the traffic coming from specific clients based on
the IP address of the client. This lets Alteon detect and block UDP or ICMP-based DoS
attacks that slow down or decapitate the servers. Rate limiting can be enabled on TCP,
UDP, and ICMP protocols.
addgrp <pattern match group id>

Adds a pattern group to this filter. Pattern groups are added using the /cfg/
security/pgroup/add command.
remgrp <pattern match group id>
Removes a pattern group from this filter.
pmatch <disable|enable>
Enables or disables pattern matching on this filter.
matchall <disable|enable>
Enables or disables matching of all configured patterns before the filter can perform the
deny action.
543

Table 373: Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/security)

parsechn <enable|disable>
Enables or disables chained pgroup match criteria for Layer 7 filtering.
parseall <disable|enable>
Enables or disables pattern string lookup (parsing) of all packets in a session where
pattern matching is being performed.
disablePattern matching is turned off for the remaining packets in the session.
enableNormally all data packets in a session are examined by the filter. However,
some sessions may contain only one packet containing the Layer 7 content. Once
this packet is found, subsequent packets can be ignored.
Default: enable
cur
/cfg/slb/filt <filter number> /adv/security/ratelim
Advanced Security Rate Limiting Configuration Menu

[Rate Limiting
maxconn
timewin
holddur
ena
dis
cur
Menu]
- Set maximum connections for rate limiting
- Set time window for rate limiting
- Set hold down duration for rate limiting
- Enable TCP, UDP, or ICMP rate limiting
- Disable TCP, UDP, or ICMP rate limiting
- Display current rate limiting configuration
Table 374: Rate Limiting Advanced Menu Options (/cfg/slb/filt/adv/security/ratelim)

maxconn <# of connections in units of 10 (0-255)>
Defines the maximum connections for rate limiting.
timewin <seconds, 1-65535>

Defines the time window, in seconds, for rate limiting, during which packets are allowed
to be received. The time window can be configured per filter and not globally on all the
filters.
544

Table 374: Rate Limiting Advanced Menu Options (/cfg/slb/filt/adv/security/ratelim)

holddur <minutes, 2-65535>
Sets the multiplier to be used to define the holddown duration for rate limiting.
The holddown duration is calculated as follows:
holddown_time = holddur X slowage_time
where
holddur is the value entered for this command
slowage_time is 2 X 2^slowage
When the number of new connections or packets exceeds the configured limit, any new
TCP connection requests or UDP/ICMP packets from the client are blocked. When
blocking occurs, the client is said to be held down. The client is held down for a specified
number of minutes, after which new TCP connection requests or packets from the client
are allowed once again to pass through. The holddown duration can be configured per
filter and not globally on all the filters.
For more information on the slowage time, see /cfg/slb/adv Advanced Layer 4
For more information on the hold duration, see the Alteon Application Switch Operating
ena
Enables the protocol for rate limiting. Rate limiting is applied to the protocol configured
on the filter. The supported protocols are: TCP, UDP, ICMP
dis
Disables TCP, UDP, or ICMP rate limiting.
cur
Displays the current rate limiting configuration.
/cfg/slb/port <port number>
Port SLB Menu

You can enable or disable processing independently for each type of Layer 4 traffic (client and
server) on a per port basis, expanding your topology options.
When changing the filters on a given port, it may take some time before the port session information
is updated so that the filter changes take effect. To make port filter changes take effect immediately,
clear the session binding table for the port (see the clear command at /oper/slb/gslb Global SLB
Operations Menu, page 612).
545

[SLB Port 1 Menu]

client
- Enable/disable client processing
server
- Enable/disable server processing
rts
- Enable/disable RTS processing
hotstan - Enable/disable hot-standby processing
intersw - Enable/disable inter-switch processing
vlan
- VLAN for inter-switch processing
proxy
- Enable/disable use of PIP for ingress traffic
filt
- Enable/disable filtering
add
- Add filter to port
rem
- Remove filter from port
l3filt
- Enable/disable l3 filtering
idslb
- Enable/disable intrusion detection server load balancing
cur
- Display current port configuration
Table 375: Port Configuration Menu Options (/cfg/slb/port)

client disable|enable
For Server Load Balancing (SLB), the port can be enabled or disabled to process client
Layer 4 traffic. Ports configured to process client request traffic bind servers to clients
and provide address translation from the virtual server IP address to the real server IP
address, re-mapping virtual server IP addresses and port values to real server IP
addresses and ports. Traffic not associated with virtual servers is switched normally.
Maximizing the number of these ports on the Layer 4 switch improve Alteons potential
for effective SLB.
Default: disable
server disable|enable
Ports configured to provide real server responses to client requests require real servers
to be connected to the Layer 4 switch, directly or through a hub, router, or another
switch. When server processing is enabled, the port re-maps real server IP addresses
and Layer 4 port values to virtual server IP addresses and Layer 4 ports. Traffic not
associated with virtual servers is switched normally.
Default: disable
rts disable|enable
Enables or disables Return to Sender (RTS) load balancing on this port. This option is
used for firewall load balancing or VPN load balancing applications. Enable RTS on all
client-side ports to ensure that traffic ingresses and egresses through the same port.
For more information on using RTS, see the Firewall Load Balancing and VPN Load
Balancing chapters in the Alteon Application Switch Operating System Application Guide.
Note: You cannot use RTS in conjunction with redirection filters for the following
conditions:
If delayed binding (/cfg/slb/filt x/adv/redir/dbind) or Layer 7 lookup (/

cfg/slb/filt x/adv/layer7/l7lkup) are enabled
If proxy IP (PIP) is enabled (/cfg/slb/port x/proxy ena) and client proxy is

disabled (/cfg/slb/filt x/adv/proxyadv/proxy dis)
If you do so, you will receive an error message.

Default: disable
546


hotstan disable|enable
Enables or disables hot-standby processing. Use this option and the intersw option (see
in this table) in conjunction with VRRP hot-standby failover.
Default: disable
intersw
Enables or disables interswitch processing. This option is enabled for VLANs connected to
a peer. After enabling interswitching, you are prompted to enter the VLAN number on
which the peer resides.
Default: disable
vlan (1 to 4090)
Sets the VLAN for interswitch processing.
ValuesL 14090
proxy disable|enable
Enables or disables a proxy for traffic that ingresses this port. When the PIP is defined,
client address information in Layer 4 requests is replaced with this proxy IP address. In
SLB applications, this forces the response traffic to return through Alteon, rather than
around it, as is possible in complex routing environments.
Proxies are also useful for application redirection and NAT. When pip is used with
application redirection filters, each filter's rport parameter must also be defined (see
rport at /cfg/slb/filt <filter number> SLB Filter Menu, page 529).
Default: disable
filt disable|enable
Enables or disables filtering on this port. Enabling the filter sets up the real server to
examine VPN session table.
Note: After port filtering is enabled or disabled and you apply the change, session
entries are deleted immediately.
Default: disable
add <filter ID (1 to 2048)|block of IDs (first-last)>

Adds a filter or a block of filters for use on this port.
Values: 12048, or block of IDs (for example, 1100)
rem <filter ID (1 to 2048)|block of IDs (first-last)>

Removes a filter or a block of filters from use on this port.
Values: 12048, or block of IDs (for example, 1100)
l3filt <disable|enable>
Enables or disables Layer 3 filtering.
Default: disable
idslb <disable|enable>
Enables or disables Intrusion Detection System (IDS) SLB on this port. IDSLB is
perfomed at the end of filter processing or at the end of client processing when filtering
is not enabled. With client processing, IDSLB is enabled on a port and a real server
group is designated for IDSLB.
Default: disable
547


cur
Displays the current system parameters.
/cfg/slb/nwclss <network class ID>
Network Class Configuration Menu

You can set a network class to include several subnets or IP ranges, which can be used for filtering
and virtual server classification.
[Network Class 1 Menu]

name
- Set network class name
network - Network Element Menu
ipver
- Set IP version
copy
- Copy network class
del
- Delete network class
cur
- Display current network class
Table 376: Network Class Configuration Menu Options (/cfg/slb/nwclss)

name <"32 character name">|none
Sets the network class name.
network
Displays the Network Element menu. To view this menu, see /cfg/slb/nwclss/network
Network Element Configuration Menu, page 549.
ipver <IP version (v4, v6)>

Sets the IP version of the network class.
Values: v4, v6
Default: v4
copy <Copy Network classifer to dest. Network classifert>

Copies the current network class to a new network class.
del
Deletes a network class.
cur
Displays the current network class settings.
548

/cfg/slb/nwclss/network
Network Element Configuration Menu

You can set the network type and network match type to be used with the network class.
[Network Class 1 Network 1 Menu]

net
- Set network element
del
- Delete network element
cur
- Display current network element
Table 377: Network Class Menu Options (/cfg/slb/nwclss/network)

net <range <fromIP>-<toIP> | subnet <IP> <mask>> <exclude|include>
Sets the network type (range or subnet), and the network match type (exclude or
include) of the network element.
Default: include
del
Deletes the network element.
cur
Displays the current network element settings.
/cfg/slb/gslb
Global SLB Configuration

Global Server Load Balancing (GSLB) at any given site performs periodic SLB health checks to
determine the health and response time of the remote real server corresponding to the virtual
server at the remote site. GSLB uses the health and response time to select the server in the GSLB
selection engine. In addition, GSLB sends the health and response time together with the local
session and CPU utilization information that are collectively known as remote site updates.
Alteon performs this periodically on every remote site using the Distributed Site State Protocol
(DSSP). DSSP is a proprietary protocol that resides above TCP. For more information on GSLB and
DSSP, see the Alteon Application Switch Operating System Application Guide.
549

[Global SLB Menu]

site
- Remote Site Menu
network - Network Preference Menu
rule
- Rule Menu
clntprox - Client Proximity Menu
dnsrsvip- Displays the DNS Responder VIP Menu
dnssec
- DNSSEC Menu
version - Set DSSP version 1 or 2 or 3 or 4 or 5 to send out remote site
updates
port
- Set TCP port number for DSSPv2, DSSPv3, DSSPv4 and DSSPv5
remote site updates
sinter
- Set interval in seconds for remote site updates
sesscap - Set sessions utilization capacity threshold (DSSPv2, DSSPv3,
DSSPv4 and DSSPv5)
cpucap
- Set CPU utilization capacity threshold (DSSPv2, DSSPv3, DSSPv4
and DSSPv5)
smask
- Set source IP subnet mask for DNS persistence cache
sprefix - Set source IPv6 prefix for DNS persistence cache
timeout - Set timeout in minutes for DNS persistence cache
mincon
- Set sessions available capacity threshold
noresp
- Set DNS response code when no server is returned
dns
- Enable/disable authoritative DNS direct based GSLB
hostlk
- Enable/disable virtual service hostname matching
redirect - Enable/disable HTTP/HTTPS redirection based GSLB
http
- Enable/disable HTTP redirect based GSLB
usern
- Enable/disable HTTP redirect to remote real server name
norem
- Enable/disable no remote real SLB
encrypt - Enable/disable encrypting remote site updates
on
- Globally turn Global SLB ON
off
- Globally turn Global SLB OFF
cur
- Display current Global SLB configuration
Table 378: Global SLB Menu Options (/cfg/slb/gslb)

site <remote site (1-64)>
Displays the Remote Site menu. To view this menu, see /cfg/slb/gslb/site <site number>
Remote Site Menu, page 553.
network <network (1-128)>

Displays the Network menu. To view this menu, see /cfg/slb/gslb/network <network
number> Network Menu, page 555.
rule <rule (1-128)>

Displays the Rule menu. To view this menu, see /cfg/slb/gslb/rule Rule Menu, page 556.
clntprox
Displays the Client Proximity menu. To view this menu, see /cfg/slb/gslb/clntprox Global
SLB Client Proximity Menu, page 558.
dnsrsvip
Displays the DNS Responder VIP menu. To view this menu, see /cfg/slb/gslb/dnsrsvip
GSLB DNS Responder VIP Menu, page 559.
550


dnssec
Displays the DNSSEC menu. To view this menu, see /cfg/slb/gslb/dnssec GSLB DNSSEC
Menu, page 560.
version <DSSP version 1, 2, 3, 4, or 5>

Sets the Distributed Site State Protocol (DSSP) version that is used to send out the
remote site updates.
port <TCP port number>

Sets the TCP port number for remote site updates for GSLB.
Default: 80
sinter <remote site updates interval in seconds, 10-7200>

Sets the time interval in seconds for remote site updates.
Values: 107200
sesscap <Session utilization capacity threshold (1-100)>

Sets the threshold (percentage) for session utilization capacity.
Default: 90
cpucap <CPU utilization capacity threshold (1-100)>

Sets the threshold (percentage) for the CPU utilization capacity.
Default: 90
smask
<IP subnet mask (eg, 255.255.255.0)>

Sets the source IP netmask for DNS persistence cache.
Default: 255.255.255.0
sprefix <set IP6 prefix len (eg, 64)>

Sets the IPv6 prefix length for DNS persistence cache.
Values: 1128
Default: 64
timeout <timeout in minutes, 1-1440>

Sets the timeout in minutes for DNS persistence cache.
Values: 11440
mincon <available sessions threshold, 0-65535>

Defines the capacity threshold for the sessions available on the real server for GSLB.
Values: 065535
noresp <1-5>
Sets the DNS response code when no server is returned.
Values: 15
551


dns <disable|enable>
Enables or disables responses to DNS queries.
When enabled, Alteon always responds to DNS queries by providing a local virtual server
IP address, as long as the virtual server IP address has healthy real servers with an
aggregate number of available connections equal to the total from each server's
configured maxcons value, minus the server's current number of connections.
When the real servers for the local virtual server IP addresses are unavailable or
saturated, Alteon responds to DNS requests using normal GSLB rules.
If inbound link load balancing is enabled at /cfg/slb/linklb, Alteon ignores this dns
command and does not perform GSLB.
If inbound link load balancing is disabled, and this dns command is enabled, Alteon
performs load balancing, and selects a local or remote VIP, according to the configured
GSLB metrics.
If both link load balancing and this dns command are enabled, Alteon attempts to use
link load balancing. If it fails, it attempts to use the GSLB DNS.
If both link load balancing and this dns command are disabled, Alteon does not respond
to DNS queries.
Default: enable
hostlk <disable|enable>
Enables or disables lookups based on host or domain name in a GSLB configuration.
Values:
disableOnly the domain name will be used to match.
enableThe hostname specified in the virtual service configuration, in addition to the

domain name, is used to resolve the IP address for the domain.
redirect <disable|enable>
Enables or disables HTTP or HTTPS redirection-based GSLB.
http <disable|enable>
Enables or disables HTTP redirects to peer sites by this Alteon.
Values:
disableAlteon does not perform HTTP redirects, but instead drops requests for new
connections and causes the client's browser to eventually issue a new DNS request.
enableAlteon redirects client requests to peer sites if its own real servers fail or
have reached their maximum connection limits.
Default: enable
usern <disable|enable>
Enables or disables an HTTP redirect to a real server name. When a site redirects a client
to another site using an HTTP redirect, the client is redirected to the new site's IP
address.
Values:
disableThe client is not redirected to a real server name.
enableThe client is redirected to the domain name specified by the remote real
server name plus the virtual server domain name.
Default: disable
552


norem
Enables or disables no-remote real server load balancing.
If enabled, Alteon does not perform remote real server load balancing for non-HTTP
protocols. For HTTP protocols, if you want to perform no-remote-real-server load
balancing, you must disable the http parameter (see in this table).
encrypt
Enables or disables encrypting of DSSP updates.
If disabled, Alteon does not encrypt the DSSP messages going out of Alteon. This option
allows the GSLB feature to work with older versions of the Web OS that do not encrypt
DSSP messages.
on
Activates GSLB for this Alteon. This option can be performed only after the optional GSLB
software is activated (for more information, see /oper/swkey Activating Software,
page 617).
off
Turns GSLB off for this Alteon. Any active remote sites still perform GSLB services with
each other, but do not hand off requests to this Alteon.
Default: off
cur
Displays the current GSLB configuration.
/cfg/slb/gslb/site <site number>
Remote Site Menu

Alteon initiates a global server selection to direct client traffic to the best server for a given domain.
Each domain has one or more sites, each site has a virtual server for the domain, each virtual server
has a number of virtual services, and each virtual service has a group of real servers. Each virtual
server has a domain name and each virtual service has a hostname. The combination of a virtual
server and a virtual service is called a domain.
At a local site for a domain, there is a local virtual server but no remote virtual server. The local
virtual server has a number of local virtual services Each local virtual service has a group of local or
remote real servers. The remote real servers are the virtual servers at the remote sites.
Up to 64 remote sites can be configured.
[Remote site 1 Menu]

primaipver - Set primary switch IP address version of remote site
prima
- Set primary switch IP address of remote site
seconipver - Set secondary switch IP address version of remote site
secon
- Set secondary switch IP address of remote site
name
- Set remote site name
update
- Enable/disable remote site updates
ena
- Enable remote site
dis
- Disable remote site
del
- Delete remote site
cur
- Display current remote site configuration
553

Table 379: GSLB Remote Site Menu Options (/cfg/slb/gslb/site)

primaipver <IP version (v4, v6)>
Sets the primary IP address of the remote site.
prima <server IP address>

Defines the IP interface IP address of the primary Alteon at the remote site used for
GSLB. Use dotted decimal notation.
seconipver <IP version (v4, v6)>

Sets the secondary IP address of the remote site.
secon <server IP address>

Sets the IP address of the IP interface of a redundant Alteon at the remote site, if it
exists. If the remote site primary Alteon fails, the local Alteon addresses the remote site
secondary Alteon.
name <31 character name> |none

Sets the name of the remote site.
Default: none
update disable|enable
Enables or disables remote site updates.
Values:
enableAlteon sends regular DSSP updates to its remote peers using HTTP port 80.
Note: When enabled, GSLB uses service port 80 on the IP interface for DSSP updates.
By default, the Browser-Based Interface (BBI) also uses port 80. Both services cannot
use the same port. If both are enabled, configure BBI to use a different service port
(see the /cfg/sys/access/wport option at /cfg/sys/access System Access Control
Configuration, page 271).
disableAlteon does not send state updates. If your local firewall does not permit
this traffic, disable state updates.
Default: enable
pers disable|enable
Enables or disables the remote site persistence cache. GSLB lets you add only up to two
selected servers to the cache for each source IP address. GSLB can forward the same
information to other remote sites to be added to the cache. GSLB deletes the cached
entries when they time out. The cached entries are automatically deleted from the
remote sites when they time out.
ena
Enables this remote site for use with GSLB.
dis
Disables this remote site. Alteon no longer uses this remote site for GSLB.
del
Removes this remote site from operation and deletes its configuration.
cur
Displays the current remote site configuration.
554

/cfg/slb/gslb/network <network number>
Network Menu
Network preference selects a server based on the preferred network of the source IP address for a
given domain. The preferred network contains a subset of the servers for the domain. You can set
up to 1024 network preference numbers.
[Network 1 Menu]
ipver
- Set IP version
sip
- Set source IP address
mask
- Set source IP and network netmask
addvirt - Add virtual server to network
remvirt - Remove virtual server from network
addreal - Add remote real server to network
remreal - Remove remote real server from network
ena
- Enable network
dis
- Disable network
del
- Delete network
cur
- Display current network configuration
Table 380: GSLB Network Menu Options (/cfg/slb/gslb/network)

ipver <IP version (v4, v6)>
Sets the network IP version.
Values:
v4Sets the network version to IPv4.
v6Sets the network version to IPv6.
Default: v4
sip <IP address>

Defines the source (client) IP address. Specify an IP address. A range of IP addresses is
produced when used with the mask option (see in this table).
mask <IP subnet mask (such as, 255.255.255.0)>

mask <set IP6 prefix len (eg, 64)>
Sets the IP address mask (for IPv4 addresses) or prefix (for IPv6 addresses) that is
used with the source IP (SIP) address to determine the source IP subnet for which this
GSLB preference is set.
addvirt <virtual server number (1-1024)>

Adds a virtual server to the network with the value specified.
Default: no virtual server is added
remvirt <virtual server number (1-1024)>

Removes a virtual server from the network.
addreal <real server number (1-1023)>

Adds a real server to the network with the preference value for GSLB client proximity
feature.
remreal <real server number (1-1023)>

Removes a real server from the network.
555

Table 380: GSLB Network Menu Options (/cfg/slb/gslb/network)

ena
Enables the network.
dis
Disables the network.
del
Deletes the network entry.
cur
Displays the current Internet network entry configuration.
/cfg/slb/gslb/rule
Rule Menu
Rules enable the GSLB selection to use different metric preferences based on time-of-day. You can
configure one or more rules on each domain. Each rule has a metric preference list. The GSLB
selection selects the first rule that matches the domain and starts with the first metric in the metric
preference list of the rule.
[Rule 1 Menu]
metric
start
end
ttl
rr
dname
ena
dis
del
cur
Metric Menu
Set start time for rule
Set end time for rule
Set Time To Live in seconds of DNS resource records
Set DNS resource records in DNS response
Set network preference domain name for rule
Enable rule
Disable rule
Delete rule
Display current rule configuration
Table 381: GSLB Rule Configuration Menu Options (/cfg/slb/gslb/rule)

metric <metric (1-16)>
Displays the Rule Metric menu. To view this menu, see /cfg/slb/gslb/rule/metric Global
SLB Rule Metric Menu, page 557.
start <hour (0-23)
minutes (0-59)>
Defines the start time for the rule.

