Академический Документы
Профессиональный Документы
Культура Документы
Command Reference
Software Version 29.0.0.0
Document ID: RDWR-ALOS-V2900_RG1303
March, 2013
Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
The AppShape++ Script Files provided by Radware Ltd. are subject to the Special License Terms
included in each of the electronic AppShape++ Script Files and are also subject to Radware's End
User License Agreement, a copy of which (as may be amended from time to time) can be found at
the end of this document or at http://www.radware.com/Resources/eula.html.
Please note that if you create your own scripts using any AppShape++ Scripts provided by Radware,
such self-created scripts are not controlled by Radware and therefore Radware will not be liable for
any malfunctions resulting from such self-created scripts.
Copyright Radware Ltd. 2013. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Les applications AppShape++ Script Files fournies par Radware Ltd. sont soumises aux termes de la
Licence Spciale (Special License Terms) incluse dans chaque fichier lectronique AppShape++
Script Files mais aussi au Contrat de Licence d'Utilisateur Final de Radware qui peut tre modifi de
temps en temps et dont une copie est disponible la fin du prsent document ou l'adresse
suivante: http://www.radware.com/Resources/eula.html.
Nous attirons votre attention sur le fait que si vous crez vos propres fichiers de commande (fichiers
script) en utilisant l'application AppShape++ Script Files fournie par Radware, ces fichiers
script ne sont pas contrls par Radware et Radware ne pourra en aucun cas tre tenue
responsable des dysfonctionnements rsultant des fichiers script ainsi crs.
Copyright Radware Ltd. 2013. Tous droits rservs.
Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels
contenus dans ce guide sont la proprit de Radware Ltd.
Ce guide dinformations est fourni nos clients dans le cadre de linstallation et de lusage des
produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui
pour lequel il a t conu.
Les informations rpertories dans ce document restent la proprit de Radware et doivent tre
conserves de manire confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement pralable crit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert:
Die von Radware Ltd bereitgestellten AppShape++ Scriptdateien unterliegen den in jeder
elektronischen AppShape++ Scriptdatei enthalten besonderen Lizenzbedingungen sowie Radware's
Endbenutzer-Lizenzvertrag (von welchem eine Kopie in der jeweils geltenden Fassung am Ende
dieses Dokuments oder unter http://www.radware.com/Resources/eula.html erhltlich ist). Bitte
beachten Sie, dass wenn Sie Ihre eigenen Skripte mit Hilfe eines von Radware bereitgestellten
AppShape++ Skripts erstellen, diese selbsterstellten Skripte nicht von Radware kontrolliert werden
und Radware daher keine Haftung fr Funktionsfehler bernimmt, welche von diesen selbsterstellten
Skripten verursacht werden.
Copyright Radware Ltd. 2013. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.
Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
This product contains code developed by the OpenSSL Project.
This product includes software developed by the OpenSSL Project. For use in the OpenSSL Toolkit.
(http://www.openssl.org/).
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
This code is hereby placed in the public domain.
This product contains code developed by the OpenBSD Project
Copyright (c) 1983, 1990, 1992, 1993, 1995
Ce produit inclut un logiciel dvelopp dans le cadre du projet OpenSSL. Pour un usage dans la bote
outils OpenSSL (http://www.openssl.org/).
Copyright (c) 1998-2005 Le projet OpenSSL. Tous droits rservs. Ce produit inclut la catgorie de
chiffre Rijndael.
Limplmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du
domaine public et distribue sous les termes de la licence suivante:
@version 3.0 (Dcembre 2000)
Code ANSI C code pour Rijndael (actuellement AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>.
Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprs de Radware. Une copie de la licence est rpertorie sur:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Ce code est galement plac dans le domaine public.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Copyright (c) 1983, 1990, 1992, 1993, 1995
Les membres du conseil de lUniversit de Californie. Tous droits rservs.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1.
La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2.
La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
3.
Le nom de luniversit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour
approuver ou promouvoir un produit driv de ce programme sans lobtention pralable dune
autorisation crite.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS SY LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALIT MARCHANDE ET DADQUATION UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS LAUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS
SY LIMITER, LACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE DUSAGE,
DE DONNES OU DE PROFITS OU LINTERRUPTION DES AFFAIRES), QUELLE QUEN SOIT LA CAUSE
ET LA THORIE DE RESPONSABILIT, QUIL SAGISSE DUN CONTRAT, DE RESPONSABILIT
STRICTE OU DUN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE
QUELLE QUE FAON QUE CE SOIT DE LUSAGE DE CE LOGICIEL, MME SIL A T AVERTI DE LA
POSSIBILIT DUN TEL DOMMAGE.
Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschrnkten Nutzungslizenz und
knnen nur in Verbindung mit dieser Anwendung benutzt werden.
Dieses Produkt enthlt einen vom OpenSSL-Projekt entwickelten Code.
Dieses Produkt enthlt vom OpenSSL-Projekt entwickelte Software. Zur Verwendung im OpenSSL
Toolkit. (http://www.openssl.org/).
Copyright (c) 1998-2005 The OpenSSL Project. Alle Rechte vorbehalten. Dieses Produkt enthlt die
Rijndael cipher
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
ffentlich zugnglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine
ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Dieser Code wird hiermit allgemein zugnglich gemacht.
Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3.
Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Dieses Produkt enthlt von Markus Friedl entwickelte Software Dieses Produkt enthlt von Theo de
Raadt entwickelte Software Dieses Produkt enthlt von Niels Provos entwickelte Software Dieses
Produkt enthlt von Dug Song entwickelte Software
Dieses Produkt enthlt von Aaron Campbell entwickelte Software Dieses Produkt enthlt von Damien
Miller entwickelte Software Dieses Produkt enthlt von Kevin Steves entwickelte Software Dieses
Produkt enthlt von Daniel Kouril entwickelte Software Dieses Produkt enthlt von Wesley Griffin
entwickelte Software Dieses Produkt enthlt von Per Allansson entwickelte Software Dieses Produkt
enthlt von Nils Nordman entwickelte Software
Dieses Produkt enthlt von Simon Wilkinson entwickelte Software
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.
Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2.
Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.
LINE VOLTAGE
Before connecting this instrument to the power line, make sure the voltage of the power source
matches the requirements of the instrument. Refer to the Specifications for information about the
correct power rating for the device.
48V DC-powered platforms have an input tolerance of 36-72V DC.
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
10
KCC KOREA
If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
11
This equipment is designed to permit connection between the earthed conductor of the DC
supply circuit and the earthing conductor equipment. See Installation Instructions.
2.
All servicing must be undertaken only by qualified service personnel. There are not user
serviceable parts inside the unit.
3.
4.
Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5.
Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6.
Do not operate the device in a location where the maximum ambient temperature exceeds
40C/104F.
7.
Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001
Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!
Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.
Connect the power cable to the main socket, located on the rear panel of the device.
2.
CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.
Instructions de scurit
AVERTISSEMENT
Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.
En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et dincendie,
chaque procdure impliquant louverture des panneaux ou le remplacement de composants sera
excute par du personnel qualifi.
Pour rduire les risques dincendie et de chocs lectriques, dconnectez le dispositif du bloc
dalimentation avant de retirer le couvercle ou les panneaux.
12
La figure suivante montre ltiquette davertissement appose sur les plateformes Radware dotes
de plus dune source dalimentation lectrique.
Figure 8: Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois)
Traduction de la Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois):
Cette unit est dote de plus dune source dalimentation lectrique. Dconnectez toutes les sources
dalimentation lectrique avant dentretenir lappareil ceci pour viter tout choc lectrique.
ENTRETIEN
Neffectuez aucun entretien autre que ceux rpertoris dans le manuel dinstructions, moins dtre
qualifi en la matire. Aucune pice lintrieur de lunit ne peut tre remplace ou rpare.
HAUTE TENSION
Tout rglage, opration dentretien et rparation de linstrument ouvert sous tension doit tre vit.
Si cela savre indispensable, confiez cette opration une personne qualifie et consciente des
dangers impliqus.
Les condensateurs au sein de lunit risquent dtre chargs mme si lunit a t dconnecte de la
source dalimentation lectrique.
MISE A LA TERRE
Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de
cette unit doivent tre relies au systme de mise la terre du btiment.
LASER
Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
13
FUSIBLES
Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en
remplacement. Lusage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre
vits. Lorsquil est pratiquement certain que la protection offerte par les fusibles a t dtriore,
linstrument doit tre dsactiv et scuris contre toute opration involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source
dalimentation correspond aux exigences de linstrument. Consultez les spcifications propres
lalimentation nominale correcte du dispositif.
Les plateformes alimentes en 48 CC ont une tolrance dentre comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI
14
KCC Core
Figure 11: KCCCertificat de la commission des communications de Core pour les equipements de
radiodiffusion et communication.
Figure 12: Dclaration pour lquipement de classe A certifi KCC en langue corenne
Si la batterie est place dans une zone daccs oprateur, une marque est indique sur la
batterie ou une remarque est insre, aussi bien dans les instructions dexploitation que
dentretien.
Si la batterie est place ailleurs dans lquipement, une marque est indique sur la batterie ou
une remarque est insre dans les instructions dentretien.
15
Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du
circuit lectrique CC et lquipement de mise la terre. Voir les instructions dinstallation.
2.
Tout entretien sera entrepris par du personnel qualifi. Aucune pice lintrieur de lunit ne
peut tre remplace ou rpare.
3.
NE branchez pas, nallumez pas ou nessayez pas dutiliser une unit manifestement
endommage.
4.
Vrifiez que lorifice de ventilation du chssis dans lunit nest PAS OBSTRUE.
5.
Remplacez le fusible endommag par un modle similaire de mme puissance, tel quindiqu sur
ltiquette de scurit adjacente larrive lectrique hbergeant le fusible.
6.
7.
Dbranchez le cordon lectrique de la prise murale AVANT dessayer de retirer et/ou de vrifier
le fusible dalimentation principal.
PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit):
Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les
dviations du Danemark. Le cordon inclut un conducteur de mise la terre. Lunit sera
branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas
utilises!
Sude (tiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Branchez le cble dalimentation la prise principale, situe sur le panneau arrire de lunit.
2.
AVERTISSEMENT
Risque de choc lectrique et danger nergtique. La dconnexion dune source dalimentation
lectrique ne dbranche quun seul module lectrique. Pour isoler compltement lunit, dbranchez
toutes les sources dalimentation lectrique.
ATTENTION
Risque de choc et de danger lectriques. Le dbranchement dune seule alimentation stabilise ne
dbranche quun module Alimentation Stabilise. Pour Isoler compltement le module en cause, il
faut dbrancher toutes les alimentations stabilises.
Attention: Pour Rduire Les Risques dlectrocution et dIncendie
1.
Toutes les oprations dentretien seront effectues UNIQUEMENT par du personnel dentretien
qualifi. Aucun composant ne peut tre entretenu ou remplace par lutilisateur.
2.
NE PAS connecter, mettre sous tension ou essayer dutiliser une unit visiblement dfectueuse.
3.
16
4. Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme
capacit, comme indiqu sur ltiquette de scurit proche de lentre de lalimentation qui
contient le fusible.
5. NE PAS UTILISER lquipement dans des locaux dont la temprature maximale dpasse 40
degrs Centigrades.
6. Assurez vous que le cordon dalimentation a t dconnect AVANT dessayer de lenlever et/ou
vrifier le fusible de lalimentation gnrale.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von
qualifiziertem Servicepersonal durchgefhrt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
17
HOCHSPANNUNG
Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter
Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie
ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind.
Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn
das Gert von der Stromversorgung abgeschnitten wurde.
ERDUNG
Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der
Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden.
LASER
Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 +
A1:1997 + A2:2001 Standard.
SICHERUNGEN
Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der
angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das
Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der
Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben
bezglich der korrekten elektrischen Werte des Gertes.
Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC. NDERUNGEN DER
TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ
18
19
VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernetmssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
BERSTROMSCHUTZ
Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr
jede Stromeingabe in der Gebudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen
falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:
Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder einer Erklrung in der Wartungsanleitung.
Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.
Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.
2.
VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr
1.
Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe
Montageanleitung.
2.
3.
Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen,
einzuschalten oder zu betreiben.
4.
Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT
SIND.
5.
Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der
selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehuse.
6.
Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung
40C berschreitet.
7.
Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prfen.
20
Tma 25C
2.
2000m
2000m
DD
2000m
DD
DD.1
2000m 2000m
DD.2
21
Document Conventions
The following describes the conventions and symbols that this guide uses:
Item
Description
Description (French)
Beschreibung (German)
An example scenario
Un scnario dexemple
Ein Beispielszenarium
Possible damage to
equipment, software, or
data
Endommagement
Mgliche Schden an
possible de lquipement, Gert, Software oder
des donnes ou du
Daten
logiciel
Additional information
Informations
complmentaires
Zustzliche
Informationen
A statement and
instructions
Rfrences et
instructions
A suggestion or
workaround
Une suggestion ou
solution
Example
Caution:
Note:
To
Tip:
Possible physical harm to Blessure possible de
the operator
loprateur
Verletzungsgefahr des
Bedieners
Warning:
22
Table of Contents
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Safety Instructions ......................................................................................................... 8
Altitude and Climate Warning ...................................................................................... 21
Document Conventions ............................................................................................... 22
Chapter 1 Preface................................................................................................. 29
Who Should Use This Book ......................................................................................... 29
How this Book Is Organized ........................................................................................ 29
Related Documentation ............................................................................................... 29
Typographic Conventions ............................................................................................ 30
23
24
123
125
137
140
141
144
166
219
226
232
236
238
241
241
242
243
287
289
290
305
306
306
307
315
331
384
390
390
392
25
610
613
614
614
616
617
617
617
618
623
624
625
626
627
26
632
632
633
634
635
636
637
/maint/pktcap
Packet Capture Menu .......................................................................................................
/maint/ptdmp <server filename>
System Dump Put .............................................................................................................
/maint/cldmp
Clearing Dump Information ...............................................................................................
/maint/lsdmp
View Dump Statistics ........................................................................................................
/maint/panic
Panic Command ...............................................................................................................
/maint/tsdmp
Technical Support Dump ........................................
637
641
642
642
642
643
645
646
647
647
651
653
Appendix B Alteon Application Switch Operating System SNMP Agent ..... 655
Supported MIBs ........................................................................................................ 655
Enterprise MIB Documents ...............................................................................................
SynOptics MIBs ................................................................................................................
Standard MIBs ..................................................................................................................
SNMPv3 MIBs ..................................................................................................................
655
655
655
656
27
28
Chapter 1 Preface
This guide describes how to configure and use the Alteon Application Switch Operating System
(AlteonOS) software on the Alteon Application Switches. Throughout this guide, in most cases the
AlteonOS and the Alteon platform are referred to as Alteon. For documentation on installation and
initial configuration of Alteon, see the Radware Alteon Installation and Maintenance Guide.
The Command Line Interface, page 31 describes how to connect to Alteon and access the
information and configuration menus.
Menu Basics, page 39 provides an overview of the menu system, including a menu map, global
commands, and menu shortcuts.
The Information Menu, page 45 describes how to view Alteon configuration parameters
The Statistics Menu, page 121 describes how to view Alteon performance statistics.
The Configuration Menu, page 239 describes how to configure system parameters, ports,
VLANs, Spanning Tree Protocol, SNMP, Port Mirroring, IP Routing, Port Trunking, and more.
The SLB Configuration Menu, page 395 describes how to configure Server Load Balancing (SLB),
filtering, Global Server Load Balancing (GSLB), and more.
The Operations Menu, page 607 describes how to use commands which affect Alteon
performance immediately, but do not alter permanent configurations (such as temporarily
disabling ports). The menu describes how to activate or deactivate optional software features.
The Boot Options Menu, page 621 describes the use of the primary and alternate Alteon images,
how to load a new software image, and how to reset the software to factory defaults.
The Maintenance Menu, page 629 describes how to generate and access a dump of critical state
information, how to clear it, and how to clear part or all of the forwarding database.
Appendix A - Alteon Application Switch Operating System Syslog Messages, page 645 lists
Alteon syslog messages.
Appendix B - Alteon Application Switch Operating System SNMP Agent, page 655 lists the
Management Interface Bases (MIBs) supported in the Alteon software.
Glossary, page 659 defines the terminology used throughout the book.
Related Documentation
Alteon Application Switch Operating System Release NotesDescribes new features and any
caveats and limitations with the currently released Alteon versions.
Alteon Application Switch Operating System Application GuideDescribes Alteon features and
gives configuration examples.
29
Alteon Application Switch Operating System Browser-Based Interface (BBI) Quick Guide
Describes of the BBI and how to configure and access it from Alteon.
Typographic Conventions
The following table describes the typographic styles in this book:
Typeface or
Symbol
Meaning
Example
AaBbCc123
AaBbCc123
Main# sys
AaBbCc123
<>
30
A built-in, text-based command line interface (CLI) and menu system for access via local
terminal or remote Telnet session.
SNMP support for access through network management software such as HP OpenView.
The CLI is the most direct method for collecting information and performing configuration. Using a
basic terminal, you are presented with a hierarchy of menus that enable you to view information and
statistics about the system, and to perform any necessary configuration.
This chapter explains how to access the CLI.
Connecting to Alteon
You can access the CLI in any one of the following ways:
Using an SSH connection to securely log into another computer over a network
An ASCII terminal or a computer running terminal emulation software set to the parameters
shown in the following table:
Parameter
Value
Baud Rate
9600
Data Bits
Parity
None
Stop Bits
Flow Control
None
Connect the terminal to the console port using the serial cable.
2.
3.
Press Enter a few times on your terminal. Enter a password for access to the system.
31
Dynamically, from a BOOTP server on your network. See Using a BOOTP Server, page 32.
Note: Before you can use these methods for accessing Alteon, you need to enable Telnet and SSH
using a serial connection.
Note: If connecting to the management port, BOOTP is not supported. The port must be manually
configured with the proper IP address.
Running Telnet
You can access the CLI using a Telnet connection once the IP parameters are configured.
Run the Telnet program on your workstation and issue the Telnet command, followed by the
Alteon IP address:
telnet
2.
32
<IP address>
Note: Alteon can perform only one session of key/cipher generation at a time. As a result, an SSH/
SCP client cannot log in if Alteon is performing key generation at that time, or if another client has
just logged in before this client. Similarly, the system fails to perform the key generation if an SSH/
SCP client is logging in at that time.
The supported SSH encryption and authentication methods are:
Key ExchangeRSA
Encryption3DES-CBC, DES
Note: The Alteon implementation of SSH is based on SSH version 1.5, and supports SSH versions
1.5 through 1.x.xx, and version 2.
Running SSH
You can access the CLI using an SSH connection once the IP parameters are configured and the SSH
service is turned on.
Run the SSH program on your workstation by issuing the SSH command, followed by the
Alteon IP address.
33
Accessing Alteon
Alteon includes seven user access levels, or classes, to enable better management and user
accountability Each access level defines a set of management features and related screens relevant
for that access level. The following is an overview of the different access levels:
UserAllows only temporary changes. Users on this level cannot change anything but can
display information that has no security or privacy implications, such as statistics and current
operational state information.
OperatorAllows only temporary changes. These changes are lost when Alteon is rebooted/
reset. Operators have access to the management features used for daily operations. Because
any changes an operator makes are undone by resetting Alteon, operators cannot severely
impact operation.
Access levels are assigned unique user names and passwords. Once you are connected, you are
prompted to enter a password. Table 3 - User Access Levels, page 34 lists the default user names
and passwords for each access level.
Note: Radware recommends that you change default passwords after initial configuration and as
required by your network security policies.
User Account
Password
User
user
SLB Viewer
slbview
34
User Account
Password
SLB Operator
slboper
l1oper
Layer 2 Operator
l2oper
Layer 3 Operator
l3oper
Operator
oper
35
User Account
Password
SLB Administrator
slbadmin
l3admin
l4admin
36
User Account
Password
Administrator
Certificate Administrator
Note: With the exception of the Administrator, access to each user level can be disabled by setting
the password to an empty value. All user levels below Administrator by default are initially disabled
(empty password) until they are enabled by the Administrator user. This prevents inadvertently
leaving Alteon open to unauthorized users.
37
CLI Menu
Once the Administrator password is verified, you are given complete access. The following is the CLI
Main Menu with Administrator privileges:
[Main Menu]
info
stats
cfg
oper
boot
maint
diff
apply
save
revert
exit
Information Menu
Statistics Menu
Configuration Menu
Operations Command Menu
Boot Options Menu
Maintenance Menu
Show pending config changes [global command]
Apply pending config changes [global command]
Save updated config to FLASH [global command]
Revert pending or applied changes [global command]
Exit [global command, always available]
Note: If you are accessing a User account or Layer 4 Administrator account, some menu options
are not available.
Idle Timeout
By default, Alteon disconnects your console or Telnet session after five minutes of inactivity. This
function is controlled by the idle timeout parameter, which can be set from 1 to 10080 minutes. For
more information on changing this parameter, see /cfg/sys/syslog System Host Log Configuration,
page 246.
38
Note: Some features are not available for the user login.
Information Menu
Statistics Menu
Configuration Menu
Operations Command Menu
Boot Options Menu
Maintenance Menu
Show pending config changes [global command]
Apply pending config changes [global command]
Save updated config to FLASH [global command]
Revert pending or applied changes [global command]
Exit [global command, always available]
Menu Summary
Information MenuIncludes sub-menus for displaying information about the current system
status, including basic system settings, VLANs, Layer 4 settings, and more.
Statistics MenuIncludes sub-menus for displaying performance statistics. Includes: port, IF,
IP, ICMP, TCP, UDP, SNMP, routing, ARP, DNS, VRRP, and Layer 4 statistics.
39
Boot Options MenuUsed for upgrading the AlteonOS, selecting configuration blocks, and for
resetting Alteon when necessary.
Maintenance MenuUsed for debugging purposes, enabling you to generate a dump of critical
state information, and to clear entries in the forwarding database and the ARP and routing
tables.
Global Commands
Some basic commands are recognized throughout the menu hierarchy. These commands are used
for online help, navigating through menus, and for applying and saving configuration changes.
Command
Action
? <command>
Provides more information about a specific command on the current menu. When
used without the command parameter, a summary of the global commands
displays.
or
help
<command>
For example:
or
print
..
or
up
/
lines <n>
Sets the number of lines (n) that display on the screen at one time. The default is
24 lines. When used without a value, the current setting displays.
diff
apply <vadc>
save <vadc>
40
Command
Action
revert
exit or quit
ping
ping6
Identifies the route used for station-to-station connectivity across the network.
Syntax:
pwd
41
Command
Action
verbose <n>
2 (Verbose)Everything is shown.
telnet
history
pushd
Stores the current location of the menu tree. Optionally, a new path can be
specified. Syntax:
pushd [ <new_path> ]
popd
Takes you one level back to the menu location stored by the last pushd
command.
apply vadcs
Applies changes for all running vADCs with pending configurations. Only available
to the Global Administrator.
save vadcs
Saves active configurations of all running vADCs. Only available to the Global
Administrator.
Option
Description
history
!!
!n
Ctrl+P
Recalls the previous command from the history list. This can be used multiple
times to work backward through the last 10 commands. The recalled command
can be entered as is, or edited using the editing options listed in this table.
or
up arrow
Ctrl+N
or
Recalls the next command from the history list. This can be used multiple times to
work forward through the last 10 commands. The recalled command can be
entered as is, or edited using the editing options listed in this table.
down arrow
Ctrl+A
42
Option
Description
Ctrl+E
Ctrl+B
or
left arrow
key
Ctrl+F
or
right arrow
key
Backspace
or
Delete key
Ctrl+D
Ctrl+K
Kills (erases) all characters from the cursor position to the end of the command
line.
Ctrl+L
Ctrl+U
Other keys
Command Stacking
As a shortcut, you can type multiple levels in a menu hierarchy string on a single line, separated by
forward slashes (/). You can enter as many levels as required to access the menu option that you
want.
For example, the keyboard shortcut to access the Spanning Tree Port Configuration menu from the
Main# prompt is:
Main# cfg/12/stg/port
43
Command Abbreviation
Most commands can be abbreviated by entering the first characters which distinguish the command
from the others in the same menu or sub-menu.
For example, the command shown in Command Stacking, page 43 could also be entered as:
Main# c/12/st/p
Tab Completion
By entering the first letter of a command at any menu prompt and pressing the Tab key, the CLI
displays all commands or options in that menu that begin with that letter. Entering additional letters
further refines the list of commands or options displayed. If only one command fits the input text
when Tab is pressed, that command displays on the command line, waiting to be entered. If you
press the Tab key without any input on the command line, the currently active menu displays.
Configuration Ranges
Most commands support configuration ranges. Configuration ranges allow you to set common
parameters on a range of similar items such as ports or VLANs.
For example, the following command enables the real servers numbered from 1 to 10:
Main# /cfg/bwm/cont
Main# /cfg/bwm/policy
Main# /cfg/bwm/group
Main# /cfg/l2/stg
Main# /cfg/l2/trunk
Main# /cfg/l2/vlan
Main# cfg/l2/team
Main# /cfg/l3/if
Main# /cfg/l3/gw
Main# /cfg/l3/nwf
Main# /cfg/l3/rmap
Main# /cfg/l3/vrrp/vr
Main# /cfg/l3/vrrp/vrgroup
Main# /cfg/sec/pgroup
Main# /cfg/slb/real
Main# /cfg/slb/group
Main# /cfg/slb/virt
Main# /cfg/slb/filt
Main# /oper/slb/group
Main# /stat/s
44
/info
Information Menu
The following is an example of the Information menu and an explanation of the Information menu
options.
Menu]
- System Information Menu
- Layer 2 Information Menu
- Layer 3 Information Menu
- Layer 4-7 Information Menu
- Bandwidth Management Information Menu
- Security Information Menu
- Show link status
- Show port information
- Show enabled software features
- Dump all information
l2
Displays the Layer 2 Information menu. To view this menu, see /info/l2 Layer 2
Information Menu, page 68.
45
slb
Displays the Layer 4 Information menu. This menu only appears on the vADC
Administration menu. To view this menu in ADC-VX mode, see /info/slb Layer 4
Information Menu, page 105.
bwm
Displays the Bandwidth Management Information menu. This menu only appears
on the vADC Administration menu. To view this menu in ADC-VX mode, see /info/
bwm Bandwidth Management Information Menu, page 113.
security
Displays the Security Information menu, from which you can access the current
UDP blast settings and the security status of the port. This menu only appears on
the vADC Administration menu. To view this menu in ADC-VX mode, see /info/
security Security Information, page 116.
link
This command only appears in the Global Administrator environment in ADC-VX
mode.
Displays configuration information about each port, including:
Port number
For sample output, see /info/link Link Status Information, page 117.
Port number
Port name
VLAN membership
46
swkey
Displays a list of all the optional software packages that have been activated or
installed. For sample output, see /info/swkey Software Enabled Keys, page 118.
dump
Dumps all information available from the Information menu (the dump output
may be 10K or more, depending on your configuration).
If you want to capture dump data to a file, set your communication software on
your workstation to capture session data prior to issuing the dump command. For
sample output, see /info/dump Information Dump, page 119.
/info/sys
47
IP address of IP interface #1
Configuration name.
ps
Displays the power supply status.
fan
Displays the fan status.
temp
Displays the temperature status of the Alteon sensors.
sslchip
Displays the SSL chip information.
time
Displays the current time.
log
Displays last 64 syslog messages. For sample output and a description of these
statistics, see /info/sys/log Show Last 64 Syslog Messages, page 57.
slog
Displays the last 64 syslog messages that are saved in flash. For sample output
and a description of these statistics, see /info/sys/slog Last 64 Saved Syslog
Messages, page 58.
mgmt
Displays management port information. For sample output and a description of
these statistics, see /info/sys/mgmt Management Port Information, page 58.
48
encrypt
Displays the current encryption licenses.
user
Displays the current user names.
dump
Displays all system information. For sample output and a description of these
statistics, see /info/sys/dump System Information Dump, page 67.
/info/sys/snmpv3
Access control
For more details on the SNMPv3 architecture, refer to RFC 2271 to RFC 2276.
49
access
Displays view-based access control information. For sample output and a
description of these statistics, see /info/sys/snmpv3/access SNMPv3 Access Table
Information, page 51.
group
Displays information about the group that includes the security model, user
name, and group name. For sample output and a description of these statistics,
see /info/sys/snmpv3/group SNMPv3 Group Table Information, page 52.
comm
Displays the Community table information. For sample output and a description of
these statistics, see /info/sys/snmpv3/comm SNMPv3 Community Table
Information, page 52.
taddr
Displays the target address table information. For sample output and a
description of these statistics, see /info/sys/snmpv3/taddr SNMPv3 Target
Address Table Information, page 53.
tparam
Displays the Target Parameters table information. For sample output and a
description of these statistics, see /info/sys/snmpv3/tparam SNMPv3 Target
Parameters Table Information, page 53.
notify
Displays the Notify table information. For sample output and a description of
these statistics, see /info/sys/snmpv3/notify SNMPv3 Notify Table Information,
page 54.
dump
Displays all the SNMPv3 information. To view a sample, see /info/sys/snmpv3/
dump SNMPv3 Dump Information, page 55.
/info/sys/snmpv3/usm
A security name in the form of a string whose format is independent of the security model.
An authentication protocol, which is an indication that the messages sent on behalf of the user
can be authenticated.
50
Field
Description
Engine ID
The SNMPv3 Engine ID lets network managers define the SNMP Engine ID and to
assign the default parameters to SNMP.
The field value is a hexadecimal string. Each byte in hexadecimal character
strings is two hexadecimal digits. Each byte digit can be separated by a period (.)
or a colon (:).
User Name
This is a string that represents the name of the user that you can use to access
Alteon.
Protocol
This indicates whether messages sent on behalf of this user are protected from
disclosure using a privacy protocol. Alteon supports DES algorithm for privacy.
Alteon also supports two authentication algorithms: HMAC-MD5 and HMAC-SHA.
/info/sys/snmpv3/view
View Name
--------------org
viv2only
viv2only
viv2only
viv2only
Subtree
-----------------1.3
1.3
1.3.6.1.6.3.15
1.3.6.1.6.3.16
1.3.6.1.6.3.18
Mask
-----------
Type
---------included
included
excluded
excluded
excluded
Field
Description
View Name
Subtree
The MIB sub-tree as an OID string. A view sub-tree is the set of all MIB object
instances which have a common Object Identifier prefix to their names.
Mask
Type
Indicates if a family of view sub-trees is included or excluded from the MIB view.
/info/sys/snmpv3/access
The read-view represents the set of object instances authorized for the group while reading the
objects.
The write-view represents the set of object instances authorized for the group when writing
objects.
The notify-view represents the set of object instances authorized for the group when sending a
notification.
51
Group Name
---------v1v2grp
admingrp
Prefix
------
Model
----snmpv1
usm
Level
-----------noAuthNopriv
authPriv
Match
----exact
exact
ReadV
----iso
iso
WriteV
-----iso
iso
NotifyV
------v1v2only
iso
Field
Description
Group Name
Prefix
Model
Level
Match
ReadV
The MIB view to which this entry authorizes the read access.
WriteV
The MIB view to which this entry authorizes the write access.
NotifyV
The notify view to which this entry authorizes the notify access.
/info/sys/snmpv3/group
Sec Model
-----------snmpv1
usm
usm
User Name
----------------------------------vlv2only
adminmd5
adminsha
Group Name
----------v1v2grp
admingrp
admingrp
Field
Sec Model
Description
The security model.
Values: USM, SNMPv1, SNMPv2, SNMPv3
User Name
Group Name
/info/sys/snmpv3/comm
Index
Name
User Name
Tag
---------- ---------- -------------------- ---------trap1
public
v1v2only
v1v2trap
52
Field
Description
Index
Name
User Name
Tag
The community tag. This tag specifies a set of transport endpoints from which a
command responder application accepts management requests, and to which a
command responder application sends an SNMP trap.
/info/sys/snmpv3/taddr
Name
Transport Addr Port Taglist
Params
---------- --------------- ---- ---------- --------------trap1
47.81.25.66
162 v1v2trap
v1v2param
Field
Description
Name
The locally arbitrary, but unique, identifier associated with this SNMP Target
Address entry.
Transport Addr
Port
Taglist
The list of tag values used to select target addresses for a particular SNMP
message.
Params
/info/sys/snmpv3/tparam
User Name
-----------v1v2only
Sec Model
--------snmpv1
Sec Level
--------noAuthNoPriv
Field
Description
Name
The locally arbitrary, but unique, identifier associated with this SNMP Target
Parameters entry.
MP Model
The Message Processing Model used when generating SNMP messages for this
entry.
53
Field
Description
User Name
The security name that identifies the entry on whose behalf SNMP messages are
generated using this entry.
Sec Model
The security model used when generating SNMP messages using this entry. The
system may return an inconsistentValue error if an attempt is made to set this
variable to a value for a security model that the system does not support.
Sec Level
The level of security used when generating SNMP messages using this entry.
/info/sys/snmpv3/notify
Field
Description
Name
The locally arbitrary, but unique, identifier associated with this SNMP Notify entry.
Tag
This represents a single tag value used to select entries in the SNMP Target
Address table. Any entry in the SNMP Target Address table that contains a tag
value equal to the value of this entry is selected. If this entry contains a value of
zero length, no entries are selected.
54
/info/sys/snmpv3/dump
Protocol
-------------------------------HMAC_MD5, DES PRIVACY
HMAC_SHA, DES PRIVACY
NO AUTH, NO PRIVACY
vacmAccess Table:
Group Name Prefix Model
Level
Match ReadV
WriteV
---------- ------ ------- ------------ ------ ---------- -------v1v2grp
snmpv1 noAuthNoPriv exact iso
iso
admingrp
usm
authPriv exact iso
iso
vacmViewTreeFamily Table:
View Name
Subtree
-------------------- -----------------------------iso
1
v1v2only
1
v1v2only
1.3.6.1.6.3.15
v1v2only
1.3.6.1.6.3.16
v1v2only
1.3.6.1.6.3.18
vacmSecurityToGroup Table:
Sec Model User Name
---------- ------------------------------snmpv1
v1v2only
usm
adminmd5
usm
adminsha
NotifyV
-----v1v2only
iso
Mask
Type
------------ ---included
included
excluded
excluded
excluded
Group Name
-----------------------------v1v2grp
admingrp
admingrp
snmpCommunity Table:
Index
Name
User Name
Tag
---------- ---------- -------------------- ---------snmpNotify Table:
Name
Tag
-------------------- -------------------snmpTargetAddr Table:
Name
Transport Addr Port Taglist
Params
---------- --------------- ---- ---------- --------------snmpTargetParams Table:
Name
MP Model User Name
Sec Model Sec Level
-------------------- -------- -------------------- --------- ---------
55
/info/sys/general
:
:
:
:
00:03:b2:53:89:00
MEKX-MB-DBS-BP | C.08
MEKX-E4SFP | B.02
31001817
vADC
Last
Last
Last
56
MAC Address
:
00:03:b2:81:78:01
Software Version 28.1.0.0 (FLASH image1), active configuration.
Note: The temperature displays only if the temperature of any of the sensors exceeds the anomaly
threshold of the platform. The software sends a warning message if any of the sensors exceed this
temperature threshold. Alteon shuts down if the power supply overheats and the temperature gets
to the critical temperature of the platform. Information about fan failures also displays if one or
more fans are not functioning. For more information on fan failure, see the Radware Alteon
Installation and Maintenance Guide.
/info/sys/time
/info/sys/log
One of the following prefixes is used, depending on the condition that the administrator is notified
of:
57
Note: When you apply configuration changes on a peer vADC, a syslog message is sent to the
primary vADC indicating the success or failure of the apply. For example:
/info/sys/slog
ALERT
/info/sys/mgmt
Link
---up
255.255.255.0
/64
192.168.0.255
58
/info/sys/capacity
Current(Enabled)
RESOURCES
Capacity Units
vADC
28
28
3
2(2)
LAYER 2
VLANs
Static Trunk Groups
LACP Trunk Groups
Trunks per Trunk Group
Spanning Tree Groups
Port Teams
Monitor Ports
2048
12
28
8
16
8
1
4(4)
0(0)
GENERAL
Syslog hosts
RADIUS servers
TACACS+ servers
SMTP hosts
Mnet/Mmask
End Users
Panic Dumps
RAM(GB)
Hard Disk(GB)
Cache Usage(MB)
5
2
2
1
128
10
2
16
160
266
0
0
0
0
0
SNMPv3
SNMPv3
SNMPv3
SNMPv3
SNMPv3
16
128
32
16
16
Users
Views
Access Groups
Target Address Entries
Target Params Entries
16(1)
8(0)
24
0
3
5
2
0
0
59
Current(Enabled)
LAYER 2
FDB
FDB per SP
16384
8192
LAYER 3
IP Interfaces
IP Gateways
IP Routes
Static Routes
ARP Entries
Static ARP Entries
Local Nets
DNS Servers
BOOTP Servers
256
4+255
4096
128
8192
128
15
2
2
0(0)
0+0(0+0)
3
0
1
0
0
0
0
RIP Interfaces
256
OSPF
OSPF
OSPF
OSPF
OSPF
LSDB
256
3
16
3
128
12288
0(0)
0(0)
0(0)
0(0)
0(0)
BGP Peers
BGP Route Aggregators
16
16
0(0)
0(0)
Route Maps
Network Filters
AS Filters
32
256
8
0(0)
0(0)
VRRP Routers
VRRP Router Groups
VRRP Interfaces
1024
16
256
0(0)
0(0)
0
1024
1024
1024
1024
8192
1024
0(0)
0
0(0)
Network Classes
Network Elements
1024
8192
0
0
CONTENT
Content
Content
Content
Content
4096
128
1024
8192
0(0)
60
Interfaces
Areas
Summary Ranges
Virtual Links
Hosts
Limit
CLASS
Rules
Rules per virtual service
Classes
lookup entries
72
0(0)
0(0)
(continued)
Real IDS Servers
IDS Server Groups
62
63
APPLICATION SERVICES
Compression Policies
Compression URL Exception Rule-lists
Compression Browser Exception Rule-lists
Compression URL Rules
Compression Browser Rules
FastView Policies
Caching Rule-lists
Caching Rules
Rules per URL or Browser Rule list
SSL Policies
Client Authentication Policies
HTTP Modification Rule-lists
Rules per HTTP mod Rule-list
HTTP Modification Rules
AppShape++ scripts
AppShape++ scripts per virtual service
49
49
50
500
500
49
49
500
500
49
49
1024
128
250
49
16
0(0)
0(0)
1(1)
0(0)
12(12)
2(0)
0(0)
0(0)
Keys
Certifiate signing requests
Server certificates
Trusted CA certificates
Intermediate CA certificates
Certificate Groups
99
49
99
24
24
128
0
0
0
0
0
0
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
1024
8192
1024
1024
64
2
1024
8
128
8
10240
0(0)
0(0)
0(0)
0(0)
0(0)
2(2)
0(0)
8(8)
0(1)
8(8)
10240(10240)
2048
100
1024
1024
13999909
64
64
8
0(0)
2(1)
0(0)
0(0)
0(0)
0(0)
CERTIFICATE REPOSITORY
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
Domains
Services
Local Servers
Remote Servers
Remote Sites
Failovers per Remote Site
Networks
Geographical Regions
Rules
Metrics Per Rule
DNS Persistence Cache Entries
Filters
SIP UDP Rules Limit
PIPs
Rules for URL Parsing
SLB Sessions
Number of Rports to Vport
Domain Records
Mapping Per Domain Record
0
1
0
1(1)
61
(continued)
LinkLB
N/A
LAYER 4 - PORTS
Port # Client Server
Filter
RTS
BWM
Policies
Contracts
Groups
Contracts per Group
Time Policies per Contract
512
1024
32
8
2
Security
Configuration source IP ACLs
Bogon source IP ACLs
Operations source IP ACLs
Total source IP ACLs
Configuration destination IP ACLs
Operations destination IP ACLs
Total destination IP ACLs
IP DoS attacks prevention
TCP DoS attacks prevention
UDP DoS attacks prevention
ICMP DoS attacks prevention
IGMP DoS attacks prevention
ARP DoS attacks prevention
IPv6 DoS attacks prevention
Total DoS attacks prevention
UDP ports for UDP blast protection
N/A
5120
8192
1024
14340
1024
1024
2052
17
18
6
5
3
5
2
56
5000
GENERAL
Syslog hosts
RADIUS servers
TACACS+ servers
NTP servers
SMTP hosts
Mnet/Mmask
End Users
Panic Dumps
RAM(GB)
Hard Disk(GB)
Cache Usage(MB)
OCSP Cache Entries
5
2
2
2
1
128
11
2
16
160
N/A
50
0
0
0
0
0
0
SNMPv3
SNMPv3
SNMPv3
SNMPv3
SNMPv3
16
128
32
16
16
3
5
2
0
0
62
Users
Views
Access Groups
Target Address Entries
Target Params Entries
0
3(3)
0
0
0
0
0
0
0
0
27
N/A
Current(Enabled)
LAYER 2
FDB
FDB per SP
VLANs
Static Trunk Groups
LACP Trunk Groups
Trunks per Trunk Group
Spanning Tree Groups
Port Teams
Monitor Ports
16384
8192
2048
12
28
8
16
8
1
LAYER 3
IP Interfaces
IP Gateways
IP Routes
Static Routes
ARP Entries
Static ARP Entries
Local Nets
DNS Servers
BOOTP Servers
256
4+255
4096
128
8192
128
15
2
2
0(0)
0+0(0+0)
3
0
1
0
0
0
0
RIP Interfaces
256
OSPF
OSPF
OSPF
OSPF
OSPF
LSDB
256
3
16
3
128
12288
0(0)
0(0)
0(0)
0(0)
0(0)
BGP Peers
BGP Route Aggregators
16
16
0(0)
0(0)
Route Maps
Network Filters
AS Filters
32
256
8
0(0)
0(0)
VRRP Routers
VRRP Router Groups
VRRP Interfaces
1024
16
256
0(0)
0(0)
0
1024
1024
1024
1024
8192
1024
0(0)
0
0(0)
Network Classes
Network Elements
1024
8192
0
0
Interfaces
Areas
Summary Ranges
Virtual Links
Hosts
Limit
1(1)
0(0)
16(1)
8(0)
72
63
(continued)
CONTENT CLASS
Content Rules
Content Rules per virtual service
Content Classes
Content lookup entries
Real IDS Servers
IDS Server Groups
4096
128
512
8192
62
63
0(0)
APPLICATION SERVICES
Compression Policies
Compression URL Exception Rule-lists
Compression Browser Exception Rule-lists
Compression URL Rules
Compression Browser Rules
FastView Policies
Caching Rule-lists
Caching Rules
Rules per URL or Browser Rule list
SSL Policies
Client Authentication Policies
HTTP Modification Rule-lists
Rules per HTTP mod Rule-list
HTTP Modification Rules
AppShape++ scripts
AppShape++ scripts per virtual service
49
49
50
500
500
49
49
500
500
49
49
1024
128
250
49
16
0(0)
0(0)
1(1)
0(0)
12(12)
2(0)
0(0)
0(0)
Keys
Certifiate signing requests
Server certificates
Trusted CA certificates
Intermediate CA certificates
Certificate Groups
99
49
99
24
24
128
0
0
0
0
0
0
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
Global
N/A
1024
8192
1024
1024
64
2
1024
8
128
8
10240
0(0)
0(0)
0(0)
0(0)
0(0)
2(2)
0(0)
8(8)
0(1)
8(8)
10240(10240)
0(0)
0(0)
2(1)
0(0)
0(0)
0(0)
0(0)
CERTIFICATE REPOSITORY
64
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
SLB
Domains
Services
Local Servers
Remote Servers
Remote Sites
Failovers per Remote Site
Networks
Geographical Regions
Rules
Metrics Per Rule
DNS Persistence Cache Entries
(continued)
Filters
SIP UDP Rules Limit
PIPs
Rules for URL Parsing
SLB Sessions
Number of Rports to Vport
Domain Records
Mapping Per Domain Record
2048
100
1024
1024
13999909
64
64
8
LinkLB
N/A
LAYER 4 - PORTS
Port # Client Server
Filter
0(0)
0
1
0
1(1)
RTS
BWM
Policies
Contracts
Groups
Contracts per Group
Time Policies per Contract
512
1024
32
8
2
Security
Configuration source IP ACLs
Bogon source IP ACLs
Operations source IP ACLs
Total source IP ACLs
Configuration destination IP ACLs
Operations destination IP ACLs
Total destination IP ACLs
IP DoS attacks prevention
TCP DoS attacks prevention
UDP DoS attacks prevention
ICMP DoS attacks prevention
IGMP DoS attacks prevention
ARP DoS attacks prevention
IPv6 DoS attacks prevention
Total DoS attacks prevention
UDP ports for UDP blast protection
N/A
5120
8192
1024
14340
1024
1024
2052
17
18
6
5
3
5
2
56
5000
GENERAL
Syslog hosts
RADIUS servers
TACACS+ servers
NTP servers
SMTP hosts
Mnet/Mmask
End Users
Panic Dumps
RAM(GB)
Hard Disk(GB)
Cache Usage(MB)
OCSP Cache Entries
5
2
2
2
1
128
11
2
16
160
N/A
50
0
3(3)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
27
N/A
65
/info/sys/fan
/info/sys/temp
/info/sys/encrypt
/info/sys/user
enabled
disabled
disabled
disabled
disabled
disabled
disabled
Always Enabled
66
/info/sys/dump
:
:
:
:
00:03:b2:81:ab:00
MEKX-MB-DBS-BP | C.08
MEKX-E4SFP | B.02
31001072
255.255.0.0
172.2.255.255
Gateway information:
172.2.1.254
67
/info/vadc
Note:
In hot standby redundancy configurations, VRRP status options are MASTER, BACKUP and INIT.
In active-standby redundancy configurations, VRRP status options are ACTIVE, STANDBY and
INIT.
Name/IP
-----------10.203.115.5
10.203.115.1
10.203.115.2
10.203.115.3
10.203.115.4
vADC
---1
2
3
4
5
Name/IP
-----------10.203.115.5
10.203.115.1
10.203.115.2
10.203.115.3
10.203.115.4
Status
------------ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
Status
------------ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
ENA(RUNNING)
CUs
--4
1
3
2
2
VRRP
Status
-----NONE
NONE
NONE
NONE
NONE
Max SSL
(CPS)
------1400
1400
1400
1400
1400
Max thrput
(Mbps)
---------500
200
200
1000
1200
SSL
limit
----50
50
0
0
0
limit
Ave.SP%
----200
200
200
200
200
------2
2
2
2
2
Max Comp.
(MB)
---------50
50
50
50
50
Comp.limit
---------0
0
100
0
0
/info/l2
68
Link
Show
Show
Show
Show
Show
Dump
lacp
Displays Link Aggregation Control Protocol Information menu. For sample output
and a description of these statistics, see /info/l2/lacp Link Aggregation Control
Protocol Information Menu, page 71.
Priority
Hello interval
Forwarding delay
Aging time
Cost
State
cist
Display the CIST information.
trunk
When trunk groups are configured, you can view the state of each port in the
various trunk groups. For sample output and a description of these statistics, see
/info/l2/trunk Trunk Group Information, page 78.
69
VLAN Number
VLAN Name
Status
For sample output and a description of these statistics, see /info/l2/vlan VLAN
Information, page 78.
team
Show port team information.
dump
Displays all Layer 2 information.
/info/l2/fdb
Note: The master forwarding database supports up to 16K MAC address entries on the MP per
Alteon. Each SP supports up to 8K entries.
70
dump
Displays all entries in the forwarding database. For sample output and a
description of these statistics, see /info/l2/fdb/dump Show All FDB Information,
page 71.
/info/l2/fdb/dump
VLAN
Port
Trunk
Age State
------------00:0c:29:07:80:d3
00:11:0a:ea:ea:f3
00:14:5e:33:99:e8
---130
130
130
----
----1
1
1
--- ----TRK
TRK
TRK
Referenced
SPs
---------2
1 2
1 2
Learned Referenced
Port
ports
------- ----24
24
9
An address that is in the forwarding (FWD) state means that it has been learned by Alteon.
When in the trunking (TRK) state, the port field represents the trunk group number.
If the state for the port is listed as unknown (UNK), the MAC address has not yet been learned
by Alteon, but has only been seen as a destination address. When an address is in the unknown
state, no outbound port is indicated, although ports which reference the address as a destination
are listed under Reference ports.
If the state for the port is listed as an interface (IF), the MAC address is for a standard VRRP
virtual router.
If the state is listed as a virtual server (VIP), the MAC address is for a virtual server router, a
virtual router with the same IP address as a virtual server.
/info/l2/lacp
[LACP Menu]
aggr
port
dump
71
Table 19: Link Aggregation Control Protocol Information Menu Options (/info/l2/lacp)
dump
Displays LACP information of all the ports. Use this dump to verify the state of
ports in an LACP trunk group. For sample output and a description of these
statistics, see /info/l2/lacp/dump LACP Dump Information, page 74.
/info/l2/lacp/aggr
Aggregator Id 1
---------------------------------------------MAC address
- 00:01:81:2e:a1:d1
Actor System Priority
- 32768
Actor System ID
- 00:01:81:2e:a1:b0
Individual
- FALSE
Actor Admin Key
- 300
Actor Oper Key
- 300
Partner System Priority - 32768
Partner System ID
- 00:0d:29:e3:4a:00
Partner Oper Key
- 1
ready
- TRUE
Number of Ports in aggr - 10
index 0
port 1
index 1
port 2
index 2
port 3
index 3
port 4
index 4
port 5
index 5
port 6
index 6
port 7
index 7
port 8
index 8
port 9
index 9
port 10
72
- FALSE
- FALSE
Actor
Actor
Actor
Actor
Actor
Actor
System ID
System Priority
Admin Key
Oper Key
Port Number
Port Priority
00:14:0e:f5:f2:00
32768
1
1
1
32768
Timeout:
Collecting:
Expired:
Long
FALSE
FALSE
Aggregation:
Distributing:
FALSE
FALSE
FALSE
FALSE
- LACP_RX_INIT_STATE
- LACP_MUX_DETACHED_STATE
- LACP_PERIODIC_NO_STATE
73
/info/l2/lacp/dump
attached trunk
aggr
-----------------------------------------------------------------------1
off
1
1
n
32768
--2
off
2
2
n
32768
--3
off
3
3
n
32768
--4
off
4
4
n
32768
--5
off
5
5
n
32768
--6
off
6
6
n
32768
--7
off
7
7
n
32768
--8
off
8
8
n
32768
--9
off
9
9
n
32768
--10
off
10
10
n
32768
--11
off
11
11
n
32768
--12
off
12
12
n
32768
--13
off
13
13
n
32768
--14
off
14
14
n
32768
--15
off
15
15
n
32768
--16
off
16
16
n
32768
--17
off
17
17
n
32768
--18
off
18
18
n
32768
--19
off
19
19
n
32768
--20
off
20
20
n
32768
--21
off
21
21
n
32768
--22
off
22
22
n
32768
--23
off
23
23
n
32768
--24
off
24
24
n
32768
--25
off
25
25
n
32768
--26
off
26
26
n
32768
--27
off
27
27
n
32768
--28
off
28
28
n
32768
---
74
lacp
adminkey
operkey
selected
prio
/info/l2/stg
Priority
32768
Path-Cost
5
Hello
2
Port
Priority
Cost
------ ----------1
128
1!
2
128
5!
3
128
0!
4
128
0!
5
128
0!
6
128
0!
7
128
0!
8
128
0!
9
128
0!
10
128
0!
11
128
0!
12
128
0!
13
128
0!
14
128
0!
15
128
0!
16
128
0!
! = Automatic path cost.
MaxAge
20
Aging
300
State
Designated Bridge
Des Port
---------- ---------------------- -------BLOCKING
8064-00:19:aa:cb:71:80
800b
FORWARDING
8000-00:03:b2:52:21:00
8002
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
Priority
Hello interval
Forwarding delay
Aging time
75
Cost
State
Designated Bridge
Designated Port
Parameter
Description
Priority (bridge) Controls which bridge on the network becomes the STP root bridge.
Hello
Specifies, in seconds, how often the root bridge transmits a configuration bridge
protocol data unit (BPDU). Any bridge that is not the root bridge uses the root
bridge hello value.
MaxAge
Specifies, in seconds, the maximum time the bridge waits without receiving a
configuration bridge protocol data unit before it re-configures the STP network.
FwdDel
Specifies, in seconds, the time that a bridge port has to wait before it changes
from learning state to forwarding state.
Aging
Specifies, in seconds, the time the bridge waits without receiving a packet from a
station before removing the station from the forwarding database.
priority (port)
Helps determine which bridge port becomes the designated port. In a network
topology that has multiple bridge ports connected to a single segment, the port
with the lowest port priority becomes the designated port for the segment.
Cost
Helps determine the designated port for a segment. As a rule, the faster the port,
the lower the path cost. A setting of 0 indicates that the cost is set to the
appropriate default after the link speed has been auto negotiated.
State
Designated
Bridge
BLOCKING
LISTENING
LEARNING
FORWARDING
DISABLED
The designated bridge resides closest to the root bridge and is responsible for
forwarding packets from LAN towards the root bridge. This bridge displays as a
character string starting with the bridge priority (1 through 65535) followed by a
hyphen and six-byte Alteon MAC address.
Designated port Identifies a physical port. This is a number that is the numerical sum of the bridge
priority and the actual physical port number. For example, a physical port number
4 with bridge priority 32768 displays as 32678+4=32772.
76
/info/l2/cist
1 4-4094
Current Root:
Path-Cost
8000 00:01:81:2e:bc:50
0
77
/info/l2/trunk
Note: If STP on any port in the trunk group is set to forwarding, the remaining ports in the trunk
group are also set to forwarding.
/info/l2/vlan
VLAN Information
>> Main# /info/l2/vlan
VLAN
Name
VADCs
Status BWC Learn Shared Port
---- ---------------------- --------------- ------ ----- ---- ----- ------ --1
Default VLAN
ena
1024
ena
dis
3-15
10
VLAN 10
1
ena
1024
ena
ena
1
20
VLAN 20
1
ena
1024
ena
ena
2
100
VLAN 100
dis
1024
ena
dis
empt
220
VLAN 220
ena
1024
ena
ena
16
This information display includes all configured VLANs and all member ports that have an active link
state. Port membership is represented in slot/port format.
VLAN information includes:
VLAN number
VLAN name
Status
/info/l2/team
78
/info/l2/dump
Priority
32768
Hello
2
Port
Priority
Cost
------ ----------1
128
1!
2
128
5!
3
128
0!
4
128
0!
5
128
0!
6
128
0!
7
128
0!
8
128
0!
9
128
0!
10
128
0!
11
128
0!
12
128
0!
13
128
0!
14
128
0!
15
128
0!
16
128
0!
! = Automatic path cost.
MaxAge
20
State
---------FORWARDING
FORWARDING
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
FwdDel
15
Aging
300
Designated Bridge
Des Port
---------------------- -------8000-00:03:b2:53:89:00
8001
8000-00:03:b2:53:89:00
8002
Name
---------------------Default VLAN
VLAN 10
VLAN 20
VLAN 100
VLAN 220
VADCs
Status Learn Shared Ports
------------ ------ ---- ----- ------ ----ena
ena
dis 3-15
1
ena
ena
ena 1
1
ena
ena
ena 2
dis
ena
dis empty
ena
ena
ena 16
79
/info/l3
[Layer 3 Menu]
route
route6
arp
nbrcache bgp
ospf
ospfv3
rip
rsync
ip
vrrp
dump
-
Type of route
Metric for RIP tagged routes, specifying the number of hops to the destination (1
through 15 hops, or 16 for infinite hops)
route6
Displays the IPv6 Routing Information menu. To view this menu, see /info/l3/route6 IPv6
Routing Information Menu, page 83.
arp
Displays the Address Resolution Protocol (ARP) Information menu. To view this menu,
see /info/l3/arp ARP Information Menu, page 84.
nbrcache
Displays the IPv6 Neighbor Cache menu. To view this menu, see /info/l3/nbrcache IPv6
Neighbor Cache Information Menu, page 87.
bgp
Displays the BGP Information menu. To view this menu, see /info/l3/bgp BGP
Information Menu, page 89.
ospf
Displays the OSPF Information menu. For details, see /info/l3/ospf OSPF Information
Menu, page 91.
80
ip
Displays IP Information. For sample output, see /info/l3/ip IP Information, page 102.
IP information, includes:
Port status
vrrp
Displays the VRRP Information menu. For sample output, see /info/l3/vrrp VRRP
Information, page 103.
dump
Displays all Layer 3 information.
/info/l3/route
IP Routing Menu
This is only available in the vADC Administrator environment in ADC-VX mode.
Using these commands, you can display all or a portion of the IP routes currently held in Alteon.
type indirect|direct|local|broadcast|martian|multicast
Displays routes of a single type. For a description of IP routing types, see Type
Parameters, page 82.
81
dump
Displays all routes configured in Alteon. For more information, see /info/l3/route/dump
Show All IP Route Information, page 82.
/info/l3/route/dump
Gateway
--------------0.0.0.0
0.0.0.0
255.255.255.255
Type
--------martian
martian
broadcast
Tag
Metr If
--------- ---- -martian
martian
broadcast
Parameter
Description
indirect
The next hop to the host or subnet destination are forwarded through a router at
the gateway address.
direct
local
broadcast
martian
The destination belongs to a host or subnet which is filtered out. Packets to this
destination are discarded.
Parameter
Description
fixed
static
addr
rip
ospf
bgp
The address was learned via the Border Gateway Protocol (BGP)
82
Parameter
Description
broadcast
martian
multicast
vip
Indicates a route destination that is a virtual server IP address. VIP routes are
needed to advertise virtual server IP addresses via BGP.
/info/l3/route6
83
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
If:1
Proto:
STATIC
LOCAL
LOCAL
STATIC
LOCAL
STATIC
STATIC
STATIC
STATIC
STATIC
/info/l3/arp
84
mgmt
Displays the ARP entries for the management port.
Example display:
IP address
--------------10.203.153.106
10.203.1.1
10.203.100.130
10.203.153.105
Flags
----C
C
C
C
MAC address
----------------00:50:56:aa:52:cd
00:24:f7:7e:d9:40
00:50:56:aa:52:98
00:50:56:aa:52:cf
dump
Displays all ARP entries, including:
Address status flag (see the description in the help entry in this table)
The ports which have referenced the address (empty, if no port has routed traffic
to the IP address shown)
For more information, see /info/l3/arp/dump Show All ARP Entry Information,
page 86.
85
Flags
PPermanent ARP entry (not obtained via an ARP request), for example: IP
interface and VIP
RIndirect ARP (cache) entry for IP address reachable via indirect routes
(static/dynamic)
uUnresolved ARP entry. The MAC address has not been learned.
addr
Displays the ARP address list: IP address, IP mask, MAC address, and VLAN flags.
/info/l3/arp/refpt
Referenced SPs
---------------1-4
1-4
1-4
/info/l3/arp/dump
IP address
Flags
MAC address
VLAN Port
Shared
--------------- ----- ----------------- ---- ------ -----10.237.25.66
P
00:14:0e:f5:f2:00
6
DIS
10.239.232.66
P
00:14:0e:f5:f2:00
6
DIS
10.239.232.100
P 4 00:14:0e:f5:f2:01
DIS
Referenced SPs
----------------1-4
1-4
1-4
Referenced ports are the ports that request an ARP entry. As a result, the traffic coming into the
referenced ports contains the destination IP address. From the ARP entry (the referenced ports),
this traffic needs to be forwarded to the egress port (port 6 as shown in the above example).
Note: If you have VMA turned on, the referenced port is the designated port. If you have VMA
turned off, the designated port is the normal ingress port.
86
Flag
Description
P4
Permanent entry created for Layer 4 proxy IP address or virtual server IP address.
Unresolved ARP entry. The MAC address has not been learned.
/info/l3/arp/addr
IP address
IP mask
MAC address
--------------- --------------- ----------------192.168.130.45 255.255.255.255 00:01:81:2e:bc:5e
192.168.130.150 255.255.255.255 00:01:81:2e:bc:50
VLAN Flags
---- ----D
130
/info/l3/nbrcache
summary
Displays a summary of IPv6 neighbor cache entries.
87
Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor such as:
MAC Address
Reachability state (see Table 29 - Neighbor Cache Reachability States, page 88)
Neighbor type (see Table 30 - Neighbor Cache Neighbor Types, page 88)
VLAN
Ingress port
A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.
State
Description
Incomplete
The link layer address of the neighbor has not yet been determined.
Reachable
Stale
The neighbor is no longer known to be reachable, but until traffic is sent to the
neighbor, no attempt should be made to verify its reachability.
Delay
The neighbor is no longer known to be reachable, and traffic has recently been
sent to the neighbor.
Probe
Type
Description
Local
Dynamic
88
/info/l3/bgp
[BGP Menu]
peer
- Show all BGP peers
summary - Show all BGP peers in summary
dump
- Show BGP routing table
summary
Displays peer summary information such as Autonomous System (AS), message
received, message sent, up/down, and state. For sample output, see /info/l3/bgp/
summary BGP Summary information, page 90.
dump
Displays the BGP routing table. For sample output, see /info/l3/bgp/dump Dump BGP
Information, page 90.
89
/info/l3/bgp/peer
/info/l3/bgp/summary
MsgRcvd
-------113
0
MsgSent
-------121
0
Up/Down
--------00:00:28
never
State
-----------established
connect
/info/l3/bgp/dump
90
i - internal
Metr
LcPrf Wght
----------- ---1
256
1
1
1
128
128
256
Path
-----------147 148 i
0 i
147 i
147 i
256 147 {35} ?
/info/l3/ospf
virtual
Displays information about all the configured virtual links.
dbase
Displays OSPF Database menu. To view this menu, see /info/l3/ospf/dbase OSPF
Database Information, page 93.
91
routes
Displays the OSPF routing table. For sample output, /info/l3/ospf/routes OSPF
Information Route Codes, page 95.
dump
Displays all the OSPF information. For sample output /info/l3/ospf/dump OSPF Dump
Information, page 95.
/info/l3/ospf/general
OSPF Version 2
Router ID: 47.80.23.247
Started at 95 and the process uptime is 352315
Area Border Router: yes, AS Boundary Router: no
LS types supported are 6
External LSA count 0
External LSA checksum sum 0x0
Number of interfaces in this router is 2
Number of virtual links in this router is 1
16 new lsa received and 34 lsa originated from this router Total number of
entries in the LSDB 10
Database checksum sum 0x0
Total neighbors are 1, of which
2 are >=INIT state,
2 are >=EXCH state,
2 are =FULL state
Number of areas is 2, of which 3-transit 0-nssa
Area Id : 0.0.0.0
Authentication : none
Import ASExtern : yes
Number of times SPF ran : 8
Area Border Router count : 2
AS Boundary Router count : 0
LSA count : 5
LSA Checksum sum : 0x2237B
Summary : noSummary
92
/info/l3/ospf/if
/info/l3/ospf/dbase
[OSPF Database
advrtr
asbrsum
dbsumm
ext
nw
nssa
rtr
self
summ
all
Menu]
- LS Database info for an Advertising Router
- ASBR Summary LS Database info
- LS Database summary
- External LS Database info
- Network LS Database info
- NSSA External LS Database info
- Router LS Database info
- Self Originated LS Database info
- Network-Summary LS Database info
- All
93
The total number of LSAs for each LSA type for all areas combined.
The total number of LSAs for all LSA types for all areas combined.
self
Displays all the self-advertised LSAs. No parameters are required.
all
Displays all the LSAs.
94
/info/l3/ospf/routes
/info/l3/ospf/dump
OSPF Version 2
Router ID: 1.1.1.1
Started at 42 and the process uptime is 1197051
Area Border Router: no, AS Boundary Router: no
External LSA count 0
Number of interfaces in this router is 0
Number of virtual links in this router is 0
0 new lsa received and 0 lsa originated from this router
Total number of entries in the LSDB 0
Total neighbors are 0, of which
0 are >=INIT state,
0 are >=EXCH state,
0 are =FULL state
Number of areas is 0, of which 0-transit 0-nssa
OSPF Neighbors:
Intf NeighborID
---- ----------
Prio
----
State
-----
Address
-------
OSPF LS Database:
OSPF LSDB breakdown for router with ID (1.1.1.1)
No areas enabled.
95
/info/l3/ospfv3
virtual
Displays information about all the configured virtual links.
dbase
Displays OSPF Database menu. To view this menu, see /info/l3/ospfv3/dbase OSPF v3
Database Information, page 98.
96
routes
Displays the OSPF v3 routing table. For sample output, /info/l3/ospfv3/routes OSPF v3
Information Route Codes, page 100.
dump
Displays all the OSPF v3 information. For sample output /info/l3/ospfv3/dump OSPF v3
Dump Information, page 100.
/info/l3/ospfv3/general
OSPF Version 2
Router ID: 47.80.23.247
Started at 95 and the process uptime is 352315
Area Border Router: yes, AS Boundary Router: no
LS types supported are 6
External LSA count 0
External LSA checksum sum 0x0
Number of interfaces in this router is 2
Number of virtual links in this router is 1
16 new lsa received and 34 lsa originated from this router Total number of
entries in the LSDB 10
Database checksum sum 0x0
Total neighbors are 1, of which
2 are >=INIT state,
2 are >=EXCH state,
2 are =FULL state
Number of areas is 2, of which 3-transit 0-nssa
Area Id : 0.0.0.0
Authentication : none
Import ASExtern : yes
Number of times SPF ran : 8
Area Border Router count : 2
AS Boundary Router count : 0
LSA count : 5
LSA Checksum sum : 0x2237B
Summary : noSummary
97
/info/l3/ospfv3/if
/info/l3/ospfv3/dbase
[OSPFv3 Database
advrtr asbrsum dbsumm ext
nw
nssa
rtr
self
summ
all
-
Menu]
LS Database info for an Advertising Router
ASBR Summary LS Database info
LS Database summary
External LS Database info
Network LS Database info
NSSA External LS Database info
Router LS Database info
Self Originated LS Database info
Network-Summary LS Database info
All
98
The total number of LSAs for each LSA type for all areas combined.
The total number of LSAs for all LSA types for all areas combined.
self
Displays all the self-advertised LSAs. No parameters are required.
all
Displays all the LSAs.
99
/info/l3/ospfv3/routes
/info/l3/ospfv3/dump
OSPFv3 Information:
OSPF RouterId:
2.2.2.2
OSPF Admin State:
Enabled
OSPF ASBR Status:
FALSE
OSPF ABR Status:
TRUE
Number of AS scope Lsa's:
1
Number of received lsa's:
21
Number of new lsa's:
0
Multicast extensions:
0
OSPFv3 Neighbors:
Neighbor 1.1.1.1 on interface 1()
IPv6 Address:
Interface ID:
OPTIONS:
PRIORITY:
STATE:
EVENTS:
fe80:0:0:0:93bd:1aab:cdcd:2a89
1
0x13
1
full(8)
6
100
(continued)
Nbr Table counter: 2
OSPFv3 LS Database:
Link Scope LSAs
Interf
TYPE
1
8
1
8
2
8
2
8
Router ID
1.1.1.1
2.2.2.2
2.2.2.2
3.3.3.3
LS ID
0.0.0.1
0.0.0.1
0.0.0.2
0.0.0.2
TYPE
2001
2001
2002
2003
2003
2004
2009
2009
2009
2001
2001
2002
2003
2003
2004
2009
2009
2009
LS ID
0.0.0.2
AGE CKSUM
Sequence
282 6fe3 80000002
Router ID
2.2.2.2
3.3.3.3
3.3.3.3
2.2.2.2
3.3.3.3
3.3.3.3
2.2.2.2
3.3.3.3
3.3.3.3
1.1.1.1
2.2.2.2
2.2.2.2
2.2.2.2
2.2.2.2
2.2.2.2
1.1.1.1
2.2.2.2
2.2.2.2
LS ID
0.0.0.3
0.0.0.4
0.0.0.2
0.0.0.3
0.0.0.6
0.0.0.2
0.0.0.4
0.0.0.5
0.0.0.6
0.0.0.0
0.0.0.2
0.0.0.1
0.0.0.4
0.0.0.5
0.0.0.2
0.0.0.1
0.0.0.3
0.0.0.5
101
OSPFv3 Neighbors
The number of OSPF v3 neighbors and their status.
/info/l3/ip
IP Information
This is only available in the vADC Administrator environment in ADC-VX mode.
Interface information:
1: 47.80.23.81
255.255.254.0
2: 172.31.4.1
255.255.255.0
3: 172.31.3.1
255.255.255.0
47.80.23.255,
172.31.4.255,
172.31.3.255,
vlan 1, up
vlan 1, up
vlan 1, up
102
/info/l3/vrrp
VRRP Information
This is only available in the vADC Administrator environment in ADC-VX mode.
Alteon support for Virtual Router Redundancy Protocol (VRRP) provides redundancy between routers
in a LAN. This is done by configuring the same virtual router IP address and ID number on each
participating VRRP-capable routing device. One of the virtual routers is then elected as the master
based on a number of priority criteria, and assumes control of the shared virtual router IP address.
If the master fails, one of the backup virtual routers assumes routing authority and takes control of
the virtual router IP address. For more information on VRRP, see the Alteon Application Switch
Operating System Application Guide.
VRRP information:
9: vrid
9, 2005:0:0:0:0:0:10:9
if 9, renter, prio 101, master
10: vrid 10, 10.10.10.50,
if 1, renter, prio 101, master
20: vrid 20, 2005:0:0:0:0:0:20:20
if 20, renter, prio 105, master, server
Using this command, when virtual routers are configured, you can view the status of each virtual
router. VRRP information includes:
Interface number
Ownership status
OwnerIdentifies the preferred master virtual router. A virtual router is the owner when the
IP address of the virtual router and its IP interface are the same.
Priority valueDuring the election process, the virtual router with the highest priority becomes
master.
Activity status
Server statusThe server state identifies virtual routers that support Layer 4 services. These
are known as virtual server routers, any virtual router whose IP address is the same as any
configured virtual server IP address.