Default: 0
end <hour (0-23)
minutes (0-59)>
Defines the end time for the rule.

Default: 0
556

Table 381: GSLB Rule Configuration Menu Options (/cfg/slb/gslb/rule)

ttl <time to live in seconds (0-65535)>
Specifies the duration that the DNS response from Alteon (indicating the site of best
service) remains in the cache of DNS servers. A lower value may increase the ability of
the GSLB system to adjust to sudden changes in traffic load, but generates more DNS
traffic. Higher numbers may reduce the amount of DNS traffic, but may slow the GSLB's
response to sudden traffic changes.
Values: 065535
Default: 60
rr <rr (1-10)>
Sets the number of DNS resource records are returned in the DNS response.
Default: 2
dname <34 character (wildcard "*" allowed) domain name> | none

Defines the domain name for the rule for network preference.
You can use the wildcard "*" when creating the domain name.
Default: none
ena
Enables the rule.
dis
Disables the rule.
del
Deletes the rule.
cur
/cfg/slb/gslb/rule/metric
Global SLB Rule Metric Menu

[Rule 1 Metric 1 Menu]
gmetric - Set metric to use to select next server
addnet
- Add network to gmetric=network
remnet
- Remove network from gmetric=network
cur
- Display current metric configuration
Table 382: Global SLB Rule Metric Menu Options (/cfg/slb/gslb/rule/metric)

gmetric geographical|network|leastconns|response|roundrobin|random|
availability|qos|minmisses|hash|local|always|remote|persistence|none
Defines the metric to select the next real server for GSLB.
Default: none
557

Table 382: Global SLB Rule Metric Menu Options (/cfg/slb/gslb/rule/metric)

addnet
Adds a network to the selected metric. This applies only if you select network as the
gmetric (see in this table).
remnet <1-128>
Deletes a network that was added to the selected metric.
cur
Displays the current configuration of the metric.
/cfg/slb/gslb/clntprox
Global SLB Client Proximity Menu

Measures the proximity between each data center and the client. Client proximity supports HTTP and
HTTPS traffic because it is based on HTTP redirection.
For more information about the GSLB client proximity metric, see the Alteon Application Switch
[Client Proximity Menu]

time
- Set the max time allowed for clntprox calculation
mask
- Set default netmask for the client cache
age
- Set timeout for each client network entries
cur
- Display current Client Proximity configuration
Table 383: Global SLB Client Proximity Menu (/cfg/slb/gslb/clntprox

time <sec>
Sets the maximum time allowed for the client proximity calculation.
mask
<default netmask>
Sets the default netmask in dotted-decimal format for the client network cache. Masking
this value against the IP address of the client derives the subnetwork address that is
stored in the client network cache.
age (entry timeout(min)>

Serts the timeout value in minutes. To get a fresh cache entry, use a low timeout value.
The timeout value does not apply to the static entries.
Values: 010080
Default: 60
cur
Displays the current client proximity configuration.
558

/cfg/slb/gslb/dnsrsvip
GSLB DNS Responder VIP Menu

Alteon selects the highest available VIP numbers for the DNS Responder VIP. For example, if 1024 is
occupied, Alteon selects the next available VIP numbers (1023, 1022).
[DNS Responder VIP (1024,1023) Menu]

vname
- Set descriptive DNS Responder VIP name
ipver
- Set IP version
vip
- Set IP addr of DNS Responder VIP
ena
- Enable DNS Responder VIP
dis
- Disable DNS Responder VIP
del
- Delete DNS Responder VIP
cur
- Display current DNS Responder VIP configuration
Table 384: Global SLB DNS Responder VIP Menu (/cfg/slb/gslb/dnsrsvip

new
Adds a new DNS Responder VIP.
vname
Sets the descriptive name of the DNS Responder VIP.
ipver
vip
Sets the IP address of the DNS Responder VIP.
ena
Enables the DNS Responder VIP.
dis
Disables the DNS Responder VIP.
del
Deletes the DNS Responder VIP.
cur
Displays current DNS Responder VIP configuration.
559

/cfg/slb/gslb/dnssec
GSLB DNSSEC Menu

[DNSSEC for Global SLB Menu]
key
- DNSSEC signing keys (ZSK/KSK) menu
zonekey
- DNS Zone name to DNSSEC KSK/ZSK association menu
rolltm
- Set automatic rollover Phase timer
kskrolltm - Set KSK Rollover Phase Timer
nsec
- Set NSEC answer type
keymaster
alert
import
export
on
off
nsec3slen
nsec3slt
nsec3hit
cur
Key master for VRRP configurations

Send DNSSEC Alerts in email
Import signing keys (ZSKs and KSK)
Export signing keys (ZSKs and KSK) for a zone
Globally turn DNSSEC ON
Globally turn DNSSEC OFF
Set NSEC3 Salt Length
Set NSEC3 Salt Lifetime
Set NSEC3 Algorithm Hash Iterations
Display current DNSSEC configuration
Table 385: Global SLB DNSSEC Menu (/cfg/slb/gslb/dnssec

key
Displays the DNSSec Key menu. To view this menu, see /cfg/slb/gslb/dnssec/key
DNSSEC Key Menu, page 561.
zonekey
Displays the DNS Zone name to DNSSEC KSK/ZSK association menu. To view this menu,
see /cfg/slb/gslb/dnssec/zonekey GSLB DNSSEC Zone to Key Menu, page 562.
rolltm
Sets the automatic rollover phase timer.
kskrolltm
Sets the KSK rollover phase timer.
nsec
nsec|nsec3
Sets the NSEC answer type.
nsec3slen
Sets the NSEC3 salt length.
nsec3slt
Sets the NSEC3 salt lifetime.
nsec3hit
Sets the NSEC3 hash algorithm iterations.
keymaster
Enables or disables the keymaster for VRRP configurations. When enabling the
keymaster, this Alteon is set as the initiator of DNSSEC key rollover processes in VRRP
scenarios.
560

Table 385: Global SLB DNSSEC Menu (/cfg/slb/gslb/dnssec

alert
Enables sending DNSSEC alerts through email.
import
Imports the signing keys (ZSKs and KSK).
export
Exports the signing keys (ZSKs and KSK).
on
Turns DNSSEC on globally.
off
Turns DNSSEC off globally.
cur
Displays the current DNSSec configuration.
/cfg/slb/gslb/dnssec/key
DNSSEC Key Menu

[DNSSEC Key Menu]
generate - Generate new key
expire
- Set key expiration period
rollover - Set key rollover period
sigvalid - Set key signature validity period
sigpub
- Set key signature publication period
del
- Delete key
ena
- Enable entry
dis
- Disable entry
cur
- Display current key configuration
Table 386: Global SLB DNSSEC Key Menu (/cfg/slb/gslb/dnssec/key

generate zsk|ksk
Generates a new key. Radware recommends setting ZSK expiration to one month, and
KSK expiration to one year.
expire
Sets the key expiration period.
rollover
Sets the key rollover period.
sigvalid
Sets the key signature validity period.
sigpub
Sets the key signature publication period.
561

Table 386: Global SLB DNSSEC Key Menu (/cfg/slb/gslb/dnssec/key

del
Deletes the key.
ena
Enables the entry.
dis
Disables the entry.
cur
Displays the current key configuration.
/cfg/slb/gslb/dnssec/zonekey
GSLB DNSSEC Zone to Key Menu

[DNSSEC Zone to
zone
addksk
addzsk
delksk
delzsk
parentip del
ena
dis
cur
-
Key Menu]
Set DNS Zone name
add existing Key Signing Key to Zone
add existing Zone Signing Key to Zone
del existing Key Signing Key from Zone
del existing Zone Signing Key from Zone
Set KSK Parent IP, required for rollover
Delete Zonekey association
Enable entry
Disable entry
Display current key configuration
Table 387: Global SLB DNSSEC Zone Key Menu (/cfg/slb/gslb/dnsrsvip

zone
Sets the DNS zone name.
addksk
Adds an existing Key Signing Key (KSK) to the zone.
addzsk
Adds an existing Zone Signing Key (ZSK) to the zone.
delksk
Deletes an existing Key Signing Key (KSK) from the zone.
delzsk
Deletes an existing Zone Signing Key (DZSK) from the zone.
parentip <new KSK parent IP address>

Sets the KSK parent IP address, which is required for rollover.
del
Deletes the zone key association.
562

Table 387: Global SLB DNSSEC Zone Key Menu (/cfg/slb/gslb/dnsrsvip

ena
Enables the DNS zone entry.
dis
Disables the DNS zone entry.
cur
Displays the current key configuration.
/cfg/slb/appshape
AppShape++ Script Management

AppShape++ is a framework for customizing application delivery using user-written scripts that
enables users to:
Manipulate and manage applications
Enhance and expand native Alteon functinalities
Reduce the development effort required for to customize Alteon
For more information on AppShape++, see the Alteon Application Switch Operating System
Application Guide.
[AppShape++ Repository Menu]

script
- AppShape++ Script Menu
cur
- Display current AppShape++ configuration
Table 388: AppShape++ Repository Menu Options (/cfg/slb/appshape)

script <script ID (alphanumeric)>
Displays the AppShape++ Script menu. To view this menu, see /cfg/slb/appshape/script
<script ID (alphanumeric)> AppShape++ Script Menu, page 563.
cur
Displays the current AppShape++ scripts.
/cfg/slb/appshape/script <script ID (alphanumeric)>
AppShape++ Script Menu

[AppShape++ script <script id (alphanumeric)> Menu]
name
- Set descriptive AppShape++ script name
import
- Import AppShape++ script
export
- Export AppShape++ script
ena
- Enable script
dis
- Disable script
del
- Delete script
cur
- Display current script
563

Table 389: AppShape++ Script Menu Options (/cfg/slb/appshape/script <script ID

(alphanumeric)>)

name
Sets the name for the AppShape++ script.
import [[text]|[file < hostname [-v4|-v6]|v4 or v6 IP address > <filename> <tftp|username password> [-mgmt|-data] [-scp]]
Adds the AppShape++ script to the repository. You can paste the script as text, or you
can import a file containing a script.
export [[text]|[file <hostname [-v4|-v6]|v4 or v6 IP address> <filename> <tftp|username password> [-mgmt|-data] [-scp]]
Exports the AppShape++ script from the repository. You can export a script by copying it
from the repository, or you you can export a script to a file.
ena
Enables the AppShape++ script.
dis
Disables the AppShape++ script.
del
Deletes the AppShape++ script from the repository.
cur
Displays the AppShape++ script.
/cfg/slb/wap
WAP Configuration
[WAP Options Menu]
tpcp
- Enable/disable WAP TPCP external notification
debug
- WAP debug level
cur
- Display current WAP configuration
Table 390: WAP Configuration Menu Options (/cfg/slb/wap)

tpcp disable|enable
Enables or disables the TPCP external notification for add/delete session requests.
Default: disable
debug <wap debug level (0-10)>

Sets the debug level for tracing the WAP related messages.
Default: 0
cur
Displays the current WAP configuration
564

/cfg/slb/sync
Synchronize Peer Configuration

To synchronize the configuration between two Alteons, a peer must be configured and enabled on
each Alteon. Peers being synchronized must use the same administrator password. Peers are sent
SLB, FILT, and VRRP configuration updates using the /oper/slb/sync command.
Notes
For a dedicated (non-virtual) ADC and for vADC instances, this synchronization command is
operated through a data port and cannot be operated from the management interface.
Sessions 33-64 in the auxiliary session table are not synchronized with the backup Alteon.
[Config Synchronization Menu]

peer
- Synch Peer Switch Menu
filt
- Enable/disable syncing filter configuration
ports
- Enable/disable syncing port configuration
route
- Enable/disable syncing static route configuration
prios
- Enable/disable syncing VRRP priorities
pips
- Enable/disable syncing proxy IP addresses
peerpips - Enable/disable syncing peer proxy IP addresses
bwm
- Enable/disable syncing BWM configuration
state
- Enable/disable syncing persistent session state
rsync
- Enable/disable syncing route table
certs
- Enable/disable syncing certificate repository components
passphrs - Set passphrase to encrypt/decrypt synced certificates' private
keys
update
- Set stateful failover update period
rupdate - Set sync route update period
rhold
- Set time to hold the sync routes after failover
cur
- Display current Layer 4 sync configuration
Table 391: Synchronization Menu Options (/cfg/slb/sync)

peer <peer switch number (1-2)>
Displays the Peer Switch menu. To view this menu, see /cfg/slb/sync/peer <peer switch
number> Peer Switch Configuration, page 567.
Default: enable
filt disable|enable
Enables or disables synchronizing the filter configuration.
Default: disable
Enables or disables synchronizing the Layer 4 port configuration.
Default: enable
route disable|enable
Enables or disables synchronizing static routes.
Default: enable
565


prios disable|enable
Enables or disables synchronizing VRRP priorities.
Default: enable
pips disable|enable
Enables or disables synchronizing proxy IP addresses.
Default: disable
peerpips disable|enable
Enables or disables synchronizing the peer proxy IP addresses. Peer proxy IP addresses
are used in VRRP active-active configurations.
Default: disable
bwm disable|enable
Enables or disables synchronizing Bandwidth Management configuration between
master and backup Alteons.
Default: enable
state disable|enable
Enables or disables stateful failover for synchronizing the persistent session state.
Default: disable
rsync disable|enable
Enables or disables route table synchronization.
Default: disable
certs
Enables or disables synchronizing certificate repository components.
When enabled, the passphrase to encrypt the private keys during configuration sync
must be set at all peers using passphrs (see in this table). The same passphrase should
be set at all peers.
Default: disable
passphrs
Sets the passphrase to encrypt and decrypt the private keys of synced certificates.
Note: To encrypt and decrypt certificate private keys during synchronization
configuration, the passphrase must be set at all peers.
update <seconds, 160>

Sets the stateful failover update interval. The active Alteon sends update packets of new
persistent binding entries, if any, to the backup Alteon at the specified update interval.
Default: 30 seconds
rupdate
Sets the time interval of route table updates from master.
Values: 10-600 seconds
Default: 30
566


rhold
Sets the time after which the routes are cleaned up from the newly elected master after
a failover.
Values: 10-600 seconds
Default: 30
cur
Displays the current Layer 4 synchronization configuration.
/cfg/slb/sync/peer <peer switch number>
Peer Switch Configuration

To synchronize the configuration between two Alteons, a peer must be configured and enabled on
each Alteon. Alteons being synchronized must use the same administrator password.
[Peer Switch 1 Menu]

addr
- Set peer switch IP address
ena
- Enable peer switch
dis
- Disable peer switch
del
- Delete peer switch
cur
- Display current peer switch configuration
Table 392: Peer Switch Configuration Menu Options (/cfg/slb/sync/peer)

addr <IP address (v4 or v6)>
Sets the peer IP address. The following prompts display:
Current IP address:
Enter new IP address (v4 or v6):
ena
Enables the peer for this Alteon.
Default: dis
dis
Disables the peer for this Alteon.
Default: dis
del
Deletes the peer for this Alteon.
cur
Displays the current peer configuration.
567

/cfg/slb/adv
Advanced Layer 4 Configuration

[Layer 4 Advanced Menu]
synatk
- SYN Attack Detection Menu
smtport - Service Mapping Table Real Port Menu
imask
- Set virtual and real IP address mask
nmask
- Set session mask
mnet
- Set management network
mmask
- Set management subnet mask
pmask
- Set persistent mask
pprefix - Set ipv6 persistent prefix length
intrval - Set SLB session attack inspection interval
allowlim - Set SLB session attack alert allowable limit
mstat
- Set measuring period for HTTP related statistics
submac
- Enable/disable Source MAC address substitution
direct
- Enable/disable Direct Access Mode
grace
- Enable/disable graceful real server failure
clrbkp
- Enable/Disable clear backup
matrix
- Enable/disable Virtual Matrix Architecture
vmasport - Enable/disable VMA with source port
vmadip
- Enable/disable VMA with destination IP
tpcp
- Enable/disable Transparent Proxy Cache Protocol
vstat
- Enable/disable Virtual Service Statistics
rtsvlan - Enable/disable using VLAN info for real server lookup
pvlantag - Enable/disable preserving vlan tag during packet forwarding
portbind - Enable/disable Ingress Port For Session Table Binding
rstchk
- Enable/disable TCP RST Secure Sequence Number Check
srvckdata - Enable/disable server return data check
clsrst
- Enable/disable Session clear on RST
subdmac - Enable/disable DMAC substitution
valcksum - Enable/disable Layer 7 IP/TCP Checksum Validation
riphash - Enable/disable Include RIP in AUX table hashing
sessvpt - Enable/disable session VPT update
sessdrop - Enable/disable drop client traffic that matches fastage session
fastage - Session table fast-age (1 sec) period bit shift
slowage - Session table slow-age (2 min) period bit shift
millisec - Enable/disable millisecond resolution for timers
rtsiplkp - Enable/Disable RTS-IP lookup
vmacbkp - Enable/Disable VMAC use on backup switch
fmrport - Enable/Disable fine tuning of multi RPORT LB
cur
- Display current Layer 4 advanced configuration
ftpdage - Set FTP Data session age
Table 393: Layer 4 Advanced Menu Options (/cfg/slb/adv)

synatk
Displays the SYN Attack Detection menu. To view this menu, see /cfg/slb/adv/synatk
SYN Attack Detection Configuration Menu, page 574.
568


smtport
Displays Service Mapping Table (SMT) Real Port menu. To view this menu, see /cfg/slb/
adv/smtport Advanced SMT Real Server Port Configuration Menu, page 575.
Using this menu you can add or remove real server service ports that process client
traffic by-passing the server, meaning that this service port's client request is not
processed by the server processor.
imask
<IP subnet mask (such as 255.255.255.0)>

Configures the real and virtual server IP address mask using dotted decimal notation.
Default: 255.255.255.255
nmask
<IP subnet mask (such as 255.255.255.0)>

Configures the session mask.
Default: 0.0.0.0
mnet <IP address>

If defined, management traffic with this source IP address is allowed direct (non-Layer
4) access to the real servers.
Specify an IP address in dotted decimal notation. A range of IP addresses is produced
when used with the mmask option (see in this table).
mmask <IP subnet mask (such as 255.255.255.0)>

This IP address mask is used with the mnet (see in this table) to select management
traffic which is allowed direct access to real servers.
Default: 255.255.255.255
pmask <IP subnet mask (such as 255.255.255.0)>

Sets persistent mask.
Default: 255.255.255.255
pprefix <1-128>
Sets the IPv6 persistent prefix length.
intrval <time window for collecting sessions (0-3600)>

Sets the interval for checking the SLB sessions (attacks) Alteon has received. At the
configured interval, Alteon checks if the number of sessions is within the configured
limits. You can set this limit by using allowlim (see in this table).
allowlim <allowable limit (1-2097104)>

Sets the maximum number of sessions Alteon can receive at any given period. If the
number of sessions exceeds this limit, Alteon generates a syslog and an SNMP trap to
alert the administrator that Alteon is under SLB attack.
569


mstat <Statistics measuring period in seconds (1-3600)>
Sets the measuring period for acceleration, HTTP, and SSL offloading statistics. The
current statistics always show the results of the previous measuring period. Because
numbers are updated at the end of every measuring period, a longer period gives better
average results but lowers the ability to see real-time monitoring values. Any change in
the measuring period value also resets the statistics.
Note: Only enabled objects are shown in the statistics.
Default: 5 seconds
submac disable|enable
Enables or disables global source MAC address substitution.
Typically (default), the source MAC is not modified for the packets going to the servers
in an SLB environment and the client request is forwarded to the server with the MAC
address of the client. However, if you enable this command, Alteon substitutes the
client source MAC address, for the packets going to the server, with the Alteon MAC
address.
Note: Source MAC address substitution can also be enabled per real service, using
the command /cfg/slb/real/adv/submac. Global submac configuration
supersedes the per real service configuration.
Default: disable
Enables or disables Direct Access Mode (DAM) to real servers or services. This also
allows any virtual server to load balance any real server.
Default: disable
570


grace disable|enable
Enables or disables graceful real server failure. Allows existing sessions to remain
bound to a server after the server has been placed in the service failed state.
Values:
disableDisables this feature.
If sessdrop is disabled, the session is revived.
If sessdrop is enabled, the session is dropped. For TCP traffic, a session reset
is sent.
enableEnables this feature.
If sessdrop is either enabled or disabled and server health checking is down,

either because the server is down or there is server failure, the session is
revived.
If sessdrop is disabled, and if the real server is disabled either through

configuration or operationally, the following prompt displays:
Graceful real server failure is enabled, fastage existing

sessions? [y/[n]]
yThe session is revived per the fastage value.
nThe session is revived per the slowage value.
If sessdrop is enabled, and if the real server is disabled either through

sessions? [y/[n]]
yThe session is dropped. For TCP traffic, a session reset is sent.
nThe session is revived.
For more information on graceful real server failure, see the section on Service Failure
in the Alteon Application Switch Operating System Application Guide.
Default: disable
clrbkp disable | enable