Proxy statusThe proxy state identifies virtual proxy routers, where the virtual router shares
the same IP address as a proxy IP address. Virtual proxy routers enable redundant Alteons to
share the same IP address, minimizing the number of unique IP addresses that must be
configured.
103
/info/l3/dump
IP information:
AS number 0
Interface information:
IPv6 Link Local Address Information:
Default gateway information: metric strict
Current IP forwarding settings: ON, dirbr disabled, noicmprd disabled, rtcache
enabled
Current local networks:
None
----------------------------------------------Current IPv6 local networks:
Current Allowed networks:
Current IPv4 allowed networks:
Id
Vlan NetAddress
---- ---- --------------1
220
10.10.10.0 - 10.10.10.3
NetMask
--------------255.255.255.0
104
Gateway
--------------0.0.0.0
0.0.0.0
255.255.255.255
Type
--------martian
martian
broadcast
Tag
Metr If
--------- ---- -martian
martian
broadcast
(continued)
OSPF is disabled.
BGP is disabled.
IPv6 Forwarding Table:
Total number of route6 entries: 0
IPv6 Multicast Routes Table:
/info/slb
105
gslb
Displays the Global SLB Information menu. To view this menu, see /info/slb/gslb Global
SLB Information Menu, page 111.
Virtual Port StateVirtual service or port, server port mapping, real server group,
group backup server, the health check ID and type, and the health check result.
synatk
Displays SYN attack detection information. To identify if the server is under a SYN attack,
the number of new half open sessions is examined within a set period (for example,
every two seconds). This feature requires dbind to be enabled.
106
/info/slb/sess
cip6 <IP6_address>
Display session entries with the specified IPv6 address.
dip6 <IP6_address>
Display session entries with the specified IPv6 address.
107
flag <E|L|N|P|S|Rt|Ru|Ri|Vi|Vr|Vs|Vm|Vd|U|W>
Displays all session entries with matching flag. For sample output and a description of
these statistics, see Table 39 - Session Dump Information, page 108.
dump v4 | v6
Displays all session entries.
Values:
3, 01: 1.1.1.1 4586, 2.2.2.1 http -> 1.1.1.2 3567 3.3.3.1 http age 6
f:10 EUSPT c
(1) (2) (3) (4) (5) (6) (7a) (7) (8) (9) (10) (11) (12) (13)
The fields 1 through 13 in this example are described in Table 39 - Session Dump
Information, page 108.
For a set of more session entry dumps, see Table 40 - Session Dump Examples, page
111.
help
Displays the description of the session entry.
Field
Description
(1) SP number
Indicates the Switch Processor (SP) number that created the session.
Shows the physical port through which the client traffic enters
Alteon.
108
Field
Description
For load balancing, this field contains the IP address of the real
server to which Alteon selects to forward a client packet. If Alteon
does not find a live server, this field is the same as destination IP
address (as in row 5). For example:
This field is the same as the destination port (field 6) for load
balancing, except for the RTSP UDP session. For RTSP UDP session,
this server port is obtained from the client-server negotiation. This
field is the filtering application port for filtering. It is for internal use
only. This field can be urlwcr, wcr, idslb, linkslb or nonat.
(10) Age
109
Field
Description
(13) Flag
110
Session
L4 HTTP
RTSP
L4-L7 RTSP
Filtering LinkLB
FTP
NAT
Persistent session The destination port, real server IP and server port are not shown for persistent
session.
/info/slb/gslb
111
site
Displays the Global SLB remote site information.
rule
Displays the Global SLB rule information.
clntprox
Displays the Global SLB client proximity information.
geo
Displays the Global SLB geographical preference information.
pers <IP_Address>
Display the Global SLB DNS persistence cache information.
dump
Displays all Global SLB information.
112
/info/slb/dump
/info/bwm
cont
Displays the BWM contract information configured on this switch.
113
/info/bwm/ipuser
dump
Displays all the IP user entries. For sample output and a description of these
statistics, see /info/bwm/ipuser/dump BWM IP User Information Menu, page 114.
/info/bwm/ipuser/dump
Field
Description
SP Rate
Contract Rate
IP address
Age
114
Field
Description
Octets
Discards
Allowed Rate
Offered Rate
/info/bwm/cont
Per User
Traffic
Limit Key State Shaping
500K
- E
D
500K
- E
D
500K
- E
D
500K
- D
D
500K
- E
D
0K 500K sip
E
D
500K
2M sip
E
D
500K
- E
D
500K
- E
D
100K
- E
D
500K
- E
D
Field
Description
Contract
Policy
115
Field
Description
Per User
These two columns display information for an ipuser limit, if applied to the
contract. Includes the following:
KeyIf an ipuser rate limit is enforced, this field displays whether the user
limit is enforced on a source IP address (sip) or a destination IP address (dip).
State
Traffic Shaping
Displays whether traffic shaping is enabled (E) or disabled (D) for this contract.
/info/security
Security Information
This menu and all sub-menus are only available in the vADC Administrator environment in ADC-VX
mode.
ipacl
Displays the current IP ACL settings.
udpblast
Displays UDP blast protection settings.
dos
Displays DoS protection settings.
dump
Displays all security settings.
116
/info/link
Alias
-----1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Port
---1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Speed
----10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
10/100
1000
1000
1000
1000
Duplex
-------any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
any
full
full
full
full
Flow Ctrl
--TX-----RX-yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
Link
-----down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
down
Port Alias
Port number
117
/info/port
Port Information
In the Global Administrator environment, the port information is for all vADCs in ADC-VX
environment.
Alias
-----1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Port
---1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Tag
--n
y
y
y
y
y
n
n
n
n
n
n
n
n
n
n
RMON
---d
d
d
d
d
d
d
d
d
d
d
d
d
d
d
d
PVID
---1
6
6
6
1
1
1
1
1
1
1
1
1
1
1
1
BWC
----1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
1024
NAME
-----------
VLAN(s)
---------------1
1
6
1
6
1
6
1
1
1
1
1
1
1
1
1
1
1
1
Shared
-------DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
DIS
Port alias
Port number
Port name
VLAN membership
/info/swkey
Notes
If a feature is removed with the /oper/rmkey command, the last permanent license installed
will still be displayed. The output of this command will still list removed features.
Radware temporary evaluation licenses will not be displayed in the command output.
For more information on license keys, see the Radware Alteon Installation and Maintenance Guide.
118
/info/dump
Information Dump
Use this command to dump all information available from the Information Menu (the dump output
may be 10K or more, depending on your configuration). This data is useful for tuning and debugging
Alteon performance.
If you want to capture dump data to a file, set your communication software on your workstation to
capture session data prior to issuing the dump command.
119
120
/stats
Statistics Menu
The following is an example of the Statistics menu and an explanation of the Statistics menu
options.
121
pmirr
Displays the Port Mirroring Statistics menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/pmirr
Port Mirroring Statistics Menu, page 140.
l2
Displays the Layer 2 Statistics menu. To view this menu, see /stats/l2 Layer 2
Statistics Menu, page 141.
l3
Displays the Layer3 Statistics menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/l3
Layer 3 Statistics Menu, page 144.
slb
Displays the Server Load Balancing (SLB) menu. This menu appears only in the
vADC Administrator environment in ADC-VX mode. To view this menu, see /stats/
slb Server Load Balancing Statistics Menu, page 166.
bwm
Displays the Bandwidth Management menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/bwm/
hist BWM History Statistics, page 224.
security
Displays the Security Statistics menu. This menu appears only in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /stats/
security Security Statistics, page 226.
mp
Displays the MP-specific Statistics menu. Use this menu to view information on
how management processes and resources are currently being allocated. To view
this menu, see /stats/mp Management Processor Statistics, page 232.
sp <SP number>
Displays the SP-specific Statistics menu. Use this menu to view information on
how switch processes and resources are currently being allocated. This menu
appears only in the vADC Administrator environment in ADC-VX mode. To view
this menu, see /stats/sp <SP Number> SP-specific Statistics, page 236.
dump
Dumps all Alteon statistics. Use this command to gather data for tuning and
debugging performance. If you want to capture dump data to a file, set your
communication software on your workstation to capture session data prior to
issuing the dump command. For details, see /stats/dump Dump Statistics,
page 238.
122
/stats/sys
mgmt
Displays interface statistics for the Management Port. For sample output, see /stats/
sys/mgmt Management Port Statistics, page 124.
ntp [clear]
Displays Network Time Protocol (NTP) statistics. You can optionally include the clear
option to delete all NTP statistics.
snmp
Show SNMP statistics.
dump
Dump system statistics.
/stats/sys/access
vlan
Displays the VLAN management access statistics (blocked packets).
In the vADC Administrator environment in ADC-VX mode only the statistics for the
associated VLAN display.
123
/stats/sys/mgmt
statistics:
0
TX bytes:
0
TX packets:
0
TX errors:
0
TX dropped:
0
TX overruns:
0
TX carrier errors:
0
TX collisions:
0
0
0
0
0
0
0
Statistic
Description
RX bytes
RX packets
RX errors
RX dropped
The number of incoming packets that were dropped due to lack of receive
buffers.
RX overruns
The number of received packets that were dropped because their size
exceeded that of the receive queue.
RX frame errors
RX multicast
TX bytes
TX packets
TX errors
TX dropped
TX overruns
The number of packets dropped because size exceeded that of the transmit
queue.
TX carrier errors
Not applicable.
TX collisions
124
ether
Displays Ethernet ("dot1") statistics for the port. For sample output and a description of
these statistics, see /stats/port <port number> /ether Ethernet Statistics, page 127.
if
Displays interface statistics for the port. For sample output and a description of these
statistics, see /stats/port <port number> /if Interface Statistics, page 130.
ip
Displays IP statistics for the port. This command appears only in the vADC Administrator
environment in ADC-VX mode. For sample output and a description of these statistics,
see /stats/port <port number> /ip Interface Protocol Statistics, page 131.
link
Displays link statistics for the port. For sample output and a description of these
statistics, see /stats/port <port number> /link Link Statistics, page 132.
rmon
Displays Remote Monitor (RMON) statistics for the port. For sample output and a
description of these statistics, see /stats/port <port number> /rmon RMON Statistics,
page 133.
dump
Displays all the port statistics.
clear
Clears all the statistics on this port.
125
/stats/port<port number>/brg
Bridging Statistics
This menu option lets you display the bridging statistics of the selected port.
63242584
63277826
0
0
NA
NA
0
Statistic
Description
dot1PortInFrames
The number of frames that have been received by this port from its
segment. A frame received on the interface corresponding to this port
is only counted by this object only if it is for a protocol being processed
by the local bridging function, including bridge management frames.
dot1PortOutFrames
The number of frames that have been transmitted by this port to its
segment.
Note: A frame transmitted on the interface corresponding to this
port is only counted by this object only if it is for a protocol being
processed by the local bridging function, including bridge
management frames.
dot1PortInDiscards
dot1TpLearnedEntry
Discards
dot1BasePortDelay
ExceededDiscards
dot1BasePortMtu
ExceededDiscards
dot1StpPortForward
Transitions
The number of times this port has transitioned from the learning state
to the forwarding state.
126
Ethernet Statistics
This menu option lets you display the ethernet statistics of the selected port.
0
0
0
0
NA
0
0
0
NA
0
0
0
NA
Statistic
Description
dot3StatsAlignmentErrors
dot3StatsFCSErrors
127
Statistic
Description
dot3StatsSingleCollisionFrames
dot3StatsMultipleCollisionFrames
dot3StatsSQETest-Errors
dot3StatsDeferredTransmissions
dot3StatsLate-Collisions
dot3StatsExcessiveCollisions
128
Statistic
Description
dot3StatsInternalMacTransmitErrors
dot3StatsCarrier-SenseErrors The number of times that the carrier sense condition was lost or
never asserted when attempting to transmit a frame on a particular
interface.
This number is incremented at most once per transmission attempt,
even if the carrier sense condition fluctuates during a transmission
attempt.
Note: This counter does not increment when the interface is
operating in full-duplex mode.
dot3StatsFrameToo-Longs
dot3StatsInternalMacReceiveErrors
dot3Coll-Frequencies
129
Interface Statistics
This menu option lets you display the interface statistics of the selected port.
ifHCIn Counters
51697080313
65356399
0
0
0
0
ifHCOut Counters
51721056808
65385714
6516
0
0
0
0
0
0
0
0
0
0
0
Statistic
Description
ifHCInOctets
ifHCInUcastPkts
The number of packets delivered by this sub-layer to a higher sublayer, which were not addressed to a multicast or broadcast address
at this sub-layer.
ifHCInBroadcastPkts
The number of packets delivered by this sub-layer to a higher sublayer, which were addressed to a broadcast address at this sublayer.
ifHCInMulticastPkts
ifHCInDiscards
ifHCInErrors
ifHCOutOctets
ifHCOutUcastPkts
130
Statistic
Description
ifHCOutBroadcastPkts
ifHCOutMulticastPkts
ifHCOutDiscards
ifHCOutErrors
0
0
0
0
0
0
ipForwDatagrams:
ipInDiscards:
0
0
Statistic
Description
ipInReceives
ipInAddrErrors
131
Statistic
Description
ipForwDatagrams
The number of input datagrams for which Alteon was not their final
IP destination, resulting in an attempt to find a route to forward
them to that final destination. In entities which do not act as IP
gateways, this counter includes only those packets which were
source-routed via Alteon, and the source-route option was
processed successfully.
ipInUnknownProtos
ipInDiscards
ipInDelivers
ipTtlExceeds
ipLANDattacks
The number of packets that have the same source and destination IP
address.
Link Statistics
This menu option lets you display the link statistics of the selected port.
Statistics
Description
linkStateChange
132
RMON Statistics
This menu option lets you display the remote monitor statistics of the selected port.
0
129677
1485
734
712
0
0
0
0
0
0
954
578
35
26
16
8
Statistics
Description
etherStatsDrop Events
etherStatsOctets
etherStatsPkts
etherStatsBroadcastPkts
133
Statistics
Description
etherStatsMulticastPkts
etherStatsCRCAlign Errors
etherStatsUndersizePkts
etherStatsOversizePkts
etherStatsFragments
etherStatsJabbers
134
Statistics
Description
etherStats-Collisions
etherStatsPkts64-Octets
etherStatsPkts65-to127Octets
etherStatsPkts128-to255Octets
etherStatsPkts256-to511Octets
etherStatsPkts512-to1023Octets
135
136
(continued)
--------------------------------------------------------IP statistics for port 1:
ipInReceives:
0
ipInAddrErrors:
0
ipForwDatagrams:
0
ipInUnknownProtos:
0
ipInDiscards:
0
IpInDelivers:
0
ipTtlExceeds:
0
ipLANDattacks:
0
--------------------------------------------------------Link statistics for port 1:
linkStateChange:
3
--------------------------------------------------------RMON statistics for port 1:
etherStatsDropEvents:
0
etherStatsOctets:
123840
etherStatsPkts:
1406
etherStatsBroadcastPkts:
698
etherStatsMulticastPkts:
etherStatsCRCAlignErrors:
etherStatsUndersizePkts:
etherStatsOversizePkts:
etherStatsFragments:
etherStatsJabbers:
etherStatsCollisions:
etherStatsPkts64Octets:
etherStatsPkts65to127Octets:
etherStatsPkts128to255Octets:
etherStatsPkts256to511Octets:
etherStatsPkts512to1023Octets:
etherStatsPkts1024to1518Octets:
669
0
0
0
0
0
0
906
548
35
25
16
8
/stats/vadc
[Global vADC
limit
sp
mp
dump
Statistics Menu]
- vADC throughput limits statistics
- vADC MP-specific Stats Menu
- vADC MP-specific Stats Menu
- Dump all stats
137
mp
Displays the vADC MP-specific Statistics menu. To view this menu, see /stats/
vadc/mp vADC vMP-specific (Management Processor) Statistics Menu, page 139.
dump
Displays all vADC statistics for the selected vADC.
/stats/vadc/limit
Name
-------vADC-1
vADC-2
Ave. SSL(CPS)
------------------3000
100
SSL limit
---------------4200
500
Max SSL(CPS)
-----------------4200
1400
vADC
---1
2
Name
-------vADC-1
vADC-2
Ave. Compression(MB)
-------------------0
0
/stats/vadc/sp
mem
Displays SP memory usage. For sample output and a description of these
statistics, see /stats/vadc/sp/mem vADC SP Memory Statistics, page 139.
138
/stats/vadc/sp/cpu
Statistic
Description
cpuUtil1Second
The percentage of CPU usage for the vADC as measured over the
last one-second interval.
cpuUtil4Seconds
The percentage of CPU usage for the vADC as measured over the
last four-second interval.
cpuUtil64Seconds
The percentage of CPU usage for the vADC as measured over the
last 64-second interval.
/stats/vadc/sp/mem
1511156 KBytes
1511164 KBytes
1624443 KBytes
Statistic
Description
Current memory
Hi water mark
Allowed Max
/stats/vadc/mp
139
/stats/vadc/mp/cpu
CPU utilization:
cpuUtil1Second:
cpuUtil4Seconds:
cpuUtil64Seconds:
100%
100%
100%
Statistic
Description
cpuUtil1Second
The percentage of CPU usage for the vADC as measured over the
last one-second interval.
cpuUtil4Seconds
The percentage of CPU usage for the vADC as measured over the
last four-second interval.
cpuUtil64Seconds
The percentage of CPU usage for the vADC as measured over the
last 64-second interval.
/stats/pmirr
140
clear
Clears the port statistics.
/stats/l2
lacp
stg
Displays Spanning Tree Group statistics. For sample output and a description of these
statistics, see /stats/l2/stg Spanning Tree Group Statistics, page 143.
dump
Dump the Layer 2 statistics.
141
/stats/l2/fdb
FDB Statistics
This menu option lets you display statistics regarding the use of the forwarding database, including
the number of new entries, finds, and unsuccessful searches.
FDB statistics:
creates:
current:
lookups:
finds:
find_or_c's:
max:
9611
58
850254
5832
11874
16384
deletes:
hiwat:
lookup fails:
find fails:
overflows:
9553
65
151373
0
0
Statistic
Description
creates
current
lookups
finds
find_or_c's
deletes
hiwat
Highest number of entries recorded at any given time in the forwarding database.
lookup fails
find fails
overflows
max
/stats/l2/lacp
LACP Statistics
>> Layer 2 Statistics# lacp 1
port 1
Valid LACPDUs received
Valid Marker PDUs received
Valid Marker Rsp PDUs received
Unknown version/TLV type
Illegal subtype received
LACPDUs transmitted
Marker PDUs transmitted
Marker Rsp PDUs transmitted
142
9394
0
0
0
0
8516
0
0
Statistic
Description
The number of valid marker PDUs that Alteon received on this port.
Unknown version/TLV type The number of unknown versions or type-length-value (TLV) types that
Alteon received on this port.
Illegal subtype received
LACPDUs transmitted
/stats/l2/stg
Rcv TCN
-------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Xmt RST/MST
----------787
0
0
0
0
0
0
66
0
0
0
0
0
0
0
0
Xmt Cfg
-------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Xmt TCN
------1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
Statistic
Description
Port
Rcv RST/MST
Rcv Cfg
Rcv TCN
Xmt RST/MST
143
Statistic
Description
Xmt Cfg
Xmt TCN
/stats/l3
ospfv3
Displays the OSPFv3 Statistics Menu. To view this menu, see /stats/l3/ospfv3 OSPFv3
Statistics Menu, page 149.
ip
Displays IP statistics. For sample output, and a description of these statistics, see /
stats/l3/ip IP Statistics, page 151.
ip6
Displays IPv6 statistics. For sample output, and a description of these statistics, see /
stats/l3/ip6 IP6 Statistics Menu, page 153.
route
Displays route statistics. For sample output, and a description of these statistics, see, /
stats/l3/route Route Statistics, page 157.
arp
Displays Address Resolution Protocol (ARP) statistics. For sample output, and a
description of these statistics, see /stats/l3/arp ARP Statistics, page 158.
144
For sample output, and a description of these statistics, see /stats/l3/vrrp VRRP
Statistics, page 159.
vrrp6
Displays statistical information about IPv6 VRRP support. For sample output, and a
description of these statistics, see /stats/l3/vrrp6 IPv6 VRRP Statistics, page 160.
dns
Displays Domain Name Server/system (DNS) statistics. For sample output, and a
description of these statistics, see /stats/l3/dns DNS Statistics, page 160.
icmp
Displays ICMP statistics. For sample output, and a description of these statistics, see /
stats/l3/icmp ICMP Statistics, page 161.
if
tcp
Displays TCP statistics. For sample output, and a description of these statistics, see /
stats/l3/tcp TCP Statistics, page 164.
udp
Displays UDP statistics. For sample output, and a description of these statistics, see /
stats/l3/udp UDP Statistics, page 165.
ifclear
Clears IP interface statistics.
Note: Because this deletes all IP interface statistics, use caution before executing
this command.
ipclear
Clears IP statistics.
Note: Because this deletes all IP statistics, use caution before executing this
command.
dump
Dumps all Layer 3 statistics. Use this command to gather data for tuning and
debugging Layer 3 performance. If you want to capture dump data to a file, set your
communication software on your workstation to capture session data prior to issuing
the dump command.
145
/stats/l3/ospf
146
/stats/l3/ospf/general
OSPF stats
---------Rx/Tx Stats:
Rx
--------
Pkts
hello
database
ls requests
ls acks
ls updates
0
23
4
3
7
9
Nbr change s
hello
start
n2way
adjoint ok
negotiation done
exchange done
bad requests
bad sequence
loading done
n1way
rst_ad
down
Timers kickoff
hello
retransmit
lsa lock
lsa ack
dbage
summary
ase export
Tx
-------0
518
12
1
7
7
2
0
2
2
2
2
0
0
2
0
0
1
4
2
0
0
2
0
5
514
1028
0
0
0
0
0
Statistic
Description
Rx/Tx Stats
Rx Pkts
The total of all OSPF packets received on all OSPF areas and interfaces.
Tx Pkts
The total of all OSPF packets transmitted on all OSPF areas and interfaces.
Rx Hello
The total of all Hello packets received on all OSPF areas and interfaces.
Tx Hello
The total of all Hello packets transmitted on all OSPF areas and interfaces.
Rx Database
The total of all Database Description packets received on all OSPF areas
and interfaces.
147
Statistic
Description
Tx Database
Rx ls Requests
The total of all Link State Request packets received on all OSPF areas and
interfaces.
Tx ls Requests
The total of all Link State Request packets transmitted on all OSPF areas
and interfaces.
Rx ls Acks
The total of all Link State Acknowledgement packets received on all OSPF
areas and interfaces.
Tx ls Acks
Rx ls Updates
The total of all Link State Update packets received on all OSPF areas and
interfaces.
Tx ls Updates
The total of all Link State Update packets transmitted on all OSPF areas
and interfaces.
The total of all Hello packets received from neighbors on all OSPF areas
and interfaces.
Start
The number of neighbors in this state (that is, an indication that Hello
packets should now be sent to the neighbor at intervals of Hello Interval
seconds) across all OSPF areas and interfaces.
n2way
adjoint ok
negotiation done
exchange done
bad requests
The number of Link State Requests which have been received for a link
state advertisement not contained in the database across all interfaces
and OSPF areas.
bad sequence
has an Options field differing from the last Options field received in a
Database Description packet
Any of these conditions indicate that some error has occurred during
adjacency establishment for all OSPF areas and interfaces.
loading done
The number of link state updates received for all out-of-date portions of
the database across all OSPF areas and interfaces.
n1way
The number of Hello packets received from neighbors, in which this router
is not mentioned across all OSPF interfaces and areas.
148
Statistic
Description
rst_ad
The number of times the neighbor adjacency has been reset across all
OPSF areas and interfaces.
down
The number of neighboring routers down (that is, in the initial state of a
neighbor conversation) across all OSPF areas and interfaces.
down
loop
unloop
wait timer
The number of times the Wait Timer has been run, indicating the end of
the waiting period that is required before electing a (backup) Designated
Router across all OSPF areas and interfaces.
backup
The number of Backup Designated Routers on the attached network for all
OSPF areas and interfaces.
nbr change
Timers Kickoff
hello
The number of times the Hello timer has been run (which triggers a Hello
packet to be sent) across all OPSF areas and interfaces.
retransmit
The number of times the Retransmit timer has been run across all OPSF
areas and interfaces.
lsa lock
The number of times the Link State Advertisement (LSA) lock timer has
been run across all OSPF areas and interfaces.
lsa ack
The number of times the LSA ACK timer has been run across all OSPF
areas and interfaces.
dbage
The number of times the database age (Dbage) has been run.
summary
ase export
The number of times the Autonomous System Export (ASE) timer has
been run.
/stats/l3/ospfv3
149
/stats/l3/ospfv3/general
OSPFv3 stats
------------PacketSent:
PacketRx:
Num_rx_drop_pkt:
Num_tx_drop_pkt:
Num_rx_bad_pkt:
Num_spf_run:
Last_spf_run:
LSDBTableSize:
NumBadLsReq:
NumSeqMismatch:
72
76
3
0
0
6
221
23
0
0
Statistic
Description
PacketSent
The total of all OSPF v3 packets transmitted on all OSPF v3 areas and
interfaces.
PacketRx
The total of all OSPF v3 packets received on all OSPF v3 areas and
interfaces.
Num_rx_drop_pkt
Num_tx_drop_pkt
Num_rx_bad_pkt
Num_spf_run
Last_spf_run
LSDBTableSize
NumBadLsReq
NumSeqMismatch
150
/stats/l3/ip
IP Statistics
IP statistics:
ipInReceives:
ipInAddrErrors:
ipInUnknownProtos:
ipInDelivers:
ipOutDiscards:
ipReasmReqds:
ipReasmFails:
ipFragFails:
ipRoutingDiscards:
ipReasmTimeout:
3115873
35447
500504
2334166
4
0
0
0
0
5
ipInHdrErrors:
ipForwDatagrams:
ipInDiscards:
ipOutRequests:
ipOutNoRoutes:
ipReasmOKs:
ipFragOKs:
ipFragCreates:
ipDefaultTTL:
1
0
0
1010542
4
0
0
0
255
Statistic
Description
ipInReceives
ipInHdrErrors
ipInAddrErrors
ipForwDatagrams
The number of input datagrams for which Alteon was not their
final IP destination, resulting in an attempt to find a route to
forward them to that final destination. In entities which do not act
as IP gateways, this counter includes only those packets, which
were source-routed via Alteon, and the source- route option
succeeded,
ipInUnknownProtos
ipInDiscards
ipInDelivers
ipOutRequests
151
Statistic
Description
ipOutDiscards
ipOutNoRoutes
ipReasmReqds
ipReasmOKs
ipReasmFails
ipFragOKs
ipFragFails
ipFragCreates
ipRoutingDiscards
ipDefaultTTL
The default value inserted into the Time-To-Live (TTL) field of the
IP header of datagrams originated in this Alteon, whenever a TTL
value is not supplied by the transport layer protocol.
ipReasmTimeout
152
/stats/l3/ip6
153
(continued)
Interface: 7
InMsgs:
5864
InErrors:
4268
InEchos:
0
InEchoReplies:
4268
InNeighborSolicits:
122
InNeighborAdvertisements:
3
InRouterSolicits:
0
InRouterAdvertisements: 1471
InDestUnreachs:
4268
InTimeExcds:
0
InPktTooBigs:
0
InParmProblems:
0
InRedirects:
0
OutMsgs:
8549
OutErrors:
4271
OutEchos:
4269
OutEchoReplies:
0
OutNeighborSolicits:
2
OutNeighborAdvertisements:124
OutRouterSolicits:
0
OutRouterAdvertisements:
1
OutRedirects:
0
--------------------------------------------------------IP6 gateway health check statistics:
gateway 5 echo-req
4269 echo-resp
gateway 7 echo-req
4269 echo-resp
4268 fails
0 fails
0
4268
Statistic
Description
InDelivers
UnknownProtos
OutRequests
ReasmOKs
154
Statistic
Description
InDiscards
ForwDatagrams
InAddrErrors
OutNoRoutes
ReasmFails
IcmpInMsgs
IcmpOutMsgs
IcmpInErrors
155
Statistic
Description
IcmpOutErrors
The number of ICMP messages which this interface did not send
due to problems discovered within ICMP such as a lack of buffers.
This value should not include errors discovered outside the ICMP
layer such as the inability of IPv6 to route the resultant
datagram. In some implementations there may be no types of
error which contribute to this counter's value.
IcmpInEchos
InNeighborSolicits
InRouterSolicits
InDestUnreachs
InPktTooBigs
InRedirects
InErrors
InEchoReplies
InNeighborAdvertisements
InRouterAdvertisements
InTimeExcds
InParmProblems
OutMsgs
OutEchos
OutNeighborSolicits
OutRouterSolicits
OutRedirects
156
Statistic
Description
OutErrors
The number of ICMP messages which this interface did not send
due to problems discovered within ICMP, such as a lack of buffers.
This value should not include errors discovered outside the ICMP
layer, such as the inability of IPv6 to route the resultant
datagram. In some implementations there may be no types of
error which contribute to this counter's value.
OutEchoReplies
OutNeighborAdvertisements
OutRouterAdvertistments
/stats/l3/route
Route Statistics
Route statistics:
ipRoutesCur:
3 ipRoutesHighWater:
3
ipRoutesMax:
4096
--------------------------------------------------------SP Route statistics:
SP
ipRoutesCur
ipRoutesHighWater
ipRoutesMax
--- ------------- ------------------- ------------1
3
3
4096
2
3
3
4096
3
3
3
4096
4
3
3
4096
--------------------------------------------------------RIP statistics:
ripInPkts:
ripDiscardPkts:
0
0
ripOutPkts:
ripRoutesAgedOut:
0
0
BGP statistics:
bgpInPkts:
bgpBadPkts:
bgpRoutesAdded:
bgpRoutesCur:
bgpRoutesIgnored:
0
0
0
0
0
bgpOutPkts:
bgpSessFailures:
bgpRoutesRemoved:
bgpRoutesFailed:
bgpRoutesFiltered:
0
0
0
0
0
Statistic
Description
ipRoutesHighWater
ipRoutesMax
157
Statistic
Description
RIP statistics
ripInPkts
ripOutPkts
ripDiscardPkts
ripRoutesAgedOut
The number of routes learned via RIP that has aged out.
BGP statistics
bgpInPkts
bgpOutPkts
bgpBadPkts
bgpSessFailures
bgpRoutesAdded
bgpRoutesRemoved
The number of routes that were removed from the routing table.
bgpRoutesCur
bgpRoutesFailed
The number of BGP routes that failed to add in the routing table.
bgpRoutesIgnored
The number of routes ignored because the peer was not connected
locally or multi-hop was not configured.
bgpRoutesFiltered
/stats/l3/arp
ARP Statistics
This menu option lets you display Address Resolution Protocol statistics.
MP ARP statistics:
arpEntriesCur:
2
ArpEntriesHighWater:
2
arpEntriesMax:
8192
--------------------------------------------------------SP ARP statistics:
SP
arpEntriesCur
arpEntriesHighWater
arpEntriesMax
--- --------------- --------------------- --------------1
1
1
8192
2
1
1
8192
3
1
1
8192
4
1
1
8192
ARP statistics are described in the following table:
Statistic
Description
arpEntriesCur
arpEntriesHighWater
The highest number of ARP entries ever recorded in the ARP table.
arpEntriesMax
158
/stats/l3/vrrp
VRRP Statistics
Alteon Virtual Router Redundancy Protocol (VRRP) support provides redundancy between routers in
a LAN. This is done by configuring the same virtual router IP address and ID number on each
participating VRRP-capable routing device. One of the virtual routers is elected as the master, based
on a number of priority criteria, and assumes control of the shared virtual router IP address. If the
master fails, one of the backup virtual routers assumes routing authority and takes control of the
virtual router IP address.
When virtual routers are configured, you can display the following protocol statistics for VRRP:
VRRP statistics:
vrrpInAdvers:
vrrpOutAdvers:
vrrpBadVersion:
vrrpBadAddress:
vrrpBadPassword:
0
0
0
0
0
vrrpBadAdvers:
vrrpBadVrid:
vrrpBadData:
vrrpBadInterval:
0
0
0
Statistic
Description
vrrpInAdvers
vrrpBadAdvers
vrrpOutAdvers
vrrpBadVersion
vrrpBadVrid
vrrpBadAddress
vrrpBadData
vrrpBadPassword
vrrpBadInterval
159
/stats/l3/vrrp6
VRRP6 statistics:
vrrp6InAdvers:
vrrp6BadAdvers:
vrrp6OutAdvers:
vrrp6BadVersion:
vrrp6BadVrid:
vrrp6BadAddress:
vrrp6BadData:
vrrp6BadInterval:
7
0
86801
0
0
0
0
0
Statistic
Description
vrrp6InAdvers
vrrp6BadAdvers
vrrp6OutAdvers
vrrp6BadVersion
vrrp6BadVrid
vrrp6BadAddress
vrrp6BadData
vrrp6BadPassword
vrrp6BadInterval
/stats/l3/dns
DNS Statistics
This menu option lets you display Domain Name System statistics:
DNS statistics:
dnsInRequests:
dnsBadRequests:
160
0
0
dnsOutRequests:
Statistic
Description
dnsInRequests
dnsOutRequests
dnsBadRequests
/stats/l3/icmp
ICMP Statistics
ICMP statistics:
icmpInMgs:
icmpInDestUnreachs:
icmpInParamProbs:
icmpInRedirects:
icmpInEchoReps:
icmpInTimestampsReps:
icmpInAddrMasksReps:
icmpOutErrors:
icmpOutTimeExcds:
icmpOutSrchQuenchs:
icmpOutEchos:
icmpOutTimestamps:
icmpOutAddrMasks:
1090913
6
0
0
1090879
0
0
0
179011
0
1092668
0
0
icmpInErrors:
icmpInTimeExcds:
icmpInSrchQuenchs:
icmpInEchos:
icmpInTimestamps:
icmpInAddrMasks:
icmpOutMsgs:
icmpOutDestOutreachs:
icmpOutParamProbs:
icmpOutRedirects:
icmpOutEchoReps:
icmpOutTimestampReps:
icmpOutAddrMaskReps:
0
0
0
28
0
0
1274902
3195
0
0
28
0
0
Statistic
Description
icmpInMsgs
icmpInErrors
icmpInDestUnreachs
icmpInTimeExcds
icmpInParmProbs
icmpInSrcQuenchs
icmpInRedirects
icmpInEchos
icmpInEchoReps
icmpInTimestamps
icmpInTimestampReps
icmpInAddrMasks
161
Statistic
Description
icmpInAddrMaskReps
icmpOutMsgs
icmpOutErrors
The number of ICMP messages which Alteon did not send due to
problems discovered within ICMP, such as a low buffer. This value
should not include errors discovered outside the ICMP layer, such
as the inability of IP address to route the resultant datagram. In
some implementations there may be no types of errors that
contribute to this counter's value.
icmpOutDestUnreachs
icmpOutTimeExcds
icmpOutParmProbs
icmpOutSrcQuenchs
icmpOutRedirects
The number of ICMP Redirect messages sent. For a host, this object
is always zero, since hosts do not send redirects.
icmpOutEchos
icmpOutEchoReps
icmpOutTimestamps
icmpOutTimestampReps
icmpOutAddrMasks
icmpOutAddrMaskReps
Interface Statistics
IP interface 1 statistics:
ifInOctets:
48948386
ifInNUCastPkts:
167895
ifInErrors:
0
ifOutOctets:
27100789
ifOutNUcastPkts:
218652
ifOutErrors:
0
ifInUcastPkts:
ifInDiscards:
ifInUnknownProtos:
ifOutUcastPkts:
ifOutDiscards:
ifStateChanges
220553
0
0
441938
0
1
Statistic
Description
ifInOctets
ifInUcastPkts
The number of packets delivered by this sub-layer to a higher sublayer which were not addressed to a multicast or broadcast address at
this sub-layer.
162
Statistic
Description
ifInNUCastPkts
The number of packets, delivered by this sub-layer to a higher sublayer which were addressed to a multicast or broadcast address at this
sub-layer. This object is deprecated in favor of ifInMulticastPkts and
ifInBroadcastPkts.
ifInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts
ifOutDiscards
ifOutErrors
ifStateChanges
163
/stats/l3/tcp
TCP Statistics
TCP statistics:
tcpRtoAlgorithm:
tcpRtoMax:
tcpActiveOpens:
tcpAttemptFails:
tcpInSegs:
tcpRetransSegs:
tcpCurBuff:
tcpCurInConn:
tcpCurLstnConn:
tcpAllocTCBFails:
4
240000
0
0
0
0
0
0
3
0
tcpRtoMin:
tcpMaxConn:
tcpPassiveOpens:
tcpEstabResets:
tcpOutSegs:
tcpInErrs:
tcpCurConn:
tcpCurOutConn:
tcpOutRsts:
0
1600
0
0
0
0
6
0
0
Statistic
Description
tcpRtoAlgorithm
tcpRtoMin
tcpRtoMax
tcpMaxConn
The limit on the total number of TCP connections Alteon can support.
In entities where the maximum number of connections is dynamic, this
object should contain the value -1.
tcpActiveOpens
tcpPassiveOpens
tcpAttemptFails
tcpEstabResets
tcpInSegs
tcpOutSegs
164
Statistic
Description
tcpRetransSegs
tcpInErrs
tcpCurBuff
tcpCurConn
tcpCurInConn
tcpCurOutConn
tcpCurLstnConn
tcpOutRsts
tcpAllocTCBFails
/stats/l3/udp
UDP Statistics
UDP statistics:
udpInDatagrams:
udpInErrors:
54
0
udpOutDatagrams:
udpNoPorts:
43
1578077
Statistic
Description
udpInDatagrams
udpOutDatagrams
udpInErrors
The number of received UDP datagrams that could not be delivered for
reasons other than the lack of an application at the destination port.
udpNoPorts
165
/stats/slb
gslb
Displays the Global SLB Statistics menu. To view this menu, see /stats/slb/gslb Global
SLB Statistics Menu, page 174.
Number of times the real server has failed its health checks
For sample output, and a description of these statistics, see /stats/slb/real <real server
number> Real Server SLB Statistics, page 180.
166
Current and total sessions for each real server in the real server group.
Current and total sessions for all real servers associated with the real server group.
Real server transmit/receive octets. For per-service octet counters, see Per Service
Octet Counters, page 181.
For sample output, and a description of these statistics, see /stats/slb/group <real
server group number> Real Server Group Statistics, page 181.
Current and total sessions for each real server associated with the virtual server.
Current and total sessions for all real servers associated with the virtual server.
Real server transmit/receive octets. For per-service octet counters, see Per Service
Octet Counters, page 181.
For sample output, and a description of these statistics, see /stats/slb/virt <virtual
server number> Virtual Server SLB Statistics, page 182.
For sample output, and a description of these statistics, see /stats/slb/realhc <real
server number> Real Server Health Check Statistics, page 183.
layer7
Displays the Layer 7 Statistics menu. To view this menu, see /stats/slb/layer7 SLB
Layer7 Statistics Menu, page 184.
accel
Displays the SLB Acceleration Statistics menu. To view this menu, see /stats/slb/accel
SLB Acceleration Statistics Menu, page 188.
http
Displays the HTTP Statistics menu options. To view this menu, see /stats/slb/http HTTP
Statistics Menu, page 199.
pip
Displays proxy IP statistics. For sample output, and a description of these statistics, see
/stats/slb/pip Server Load Balancing Proxy IP Statistics, page 205.
167
appshape
Displays the AppShape++ statistics. For sample output, and a description of these
statistics, see /stats/slb/appshape <script id> AppShape++ Statistics, page 208.
ftp
Displays the File Transfer Protocol SLB and Filter menu. To view this menu, see /stats/
slb/ftp File Transfer Protocol SLB and Filter Statistics Menu, page 209.
rtsp
Displays RTSP SLB statistics. For sample output, and a description of these statistics,
see /stats/slb/rtsp RTSP SLB Statistics, page 211.
dns
Displays DNS SLB statistics. For sample output, and a description of these statistics, see
/stats/slb/dns DNS SLB Statistics, page 212.
wap
Displays WAP SLB statistics. For sample output, and a description of these statistics, see
/stats/slb/wap WAP SLB Statistics, page 213.
maint
Displays SLB maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/maint SLB Maintenance Statistics, page 214.
sip
Displays SIP SLB statistics. For sample output, and a description of these statistics, see
/stats/slb/sip SIP SLB Statistics, page 216.
siprule
Displays SIP rule statistics. For sample output, and a description of these statistics, see
/stats/slb/siprule SIP Rule Statistics, page 217.
wlm
mirror
Displays session mirroring statistics. For sample output, and a description of these
statistics, see /stats/slb/mirror Display Workload Manager SASP Statistics, page 219.
clear [y|n]
Clears all non-operating SLB statistics, resetting them to zero. This command does not
reset Alteon and does not affect the following counters:
Counters required for Layer 4 and Layer 7 operations (such as current real server
sessions)
To view the statistics reset by this command, refer /stats/slb/wlm <wlm number>
Workload Manager SASP Statistics, page 218.
168
sap
Displays SAP message server statistics.
dump
Dumps all SLB statistics. Use this command to gather data for tuning and debugging
performance. To save dump data to a file, set your communication software on your
workstation to capture session data prior to issuing the dump command.
/stats/slb/sp
maint
Displays the SP maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/sp <sp number> /maint SP Maintenance Statistics,
page 172.
pip
Displays the PIP statistics.
169
0
0
0
0
0
0
Statistic
Description
Octets
The number of cookie inserts or rewrites for the real server on the indicated SP.
Cookie
unavailable
Cookie count
The number of cookies available in the pool for the real server on the indicated SP.
Real IP address
Current
Sessions
Total
Sessions
Octets
1 130.1.1.1
2 141.20.1.1
---- ------------allpool
0
0
-------0
0
134
-------134
0
11584524
---------------------11584524
170
Real IP address
1 130.1.1.1
2 141.20.1.1
---- ------------allpool
Current
Sessions
0
0
-------0
Total
Sessions
Octets
0
134
-------134
0
11584524
---------------------11584524
SP Filter Statistics
SP 1 Filter 1 stats:
Total firings:
171
SP Maintenance Statistics
SP 1 SLB Maintenance stats:
Maximum sessions:
Current sessions:
4 second average:
64 second average:
Terminated sessions:
Allocation failures:
Non TCP/IP frames:
UDP datagrams:
Incorrect VIPs:
Incorrect Vports:
No available real server:
Filtered (denied) frames:
AE (ignored) frames:
Discard frames:
LAND attacks:
No TCP control bits:
Invalid reset packet drops:
Out of state FIN Pkt drops:
Total IP fragment sessions:
IP fragment sessions:
IP6 fragment discards:
IP6 fragment sessions:
IP4 fragment discards:
IP fragment table full:
IPF invalid lengths:
IPF Null Payloads:
Fragment Overlaps:
Duplicate fragments:
Session setup limit:
Session setup bucket:
Session setup discards:
Current IP6 sessions:
Incorrect IP6 VIPs:
Incorrect IP6 Vports:
Unrecognized IP6 next header:
Unsupported IP6 ext header:
No route to forward IP6 packet:
IP6 packets drops:
172
1999987
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
(continued)
SIP RULES STATISTICS
Current sip memory allocations:
Total
sip memory allocations:
Total sip memory frees:
Packet drops:
Packets Allowed:
Packets Ratelimit:
Packets Inspected:
Packets Bypassed:
Monitor errors:
Parse errors:
Exceeded Max rules:
0
0
0
0
0
0
0
0
0
0
0
Statistic
Description
Maximum sessions
Current Sessions
The number of session bindings currently in use (the last four and 64
seconds).
Terminated Sessions
The number of sessions removed from the session table because the
server assigned to them failed, and graceful server failure was not
enabled.
Allocation Failures
TCP Fragments
UDP Datagrams
Indicates that the virtual server IP address and MAC are receiving UDP
frames when UDP balancing is not turned on.
Incorrect VIPs
Incorrect Vports
A dropped frames counter that indicates that the virtual server has
received frames for TCP/UDP services that have not been configured.
Normally this indicates a mis-configuration on the virtual server or the
client, but it also may be an indication of a potential security probing
application like SATAN.
A dropped frames counter that indicates that all real servers are either
out of service or at their maxcon limit.
This indicates the number of times a real server failure has occurred
and caused a backup server to be brought online.
Overflow Server
Activations
This indicates the number of times a real server has reached the
maxcon limit and caused an overflow server to be brought online.
173
Statistic
Description
This indicates the number of frames that were dropped because of one
of the following reasons:
LAND attacks
This counter increases whenever a packet has the same source and
destination IP addresses and ports.
The number of packets that were dropped because the packet had no
control bits set in the TCP header.
The number of packets that were dropped because the packet had an
invalid reset flag set.
Current IP fragment
sessions
IP fragment discards
/stats/slb/gslb
clntprox -
geo
pers
dns
maint
clear
dump
SLB
SLB
SLB
SLB
SLB
174
rule <rule,1-128>
Displays Global SLB statistics for the rule.
clntprox
Displays Global SLB client proximity statistics.
pers
Displays Global SLB DNS persistence cache statistics.
dns
Displays Global SLB DNS and DNSSEC statistics.
geo
Displays Global SLB statistics for the geographical preference.
maint
Displays GSLB maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/gslb/maint Global SLB Maintenance Statistics, page 178.
clear
Deletes all Global SLB statistics.
dump
Displays all Global SLB statistics.
The number of times one of the following configured threshold values is met:
175
5
3210
12
Statistic
Description
Server
IP Address
Site
DNS directs
The number of DNS responses that return the IP address of the corresponding
server.
HTTP redirects
preemptions
The number of times this server has been preempted due to failover preemption.
This means the number of times this Alteon has failed and was preempted from
regaining the sessions it previously owned.
176
/stats/slb/gslb/site
Statistic
Description
The number of remote site client proximity updates sent using DSSP
version 4.
177
/stats/slb/gslb/maint
Statistic
Description
The number of bad packets received from the remote site. Bad
updates or dropped packets usually indicate that there is a
configuration problem at the local or remote GSLB devices. If bad
updates or dropped packets occur, check the syslog for configuration
error messages.
178
Statistic
Description
The number of times the DNS queries received matched for the
hostname configured.
The number of times the DNS queries received matched for the
network domain name configured.
The number of times the DNS queries received matched for the
basic domain name configured.
No matching domain
The number of times the DNS queries received did not match the
hostname, domain name, or the network domain configured.
The domain in the last DNS query received that did not match the
hostname, domain name, or the network domain configured.
Last source IP
179
8, 2013 (DST)
Note: Octets are provided per server, not per service, unless configured as described in Per Service
Octet Counters, page 181.
Real server SLB statistics are described in the following table:
Statistic
Description
The date and time when the real server was up.
Current sessions
Total sessions
180
Statistic
Description
Highest sessions
The highest number of sessions ever recorded for the particular real
server.
Octets
Current and total sessions for each real server in the real server group.
Current and total sessions for all real servers associated with the real server group.
The highest number of simultaneous sessions recorded for each real server.
Real server transmit/receive octets. For more information on per-service octet counters, see
Per Service Octet Counters, page 181.
181
Current and total sessions for each real server associated with the virtual server.
Current and total sessions for all real servers associated with the virtual server.
The highest number of simultaneous sessions recorded for each real server.
Real server transmit/receive octets. For more information on per-service octet counters, see
Per Service Octet Counters, page 181.
Note: The virtual server IP address is shown on the last line, below the real server IP addresses.
1
Highest
Sessions
Octets
-------- ---------------------4
31543304
7
34320779
-------- ---------------------11
65864283
When cookie sessions are detected (inserted, rewrite, or passive cookie persistency), additional
statistics are added. For example, with passive cookie persistency:
Notes
Cookie Hits is the number of times an existing cookie was hit in the session table.
Cookie Misses is the number of times a new session did not hit any existing cookie in the session
table.
Alteon can filter virtual server statistics by service. In addition, when a specific HTTP or HTTPS
service is selected with defined content rules, Alteon can filter by rule ID.
For HTTP and HTTPS services, redirect, discard or goto actions are also available. For each action
type there is a unique output.
For example, when an HTTP service is set to redirect traffic to virtual server group 3, the following
output displays:
182
130.1.1.2
26 6001:0:0:0:0:0:0:10
11
17457
11
8459
Note: When Alteon functions as a gateway between an IPv4 and an IPv6 network, the current
sessions counter may remain low. This is because Alteon closes current sessions as soon as it
receives a FIN packet from the server.
183
Real 1: 1.1.1.1, UP
Up time: 3 days 1 hours 44 minutes and 22 seconds (80%)
Down time: 2 hours 55 minutes and 33 seconds (18%)
Overflow time: 55 minutes and 33 seconds (2%)
State change: Failure 0, Overflow: 0, blocked 0
Last failure: 11:12:59 Sun Jan 2, 2013
Last overflow:
Instance Health check: myHTTPS, Runtime check https, port 443 UP
Up time: 3 days 1 hours 44 minutes and 22 seconds (93%)
Down time: 55 minutes and 33 seconds (7%)
Overflow time: (0%)
Response time: Average 1 msec, Peak: 3 msec, Last valid: 0 msec,
State change: Failure 2, Overflow: 0
Last valid response: 13:12:59 Sun Jan 2, 2013
Last failure: 11:12:59 Sun Jan 2, 2013
Last overflow:
Instance Health check: WEB-srv, Runtime check http, port 88 FAILED
Up time: 2 days 1 hours 44 minutes and 22 seconds (73%)
Down time: 1 hours 55 minutes and 33 seconds (27%)
Overflow time: (0%)
Response time: Average 1 msec, Peak: 3 msec, Last valid: 0 msec,
State change: Failure 5, Overflow: 0
Last valid response: 13:12:59 Sun Jan 2, 2013
Last failure: 11:12:59 Sun Jan 2, 2013
Last overflow:
Filter 1 stats:
Total firings:
1011
/stats/slb/layer7
184
maint
Displays Layer 7 maintenance statistics. For sample output, and a description of
these statistics, see /stats/slb/layer7/maint Layer 7 SLB Maintenance Statistics,
page 186.
/stats/slb/layer7/redir
0
0
0
0
0
0
0
0
0
Statistic
Description
185
/stats/slb/layer7/str
Hits
1527115
0
0
0
0
0
0
Statistic
Description
ID SLB String
Hits
The number of instances that are load balanced due to matching the
particular URL ID.
/stats/slb/layer7/maint
186
10082
0
1
1
0
1
0
0
Statistic
Description
Connection Splicing to
support HTTP/1.1
Switch retries
Out of order packets received The number of TCP out of order packets received.
Current SP memory units
187
Statistic
Description
/stats/slb/accel
compress
Displays compression statistics. To view menu this menu, see /stats/slb/accel/
compress Compression Statistics Menu, page 194.
dump
Dumps all acceleration statistics.
/stats/slb/accel/fastview
Menu]
fastview summary stats
fastview per virtual server stats
fastview caching rule-list stats
fastview caching rule-list per rule stats
fastview optimization rule-list stats
fastview optimization rule stats
all fastview statistics
188
cachlist
Displays statistics for the enabled caching rule lists.
For sample output, and a description of these statistics, see /stats/slb/accel/
fastview/cachlist FastView Caching Rule-List Statistics, page 193.
cachrule
Displays statistics for the enabled caching rules.
For sample output, and a description of these statistics, see /stats/slb/accel/
fastview/cachrule FastView Caching Rule Statistics, page 193.
optlist
This parameter is not supported.
optrule
This parameter is not supported.
dump
Dumps all caching statistics besides the object list.
189
/stats/slb/accel/fastview/summary
Statistic
Description
Serving Rate
190
Statistic
Description
Uncacheable resources
optimization rate
191
/stats/slb/accel/fastview/virt<server number>
Statistic
Description
Serving Rate
192
Statistic
Description
Uncacheable resources
optimization rate
/stats/slb/accel/fastview/cachlist
Statistic
Description
Rule-List ID
Cached Objects
Cached Bytes
/stats/slb/accel/fastview/cachrule
193
Statistic
Description
Rule number
Rule Name
Cached Objects
Cached Bytes
/stats/slb/accel/fastview/optlist
/stats/slb/accel/fastview/optrule
/stats/slb/accel/compress
virt
Displays compression for the selected virtual server, only if enabled.
Only HTTP and HTTPS services with enabled an associated compression policy
display in the statistics output.
For sample output, and a description of these statistics, see /stats/slb/accel/
compress/virt<server number> Compression Statistics per Virtual Service,
page 196.
urllist
Displays compression URL rule list statistics. For sample output, and a description
of these statistics, see /stats/slb/accel/compress/urllist Compression Rule-List
Statistics, page 196
urlrule
Displays compression URL rule per rule-list statistics. For sample output, and a
description of these statistics, see /stats/slb/accel/compress/urlrule Compression
Rule Statistics, page 197.
194
brwsrule
Displays compression browser rule per rule list statistics. For sample output, and
a description of these statistics, see /stats/slb/accel/compress/brwsrule
Compression Browser Rule Statistics, page 198.
dump
Dumps all compression statistics.
/stats/slb/accel/compress/summary
0
0
0
0
0
0
Statistic
Description
Uncompressed Throughput
(KB)
195
/stats/slb/accel/compress/virt<server number>
0
0
0
0
0
0
Compression statistics per virtual service are described in the following table:
Statistic
Description
Uncompressed throughput
(KB)
Compressed Throughput (KB) Total throughput of compressible objects after compression per
virtual service.
Throughput Compression
ratio
/stats/slb/accel/compress/urllist
1
2
10
My-rule-list
rule-list1
196
Matched Objects
Size Before
Size After
Compression Ratio
Compression(KB) Compression(KB)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Statistic
Description
Rule-List ID
Matched Objects
Compression Ratio
/stats/slb/accel/compress/urlrule
Rule Name
Matched Objects
1
4
10
30
1100
Exception-1-rule
Rule30
My-rule
0
0
0
0
0
Size Before
Size After
Compression(KB) Compression(KB)
0
0
0
0
0
0
0
0
0
0
Ratio
0
0
0
0
0
Statistic
Description
Rule Number
The number of the rule for which the statistics display. The rule
number determines the priority of the rule in the rule list. Rules are
scanned for a match from highest priority (1) to lowest.
Rule Name
Matched Objects
Compression Ratio
197
/stats/slb/accel/compress/brwslist
Matched Objects
Size Before
Size After
Compression Ratio
Compression(KB) Compression(KB)
1
2
10
My-rule-list
rule-list1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Compression browser rule list statistics are described in the following table:
Statistic
Description
Rule-List ID
Matched Objects
Compression Ratio
/stats/slb/accel/compress/brwsrule
Rule Name
Matched Objects
1
4
10
30
1100
Exception-1-rule
Rule30
My-rule
Size Before
Size After Compression
Compression(KB) Compression(KB)
Ratio
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Statistic
Description
Rule Number
The number of the rule for which the statistics display. The rule
number determines the priority of the rule in the rule list. Rules are
scanned for a match from highest priority (1) to lowest.
Rule Name
198
Statistic
Description
Matched Objects
Compression Ratio
/stats/slb/http
virt
Displays HTTP statistics for the selected virtual server, only if enabled.
Only HTTP and HTTPS services display in the statistics output.
For sample output, and a description of these statistics, see /stats/slb/http/
virt<server number> HTTP Statistics per Virtual Service, page 201.
tsummary
Displays HTTP transaction summary statistics.
For sample output, and a description of these statistics, see /stats/slb/http/
tsummary HTTP Transaction Summary Statistics, page 202.
tvirt
Displays HTTP traffic for the selected virtual server, only if enabled.
For sample output, and a description of these statistics, see /stats/slb/http/tvirt
HTTP Transaction Statistics per Virtual Service, page 202.
connmng
Displays the Connection Management Statistics menu. To view this menu, see /
stats/slb/http/connmng Connection Management Statistics Menu, page 203.
dump
Dumps all HTTP statistics.
199
/stats/slb/http/summary
Statistic
Description
HTTP clients using keep-alive Number of clients sending a "Connection: Keep-Alive" HTTP header
or using HTTP 1.1.
HTTP 1.0 Percentage
Number of responses smaller Number of responses for which the reported content size is smaller
than 1KB
than 1 KB.
Number of responses 1KB 10KB
200
/stats/slb/http/virt<server number>
Statistic
Description
HTTP clients using keep-alive Number of clients sending a "Connection: Keep-Alive" HTTP header
or using HTTP 1.1 per virtual service.
HTTP 1.0 vs. 1.1 ratio
Ratio of requests performed using HTTP 1.0 versus HTTP 1.1 during
the measuring period per virtual service.
Number of responses smaller Number of responses for which the reported content size is smaller
than 1KB
than 1KB per virtual service
Number of responses 1KB 10KB
201
/stats/slb/http/tsummary
0
0
0
0
0
Statistic
Description
Responses - Servers > Alteon Number of server responses to Alteon in the measuring period.
Responses - Alteon > Clients
/stats/slb/http/tvirt
0
0
0
0
0
HTTP transaction statistics per virtual service are described in the following table:
Statistic
Description
202
Statistic
Description
Responses - Servers > Alteon Number of server responses to Alteon in the measuring period per
virtual service.
Responses - Alteon > Clients
Responses - Servers > Alteon Number of server responses to Alteon in the measuring period per
virtual service.
Responses - Alteon > Clients
/stats/slb/http/connmng
virt
Displays connection management for the selected virtual server, only if enabled.
For sample output, and a description of these statistics, see /stats/slb/http/
connmng/virt<server number> Connection Management Statistics per Virtual
Service, page 204.
pooling
Displays the connection pooling statistics. For sample output, and a description of
these statistics, see /stats/slb/http/connmng/pooling Connection Pooling
Summary Statistics, page 205.
dump
Dumps all connection management statistics.
203
/stats/slb/http/connmng/summary
Statistic
Description
Number of server connections Number of concurrent back-end server connections in Alteon which
update instantly according to the session table.
Number of client requests
Connection multiplexing ratio 100 multiplied by the number of concurrent back-end server
connections, divided by the number of client requests passed to
Application Services Engine.
/stats/slb/http/connmng/virt<server number>
Statistic
Description
Number of server connections Number of concurrent back-end server connections per virtual
service in Alteon which update instantly according to the session
table.
Number of client requests
Connection multiplexing ratio 100 multiplied by the number of concurrent back-end server
connections, divided by the number of client requests passed to
Application Services Engine per virtual service.
204
/stats/slb/http/connmng/pooling
Statistic
Description
The number of times client connections were freed, if the TCP pool
is enabled.
/stats/slb/pip
Current
sessions
---------------
pport allocation
failure
---------------
Server load balancing proxy IP statistics are described in the following table:
Statistic
Description
Proxy IP address/subnet
Current sessions
205
/stats/slb/ssl
Menu]
Show SSL offloading summary stats
Show SSL offloading per virtual server stats
Show SSL ID persistency stats
Show Server Certificates usage statistics
Dump all SSL statistics
virt
Displays SSL offloading statistics for the selected virtual server, only if enabled.
Only SSL or HTTPS services display in the statistics output.
For sample output, and a description of these statistics, see /stats/slb/ssl/
virt<server number> SSL Offloading Statistics per Virtual Service, page 207.
sslid
Displays SSL ID persistency statistics.
For sample output, and a description of these statistics, see /stats/slb/ssl/sslid
SSL ID Persistency Statistics, page 208.
Note: SSL session ID persistence is not supported when SSL offloading is
enabled and other more advanced persistency features, such as cookie
persistency, are available.
srvrcert
dump
Dumps all SSL statistics.
/stats/slb/ssl/summary
206
0
0
0
0
0
0
0
0
Statistic
Description
SSLv2 percentage
SSLv3 percentage
TLS percentage
/stats/slb/ssl/virt<server number>
0
0
0
0
0
0
0
0
SSL offloading statistics per virtual service are described in the following table:
Table 118: SSL Offloading Statistics per Virtual Service (/stats/slb/ssl/virt<server number>)
Statistic
Description
SSLv2 percentage
207
Table 118: SSL Offloading Statistics per Virtual Service (/stats/slb/ssl/virt<server number>)
Statistic
Description
SSLv3 percentage
TLS percentage
/stats/slb/ssl/sslid
0
0
Current
Total Highest
Sessions
Sessions Sessions
------------------------- -------- ---------- -------Unique SessionIds
0
0
0
SSL connections
0
0
0
Persistent Port Sessions
0
0
0
SSL ID persistency statistics are described in the following table:
Statistic
Description
Unique SessionIds
SSL connections
AppShape++ Statistics
Script ID
Event
Activations
Failures
Aborts
-----------------------------------------------------------------------------error
HTTP_REQUEST
HTTP_RESPONSE
11
11
HTTP_REQUEST
resp
test
HTTP_REQUEST
timeout
HTTP_REQUEST
208
Statistic
Description
Script ID
Event
Activations
The number of times that the AppShape++ script or script event was
activated.
Failures
The number of times that the AppShape++ script failed, and the
failure distribution between the script events (how many of the
failures occurred during treatment of each event).
Aborts
The number of times that the AppShape++ script was aborted, and
the abort distribution between the script events (how many of the
aborts occurred during treatment of each event).
/stats/slb/ftp
/stats/slb/ftp/active
Table 121: FTP SLB Parsing and Filter Statistics Menu Options (/stats/slb/ftp)
parsing
Displays the parsing statistics. For sample output, and a description of these
statistics, see /stats/slb/ftp/parsing Passive FTP SLB Parsing Statistics, page 210.
maint
Displays the maintenance statistics. For sample output, and a description of these
statistics, see /stats/slb/ftp/maint FTP SLB Maintenance Statistics, page 210.
dump
Displays all FTP SLB/NAT statistics. For sample output, and a description of these
statistics, see /stats/slb/ftp/dump FTP SLB Statistics Dump, page 211.
0
0
0
209
Table 122: Active FTP Slb Parsing and Filter Statistics (/stats/slb/ftp/active)
Statistic
Description
The number of times Alteon receives the port command from the
client.
Total FTP
The number of times Alteon receives both active and passive FTP
connections.
Total New Active FTP Index The number of times Alteon creates a new index due to the port
command from the client.
Active FTP NAT ACK/SEQ
diff
The difference in the numbers of ACK and SEQ that Alteon needs for
packet adjustment.
/stats/slb/ftp/parsing
0
0
0
Passive FTP SLB parsing statistics are described in the following table:
Statistic
Description
Total FTP
The number of times Alteon receives both active and passive FTP
connections.
The difference in the numbers of ACK and SEQ that Alteon needs FTP
SLB parsing.
/stats/slb/ftp/maint
Statistic
Description
The number of times Alteon is not able to switch modes from active to
passive, and vice versa.
210
/stats/slb/ftp/dump
0
0
0
0
0
0
0
Statistic
Description
Total FTP
The number of new data sessions created for FTP NAT filter in active
mode.
FTP SLB parsing ACK/SEQ diff The difference in the number of ACKs and SEQs that Alteon needs
for FTP SLB parsing.
FTP mode switch error
The number of times Alteon could not switch mode from active to
passive, and vice versa.
/stats/slb/rtsp
Control
Connection
0
0
0
0
---------0
UDP
Streams
Redirect
0
0
0
0
---------0
0
0
0
0
---------0
Connection
Denied
0
0
0
0
---------0
Buffer
Allocs
0
0
0
0
-------0
Alloc
Failures
0
0
0
0
-------0
Statistic
Description
ControlConnection
UDP Streams
211
Statistic
Description
Redirect
ConnectionDenied
BufferAllocs
AllocFailures
/stats/slb/dns
number
number
number
number
number
number
number
of
of
of
of
of
of
of
0
0
0
0
0
0
0
Statistic
Description
The number of DNS queries that contain more than one domain name
to be resolved. Currently, only one domain name resolution per
request is supported.
The number of DNS queries that have short or invalid domain names
to be resolved.
The number of times the user failed to find a real server that has the
same Layer 7 strings that match the domain name to be resolved.
The number of out of memory and other unexpected errors the user
receives while processing the DNS query.
212
/stats/slb/wap
Statistic
Description
allocation failures
incorrect VIPs
incorrect Vports
A dropped frames counter that indicates that the virtual server has
received frames for TCP/UDP services that have not been
configured. Normally this indicates a mis-configuration on the
virtual server or the client.
A dropped frames counter that indicates that all real servers are
either out of service or at their maxcon limit.
requests to wrong SP
The number of session add or delete requests sent to the wrong SP.
213
Statistic
Description
The number of add or delete request failures due to a nonfunctional target SP.
/stats/slb/maint
214
13999909
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
665600
0
0
0
0
0
0
0
0
0
0
0
Statisti
Description
Maximum sessions
Current Sessions
The number of session bindings currently in use (the last four and 64
seconds).
Terminated Sessions
The number of sessions removed from the session table because the
server assigned to them failed, and graceful server failure was not
enabled.
Allocation Failures
The number of instances when Alteon ran out of available sessions for
a port.
TCP Fragments
UDP Datagrams
The number of times that the virtual server IP address and MAC are
receiving UDP frames when UDP balancing is not turned on.
Incorrect VIPs
Incorrect Vports
A dropped frames counter that indicates that the virtual server has
received frames for TCP/UDP services that have not been configured.
Normally this indicates a mis-configuration on the virtual server or the
client, but it may indicate a potential security probing application, like
SATAN.
A dropped frames counter that indicates that all real servers are either
out of service or at their maxcon limit.
The number of times a real server failure has occurred and caused a
backup server to be brought online.
Overflow Server
Activations
The number of times a real server has reached the maxcon limit and
caused an overflow server to be brought online.
LAND attacks
This counter increases whenever a packet has the same source and
destination IP addresses and ports.
The number of packets that were dropped because the packet had no
control bits set in the TCP header.
The number of packets that were dropped because the packet had an
invalid reset flag set.
cookies regenerated
The number of times cookies were regenerated on the MP. Regeneration is required when the cookies reach the minimum cookie
threshold available for a given real server on a given SP.
215
Statisti
Description
Current IPF buffer sessions The current number of IP fragment buffer sessions.
Highest IPF buffer sessions The number of highest IP fragment buffer sessions.
IPF buffer alloc fails
Fragment Overlaps
Duplicate fragments
/stats/slb/sip
216
of
of
of
of
of
of
SIP
SIP
SIP
SIP
SIP
SIP
:
:
:
:
:
:
0
0
0
0
0
0
Statistic
Description
Total number of SIP Unknown The number of packets received with methods not known to the SIP
Method packets
parser on Alteon.
Total number of SIP
Incomplete Messages
The number of packets received which do not have the complete SIP
message in a single packet.
The number of packets received that have SIP SDP NAT information.
/stats/slb/siprule
:
:
:
:
:
:
:
:
:
:
0
0
0
0
0
0
0
0
0
0
Statistic
Description
The number of packets for the bypassed SIP UDP rule processing. The
following are the possible reasons for this:
Memory is unavailable
No match
217
Statistic
Description
Total number of times max THe number of instances when a packet matches
rules exceeded
MAX_RULES_PER_SESSION. SIP rule processing stops if there are
more than five matches.
Current sip memory
allocations
1
1
0
0
0
0
47
0
0
0
0
0
0
0
218
/stats/slb/mirror
Rx
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Tx
0
0
0
0
0
0
/stats/bwm
219
hist
Displays Bandwidth Management history statistics. For sample output, and a description
of these statistics, see /stats/bwm/hist BWM History Statistics, page 224.
maint
Displays Bandwidth Management maintenance statistics. For sample output, and a
description of these statistics, see /stats/bwm/maint BWM Maintenance Statistics,
page 225.
ipusers
Displays Bandwidth Management IP user statistics for iplimit contracts. Each IP address
is limited to the user limit configured in /cfg/bwm/cont <contract number> Bandwidth
Management Contract Configuration, page 309, and as shown in /stats/bwm/cont
<contract number> BWM Contract Statistics, page 222.
For sample output, and a description of these statistics, see /stats/bwm/ipusers BWM IP
Users Statistics, page 226.
dump
Displays all Bandwidth Management statistics.
clear
Clears all Bandwidth Management statistics.
220
BW Contract statistics
Cont
---5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
Rate
Buf
Name
(Kbps)
Octets
Discards TotalPkts Used BufMax
-------------------- -------- ---------- ---------- --------- ------ ----0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Reserved
0
0
0
0
0 16320
Default
0
0
0
0
0 16320
221
Statistic
Description
Contract
Name
Octets
The number of octets that are being transmitted through a particular contract
since Alteon was booted.
Discards
The number of octets that are being discarded because of more traffic than the
bandwidth contract limit permits.
Total Pkts
BufUsed
The current amount of buffer space used to store the packets that is waiting to be
transmitted.
BufMax
Maximum buffer space used to store the packets before they can be transmitted.
Alteon starts dropping the packets of a particular contract after the maximum
buffer space allocated for that contract is being occupied.
/stats/bwm/rcont
222
BW Contract statistics
Cont
---5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
5
1022
1023
1024
Rate
Buf
Name
(Kbps)
Octets
Discards TotalPkts Used BufMax
-------------------- -------- ---------- ---------- --------- ------ ----0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Reserved
0
0
0
0
0 261120
Default
0
48295260
0
309585
0 261120
Bandwidth Management contract rate statistics are described in the following table:
Statistic
Description
Contract
Name
Rate at which the packets are going out of Alteon on a particular contract.
Octets
The number of octets that are being transmitted through a particular contract
since Alteon was booted.
Discards
The number of octets that are being discarded because of more traffic than the
bandwidth contract limits.
BufUsed
The current amount of buffer space used to store the packets that is waiting to be
transmitted.
BufMax
Maximum buffer space used to store the packets before they can be transmitted.
Alteon starts dropping the packets of a particular contract after the maximum
buffer space allocated for that contract is being occupied.