Enables or disables the session clear out to the backup server when the master server
resumes the service.
Default: disable
matrix disable|enable
Enables or disables the use of Virtual Matrix Architecture (VMA).
Default: enable
vmasport enable|disable
Enables or disables VMA with the source port.
vmadip enable|disable
Enables or disables VMA with the destination IP.
tpcp disable|enable
Enables or disables the TPCP (Transparent Proxy Cache Protocol). This command is
used for security reasonsthe UDP port can be closed.
Default: disable
571


vstat disable|enable
Enables or disables reporting of virtual service statistics.
rtsvlan disable|enable
Enables or disables the use of VLAN for Return to Sender (RTS) information on the real
server.
pvlantag
Enables or disables preserving VLAN tag during packet forwarding.
portbind disable|enable
Enables or disables the inclusion of the ingress port number in the session table lookup.
rstchk disable|enable
Enables or disables the TCP RST secure sequence number check.
srvckdata disable|enable
Enables or disables the server return data check.
Default: disable
Values:
must be disabled.
Default: disable
subdmac disable|enable
Enables or disables DMAC substitution.
valcksum disable|enable
Enables or disables Layer 7 IP/TCP checksum validation.
riphash disable|enable
Enables or disables including RIP in AUX table hashing.
sessvpt
Enables or disables updating session VPTs.
572


sessdrop disable|enable
Enables or disables dropping client traffic that matches the existing session in fastage.
Values:
disableDisables this feature.
If graceful failover (grace) is disabled, the session is revived.
If graceful failover is enabled and server health checking is down, either

because the server is down or there is server failure, the session is revived.
If graceful failover is enabled, and if the real server is disabled either through

sessions? [y/[n]]
yThe session is revived per the fastage value.

nThe session is revived per the slowage value.
enableEnables this feature.
If graceful failover (grace) is disabled, the session is dropped. For TCP traffic, a
session reset is sent.
If graceful failover is enabled and server health checking is down, either

because the server is down or there is server failure, the session is revived.
If graceful failover is enabled, and if the real server is disabled either through

sessions? [y/[n]]
yThe session is dropped. For TCP traffic, a session reset is sent.
nThe session is revived.
Default: disable
fastage <shift the fast-age (xsec) period 0-7 bits>

Controls how frequently a fastage scan is performed. Each incremental increase of the
value doubles the length of the interval.
The fastage scan is used to remove TCP sessions that have been closed with a FIN and
sessions that have been identified by the slowage scan as idle for the maximum allowed
period. If a large fastage value is defined, a session can remain in the session table for
a few minutes.
Note: This command is relevant for non-proxied connections only. When the dbind
option for a service is set to forceproxy, connections are aged immediately.
Default: 0 (2 seconds)
slowage <shift the slow-age (xmin) period 0-14 bits>

Controls how frequently a slowage scan is performed. Each incremental increase of the
value doubles the length of the interval. The value is set in bits rather than seconds,
which causes the time to double per increment.
The slowage scan is used to remove idle or non-TCP sessions from the session table at
the specified intervals. If a large slowage value is used, a session can remain in the
session table for months.
Default: 0 (2 minutes)
millisec
Enables or disables millisecond resolution for timers.
573


rtsiplkp
Enables or disables RTS-IP lookup.
vmacbkp
Enables or disables VMAC substitution on the backup Alteon.
fmrport
Enables or disables the fine tuning of multi RPORT LB.
cur
Displays the current Layer 4 advanced configuration.
ftpdage
Sets the FTP data session age.
/cfg/slb/adv/synatk
SYN Attack Detection Configuration Menu

[SYN Attack Detection Menu]
syncokie - Set SYN cookie response interval
intrval - Set SYN attack detection interval
thrshld - Set SYN attack alarm threshold
on
- Globally turn SYN Attack Detection ON
off
- Globally turn SYN Attack Detection OFF
cur
- Display current SYN attack detection configuration
Table 394: SYN Attack Detection Menu Options (/cfg/slb/adv/synatk)

syncokie <SYN cookie response interval in milliseconds (20-1000)>
Sets the interval of SYN cookie response.
intrval <SYN attack check interval in seconds (2-3600)>

Sets the interval of SYN attack inspection.
thrshld <SYN attack alarm threshold (new half-open sessions/second)

1-100000)>
Sets the threshold of SYN attack alarm.
on
Globally turns SYN Attack Detection ON.
off
Globally turns SYN Attack Detection OFF.
cur
Displays the current SYN attack detection configuration.
574

/cfg/slb/adv/smtport
Advanced SMT Real Server Port Configuration Menu

[SMT Real Port Menu]
add
- Add real port
remove
- Remove real port
cur
- Display real port configuration
Table 395: Advanced SMT Real Server Port Menu Options (/cfg/slb/adv/smtport)

add <real server port (2-65534)>
Adds a service port to the real server that is configured to process client traffic bypassing
the server processor.
remove <real server port (2-65534)>

Removes a service port from the real server that is configured to process client traffic
bypassing the server processor.
cur
Displays real port configuration.
/cfg/slb/linklb
Inbound Link Load Balancing Configuration Menu

[Inbound Linklb
drecord group
ttl
ena
dis
cur
-
Menu]
Domain Record Menu
Set real server group
Set Time to Live of DNS resource records
Enable Inbound Linklb
Disable Inbound Linklb
Display current Inbound Linklb configuration
Table 396: Inbound Link Load Balancing Configuration Menu Options (/cfg/slb/linklb)

drecord <domain record number (1-64)>
Displays the Domain Record menu. To view this menu, see /cfg/slb/linklb/drecord
Inbound Link Load Balancing Domain Record Menu, page 576.

Sets the real server ISP group number.
ttl <time to live in seconds (0-65535)>

Sets the time-to-live for DNS resource records.
ena
Enables inbound link load balancing.
dis
Disables inbound link load balancing.
cur
Displays current inbound link load configuration.
575

/cfg/slb/linklb/drecord
Inbound Link Load Balancing Domain Record Menu

[Domain Record
entry
domain
ena
dis
del
cur
-
domain_number Menu]
Virt Real Mapping Menu
Set Domain Name
Enable Domain Record
Disable Domain Record
Delete Domain Record
Display current Domain Record configuration
Table 397: Inbound Link Load Balancing Domain Record Menu Options (/cfg/slb/linklb/drecord)

entry <linklb entry number (1-8)>
Displays the Virt Real Mapping menu for the virtual and real servers. To view this menu,
see /cfg/slb/linklb/drecord/entry Virt Real Mapping Menu, page 576.
domain <64 character domain name> |none

Configures the domain name.
Default: none
ena
Enables the domain records.
dis
Disables the domain records.
del
Deletes the domain records.
cur
Displays the current domain records.
/cfg/slb/linklb/drecord/entry
Virt Real Mapping Menu

[Virt Real
virt real ena dis del cur -
Mapping 1 Menu]
Set Virtual Server Number
Set Real Server Number
Enable Entry
Disable Entry
Delete Entry
Display current Entry configuration
Table 398: Inbound Link Load Balancing Mapping Options

virt <virtual server number, 1-1024>
Defines the virtual server number for mapping.
real
Defines the real server number for mapping.
576

Table 398: Inbound Link Load Balancing Mapping Options

ena
Enables the entry for drecords.
dis
Disables the entry for drecords.
del
Deletes the entry for drecords.
cur
Displays the current real and virtual server mappings for drecord entries.
/cfg/slb/advhc
Advanced Health Check Menu

[Layer 4 Advanced Health Check Menu]
health
- Health Check Menu
ldapver - LDAP version
secret
- Set RADIUS secret
minter
- Set interval of response and bandwidth metric updates
cur
- Display current advanced health check configuration
Table 399: Advanced Health Check Menu Options (/cfg/slb/advhc)

health <health check id>
Displays the Health Check menu. To view this menu, see /cfg/slb/advhc/health <type>
Health Check Configuration, page 578.
ldapver <LDAP version>

Sets the LDAP version.
Values: 2, 3
Default: 2
secret <1-32 character secret> | none

To perform application health checking to a RADIUS server, the network administrator
must configure this value and in a addition to a username:password (see /cfg/sys/
access/user User Access Control Menu, page 275).
This value is a field is used by Alteon to encrypt a password during the execution of the
RSA Message Digest Algorithm (MD5), and by the RADIUS server to decrypt the
password during verification.
Default: none
minter <number of seconds between updates (1-256)>

Sets the interval of response and bandwidth metric updates.
Default: 10
cur
Displays the current Layer 4 advanced health check configuration.
577

/cfg/slb/advhc/health <type>
Health Check Configuration

Use this menu to configure health checks based on the selected application type. after selecting a
type for a health check, you cannot change. Each application has its own health check menu. The
first menu example displays the general health check configuration menu and includes commands
common to all services. The subsequent menu examples are application-specific and the command
descriptions are only for those commands that are specific to that application. For all common
commands, refer to the general health check configuration menu.
The following is the list of the application-specific menus that are described in this section.
For the list of commands common to all applications, see cfg/slb/advhc/health <general> Health
Check Configuration, page 579.
Table 400: List of Application-Specific Health Check Configuration Menus
Menu
Description
arp
For the application-specific commands, see /cfg/slb/advhc/health <health check

ID>/arp ARP Health Check Configuration, page 580.
dhcp

ID>/dhcp DHCP Health Check Configuration, page 581.
dns

ID>/dns DNS Health Check Configuration, page 582.
ftp

ID>/ftp FTP Health Check Configuration, page 583.
http/https

ID> http HTTP/HTTPS Health Check Configuration, page 585.
icmp

ID>/icmp ICMP Health Check Configuration, page 587.
imap

ID>/imap IMAP Health Check Configuration, page 587.
ldap/ldaps

ID>/ldap LDAP Health Check Configuration, page 588.
nntp

ID>/nntp NNTP Health Check Configuration, page 589.
pop3

ID>/pop3 POP3 Health Check Configuration, page 590.
radius

ID> radius RADIUS Health Check Configuration, page 591.
rtsp

ID>/rtsp RTSP Health Check Configuration, page 592.
script

ID>/script SCRIPT Health Check Configuration, page 594.
sip

ID>/sip SIP Health Check Configuration, page 596.
smtp

ID>/smtp SMTP Health Check Configuration, page 597.
smnp

ID>/snmp SNMP Health Check Configuration, page 598.
sslhello

ID>/sslhello SSL H ello Health Check Configuration, page 599.
578

Table 400: List of Application-Specific Health Check Configuration Menus (cont.)
Menu
Description
tcp

ID>/tcp TCP Health Check Configuration, page 600.
tftp

ID>/tftp TFTP Health Check Configuration, page 600.
udp

ID>/udp UDP Health Check Configuration, page 601.
wap

ID>/wap WAP Health Check Configuration, page 601.
wts

ID>/wts WTS Health Check Configuration, page 602.
logexp

ID>/logexp LOGEXP Health Check Configuration, page 603.
cfg/slb/advhc/health <general>
Health Check Configuration

[<General> Health Check example Menu]
name
- Set descriptive health check name
dport
- Set destination port
dest
- Set destination address or hostname
inter
retry
- Set number of failed attempts to declare server down
restr
- Set number of successful attempts to declare server up
timeout - Set max seconds to wait for response
downtime - Set interval between health checks when server is down
invert
- Enable/disable invert of expected result
copy
- Copy health check
del
- Delete health check
cur
- Display current health check
Table 401: Health Check Menu Options (/cfg/slb/advhc/health <general>)

name
Sets the descriptive health check name.
dport [2-65534|none]
Sets the destination port.
Default: none
dest <IP address|hostname|none>

Sets the destination address or hostname.
You are first prompted to enter the IP version.
inter [1-600]
Sets the interval in seconds between health checks.
Default: 5
579

Table 401: Health Check Menu Options (/cfg/slb/advhc/health <general>)

retry [1-63]
Sets the number of failed attempts to declare a server is down.
Default: 4
restr [1-63]
Sets the number of successful attempts to declare a server is up.
Default: 2
timeout [0-600]
Sets the maximum number of seconds to wait for a response. This value must be lower or
equal to the interval parameter. When set to 0, the timeout parameter equals the
interval parameter.
Default: 5
downtime [0-600]
Sets the interval between health checks when a server is down. When set to 0, the
downtime parameter equals the interval parameter.
Default: 0
invert
Enables or disables the inversion of the expected result.
Default: Disabled
copy
Copies the health check to another health check ID destination.
del
Deletes the health check.
cur
Displays the current health check configuration.
/cfg/slb/advhc/health <health check ID>/arp
ARP Health Check Configuration

The ARP Health Check menu does not contain any application-specific commands. For all common
commands, refer to cfg/slb/advhc/health <general> Health Check Configuration, page 579.
Note: You cannot set a destination port for the ARP health check.
580

[ARP Health Check <HC ID> Menu]

name
dest
inter
retry
restr
invert
copy
- Copy health check
del
cur
/cfg/slb/advhc/health <health check ID>/dhcp
DHCP Health Check Configuration

commands. For all common commands, refer to cfg/slb/advhc/health <general> Health Check
[DHCP Health Check <HC ID> Menu]

name
dhcp
- Health Check Parameters Menu
dport
- Set application port
dest
inter
retry
restr
invert
copy
- Copy health check
del
cur
Table 402: Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/dhcp)

dhcp
Displays the DHCP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/dhcp/dhcp DHCP Health Check Parameters, page 581.
/cfg/slb/advhc/health <health check ID>/dhcp/dhcp
DHCP Health Check Parameters

[DHCP Health Check <HC ID> dhcp Menu]
type
- Set DHCP message type
sport
- Set source port or DHCP message
cur
- Display current send configuration
581

Table 403: DHCP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/dhcp/dhcp)

type [inform|request|inherit]
Sets the DHCP message type.
Values:
inform
request
inheritTakes the value from the content value of the group to which this health is
bound.
sport [random|strict|inherit]
Sets the source port for the DHCP message.
Values:
inheritTakes the value from the content value of the group to which this health
check is bound.
strictUses port 68 for the IPv4 destination and port 546 for the IPv6 destination.
cur
/cfg/slb/advhc/health <health check ID>/dns
DNS Health Check Configuration

[DNS Health Check <HC ID> Menu]

name
dns
protocol - Set health check protocol (TCP/UDP)
dport
dest
inter
retry
restr
downint - Set interval between health checks when server is down
invert
- Copy health check
copy
- Copy health check
del
cur
Table 404: DNS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/dns)

dns
Displays the DNS Health Check Parameters menu. To view this menu, see /cfg/slb/advhc/
health <health check ID>/dns/dns DNS Health Check Parameters, page 583.
582

Table 404: DNS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/dns)

protocol
Sets the health check protocol (TCP/UDP).
Default: UDP
/cfg/slb/advhc/health <health check ID>/dns/dns
DNS Health Check Parameters

[DNS Health Check <HC ID> dns Menu]
domain
- Set the domain to be resolved
cur
Table 405: DNS Health Check Parameters (/cfg/slb/advhc/health <health check ID>/dns/dns)

domain
<domain|inherit|none>
Sets the domain to be resolved.
Values:
domain
check is bound.
none
cur
/cfg/slb/advhc/health <health check ID>/ftp
FTP Health Check Configuration

[FTP Health Check <HC ID> Menu]

name
ftp
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
583

Table 406: FTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/ftp)

ftp
Displays the FTP Health Check Parameters menu. To view this menu, see /cfg/slb/advhc/
health <health check ID>/ftp/ftp FTP Health Check Parameters, page 584.
/cfg/slb/advhc/health <health check ID>/ftp/ftp
FTP Health Check Parameters

[FTP Health Check <HC ID> ftp Menu]
login
- Set login username and password
filename - Set the name of the file to be download
cur
Table 407: FTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/ftp/ftp)

login
Sets the login username and password.
filename <path/filename|inherit|none>
Sets the name of the file to be downloaded.
Values:
path/filename
check is bound.
none
cur
584

/cfg/slb/advhc/health <health check ID> http
HTTP/HTTPS Health Check Configuration

[HTTP Health Check <HC ID> Menu]

name
http
ssl
- Enable/disable SSL for HTTPS Health check
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 408: HTTP/HTTPS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/
http)

http
Displays the HTTP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/http/http HTTP Health Check Parameters, page 585.
ssl
Enables or disables SSL for HTTPS health checks.
/cfg/slb/advhc/health <health check ID>/http/http
HTTP Health Check Parameters

[HTTP Health Check <HC ID> http Menu]
method
- Set HTTP method
host
- Set host header
path
- Set request path
header
- Set request header
body
- Set request body
auth
- Set authentication
response - Set expected response
proxy
- Enable/disable proxy request
cur
585

Table 409: HTTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/http>/http)

method [get|head|post]
Sets the HTTP method.
Default: get
host <host|inherit|none>
Sets the host header.
Values:
host
inheritTakes the value from the virtual service hostname (hname) and virtual
server domain name (dname) values of the group to which this health check is
bound.
none
path path|inherit|none
Sets the request path.
header <512 chars headers separated by enter|none>

Sets the request header.
body <1024 chars body|none>

Sets the request body.
auth [none|basic|ntlm2]
Sets the authentication type (none, basic or ntlm2), username, and password.
response [incl|regex|none]
Sets the expected response. The return string can only be configured if the return string
type is not set to none.
proxy
Enables or disables the proxy request.
cur
586

/cfg/slb/advhc/health <health check ID>/icmp
ICMP Health Check Configuration

The ICMP Health Check menu does not contain any application-specific commands. For all common
[ICMP Health Check <HC ID> Menu]

name
dport
dest
inter
retry
restr
invert
copy
- Copy health check
del
cur
/cfg/slb/advhc/health <health check ID>/imap
IMAP Health Check Configuration

[IMAP Health Check <HC ID> Menu]

name
imap
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 410: IMAP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/imap)

imap
Displays the IMAP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/http/http HTTP Health Check Parameters, page 585.
/cfg/slb/advhc/health <health check ID>/imap/imap
IMAP Health Check Parameters

[IMAP Health Check <HC ID> imap Menu]
auth
- Set username and password for authorization
cur
587

Table 411: IMAP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/imap/imap)

auth
Sets the username and password for authorization.
cur
/cfg/slb/advhc/health <health check ID>/ldap
LDAP Health Check Configuration

[LDAP Health Check <HC ID> Menu]

name
ldap
ssl
- Enable/disable SSL for LDAPS Health check
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 412: LDAP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/ldap)

ldap
Displays the LDAP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/ldap/ldap LDAP Health Check Parameters, page 588.
ssl
Enables or disables SSL for LDAP health checks.
/cfg/slb/advhc/health <health check ID>/ldap/ldap
LDAP Health Check Parameters

[LDAP Health Check <HC ID> ldap Menu]
bind
- Set LDAP bind request
cur
588

Table 413: LDAP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/ldap/ldap)

bind
Sets the LDAP bind request using the base distinguish name, username, and password.
When the base distinguish name is set to inherit, the value is taken from the content
value of the group to which this health check is bound.
cur
/cfg/slb/advhc/health <health check ID>/nntp
NNTP Health Check Configuration

[NNTP Health Check <HC ID> Menu]

name
nntp
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 414: NNTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/nntp)

nntp
Displays the NNTP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/nntp/nntp NNTP Health Check Parameters, page 589.
/cfg/slb/advhc/health <health check ID>/nntp/nntp
NNTP Health Check Parameters

[NNTP Health Check <HC ID> nntp Menu]
bind
- Set LDAP bind request
cur
589

Table 415: NNTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/nntp/nntp)

newsgrup <up to 128 chars newsgroup name|inherit>
Sets the newsgroup name.
Values:
inheritTakes this value from the content value of the group to which this health
check is bound.
cur
/cfg/slb/advhc/health <health check ID>/pop3
POP3 Health Check Configuration

[POP3 Health Check <HC ID> Menu]

name
pop3
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 416: POP3 Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/pop3)

pop3
Displays the POP3 Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/pop3/pop3 POP3 Health Check Parameters, page 590.
/cfg/slb/advhc/health <health check ID>/pop3/pop3
POP3 Health Check Parameters

[POP3 Health Check <HC ID> pop3 Menu]
auth
cur
590

Table 417: POP3 Health Check Parameters (/cfg/slb/advhc/health <health check ID>/pop3/pop3)

auth <username password|inherit|none>
Values:
usernameAt the prompt, enter the username and password.
check is bound.
cur
/cfg/slb/advhc/health <health check ID> radius
RADIUS Health Check Configuration

[RADIUS Health Check <HC ID> Menu]

name
radius
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 418: RADIUS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/radius)

radius
Displays the RADIUS Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/radius/radius RADIUS Health Check Parameters,
page 591.
/cfg/slb/advhc/health <health check ID>/radius/radius
RADIUS Health Check Parameters

[RADIUS Health Check <HC ID> radius Menu]
type
- Set RADIUS type
auth
secret
- Set shared secret for authorization
cur
591

Table 419: RADIUS Health Check Parameters (/cfg/slb/advhc/health <health check ID>/radius/
radius)

type [auth|account]
Sets the RADIUS type.
Values:
authusername, password, and secret must be defined.
account
Default: auth
auth <username password|inherit|none>

Values:
username and password for authorization
check is bound.
secret <up to 32 chars shared secret|inherit>

Sets the shared secret for authorization.
Values:
inheritTakes this value from the secret value of the group that this health check is
bound to. If the group secret value is empty, this value is taken from the secret
value of the advanced health check.
cur
/cfg/slb/advhc/health <health check ID>/rtsp
RTSP Health Check Configuration