223
/stats/bwm/hist
BW History statistics
Switch IP!Cont
alPkts
TimeStamp
Name
Octets
Discards
YyyyMmDd:Hr:Mi/GMT
--------------- ---- -------------------------------- ---------- --------------- --------------------192.168.214.33
5
0
0
0 20110223:10:11/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:11/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:11/ +0:00
192.168.214.33 1024
Default
936
0
6 20110223:10:11/ +0:00
192.168.214.33
5
0
0
0 20110223:10:12/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:12/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:12/ +0:00
192.168.214.33 1024
Default
1872
0
12 20110223:10:12/ +0:00
192.168.214.33
5
0
0
0 20110223:10:13/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:13/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:13/ +0:00
192.168.214.33 1024
Default
2808
0
18 20110223:10:13/ +0:00
192.168.214.33
5
0
0
0 20110223:10:14/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:14/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:14/ +0:00
192.168.214.33 1024
Default
3744
0
24 20110223:10:14/ +0:00
192.168.214.33
5
0
0
0 20110223:10:15/ +0:00
192.168.214.33 1022
Reserved
0
0
0 20110223:10:15/ +0:00
192.168.214.33 1023
Reserved
0
0
0 20110223:10:15/ +0:00
224
Statistic
Description
Contract
Octets
Discards
The number of octets discarded because of more traffic than the bandwidth
contract limit permits.
TimeStamp
/stats/bwm/maint
225
/stats/bwm/ipusers
/stats/security
Security Statistics
This sub-menu appears only in the vADC Administrator environment in ADC-VX mode.
ipacl
Displays the IP Address Access Control List Statistics menu. To view this menu, see /
stats/security/ipacl IP Access Control List Statistics Menu, page 229.
udpblast
Displays the UDP Blast Statistics menu. To view this menu, see /stats/security/
udpblast UDP Blast Statistics Menu, page 230.
pgroup
Displays the pattern match group statistics. For sample output, and a description of
these statistics, see /stats/security/pgroup UDP Pattern Match Statistics, page 231.
ratelim
Displays the rate limiting statistics. For sample output, and a description of these
statistics, see /stats/security/ratelim Rate Limiting Statistics, page 231.
dump
Displays all security statistics.
226
/stats/security/dos
dump
Displays the number of times the packets were dropped on Alteon, for each of the DOS
attacks as listed in the port command.
clear
Deletes all DOS attack statistics.
help
Displays a description of each type of DOS attack by name and how it works. For sample
output, see Figure 12 - vADC Administrator or Standalone Statistics Menu, page 228.
227
/stats/security/dos/help
DoS Help
/security/dos/help
iplen
: IPv4 packets with bad IP header or payload length.
ipversion
: IPv4 packets with IP version not 4.
broadcast
: IPv4 packets with broadcast source or destination IP
[0.0.0.0,255.255.255.255].
loopback
: IPv4 packets with loopback source or destination IP [127.0.0.0/
8].
land
: IPv4 packets with same source and destination IP.
ipreserved : IPv4 packets with IP reserved bit is set.
ipttl
: IPv4 packets with small IP TTL.
ipprot
: IPv4 packets with IP protocol greater than highest allowable IP pr
otocol.
ipoptlen
: IPv4 packets with bad IP options length.
fragmoredont: IPv4 packets with more fragments and don't fragment bits are set.
fragdata
: IPv4 packets with more fragments bit is set and small payload.
fragboundary: IPv4 packets with more fragments bit is set and payload not at 8byte boundary.
fraglast
: IPv4 packets last fragment without payload.
fragdontoff : IPv4 packets with non-zero fragment offset and don't fragment
bits are set.
fragopt
: IPv4 packets with non-zero fragment offset and IP options.
fragoff
: IPv4 packets with small non-zero fragment offset.
fragoversize: IPv4 packets with non-zero fragment offset and oversize payload.
tcplen
: TCP packets with bad TCP header length.
tcpportzero : TCP packets with source or destination port is zero.
blat
: TCP packets with SIP!=DIP and SPORT=DPORT.
tcpreserved : TCP packets with TCP reserved bit is set.
nullscan
: TCP packets with all control bits are zero.
fullxmasscan: TCP packets with all control bits are set.
finscan
: TCP packets with only FIN bit is set.
vecnascan : TCP packets with only URG or PUSH or URG|FIN or
PSH|FIN or URG|PSH bits are set.
xmasscan
: TCP packets with FIN, URG and PSH bits are set.
synfinscan : TCP packets with SYN and FIN bits are set.
flagabnormal: TCP packets with abnormal control bits combination.
syndata
: TCP packets with SYN bit is set and with payload.
synfrag
: TCP packets with SYN bit is set and more fragments bit is set.
ftpport
: TCP packets with SPORT=20, DPORT<1024 and SYN bit is set.
dnsport
: TCP packets with SPORT=53, DPORT<1024 and SYN bit is set.
seqzero
: TCP packets with sequence number is zero.
ackzero
: TCP packets with acknowledgement number is zero and ACK bit is
set.
228
(continued)
tcpoptlen
: TCP packets with bad TCP options length.
udplen
: UDP packets with bad UDP header length.
udpportzero : UDP packets with source or destination port is zero.
fraggle
: UDP packets to broadcast destination IP (x.x.x.255).
pepsi
: UDP packets with SPORT=19, DPORT=7 or SPORT=7, DPORT=19.
rc8
: UDP packets with SPORT=7 and DPORT=7.
snmpnull
: UDP packets with DPORT=161 and without payload.
icmplen
: ICMP packets with bad ICMP header length.
smurf
: ICMP ping requests to a broadcast destination IP (x.x.x.255).
icmpdata
: ICMP packets with zero fragment offset and large payload.
icmpoff
: ICMP packets with large fragment offset.
icmptype
: ICMP packets with type is unassigned or reserved.
igmplen
: IGMP packets with bad IGMP header length.
igmpfrag
: IGMP packets with more fragments bit is set or non-zero fragment
offset.
igmptype
: IGMP packets with type is unassigned or reserved.
arplen
: ARP request or reply packets with bad length.
arpnbcast
: ARP request packets with non broadcast destination MAC.
arpnucast
: ARP reply packets with non unicast destination MAC.
arpspoof : ARP request or reply packets with mismatch source with sender MACs
or destination with target MACs.
garp
: ARP request or reply packets with same source and destination IP.
ip6len
: IPv6 packets with bad header length.
ip6version : IPv6 packets with IP version not 6.
/stats/security/ipacl
clear
Deletes all the statistics of accumulated blocked packets.
229
/stats/security/ipacl/dump
/stats/security/udpblast
clear
Deletes all the accumulated blocked packets.
/stats/security/udpblast/dump
Statistic
Description
UDP Port
Blocked Packets
Current Packet Rate/ The current rate of packet to the UDP port.
Second
230
/stats/security/pgroup
Hits
0
/stats/security/ratelim
0
0
UDP:
Total hold downs triggered:
Current per-client state entries:
0
0
ICMP:
Total hold downs triggered:
Current per-client state entries:
0
0
Statistic
Description
The total number of packets dropped after the holddown period expired.
Current per-client state The total number of per-client state entries for TCP/UDP/ICMP rate
entries
limiting.
231
/stats/security/dump
0
0
UDP:
Total hold downs triggered:
Current per-client state entries:
0
0
ICMP:
Total hold downs triggered:
Current per-client state entries:
0
0
/stats/mp
232
tcb
Displays all TCP control blocks that are in use. For sample output, and a description of
these statistics, see, /stats/mp/tcb TCP Statistics, page 234.
ucb
Displays all UDP control blocks that are in use. For sample output, and a description of
these statistics, see, /stats/mp/ucb UCB Statistics, page 235.
sfd
Displays all socket file descriptors that are in use. For sample output, and a description
of these statistics, see, /stats/mp/sfd MP-SpecificSFD Statistics, page 235.
cpu
Displays CPU utilization for periods of up to 1, 4, and 64 seconds. For sample output,
and a description of these statistics, see, /stats/mp/cpu CPU Statistics, page 236.
mem
Displays memory statistics.
/stats/mp/pkt
MP Packet Statistics
Packet counts:
allocs:
mediums:
smalls:
alloc fails:
TCP counts:
allocs:
current:
alloc fails:
TCP6 counts:
allocs:
2674683
0
0
0
frees:
mediums hi-watermark:
smalls hi-watermark:
packet discards:
2674683
2
3
0
21191
0
0
frees:
current hi-watermark:
alloc discards:
21191
1
0
frees:
Statistic
Description
Packet counts
allocs
Number of packet allocations from the packet buffer pool by the TCP/IP
protocol stack.
frees
Number of times the packet buffers are freed (released) to the packet
buffer pool by the TCP/IP protocol stack.
mediums
Number of packet allocations with a size between 128 to 1536 bytes from
the packet buffer pool by the TCP/IP protocol stack.
233
Statistic
Description
jumbos
smalls
Number of packet allocations with a size less than 128 bytes from the
packet buffer pool by the TCP/IP protocol stack.
alloc fails
Number of packet allocation failures from the packet buffer pool by the
TCP/IP protocol stack.
frees
Number of packets freed from the packet buffer pool by the TCP/IP
protocol stack.
mediums hi-watermark
The highest number of packet allocations with a size between 128 to 1536
bytes from the packet buffer pool by the TCP/IP protocol stack.
jumbos hi-watermark
The highest number of packet allocations with a size between 1536 bytes
to 9K bytes from the packet buffer pool by the TCP/IP protocol stack.
smalls hi-watermark
The highest number of packet allocations with a size less than 128 bytes
from the packet buffer pool by the TCP/IP protocol stack.
packet discards
The number of packets that are discarded by the MP. The packets are
discarded because buffer resources are not available, or the buffer
threshold is reached and the low priority packets are discarded.
TCP counts
allocs
current
alloc fails
The number of TCP packet allocation failures from MP memory by the TCP/
IP protocol stack.
frees
The number of times the TCP packet buffers are freed (released) to MP
memory by the TCP/IP protocol stack.
current hi-watermark
The highest number of TCP packet allocation from MP memory by the TCP/
IP protocol stack.
alloc discards
The number of TCP packets that are discarded by the MP. The packets are
discarded because MP memory resources are not available.
/stats/mp/tcb
TCP Statistics
All TCP allocated control blocks:
13f8dbb0: 0.0.0.0
0 <=> 10.203.114.152
13f8da80: 0.0.0.0
0 <=> 0.0.0.0
13f8c6b0: 10.205.102.173
3227 <=> 10.203.114.152
0a4ea4c0: 10.203.114.152
0 <=> 0.0.0.0
13f8cbc0: 0.0.0.0
0 <=> 0.0.0.0
234
443
443
23
23
23
listen
listen
established
listen
listen
Column
Description
Memory
In the sample display: 13f8dbb0, 13f8da80, and so on
Destination IP address
In the sample display: 0.0.0.0, 0.0.0.0, 10.205.102.173, and so on
Destination port
In the sample display: 0, 0, 3227, and so on
Source IP
In the sample display: 10.203.114.152, and so on
Source port
In the sample display: 443, 443, 23, and so on
State
In the sample display: listen, listen, established, and so on
/stats/mp/ucb
UCB Statistics
All UDP allocated control blocks:
161: listen
1985: listen
3122: listen
The UCB statistics in the sample display are described in the following table:
Column
Description
State
In the sample display: listen, listen, listen
/stats/mp/sfd
MP-SpecificSFD Statistics
All Socket FD allocated:
0 -1 17 0a4ea4c0: 0.0.0.0
server
1 -1 35 00000000: 10.203.1.1
client
2 -1 22 13f8dbb0: 0.0.0.0
server
3 0 36 13f8c6b0: 10.205.102.173
server
0 <=> 10.203.114.152
23
0 <=> 10.203.114.152
accept
ICMP
0 <=> 10.203.114.152
443
listen
TCP
23
accept
TCP
listen
TCP
235
/stats/mp/cpu
CPU Statistics
CPU utilization:
cpuUtil1Second:
cpuUtil4Seconds:
cpuUtil64Seconds:
100%
100%
100%
Statistic
Description
cpuUtil1Second
The percentage of CPU utilization as measured over the last onesecond interval.
cpuUtil4Seconds
The percentage of CPU utilization as measured over the last foursecond interval.
cpuUtil64Seconds
The percentage of CPU utilization as measured over the last 64second interval.
SP-specific Statistics
[SP-specific Statistics Menu]
maint
- Show maintenance stats
clear
- Clear maintenance stats
cpu
- Show CPU utilization
mem
- Show memory stats
clear
Deletes all the maintenance statistics.
cpu
Displays what percentage of the CPU has been utilized. For sample output, and a
description of these statistics, see, /stats/mp/cpu CPU Statistics, page 236.
mem
Displays the memory utilization statistics: the current memory size, the high water
mark and the allowed maximum.
236
0
0
0
0
0
0
0
0
0
0
237
/stats/sp/cpu
CPU Statistics
CPU utilization for SP 1:
cpuUtil1Second:
cpuUtil4Seconds:
cpuUtil64Seconds:
6%
6%
6%
The CPU utilization statistics on the SP are described in the following table:
Statistic
Description
cpuUtil1Second
cpuUtil4Seconds
cpuUtil64Seconds
/stats/pmirr
clear
Deletes all the port mirroring statistics.
Caution: Use this command carefully as it deletes all statistics permanently.
/stats/dump
Dump Statistics
Use the dump command to dump all Alteon statistics available from the Statistics menu. It can be as
large 40K or more, depending on your configuration. Use this data to tune or debug performance.
If you want to capture dump data to a file, set your communication software on your workstation to
capture session data prior to issuing the dump commands.
238
/cfg
Configuration Menu
The following is an example of the Configuration menu and an explanation of the Configuration
menu options.
Menu]
- System-wide Parameter Menu
- Port Menu
- vADC Management Menu
- Dashboard Menu
- Layer 2 Menu
- Dump current configuration to script file
- Backup current configuration to FTP/TFTP server
- Restore current configuration from FTP/TFTP server
239
vadc
Displays the vADC menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/vadc vADC Configuration
Menu, page 290.
dashboard
Displays the Dashboard menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/dashboard Dashboard Menu,
page 305.
pmirr
Displays the Port Mirroring menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/sys System Configuration,
page 243.
bwm
Displays the Bandwidth Management menu. This menu only appears on the Global vADC
menu in ADC-VX mode. To view this menu, see /cfg/bwm Bandwidth Management
Configuration, page 307.
l2
Displays the Layer 2 menu. To view this menu, see /cfg/l2 Layer 2 Configuration Menu,
page 315.
l3
Displays the Layer 3 menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/l3 Layer 3 Configuration
Menu, page 331.
slb
Displays the Server Load Balancing menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see The SLB
Configuration Menu, page 395.
security
Displays the Security menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/security Security
Configuration Menu, page 384.
dump
Dumps the current configuration to a script file. For details, see /cfg/dump Dump,
page 390.
240
Note: The diff command is a global command, which means you can enter it at any prompt in the
CLI hierarchy.
Notes
The apply command is a global command, which means you can enter it at any prompt in the
CLI hierarchy.
All configuration changes take effect immediately when applied, except for starting the Spanning
Tree Protocol (STP). To turn STP on or off, you must apply the changes, and save them (see
Saving the Configuration, page 242).
241
Note: If you do not save the changes, they will be lost the next time the system reboots
>> # save
When you save configuration changes, the changes are saved to the active configuration block. The
configuration being replaced by the save is first copied to the backup configuration block. If you do
not want the previous configuration block copied to the backup configuration block, enter the
following command:
>> # save n
You can decide which configuration you want to run the next time you reset Alteon. Your options
include:
You can view all pending configuration changes that have been applied but not saved to flash
memory using the diff flash command. It is a global command that can be executed from any
prompt in the CLI hierarchy.
To select the configuration to run at the next system reset, see /boot/conf Selecting a Configuration
Block, page 624.
242
/cfg/sys
System Configuration
This menu includes parameters such as user and administrator privilege mode passwords, Webbased management settings, and management of the access list.
Syslog Menu
Management Port Menu
Global admin configuration Sync Menu
RADIUS Authentication Menu
TACACS+ Authentication Menu
NTP Server Menu
System SNMP Menu
Enable/disable limit resources of vADCs to the max assigned CUs
System Health Check Menu
System Access Menu
Set system date
Set system time
Set system timezone (daylight savings)
Set timeout for idle CLI sessions
Set login notice
Set login banner
Set SMTP host
Enable/disable display hostname (sysName) in CLI prompt
Enable/disable use of BOOTP
Display current system-wide parameters
Syslog Menu
Management Port Menu
RADIUS Authentication Menu
TACACS+ Authentication Menu
System SNMP Menu
System Health Check Menu
System Access Menu
Alerts Threshold Menu
Central Management Reporting Menu
Set timeout for idle CLI sessions
Set login notice
Set login banner
Set SMTP host
Enable/disable display hostname (sysName) in CLI prompt
Enable/disable use of BOOTP
Display current system-wide parameters
243
mmgmt
Displays the Management Port menu. To view this menu, see /cfg/sys/mmgmt
Management Port Configuration Menu, page 247.
sync
Displays the Global Administrator Sync menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /cfg/sys/sync Global
Administrator Sync Menu, page 252.
radius
Displays the RADIUS Server menu. To view this menu, see /cfg/sys/radius RADIUS
Server Configuration, page 254.
tacacs
Displays TACACS+ Server menu. To view this menu, see /cfg/sys/tacacs TACACS+
Server Configuration Menu, page 255.
ntp
Displays the Network Time Protocol (NTP) Server menu. This menu only appears in the
Global Administrator environment in ADC-VX mode. To view this menu, see /cfg/sys/ntp
NTP Server Configuration, page 257.
ssnmp
Displays the System SNMP menu. To view this menu, see /cfg/sys/ssnmp System SNMP
Configuration Menu, page 258.
limitcu
Enables or disables limiting resources of vADCs to the maximum number of assigned
CUs. This option only appears in the Global Administrator environment in ADC-VX mode.
health
Displays System Health Check menu. To view this menu, see /cfg/sys/health System
Health Check Configuration Menu, page 270.
access
Displays System Access menu. To view this menu, see /cfg/sys/access System Access
Control Configuration, page 271.
alerts
Displays System Alerts menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /cfg/sys/alerts Configure the
System Alerts, page 284.
report
Displays the Reporting menu. To view this menu, see /cfg/sys/report Configuring Device
Performance Monitoring (DPM) Reporting Parameters, page 285.
date
Configures the system date. This command only appears in the Global Administrator
environment in ADC-VX mode.
244
timezone
Configures the system time zone. This command only appears in the Global
Administrator environment in ADC-VX mode. To view sample output, see /cfg/sys/
timezone Configure the Timezone, page 286.
'-' to end>
Displays the login notice immediately before the Enter password: prompt. This notice
can contain up to 1024 characters and new lines.
bannr
bootp disable|enable
Enables or disables the use of BOOTP. If you enable BOOTP, Alteon queries its BOOTP
server for all of the IP parameters.
Default: disable
cur
Displays the current system parameters.
245
/cfg/sys/syslog
[Syslog Menu]
sesslog
hst1
hst2
hst3
hst4
hst5
console
log
audit
email
cur
5 (Notice)The condition of the system is normal, but with significant conditions that
need attention.
console disable|enable
Enables or disables delivering syslog messages to the console. When necessary, disabling
the console ensures Alteon is not affected by syslog messages.
Default: enable
log <feature|all
enable|disable>
Displays a list of features for which syslog messages can be generated. You can enable or
disable specific features (such as VLANs, GSLB, filtering), or enable or disable the syslog
on all available features.
246
email
Enables or disables emailing syslog messages. When enabled, sets the minimum severity
of the events that Alteon reports by email, the sender email address, and recipient email
address.
Default: disabled
cur
Displays the current syslog settings.
/cfg/sys/syslog/sesslog
on
Enables session logging.
off
Disables session logging.
cur
Displays the current session logging settings.
/cfg/sys/mmgmt
247
Notes
The management port must be configured with a static IP address, subnet mask, broadcast
address, and default gateway, and must be enabled before it can be used. If this port is
disabled, the network ports have to perform all Alteon management, other than the
management using the console. If this port is enabled, the factory default settings for some of
the management features remain with the network ports. You can change the defaults by
configuring these features to permanently use the management port, or in some cases, by using
the operational commands to set these options on a one-time basis.
248
249
ena
Enables the management port.
dis
Disables the management port.
tacacs mgmt|data
Sets TACACS+ over the management or data ports. This command only appears in the
vADC Administrator environment in ADC-VX mode.
Default: data
250
wlm ["mgmt"|"data"]
Sets the default port for the workload manager. This command only appears in the vADC
Administrator environment in ADC-VX mode.
report ["mgmt"|"data"]
Sets the default port for the reporting server. This command only appears in the vADC
Administrator environment in ADC-VX mode.
bootp disable|enable
Enables or disables the use of BOOTP. If you enable BOOTP, Alteon queries its BOOTP
server for all of the IP parameters. This command only appears in the vADC
Administrator environment in ADC-VX mode.
Default: disable
cur
Displays the current configuration.
/cfg/sys/mmgmt/port
251
mode full|half|any
Sets half- or full-duplex mode.
Default: any
auto on|off
Sets auto-negotiation for the port.
Default: on
cur
Displays the current link configuration.
/cfg/sys/sync
Global Administrator Sync Menu
This menu only appears in the Global Administrator environment in ADC-VX mode. After a vADC is
created, its configuration must be synchronized with its neighboring (peer) vADCs in order for all
vADCs to coordinate. To do this, the Global Administrator must associate the peers with the vADC.
Note: For a VX administrator, this synchronization command is operated through the management
interface and cannot be operated from the data ports.
cur
Displays pending configuration changes for all peers.
252
/cfg/sys/sync/peer
ena
In order for the vADC to recognize the peer, you must enable it.
dis
If you disable the peer, it is not longer synchronized with the vADC.
range
Sets the associated range of vADCs to be synchronized. You can enter a combination of
single vADCs and ranges of vADCs. For example: 1, 3-5, 8.
Note: If you change the vADC range (for example, from 1, 3-5, 8 to 1, 3, 8), the
vADCs that you removed from the range remain active on the peer vADC, but the
primary vADC no longer synchronizes its configuration changes with the removed
vADCs. The Global Administrator can later choose to manually delete these vADCs
from the peer vADC.
del
Deletes the current peer.
cur
Displays pending configuration changes for all peers.
Example display:
253
/cfg/sys/radius
254
Default: disabled
on
Enables the RADIUS server.
off
Disables the RADIUS server.
cur
Displays the current RADIUS server parameters.
/cfg/sys/tacacs
You can also display the privilege level of users who are logged in by issuing the who command.
255
[TACACS+ Server
prisrv
secsrv
secret
secret2 port
retries timeout secbd
cmap
cauth
clog
clogname on
off
cur
-
Menu]
Set primary TACACS+ server address
Set secondary TACACS+ server address
Set primary TACACS+ server secret
Set secondary TACACS+ server secret
Set TACACS+ TCP port
Set TACACS+ server retries
Set TACACS+ server timeout (seconds)
Enable/disable TACACS+ secure backdoor for telnet/ssh/http
Enable/disable TACACS+ new privilege level mapping
Enable/disable TACACS+ command authorization
Enable/disable TACACS+ command logging
Display accounting log name
Turn TACACS+ authentication ON
Turn TACACS+ authentication OFF
Display current TACACS+ configuration
256
Default: disabled
cmap disable|enable
Enables or disables TACACS+ new privilege level mapping. When enabled, this increases
the privilege level from default 0-9 to 0-22.
cauth disable|enable
Enables or disables TACACS+ command authorization.
clog disable|enable
Enables or disables TACACS+ command logging. When enabled, Alteon sends command
log messages to the TACACS+ server when configured by user.
on
Enables the TACACS+ server
off
Disables the TACACS+ server
cur
Displays the current TACACS+ configuration parameters.
/cfg/sys/ntp
257
on
Enables the NTP synchronization service.
off
Disables the NTP synchronization service.
cur
Displays the current NTP service settings.
/cfg/sys/ssnmp
An SNMP agent is a software process on the managed device that listens on UDP port 161 for SNMP
messages. Each SNMP message sent to the agent contains a list of management objects to retrieve
or to modify. SNMP parameters that can be modified include:
System name
System location
System contact
258
Notes
If the traps are configured to be sent from an SNMP data port, the source address of the
received trap is the IP of the interface defined in the /cfg/sys/ssnmp/trsrc command.
If the traps are configured to be sent from an SNMP management port, the source address of
the received traps is the management interface IP.
259
auth disable|enable
Enables or disables the use of the system authentication trap facility.
Default: disable
linkt <port
disable|enable>
Enables or disables the sending of SNMP link up and link down traps.
Default: enable
cur
Displays the current STP port parameters.
260
/cfg/sys/ssnmp/snmpv3
Access control
For more details on the SNMPv3 architecture, refer to RFC 2271 and RFC 2276.
[SNMPv3 Menu]
usm
view
access
group
comm
taddr
tparam
notify
v1v2
cur
261
v1v2 disable|enable
Enables or disables the access to SNMP version 1 and version 2.
Default: enable
cur
Displays the current SNMPv3 configuration.
262
/cfg/sys/ssnmp/snmpv3/usm
auth md5|sha|none
Configures the authentication protocol.
Values: HMAC-MD5-96, HMAC-SHA-96, none
Default: none
authpw
If you selected an authentication algorithm using the auth command, you need to
provide a password. Otherwise, you will get an error message during validation. This
command lets you create or change your authentication password.
priv des|none
Configures the type of privacy protocol on your Alteon. The privacy protocol protects
messages from disclosure.
Values:
des (CBC-DES Symmetric Encryption Protocol)If you specify this privacy protocol,
ensure that you have selected one of the authentication protocols (MD5 or HMACSHA-96) with the auth command.
privpw
Creates or changes the privacy password.
del
Deletes the USM user entries.
cur
Displays the USM user entries.
263
/cfg/sys/ssnmp/snmpv3/view
type included|excluded
Indicates whether the corresponding instances of vacmViewTreeFamilySubtree and
vacmViewTreeFamilyMask define a family of view sub-trees, by either including or
excluding them from the MIB view.
del
Deletes the vacmViewTreeFamily group entry.
cur
Displays the current vacmViewTreeFamily configuration.
264
/cfg/sys/ssnmp/snmpv3/access
model usm|snmpv1|snmpv2
Selects the security model to be used.
level noAuthNoPriv|authNoPriv|authPriv
Defines the minimum level of security required to gain access rights.
Values:
authPrivThe SNMP message is sent to both with authentication and using a privacy
protocol.
match exact|prefix
Values:
exactAll the rows whose contextName exactly matches the prefix are selected.
prefixAll the rows where the starting octets of the contextName exactly match the
prefix are selected.
265
del
Deletes the View-based Access Control entry.
cur
Displays the View-based Access Control configuration.
/cfg/sys/ssnmp/snmpv3/group
del
Deletes the vacmSecurityToGroup entry.
cur
Displays the current vacmSecurityToGroup configuration.
266
/cfg/sys/ssnmp/snmpv3/comm
del
Deletes the community table entry.
cur
Displays the community table configuration.
267
/cfg/sys/ssnmp/snmpv3/taddr
del
Deletes the Target Address Table entry.
cur
Displays the current Target Address Table configuration.
268
/cfg/sys/ssnmp/snmpv3/tparam
mpmodel snmpv3|snmpv1|snmpv2c
Configures the message processing model that is used to generate SNMP messages.
model usm|snmpv1|snmpv2
Selects the security model to be used when generating the SNMP messages.
level noAuthNoPriv|authNoPriv|authPriv
Selects the level of security to be used when generating the SNMP messages using this
entry.
Values:
del
Deletes the targetParamsTable entry.
cur
Displays the current targetParamsTable configuration.
269
/cfg/sys/ssnmp/snmpv3/notify
del
Deletes the notify table entry.
cur
Displays the current notify table configuration.
/cfg/sys/health
270
off
Turns off the TCP health check services.
cur
Displays the current TCP health check services configuration.
/cfg/sys/access
271
port
Displays the Port Management Access menu. This menu only appears on standalone
systems. To view this menu, see /cfg/sys/access/port Port Management Access Menu,
page 274.
vlan
Displays the VLAN Management Access menu. To view this menu, see /cfg/sys/access/
user User Access Control Menu, page 275.
user
Displays the User Access Control menu. To view this menu, see /cfg/sys/access/user
User Access Control Menu, page 275.
https
Displays HTTPS Server Access menu. To view this menu, see /cfg/sys/access/https
HTTPS Access Configuration Menu, page 279.
sshd
Displays the SSH Server Access menu. To view this menu, see /cfg/sys/access/sshd SSH
Server Menu, page 281.
http disable|enable
Enables or disables HTTP (Web) access to the Browser-Based Interface (BBI).
Default: disable
snmp disable|read-only|read-write
Sets the SNMP user access level to either disabled, read-only, or read-write.
tnet
Enables or disables Telnet access to Alteon.
Default: disable
Note: This command is available only if you are connected to Alteon through the
console port.
272
cur
Displays the current configuration.
/cfg/sys/access/mgmt
273
cur
Displays the current configuration.
/cfg/sys/access/port
Note: This menu only appears on standalone systems, and not n ADC-VX mode.
[Port Management
add
aadd
rem
arem
cur
-
Access Menu]
Add port with management access
Add all ports with management access
Remove port from management access
Remove all ports from management access
Display current ports with management access
aadd
Adds all ports with management access.
rem <port_number>
Removes a port from management access.
274
cur
Displays the port numbers that currently have management access.
/cfg/sys/access/vlan
aadd
Adds management access to all VLANs.
rem
Removes management access from a specific VLAN.
arem
Removes management access from all VLANs.
cur
Displays the VLANs which currently have management access.
/cfg/sys/access/user
275
Note: Passwords can be a maximum of 15 characters. To disable a user account, set the user
password to empty.
usrpw
Sets the user (user) password. The user has no direct responsibility for Alteon
management. The user can view status information and statistics, but cannot make any
configuration changes.
svpw
Sets the SLB View user (slbview) password. The SLB Viewer can view Alteon
information, SLB statistics, and information, but cannot make any configuration
changes. This command only appears in the vADC Administrator environment in ADC-VX
mode.
sopw
Sets the SLB operator (slboper) password. The SLB operator manages Web servers and
other Internet services and their loads. The SLB operator can view all Alteon information
and statistics, and can enable or disable servers using the Server Load Balancing
Configuration menus.
Access includes user functions.
This command only appears in the vADC Administrator environment in ADC-VX mode.
l4opw
Sets the Layer 4 operator (l4oper) password. The Layer 4 operator manages traffic on
the lines leading to the shared Internet services. The Layer 4 operator can view all
Alteon information and statistics.
Access includes slboper functions.
This command only appears in the vADC Administrator environment in ADC-VX mode.
276
sapw
Sets the SLB administrator (slbadmin) password. The SLB administrator configures and
manages Web servers and other Internet services and their loads, and can view all
Alteon information and statistics, but can configure changes only on the Server Load
Balancing menus.
Note: The Filter menu options are not accessible to the SLB administrator.
Access includes l4oper functions.
This command only appears in the vADC Administrator environment in ADC-VX mode.
l4apw
Sets the Layer 4 administrator (l4admin) password. The Layer 4 administrator
configures and manages traffic on the lines leading to the shared Internet services, and
can view all Alteon information and statistics, and can configure parameters on the
Server Load Balancing menus, with the exception of not being able to configure filters.
Access includes slbadmin functions.
This command only appears in the vADC Administrator environment in ADC-VX mode.
admpw
Sets the administrator (admin) password. The superuser administrator has complete
access to all menus, information, and configuration commands, including the ability to
change both the user and administrator passwords.
Access includes oper and l4admin functions.
switch
Switches the RADIUS/TACACS authentication between the user and SLB viewer.
This command only appears in the vADC Administrator environment in ADC-VX mode.
cur
Displays the current user status.
277
/cfg/sys/access/user/uid
[User ID 1 Menu]
cos
- Set class of service
name
- Set user name
pswd
- Set user password
backdoor - Enable / disable backdoor access
crtmng
- Enable/disable certificate management permissions
add
- Add real server
rem
- Remove real server
ena
- Enable user ID
dis
- Disable user ID
del
- Delete user ID
cur
- Display current user configuration
User (user)
Operator (oper)
Administrator (admin)
For more information on these security levels, see Accessing Alteon, page 34.
278
backdoor [d | e]
Enables or disables user access even when RADIUS or TACACS+ authentication is not
available.
Note: This applies to RADIUS and TACACS+ authentication when they are enabled but
still not available)
crtmng
Enables or disables certificate repository management permissions. When enabled, the
user is granted full access to the certificate repository.
Note: This is not available to non-administration users.
ena
Enables the user ID.
dis
Disables the user ID.
del
Deletes the user ID.
cur
Displays the current user ID configuration.
/cfg/sys/access/https
279
cert
generate
key-imp
cert-imp
certdel
certsave
cur
cert
Associates the HTTPS server certificate from the certificate repository. This command
only appears in the Global Administrator environment in ADC-VX mode.
key-imp
Imports the HTTPS server certificate key.
cert-imp
Imports the HTTPS server certificate.
generate
Lets you generate a certificate to connect to the SSL to be used during the key
exchange. A default certificate is created when HTTPS is enabled for the first time. You
can create a new certificate defining the information that you want to be used in the
various fields. For example:
You are asked to confirm if you want to generate the certificate. It takes approximately
30 seconds to generate the certificate, and then Alteon restarts the SSL agent.
certdel
Deletes the HTTPS server certificate from a flash memory used when Alteon is rebooted.
certsave
Allows the client, or the Web browser, to accept the certificate and save the certificate to
flash memory to be used when Alteon is rebooted.
280
/cfg/sys/access/sshd
hkeygen
Generates the RSA host key.
skeygen
Generates the RSA server key.
281
sshv1
enable | disable
Enables or disables SSH version 1 support.
scpadm
Sets the SCP-only admin password.
scpadm
Sets the SCP-only admin password.
ena
Enables the SCP apply and save.
dis
Disables the SCP apply and save.
on
Sets the SSH server to on.
off
Sets the SSH server to off.
cur
Displays the current SSH server configuration.
skeygen
Generates an RSA server key.
scpadmin
Enables the usage of the SCP administrator password.
282
off
Sets the SSH server to off.
/cfg/sys/access/xml
port <TCP_port_number>
Sets the XML server port number.
gtcert
Imports an XML client certificate.
delcert
Deletes an XML client certificate.
dispcert
Displays the current XML certificate.
debug
Toggles debug mode on or off.
Enabling XML debugging causes all commands in the XML file to be echoed to the
console, and prefaces each command one with either running XML cmd: or Invalid XML
cmd:. All responses to the commands are also sent to the console.
cur
Displays the current XML configuration.
283
/cfg/sys/access/xml/xml
/cfg/sys/alerts
thrput
Sets the throughput license alert threshold. If you set the value to 0, there is no alarm.
Values: 099 percent
Default: 90
sslcps
Sets the SSL CPS license percentage for the threshold alert.
Values: 099 percent
Default: 90
compress
Sets the compression license alert threshold.
Values: 099 percent
Default: 90
sesstble
Sets the session table threshold as a usage percentage of total capacity.
Values: 1100 percent
Default: high70, critical90
cur
Displays the current alerts threshold configuration.
284
/cfg/sys/report
Note: For DPM to work you must enable it, and you must globally enable DAM (Direct Access Mode)
for each virtual service that you are monitoring.
You can launch the DPM Web interface from the APSolute Vision client. The DPM interface launches
in the default browser.
You can configure the reporting level granularity for DPM reporting. For more information, see the
report command in the /cfg/slb/virt <server number>/service/http Virtual Server HTTP Service
Configuration Menu, page 435.
For more information on DPM, refer to the APSolute Vision User Guide.
[report Menu]
port
on
off
cur
on
Globally enables reporting communication.
Default: off
off
Globally disables reporting communication.
Default: off
cur
Displays the current reporting configuration.
285
/cfg/sys/timezone
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) None - disable timezone setting
Enter the number of your choice: 2
Please select a country.
1) Anguilla
18) Ecuador
35) Paraguay
2) Antigua & Barbuda
19) El Salvador
36) Peru
3) Argentina
20) French Guiana
37) Puerto Rico
4) Aruba
21) Greenland
38) St Kitts & Nevis
5) Bahamas
22) Grenada
39) St Lucia
6) Barbados
23) Guadeloupe
40) St Pierre & Miquelon
7) Belize
24) Guatemala
41) St Vincent
8) Bolivia
25) Guyana
42) Suriname
9) Brazil
26) Haiti
43) Trinidad & Tobago
10) Canada
27) Honduras
44) Turks & Caicos Is
11) Cayman Islands
28) Jamaica
45) United States
12) Chile
29) Martinique
46) Uruguay
13) Colombia
30) Mexico
47) Venezuela
14) Costa Rica
31) Montserrat
48) Virgin Islands (UK)
15) Cuba
32) Netherlands Antilles 49) Virgin Islands (US)
16) Dominica
33) Nicaragua
17) Dominican Republic 34) Panama
Enter the number of your choice:
286
Platform
40GbE
GBIC Port
Numbers
Alteon Application
Switch 4024
1926
318
N/A
N/A
Alteon Application
Switch 4408
16
78
N/A
N/A
Alteon Application
Switch 4416
112
1316
N/A
N/A
Alteon Application
Switch 5412
18
912
1316 (XFP)
N/A
Alteon Application
Switch 5224
1926
318
12 (SFP+)
N/A
Note: The LC jack is used for connecting Gigabit Ethernet fiber optic segments. The SFP modules
are not shipped with the product.
For more information on connectors, refer to the Radware Alteon Installation and Maintenance
Guide.
[Port 1 Menu]
gig
pvid
alias
name
rmon
tag
iponly
ena
dis
cur
287
|none
Sets a name for the port. The assigned port name appears next to the port number on
some information and statistics screens.
Default: none
rmon disable|enable
Disables or enables RMON for this port.
Default: disable
tag disable|enable
Disables or enables VLAN tagging for this port.
Default: disable
iponly disable|enable
Disables or enables allowing only IP-related frames.
Default: disable
ena
Enables the port.
dis
Disables the port.
To temporarily disable a port without changing its configuration attributes, see /oper/port
<port number> Operations-Level Port Options, page 609.
cur
Displays the current port parameters.
288
[GE Copper
speed
mode
fctl
auto
cur
Link Menu]
- Set link speed
- Set duplex mode
- Set flow control
- Set auto negotiate
- Display current ge copper link configuration
Note: Because the speed and mode parameters cannot be set for XFP Ethernet ports, these options
do not appear on the XFP Link menu.
Link menu options appear on the gig port configuration menu. Using these configuration menus, you
can set port parameters such as speed, flow control, and negotiation mode for the port link.
Table 187: Port Link Configuration Menu Options (/cfg/port <port number>/gig)
10 Mbps
100 Mbps
Default: any
This menu appears only if a Gigabit Ethernet port is selected.
mode full|half|any
Sets the operating mode.
Values:
Full-duplex
Half-duplex
Default: any
This menu appears only if a Gigabit Ethernet port is selected.
fctl both|none
Sets the flow control.
Values:
Default: both
289
Table 187: Port Link Configuration Menu Options (/cfg/port <port number>/gig) (cont.)
cur
Displays the current port parameters.
/cfg/vadc
Notes
To see what vADCs have been defined already, use the /info/vadc menu or the /cfg/dump
command.
You must create at least one vADC ID with a name to access the vADC menu.
If all capacity units have been assigned, regardless of the number of available vADCs left on the
license, if you try to add another vADC the following error message displays:
If you are creating a new vADC capacity unit, you are prompted to use the vADC creation dialog
(see vADC Creation Dialog, page 290).
If you have entered an existing vADC capacity unit, the vADC menu displays (see vADC Menu,
page 292).
Prompt
Description
Do you wish to import a configuration file? [y/n]: If you enter n, you go to the Enter vADC Name
prompt.
290
Prompt
Description
Values:
Values:14090
Enter subnet:
Enter as required.
Vlan IP interface:
Beginning of IP range:
As required.
End of IP range:
IP range subnet:
291
Prompt
Description
Do you wish to use a different vADC ID for peer? If you enter n, you go to the Enable vADC
[y/n]:
prompt.
Do you wish to use a different vADC name for
peer? [y/n]:
Enter vADC Peer management address(v4 or v6): Enter the vADC peer management information.
Enter vADC management subnet mask:
Enter vADC Peer management gateway
address(v4 or v6):
Do you wish to enable vADC? [y/n]:
After using the vADC creation dialog, the vADC menu displays (see vADC Menu, page 292). Any
values that you did not configure with the dialog are configured through the vADC menu.
If you enter apply, if a neighboring (peer) vADC is defined, you are prompted to synchronize the
new vADC with the peer. If you reply y and receive confirmation, save the new configuration.
Note: When the VX synchronizes the vADC configuration with its peer, all configuration parameters
are synchronized except the number of capacity units (CU) and whether they are enabled or
disabled.
vADC Menu
[vADC 20 Menu]
sys
add
rem
name
cu
limit
allow
users
swf
ena
dis
del
cur
-
292
rem
Specifies the VLAN number to remove.
Values: 14090
Note: VLAN configuration changes to an active vADC may cause configuration conflicts
on the vADC.
name
Specifies a new vADC name. This further identifies the vADC capacity unit. You must
enter a name for the vADC to later access the vADC menu.
Values: 131 characters
cu
Specifies new number of capacity units.
Note: If all capacity units have been assigned, regardless of the number of available
vADCs left on the license, if you try to add another vADC the following error message
displays:
allow
Displays the vADC Allow menu. To view this menu, see /cfg/vadc/allow vADC Allowed IP
Networks, page 301.
293
swf
Displays the vADC Software Features menu. To view this menu, see /cfg/vadc/users
vADC User Access Control Menu, page 302
ena
Enables the vADC capacity unit.
dis
Disables the vADC capacity unit.
del
Deletes the vADC capacity unit.
cur
Displays the current configuration of the vADC.
/cfg/vadc/sys
Inherit the Alteon system services from the Global Administrator context as defined under these
menus.
Service
Description
Syslog
AAA services:
RADIUS
TACACS
Inherited by default.
SMTP services
Peer target
294
peer
Displays the Sync Peer Management Port menu. To view this menu, see /cfg/vadc/sys/
peer vADC Sync Peer Management Configuration, page 297.
sync
Assigns the target appliance for the configuration synchronization. For sample output,
see /cfg/vadc/sys/sync vADC Sync Peer Management Assignment, page 298.
haid <0-63>
Sets the HA ID value to modify the assigned MAC addresses of vADCs.
Notes:
HA ID 0 is the legacy mode set automatically by Alteon for upgrade purposes, where
the HA ID value does not appear in the VRRP packet.
syslog
Displays the Syslog menu. To view this menu, see /cfg/vadc/sys/syslog vADC Syslog
Configuration, page 298.
radius
Displays the RADIUS menu. To view this menu, see /cfg/vadc/sys/radius vADC RADIUS
Configuration, page 298.
tacacs
Displays the TACACS menu. To view this menu, see /cfg/vadc/sys/radius vADC RADIUS
Configuration, page 298.
access
Displays the System Access menu. To view this menu, see /cfg/vadc/sys/access vADC
System Access Configuration, page 299.
idle
Displays the System Idle menu. To view this menu, see /cfg/vadc/sys/idle vADC System
Idle Configuration, page 300.
295
cur
Displays the current vADC system parameters.
/cfg/vadc/sys/mmgmt
addr6
Sets the IPv6 address.
prefix6
Sets the IPv6 prefix length.
delegate
Enables or disables global to vADC service delegation of the management port.
lock
Locks usage of the management port for the vADC Administrator.
unlock
Unlocks usage of the management port for the vADC Administrator.
296
/cfg/vadc/sys/peer
name
Sets a unique name for this peer vADC ID.
addr
Sets the IP address.
mask
Sets the subnet mask.
gw
Sets the default gateway address.
addr6
Sets the IPv6 address.
prefix6
Sets the IPv6 prefix length.
gw6
Sets the IPv6 default gateway address.
cur
Displays the current peer settings.
297
/cfg/vadc/sys/sync
10.1.1.1,
20.1.1.1,
30.1.1.1,
40.1.1.1,
0.0.0.0 ,
enabled
enabled
enabled
enabled
disabled
/cfg/vadc/sys/syslog
lock
Locks usage of global syslog servers for the vADC Administrator.
unlock
Unlocks usage of global syslog servers for the vADC Administrator.
cur
Displays the current syslog configuration.
/cfg/vadc/sys/radius
298
unlock
Unlocks usage of RADIUS servers for the vADC Administrator.
cur
Displays the current RADIUS configuration.
/cfg/vadc/sys/tacacs
lock
Locks usage of global TACACS+ servers for the vADC Administrator.
unlock
Unlocks usage of global TACACS+ servers for the vADC Administrator.
cur
Displays the current global TACACS+ configuration.
/cfg/vadc/sys/access
299
https
Enables or disables HTTPS (Secure Web) access.
snmp
Enables or disables SNMP access control.
sshd
Enables or disables SSH access.
tnet
Enables or disables Telnet access to Alteon. You see this command only if you are
connected to Alteon through the console port.
Default: disable
lock
Locks access for the vADC Administrator.
unlock
Unlocks access for the vADC Administrator.
cur
Displays the current system access configuration.
/cfg/vadc/sys/idle
lock
Locks usage of global idle servers for the vADC Administrator.
unlock
Unlocks usage of global idle servers for the vADC Administrator.
cur
Displays the current global idle configuration.
300
/cfg/vadc/sys/smtp
lock
Locks usage of global SMTP servers for the vADC Administrator.
unlock
Unlocks usage of global SMTP servers for the vADC Administrator.
cur
Displays the current global SMTP configuration.
/cfg/vadc/allow
[vADC allowed
add
rem
cur
IP networks Menu]
- Add IP network to the allowed vADC list
- Remove IP network from the allowed vADC list
- Display current vADC allowed IP networks
rem
Remove an IP network from the allowed vADC list.
301
/cfg/vadc/users
usrpw
Sets the user (user) password. The user has no direct responsibility for Alteon
management. The user can view status information and statistics, but cannot make any
configuration changes.
sopw
Sets the SLB operator (slboper) password. The SLB operator manages Web servers and
other Internet services and their loads. The SLB operator can view all Alteon information
and statistics, and can enable or disable servers using the Server Load Balancing
Configuration menus.
Access includes user functions.
l4opw
Sets the Layer 4 operator (l4oper) password. The Layer 4 operator manages traffic on
the lines leading to the shared Internet services. The Layer 4 operator can view all Alteon
information and statistics.
Access includes slboper functions.
opw
Sets the operator (oper) password. The operator manages all functions of Alteon, and
can view all information and statistics, and can reset ports or the entire Alteon.
Access includes l4oper functions.
302
l4apw
Sets the Layer 4 administrator (l4admin) password. The Layer 4 administrator
configures and manages traffic on the lines leading to the shared Internet services, and
can view all Alteon information and statistics, and can configure parameters on the
Server Load Balancing menus, with the exception of not being able to configure filters.
Access includes slbadmin functions.
admpw
Sets the administrator (admin) password. The superuser administrator has complete
access to all menus, information, and configuration commands, including the ability to
change both the user and administrator passwords.
Access includes oper and l4admin functions.
cur
Displays the current user status.
/cfg/vadc/users/uid
[User ID 1 Menu]
cos
- Set class of service
name
- Set user name
pswd
- Set user password
backdoor - Set user backdoor access
crtmng
- Enable/disable certificate management permissions
ena
- Enable user ID
dis
- Disable user ID
del
- Delete user ID
cur
- Display current user configuration
303
User (user)
Operator (oper)
Administrator (admin)
For more information on these security levels, see Accessing Alteon, page 34.
backdoor [d | e]
Enables or disables user access even when RADIUS or TACACS+ authentication is not
available.
Note: This applies to RADIUS and TACACS+ authentication when they are enabled but
still not available)
crtmng
Enables or disables certificate management permissions.
ena
Enables the user ID.
dis
Disables the user ID.
del
Deletes the user ID.
cur
Displays the current user ID configuration.
304
/cfg/vadc/swf
dis
Disables the selected software feature.
cur
Displays the current software feature settings.
/cfg/dashboard
Dashboard Menu
Each vADC has an accompanying dashboard that monitors the processing power and throughput
usage relative to the total allocated resources. The dashboard provides a centralized view of this
data so the Global Administrator can preemptively identify potential application and user issues and
needs by verifying the health, resource usage, and activity of the vADC.
This menu only appears in the Global Administrator environment in ADC-VX mode.
[Dashboard Menu]
interval - Set
vadc
- Set
range
- Set
view
- Set
chart
- Set
vadc
Sets the vADC to be monitored through the resource dashboard.
305
view throughput|cpu|both(throughput\cpu)
Sets the default view type.
chart
Sets the default chart type.
/cfg/pmirr
[Port Mirroring
mirror
monport cur
-
Menu]
Enable/Disable Mirroring
Configure Monitor Port
Display All Mirrored and Monitored Ports and VLANs
cur
Displays the current settings of the mirrored and monitoring ports.
/cfg/pmirr monport
Port-Mirroring Menu
[Port 1 Menu]
add
- Add "Mirrored" port and VLANs
rem
- Rem "Mirrored" port and VLANs
cur
- Display current Port-based Port Mirroring configuration
306
vlan
Adds the port to be mirrored, including the direction. You need to specify the direction
because:
If the source port of the frame matches the mirrored port, and the mirrored direction
is ingress or both (ingress and egress), the frame is sent to the mirrored port.
If the destination port of the frame matches the mirrored port, and the mirrored
direction is egress or both, the frame is sent to the monitoring port.
VLAN-based port mirroring lets you monitor traffic based on VLANs associated with a
port. You can add specific VLANs to a be monitored even if there are multiple VLANs
associated with that port. If you do not specify a VLAN, all traffic on that port will be
mirrored.
cur
Displays the current settings of the monitoring port. For example:
/cfg/bwm
Note: BWM is a software key-enabled feature that requires you to purchase a license and a key. For
more information on enabling BWM, see /oper/swkey Activating Software, page 617.
307
entries <64k|128k|256k|512k>
Sets the number of entries in the Bandwidth Management IP user table.
308
email disable|enable
Enables or disables sending BWM statistics using e-mail.
When disabled, these statistics are sent using a socket mechanism.
force disable|enable
Enables or disables the enforcement of bandwidth policy on the traffic.
When disabled, the reordering of the packets does not occur. The packets exit in the
order they come in. This means that no bandwidth limit is applied on the queues.
Default: enable
on
Globally enables Bandwidth Management.
off
Globally disables Bandwidth Management.
cur
Displays the current Bandwidth Management configuration.
309
iptype <sip|dip>
Defines the IP type for this contract, whether the user (IP address) limiting is enforced
by the source IP address (SIP), or the destination IP address (DIP).
iplimit disable|enable
Enables or disables user (IP address) limiting for this contract. If enabled, each IP
address is limited to the user limit configured using /cfg/bwm/policy <policy number>
Bandwidth Management Policy Configuration, page 312.
history disable|enable
Disables or enables saving statistics for this contract on the server.
Default: enable
wtos disable|enable
Disables or enables overwriting the IP Type of Service (TOS) for this contract.
Default: disable
mononly disable|enable
Enables or disables monitor-only mode for this contract. This is used for design and
auditing purposes only. Statistics are generated, but no shaping or limiting applies to this
contract.
310
wtcpwin disable|enable
Enables or disables overwriting TCP Window for this contract. By overwriting the default
window size, you can modify the TCP window size to a lower value so that when the
packet arrives carrying the bytes within that window size, the receiver of that packet
does not have to wait for acknowledgement. This may help reduce the traffic congestion.
Note: Do not set the value to lower than 1500 bytes. For details, refer to the Alteon
Application Switch Operating System Application Guide.
ena
Enables this Bandwidth Management contract.
dis
Disables this Bandwidth Management contract.
del
Removes this contract.
cur
Displays the current Bandwidth Management contract configuration.
[BW Contract 1
day
from
to
policy
enable
disable
delete
cur
Table 208: BWM Contract Time Policy Configuration Menu Options (/cfg/bwm/timepol)
from <1-12am/pm>
Defines the time from where you need to start the time in hours. If am or pm is not
specified, the switch will default to am for numbers lower than 12 and will default to pm
for numbers 13 or higher.
311
Table 208: BWM Contract Time Policy Configuration Menu Options (/cfg/bwm/timepol)
enable
Enables the Time Policy command on the switch.
disable
Disables the Time Policy command on the switch.
delete
Deletes the current Time Policy.
cur
Displays the current Time Policy configuration on the switch. For example:
Time Policy 1:
Day everyday, From Hour 12 a.m., To Hour 12 a.m., Policy 512, disabled
/cfg/bwm/policy <policy number>
soft <0k-5000k|1m-1000m>
Sets the soft bandwidth limit for this policy.
Default: 1000 kbps
312
userlim <0k-5000k|1m-1000m>
Sets the bandwidth limit for each IP address in the contract traffic.
del
Deletes the Bandwidth Management policy.
cur
Displays the current value of the Bandwidth Management policy configuration.
/cfg/bwm/group
del
Deletes this Bandwidth Management group.
313
/cfg/bwm/cur
314
/cfg/l2
lacp
Displays the Link Aggregation Control Protocol (LACP) menu. This menu only appears in
the Global Administrator environment in ADC-VX mode. To view this menu, see /cfg/l2/
lacp Link Aggregation Control Protocol Menu, page 323.
team
Displays the Port Team menu. This menu only appears in the Global Administrator
environment in ADC-VX mode. To view this menu, see /cfg/l2/team <team number>
Port Team Configuration, page 330.
cur
Displays the current Layer 2 parameters.
315
/cfg/l2/mrst
mode mstp|rstp
Sets the spanning tree mode.
on
Sets the spanning tree on (Bridge MSTP/RSTP runs normally).
off
Sets the spanning tree off (Bridge MSTP/RSTP does not run).
cur
Displays the current MST parameters.
/cfg/l2/mrst/cist
316
port <port_number>
Sets the port number.
default
Resets the STG and group member parameters to the factory default.
cur
Displays the current values of all objects that can be set from this menu.
/cfg/l2/mrst/cist/brg
Priority (0-65535)
Max Age (6-40 secs)
Forward Delay (4-30 secs)
CIST bridge parameters
cur
Displays the current values of all objects that can be set from the CIST bridge menu. For
sample output, see /cfg/l2/mrst/cist/brg cur Current Configuration for CIST Bridge,
page 317.
/cfg/l2/mrst/cist/brg cur
317
Statistic
Description
Priority
MaxAge
FwdDel
/cfg/l2/stg
Note: When VRRP is used for active-active redundancy, STP must be enabled.
318
clear
Removes all VLANs from a spanning tree.
on
Globally enables STP. STP is turned on by default.
off
Globally disables STP.
default
Resets the STG and group member parameters to the factory default.
untgpvst
Enables or disables sending PVST frames on untagged ports.
cur
Displays the current STP parameters.
/cfg/l2/stg/brg
Bridge priority
Forwarding delay
When you configure the STP bridge parameters, you must use the following formulas to make your
calculations:
2 X (fwd-1) mxage
2 X (hello+1) mxage
319
cur
Displays the current bridge STP parameters.
320
Port 1 Menu]
Set port Priority (0-255)
Set port Path Cost
Set port link type (auto,p2p,or shared; default: auto)
Enable/disable edge port
Enable/disable forwarding bpdu's on STG off
Turn port's Spanning Tree ON
Turn port's Spanning Tree OFF
Display current port Spanning Tree parameters
Spanning Tree port parameters are used to modify STP operation on an individual port basis. STP
port parameters include:
Port priority
link auto|p2p|shared
Sets the port link type:
Values: auto, p2p, shared
Default: auto
edge disable|enable
Enables or disables the edge port.
blkbpdu disable|enable
Block BPDU - enables or disables blocking the forwarding of the configuration bridge
protocol data units (BPDU), when the spanning tree is turned off.
Applicable in VX and standalone modes.
on
Enables STP on the port. STP is turned on by default for the port.
321
cur
Displays the current STP port parameters.
Trunk Configuration
Trunk groups can provide super-bandwidth and multi-link connections between Alteon or other trunk
capable Alteons. A trunk group is a group of ports that act together, combining their bandwidth to
create a single, larger virtual link. When trunk groups are configured, you can view the state of each
port in the various trunk groups. Up to 12 trunk groups can be configured, with the following
restrictions:
Any physical port can belong to no more than one trunk group.
The best performance is achieved when all ports in a trunk are configured for the same speed.
This menu only appears on the Global Administrator Statistics menu in ADC-VX mode.
ena
Enables the current trunk group.
dis
Turns the current trunk group off. By default, the trunk group is empty and disabled.
del
Removes the current trunk group configuration.
322
/cfg/l2/lacp
Note: For detailed information about this standard, refer to IEEE 802.3ad-2000.
LACP automatically determines which member links can be aggregated and then aggregates them.
It provides for the controlled addition and removal of physical links for the link aggregation.
Each external Alteon port can have one of the following LACP modes:
off (default)The user can configure this port to a regular static trunk group. When the system
initializes, all ports are in off mode by default.
activeThe port is capable of forming an LACP trunk. This port initiates negotiation with the
partner system port by sending LACPDU (Link Aggregation Control Protocol Data Unit) packets.
passiveThe port is capable of forming an LACP trunk. This port only responds to the
negotiation requests sent from an LACP active port.
Each LACP active or passive port needs an admin key, an operational key, and an aggregator for
LACP to start negotiation on these ports. You need to assign the same admin key to a group of ports
to make them aggregatable. The link can generate a Link Aggregation ID (LAG ID) based on the
operational key. All the aggregatable ports must have the same LAG ID. You can form an active
LACP trunk group with all the ports that have the same LAG ID.
For detailed information on this protocol, refer to the Alteon Application Switch Operating System
Application Guide.
This menu only appears on the Global Administrator Statistics menu in ADC-VX mode.
[LACP Menu]
name
sysprio
timeout
port
cur
Set descriptive
Set LACP system
Set LACP system
LACP port Menu
Display current
323
sysprio <1-65535>
Defines the system priority value. Lower numbers provide higher priority.
System priority is used when there are more than eight ports configured with the same
adminkey. The system priority, in conjunction with port priority, decides which eight ports
should be combined to form a trunk group between two Alteons. The rest of the ports
stay in standby mode to substitute for any failed ports.
Values: 165535
Default: 32768
timeout <short|long>
Defines the timeout period before invalidating LACP data from a remote partner.
Values:
short3 seconds
long90 seconds
Default: long
port <port number>
Displays the LACP Port menu. To view this menu, see /cfg/l2/lacp Link Aggregation
Control Protocol Menu, page 323.
cur
Displays the current LACP configuration.
324
Table 221: Link Aggregation Control Protocol Port Configuration Menu Options (/cfg/l2/lacp/
port)
offTurn LACP off for this port. You can use this port to manually configure a static
trunk.
activeTurn LACP on and set this port to active. Only active ports initiate
negotiation with the partner system port by sending the LACPDU packets.
passiveTurn LACP on and set this port to passive mode. Passive ports do not
initiate negotiation, but only respond to the negotiation requests from active ports.
Default: off
prio <1-65535>
Sets the priority value for the selected port. Lower numbers provide higher priority.
Default: 128
adminkey <1-65535>
Sets the admin key for this port. Only ports with the same admin key and oper key
(operational state generated internally) can form an LACP trunk group.
cur
Displays the current LACP configuration for this port.
VLAN Configuration
VLANs are commonly used to split up groups of network users into manageable broadcast domains
to create logical segmentation of workgroups, and to enforce security policies among logical
segments. This menu is used to configure VLAN attributes, change the status of the VLAN, delete
the VLAN, and change the port membership of the VLAN.
By default, the VLAN menu option is disabled except VLAN 1, which is always enabled.
325
ip6nd
Displays the IPv6 Neighbor Discovery menu This menu is used to enable or disable
sending IPv6 Router Advertisement packets from this interface. To view this menu, see /
cfg/l2/vlan/ip6nd IPv6 Neighbor Discovery Menu, page 328.
326
Default: disable
jumbo disable|enable
Enables or disables jumbo frame support on this VLAN. You need to reset Alteon using
the /boot/reset command to enable jumbo frames.
Jumbo Frames are not supported in this version.
learn disable|enable
Enables or disables source MAC address learning on this VLAN. This is not relevant for
vADC Administrator.
shared
Enables or disables VLAN sharing between vADCs. For more information, see vADC
Creation Dialog, page 290. This command only appears in the vADC Administrator
environment in ADC-VX mode.
ena
Enables this VLAN. This is not relevant for vADC Administrator.
dis
Disables this VLAN without removing it from the configuration. This is not relevant for
vADC Administrator.
del
Deletes this VLAN. This is not relevant for vADC Administrator.
cur
Displays the current VLAN configuration.
327
Note: All ports must belong to at least one VLAN. Any port which is removed from a VLAN and
which is not a member of any other VLAN is automatically added to default VLAN 1. You cannot
remove a port from VLAN 1 if the port has no membership in any other VLAN. Also, you cannot add
a port to more than one VLAN unless the port has VLAN tagging turned on (see the tag command in
/cfg/port <port number> Port Configuration Menu, page 287).
/cfg/l2/vlan/ip6nd
[IP6 Neighbor
rtradv
retrans
minint
maxint
mtu
chlim
mflag
oflag
rtime
rltime
pltime
vltime
opinfo
apinfo
Discovery Menu]
- Enable/disable router advertisement
- Set retransmission interval
- Set minimum interval between router advertisements
- Set maximum interval between router advertisements
- Set MTU
- Set current hop limit field
- Set managed address configuration flag
- Set other address configuration flag
- Set reachable time
- Set life time
- Set preferred life time
- Set valid life time
- Set On-link flag in prefix
- Set Autonomous address configuration flag in prefix
retrans
Sets the retransmission interval.
328
329
ena
Enables the port team.
330
del
Deletes the port team.
cur
Displays the current port team configuration.
/cfg/l3
[Layer 3 Menu]
if
gw
route
arp
frwd
nwf
rmap
rip
ospf
ospfv3
bgp
port
dns
bootp
vrrp
rtrid
metrc
cur
Interface Menu
Default Gateway Menu
Static Route Menu
ARP Menu
Forwarding Menu
Network Filters Menu
Route Map Menu
Routing Information Protocol Menu
Open Shortest Path First (OSPF) Menu
Open Shortest Path First for IPv6 (OSPFv3) Menu
Border Gateway Protocol Menu
IP Port Menu
Domain Name System Menu
Bootstrap Protocol Relay Menu
Virtual Router Redundancy Protocol Menu
Set router ID
Set default gateway metric
Display current IP configuration
route
Displays the IP Static Route menu. To view this menu, see /cfg/l3/route IP Static Route
Configuration, page 335.
331
frwd
Displays the IP Forwarding menu. To view this menu, see /cfg/l3/frwd IP Forwarding
Configuration Menu, page 338.
rip
Displays the Routing Interface Protocol menu. To view this menu, see /cfg/l3/rip Routing
Information Protocol Configuration, page 344.
ospf
Displays the OSPF menu. To view this menu, see /cfg/l3/ospf Open Shortest Path First
Configuration, page 346.
ospfv3
Displays the Open Shortest Path First v3 menu. To view this menu, see /cfg/l3/ospfv3
Open Shortest Path First v3 Configuration, page 354.
bgp
Displays the Border Gateway Protocol menu. To view this menu, see /cfg/l3/bgp Border
Gateway Protocol Configuration, page 361.
dns
Displays the IP Domain Name System menu. To view this menu, see /cfg/l3/dns Domain
Name System Configuration Menu, page 367.
bootp
Displays the Bootstrap Protocol menu. To view this menu, see /cfg/l3/bootp Bootstrap
Protocol Relay Configuration Menu, page 368.
vrrp
Displays the Virtual Router Redundancy Protocol menu. To view this menu, see /cfg/l3/
vrrp VRRP Configuration Menu, page 368.
metrc strict|roundrobin
Sets the default gateway metric to strict or roundrobin. For more information on
gateway metrics, see /cfg/l3/metrc <metric name> Default Gateway Metrics, page 383.
Default: strict
332
IP Interface Configuration
[IP Interface 1 Menu]
ipver
- Set IP version
addr
- Set IP address
mask
- Set subnet mask/prefix len
vlan
- Set VLAN number
relay
- Enable/disable BOOTP relay
ena
- Enable IP interface
dis
- Disable IP interface
del
- Delete IP interface
cur
- Display current interface configuration
Alteon can be configured with up to 256 IP interfaces. Each IP interface represents Alteon on an IP
subnet on your network. The interface option is disabled by default.
addr <IP address (such as 192.4.17.101 for IPv4 or 3001::abcd:5678 for IPv6)>
Configures the IP address of the Alteon interface using dotted decimal notation for IPv4
and colon notation for IPv6.
mask <IP subnet mask for IPv4 or prefix length for IPv6 (such as 255.255.255.0
for IPv4 or 64 for IPv6)
Configures the IP subnet address mask for the interface using dotted decimal notation
for IPv4 or prefix length for IPv6.
relay disable|enable
Enables or disables the BOOTP relay on this interface.
Default: enable
ena
Enables this IP interface.
dis
Disables this IP interface.
333
cur
Displays the current interface settings.
Note: Alteon can be configured with up to 255 gateways. Gateways 1 to 4 are reserved for default
gateway load balancing. Gateways 5 to 259 are used for load-balancing of VLAN-based gateways.
This option is disabled by default.
For information about configuring which gateway is selected when multiple default gateways are
enabled, see /cfg/l3/metrc <metric name> Default Gateway Metrics, page 383.
addr <default gateway address (such as, 192.4.17.44 for IPv4 or 3001::abcd:1234
for IPv6)>
Configures the IP address of the default IP gateway using dotted decimal notation for
IPv4 and colon notation for IPv6.
334
prio <high|low>
Enables you to change the priority of the default gateway route to either high or low,
relative to learned default routes.
highThe default gateway route is always preferred over learned default routes,
such as from the OSPF, BGP, or RIP protocols.
lowThe learned default routes are always preferred over the default gateway route.
Note: By default, the learned default route has a higher priority than the configured
default gateway route.
arp disable|enable
Enables or disables Address Resolution Protocol (ARP) health checks.
Default: disable
ena
Enables the gateway for use.
dis
Disables the gateway.
del
Deletes the gateway from the configuration.
cur
Displays the current gateway settings.
/cfg/l3/route
335
/cfg/l3/route/ip4
[IP4 Static
add
rem
cur
Route Menu]
- Add IP4 static route
- Remove IP4 static route
- Display current IP4 static route configuration
mask
Adds a static route. To complete the entry, enter a destination IP address, destination
subnet mask, and gateway address. Enter all addresses using dotted decimal notation.
If a gateway address is 0.0.0.0., the route becomes a black hole route. Packets routed to
such a destination will be dropped.
You can define up to 1024 static routes.
rem <destination
mask>
Removes a static route. The destination address of the route to remove must be
specified using dotted decimal notation.
cur
Displays the current IPv4 static routes.
/cfg/l3/route/ip6
[IP6 Static
add
rem
cur
336
Route Menu]
- Add IP6 static route
- Remove IP6 static route
- Display current IP6 static route configuration
prefix length
Adds a static route. To complete the entry, enter a destination IPv6 address, prefix
length, and next hop address. Enter all information using the IPv6 addressing format.
You can define up to 1024 static routes.
Note: You can use a link-local address a gateway in the static route. For more
information on link-local addresses, see /cfg/l2/vlan <VLAN number> VLAN
Configuration, page 325.
rem <destination
prefix length>
Removes a static route. The destination address of the route to remove must be
specified using the IPv6 addressing format.
cur
Displays the current IPv6 static routes.
/cfg/l3/arp
[ARP Menu]
static
rearp
cur
cur
Displays the current ARP configurations.
337
/cfg/l3/arp/static
Note: Alteon allows the static ARP configuration to be retained over reboots.
MAC address
VLAN number
port number>
cur
Displays the current static ARP configuration.
/cfg/l3/frwd
338
dirbr disable|enable
Enables or disables forwarding directed broadcasts.
Default: disable
on
Enables IP forwarding (routing). Forwarding is turned on by default.
off
Disables IP forwarding (routing).
cur
Displays the current IP forwarding settings.
/cfg/l3/frwd/local
Adds a definition for a local network. For details, see Defining IP Address Ranges for the
Local Route Cache, page 340.
prefix length>
339
prefix length>
cur
Displays the current local network definitions.
Address
Mask
0.0.0.0127.255.255.255
0.0.0.0
128.0.0.0
128.0.0.0255.255.255.255
128.0.0.0
128.0.0.0
205.32.0.0205.32.255.255
205.32.0.0
255.255.0.0
Note: All addresses that fall outside the defined range are forwarded to the default gateway. The
default gateways must be within range.
/cfg/l3/nwf
340
Sets the IP subnet mask that is used with /cfg/l3/nwf/addr to define the range of IP
addresses that will be accepted by the peer when the filter is enabled.
For the Border Gateway Protocol (BGP), assign the network filter to a route map, then
assign the route map to the peer.
Default: 0.0.0.0
enable
Enables the network filter configuration.
disable
Disables the network filter configuration.
delete
Deletes the network filter configuration.
cur
Displays the current the network filter configuration. For example:
1
-
Menu]
Access List number
AS Filter Menu
Set as-path prepend of the matched route
Set local-preference of the matched route
Set metric of the matched route
Set OSPF metric-type of the matched route
Set the precedence of this route map
Set weight of the matched route
Enable route map
Disable route map
Delete route map
Display current route map configuration
341
ap <AS number> [
<AS number>
lp <(value 0-4294967294)>
|none
Sets the local preference of the matched route, which affects both inbound and
outbound directions. The path with the higher preference is preferred.
|none
|none
Type 1External routes are calculated using both internal and external metrics.
Type 2External routes are calculated using only the external metrics. Type 2
routes have more cost than Type 1.
Default: 1
|none
enable
Enables the route map.
disable
Disables the route map.
delete
Deletes the route map.
cur
Displays the current route configuration.
342
1 Menu]
Network Filter number
Metric
Set Network Filter action
Enable Access List
Disable Access List
Delete Access List
Display current Access List configuration
metric <(1-4294967294)>
|none
enable
Enables the access list.
disable
Disables the access list.
delete
Deletes the access list.
cur
Displays the current access list configuration.