[RTSP Health Check <HC ID> Menu]

name
rtsp
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
592

Table 420: RTSP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/rtsp)

rtsp
Displays the RTSP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/rtsp/rtsp RTSP Health Check Parameters, page 593.
/cfg/slb/advhc/health <health check ID>/rtsp/rtsp
RTSP Health Check Parameters

[RTSP Health Check <HC ID> rtsp Menu]
method
- Set RTSP method
describe - Set host name and path for describe request
response - Set response code(s)
cur
Table 421: RTSP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/rtsp/rtsp)

method [options|describe|inherit]
Sets the RTSP method.
Values:
options
describeThe hostname and path are required.
inheritTakes the hostname and path values from the content value of the group to
which this health check is bound.
Default: options
describe
Sets the host name and path for the describe request.
response
Sets the response codes. You can set up to 10 response codes separated by a comma.
cur
593

/cfg/slb/advhc/health <health check ID>/script
SCRIPT Health Check Configuration

[SCRIPT Health Check <HC ID> Menu]

name
script
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 422: SCRIPT Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/script)

script
Displays the SCRIPT Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/rtsp/rtsp RTSP Health Check Parameters, page 593.
/cfg/slb/advhc/health <health check ID>/script/script
SCRIPT Health Check Parameters

[SCRIPT Health Check <HC ID> script Menu]
open
- Add open command to end of script
send
- Add send command to end of script
bsend
- Add binary send command to end of script
nsend
- Add additional send binary string to end of script
expect
- Add expect command to end of script
bexpect - Add binary expect command to end of script
nexpect - Add additional expect binary string to end of script
offset
- Add offset command to end of script
depth
- Add depth command to end of script
wait
- Add wait command to end of script
close
- Add close command to end of script (TCP only)
rem
- Remove last command from script
cur
- Display current script configuration
Table 423: SCRIPT Health Check Parameters (/cfg/slb/advhc/health <health check ID>/script/
script)

open
Adds the open command to the end of the script.
594

Table 423: SCRIPT Health Check Parameters (/cfg/slb/advhc/health <health check ID>/script/
script) (cont.)

send
Adds the send command to the end of the script.
bsend
Adds the binary send command to the end of the script.
nsend
Adds the additional send binary string to the end of the script.
expect
Adds the expect command to the end of the script.
bexpect
Adds the binary expect command to the end of the script.
nexpect
Adds the additional expect binary string to the end of the script.
offset
Adds the offset command to the end of the script.
depth
Adds the depth command to the end of the script.
wait
Adds the wait command to the end of the script.
close
Adds the close command to the end of the script (TCP only).
rem
Removes the last command from the script.
cur
Displays the current script configuration.
595

/cfg/slb/advhc/health <health check ID>/sip
SIP Health Check Configuration

[SIP Health Check <HC ID> Menu]

name
sip
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 424: SIP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/sip)

sip
Displays the SIP Health Check Parameters menu. To view this menu, see /cfg/slb/advhc/
health <health check ID>/sip/sip SIP Health Check Parameters, page 596.
/cfg/slb/advhc/health <health check ID>/sip/sip
SIP Health Check Parameters

[SIP Health Check <HC ID> sip Menu]
method
- Set SIP method
from
- Set from and contact headers
uri
- Set request URI
response - Set response code(s)
cur
Table 425: SIP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/sip/sip)

method [options|ping]
Sets the SIP method.
from <256 character from/contact header>|inherit|none

Sets the from and contact headers.
Values:
inheritTakes the from and contact values from the content value of the group to
which this health check is bound.
uri
Sets the request URI.
596

Table 425: SIP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/sip/sip)

response
Sets the response codes. You can set up to 10 response codes separated by a comma.
cur
/cfg/slb/advhc/health <health check ID>/smtp
SMTP Health Check Configuration

[SMTP Health Check <HC ID> Menu]

name
smtp
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 426: SMTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/smtp)

smtp
Displays the SMTP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/smtp/smtp SMTP Health Check Parameters, page 597.
/cfg/slb/advhc/health <health check ID>/smtp/smtp
SMTP Health Check Parameters

[SMTP Health Check <HC ID> smtp Menu]
username - Set username
cur
597

Table 427: SMTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/smtp/smtp)

username
Sets the username.
Values:
check is bound.
cur
/cfg/slb/advhc/health <health check ID>/snmp
SNMP Health Check Configuration

[SNMP Health Check <HC ID> Menu]

name
snmp
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 428: SNMP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/snmp)

snmp
Displays the SNMP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/snmp/snmp SNMP Health Check Parameters, page 598.
/cfg/slb/advhc/health <health check ID>/snmp/snmp
SNMP Health Check Parameters

[SNMP Health Check <HC ID> snmp Menu]
oid
- Set OID to be sent
comm
- Set Community string
response - Set expected response
weight
- Enable/disable readjusting of weights based on response
cur
598

Table 429: SNMP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/snmp/
snmp)

oid
Sets the OID string to be sent.
comm
Sets the community string.
response [integer|string]
Sets the expected response.
Values:
integer0-65535. At the prompt, enter the minimum and maximum value.
string
weight
Enables or disables readjusting of weights based on the response.
cur
/cfg/slb/advhc/health <health check ID>/sslhello
SSL Hello Health Check Configuration

[SSLHELLO Health Check <HC ID> Menu]

name
sslver
- Set SSL version (2 or 3)
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 430: SSLHELLO Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/
sslhello)

sslver
Sets the SSL version.
Default: 2
599

/cfg/slb/advhc/health <health check ID>/tcp
TCP Health Check Configuration

The TCP Health Check menu does not contain any application-specific commands. For all common
[TCP Health Check <HC ID> Menu]

name
dport
dest
inter
retry
restr
invert
copy
- Copy health check
del
cur
/cfg/slb/advhc/health <health check ID>/tftp
TFTP Health Check Configuration

[TFTP Health Check <HC ID> Menu]

name
tftp
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
Table 431: TFTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/tftp)

tftp
Displays the TFTP Health Check Parameters menu. To view this menu, see /cfg/slb/
advhc/health <health check ID>/tftp/tftp TFTP Health Check Parameters, page 600.
/cfg/slb/advhc/health <health check ID>/tftp/tftp
TFTP Health Check Parameters

[TFTP Health Check <HC ID> tftp Menu]
filename - Set the name of the file to be downloaded
cur
600

Table 432: SNMP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/tftp/tftp)

filename <path and filename|inherit|none>
Sets the name of the file to be downloaded.
Values:
check is bound.
cur
/cfg/slb/advhc/health <health check ID>/udp
UDP Health Check Configuration

The UDP Health Check menu does not contain any application-specific commands. For all common
[UDP Health Check <HC ID> Menu]

name
dport
dest
inter
retry
restr
invert
copy
- Copy health check
del
cur
/cfg/slb/advhc/health <health check ID>/wap
WAP Health Check Configuration

[WAP Health Check <HC ID> Menu]

name
wap
- Set WAP type and arguments
dport
dest
inter
retry
restr
couple
- Enable/disable coupling with RADIUS Accounting Service
invert
- Copy health check
copy
- Copy health check
del
cur
601

Table 433: WAP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/wap/wap)

wap [wsp|wtp|wtls-wsp|wtls-wtp]
Sets the WAP type and arguments.
Values:
wspYou are prompted to configure the following parameters:
WSP portSets the WSP port. Default: 9200
Content to sendSets the content to be sent.
Expected received stringSets the expected string to be received.
Offset in the received packetSets the offset in the received packet.
wtpYou are prompted to configure the following parameters:
WTP portSets the WTP port. Default: 9201
Connect message headerSets the connect message header.
wtls-wspYou are prompted to configure the following parameters:
WSP portSets the WTLS-WSP port. Default: 9202
Content to sendSets the content to be sent. Required.
wtls-wtpYou are prompted to configure the following parameters:
WTP portSets the WTLS-WTP port. Default: 9203
/cfg/slb/advhc/health <health check ID>/wts
WTS Health Check Configuration

[WTS Health Check <HC ID> Menu]

name
wts
dport
dest
inter
retry
restr
invert
- Copy health check
copy
- Copy health check
del
cur
602

Table 434: WTS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/wts)

wts
Displays the WTS Health Check Parameters menu. To view this menu, see /cfg/slb/advhc/
health <health check ID>/tftp/tftp TFTP Health Check Parameters, page 600.
/cfg/slb/advhc/health <health check ID>/wts/wts
WTS Health Check Parameters

[WTS Health Check <HC ID> wts Menu]
username - Set username
cur
Table 435: WTS Health Check Parameters (/cfg/slb/advhc/health <health check ID>/wts/wts)

username <username|inherit>
Sets the username and password.
Values:
usernameAt the prompt, enter the username and password.
check is bound.
cur
/cfg/slb/advhc/health <health check ID>/logexp
LOGEXP Health Check Configuration

You can set logical expressions between health checks.
[LOGEXP Health Check <HC ID> Menu]

name
- Set descriptive logical expression name
logexp
- Set logical expression between health checks
copy
- Copy logical expression
del
- Delete logical expression
cur
- Display current logical expression
Table 436: LOGEXP Health Check Menu Options (/cfg/slb/advhc/health <health check
ID>logexp)

name
Sets the descriptive logical expression name.
603

ID>logexp) (cont.)

logexp
Sets the logical expression between health checks.
A logical expression contains operands and at least one logical operator.
An operand is the name of a health check, space, or an operator. Operand names can
contain a maximum of 32 characters.
The following logical operators are supported:
&AND
|OR
()Brackets
Note: Semantic evaluation of logical expressions is similar to any compiler's Boolean

expression evaluation: the & operator is given a higher precedence than the |
operator.
Examples of valid logical expressions include the following:
arp, snmp, or icmp.
arp & (snmp|icmp)
arp | dns & ftp (brackets are not required here since & has a higher precedence
than |)
(snmp|ftp) & (sip|ldap)
((snmp|ftp) & (sip|ldap)) | dns
Operands must be valid before sending the apply command. Parsing of the logical
expression begins only after you send the apply command. If parsing fails, the Error:
Syntax error in logical expression formula message displays:
The apply command fails if the logical expression contains one or more of the following:
A health check that is defined in Alteon
A loop
An invalid sub-expression. A sub-expression is invalid if it contains one or more of the

following:
An opening bracket followed by an operator, with no operand between them. For

example, (&.
An operator followed by a single operand. For example, &http.
Empty brackets ().
Two adjacent operands with no operator between them. For example, http
icmp.
Two adjacent operators. For example, &&.
An operand followed by an opening bracket, with no operator and closing bracket.

For example, icmp(.
An operator at the end of the string, with no following operand. For example,
icmp|.
A logical expression can contain up to 10 health check names. If more than 10 are
configured, the Error: Up to 10 health checks are supported per logical expression
message displays.
copy
Copies the logical expression.
604

ID>logexp) (cont.)

del
Deletes the logical expression.
cur
Displays the current logical expression.
/cfg/slb/pip
Proxy IP Address Menu

You must enable proxy IP address processing on the port to use this feature. You can configure
multiple proxy IP addresses based on either port or VLAN. You can configure up to 1024 proxy IP
addresses on a per Alteon basis.
[Proxy IP Address Menu]

type
- Set base type of Proxy IP address
add
- Add port or VLAN to Proxy IP address
add6
- Add port or VLAN to IPv6 Proxy IP address
rem
- Remove port or VLAN from Proxy IP address
cur
- Display current Proxy IP address configuration
Table 437: Proxy IP Address Configuration Menu Options (/cfg/slb/pip)

type port|vlan
Defines the base type of the proxy IP address, whether it is port-based or VLAN-based.
add <IP address

port number>|<vlan number> |
number-vlan number
port number-port number|vlan
Adds either a port or a VLAN to a proxy IP address.

Note: Adding a port or VLAN to a proxy IP address is not allowed when layer 3 is
enabled.
add6 IPv6 address

number-vlan number
port number|vlan number
port number-port number|vlan
Adds a port or VLAN to a proxy IPv6 address.
rem <PIP ID
port#|vlan#> |
<port#-port#|vlan#-vlan#>
Removes a port or a VLAN from a proxy IP address. You can also remove all ports or
VLANs assigned to any proxy IP address.
cur
Displays the current Proxy IP address configuration.
605

/cfg/slb/peerpip
SLB Peer Proxy IP Address Menu

When this command is enabled, Alteon can forward traffic from a peer Alteon using Layer 2, without
performing server processing on the packets of the other Alteon. This happens because the peers
are aware of each other's proxy IP addresses. This prevents the dropping of a packet or a packet
being sent to the backup Alteon in the absence of the proxy IP address of the peer.
[Peer Proxy IP Address Menu]

add
- Add peer Proxy IP address
rem
- Rem peer Proxy IP address
cur
- Display current peer Proxy IP address configuration
Table 438: Peer Proxy IP Address Menu Options (/cfg/slb/peerpip)

add <IP address(v4 or v6)>
Adds a proxy IP address to the server load balancing peer.
rem <IP address>

Removes a proxy IP address from the server load balancing peer.
cur
Displays the current proxy address configuration of the peer.
/cfg/slb/wlm
Workload Management Menu

[Workload Manager 1 Menu]
addr
- Set IP address for Workload Manager
port
- Set port for Workload Manager
del
- Delete Workload Manager
cur
- Display current Workload Manager configuration
Table 439: Workload Manager Menu Options

addr <IP_address>
Sets the IP address for the Workload Manager.
port <TCP_port>
Sets the port number for the Workload Manager.
del
Deletes the Workload Manager.
cur
Shows all Workload Manager statistics. For example:
Current Workload Manager 1:

IP address
Port
0.0.0.0
0
606
Chapter 8 The Operations Menu

The Operations menu is generally used for commands that affect Alteon performance immediately,
but do not alter permanent Alteon configurations. For example, you can use the Operations menu to
immediately disable a port (without the need to apply or save the change), with the understanding
that when Alteon is reset, the port returns to its normally configured operation.
This chapter includes the menus, sub-menus and commands used for Alteon operations commands.
/oper
Operations Menu
The following is an example of the Operations menu and an explanation of the Operations menu
options.
Figure 43: Global Administrator Operations Menu

[Operations Menu]
port
- Operational Port Menu
vadc
- vADC Operations Menu
sync
- Global Admin Sync Menu
swkey
- Enter key to enable software feature
rmkey
- Enter software feature to be removed
passwd
- Change current user password
clrlog
- Clear syslog messages
displog - Enable/Disable displaying syslog messages to telnet/ssh sessions
defalias - Set default port alias
ntpreq
- Send NTP request
sys
- Operational System Menu
Figure 44: vADC Administrator or Standalone Operations Menu

[Operations Menu]
slb
- Operational Server Load Balancing Menu
vrrp
- Operational Virtual Router Redundancy Menu
bwm
- Operational Bandwidth Management Menu
security - Operational Security Menu
ip
- Operational IP Menu
passwd
- Change current user password
clrlog
- Clear syslog messages
displog - Enable/Disable displaying syslog messages to telnet/ssh sessions
defalias - Set default port alias
Table 440: Operations Menu Options (/oper)

port
<port number>
Displays the Operations Port menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /oper/port <port
number> Operations-Level Port Options, page 609.
607

The Operations Menu

vadc
Displays the vADC Operations menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /oper/vadc vADC
Operations Menu, page 617.
sync
Used to manually synchronize peer vADCs. This command only appears in the Global
Note: For a VX administrator, this command is executed through the management
interface and cannot be executed from the data ports.
From the Global Administrator environment, this command synchronizes
configurations on peer vADCs set using the /cfg/vadc command. For example,
maximum throughput, and allowed IP networks. No VLANs or ports are included in
the synchronization. For more information, see vADC Menu, page 292.
From the vADC environment, this command synchronizes configurations on peer
ADCs set using the /cfg/slb/sync command. For example, filters, ports, VRRP
priorities, and proxy IP addresses. For more information, see /cfg/slb/sync
Synchronize Peer Configuration, page 565.
Before you can synchronize peer vADCs, you must first configure and enable them as
peers. For more information on synchronizing peers, see /cfg/sys/sync Global
Administrator Sync Menu, page 252.
Note: In ADC-VX mode, when the VX synchronizes the vADC configuration with its
peer, all configuration parameters are synchronized except the number of capacity
units (CU) and whether they are enabled or disabled.
Sample output and dialog:
Synchronizing Resources, Vlans & vADCs to 192.168.1.1

Confirm synchronizing the configuration to 192.168.1.1 [y/n]:
Synchronizing Resources, Vlans & vADCs to 20.1.1.1
Confirm synchronizing the configuration to 20.1.1.1 [y/n]:
slb
Displays the Global SLB Operations menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /oper/slb/gslb
Global SLB Operations Menu, page 612.
vrrp
Displays the VRRP Operations menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /oper/vrrp VRRP
Operations Menu, page 613.
bwm
Displays the Bandwidth Management Operations menu. This menu only appears in
the vADC Administrator environment in ADC-VX mode. To view this menu, see /oper/
bwm Operations-Level Bandwidth Management Options, page 614.
security
Displays the Security menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /oper/security Security Menu,
page 614.
608

The Operations Menu

ip
Displays the IP Operations menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /oper/ip Operations-Level IP
Options, page 616.
swkey <services | vADC>

Sets the key to enable software features. This command only appears in the Global
Administrator environment in ADC-VX mode. For details, see /oper/swkey Activating
Software, page 617.
rmkey <services | vADC>

Selects software features to be removed. This command only appears in the Global
Administrator environment in ADC-VX mode. For details, see /oper/rmkey Removing
Optional Software, page 617.
passwd <15 char max>

Changes the user password. You need to enter the current password in use for
validation.
clrlog
Clears all syslog messages.
displog on|off
Turns on or off display of syslog messages to Telnet or SSH sessions
defalias
Sets the default port alias.
ntpreq
Allows the user to send requests to the NTP server. This command only appears in the
sys
Displays the Operational System menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /oper/sys
Operational System Menu, page 618.
/oper/port <port number>
Operations-Level Port Options

Use pperations-level port options to temporarily disable or enable a port, and to change the Remote
Monitoring (RMON) status on a port.
[Operations Port 1 Menu]

rmon
- Enable/Disable RMON for port
ena
- Enable port
dis
- Disable port
cur
- Current port state
609

The Operations Menu
Table 441: Operations-Level Port Menu Options (/oper/port)

rmon disable|enable
Temporarily enables or disables remote monitoring on the port. The port is returned to
its configured operation mode when Alteon is reset.
ena
Temporarily enables the port. The port is returned to its configured operation mode
when Alteon is reset.
dis
Temporarily disables the port. The port is returned to its configured operation mode
when Alteon is reset.
Notes: On an Alteon 4408, on a SFP GBIC link, when a port is manually disabled
the link doesn't go down on the peer switch port.
cur
Displays the current settings for the port.
/oper/slb
Operations-Level SLB Options

When the optional Layer 4 software is enabled, use the operations-level SLB options to temporarily
disable or enable real servers and to synchronize the configuration between the active-active
Alteons.
[Server Load Balancing Operations Menu]

group
- Real Server Group Menu
gslb
- Global SLB Operations Menu
sync
- Synchronize SLB, VRRP and other configurations on peers
ena
- Enable real server
dis
- Disable real server
sessdel - Delete session table entry
smirror - Send session mirror request to VRRP Master
clear
- Clear session table
cachpurg - Purge cached content
ocsppurg - Purge OCSP cached responses
clrpeak - Clear capacity licenses peak usage
cur
- Current layer 4 operational state
Table 442: Server Load Balancing Operations Menu Options (/oper/slb)

Displays the Real Server Group menu. To view this menu, see /oper/slb/group Real
Server Group Operations, page 612.
gslb
Displays the Global SLB Operations menu. To view this menu, see /oper/slb/gslb Global
SLB Operations Menu, page 612.
610

The Operations Menu

sync
Synchronizes the SLB, filter, VRRP, port, and virtual router (VR) priorities on a peer (an
Alteon that is associated with the IP address). To take effect, peers must be configured
on Alteon and the administrator password on the peers must be identical.
Note: For a dedicated (non-virtual) ADC and for vADC instances, this command is
executed through a data port and cannot be executed from the management
interface.
ena <real server number (1-1023)>

Temporarily enables a real server. The real server is returned to its configured operation
mode when Alteon is reset.
dis <real server number, 1-1023> [P - allow persistent http 1.0 sessions] p|n
Temporarily disables real servers. The real server is returned to its configured state after
an Alteon reset. This provides for orderly server shutdown to allow maintenance on a
server. For more information, see Disabling and Enabling Real Servers in the Alteon
Values:
pPersistent. Immediately suspends assignment of connections to the specified real

server (except for persistent HTTP 1.0 sessions) by removing the real server from
operation within its real server group and virtual server.
nNone. Immediately suspends assignment of connections to the specified real

server by removing the real server from operation within its real server group and
virtual server.
sessdel
Deletes the session table entry.
smirror
Sends a request for an update from the VRRP backup Alteon to the VRRP master. This
request is sent to avoid sessions on the backup Alteon that can be updated only by a
VRRP failover or an Alteon reset.
Note: VRRP must be enabled and Alteon must be a VRRP backup, otherwise this
command returns an error message.
clear
Clears all session tables and allows port filter changes to take effect immediately.
Note: This command disrupts current SLB and application redirection sessions.
cachpurg
When the caching criteria or the server content has changed, you may want to purge
the cached content of HTTP responses. You can purge the cache for:
All virtual servers and their virtual services
All virtual services for a specific virtual server (virt number)
For a specific service (virtual server and virtual service)
For a specific object URL or a URL with wildcard in it (*)
At the prompt, enter the caching policy ID to purge the cache for a particular caching
policy, or all to purge the cache for all caching policies.
For more information on caching policies, see the section on caching policies in the
611