343
enable
Enables the AS filter.
disable
Disables the AS filter.
delete
Deletes the AS filter.
cur
Displays the current AS filter configuration.
/cfg/l3/rip
344
vip disable|enable
Enables or disables the advertisement of virtual IP addresses as host routes. If a VIP
route exists in a routing table, it is always advertised except when it is included in
another network route that is already being advertised.
Note: If all real servers behind a VIP go down, the route gets removed from the
routing table, and is not advertised. If you disable all the real servers using an
operation command, the VIP route does not get eliminated from the routing table,
and Alteon continues to advertise the route.
statc disable|enable
Enables or disables the advertisement of static routes.
on
Globally turns RIP on.
off
Globally turns RIP off.
cur
Displays the current RIP configuration.
/cfg/l3/rip/if
1
-
Menu]
Set RIP version
Enable/disable supplying route updates
Enable/disable listening to route updates
Enable/disable poisoned reverse
Enable/disable triggered updates
Enable/disable multicast updates
Set default route action
Set metric
Set authentication type
Set authentication key
Enable interface
Disable interface
Display current RIP interface configuration
345
listen
disable|enable
When enabled, Alteon stores routing information from other routers.
Default: enabled
poison disable|enable
When enabled, Alteon uses split horizon with poisoned reverse. When disabled, Alteon
uses split horizon only.
Default: disable
mcast disable|enable
Enables or disables triggered updates.
Default: enable
default none|listen|supply|both
Sets the default route action.
Default: none
auth
none|password
Sets the type of authentication.
Default: none
enable
Enables the interface.
disable
Disables the interface.
current
Displays the current values of all objects that can be set from this menu.
/cfg/l3/ospf
346
redist
<fixed|static|rip|ebgp|ibgp>
Displays the Route Distribution menu. To view this menu, see /cfg/l3/ospf/redist
<fixed|static|rip|ebgp|ibgp> OSPF Route Redistribution Configuration Menu.,
page 354.
347
metric-type 1|2>
|none
Sets one default route among multiple choices in an area. None means no default.
on
Enables OSPF.
off
Disables OSPF.
cur
Displays the current OSPF configuration settings.
/cfg/l3/ospf/aindex
type transit|stub|nssa
Defines the type of area. For example, when a virtual link has to be established with the
backbone, the area type must be defined as transit.
Stub areaAn area where external routing information is not distributed. Typically,
a stub area is connected to only one other area.
348
enable
Enables the OSPF area.
disable
Disables the OSPF area.
delete
Deletes the OSPF area.
cur
Displays the current OSPF configuration.
/cfg/l3/ospf/range
Range 1 Menu]
- Set IP address
- Set IP mask
- Set area index
- Enable/disable hide range
- Enable range
- Disable range
- Delete range
- Display current OSPF summary range configuration
hide disable|enable
Hides the OSPF summary range.
349
disable
Disables the OSPF summary range.
delete
Deletes the OSPF summary range.
cur
Displays the current OSPF summary range.
/cfg/l3/ospf/if
1 Menu]
Set area index
Set interface router priority
Set interface cost
Set hello interval in seconds
Set dead interval in seconds
Set transit delay in seconds
Set retransmit interval in seconds
Set authentication key
Set MD5 key ID
Enable interface
Disable interface
Delete interface
Display current OSPF interface configuration
350
|none
enable
Enables the OSPF interface.
disable
Disables the OSPF interface.
delete
Deletes the OSPF interface.
cur
Displays the current settings for OSPF interface.
/cfg/l3/ospf/virt
Link 1 Menu]
- Set area index
- Set hello interval in seconds
- Set dead interval in seconds
- Set transit delay in seconds
- Set retransmit interval in seconds
- Set router ID of virtual neighbor
- Set authentication key
- Set MD5 key ID
- Enable interface
- Disable interface
- Delete interface
- Display current OSPF interface configuration
351
|none
enable
Enables OSPF virtual link.
disable
Disables OSPF virtual link.
delete
Deletes OSPF virtual link.
cur
Displays the current OSPF virtual link settings.
/cfg/l3/ospf/md5key
352
1
-
Menu]
Set authentication key
Delete key
Display current MD5 key configuration
delete
Deletes the authentication key for this OSPF packet.
cur
Displays the current MD5 key configuration.
/cfg/l3/ospf/host
enable
Enables the OSPF host entry.
disable
Disables the OSPF host entry.
delete
Deletes the OSPF host entry.
cur
Displays the current OSPF host entries.
353
/cfg/l3/ospf/redist <fixed|static|rip|ebgp|ibgp>
Adds a route map to the route redistribution list. The routes of the redistribution protocol
matched by the route maps in the route redistribution list are redistributed.
To add specific route maps, enter routing map numbers one per line, with NULL at the
end.
To add all 32 route maps, enter all.
|none
Exports the routes of this protocol as external OSPF A1S-external LSAs in which the
metric and metric type are specified. To remove a previous configuration and stop
exporting the routes of the protocol, enter none.
cur
Displays the current route map settings.
/cfg/l3/ospfv3
354
[Open Shortest
aindex
range
if
virt
host
redist
default on
off
cur
-
redist
<fixed|static>
Displays the OSPFv3 Redistribute menu. To view this menu, see /cfg/l3/ospfv3/redist
<fixed|static> OSPFv3 Route Redistribution Configuration Menu., page 361.
metric-type 1|2>
|none
Sets one default route among multiple choices in an area. None means no default.
on
Enables OSPFv3.
355
cur
Displays the current OSPFv3 configuration settings.
/cfg/l3/ospfv3/aindex
type transit|stub|nssa
Defines the type of area. For example, when a virtual link has to be established with the
backbone, the area type must be defined as transit.
Stub areaAn area where external routing information is not distributed. Typically,
a stub area is connected to only one other area.
mtype <v3|compare-cost|noncompare-cost>
Defines the stub metric type.
Default: v3
356
summary <ena|dis>
Sets the summary import state.
Default: dis
enable
Enables the OSPFv3 area.
disable
Disables the OSPFv3 area.
delete
Deletes the OSPFv3 area.
cur
Displays the current OSPFv3 configuration.
/cfg/l3/ospfv3/range
Range 1 Menu]
Set IPv6 address
Set IPv6 prefix length
Set area index
Enable/disable hide range
Enable range
Disable range
Delete range
Display current OSPFv3 summary range configuration
prefix
Sets the length of the IPv6 prefix.
hide disable|enable
Hides the OSPF v3 summary range.
357
disable
Disables the OSPF v3 summary range.
delete
Deletes the OSPF v3 summary range.
cur
Displays the current OSPF v3 summary range.
/cfg/l3/ospfv3/if
358
enable
Enables the OSPF v3 interface.
disable
Disables the OSPF v3 interface.
delete
Deletes the OSPF v3 interface.
cur
Displays the current settings for the OSPF v3 interface.
/cfg/l3/ospfv3/virt
Link 1 Menu]
Set area index
Set hello interval in seconds
Set dead interval in seconds
Set transit delay in seconds
Set retransmit interval in seconds
Set router ID of virtual neighbor
Enable interface
Disable interface
Delete interface
Display current OSPFv3 interface configuration
359
enable
Enables OSPF v3 virtual link.
disable
Disables OSPF v3 virtual link.
delete
Deletes OSPF v3 virtual link.
cur
Displays the current OSPF v3 virtual link settings.
/cfg/l3/ospfv3/host
enable
Enables the OSPF v3 host entry.
disable
Disables the OSPF v3 host entry.
360
cur
Displays the current OSPF v3 host entries.
/cfg/l3/ospfv3/redist <fixed|static>
Adds a route map to the route redistribution list. The routes of the redistribution protocol
matched by the route maps in the route redistribution list are redistributed.
To add specific route maps, enter routing map numbers one per line, with NULL at the
end.
To add all 32 route maps, enter all.
|none
Exports the routes of this protocol as external OSPF AS-external LSAs in which the
metric and metric type are specified. To remove a previous configuration and stop
exporting the routes of the protocol, enter none.
cur
Displays the current route map settings.
/cfg/l3/bgp
361
Note: Fixed routes are subnet routes. There is one fixed route per IP interface.
362
off
Globally turns BGP off.
cur
Displays the current BGP configuration.
363
ena
Enables this peer configuration.
dis
Disables this peer configuration.
del
Deletes this peer configuration.
cur
Displays the current BGP peer configuration.
364
/cfg/l3/bgp/peer/redist
Menu]
Set default-metric of advertised routes
Set default route action
Enable/disable advertising RIP routes
Enable/disable advertising OSPF routes
Enable/disable advertising fixed routes
Enable/disable advertising static routes
Enable/disable advertising VIP routes
Display current redistribution configuration
|none
default none|import|originate|redistribute
Sets default route action.
Values:
OriginateAlteon sends a default route to peers even though it does not have any
default routes in its routing table.
rip disable|enable
Enables or disables advertising RIP routes.
ospf disable|enable
Enables or disables advertising OSPF routes.
fixed disable|enable
Enables or disables advertising fixed routes.
static disable|enable
Enables or disables advertising static routes.
vip disable|enable
Enables or disables advertising VIP routes.
cur
Displays the current redistribution configuration.
365
enable
Enables the selected aggregate.
disable
Disables the selected aggregate.
delete
Deletes the selected aggregate.
current
Displays the current aggregate configuration.
off
Disables IP forwarding for the current port.
366
/cfg/l3/dns
|none
mycompany.com
cur
Displays the current Domain Name System (DNS) settings.
367
/cfg/l3/bootp
on
Globally turns on BOOTP relay.
off
Globally turns off BOOTP relay.
cur
Displays the current BOOTP relay configuration.
/cfg/l3/vrrp
368
[Virtual Router
vr
vrgroup group
if
track
ospf
autosmir hotstan on
off
holdoff srvPbkp Standby
cur
-
Note: The IP address of a VRRP virtual interface router (VIR) and virtual server router (VSR) must
be in the same IP subnet as the interface to which it is assigned.
By default, VRRP is disabled. Alteon has extended VRRP to also include virtual servers, allowing for
full active-active redundancy over Layer 4. For more information on VRRP, see the High Availability
chapter in the Alteon Application Switch Operating System Application Guide.
group
Displays the VRRP Virtual Router Group menu, used to combine all virtual routers
together as one logical entity. Group options must be configured when using two or
more Alteons in a hot-standby failover configuration where only one Alteon is active at
any given time. To view the menu, see /cfg/l3/vrrp/group Virtual Router Group
Configuration, page 378.
track
Displays the VRRP Tracking menu. This menu is used for weighting the criteria used
when modifying priority levels in the master router election process. To view this menu,
see /cfg/l3/vrrp/track VRRP Tracking Configuration, page 382.
369
autosmir
Synchronizes the sessions from master to backup automatically at the configured time
of day every configured period (daily, weekly, monthly). To disable autosmir, when
prompted, enter the date as 0, month as 0, and the year as 0.
hotstan disable|enable
Enables or disables hot-standby processing, in which two or more Alteons provide
redundancy for each other.
Default: disable
Note: When you enable hot-standby for a VR group, the currently set priority for the
VR group is increased by 2.
on
Globally enables VRRP.
off
Globally disables VRRP.
srvPbkp
Enables or disables server processing on the standby Alteon for active-standby.
cur
Displays the current VRRP parameters.
Note: The VRRP3 VRID for an IPv6 VRRP configuration has a range of 1 to 255.
370
ipver v4|v6
Sets the version of the Internet Protocol supported by this virtual router.
Default: v4
vrid
For standard virtual routers (where the virtual router IP address is not the same as
any virtual server):
Values: 1255
Default: 1
For virtual server routers where the virtual router IP address is the same as the
virtual server can be any integer:
Values: 11024
Default: 1
All vrid values must be unique within the VLAN to which the virtual router's IP interface
belongs.
371
Default: 0.0.0.0
prio
<priority (1-254)>
Defines the election priority bias for this virtual server.
Note: When you enable hot-standby for a vrgroup, the currently set priority for the
vrgroup is increased by 2.
During the master router election process, the routing Alteon with the highest virtual
router priority number wins. If there is a tie, the Alteon with the highest IP interface
address wins. If this virtual router's IP address (addr) is the same as the one used by
the IP interface, the priority for this virtual router is automatically set to 255 (highest).
When priority tracking is used (/cfg/l3/vrrp/track or /cfg/l3/vrrp/vr #/
track), this base priority value can be modified according to a number of performance
and operational criteria.
Values: 1254
Default: 100
ospf
Updates the OSPF cost increment for this virtual router. To disable OSPF cost
adjustment, when prompted, enter the new cost increment as 0.
preem
disable|enable
Enables or disables master preemption. When enabled, if this virtual router is in backup
mode but has a higher priority than the current master, this virtual router preempts the
lower priority master and assumes control.
Note: Even when preem is disabled, this virtual router always preempts any other
master if this Alteon is the owner (the IP interface address and virtual router addr are
the same).
Default: enable
372
ena
Enables this virtual router.
dis
Disables this virtual router.
del
Deletes this virtual router.
cur
Displays the current configuration information for this virtual router.
[VRRP Virtual
vrs
ifs
ports
l4pts
reals
hsrp
hsrv
cur
373
ifs disable|enable
When enabled, the priority for this virtual router is increased for each IP interface active
on this Alteon. An IP interface is considered active when there is at least one active port
on the same VLAN. This helps elect the virtual routers with the most available routes as
the master.
Default: disable
ports disable|enable
When enabled, the priority for this virtual router is increased for each active port on the
same VLAN. A port is considered active if it has a link and is forwarding traffic. This
helps elect the virtual routers with the most available ports as the master.
Default: disable
l4pts disable|enable
When enabled for virtual server routers (VSRs) and virtual interface routers (VIRs), the
priority for this virtual router is increased for each physical port which has active Layer 4
processing on this Alteon. This helps elect the main Layer 4 Alteon as the master.
Default: disable
reals disable|enable
When enabled for virtual server routers, the priority for this virtual router is increased
for each healthy real server behind the virtual server IP address of the same IP address
as the virtual router on this Alteon. This helps elect the Alteon with the largest server
pool as the master, increasing Layer 4 efficiency.
Default: disable
hsrp
disable|enable
The Hot Standby Router Protocol (HSRP) is used with some types of routers for
establishing router failover. In networks where HSRP is used, enable this option to
increase the priority of this virtual router for each Layer 4 client-only port that receives
HSRP advertisements. Enabling HSRP helps elect the Alteon closest to the master HSRP
router as the master, optimizing routing efficiency.
Default: disable
hsrv
disable|enable
Hot Standby Router on VLAN (HSRV) is used to work in VLAN-tagged environments.
Enable this option to increment only that vrrp instance that is on the same VLAN as the
tagged HSRP master flagged packet.
Default: disable
cur
Displays the current configuration for priority tracking for this virtual router.
374
/cfg/l3/vrrp/vrgroup
Note: Virtual Router Group failover requires that you enable preemption for the group using the
/cfg/l3/vrrp/vrgroup/preem command.
[VRRP Virtual
track
name
add
rem
prio
ospf
trackvr
adver
preem
share
ena
dis
del
cur
name
Defines the virtual router group name.
Values: 18 characters
375
ospf
Updates the OSPF cost increment for this virtual router group. To disable OSPF cost
adjustment, when prompted, enter the new cost increment as 0.
preem disable|enable
Enables or disables preemption for the group.
share disable|enable
Enables or disables sharing for the group.
ena
Enables the virtual router group.
dis
Disables the virtual router group.
del
Deletes the virtual router group.
cur
Displays the current VRRP virtual router group configuration.
376
Table 268: Virtual Router Group Priority Tracking Menu Options (/cfg/l3/vrrp/vrgroup/track)
ports disable|enable
When enabled, the priority is increased for each active port in the VLAN in this virtual
router group. A port is considered active if it has a link and is forwarding traffic. This
helps elect the virtual routers with the most available ports as the master.
Default: disable
l4pts disable|enable
When enabled for virtual server routers, the priority is increased for each physical port
which has active Layer 4 processing in this virtual router group. This helps elect the
main Layer 4 Alteon as the master.
Default: disable
reals disable|enable
When enabled for virtual server routers, the priority is increased for each healthy real
server behind the virtual server IP address of the same IP address as the virtual router
in this virtual router group. This helps elect the Alteon with the largest server pool as
the master, increasing Layer 4 efficiency.
Default: disable
hsrp disable|enable
The Hot Standby Router Protocol (HSRP) is used with some types of routers for
establishing router failover. In networks where HSRP is used, enable this option to
increase the priority of this virtual router group for each Layer 4 client-only port that
receives HSRP advertisements. Enabling HSRP helps elect the Alteon closest to the
master HSRP router as the master, optimizing routing efficiency.
Default: disable
377
Table 268: Virtual Router Group Priority Tracking Menu Options (/cfg/l3/vrrp/vrgroup/track)
cur
Displays the current configuration for priority tracking for this virtual router group.
/cfg/l3/vrrp/group
Note: This option is required only when using at least two Alteons in a hot-standby failover
configuration, where only one Alteon is active at any time.
[VRRP Virtual
track
ipver
vrid
if
prio
ospf
adver
preem
share
ena
dis
del
cur
378
vrid
prio
<priority (1-254)>
Defines the election priority bias for this virtual router group.
During the master router election process, the routing Alteon with the highest virtual
router priority number wins. If there is a tie, the Alteon with the highest IP interface
address wins. If this virtual router's IP address (addr) is the same as the one used by the
IP interface, the priority for this virtual router is automatically be set to 255 (highest).
When priority tracking is used (/cfg/l3/vrrp/track or /cfg/l3/vrrp/vr #/
track), this base priority value can be modified according to a number of performance
and operational criteria.
Values: 1254
Default: 100
ospf
Updates the OSPF cost increment for this virtual router group. To disable OSPF cost
adjustment, when prompted, enter the new cost increment as 0.
adver <1-255>
Defines the time interval between VRRP master advertisements.
Values: 1255 (for IPv4, in seconds; for IPv6, in centiseconds)
Default: 1 for IPv4; 100 for IPv6
Note: Radware recommends that the default value of 100 or above is used for IPv6
interfaces to avoid a high load on the Alteon management CPU.
preem disable|enable
Enables or disables master preemption. When enabled, if the virtual router group is in
backup mode but has a higher priority than the current master, this virtual router
preempts the lower priority master and assumes control.
Note: Even when preem is disabled, this virtual router always preempts any other
master if this Alteon is the owner (the IP interface address and virtual router addr are
the same).
Default: enable
share disable|enable
Enables or disables virtual router sharing, a proprietary extension to VRRP. When
enabled, this Alteon processes any traffic addressed to this virtual router, even when in
backup mode.
Default: enable
379
dis
Disables the virtual router group.
del
Deletes the virtual router group.
cur
Displays the current configuration information for the virtual router group.
/cfg/l3/vrrp/group/track
Note: If Virtual Router Group Tracking is enabled, the tracking option is available only under group
option. The tracking setting for the other individual virtual routers is ignored.
ports disable|enable
When enabled, the priority for this virtual router is increased for each active port on the
same VLAN. A port is considered active if it has a link and is forwarding traffic. This helps
elect the virtual routers with the most available ports as the master.
Default: disable
l4pts disable|enable
When enabled for virtual server routers, the priority for this virtual router will be
increased for each physical switch port which has active Layer 4 processing on this
switch. This helps elect the main Layer 4 switch as the master. This command is disabled
by default.
380
hsrp disable|enable
Enables Hot Standby Router Protocol (HSRP) for this virtual router group. HSRP is used
with some types of routers for establishing router failover. In networks where HSRP is
used, enable this option to increase the priority of this virtual router for each Layer 4
client-only port that receives HSRP advertisements. This helps elect the Alteon closest to
the master HSRP router as the master, optimizing routing efficiency.
Default: disable
hsrv disable|enable
Hot Standby Router on VLAN (HSRV) is used to work in VLAN-tagged environments.
Enable this option to increment only that vrrp instance that is on the same VLAN as the
tagged HSRP master flagged packet.
Default: disable
cur
Displays the current configuration for priority tracking for this virtual router.
[VRRP Interface
auth
passw
del
cur
-
1 Menu]
Set authentication types
Set plain-text password
Delete interface
Display current VRRP interface configuration
passw
noneNo authentication.
passwordPassword authentication.
<password>
Defines a plain text password. This password is added to each VRRP packet transmitted
by this interface when password authentication is chosen (see the auth command in this
table).
Values: 18 characters
381
cur
Displays the current configuration for this IP interface's authentication parameters.
/cfg/l3/vrrp/track
ifs <0-254>
Defines the priority increment value for active IP interfaces detected on this Alteon.
Values: 1254
Default: 2
ports <0-254>
Defines the priority increment value for active ports on the virtual router's VLAN.
Values: 1254
Default: 2
382
reals <0-254>
Defines the priority increment value for healthy real servers behind the virtual server
router.
Values: 1254
Default: 2
hsrp
<0-254>
Defines the priority increment value for ports with Layer 4 client-only processing that
receive HSRP broadcasts.
Values: 1254
Default: 10
hsrv
<0-254>
Defines the priority increment value for VRRP instances that are on the same VLAN.
Values: 1254
Default: 10
cur
Displays the current configuration of priority tracking increment values.
Metric
Description
strict
The gateway number determines its level of preference. Gateway 1 acts as the
preferred default IP gateway until it fails or is disabled, at which point the next in
line takes over as the default IP gateway.
roundrobin
This provides basic gateway load balancing. Alteon sends each new gateway
request to the next healthy, enabled gateway in line. All gateway requests to the
same destination IP address are resolved to the same gateway.
383
/cfg/security
[Security Menu]
port
ipacl
udpblast dos
pgroup
seclog
pdepth
cur
-
ipacl
Displays the IP address Access Control menu. To view this menu, see /cfg/security/ipacl
IP Address Access Control List Configuration Menu, page 386.
udpblast
Displays the UDP Blast menu. To view this menu, see /cfg/security/udpblast UDP Blast
Protection Configuration Menu, page 388.
dos
Displays the Protocol Anomaly and DoS Attack Prevention menu. To view this menu, see
/cfg/security/dos Anomaly and Denial of Service Attack Prevention Menu, page 388.
cur
Displays the current security configuration.
384
/cfg/security/port
ipacl <enable|disable>
Enables or disables IP ACL.
udpblast <enable|disable>
Enables or disables UDP blast protection.
dos <enable|disable>
Enables or disables protocol anomaly and DoS attack prevention.
aadd
Adds all protocol anomalies and DoS attacks to be prevented for the port.
385
arem
Removes all protocol anomalies and DoS attacks to be prevented for the port.
help
Describes the protocol anomalies and DoS attacks that are being prevented.
cur
Displays the current port configuration. For example:
Current port 1:
<bogon disabled, ipacl disabled, udpblast disabled, dos disabled>
/cfg/security/ipacl
386
IP mask>
Adds a range of source IPv4 addresses to be denied, defined by the IP address pair.
The following prompts display when using this command:
IP subnet >
IP subnet >
cur
Displays current IP addresses ranges in the Access Control List.
387
/cfg/security/udpblast
[packet rate]
Adds UDP port or range for UDP blast protection, as well as the maximum packet rate
per second. If the number of packets on this port range exceeds the maximum packet
rate per second, UDP traffic is dropped.
cur
Displays all UDP blast protection ports.
/cfg/security/dos
388
help
Description of the anomaly and DoS attacks that are being prevented.
cur
Displays the current protocol anomaly and DoS attack prevention settings. For example:
[Pattern Match
name
add
rem
del
cur
Group 1 Menu]
- Set pattern group name
- Add SLB string to group
- Remove SLB string from group
- Delete pattern group
- Display current configuration
389
|none
del
Deletes the pattern group.
cur
Displays the current configuration of this pattern group.
/cfg/dump
Dump
The dump program writes the current configuration to the terminal screen. The configuration
displays with parameters that have been changed from the default values. The screen display can be
captured, edited, and placed in a script file, which can be used to configure other Alteons through a
Telnet connection.
When using Telnet to configure a new Alteon, paste the configuration commands from the script file
in the Alteon CLI. The active configuration can also be saved or loaded via TFTP, as described at /
cfg/gtcfg Restoring the Active Switch Configuration, page 392.
/cfg/ptcfg
390
allCreates a backup of all vADC configuration files. In ADC-VX mode, this option
Only appears in the Global Administrator environment.
When prompted, set the following parameters:
391
/cfg/gtcfg
CFE imports the XML file exported from the SFE. This is a mandatory operation
required to set up a CFE banch. The output is a target script configuration file for
each CFE branch configuration.
The vADC Administrator and the Global Administrator can restore the active configuration as
follows:
For both administrators, the file can contain a full configuration or an Alteon configuration. The
configuration loaded is not activated until the apply command is used. If the apply command is
found in the configuration script file loaded using this command, the apply action is performed
automatically.
The following is the syntax for gtcfg used by the vADC administrator, where hostname is the TFTP or
FTP server IP address or hostname, and filename is the name of the target script configuration file:
392
vadc
Enables the Global Administrator to import vADC configuration files to an existing vADC
and define the type of file to recover.
allCreates a new vADC from the settings of the recovery file or replace an existing
one. In ADC-VX mode, this option Only appears in the Global Administrator
environment.
When prompted, set the following parameters:
Enter
Enter
Enter
Enter
Enter
Enter
Enter
Enter
Note: The vadcs web certificates are not automatically applied with this command;
they must be applied manually.
393
Enter
Enter
Enter
Enter
394
/cfg/slb
SLB Configuration
The following is an example of the Layer 4 menu and an explanation of the Layer 4 menu options.
[Layer 4 Menu]
real
group
virt
layer7
accel
ssl
filt
port
nwclss
gslb
wap
sync
adv
linklb
advhc
pip
peerpip appshape sipspat wlm
on
off
cur
-
395
layer7
Displays the Layer 7 SLB Resource Definition menu. To view this menu, /cfg/slb/layer7
Layer 7 SLB Resource Definition Menu, page 461.
accel
Displays the Acceleration SLB menu. To view this menu, see /cfg/slb/accel Acceleration
SLB Configuration, page 486.
ssl
Displays the SSL SLB menu for configuring SSL offloading. To view this menu, see /cfg/
slb/ssl SSL SLB Configuration, page 504.
gslb
Displays the Global SLB menu for configuring Global Server Load Balancing (GSLB). To
view this menu, see /cfg/slb/gslb Global SLB Configuration, page 549.
wap
Displays the WAP menu for configuring Alteon for using the Wireless Application Protocol
(WAP). To view this menu, see /cfg/slb/wap WAP Configuration, page 564.
sync
Displays the Synchronize Peer menu. To view this menu, see /cfg/slb/sync Synchronize
Peer Configuration, page 565.
adv
Displays the Advanced Layer 4 menu. To view this menu, see /cfg/slb/adv Advanced
Layer 4 Configuration, page 568.
396
advhc
Displays the Advanced Health Check menu. To view this menu, see /cfg/slb/advhc
Advanced Health Check Menu, page 577.
pip
Displays the Proxy IP Address menu. When a PIP is defined, client address information
in Layer 4 requests is replaced with the proxy IP address. To view this menu, see /cfg/
slb/pip Proxy IP Address Menu, page 605.
peerpip
Displays the Peer Proxy IP Address menu. When this command is enabled, an Alteon
forwards traffic from a peer Alteon using Layer 2, without performing server processing
on the packets of that peer Alteon. This happens because the peers are aware of each
other's proxy IP addresses. This prevents the dropping of a packet, or the packet being
sent to the backup Alteon in the absence of the proxy IP address of the peer.
To view this menu, see /cfg/slb/peerpip SLB Peer Proxy IP Address Menu, page 606.
appshape
Displays the AppShape++ Repository menu for managing AppShape++ scripts. To view
this menu, see /cfg/slb/appshape AppShape++ Script Management, page 563.
wlm
Displays the Workload Management menu for the workload management of servers. To
view this menu, see /cfg/slb/wlm Workload Management Menu, page 606.
on
Globally turns on Layer 4 software services for SLB and application redirection. This
option can be performed only after the optional Layer 4 software is enabled (see /oper/
swkey Activating Software, page 617).
Note: Filters configured to allow, deny, or perform Network Address Translation (NAT)
on traffic do not require Layer 4 software to be activated. These filters are not
affected by the setting SLB on or off.
Application redirection filters, however, require Layer 4 software services. Layer 4
processing must be turned on before redirection filters will work.
off
Globally disables Layer 4 services. All configuration information remains in place (if
applied or saved), but the software processes no longer are active on Alteon.
Note: Filters configured to allow, deny, or perform Network Address Translation (NAT)
on traffic do not require Layer 4 software to be activated. These filters are not
affected by the setting SLB on or off.
Application redirection filters, however, require Layer 4 software services. Layer 4
processing must be turned on before redirection filters will work.
397
<health check id>Sets the specified health check for the server.
Note: Setting a specific health check for a server overrides the group health check
settings.
398
layer7
Displays the Real Server Layer 7 menu. To view this menu, see /cfg/slb/real <server
number>/layer7 Real Server Layer 7 Configuration, page 405.
ids
Displays the Real Server IDS (Intrusion Detection System) menu. To view this menu, see
/cfg/slb/real <real server number>/ids Real Server IDS Configuration Menu, page 406.
thrsh
Displays the Real Server Threshold menu for setting a threshold per group for the
number of concurrent connections. To view this menu, see /cfg/slb/real <real server
number>/thrsh Real Server Threshold Menu, page 407
|none
Defines an alias for each real server. This lets the network administrator quickly identify
the server by a natural language keyword value.
Values: 131 characters
weight
399
Real servers with the same IP address must be set to the same maximum connection
(maxcon) mode.
Real servers with the same IP address set to maxcon mode physical must all have the
same maxcon value. The maxcon value is the maximum number of connections that the
real servers support jointly.
Real servers with the same IP address set to maxcon mode logical can each have
different maxcon values. The maxcon value is the maximum number of connections that
each logical real server supports individually.
400
|none
Sets the real server used as the backup or overflow server for this real server.
To prevent loss of service if a particular real server fails, use this option to assign a
backup real server number. If the real server becomes inoperative, Alteon activates the
backup real server until the original becomes operative again.
The backup server is also used in overflow situations. If the real server reaches its
maximum connections (maxcon) limit, the backup comes online to provide additional
processing power until the original server becomes desaturated.
The same backup or overflow server may be assigned to more than one real server at the
same time
inter [1-600|inherit]
Sets the interval (in seconds) between real server health verification attempts.
Determining the health for each real server is a basic function for SLB. By default, Alteon
checks the health of a real server using ICMP.
Once servers are attached to groups which, in turn, are attached to services, Alteon
checks the availability of the services running on the server using the health checks
configured for the group. However, it is possible to override this behavior and configure
for each real server its own health checks.
This option lets you choose the time between health checks, or use the interval defined
within the health check itself.
Values:
1-600Sets the interval (in seconds) between real server health verification
attempts.
inheritTakes the value from the health check that checks the server.
Default: inherit
retry [1-63|inherit]
Sets the number of failed health check attempts required before declaring this real server
inoperative, or uses the value defined within the health check itself.
Values:
1-63
inheritTakes the value from the health check that checks the server.
Default: inherit
401
1-63
inheritTakes the value from the health check that checks the server.
Default: inherit
overflo enable|disable
Enables or disables backup upon overflow.
remote disable|enable
Enables or disables remote site operation for this server. This option should be enabled
when the real IP address represents a remote server (real or virtual) that Alteon accesses
as part of its GSLB network. For more information, see the Alteon Application Switch
Operating System Application Guide.
Default: disable
fasthc disable|enable
Enables or disables fast health checking.
Values:
EnableThe real server goes down operationally as soon as the physical port
connected to the real server goes down.
DisableThe real server goes down only after the configured health check interval.
Default: enable
ena
You must perform this command to enable this real server for Layer 4 service. When
enabled, the real server can process virtual server requests associated with its real
server group. When using the apply and save commands, this option enables this real
server for operation until explicitly disabled.
For an operations-level command to enable SLB, see /oper/slb/ena on /oper/slb
Operations-Level SLB Options, page 610.
dis
Disables this real server from Layer 4 service. A disabled server no longer processes
virtual server requests as part of the real server group to which it is assigned. This
option, when the apply and save commands are used, disables this real server until it is
explicitly re-enabled.
Note: This option does not perform a graceful server shutdown.
402
cur
Displays the current configuration information for this real server.
/cfg/slb/real/adv
remote <enable|disable>
Enables or disables Global SLB remote site operations.
buddyhc
Displays the Buddy Server Health Check menu. To view this menu, see /cfg/slb/real/adv/
buddyhc Buddy Server Health Check Menu, page 405.
fasthc
<enable|disable>
Enables or disables fast health checking.
403
subdmac <enable|disable>
Enables or disables destination MAC address substitution.
cur <enable|disable>
Displays the current real server advanced configuration.
/cfg/slb/real/adv/pip
Proxy IP Menu
[Proxy IP Menu]
mode
addr
nwclss
cur
-
addr
Sets the IPv4 and/or IPv6 PIP address or subnet. When a subnet is configured with a
subnet mask other than 255.255.255.255, PIP persistency mode can be selected.
Options:
404
PIP persistency
PIP persistency
cur
Displays the current proxy configuration.
/cfg/slb/real/adv/buddyhc
1 Buddy Menu]
Add Buddy Server
Delete Buddy Server
Display current buddy server configuration
service 10-65534>
service 10-65534>
cur
Displays the current buddy server configuration.
[Real Server
addlb
remlb
cookser
exclude
ldapwr
cur
1
-
405
cookser disable|enable
Enables or disables the real server to handle client requests that do not contain a cookie.
Use this option if you want to designate a specific server to assign cookies only. This
server receives the client request, assigns the cookie, and embeds the IP address of the
real server that handles the subsequent requests from the client.
Default: dsable
exclude disable|enable
Enables or disables exclusionary string matching.
Default: disable
ldapwr disable|enable
Enables or disables the LDAP write server.
There are two types of LDAP servers: read servers and write servers. You need to use
read servers when you only want to browse the directory. You need to use write servers
when you want to modify the directory on the server. The write server can conduct both
read and write operations.
cur
Displays the current real server configuration.
[Real Server
idsvlan
idsport
oid
comm
cur
1
-
IDS Menu]
Set Vlan ID for ID Server
Set Port for ID Server
Override OID for SNMP HC
Override community string for SNMP HC
Display current real server configuration
406
comm <SNMP health check community string to override group community string>
Overrides the community string for SNMP health checks.
cur
Displays the current real server configuration.
Table 290: Real Server Group Threshold Menu Options (/cfg/slb/group<real server group
number>/thrsh)
Range: 0-2000000
cur
Displays the current group threshold configuration.
407
|none
Defines an alias for each real server group. This lets the network administrator quickly
identify the server group by a natural language keyword value.
Values: 131 characters
metric leastconns|svcleast|roundrobin|minmisses|hash|response|bandwidth|phash
Sets the load balancing metric used for determining which real server in the group is the
target of the next client request. For more information, see Server Load Balancing
Metrics, page 415.