The Operations Menu

ocsppurg
When the OCSP cache is filled with stale responses, you may want to purge the cache.
At the prompt, enter the client authentication policy ID to purge the cache for a
particular client authentication policy, or all to purge the cache for all client
authentication policies.
For more information on client authentication policies, see the section on client
authentication policies in the Alteon Application Switch Operating System Application
Guide, and /cfg/slb/ssl/authpol Client Authentication Policy Menu, page 522.
Note: If the same client certificate arrives at two different SPs, an OCSP query is sent
to the OCSP that responded, even if the OCSP is cache enabled.
clrpeak
Clears SSL CPS and compression throughput peak values.
cur
Displays the current SLB operational state.
/oper/slb/group
Real Server Group Operations

[Real server group 1 Menu]
ena
- Enable real server in this group
dis
- Disable real server in this group
cur
- Current server group operational state
Table 443: Real Server Group Operations Options (oper/slb/group)

ena <real server number (1-1023)>
Enables a real server in this group.
dis <real server number (1-1023)>

Disables a real server in this group.
cur
Displays current operational state of the server group.
/oper/slb/gslb
Global SLB Operations Menu

[Global SLB Operations Menu]
query
- Query Global SLB selection
add
- Add entry to Global SLB DNS persistence cache
arem
- Remove all entries from Global SLB DNS persistence cache
avpersis - Enable/Disable GSLB availability persistence for virtual server
cpclear - Clear the client cache of dynamic entries
emerg
- Perform DNSSEC emergency rollover procedure of a key
immed
- Perform DNSSEC immediate rollover of a key
612

The Operations Menu
Table 444: Global SLB Operations Menu Options (/oper/slb/gslb)

query
Queries the global site selection.
add
Adds an entry to the GSLB DNS persistence cache.
arem
Removes all entries from the GSLB DNS persistence cache.
avpersis < virtual server number (1-1024)> enable|disable

Enables or disables persistency advertising.
Values:
enableCauses a virtual server with a lower availability value to start advertising

an availability of 48 if the remote virtual server with a higher availability becomes
unavailable.
Notes:
The GSLB DSSP version must be set to 3 for persistency advertising to be enabled.
Persistency advertising only affects GSLB if the GSLB rules are configured to use the
availability metric (preferably as Rule 1, Metric 1).
disableIf a virtual server is advertising an availability of 48 to its remote virtual

servers, disabling this feature causes availabilities to return to their configured
values.
cpclear
Clears the client cache of dynamic entries.
emerg
Performs a DNSSEC emergency rollover procedure of a key.
immed
Performs an immediate DNSSEC rollover of a key.
/oper/vrrp
VRRP Operations Menu

This is available in the vADC Administrator environment only.
[VRRP Operations Menu]

back
- Set virtual router to backup
613

The Operations Menu
Table 445: Virtual Router Redundancy Operations Menu Options (/oper/vrrp)

back <virtual router number (1-1024)>
Forces the specified master virtual router on this Alteon into backup mode. This is
generally used for passing master control back to a preferred Alteon once the
preferred Alteon has been returned to service after a failure.
When back is executed, the current master gives up control and initiates a new
election by temporarily advertising its own priority level as 0 (lowest). After the new
election, the virtual router forced into backup mode resumes master control in the
following cases:
This Alteon owns the virtual router (the IP addresses of the virtual router and its IP
interface are the same)
This Alteon's virtual router has a higher priority and preemption is enabled.
There are no other virtual routers available to take master control.
/oper/bwm
Operations-Level Bandwidth Management Options

[Bandwidth Management Operations Menu]
sndhist - Send BW History to SMTP server
clear
- Clear BWM IP user entry table
Table 446: Bandwidth Operations Menu Options (/oper/bwm/sndhist)

sndhist
Sends the Bandwidth history to a system administrator as specified using /cfg/bwm/
user (see /cfg/bwm Bandwidth Management Configuration, page 307).

clear
Clears the BWM IP user entry table.
/oper/security
Security Menu
[Security Menu]
ipacl
- IP ACL Operations Menu
Table 447: Security Menu Options

ipacl
Displays the IP ACL Operations menu. To view this menu, see /oper/security/ipacl IP
ACL Operations Menu, page 615.
614

The Operations Menu
/oper/security/ipacl
IP ACL Operations Menu

[IP ACL Operations Menu]
add
- Add operations source IPv4 Address
rem
- Remove operations source IPv4 Address
arem
- Remove all operations source IP Addresses
dadd
- Add operations destination IPv4 Address
drem
- Remove operations destination IPv4 Address
darem
- Remove all operations destination IP Addresses
list
- Display IP ACLs
cur
- Display all IP Addresses
Table 448: IP ACL Operations Menu Options

add <IPv4 address > <IP subnet mask> <timeout in minutes, 1-10080>
Adds the operations source IPv4 address.
Enter IPv4 address:

3.1.1.11
Enter IP subnet mask [default 255.255.255.255]:
rem <IPv4 address>
<IP subnet mask>
Removes the operations source IPv4 address.

Enter IPv4 address:

5.5.5.5
arem
Removes all operations source IP addresses.
dadd <IP v4 address> <IP subnet mask>
<timeout in minutes, 1-10080>
Adds an operations destination IP address.

Enter IPv4 address:

3.1.1.11
drem <IP address>
<IP subnet mask>
Removes an operations destination IP address.
darem
Removes all of the operations destination IP addresses and Masks.
oper
Display operations IP addresses and Masks. For example:
Current operations IP ACL settings:

0 operations source IP ACL.
0 operations destination IP ACL.
615

The Operations Menu
Table 448: IP ACL Operations Menu Options

cur
Displays all IP addresses and masks. For example:
Current total IP ACL settings:

0 total source IP ACL.
0 total destination IP ACL.
/oper/ip
Operations-Level IP Options
This is available in the vADC Administrator environment only.
[IP Operations Menu]

bgp
- Operational Border Gateway Protocol Menu
garp
- Send gratuitous arp
Table 449: IP Operations Menu Options (/oper/ip)

bgp
Displays the Border Gateway Protocol Operations menu. To view this menu, see /
oper/ip/bgp Operations-Level BGP Options, page 616
garp <IP address
Vlan number>
Sends a gratuitous ARP.
/oper/ip/bgp
Operations-Level BGP Options

[Border Gateway
start
stop
cur
-
Protocol Operations Menu]

Start peer session
Stop peer session
Current BGP operational state
Table 450: IP Operations Menu Options (/oper/ip)

start <peer number (1-16)>
Starts the peer session.
stop <peer number (1-16)>

Stops the peer session.
cur
Displays the current BGP operational state.
616

The Operations Menu
/oper/swkey
Activating Software
Use this command to activate any purchased feature. Before you can activate any new feature, you
must obtain a license key from Radware Technical Support. For more information on Radware
licensing procedures, see the Radware Alteon Installation and Maintenance Guide.
These licenses are installed by the Global Administrator.
To activate your license key

1. Connect to the CLI and log in as the administrator (see The Command Line Interface, page 31).
2. Issue the command /oper/swkey <license_key>, where license_key is the license provided
to you by Radware Technical Support. A confirmation message displays when the license
installation is complete.
/oper/rmkey
Removing Optional Software

Use this command to deactivate a licensed feature.
Note: Deactivated software is still present in memory and can be reactivated at any later time.
To review the deactivation options

From the Operations menu, enter the following:
>> Operations# ? rmk

Usage: rmkey software feature to be removed (services|vADC)
To deactivate a feature
1. Issue the command /oper/rmkey <license_key>, command where license_key is the
license key you want to remove.
2. Enter y at the confirmation message to remove the feature.
/oper/vadc
vADC Operations Menu

This menu is only available in the Global Administrator environment in ADC-VX mode.
[vADC 1 Operations Menu]

vrrp
- Operational Virtual Router Redundancy Menu
617

The Operations Menu
Table 451: vADC Operations Menu

vrrp
Displays the VRRP Operations menu. To view this menu, see /oper/vadc/vrrp
Operations-Level vADC Options, page 618.
/oper/vadc/vrrp
Operations-Level vADC Options

This menu is only available in the Global Administrator environment in ADC-VX mode.
[VRRP Operations Menu]

back
- Set virtual router to backup
Table 452: Virtual Router Redundancy Operations Menu Options (/oper/vadc/vrrp)

back <virtual router number>
Forces all master virtual routers on this Alteon into backup mode. This is generally
used for passing master control back to a preferred Alteon once the preferred
Alteon has been returned to service after a failure.
When back is executed, the current master gives up control and initiates a new
election by temporarily advertising its own priority level as 0 (lowest). After the
new election, the virtual routers forced into backup mode resume master control
in the following cases:
This Alteon owns the virtual router (the IP addresses of the virtual router and
its IP interface are the same).
This Alteons virtual router has a higher priority and preemption is enabled.
There are no other virtual routers available to take master control.
Note: This option is available only if the vADC is running in a hot-standby

configuration.
/oper/sys
Operational System Menu

[System menu Menu]
access
- Operational Access Menu
Table 453: Operational System Menu Options (/oper/sys)

access
Displays the Access menu. To view this menu, see /oper/sys/access Access Menu,
page 619.
618

The Operations Menu
/oper/sys/access
Access Menu
[Access menu Menu]
terminate - Terminate SSH/Telnet connections
Table 454: Access Menu Options (/oper/sys/access)

terminate <Terminate SSH/Telnet connections>
Lets you terminate CLI sessions belonging to other users. Displays the currently
open sessions and prompts you to select the sessions to terminate.
619

The Operations Menu
620
Chapter 9 The Boot Options Menu

To use the Boot Options menu, you must be logged into Alteon as the administrator. The Boot
Options menu includes commands for:
Selecting a software image for use when Alteon is next reset.
Selecting a configuration block for use when Alteon is next reset.
Downloading or uploading a new software image to Alteon via TFTP.
/boot
Boot Options Menu

The following is an example of the Boot Options menu and an explanation of the Boot Options menu
options.
Figure 45: Global Administrator Boot Menu

[Boot Options Menu]
single
- Switch between ADC-VX and Standalone
vadc
- Restart selected vADC process
dimage
- Select default image
image
- Select software image to use on next boot
conf
- Select config block to use on next boot
gtimg
- Download new software image via FTP/TFTP/SCP
reset
- Reset switch
cur
- Display current boot options
Figure 46: vADC Administrator Boot Menu

[Boot Options Menu]
conf
reset
- Reset switch
Figure 47: Standalone Boot Menu

[Boot Options Menu]
virtual - Switch between Standalone and ADC-VX
image
- Select software image to use on next boot
conf
gtimg
- Download new software image via FTP/TFTP
reset
- Reset switch [WARNING: Restarts Spanning Tree]
cur
- Display current boot options
Table 455: Boot Menu (/boot) Parameters

single
Switches between ADC-VX and standalone mode. In ADC-VX mode, this command only
displays in the Global Administrator environment. For more information, see the Alteon
621

The Boot Options Menu
Table 455: Boot Menu (/boot) Parameters

vadc
Restarts a specific vADC for processing.
If you attempt to reset Alteon, the following alert displays:
Alert: Choosing to restart the switch will cause a failover of all

active vADCs hosted on the switch
For information on the status of vADC processes, use the general command from /info/
sys System Information Menu, page 47.
virtual
Switches between standalone and ADC-VX mode. This command only displays in
standalone mode. For more information, see the Alteon Application Switch Operating
dimage
Lets you select the default software image from a list of existing images. In ADC-VX
mode, this command only appears in the Global Administrator environment. For more
information, see the ADC-VX chapter in the Alteon Application Switch Operating System
Application Guide.
image vx/adc
image <1-10>
Lets you select the software image to run. This command only appears in the Global
Administrator environment in ADC-VX mode or in standalalone mode.
In Global Administrator administrator environment:

Values: vx, adc
In standalone mode:
Values: 110
For details, see /boot/image Selecting a Software Image to Run, page 623.
conf
Lets you select the configuration block to use. This command only appears on the vADC
Global menu in ADC-VX mode. For details, see /boot/conf Selecting a Configuration
Block, page 624.
gtimg "all"/"vx"/"adc" <vx id> <adc id> <hostname> <filename> <-tftp|username

password> [-mgmt] [-scp]
Downloads a new Alteon image. This command only appears in the Global Administrator
environment in ADC-VX mode. For details, see /boot/gtimg Downloading New Software,
page 625.
reset
Resets Alteon to make your software image file and configuration block changes take
effect. For details, see /boot/reset Resetting Alteon, page 626.
cur
Displays the current boot configuration. This command only appears in the Global
Administrator environment in ADC-VX mode. For details, see /boot/cur Current Boot
Options, page 627.
622

/boot/image
Selecting a Software Image to Run

The command is used to select a software image to run.
Starting with version 28.1, ADC management was expanded to include image management,
enabling the Global Administrator to manage both standalone and ADC-VX modes. For more
information, see Image Management in the ADC-VX Management chapter of the Alteon Application
Switch Operating System Application Guide.
To select which virtual software image you want to run in memory for the next reboot
1. If you have not done so already, enter image at the prompt:
Boot Options# image

2. Based on the environment you are in, enter the name or number of the image you want Alteon
to use on the next boot.
A message displays indicating which image is currently set to be loaded at the next reset, and
you are prompted to enter a new choice:
In ADC-VX mode, in the Global Admnistrator environment only:
Enter image type [vx|adc]:
In standalone mode:
Currently set to use switch software "image5" on next boot.

ADC Application Images:
ID
Version
Downloaded
Image status
---------------------------1
28.1.5.0_int114
17:19:41 Tue Mar 6, 2013
Idle
2
28.1.5.0_int112
13:34:07 Mon Mar 5, 2013
Idle
3
28.1.2.0_int016
8:22:35 Fri Dec 16, 2013
Idle
4
28.1.5.0_27mrgs_int031
Idle
5
28.1.5.0_int118
11:38:52 Mon Mar 12, 2013
Active
6
28.1.0.0_int292
14:45:29 Sun Nov 27, 2013
Idle
7
28.1.5.0_int032
9:39:28 Fri Jan 20, 2013
Idle
8
28.1.0.0_int295
18:07:40 Wed Nov 30, 2013
Idle
9
28.1.2.0_int004
18:54:50 Thu Dec 8, 2013
Idle
10
28.1.5.0_int035
10:49:28 Mon Jan 23, 2013
Idle
Specify new image to use [1-10]:
If you select an image that is an earlier version of Alteon than the current version, the following
message displays:
Note: After downgrade no configuration will be loaded until you log in and
confirm configuration differences.
Note: For ADC-VX environments, you receive this message when you enter apply.
3. Enter apply.
623

4.
If the apply is successful, you do not need to enter save.
If the apply is not successful, a message displays indicating the configuration issue and
possible instructions for resolving it.
Once all configurations are resolved, after booting and logging in with administrator rights,
Alteon applies the new boot image changes.
Forced BIOS Update

When you install a new software image, the currently loaded BIOS is updated if it does not match
the new BIOS. If you are instructed by Radware Technical Support to do so, you can force the BIOS
installation even if the version remains unchanged, using the following syntax:
In ADC-VX mode, in the Global Admnistrator environment only:
>> Boot Options# /boot/image vx|adc -f
In standalone mode:
>> Boot Options# /boot/image [1-10] -f

On the next boot, the BIOS is updated based on the image you specified.
/boot/conf
Selecting a Configuration Block

When you make configuration changes, you must save the changes so that they are retained the
next time Alteon is reset. When you run save at any time, your new configuration changes are
placed in the active configuration block. The previous configuration is copied into the backup
configuration block.
There is also a factory configuration block. This holds the default configuration set by the factory
when your Alteon was manufactured. Under certain circumstances, you may want to reset Alteon
configuration to the factory settings. This can be useful when a custom-configured Alteon is moved
to a network environment where it will be re-configured for a different purpose.
To set which configuration block you want Alteon to load the next time it is reset
1.
If you have not done so already, enter conf at the prompt:
Boot Options# conf

2.
Enter the name of the configuration block you want Alteon to use:
A message displays indicating which configuration block is currently set to be loaded at the next
reset, and prompts you to enter a new choice:
Currently set to use active configuration block on next reset.

Specify new block to use ["active"/"backup"/"factory"]:
3.
If you select factory settings, you are prompted to keep management port connectivity:
Next boot will use factory default config block instead of active.
Confirm : Do you want to keep management port connectivity? [y/n]: y
4.
You are prompted to keep SSH keys:
624

Confirm : Do you want to keep SSH keys? [y/n]: n

deleting SSH keys from FLASH
SSH keys deleted
/boot/gtimg
Downloading New Software

The command is used to download a new software image.
Image Management for the ADC-VX Environment

Starting with version 28.1, ADC management includes the Image Management feature, which lets
the Global Administrator manage both standalone and virtual modes in the ADC-VX environment.
You can upgrade, patch, migrate, and stage new ADC environments without high operational costs.
With image management, you can
Load new images
Selectively upgrade system components
Switch quickly and easily between standalone and virtual ADC modes
For more information on Image Management, refer to the ADC-VX Management chapter in the
Image Management for the Non-ADC-VX Environment

The software image is the executable code running on an Alteon. A version of the image ships with
Alteon, and comes pre-installed. As new versions of the image are released, you can upgrade the
software running on your Alteon.
Upgrading the software image on your Alteon requires the following:
1. Loading the new image onto a TFTP server on your network
2. Downloading the new image from the TFTP server to your Alteon
3. Selecting the new software image to be loaded into memory the next time Alteon is reset
Alteon can store up to two different software images, called image1 and image2. When you
download new software, you must specify where it should be placed (image1, image2)
For example, if your active image is currently loaded into image1, you would probably load the new
image software into image2. This lets you test the new software and reload the original active image
(stored in image1), if needed.
To download a new software to your Alteon

1. Ensure that you have performed the following pre-requisites:
The image or boot software loaded on a TFTP server on your network
The hostname or IP address of the TFTP server
Note: The DNS parameters must be configured if specifying hostnames. See /cfg/l3/dns
Domain Name System Configuration Menu, page 367.
The name of the new software image or boot file
625

Set up the TFTP option (/cfg/sys/mgmt/tftp) for the TFTP connection. This sets the
default option for the gtimg command.
Note: You can override the TFTP option setting with the override option provided to the gtimg
commands
2.
At the prompt, enter gtimg:
Boot Options# gtimg

3.
Enter the name of Alteon software to be replaced:
Enter name of switch software image to be replaced

["image1"/"image2"]: <image>
4.
Enter the hostname or IP address of the file transfer server.
Enter hostname or IP address of FTP/TFTP server: <server

name or IP address>
5.
Enter the name of the new software file on the server.
Enter name of file on FTP/TFTP server: <filename>

6.
You are prompted you to confirm your request.
7.
Select a software image to run (see /boot/image Selecting a Software Image to Run, page 623).
/boot/reset
Resetting Alteon
You can reset Alteon to have your software image file and configuration block changes take effect.
Note: Resetting Alteon causes the Spanning Tree Protocol to restart. This process can be lengthy,
depending on the topology of your network.
To reset Alteon
1.
At the prompt, enter reset.
>> Boot Options# reset

2.
You are prompted to confirm your request.
626

/boot/cur
Current Boot Options

The following is an example display of the current boot options:
>> Standalone ADC - Boot Options# cur

Currently set to boot image1, active config block.
Current FLASH software:
ADC-VX Infrastructure Images:
ID
Version
Downloaded
----------------1
28.1.5.0_27mrgs_23
2
28.1.5.0_int030
8:45:56 Tue Jan 17, 2013
3
28.1.5.0_int032
9:39:28 Fri Jan 20, 2013
4
28.1.5.0_27mrgs_31
ADC Application Images:
ID
Version
-------1
28.1.5.0_27mrgs_1
2
28.1.0.0_int281
3
28.1.2.0_int016
4
28.1.5.0_27mrgs_2
5
28.1.5.0_int030
6
28.1.0.0_int292
7
28.1.5.0_int032
8
28.1.0.0_int295
9
28.1.2.0_int004
10
28.1.5.0_int035
Signal quit undefined on
Downloaded
---------12:05:43 Tue Feb 21, 2013
11:05:07 Tue Nov 22, 2013
8:22:35 Fri Dec 16, 2013
8:45:56
14:45:29
9:39:28
18:07:40
18:54:50
10:49:28
tty
Tue
Sun
Fri
Wed
Thu
Mon
Jan
Nov
Jan
Nov
Dec
Jan
17,
27,
20,
30,
8,
23,
2013
2013
2013
2013
2013
2013
Image status
-----------Idle
Idle
Idle
Idle
Image status
-----------Active
Idle
Idle
Idle
Idle
Idle
Idle
Idle
Idle
Assigned

Enhanced Log Size : disabled
627

628
Chapter 10 The Maintenance Menu

The Maintenance menu is used to manage dump information and forward database information. It
also includes a debugging menu to help with troubleshooting.
/maint
Maintenance Menu
The following is an example of the Maintenance Options menu and an explanation of the
Maintenance Options menu options.
Note: To use this menu, you must be logged in as the administrator.
Figure 48: Global Administrator Maintenance Menu

[Maintenance Menu]
sys
- System Maintenance Menu
debug
- Debugging Menu
ptdmp
- Upload FLASH dump via FTP/TFTP/SCP
putdumps - Upload all dumps, logs and configurations via FTP/TFTP/SCP
cldmp
- Clear FLASH dump
lsdmp
- List FLASH dump
panic
- Dump state information to FLASH and reboot
tsdmp
- Tech support dump
pttsdmp - Upload tech support dump via FTP/TFTP/SCP
Figure 49: vADC Administrator or Standalone Maintenance Menu

[Maintenance Menu]
sys
- System Maintenance Menu
fdb
- Forwarding Database Manipulation Menu
arp
- ARP Cache Manipulation Menu
route
- IP Route Manipulation Menu
ip6
- IP6 Manipulation Menu
applog
- Application Services Trace Log Menu
cachcont - Export cache content list
pktcap
- Packet Capture Menu
debug
- Debugging Menu
ptdmp
- Upload FLASH dump via FTP/TFTP/SCP
putdumps - Upload all dumps, logs and configurations via FTP/TFTP/SCP
cldmp
- Clear FLASH dump
lsdmp
- List FLASH dump
panic
- Dump state information to FLASH and reboot
tsdmp
- Tech support dump
pttsdmp - Upload tech support dump via FTP/TFTP/SCP
Dump information contains internal Alteon state data that is written to flash memory after any one
of the following occurs:
The administrator forces a panic. The panic option on the Maintenance menu, causes Alteon to
dump state information to flash memory, and then causes Alteon to reboot.
629

The Maintenance Menu
The watchdog timer forces a reset. The purpose of the watchdog timer is to reboot Alteon if the
software freezes.
Alteon detects a hardware or software problem that requires a reboot.
Table 456: Maintenance Menu Options (/maint)

sys
Displays the System Maintenance menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /maint/sys
System Maintenance Options, page 632.
fdb
Displays the FDB Manipulation menu. To view this menu, see /maint/fdb Forwarding
Database (FDB) Manipulation Menu, page 632.
lacp
Displays the Link Aggregation Control Protocol menu. This menu only appears in the
arp
Displays the Address Resolution Protocol menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/arp
Address Resolution Protocol Menu, page 633.
route
Displays the IP Route Manipulation menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/route IP
Route Manipulation, page 634.
ip6
Displays the IPv6 Manipulation menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/ip6 IPv6
Menu, page 635.
applog
Displays the Application Trace Log menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/applog
Application Services Trace Log Menu, page 636.
cachcont
Exports the cache content to an FTP, TFTP, or SCP server that you specify. This
command only appears in the vADC Administrator environment in ADC-VX mode. For
details, see /maint/cachcont Cache Content List, page 637.
pktcap
Displays the Packet Capture menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /maint/pktcap Packet Capture
Menu, page 637.
debug
Displays the Miscellaneous Debugging menu.
Caution: Only use debug commands per Radware Technical Support instructions.
ptdmp hostname filename <-tftp|username password> [-mgmt| -data] <scp>

Saves the system dump information using TFTP. This command only appears in the
vADC Administrator environment in ADC-VX mode. For details, see /maint/ptdmp
<server filename> System Dump Put, page 641.
630

Table 456: Maintenance Menu Options (/maint)

putdumps
Uploads all dumps, logs and configurations via FTP/TFTP/SCP.
The following information displays:
Configuration files (for Global Administrator and vADC Administrator)
TS dump fileA text file containing statistical, configuration and debugging

information (for Global Administrator and vADC Administrator)
Panic dump files (for Global Administrator and vADC Administrator)
Log files (for Global Administrator and vADC Administrator)
Acceleration engine log files (for vADC Administrator)
Syslog files (for Global Administrator and vADC Administrator)
cldmp
Clears dump information from flash memory. For details, see /maint/cldmp Clearing
Dump Information, page 642.
lsdmp
Displays list flash dump. For details, see /maint/lsdmp View Dump Statistics,
page 642.
panic
Dumps MP information to flash memory and reboots. For details, see /maint/panic
Panic Command, page 642
tsdmp
Dumps all Alteon information, statistics, and configuration. You can log the Technical
Support dump (tsdump) output into a file. For details, see /maint/tsdmp Technical
Support Dump, page 643.
pttsdmp <v4 or v6 ip address|hostname [-v4|-v6]> <filename> <-tftp|username

Uploads the Technical Support Dump (tsdump) using FTP, TFTP, or SCP. You are
prompted to specify the following:
ip address/hostname for the FTP, TFTP, or SCP server
destination/filename on the FTP, TFTP, or SCP
tftp/username password for the FTP or SCP server
The uploaded tsdump is a .tar file that includes the following files:
tsdump.txt
AE_dump1
AE_dump2
AE_dump3
AE_dumpn...
AE_dxlog
631

/maint/sys
System Maintenance Options

This menu is reserved for use by the Radware Technical Support to perform system debugging. This
menu only appears in the Global Administrator environment in ADC-VX mode.
[System Maintenance Menu]

flags
- Set NVRAM flag word
mem
- Show MP memory and process information
Table 457: System Maintenance Menu Options (/maint/sys)

flags <new NVRAM flags word as 0xXXXXXXXX>
Sets the flags for debugging purposes.
mem
Displays the MP memory and process information.
/maint/fdb
Forwarding Database (FDB) Manipulation Menu

Use the FDB Manipulation menu to view information in, and to delete a MAC address from, the
forwarding database, or to clear the entire forwarding database. This is helpful in identifying
problems associated with MAC address learning and packet forwarding decisions.
[FDB Manipulation Menu]

find
- Show a single FDB entry by MAC address
findsp - Show a single SP FDB entry by MAC address
unk
- Show UNK, IGN and FLD FDB entries
port
- Show FDB entries for a single port
trunk
- Show FDB entries on a single trunk
vlan
- Show FDB entries for a single VLAN
refpt
- Show FDB entries referenced by a single SP
empty
- Show FDB entries not referenced by any SP
dump
- Show all FDB entries
del
- Delete an FDB entry
clear
- Clear entire FDB
Table 458: FDB Manipulation Menu Options (/maint/fdb)

find <MAC address>
[ <VLAN>
Displays a single database entry by its MAC address. You are prompted to enter the
Alteon MAC address. Enter the MAC address using one of the following formats:
632
xx:xx:xx:xx:xx:xx (for example: 08:00:20:12:34:56)
xxxxxxxxxxxx (for example: 080020123456).

Table 458: FDB Manipulation Menu Options (/maint/fdb)

findsp
<MAC address>
Shows a single SP FDB entry by its MAC address. You are prompted to enter the Alteon
MAC address. Enter the MAC address using one of the following formats:
xx:xx:xx:xx:xx:xx (for example: 08:00:20:12:34:56)
xxxxxxxxxxxx (for example: 080020123456).

unk
Shows UNK, IGN and FLD FDB entries.
port <port number, 0 for unknown>

Displays all FDB entries for a particular port.
Values:
Port number
0An unknown port number
trunk <trunk number (1-12)>

Displays all FDB entries for the specified trunk group.

Displays all FDB entries on a single VLAN.

Displays all FDB entries reference by a single SP.
empty
Shows FDB entries not referenced by any SP.
dump
Displays all entries in the forwarding database. For details, see /info/l2 Layer 2
del <MAC address> [ <VLAN number> ]

Removes a single FDB entry.
clear
Clears the entire forwarding database from memory.
/maint/arp
Address Resolution Protocol Menu

[Address Resolution Protocol Menu]
find
- Show a single ARP entry by IP address
port
- Show ARP entries on a single port
vlan
- Show ARP entries on a single VLAN
refpt
- Show ARP entries referenced by a single SP
dump
- Show all ARP entries
clear
- Clear ARP cache
addr
- Show ARP address list
633

Table 459: Address Resolution Protocol Menu Options (/maint/arp)

Shows a single ARP entry by IP address.
port <port number>

Displays ARP entries on a single port. For sample output, see /maint/arp/port <port
number> ARP Entries on a Single Port, page 634.

Shows ARP entries on a single VLAN.

Shows all ARP entries referenced by a single SP.
dump
Shows all ARP entries.
clear
Clears the entire ARP list from memory.
addr
Shows the list of IP addresses to which Alteon responds for ARP requests.
/maint/arp/port <port number>
ARP Entries on a Single Port

IP address
Flags
MAC address
VLAN Port
Referenced SPs
---------------- ----- ----------------- ---- ------ -------------192.167.130.1
00:0e:62:77:60:82 130 24
1-4
192.167.130.20
00:14:5e:95:49:a8 130 24
1-4
192.167.130.40
00:11:0a:ea:fa:af 130 24
1-4
192.167.130.100
00:14:5e:6b:8a:bd 130 24
1-4
Note: To display all ARP entries currently held, or a portion according to one of the options on the
Address Resolution Protocol menu, you can also refer to ARP information on the /info/l3/arp ARP
/maint/route
IP Route Manipulation
[IP Routing
find
gw
type
tag
if
dump
clear
634
Menu]
- Show a single route by destination IP address
- Show routes to a single gateway
- Show routes of a single type
- Show routes of a single tag
- Show routes on a single interface
- Show all routes
- Clear route table

Table 460: IP Route Manipulation Menu Options (/maint/route)

find <IP4 address (eg,192.4.17.101)>|IP6 address (eg,3001:0:0:0:0:0:abcd:1234)>
Shows a single route by destination IP address.
gw <default gateway IP4 address (eg, 192.4.17.44)> <default gateway IP6 address
(eg, 3001:0:0:0:0:0:abcd:1234)>
Shows routes to a default gateway.
type indirect|direct|local|broadcast|martian|multicast
Shows routes of a single type. For a description of IP routing types, see IP Routing Tag
tag fixed|static|addr|rip|ospf|bgp|broadcast|martian|vip
Shows routes of a single tag. For a description of IP routing tags, see IP Routing Tag

Shows routes on a single interface.
dump
Shows all routes.
To display all routes, you can also refer to IP routing information on the /info/l3/route/
dump Show All IP Route Information, page 82.
clear
Clears the route table from memory.
/maint/ip6
IPv6 Menu
[IP6 Menu]
nbrcache - Neighbor Cache Manipulation Menu
Table 461: IPv6 Manipulation Menu Options

nbrcache
Displays the Neighbor Cache menu, whose only option is the clear command. The
clear command clears the IPv6 Neighbor Cache table.
635

/maint/applog
Application Services Trace Log Menu

[Application Services Trace Log Menu]

export
- Export application services trace log via FTP/TFTP/SCP
showlog - Show application services trace log
clearlog - Clear application services trace log
getlevel - Get the log level set in AX for all or specific modules
setlevel - Set the log level in AX for all or specific modules
tcp
- Enable/disable log tcp activities
compress - Enable/disable log compression activities
caching - Enable/disable log caching activities
ssl
- Enable/disable log ssl activities
http
- Enable/disable log http activities
cntclss - Enable/disable log content class activities
httpmod - Enable/disable log http modifications activities
dump
- Dump application services trace log configuration
Table 462: Application Services Trace Log Menu Options

export
Exports the application services trace log via FTP/TFTP/SCP.
showlog
Shows the application services trace log.
clearlog
Clears the application services trace log.
getlevel
Displays the log level set in AX for all or specific modules.
setlevel
Sets the log level in AX for all or specific modules.
compress
Enables or disables log compression activities.
caching
Enables or disables log caching activities.
ssl
Enables or disables log SSL activities.
http
Enables or disables log http activities.
cntclss
Enables or disables log content class activities.
httpmod
Enables or disables log HTTP modifications activities.
636

Table 462: Application Services Trace Log Menu Options

dump
Dumps application services trace log configuration.
/maint/cachcont
Cache Content List

This command exports the cache content to a .csv file, including the following statistics:
Table 463: Cache Content List (/maintl/cachcont)
Statistic
Description
cachcont
cachcont <hostname [-v4|-v6]|v4 or v6 IP address>

<filename> <-tftp|username password> [-mgmt|-data] [scp] [-key <passphrase>]
URL
The full URL of the object.
Size (KB)
Size of the object.
Chunked
Specifies if the object is stored as chunked. The same object may

be cached more than once in a chunked copy and unchunked copy.
Compressed
Specifies id the object is stored as compressed.
Last access
Date and time of the last access to the objects
At the end of the file a summary on the content displays:
Total used (KB): 0
Available cache (KB): 0
Number of objects in cache: 0
/maint/pktcap
Packet Capture Menu

The Packet Capture menu contains commands for capturing packet flows.
Notes
Using the flag -m discards packets sent/received by MP from the capture file. This is useful
when there is a tunnel with an SSL (port 443) but the backend flow is clear (port 80).
If you transform the backend flow to port 80 you will see clear text in the capture file. Usage is
described in Packet Capture Menu Options (/maint/pktcap), page 638.
Live capture is not enabled when you are connected using a serial connection.
The output displays GMT time and not the local time.
Capture file limit size is 50 MB.
637

[Packet Capture Menu]

capture - Capture packets
stop
- Stop capturing packets
decrypt - Set the key and decrypt SSL capture
dumpcap - Display captured packets
snaplen - Set the packet snap length
count
- Set the max number of captured packets
putcap
- Upload original and decrypted capture via FTP/TFTP/SCP
clearcap - Clear capture buffer
cur
- Display current packet capture options
Table 464: Packet Capture Menu Options (/maint/pktcap)

capture
Starts packet capturing and sets the packet capture options. The command syntax is
as follows:
capture [-l/-live] [-p/-i <port range>]* [-t <from port>:<to port>]*

[-v/vlan <vlan number>] [-s <len>] [-c <count>] [-ednxAOam] <pcap
filter string>
The following is a description of these parameters:
Parameter
Description
-l
-c
-s
-i
-m
-p
-t
-v
proto
dst host
src host
dst port
src port
port
tcp
udp
icmp
ip multicast
ip broadcast
Send packet live to the console

File size
Snap length
Interface (same as the -p (port) Alteon)
Filter out all MP related traffic
Port (same as the -i (interface) Alteon)
Set port on which traffic is captured
Capture traffic on all ingress ports for a specific VLAN
Filters the output on the protocol specified.
Filters the output on the destination host specified.
Filters the output on the source host specified.
Filters the output on the destination port specified.
Filters the output on the source port specified.
Filters the output on the port specified.
Filters the output for TCP traffic only.
Filters the output for UDP traffic only
Filters the output for ICMP traffic only.
Filters the output for multicast traffic only.
Filters the output for broadcast traffic only.
Note: It is not recommended to use live capture during high stress times; regular
capture should used if needed.
Live capture should only be used during periods of low traffic volume and for
debugging purpose only.
Service interruptions may occur when using live capture during high traffic volume.
stop
Stops the current packet capture process.
638

Table 464: Packet Capture Menu Options (/maint/pktcap)

decrypt
Selects the key and decrypts SSL capture.
Note: This operation is only allowed for users with certificate management
privileges. You can decrypt the original capture with another key (the previous
decrypted capture will be overridden). Radware recommends handling decrypted
traffic using a secure connection. Either display the traffic on the screen using SSH
connection, or export it to a remote server via SCP connection.
dumpcap
Displays the original or decrypted captured packets in the CLI.
The following is the command syntax:
dumpcap {-s <number_of_packets from_start> | -c

<number_of_packets[decrypt]}
snaplen
Sets the length of packets to capture.
snaplen <length_of_packets>
count
Sets the maximum number of captured packets.
count <number_of_packets>
putcap
Uploads captured packets to a TFTP server. If decrypted captures exist, both the
original and decrypted captures file are uploaded. To distinguish between the original
and decrypted files exported, the following extensions are added to the user-specified
file name: .orig (for the original capture), and *.dcrypt (for the decrypted buffer).
<hostname [-v4|-v6]|v4 or v6 IP address> <filename> <-tftp|username

clearcap
Clears the packet capture buffer.
cur
Displays the current packet capture configuration.
639

/maint/debug/logger
Logger Operations Menu

Figure 50: Global Administrator Logger Operations Menu
[Logger Operations Menu]
loglevel - Set log level for current process
savelevel - Save current log level Configuration
rmsavedlevel - Delete log level Configuration
setother - Set log level for other processes
allsetlevel - Set log level of all modules except commlib
saveother - Save log level for other processes
rmother - Delete saved log level for other processes
printlevel - Print current configuration to screen
cleanlogfiles - Clean the content of all log files
getlogs - Upload logs via FTP
Figure 51: vADC Administrator or Standalone Logger Operations Menu

[Logger Operations Menu]
loglevel - Set log level for current process
savelevel - Save current log level Configuration
rmsavedlevel - Delete log level Configuration
printlevel - Print current configuration to screen
Table 465: Logger Operations Menu Options (/maint/debug/logger)

loglevel
Sets the log level for the current process.
savelevel
Saves the current log level configuration.
rmsavedlevel
Deletes the log level configuration.
setother
Sets the log level for other processes.
mode.
allsetlevel
Sets the log level of all modules except commlib.
mode.
saveother
Saves the log level for other processes.
mode.
640

Table 465: Logger Operations Menu Options (/maint/debug/logger)

rmother
Deletes the saved log level for other processes.
mode.
printlevel
cleanlogfiles
Cleans the content of all log files.
mode.
getlogs
Uploads logs via FTP.
mode.
/maint/ptdmp <server filename>
System Dump Put

Use this command to put (save) the system dump to a TFTP or FTP server.
Note: If the TFTP or FTP server is running SunOS or the Solaris operating system, the specified
ptdmp file must exist prior to executing the ptdmp command, and must be writable (set with proper
permission, and not locked by any application). The contents of the specified file are replaced with
the current dump data.
To save dump information via TFTP or FTP

At the prompt, enter the following, where hostname is the TFTP or FTP server IP address or
hostname, and filename is the target dump file:
>> Maintenance# ptdmp <hostname [-v4|-v6]> <filename> <-tftp|username

password> [-mgmt|-data] [-scp]<scp>
641

/maint/cldmp
Clearing Dump Information
To clear dump information from flash memory

At the prompt, enter the following:
>> Maintenance#
cldmp
Alteon does one of the following:
If the flash dump region is not already clear, Alteon clears the dump region of flash memory
and displays the following message:
FLASH dump region cleared.
If the flash dump region is already clear, Alteon displays the following message:
FLASH dump region is already clear.
/maint/lsdmp
View Dump Statistics

Use this command to view dump statistics. For example:
>> Maintenance# lsdmp

The main dump was saved at 8:12:58 Fri Jun 3, 2013.
A backup dump was saved at 14:47:31 Mon Jun 20, 2013.
/maint/panic
Panic Command
This command causes Alteon to immediately dump state information to flash memory and
automatically reboot.
1.
At the prompt, enter panic.
>> Maintenance# panic

A FLASH dump already exists.
Confirm replacing existing dump and reboot [y/n]:
2.
Enter y to confirm the command.
Confirm dump and reboot [y/n]:
642

Messages similar to the following display.
Loading Image:..........
Alteon Application Switch
Rebooted because of Software PANIC.
Booting complete 19:15:23 Thu Jan 9, 2013:
Version 20.2.7 from FLASH image1, active config block.
Jan 9 19:15:32 NOTICE system: link up on port 25
Enter password:
/maint/tsdmp
Technical Support Dump

This displays on the console all pertinent information for Radware Technical Support. For example:
>> Maintenance# tsdmp

Confirm dumping all information, statistics, and configuration [y/n]:
Note: If there is an unscheduled system dump to flash memory, the following message displays
when you log onto Alteon:
Note: A system dump exists in FLASH. The dump was saved

at 19:15:23 Thu Jan 9, 2013. Use /maint/uudmp to
extract the dump for analysis and /maint/cldmp to
clear the FLASH region. The region must be cleared
before another dump can be saved.
643

644
Appendix A Alteon Application Switch

Operating System Syslog Messages
This appendix includes a list of potential syslog messages.
Syslog Message Syntax

The following is the syntax of outputted syslog messages:
<Timestamp
Log Label> Web OS
Thread ID
Message
where
Timestamp is the time of the message event displays in month day hour:minute:second
format. For example: Aug 19 14:20:30
Log Label is one of the following types of log messages are recorded: LOG_EMERG, LOG_ALERT,
LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, and LOG_DEBUG
Thread ID is the software thread that reports the log message. The following thread IDs are
recorded: stp, ip, slb, console, telnet, vrrp, system, web server, ssh, and bgp
Message is the log message
Syslog Messages
To keep this list as short as possible, only Thread ID and Message are shown. The messages are
sorted by Log Label, including:
LOG_WARNING, page 645
LOG_ALERT, page 646
LOG_CRIT, page 647
LOG_ERR, page 647
LOG_NOTICE, page 651
LOG_INFO, page 653
Note: When the Thread ID is listed as mgmt, one of the following may be shown in the message:
console, telnet, web server, or ssh
LOG_WARNING
The following is the syntax for the LOG-WARNING log label:
FILTER "filter <filter number> fired on port port number> , <source IP address
destination IP address , [ <ICMP type> ] , [ <IP protocol> ], [ <layer-4
ports> ], [ <TCP f1ags> ]"
645