Default: leastconns
408
Table 291: Real Server Group Configuration Menu Options (/cfg/slb/group) (cont.)
<health check object>Sets the specified health check for the server.
noneTakes the value from the group health check that checks the server.
inheritTakes the value from the health check that checks the server.
Default: tcp
|none
Defines the specific content which is examined during health checks (maximum 127
characters). The content depends on the type of health check specified in the health
option (see in this table).
slowstr [0-600]
Sets the server slow start time limit.
Values: 0600
Default: 0 (indicates the feature is disabled)
|none
Sets the real server or real server group used as the backup or overflow server or server
group for this real server group.
To prevent loss of service if the entire real server group fails, use this option to assign a
backup real server or real server group number. If the real server group becomes
inoperative, Alteon activates the backup real server or server group until one of the
original real servers becomes operative again.
The backup server or server group is also used in overflow situations. If all the servers in
the real server group reach their maximum connections (maxcon) limit, the backup
server or server group comes online to provide additional processing power until one of
the original servers becomes desaturated.
The same backup or overflow server or server group may be assigned to more than one
real server group at the same time.
Default: none
secbkp
Configures the second backup group in addition to an existing backup group.
409
Table 291: Real Server Group Configuration Menu Options (/cfg/slb/group) (cont.)
maxthrsh
Sets the restore threshold (also called the maximum threshold). When the number of
active real servers reaches this threshold, the group status changes to up.
Note: When determining the restore threshold, secondary backups and buddy servers
are not counted as active real servers.
Values: 11024
Default: 1
advhlth
(1&2|3..), 128
|none
Defines an advanced health check formula expression for the real servers. This lets you
create a boolean expression to health check the real server group based on the state of
the virtual services.
This command supports two boolean operators, AND and OR, used to manipulate TRUE
and FALSE values. Using parentheses with the boolean operators, you can create a
boolean expression to state the health of the server group.
This command also supports a string expression which is up to 128 characters long. You
can also set the formula expression as none.
24The minmiss algorithm uses the upper 24 bits of the source IP address to
calculate the real server that the traffic should be sent to when the minmiss metric is
selected.
32Select all 32 bits of the source IP address to hash to the real server.
Default: 24 bits
| none
410
Table 291: Real Server Group Configuration Menu Options (/cfg/slb/group) (cont.)
viphlth disable|enable
Enables or disables VIP health checking in a service.
Values:
EnableVIP health checking only works when the service has the DSR (Direct
Server Return) feature enabled.
DisableAlteon uses RIP to perform all health checks, whether DSR is enabled or
disabled.
Default: enable
ids disable|enable
Enables or disables Intrusion Detection Server (IDS) load balancing for the designated
real server group.
This feature can only be configured on real server groups between 1 and 63.
idsfld disable|enable
Enables or disables the Intrusion Detection flood.
Values:
DisablePackets are only copied to the load balanced IDS server within the IDS
group.
oper disable|enable
Enables or disables the real server group operation.
411
Table 291: Real Server Group Configuration Menu Options (/cfg/slb/group) (cont.)
cur
Displays the current configuration parameters for this real server group.
tcp
sipoptions
The health check options are described in the following table. For a more detailed description of
these health check options, refer to the Alteon Application Switch Operating System Application
Guide.
arp
Sends an ARP request for Layer 2 health checking.
icmp
For Layer 3 health checking, pings the server.
tcp
Opens and closes a TCP/IP connection to the server for TCP service.
http
For the HTTP service, use HTTP/1.1 GET when a host header is required, to check that
the URL content is specified in the /cfg/slb/group/content command. Otherwise,
an HTTP/1.0 GET occurs. HTTP health check is successful if you get a return code of
200.
Note: If content is not specified, the health check is performed using the / character.
httphead
Enables Alteon to declare if the server is up by locating the URL header and not waiting
until all the URL contents are received. You can use this command to test the validity and
access to the hypertext links, or to look for any recent modification to the URL.
412
pop3
For user mail service, checks that the user:password account specified in the /cfg/
ftp
For FTP services, checks that the filename specified in the /cfg/slb/group/content
command is accessible on the server through anonymous login.
imap
For user mail service, checks that the user:password value specified in the /cfg/slb/
group/content command exists on the server.
sslh
Enables Alteon to query the health of the SSL servers by sending an SSL client Hello
packet, and then verify the contents of the server's Hello response. During the
handshake, the user and server exchange security certificates, negotiate an encryption
and compression method, and establish a session ID for each session.
sslhv3
Enables SSL healthcheck for version 3.
udpdns
Enables health checking using UDP DNS queries.
413
wtp
Enables connection-oriented WTP+WSP content health checks for WAP gateways. The
content under /cfg/slb/adv/waphc (see /cfg/slb/advhc Advanced Health Check
Menu, page 577) must also be configured
wtls
Provides Wireless Transport Layer Security (WTLS) Hello-based health checks for
encrypted and connection-oriented WTLS traffic on port 9203.
ldap
Sets the health check type to LDAP.
LDAP health checks enable Alteon to determine if the LDAP server is alive. This health
check consists of three LDAP messages over one TCP connection: a bind request, a bind
result, and an unbind request.
Alteon sends an anonymous bind request to the server. If the server is up, it sends the
bind result message and Alteon marks the server as alive. Alteon must send an unbind
request so that the server does not hold resources indefinitely. The administrator can
choose LDAP version 2 or 3, as both versions are compatible with Alteon.
snmp
<1 - 5>
Enables using SNMP-based health checks.
Values: 165, denoting the script number
tftp
Sets the health check type to TFTP.
This protocol enables the user to request a file from the server. At regular intervals,
Alteon transmits TFTP read requests (RRQ) to all servers in the group. The health check
is successful if the server responds to the RRQ. The health check fails if Alteon receives
an error packet from the real server.
rtsp
Sets the health check type to RTSP.
The RTSP health check can operate with or without content. If there is no content
configured, Alteon issues an RTSP OPTIONS method. If content is supplied, Alteon issues
an RTSP DESCRIBE method. If the response to either method is RTSP/200, then the
health check passes. If this is not the response, the health check fails.
sip
Sets the health check type to sip.
You can perform the SIP (Session Initiation Protocol) health checks by using an SIP PING
request. You must enable UDP to perform SIP load balancing.
sipoptions
Sets the health check type to sipoptions.
wts
Sets the health check type to wts.
414
If no content is specified, this indicates using a DHCP inform with the UDP offset source
port.
hash
Like the minmisses metric, the hash metric uses IP address information in the client
request to select a server.
For application redirection, all requests for a specific IP destination address are sent to
the same server. This is particularly useful for maximizing successful cache hits.
For SLB, all requests from a specific client are sent to the same server. This is useful for
applications where client information must be retained between sessions.
Use this metric if the statistical load balancing achieved using minmisses is not as
optimal as desired. Although the hash metric can provide more even load balancing at
any given instance, it is not as effective as minmisses when servers leave and re-enter
service.
If the load balancing statistics indicate that one server is processing significantly more
requests over time than other servers, consider using this metric.
415
roundrobin
With the round-robin option, new connections are issued to each server in turn. The first
real server in this group gets the first connection, the second real server gets the next
connection, followed by the third real server, and so on. When all the real servers in this
group have received at least one connection, the issuing process starts over with the
first real server.
response
This is the real server response time. With this option, Alteon monitors and records the
time that each real server takes to reply to a health check. Use the response time to
adjust the real server weights. The weights are adjusted so they are inversely
proportional to a moving average of response time.
bandwidth
With the bandwidth option, the real server weights are adjusted so they are inversely
proportional to the number of octets that the real server processes during a given
interval. The higher the bandwidth used, the smaller is the weight assigned to that
server.
phash
The phash metric uses the best features of the hash and minmiss metrics. With phash
enabled, Alteon supports an even load distribution (hash) and stable server assignment
(minmiss) even when a server in the group goes down. With the phash metric, the first
hash always is the same even if a real server is down. If the first hash hits a dead server,
it rehashes for that request based on the actual number of servers that are up. This
results in a request always being sent to a server that is up.
svcleast
The svcleast (least connections per service) metric is an extension of the leastconns
metric. When using this metric, Alteon selects the real server based only on the number
of active connections for the service which is load balanced, and not the total number of
connections active on the server. For example, when selecting a real server for a new
HTTP session, a real server serving one HTTP connection and 20 FTP connections takes
precedence over a real server serving two HTTP connections only.
Note: Using the leastconns, roundrobin, hash, and phash metrics, when real servers are configured
with weights (see the weight option in Table 284 - Real Server Configuration Menu Options (/cfg/
slb/real), page 398), a higher proportion of connections are given to servers with higher weights.
This can improve load balancing among servers of different performance levels. Weights are not
applied when using the minmisses metrics.
416
[Virtual Server
service ipver
vip
vname
srcnet
dname
cont
weight
avail
avpersis nat
addrule remrule layer3
creset
ena
dis
del
cur
-
1 Menu]
Virtual Service Menu
Set IP version
Set IP addr of virtual server
Set name of virtual server
Set Source Network Class
Set domain name of virtual server
Set BW Contract
Set Global SLB weight for virtual server
Set Global SLB availability for virtual server
Enable/disable GSLB availability persistence
Set NAT address for VIP
Add Global SLB rule to domain
Remove Global SLB rule from domain
Enable/disable layer 3 only balancing
Enable/disable client connection reset for invalid VPORT
Enable virtual server
Disable virtual server
Delete virtual server
Display current virtual configuration
417
weight
Sets the global server weight for the virtual server. The higher the weight value, the
more connections that are directed to the local site. The response time of this site is
divided by this weight before the best site is assigned to a client. Remote site response
times are divided by the real server weight before selection occurs.
Default: 1
avail
Sets the Global Server Load Balancing (GSLB) availability for the virtual server.
avpersis
Enables or disables Global Server Load Balancing (GSLB) availability persistence for the
virtual server.
nat
Sets the IP address of a NAT device. For use when an Alteon sits behind a NAT device.
Two Alteons, each behind a separate NAT device, connect using the IP address of each
others NAT device, instead of a virtual IP address, in DNS response and DSSP
communication.
418
layer3 <enable|disable>
Normally, use the client IP address with the client Layer 4 port number to produce a
session identifier. When enabled, Alteon uses only the client IP address as the session
identifier. It associates all the connections from the same client with the same real
server while any connection exists between them.
This option is necessary for some server applications where state information about the
client system is divided across different simultaneous connections, and also in
applications where TCP fragments are generated.
If the real server to which the client is assigned becomes unavailable, the Layer 4
software allows the client to connect to a different server.
Default: disable
creset enable|disable
Enables or disables client connection reset for an invalid virtual port.
preempt enable|disable
Enables or disables GSLB failover preemption.
ena
Enables this virtual server. This option activates the virtual server so that it can service
client requests sent to its defined IP address.
dis
This option disables the virtual server so that it no longer services client requests.
del
This command removes this virtual server from operation and deletes it from the Layer
4 switching software configuration.
Note: Use this command with caution, as it deletes the options that have been set
for this virtual server.
cur
Displays the current configuration of the specified virtual server.
419
Notes
For all applications without a well-known port, you can select Basic-SLB as the application.
The service number specified on Alteon must match the service specified on the server.
Number
TCP/UDP
Applications
TCP/UDP Application
20
ftp-data
79
finger
179
bgp
21
ftp
80
http
194
irc
22
ssh
109
pop2
389
ldap
23
telnet
110
pop3
443
https
25
smtp
119
nntp
520
rip
37
time
123
ntp
554
rtsp
42
name
143
imap
1812
radius-auth
43
whois
144
news
1813
radius-acc
53
domain
161
snmp
1985
hsrp
69
tftp
162
snmptrap
Only relevant parameters for application you specify appear in the service menu.
Each application has its own service configuration menu. The first menu example displays the BasicSLB service configuration menu and includes commands common to all services. The subsequent
menu examples are application-specific and the command descriptions are only for those commands
that are specific to that application. For all common commands, refer to the Basic-SLB configuration
menu.
The following is the list of the application-specific menus that are described in this section:
Menu
Description
basic-slb
https
http
ssl
dns
ftp
420
Menu
Description
rtsp
wts
sip
ldap
421
protocol tcp|udp|stateless
Sets the protocol (TCP/UDP) for a virtual port (disabled by default).
Values:
TCP, UDPYou can configure this option if the services to be load balanced include
UDP and TCP.
For example, DNS uses UDP and TCP. In those environments, you must activate UDP
balancing for the particular virtual servers that clients will communicate with using
UDP.
statelessNo session table entry is created. Because no session is created, you have
to bind to a new server every time.
Note: If applying a filter to the same virtual server IP address on which UDP load
balancing is enabled, disable caching on that filter for optimal performance. For more
information, see the cache command in /cfg/slb/filt <filter number> /adv Filter
Advanced Menu, page 534.
pip
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu, page 426.
ssl
Displays the SSL Load balancing menu. To view this menu, see /cfg/slb/ssl SSL SLB
Configuration, page 504.
hname <hostname>
|none
Sets the hostname for a service added. Use this in conjunction with dname (see in this
table) to create a full host or domain name for individual services.
Values:
422
hostnameFor example, to add a hostname for Web services, you could specify
www as the hostname. If a dname of foocorp.com is defined, "" would be the full
host or domain name for the service.
pbind clientip|disable
Enables or disables persistent bindings for a real server. This may be necessary for some
server applications where state information about the client system is retained on the
server over a series of sequential connections, such as with SSL (Secure Socket Layer,
HTTPS), Web site search results, or multi-page Web forms.
Values:
Default: disable
thash sip|sip+sport
Defines the hash parameter. Tunable hash lets the user select different parameters for
computing the hash value used by the hash, phash, and minmisses SLB metrics. For
example, the source IP address, or both source IP address and source port. If you do not
select any hash parameter, Alteon uses the default hash parameter sip.
tmout
Checks the time, in minutes, when an inactive connection remains open.
ptmout
Checks the time, in minutes, for an inactive persistent connection.
423
forceproxyEnables full proxy mode using the Application Service Engine and
enables TCP Optimization.
Forces Alteon to perform a back-end TCP handshake no Layer 7 application services
(such as SSL offloading, caching, compression, or HTTP modifications) are in use,
and when no Layer 7 requests are coming from the client. If the server does not
respond within a configured period, Alteon moves to the next server.
Enables Alteon to perform persistency for HTTP cookies in multiple packets which do
not arrive in the correct order, and to reorder the packets.
Default: disable
clsrst disable|enable
Enables or disables client reset.
Values:
disableWhen Alteon receives a FIN message from the client, it performs a graceful
closure of both client-side and server-side sessions.
enableWhen Alteon receives a FIN message from the client, it closes the serverside session entry using RST for fastage.
Note: To enable session reset on connection close, full proxy mode (forceproxy)
must be disabled.
Default: disable
frag disable|enable
Enables or disables remapping server fragments for a virtual port.
Default: enable
nonat disable|enable
Enables or disables substituting only the MAC address of the real server. This does not
substitute IP addresses. Use this feature for Direct Server Return (DSR) in a one-armed
load balancing configuration, so that frames returning from the server to the client do not
have to pass through Alteon.
Default: disable
direct disable|enable
Enables or disables Direct Access Mode (DAM) on the selected virtual service. This takes
precedence over the command to globally enable or disable DAM on Alteon.
424
Session mirroring is only supported for Layer 4 SLB sessions and static NAT filtering
sessions.
Session mirroring is supported only for the following protocols and filters:
SIP
FTP
NAT filters
Session mirroring is not supported for the following protocols and filters:
Active-active VRRP
RTSP
Layer 7 SLB
A direct interswitch link between the master and backup Alteons is necessary to
route the NAAP packets.
winsize0 disable|enable
Enables or disables the winsize0 setting. A 0 window blocks data from being accepted.
Other packets such as ACK, RST, and URG are accepted while transmitting data.
sesslog
Enables or disables session logging.
del
Removes this virtual service from operation and deletes it from the Layer 4 switching
software configuration.
Note: Use this command with caution, as it will delete the options that have been set
for this virtual service.
cur
Displays the current configuration of services on the specified virtual server.
/cfg/slb/virt/service/basic-slb/appshape
AppShape++ Menu
[AppShape++ Menu]
add
- Add AppShape++ script to service
rem
- Remove AppShape++ script from service
arem
- Remove all AppShape++ scripts from service
cur
- Display service AppShape++ scripts configuration
425
arem
Removes all AppShape++ scripts from the virtual service.
cur
Displays the current AppShape++ scripts for the virtual service.
/cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu
[Proxy IP Menu]
mode
addr
nwclss
cur
-
addr
Sets the IPv4 and/or IPv6 PIP address or subnet. When a subnet is configured, PIP
persistency mode can be selected.
Options:
PIP persistency
nwclss
Sets the IPv4 and/or IPv6 network class as PIP, and enables PIP persistency mode.
Options:
426
PIP persistency
[Virtual Server
name
http
cntrules appshape action
pip
ssl
group
redirect group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
clsrst
nonat
direct
mirror
winsize0 ckrebind sesslog del
cur
-
http
Displays the HTTP Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/http/http HTTP Load Balancing Menu, page 440.
From this menu, you can enable or disable HTTP redirection for Global Server Load
Balancing (GSLB) on a per VIP basis. Disabling HTTP redirection causes GSLB to use a
proxy IP address for HTTP.
427
appshape++
Displays the AppShape++ menu for managing AppShape++ scripts. To view this menu,
see /cfg/slb/virt/service/basic-slb/appshape AppShape++ Menu, page 425.
action group|redirect|discard
Sets the action type of this virtual service when no match is found in the HTTP content
rule.
Values:
groupLoad balances the traffic between the servers defined in the group field after
performing all other of the service's actions.
redirectPerforms application redirection for HTTP and HTTPS services based on the
settings of the redirect command (see in this table).
Default: group
Note: Alteon performs HTTP Layer 7 content switching before applying any
modifications and is based on the original requests.
pip
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu, page 426.
ssl <srvrcert|sslpol|cur>
Displays the SSL Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/https/ssl SSL Load Balancing Menu, page 434.
428
PortThe port to be set in the URL. The default value is the well-known port of the
redirect protocol. Optional.
For example, if the protocol is set to HTTPS, the default port is 443. If the protocol is
set to HTTP, the default port is 80. The delimiter between the hostname and the port
must be ":".
HostnameThe URL of the host. The delimiter between the protocol and the
hostname must be "://". Mandatory.
PathA path, file name and file type. The delimiter between the protocol and the
hostname must be "/". You can configure both the original path and a new additional
path element. Optional.
For example: $protocol://$hostname/newdir/$path
QueryA complete or partial query string. The delimiter between the protocol and
the hostname must be "?". Optional.
To use the same value as in the request, use the following construct:
http://www.mysite.com:8080/mypath
http://$HOST/new/$PATH
https://$HOST:$PORT/$PATH?$QUERY
429
When Alteon offloads SSL traffic from the servers, and back-end encryption is not
used, the servers are usually configured to listen on port 80. Therefore, rport is
automatically set to 80.
When Alteon offloads SSL traffic from the servers, and back-end encryption is used,
the servers are usually configured to listen on port 443. Therefore, rport is
automatically set to 443. For more information, see /cfg/slb/virt <server number>/
service/basic-slb Virtual Server Basic SLB Service Configuration Menu, page 421.
Notes:
You can also configure SSL offloading for other protocols encrypted by SSL by using
SSL as the application type. To select the virtual service application type, see /cfg/
slb/virt <server number> /service <virtual port or application name> Virtual Server
Service Configuration, page 419.
When using the SSL application type, HTTP-based capabilities such as setting HTTP
redirection conversion, setting the SSL client information, or passing authentication
policy information to the back-end servers are not available. Also, this capability is
not supported for protocols that include special treatment of SSL, such as FTPS,
SMPTS and POPS.
If your network environment requires it, you can change the default back-end listening
port.
Notes:
If you have associated an SSL policy to a virtual service but have not yet configured
the SSL policy, the default value of the listening port is set as the same value as the
virtual service port. When you eventually set the back-end encryption using the bessl
command, you receive a message similar to the following, based on how you
configure the back-end listening port:
430
If you set rport to 0 (meaning that no specific port is defined), Alteon determines the
back-end listening port based on the SSL policy definition and dynamically sets the
real port as appropriate.
|none
Sets the hostname for a service added. Use this in conjunction with dname (see in this
table) to create a full host or domain name for individual services.
Values:
hostnameFor example, to add a hostname for Web services, you could specify
www as the hostname. If a dname of foocorp.com is defined, "" would be the full
host or domain name for the service.
cookieThis option uses a cookie defined in the HTTP header or placed in the URI for
hashing. For more information on the cookie option, see Cookie-Based Persistence,
page 444.
Pbind cookie is only relevant for the HTTP or HTTPS applications.
If the cookie expiration time is greater than the /cfg/slb/virt x/service x/
ptmout value, timed out requests will not be persistent.
For detailed information on cookie-based persistence, see the Persistence chapter in
the Alteon Application Switch Operating System Application Guide.
sslidThis option is for Secure Sockets Layer (SSL), which is a set of protocols built
on top of TCP/IP that allows an application server and user to communicate over an
encrypted HTTP session. SSL provides authentication, non-repudiation, and security.
The session ID is a value comprising 32 random bytes chosen by the SSL server that
gets stored in a session hash table. By enabling the sslid option, all subsequent SSL
sessions which present the same session ID are directed to the same real server.
Default: disable
431
tmout
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
ptmout
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
dbind disable|enable|forceproxy
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
clsrst disable|enable
Enables or disables client reset.
Values:
disableWhen Alteon receives a FIN message from the client, it performs a graceful
closure of both client-side and server-side sessions.
enableWhen Alteon receives a FIN message from the client, it closes the serverside session entry using RST for fastage.
Note: To enable session reset on connection close, full proxy mode (forceproxy)
must be disabled.
Default: disable
frag disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
nonat disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
direct disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
mirror disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
winsize0 disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
ckrebind disable|enable
Used for cookie insert mode and determines how to handle the subsequent requests in a
TCP session. When enabled, Server Load Balancing occurs for subsequent requests that
reach Alteon without a cookie.
sesslog
Enables or disables session logging.
432
cur
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
/cfg/slb/virt<server number>/service/https/cntrules
Tip: Radware recommends that you leave a gap between rule numbers that you create so you can
easily place future rules within the current hierarchy. For example, create rules 1, 5, and 10 in the
event that new rule 3 should be placed between rules 1 and 5, or new rule 7 should be placed
between rules 5 and 10.
Note: Alteon performs HTTP Layer 7 content switching before applying any modifications and is
based on the original requests.
cntclss
Sets the content class for this rule. This parameter is mandatory for enabled rules.
For content class updates, use the /cfg/slb/layer7/slb/cntclss HTTP Content Class Menu,
page 463.
433
groupLoad balances the traffic between the servers defined in the group field after
performing all other of the service's actions.
redirectPerforms application redirection for HTTP and HTTPS services based on the
settings of the redirect command (see in this table).
Default: group
redirect
Sets the application redirection location of this rule.
To use the same value as in the request, use the following construct:
http://www.mysite.com:8080/mypath
http://$HOST/new/$PATH
https://$HOST:$PORT/$PATH?$QUERY
copy
Copies the rule to another index in the same virtual service. This option can also be used
to change the priority of a rule.
ena
Enables the rule.
dis
Disables the rule.
del
Deletes the rule.
cur
Displays the current rule configuration.
434
sslpol
Sets the SSL policy for this virtual service.
cur
Displays the current SSL configuration.
[Virtual Server
name
http
cntrules appshape action
pip
group
redirect rport
hname
cont
pbind
thash
report
tmout
ptmout
dbind
clsrst
nonat
direct
mirror
winsize0 ckrebind sesslog del
cur
-
435
http
Displays the HTTP Load Balancing menu. To view this menu, see /cfg/slb/virt <server
number>/service/http/http HTTP Load Balancing Menu, page 440.
From this menu, you can enable or disable HTTP redirection for Global Server Load
Balancing (GSLB) on a per VIP basis. Disabling HTTP redirection causes GSLB to use a
proxy IP address for HTTP.
cntrules
Displays the Content-Based Services Rule menu. The maximum number of rules per
virtual service is 128. The rule number defines the rule priority.
Note: Alteon performs HTTP Layer 7 content switching before applying any
modifications and is based on the original requests.
To view this menu, see /cfg/slb/layer7 Layer 7 SLB Resource Definition Menu, page 461.
appshape++
Displays the AppShape++ menu for managing AppShape++ scripts. To view this menu,
see /cfg/slb/virt/service/basic-slb/appshape AppShape++ Menu, page 425.
action group|redirect|discard
Sets the action type of this virtual service when no match is found in the HTTP content
rule.
Values:
groupLoad balances the traffic between the servers defined in the group field after
performing all other of the service's actions.
redirectPerforms application redirection for HTTP and HTTPS services based on the
settings of the redirect command (see in this table).
Default: group
pip
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu, page 426.
436
PortThe port to be set in the URL. The default value is the well-known port of the
redirect protocol. Optional.
For example, if the protocol is set to HTTPS, the default port is 443. If the protocol is
set to HTTP, the default port is 80. The delimiter between the hostname and the port
must be ":".
HostnameThe URL of the host. The delimiter between the protocol and the
hostname must be "://". Mandatory.
PathA path, file name and file type. The delimiter between the protocol and the
hostname must be "/". You can configure both the original path and a new additional
path element. Optional.
For example: $protocol://$hostname/newdir/$path
QueryA complete or partial query string. The delimiter between the protocol and
the hostname must be "?". Optional.
To use the same value as in the request, use the following construct:
http://www.mysite.com:8080/mypath
http://$HOST/new/$PATH
https://$HOST:$PORT/$PATH?$QUERY
hname <hostname>
|none
437
cookieThis option uses a cookie defined in the HTTP header or placed in the URI for
hashing. For more information on the cookie option, see Cookie-Based Persistence,
page 444.
Pbind cookie is only relevant for the HTTP or HTTPS applications.
For detailed information on cookie-based persistence, see the Persistence chapter in
the Alteon Application Switch Operating System Application Guide.
Default: disable
thash sip|sip+sport
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
report <service|real>
Sets the reporting level for Device Performance Monitoring (DPM). When DPM is enabled,
performance statistics are sent to APSolute Vision for display in the Device Performance
Monitoring Web interface. The DPM Web interface includes alerts, dashboards with
current monitoring data, and reports with historical data.
Note: For DPM to work you must enable it (see /cfg/sys/report Configuring Device
Performance Monitoring (DPM) Reporting Parameters, page 285), and you must
enable DAM (Direct Access Mode) for each virtual service that you are monitoring.
By default, statistics are gathered per virtual service. When you require more granular
reports, you can select an extended reporting level per virtual service (per real server
associated with that service).
Values:
realDPM statistics are gathered and displayed per real server per virtual service.
Default: service
For more information on DPM, see the APSolute Vision User Guide.
438
ptmout
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
dbind disable|enable|forceproxy
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
clsrst disable|enable
Enables or disables client reset.
Values:
disableWhen Alteon receives a FIN message from the client, it performs a graceful
closure of both client-side and server-side sessions.
enableWhen Alteon receives a FIN message from the client, it closes the serverside session entry using RST for fastage.
Note: To enable session reset on connection close, full proxy mode (forceproxy)
must be disabled.
Default: disable
nonat disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
direct disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
mirror disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
winsize0 disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
ckrebind disable|enable
Used for cookie insert mode and determines how to handle the subsequent requests in a
TCP session. When enabled, Server Load Balancing occurs for subsequent requests that
reach Alteon without a cookie.
sesslog
Enables or disables session logging.
del
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
cur
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
439
You can combine or select applications to load balance using the and and/or or
operators. For example:
httpslb <application>
httpslb application and|or
<application>
comppol
Displays the Compression Policy menu for setting the compression policy for this virtual
service. To view this menu, see /cfg/slb/accel/compress/comppol <compression policy
ID> Compression Policy Menu, page 488.
440
errcode disable|enable|clear
Controls server response codes. You can change the error code generated by the server,
edit the error reason, or redirect to a different HTTP location. You can define multiple
error codes per service if all use the same behavior.
Values:
yRedirect. You are prompted to enter the URL to which to redirect, and the
error code.
nDo not redirect. You are prompted to enter a new error code and the
error reason.
disableDisables this option.
Default: disable
urlchang disable|enable|clear
Changes URLs in server responses. You can adjust to changes made on servers, making
them transparent to end-users, by matching the hostname, URL, page, and page type,
and updating the URL, page, and page type.
Values:
enableWhen you enable this option, you are prompted to configure the following
parameters:
441
Path match typeThe path you provide for the path the match parameter:
sufxSuffix
prefxPrefix
eqEquals
inclIncludes
anyIf you enter any, the prompt skips to the page name to match
parameter.
Path to matchThe path to be matched based on the selected path match type.
section? [b/a]:
New type nameThe new page type to be used for the path change or none.
Default: disable
442
Hostname match typeThe path type that determines how to match the path you
provide in the next parameter.
sufxsuffix
prefxprefix
eqequals
inclincludes
anyany
Path match typeThe path type that determines how to match the path you provide
in the next parameter.
sufxsuffix
prefxprefix
eqequals
inclincludes
anyany
textrep disable|enable|clear
Replaces or removes free text in server responses.
By default server resource cloaking is disabled.
When you enable this option, configure the desired action:
replaceThe matched text to be replaced and then enter the replacement text.
httpmod
Sets an HTTP modification rule list. After setting an HTTP Modification rule list, you can
configure it. To view this menu, see /cfg/slb/layer7/httpmod HTTP Modification Rule-List
Menu, page 470.
connmgt enabled|disabled|pooling
Sets connection management for HTTP traffic.
Values:
clntprox
Sets the client proximity processing type for GSLB.
Values: http, https, none
Default: none
443
rcount
Sets the multi-response count.
parselen enable|disable
Sets the parsing buffer length for content-based selection.
parselmt enable|disable
Enables or disables parse the limit for content-based selection.
urinorm enable|disable
Enables or disables the URI normalization for HTTP modification and content matching.
xforward enable|disable
Enables or disables the URI normalization for HTTP modification and content matching.
Note: To enable X-Forwarded-For, you need to either set delayed binding to full proxy
mode and configure a PIP or enable DAM.
cloaksrv enable|disable
Enables or disables modification of server responses by replacing HTTP headers that
include information about the server computer and operating system.
redirect enable|disable
Enables or disables HTTP and HTTPS redirection for GSLB.
cur
Displays the current HTTP configuration.
Cookie-Based Persistence
Use the cookie option to establish cookie-based persistence. Table 305 - Cookie Persistence Options
(/cfg/slb/virt/service/http/http/cookie), page 445 describes the cookie sub-options. For more
information on cookie-based persistence, refer to the Alteon Application Switch Operating System
Application Guide.
444
Option
Description
mode
pPassive mode. In this mode, the network administrator configures the Web
server to embed a cookie in the server response that Alteon looks for in
subsequent requests from the same client.
rRewrite mode, or active cookie mode. In this mode, Alteon, and not the
network administrator, generates the cookie value on behalf of the server.
Alteon intercepts this persistence cookie and rewrites the value to include
server-specific information before sending it to the client.
iInsert mode. In this mode, when a client sends a request without a cookie,
the server responds with the data, and Alteon inserts a persistence cookie into
the data packet. Alteon uses this cookie to bind to the appropriate server.
The following are insert mode options:
Domain nameThe domain for which the cookie is valid. Enter y to enable
this option.
pathThe subset of URLs on the origin server to which this cookie applies.
secure flagWhen enabled, this directs the user agent to use a secure
connection to obtain content associated with the cookie. Enter y to enable
this option.
name
offset
length
The number of bytes to extract. For cookie rewrite, the length must be 8 or 16.
URI
Values: 164
Values:
Tip: Radware recommends that you leave a gap between rule numbers that you create so you can
easily place future rules within the current hierarchy. For example, create rules 1, 5, and 10 in the
event that new rule 3 should be placed between rules 1 and 5, or new rule 7 should be placed
between rules 5 and 10.
445
[HTTP Content
name
cntclss
action
group
redirect
copy
ena
dis
del
cur
Rule 1 Menu]
- Set descriptive content rule name
- Set content class for this rule
- Set action type for this rule
- Set real server group number for this rule
- Set application redirection location for this rule
- Copy rule
- Enable rule
- Disable rule
- Delete rule
- Display current rule configuration
cntclss
Sets the content class for this rule. This parameter is mandatory for enabled rules.
Note: Alteon performs HTTP Layer 7 content switching before applying any
modifications and is based on the original requests.
For content class updates, use the /cfg/slb/layer7/slb/cntclss HTTP Content Class Menu,
page 463.
action group|redirect|discard
Sets the action type of this virtual service when no match is found in the HTTP content
rule.
Values:
groupLoad balances the traffic between the servers defined in the group field after
performing all other of the service's actions.
redirectPerforms application redirection for HTTP and HTTPS services based on the
settings of the redirect command (see in this table).
Default: group
redirect
Sets the application redirection location of this rule.
To use the same value as in the request, use the following construct:
446
http://www.mysite.com:8080/mypath
http://$HOST/new/$PATH
https://$HOST:$PORT/$PATH?$QUERY
ena
Enables the rule.
dis
Disables the rule.
del
Deletes the rule.
cur
Displays the current rule configuration.
[Virtual Server
ssl
appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
clsrst
nonat
direct
mirror
winsize0 sesslog del
cur
-
447
appshape++
Displays the AppShape++ menu for managing AppShape++ scripts. To view this menu,
see /cfg/slb/virt/service/basic-slb/appshape AppShape++ Menu, page 425.
pip
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip
Proxy IP Menu, page 426.
448
When Alteon offloads SSL traffic from the servers, and back-end encryption is not
used, the servers are usually configured to listen on port 80. Therefore, rport is
automatically set to 80.
When Alteon offloads SSL traffic from the servers, and back-end encryption is used,
the servers are usually configured to listen on port 443. Therefore, rport is
automatically set to 443. For more information, see /cfg/slb/virt <server number>/
service/basic-slb Virtual Server Basic SLB Service Configuration Menu, page 421.
Notes:
You can also configure SSL offloading for other protocols encrypted by SSL by using
SSL as the application type. To select the virtual service application type, see /cfg/
slb/virt <server number> /service <virtual port or application name> Virtual Server
Service Configuration, page 419.
When using the SSL application type, HTTP-based capabilities such as setting HTTP
redirection conversion, setting the SSL client information, or passing authentication
policy information to the back-end servers are not available. Also, this capability is
not supported for protocols that include special treatment of SSL, such as FTPS,
SMPTS and POPS.
If your network environment requires it, you can change the default back-end listening
port.
Notes:
If you have associated an SSL policy to a virtual service but have not yet configured
the SSL policy, the default value of the listening port is set as the same value as the
virtual service port. When you eventually set the back-end encryption using the bessl
command, you receive a message similar to the following, based on how you
configure the back-end listening port:
If you set rport to 0 (meaning that no specific port is defined), Alteon determines the
back-end listening port based on the SSL policy definition and dynamically sets the
real port as appropriate.
hname <hostname>
|none
449
pbind clientip|sslid|disable
Enables or disables persistent bindings for a real server. This may be necessary for some
server