Alteon Application Switch Operating System Syslog Messages
The following is the list of LOG_WARNING Thread IDs and messages.
Table 466: LOG_WARNING Thread IDs and Messages
Thread ID
Message
appsvc
SSL Acceleration chip is not available in Alteon and was not detected during boot-up
appsvc
Temporarily limiting caching due to critical cache space shortage.
appsvc
Allocated cache space has reached 80%.
appsvc
The space allocated for Application services trace logging has reached 80% of its
capacity. Old log files will be purged when 100% of capacity is reached.
appsvc
Server Certificate <ID> will expire in <30 | 15 | 10 | 5 | 4 | 3 | 2 | 1 > days
appsvc
Application services trace logging may impact performance on Alteon traffic

processing capabilities. Make sure that you disable trace logging when you are done
ntp
Cannot contact primary NTP server IP address
ntp
Cannot contact secondary NTP server IP address
LOG_ALERT
The following is the list of LOG_ALERT Thread IDs and messages.
Table 467: LOG-ALERT Thread IDs and Messages
Thread ID
Message
appsrv
Error while creating the cache directory. Reset is required for caching to work
appsrv
Error while mount the cache tmpfs. Memory not available. Reset is required for
caching to work
appsrv
Error while mount the cache tmpfs. Reset is required for caching to work
appsrv
Error while un mount the cache tmpfs
appsrv
Error while removing the cache directories
bgp
notification (reason) received from BGP peer ip_address
bgp
session with BGP peer ip_address failed (reason)
dps
hold down triggered: ip_address for min minutes
dps
manual hold down: ip_address
gslb
received update from ip_address for unknown remote server ip_address
gslb
received update from ip_address for unknown virtual service
gslb
received update for unknown remote server ip_address from ip_address
gslb
received update for unknown service ip_address:service
IP
cannot contact default gateway ip_address
slb
cannot contact real server ip_address
slb
real server ip_address has reached maximum connections
slb
Port #: PIP configuration is required for multiplexing support at virt # service #
slb
cannot contact real service ip_address:real_port
slb
real server failure threshold (threshold) has been reach for group group_id
slb
real server ip_address disabled through configuration
646

Table 467: LOG-ALERT Thread IDs and Messages
Thread ID
Message
slb
Virtual Service Pool full. gSvcPool=MAX_SERVICES
slb
real group number is down with advanced health check formula.
sntp
own BPDU received from port port_id
syn_atk
SYN attack detected: count new half-open sessions per second
system
Only one Power Supply unit is connected
tcplim
hold down triggered: ip_address for min minutes
vrrp
received errored advertisement from ip_address
vrrp
received incorrect password from ip_address
vrrp
received incorrect addresses from ip_address
vrrp
received incorrect advertisement interval seconds from ip_address
vrrp
Synchronization from non-configured peer ip_address
vrrp
Synchronization from non-configured peer ip_address was blocked
LOG_CRIT
The following is the list of LOG_CRIT Thread IDs and messages.
Table 468: LOG_CRIT Thread IDs and Messages
Thread ID
Message
SSH
can't allocate memory in load_MP_INT
SYSTEM
temperature at sensor sensor_id exceeded threshold
SYSTEM
fan failure detected
LOG_ERR
The following is the list of LOG_ERR Thread IDs and messages.
Table 469: LOG_ERR Thread IDs and Messages
Thread ID
Message
appsvc
Could not connect to OCSP server <OCSP-hostname>.
appsvc
Failed to verify OCSP response from <OCSP-hostname>.
appsvc
Error querying <OCSP-hostname> OCSP server.
cli
Error: Error writing %s config to FLASH
cli
New Path Cost for Port port_id is invalid
cli
PVID vlan_id for port port_id is not created
cli
RADIUS secret must be 1-32 characters long
cli
Please configure primary RADIUS server address
cli
STP changes can't be applied since STP is OFF
cli
Switch reset is required to turn STP on/off
cli
Trunk group trunk_id contains ports with different PVIDs
cli
Trunk group trunk_id has more than max_trunk_ports ports
647

Thread ID
Message
cli
Trunk group trunk_id contains no ports but is enabled
cli
Not all ports in trunk group trunk_id are in VLAN vlan_id
cli
Trunk groups trunk_id and trunk_id cannot share the same port
cli
Broadcast address for IP interface interface_id is invalid
cli
IP Interfaces interface_id and interface_id are on the same subnet
cli
Multiple static routes have same destination
cli
Virtual router vr_id must have sharing disabled when hotstandby is enabled
cli
Virtual router group must be enabled when hotstandby is enabled
cli
At least one virtual router must be enabled when group is enabled
cli
Virtual router group must have sharing disabled when hotstandby is enabled
cli
Virtual router group must have preemption enabled when hotstandby is enabled
cli
Virtual router vr_id must have an IP address
cli
Virtual router vr_id cannot have same VRID and VLAN as vlan_id
cli
Virtual router vr_id cannot have same IP address as ip_address
cli
Virtual router vr_id corresponding virtual server server_id is not enabled
cli
Hot-standby must be enabled when a virtual router has a PIP address
cli
Virtual router vr_id IP interface should be interface_id
cli
Enabled real server server_id has no IP address
cli
Real server server_id has same IP address as IP interface interface_id
cli
Real server server_id has same IP address as switch
cli
Real server server_id (Backup for server_id) is not enabled
cli
Real server server_id has same IP address as virtual server server_id
cli
Real server server_id has same IP address as real server server_id
cli
Real server group group_id cannot backup itself
cli
Real server server_id cannot be added to same group
cli
Enabled virtual server server_id has no IP address
cli
Virtual server server_id has same IP address as IP interface interface_id
cli
Virtual server server_id has same IP address as switch
cli
Virtual servers server_id and server_id with same IP address must support same
layr3 configuration
cli
Real server server_id cannot be backup server for both real server server_id and
group group_id
cli
Virtual server server_id has same IP address and vport as virtual server server_id
cli
RS server_id can't exist for VS server_id vport virtual_port
cli
Switch port port_id has same proxy IP address as port port_id
cli
Switch port port_id has same IP address as IP interface interface_id
cli
A hot-standby port cannot also be an inter-switch port
cli
There must be at least one inter-switch port if any hot-standby port exist
648

Thread ID
Message
cli
With VMA, ports 1-8 must all have a PIP if any one does
cli
Client bindings are not supported with proxy IP addresses
cli
DAM must be turned on or a PIP must be enabled for port port_id in order for virtual
server to support FTP parsing
cli
Real server server_id and group %u cannot both have backups configured
cli
Virtual server server_id : port mapping but layer3 bindings
cli
Extracting length has to set to 8 or 16 for cookie rewrite mode
cli
DAM must be turned on or a PIP must be enabled for port port_id in order for virtual
server server_id to support URL parsing
cli
Port filtering must be disabled on port port_id in order to support cookie based
persistence for virtual server server_id
cli
Virtual server server_id: port mapping but Direct Access Mode
cli
Virtual server %lu: support nonat IP but not layer 3 bindings
cli
Virtual servers: all that support IP must use same group
cli
Virtual servers server_id and server_id that include the same real server server_id
cannot map the same real port or balance UDP
cli
Virtual server server_id: UDP service virtual_port with out-of-range port number
cli
Switch cannot support more than MAX_VIRT_SERVICES virtual services
cli
Switch cannot support more than MAX_SMT real services
cli
Trunk group (trunk_id) ports must have same L4 config
cli
Trunk group (trunk_id) ports must all have a PIP
cli
DAM must be turned on or a PIP must be enabled for ports port_id in order to do
URL based redirection
cli
Two services have same hostname, host_name . domain_name "
cli
Direct access mode is not supported with default gateway load balancing
cli
SLB Radius secret must be 16 characters long
cli
Dynamic NAT filter filter_id must be cached
cli
NAT filter filter_id must have same smask and dmask
cli
NAT filter filter_id cannot have port ranges
cli
NAT filter filter_id must be cached
cli
NAT filter filter_id dest range includes VIP server_id
cli
NAT filter filter_id dest range includes RIP server_id
cli
Redirection filter filter_id must be cached
cli
Filter with L4 ports configured port_id must have IP protocol configured
cli
For Global SLB, Web server must be moved from TCP port 80
cli
Remote site site_id does not have a primary IP address
cli
Primary and secondary remote site site_id switches must differ
cli
Remote sites site_id and site_id must use different addresses
cli
Remote site site_id and real server server_id must use different addresses
649

Thread ID
Message
cli
Remote site site_id and virtual server server_id must use different addresses
cli
Only MAX_SLB_SITES remote servers are allowed per group
cli
Only MAX_SLB_SERVICES remote services are supported
cli
Enabled external lookup IP address has no IP address
cli
domain name must be configured
cli
Network static_network_id has no VIP address
cli
duplicate default entry
cli
BGP peer bgp_peer_id must have an IP address
cli
BGP peers bgp_peer_id and bgp_peer_id have same address
cli
BGP peer bgp_peer_id have same address as IP interface ip_interface_id
cli
BGP peer bgp_peer_id IP interface ip_interface_id is not enabled
cli
Filter with ICMP types configured (icmp_type) must have IP protocol configure to
ICMP
cli
Two services have same hostname, host_name . domain_name
cli
Loadbalance string must be added to real server server_id in order to enable

exclusionary string matching
cli
intrval input value must be in the range [0-24]
isd
unable to listen to BOOTP_SERVER_PORT port
mgmt
PANIC at file: line in thread thread id
mgmt
VERIFY at file: line in thread thread id
mgmt
ASSERT at file: line in thread thread id
mgmt
Apply not done
mgmt
Save not done
mgmt
" "apply" "|" "save" " is issued by another user. Try later
mgmt
unapplied changes reverted
mgmt
unsaved changes reverted
mgmt
Attempting to redirect a previously redirected output
ntp
unable to listen to NTP port
port_mirr
Port Mirroring changes are not applied
sntp
Error: Error writing STG config to FLASH
sntp
Error: Error writing config to FLASH
vrrp
Attempting to redirect a previously redirected output
vrrp
cfg_sync_tx_putsn: ABORTED
vrrp
Synchronization TX Error
vrrp
Synchronization TX connection RESET
vrrp
Synchronization TX connection TIMEOUT
vrrp
Synchronization TX connection UNREACEABLE
vrrp
Synchronization TX connection UNKNOWN CLOSE
650

Thread ID
Message
vrrp
Synchronization RX connection RESET
vrrp
Synchronization RX connection TIMEOUT
vrrp
Synchronization RX connection UNREACEABLE
vrrp
Synchronization RX connection UNKNOWN CLOSE
vrrp
Synchronization connection RCLOSE by peer
vrrp
Synchronization connection RCLOSE before RX
vrrp
Synchronization connection early RCLOSE in RX
vrrp
Synchronization connection Wait-For-Close Timeout
vrrp
Synchronization connection Transmit Timeout
vrrp
Synchronization Receive Timeout
vrrp
Synchronization Receive UNKNOWN Timeout
vrrp
Sync transmit in progress ... cannot start Sync
vrrp
Sync receive in progress ... cannot start Sync
vrrp
Sync already in progress ... cannot start Sync
vrrp
Config Sync route find error
vrrp
Config Sync tcp_open error
vrrp
Config Synchronization Timeout - Resuming Console thread
vrrp
" "apply""|""save"" is issued by another user. Try later
vrrp
new configuration did not validate (rc = )
vrrp
new configuration did not apply (rc = )
vrrp
new configuration did not save (rc = )
vrrp
Sync config apply error
vrrp
Restoring Current Config
vrrp
Sync rx tcp open error
vrrp
Sync Version/Password Failed-No Version/Password Line
vrrp
Sync Version Failed - peer:%s config:%s
vrrp
Sync Password Failed-Bad Password
vrrp
Sync receive already in progress ... cannot start Sync receive
vrrp
Sync transmit in progress ... cannot start Sync receive
LOG_NOTICE
The following is the list of LOG_NOTICE Thread IDs and messages.
Table 470: LOG_NOTICE Thread IDs and Messages
Thread ID
Message
bgp
session established with BGP_peer_ip_address
IP
default gateway ip_address
""enabled""|""disabled""
651

Thread ID
Message
IP
default gateway ip_address operational
mgmt
boot config block changed
mgmt
boot image changed
mgmt
switch reset from CLI
mgmt
syslog host changed to ip_address
mgmt
syslog host changed to this host
mgmt
second syslog host changed to ip_address
mgmt
second syslog host changed to this host
mgmt
Next boot will use active config block
mgmt
user password changed
mgmt
SLB operator password changed
mgmt
L4 operator password changed
mgmt
operator password changed
mgmt
SLB administrator password changed
mgmt
L4 administrator password changed
mgmt
administrator password changed
mgmt
RADIUS server timeouts
mgmt
Failed login attempt via TELNET from host %s
mgmt
PASSWORD FIX-UP MODE IN USE
mgmt
login_level login on Console
mgmt
login_level
mgmt
PANIC command from CLI
mgmt
login_level login from host ip_address
mgmt
login_level
port_mirr
port mirroring is ""enabled""|""disabled""
slb
backup server ip_address
""enabled""|""diabled"" for real server server_id
slb
backup server ip_address
""enabled""|""disabled"" for real server group group_id
slb
backup group server ip_address

group_id
slb
overflow server ip_address
""enabled""|""disabled"" for real server server_id
slb
overflow server ip_address

group_id
""enabled""|""disabled"" for real server group
slb
overflow group server ip_address

group_id
slb
real server ip_address operational
slb
real service ip_address:real_port operational
slb
No services are available for "IP4 | IP6" Virtual Server virtual_server
slb
Services are available for "IP4 | IP6" Virtual Server virtual_server
slb
real group number is up with advanced health check formula
652
""idle timeout""|""logout"" from Console
""connection closed""|""idle timeout""|""logout"" from

Thread ID
Message
ssh
scp login_level login
ssh
scp login_level
system
Power Supply OK
system
Dual Power Supply OK
system
temperature ok
system
fan ok
system
rebooted last_reset_information
system
rebooted last_reset_information administrator logged in
""connection closed""|""idle timeout""|""logout""
vlan
Default VLAN can not be deleted
vrrp
virtual router ip_address is now master
vrrp
virtual router ip_address is now backup
LOG_INFO
The following is the list of LOG_INFO Thread IDs and messages.
Table 471: LOG_INFO Thread IDs and Messages
Thread ID
Message
appsvc
Allocated cache space has reached 80%.
appsvc
Allocated cache space is below 80%.
appsvc
<nCipher/Cavium/Broadcom> SSL accelerator detected
appsvc
Client Certificate <common-name> revoked by <issuer-name> < OCSP>
appsvc
Start process cache content list
appsvc
End process cache content list
mgmt
new configuration applied
mgmt
new configuration saved
mgmt
unsaved changes reverted
mgmt
Could not revert unsaved changes
mgmt
image1|image2 downloaded from host ip_address, file file_name

software_version
mgmt
serial EEPROM downloaded from host ip_address file file_name
mgmt
login_level login on Console
mgmt
login_level
mgmt
login_level login from host ip_address
mgmt
login_level
ssh
scp login_level login
ssh
scp login_level
ssh
server key autogen starts
ssh
server key autogen completes
""idle timeout""|""logout"" from Console

""connection closed""|""idle timeout""|""logout"" from Telnet/SSH.
""connection closed""|""idle timeout""|""logout""
653

Table 471: LOG_INFO Thread IDs and Messages
Thread ID
Message
ssh
server key autogen timer timeouts
system
bootp response from ip_address
vrrp
new synch configuration applied
vrrp
new synch configuration saved
vrrp
Synchronizing from host_name
vrrp
Synchronizing to host_name
vrrp
Config Synchronization Transmit Successful
vrrp
Config Synchronization Receive Successful
vrrp
new configuration VALIDATED
654
Appendix B Alteon Application Switch

Operating System SNMP Agent
The Alteon SNMP agent supports SNMP version 1, version 2, and version 3. Version 3 supports two
authentication protocols: MD5 and SHA.
This appendix includes the following sections:
Supported MIBs, page 655
Supported Traps, page 656
Supported MIBs
This section includes the following sub-sections:
Enterprise MIB Documents, page 655
SynOptics MIBs, page 655
Standard MIBs, page 655
SNMPv3 MIBs, page 656
Enterprise MIB Documents

Detailed SNMP MIBs and trap definitions of the SNMP agent can be found in the following enterprise
MIB documents:
altroot.mib
aosSwitch.mib
aosPhysical.mib
aosNetwork.mib
aosLayer4.mib
aosLayer7.mib
aosBwm.mib
aosTrap.mib
SynOptics MIBs
In addition to the enterprise MIB documents, the following SynOptics MIBS are also supported:
synro193.mibSynOptics Root MIB
s5roo117.mibSynOptics Registration MIB
s5tcs112.mibTextual Convention MIB
s5emt104.mibEthernet Multi segment Autotopology MIB
Standard MIBs
The SNMP agent supports the following standard MIBs:
RFC 1213MIB II (System, Interface, Address Translation, IP, ICMP, TCP, UDP, SNMP Groups)
RFC 1573MIB II Extension (IFX table)
RFC 1643EtherLike MIB
655

Alteon Application Switch Operating System SNMP Agent
RFC 1493Bridge MIB
RFC 1757RMON MIB (Statistics, History, Alarm, Event Groups)
RFC 1850 for OSPF
RFC 1657 for BGP
IEEE 802.3ad MIB for LACP
SNMPv3 MIBs
The following SNMPv3 MIBs are supported:
RFC 2571SNMP Frame work
RFC 2572MPD MIB
RFC 2573Target MIB
RFC 2574USM MIB
RFC 2575VACM MIB
RFC 2576Community MIB
Supported Traps
SNMPv1, v2, v3 traps can be sent to the hosts configured in the targetAddr table. Up to 16 IP
addresses can be configured in the targetAddr table.
This section includes the following sub-sections:
Generic Traps, page 656
Spanning Tree Traps, page 656
Enterprise SNMP Traps, page 657
Generic Traps
The SNMP agent supports the following generic traps as defined in RFC 1215:
ColdStart
WarmStart
LinkDown
LinkUp
AuthenticationFailure
Spanning Tree Traps

The SNMP agent also supports two Spanning Tree traps as defined in RFC 1493:
NewRoot
TopologyChange
656

Enterprise SNMP Traps

The following are the enterprise SNMP traps supported in Alteon:
Table 472: Supported Enterprise SNMP Traps
Trap Name
Description
altSwBulkApply
The new configuration has been applied.
altSwDefGwUp
The default gateway is alive.
altSwDefGwDown
The default gateway is down.
altSwDefGwInService
The default gateway is up and in service.
altSwDefGwNotInService
The default gateway is alive but not in service.
altSwSlbRealServerUp
The real server is up and operational.
altSwSlbRealServerDown
The real server is down and out of service.
altSwSlbRealServerMaxConnR The real server has reached maximum connections.

eached
altSwSlbBkupRealServerAct
The backup real server is activated because of the availability of

the primary real server.
altSwSlbBkupRealServerDeact The backup real server is deactivated because the primary real
server is available.
altSwSlbBkupRealServerActOv The backup real server is deactivated because the primary real
erflow
server has overflowed.
altSwSlbBkupRealServerDeact The backup real server is deactivated because the primary real
Overflow
server is no longer in the overflow situation.
altSwfltFilterFired
The packet received on a port matches the filter rule.
altSwSlbRealServerServiceUp
The service port of the real server is up and operational.
altSwSlbRealServerServiceDo
wn
The service port of the real server is down and out of service.
altSwVrrpNewMaster
The sending agent has transitioned to Master state.
altSwVrrpNewBackup
The sending agent has transitioned to Backup state.
altSwVrrpAuthFailure
A packet has been received from a router whose authentication

key or authentication type conflicts with this router's
authentication key or authentication type. Implementation of this
trap is optional.
altSwLoginFailure
A user failed to enter a valid username/password combination.
altSwSlbSynAttack
A SYN attack has been detected.
altSwTcpHoldDown
New TCP connection requests from a particular client are blocked

for a pre-determined amount of time because the rate of new TCP
connections from that client has reached a pre-determined
threshold.
altSwTempExceedThreshold
The Alteon temperature has exceeded maximum safety limits.
altSwSlbSessAttack
An SLB attack has been detected.
altSwFanFailure
A fan failure has occurred.
altSwSlbVirtServerServicesUp
The service ports of the virtual server is up and operational.
altSwSlbVirtServerServicesDo
wn
The service ports of the virtual server is down and out of service.
657

Table 472: Supported Enterprise SNMP Traps
Trap Name
Description
altSwSlbRealGroupAdvhlUp
The real group is up with an advanced health check formula.
altSwSlbRealGroupAdvhlDown The real group is down with an advanced health check formula.
altSwSlbBkupGroupAct
The backup group is enabled while the primary group is going

down with an advanced health check formula.
altSwSlbBkupGroupDeact
The backup group is disabled while the primary group is going up

with an advanced health check formula.
altSwSlbRemoteRealServerUp
The remote real server is up.
altSwSlbRemoteRealServerDo
wn
The remote real server has gone down and is out of service.
altSwSlbRealServerOperDis
The real server is disabled operationally.
altSwSlbRealServerOperEna
The real server is enabled operationally.
altSwIfcVlanDown
All the interfaces in that VLAN are either disabled or moved to a

different VLAN.
altSwPortVlanDown
All the ports are either down or moved to different a VLAN and
interfaces are down in that VLAN.
altSwIfcVlanUp
Interfaces are available for this VLAN.
altSwPortVlanUp
Physical ports and interfaces are available for this VLAN.
658
Appendix C Glossary
This appendix includes descriptions of important terms and concepts used in this document.
Term
Description
DIP (Destination IP Address)
The destination IP address of a frame.
Dport (Destination Port)
The destination port (application socket: for example, HTTP-80,

HTTPS-443, DNS-53).
NAT (Network Address

Translation)
Any time an IP address is changed from one source IP or

destination IP address to another address, network address
translation (NAT) can be said to have taken place. In general, half
NAT is when the destination IP or source IP address is changed
from one address to another. Full NAT is when both addresses are
changed from one address to another. No NAT is when neither
source nor destination IP addresses are translated. Virtual serverbased load balancing uses half NAT by design, because it translates
the destination IP address from the virtual server IP address to that
of one of the real servers.
Preemption
In VRRP, preemption causes a virtual router that has a lower

priority to go into backup should a peer virtual router start
advertising with a higher priority.
Priority
In VRRP, the value given to a virtual router to determine its ranking

with its peers. A higher number will win out for master designation.
Values: 1254
Default: 100
Proto (Protocol)
The protocol of a frame. Can be any value represented by a 8-bit

value in the IP header adherent to the IP specification, such as TCP,
UDP, OSPF, ICMP, and so on.
Real Server Group
A group of real servers that are associated with a virtual server IP

address, or a filter.
Redirection or Filter-Based
Load Balancing
A type of load balancing that operates differently from virtual

server-based load balancing. With this type of load balancing,
requests are transparently intercepted and redirected to a server
group. Transparently means that requests are not specifically
destined for a virtual server IP address that Alteon owns. Instead, a
filter is configured on Alteon. This filter intercepts traffic based on
certain IP header criteria and load balances it.
Filters can be configured to filter on the SIP/range (via netmask),
DIP/range (via netmask), protocol, sport/range or dport/range. The
action on a filter can be Allow, Deny, Redirect to a Server Group, or
NAT (translation of either the source IP or destination IP address).
In redirection-based load balancing, the destination IP address is
not translated to that of one of the real servers. Therefore,
redirection-based load balancing is designed to load balance
Alteons that normally operate transparently in your networksuch
as a firewall, spam filter, or transparent Web cache.
RIP (Real Server)
Real server IP Address. An IP addresses that Alteon load balances

to when requests are made to a virtual server IP address (VIP).
SIP (Source IP Address)
The source IP address of a frame.
SPort (Source Port)
The source port (application socket: for example: HTTP-80, HTTPS443, DNS-53).
659

Glossary
Term
Description
Tracking
In VRRP, a method to increase the priority of a virtual router and,

as a result the master designation (with preemption enabled).
Tracking can be very valuable in an Active-Active configuration.
VIP (Virtual Server IP

Address)
An IP address that Alteon owns and uses to load balance particular

service requests (such as HTTP) to other servers.
VIR (Virtual Interface Router) A VRRP address that is an IP interface address shares between two
or more virtual routers.
Virtual Router
A shared address between two Alteons using VRRP, as defined in

RFC 2338. One virtual router is associated with an IP interface. This
is one of the IP interfaces that Alteon is assigned. All IP interfaces
must be in a VLAN. If there is more than one VLAN defined, the
VRRP broadcasts are only sent out on the VLAN of which the
associated IP interface is a member.
Virtual Server Load Balancing Classic load balancing. Requests destined for a virtual server IP
address (VIP), which is owned by Alteon, are load balanced to a
real server contained in the group associated with the VIP. Network
address translation is done back and forth, by Alteon, as requests
come and go.
Frames come to Alteon destined for the VIP. Alteon then replaces
the VIP and with one of the real server IP addresses (RIPs),
updates the relevant checksums, and forwards the frame to the
server for which it is now destined. This process of replacing the
destination IP (VIP) with one of the real server addresses is called
half NAT. If the frames were not sent to the address of one of the
RIPs using half NAT, a server would receive the frame that was
destined for its MAC address, forcing the packet up to Layer 3. The
server would then drop the frame, because the packet would have
the DIP of the VIP, and not that of the server (RIP).
VRID (Virtual Router
Identifier)
In VRRP, a value used by each virtual router to create its MAC

address and identify its peer for which it is sharing this VRRP
address. The VRRP MAC address as defined in the RFC is 00-00-5E00-01-{VRID}. If you have a VRRP address that two Alteons are
sharing, then the VRID number needs to be identical on both
Alteons so each virtual router on each Alteon is aware of with whom
to share.
Values: 1255
660

Glossary
Term
Description
VRRP (Virtual Router

Redundancy Protocol)
A protocol that acts similarly to Cisco's proprietary HSRP address

sharing protocol. The reason having for both of these protocols is
so Alteons have a next hop or default gateway that is always
available. Two or more Alteons sharing an IP interface are either
advertising or listening for advertisements. These advertisements
are sent via a broadcast message to an address such as
224.0.0.18.
With VRRP, one Alteon is considered the master and the other the
backup. The master is always advertising via broadcasts. The
backup Alteon is always listening for the broadcasts. Should the
master stop advertising, the backup takes over ownership of the
VRRP IP and MAC addresses as defined by the specification. Alteon
announces this change in ownership to Alteons around it by way of
a Gratuitous ARP, and advertisements. If the backup Alteon did not
perform Gratuitous ARP, the Layer 2 devices attached to Alteon
would not know that the MAC address had moved in the network.
For a more detailed description, refer RFC 2338.
VSR (Virtual Server Router)
A VRRP address that is a shared virtual server IP address. VSR is a

proprietary extension to the VRRP specification. Alteons must share
virtual server IP addresses, as well as IP interfaces. If they do not,
the two Alteons fight for ownership of the virtual server IP address,
and the ARP tables in the Alteons around them have two ARP
entries with the same IP address but different MAC addresses.
661

Glossary
662
Radware Ltd. End User License Agreement

By accepting this End User License Agreement (this License Agreement) you agree to be contacted
by Radware Ltd.s (Radware) sales personnel.
If you would like to receive license rights different from the rights granted below or if you wish to
acquire warranty or support services beyond the scope provided herein (if any), please contact
Radware's sales team.
THIS LICENSE AGREEMENT GOVERNS YOUR USE OF ANY SOFTWARE DEVELOPED AND/OR
DISTRIBUTED BY RADWARE AND ANY UPGRADES, MODIFIED VERSIONS, UPDATES, ADDITIONS,
AND COPIES OF THE SOFTWARE FURNISHED TO YOU DURING THE TERM OF THE LICENSE
GRANTED HEREIN (THE SOFTWARE). THIS LICENSE AGREEMENT APPLIES REGARDLESS OF
WHETHER THE SOFTWARE IS DELIVERED TO YOU AS AN EMBEDDED COMPONENT OF A RADWARE
PRODUCT (PRODUCT), OR WHETHER IT IS DELIVERED AS A STANDALONE SOFTWARE PRODUCT.
FOR THE AVOIDANCE OF DOUBT IT IS HEREBY CLARIFIED THAT THIS LICENSE AGREEMENT
APPLIES TO PLUG-INS, CONNECTORS, EXTENSIONS AND SIMILAR SOFTWARE COMPONENTS
DEVELOPED BY RADWARE THAT CONNECT OR INTEGRATE A RADWARE PRODUCT WITH THE
PRODUCT OF A THIRD PARTY (COLLECTIVELY, CONNECTORS) FOR PROVISIONING,
DECOMMISSIONING, MANAGING, CONFIGURING OR MONITORING RADWARE PRODUCTS. THE
APPLICABILITY OF THIS LICENSE AGREEMENT TO CONNECTORS IS REGARDLESS OF WHETHER
SUCH CONNECTORS ARE DISTRIBUTED TO YOU BY RADWARE OR BY A THIRD PARTY PRODUCT
VENDOR. IN CASE A CONNECTOR IS DISTRIBUTED TO YOU BY A THIRD PARTY PRODUCT VENDOR
PURSUANT TO THE TERMS OF AN AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT
VENDOR, THEN, AS BETWEEN RADWARE AND YOURSELF, TO THE EXTENT THERE IS ANY
DISCREPANCY OR INCONSISTENCY BETWEEN THE TERMS OF THIS LICENSE AGREEMENT AND THE
TERMS OF THE AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT VENDOR, THE TERMS
OF THIS LICENSE AGREEMENT WILL GOVERN AND PREVAIL. PLEASE READ THE TERMS AND
CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE
CONTAINING RADWARE'S PRODUCT, OR BEFORE DOWNLOADING, INSTALLING, COPYING OR
OTHERWISE USING RADWARE'S STANDALONE SOFTWARE (AS APPLICABLE). THE SOFTWARE IS
LICENSED (NOT SOLD). BY OPENING THE PACKAGE CONTAINING RADWARE'S PRODUCT, OR BY
DOWNLOADING, INSTALLING, COPYING OR USING THE SOFTWARE (AS APPLICABLE), YOU
CONFIRM THAT YOU HAVE READ AND UNDERSTAND THIS LICENSE AGREEMENT AND YOU AGREE
TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. FURTHERMORE, YOU HEREBY WAIVE
ANY CLAIM OR RIGHT THAT YOU MAY HAVE TO ASSERT THAT YOUR ACCEPTANCE AS STATED
HEREINABOVE IS NOT THE EQUIVALENT OF, OR DEEMED AS, A VALID SIGNATURE TO THIS LICENSE
AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY THE TERMS OF THIS LICENSE
AGREEMENT, YOU SHOULD PROMPTLY RETURN THE UNOPENED PRODUCT PACKAGE OR YOU
SHOULD NOT DOWNLOAD, INSTALL, COPY OR OTHERWISE USE THE SOFTWARE (AS APPLICABLE).
THIS LICENSE AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SOFTWARE
BETWEEN YOU AND RADWARE, AND SUPERSEDES ANY AND ALL PRIOR PROPOSALS,
REPRESENTATIONS, OR UNDERSTANDINGS BETWEEN THE PARTIES. YOU MEANS THE NATURAL
PERSON OR THE ENTITY THAT IS AGREEING TO BE BOUND BY THIS LICENSE AGREEMENT, THEIR
EMPLOYEES AND THIRD PARTY CONTRACTORS. YOU SHALL BE LIABLE FOR ANY FAILURE BY SUCH
EMPLOYEES AND THIRD PARTY CONTRACTORS TO COMPLY WITH THE TERMS OF THIS LICENSE
AGREEMENT.
1.
License Grant. Subject to the terms of this Agreement, Radware hereby grants to you, and you
accept, a limited, nonexclusive, nontransferable license to install and use the Software in
machine-readable, object code form only and solely for your internal business purposes
(Commercial License). If the Software is distributed to you with a software development kit
(the SDK), then, solely with regard to the SDK, the Commercial License above also includes a
limited, nonexclusive, nontransferable license to install and use the SDK solely on computers
within your organization, and solely for your internal development of an integration or
interoperation of the Software and/or other Radware Products with software or hardware
products owned, licensed and/or controlled by you (the SDK Purpose). To the extent an SDK is
distributed to you together with code samples in source code format (the Code Samples) that
are meant to illustrate and teach you how to configure, monitor and/or control the Software
and/or any other Radware Products, the Commercial License above further includes a limited,
663

nonexclusive, nontransferable license to copy and modify the Code Samples and create
derivative works based thereon solely for the SDK Purpose and solely on computers within your
organization. The SDK shall be considered part of the term Software for all purposes of this
License Agreement. You agree that you will not assign, sublicense, transfer, pledge, lease, rent
or share your rights under this License Agreement nor will you distribute copies of the Software
or any parts thereof. Rights not specifically granted herein, are specifically prohibited.
2.
Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which you download the Software, as inferred from any timelimited evaluation license keys that you are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (Evaluation Use) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
discretion (the Evaluation Period). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, you agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and you agree to pay Radware any amounts due for any
applicable license fees at Radware's then-current list prices.
3.
Subscription Software. If you licensed the Software on a subscription basis, your rights to use
the Software are limited to the subscription period. You have the option to extend your
subscription. If you extend your subscription, you may continue using the Software until the end
of your extended subscription period. If you do not extend your subscription, after the expiration
of your subscription, you are legally obligated to discontinue your use of the Software and
completely remove the Software from your system.
4.
Feedback. Any feedback concerning the Software including, without limitation, identifying
potential errors and improvements, recommended changes or suggestions (Feedback),
provided by you to Radware will be owned exclusively by Radware and considered Radware's
confidential information. By providing Feedback to Radware, you hereby assign to Radware all of
your right, title and interest in any such Feedback, including all intellectual property rights
therein. With regard to any rights in such Feedback that cannot, under applicable law, be
assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants
Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable,
sublicensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make,
have made, distribute, sell, offer for sale, display, perform, create derivative works of and
otherwise exploit the Feedback without restriction. The provisions of this Section 4 will survive
the termination or expiration of this Agreement.
5.
Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble, decompile,
reverse engineer or otherwise attempt to derive source code (or the underlying ideas,
algorithms, structure or organization) from the Software; or (c) remove any copyright notices,
identification or any other proprietary notices from the Software (including any notices of Third
Party Software (as defined below); or (d) copy the Software onto any public or distributed
network or use the Software to operate in or as a time-sharing, outsourcing, service bureau,
application service provider, or managed service provider environment. Notwithstanding Section
5(d), if you provide hosting or cloud computing services to your customers, you are entitled to
use and include the Software in your IT infrastructure on which you provide your services. It is
hereby clarified that the prohibitions on modifying, or creating derivative works based on, any
Software provided by Radware, apply whether the Software is provided in a machine or in a
human readable form. Human readable Software to which this prohibition applies includes
(without limitation) Radware AppShape++ Script Files that contain Special License Terms. It
is acknowledged that examples provided in a human readable form may be modified by a user.
664

6. Intellectual Property Rights. You acknowledge and agree that this License Agreement does
not convey to you any interest in the Software except for the limited right to use the Software,
and that all right, title, and interest in and to the Software, including any and all associated
intellectual property rights, are and shall remain with Radware or its third party licensors. You
further acknowledge and agree that the Software is a proprietary product of Radware and/or its
licensors and is protected under applicable copyright law.
7. No Warranty. The Software, and any and all accompanying software, files, libraries, data and
materials, are distributed and provided AS IS by Radware or by its third party licensors (as
applicable) and with no warranty of any kind, whether express or implied, including, without
limitation, any non-infringement warranty or warranty of merchantability or fitness for a
particular purpose. Neither Radware nor any of its affiliates or licensors warrants, guarantees, or
makes any representation regarding the title in the Software, the use of, or the results of the
use of the Software. Neither Radware nor any of its affiliates or licensors warrants that the
operation of the Software will be uninterrupted or error-free, or that the use of any passwords,
license keys and/or encryption features will be effective in preventing the unintentional
disclosure of information contained in any file. You acknowledge that good data processing
procedure dictates that any program, including the Software, must be thoroughly tested with
non-critical data before there is any reliance on it, and you hereby assume the entire risk of all
use of the copies of the Software covered by this License. Radware does not make any
representation or warranty, nor does Radware assume any responsibility or liability or provide
any license or technical maintenance and support for any operating systems, databases,
migration tools or any other software component provided by a third party supplier and with
which the Software is meant to interoperate.
This disclaimer of warranty constitutes an essential and material part of this License.
In the event that, notwithstanding the disclaimer of warranty above, Radware is held liable
under any warranty provision, Radware shall be released from all such obligations in the event
that the Software shall have been subject to misuse, neglect, accident or improper installation,
or if repairs or modifications were made by persons other than by Radware's authorized service
personnel.
8. Limitation of Liability. Except to the extent expressly prohibited by applicable statutes, in no
event shall Radware, or its principals, shareholders, officers, employees, affiliates, licensors,
contractors, subsidiaries, or parent organizations (together, the Radware Parties), be liable for
any direct, indirect, incidental, consequential, special, or punitive damages whatsoever relating
to the use of, or the inability to use, the Software, or to your relationship with, Radware or any
of the Radware Parties (including, without limitation, loss or disclosure of data or information,
and/or loss of profit, revenue, business opportunity or business advantage, and/or business
interruption), whether based upon a claim or action of contract, warranty, negligence, strict
liability, contribution, indemnity, or any other legal theory or cause of action, even if advised of
the possibility of such damages. If any Radware Party is found to be liable to You or to any thirdparty under any applicable law despite the explicit disclaimers and limitations under these
terms, then any liability of such Radware Party, will be limited exclusively to refund of any
license or registration or subscription fees paid by you to Radware.
9. Third Party Software. The Software includes software portions developed and owned by third
parties (the Third Party Software). Third Party Software shall be deemed part of the Software
for all intents and purposes of this License Agreement; provided, however, that in the event that
a Third Party Software is a software for which the source code is made available under an open
source software license agreement, then, to the extent there is any discrepancy or inconsistency
between the terms of this License Agreement and the terms of any such open source license
agreement (including, for example, license rights in the open source license agreement that are
broader than the license rights set forth in Section 1 above and/or no limitation in the open
source license agreement on the actions set forth in Section 5 above), the terms of any such
open source license agreement will govern and prevail. The terms of open source license
agreements and copyright notices under which Third Party Software is being licensed to
Radware or a link thereto, are included with the Software documentation or in the header or
readme files of the Software. Third Party licensors and suppliers retain all right, title and interest
in and to the Third Party Software and all copies thereof, including all copyright and other
665

intellectual property associated therewith. In addition to the use limitations applicable to Third
Party Software pursuant to Section 5 above, you agree and undertake not to use the Third Party
Software as a general SQL server, as a stand-alone application or with applications other than
the Software under this License Agreement.
10. Term and Termination. This License Agreement is effective upon the first to occur of your
opening the package of the Product, purchasing, downloading, installing, copying or using the
Software or any portion thereof, and shall continue until terminated. However, sections 4-13
shall survive any termination of this License Agreement. The License under this License
Agreement is not transferable and will terminate upon transfer of the Software. If the Software
is licensed on subscription basis, this Agreement will automatically terminate upon the
termination of your subscription period if it is not extended.
11. Export. The Software or any part thereof may be subject to export or import controls under the
laws and regulations of the United States and/or Israel. You agree to comply with such laws and
regulations, and, agree not to knowingly export, re-export, import or re-import, or transfer
products without first obtaining all required Government authorizations or licenses therefor.
12. Governing Law. This License Agreement shall be construed and governed in accordance with
the laws of the State of Israel.
13. Miscellaneous. If a judicial determination is made that any of the provisions contained in this
License Agreement is unreasonable, illegal or otherwise unenforceable, such provision or
provisions shall be rendered void or invalid only to the extent that such judicial determination
finds such provisions to be unreasonable, illegal or otherwise unenforceable, and the remainder
of this License Agreement shall remain operative and in full force and effect. In any event a
party breaches or threatens to commit a breach of this License Agreement, the other party will,
in addition to any other remedies available to, be entitled to injunction relief. This License
Agreement constitutes the entire agreement between the parties hereto and supersedes all prior
agreements between the parties hereto with respect to the subject matter hereof. The failure of
any party hereto to require the performance of any provisions of this License Agreement shall in
no manner affect the right to enforce the same. No waiver by any party hereto of any provisions
or of any breach of any provisions of this License Agreement shall be deemed or construed
either as a further or continuing waiver of any such provisions or breach waiver or as a waiver of
any other provision or breach of any other provision of this License Agreement.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE YOU MUST REMOVE THE
SOFTWARE FROM ANY DEVICE OWNED BY YOU AND IMMIDIATELY CEASE USING THE
SOFTWARE.
COPYRIGHT 2013, Radware Ltd. All Rights Reserved.
666

AlteonOS 29.0.0 Command Ref

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

AlteonOS 29.0.0 Command Ref

Загружено:

Авторское право:

Доступные форматы

Alteon Application Switch Operating System

Alteon Application Switch Operating System Command Reference

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

The Regents of the University of California. All rights reserved.

Notice traitant du copyright

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Ce produit inclut un logiciel dvelopp par Markus Friedl

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (AS IS)

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Dual-Power-Supply-System Safety Warning in Chinese:

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Figure 3: Statement for Class A VCCI-certified Equipment

Translation of Statement for Class A VCCI-certified Equipment:

Figure 4: Statement for Class B VCCI-certified Equipment

Translation of Statement for Class B VCCI-certified Equipment:

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Figure 5: KCCKorea Communications Commission Certificate of Broadcasting and

Figure 6: Statement For Class A KCC-certified Equipment in Korean

Translation of Statement For Class A KCC-certified Equipment in Korean:

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

This marking or statement includes the following text warning:

DO NOT plug in, turn on or attempt to operate an obviously damaged unit.

AC units for Denmark, Finland, Norway, Sweden (marked on product):

Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla

Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt

Unit is intended for connection to IT power systems for Norway only.

To connect the power connection:

Connect the power cable to the grounded AC outlet.

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Figure 7: tiquette davertissement de danger de chocs lectriques

AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Figure 9: Dclaration pour lquipement de classe A certifi VCCI

Traduction de la Dclaration pour lquipement de classe A certifi VCCI:

Figure 10: Dclaration pour lquipement de classe B certifi VCCI

Traduction de la Dclaration pour lquipement de classe B certifi VCCI:

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Translation de la Dclaration pour lquipement de classe A certifi KCC en langue corenne:

Document ID: RDWR-ALOS-V2900_RG1303

Alteon Application Switch Operating System Command Reference

Cette marque ou remarque inclut lavertissement textuel suivant:

Ne faites pas fonctionner lappareil dans un endroit, o la temprature ambiante dpasse la

Finlande (tiquette et inscription dans le manuel) - Laite on liitettv

Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt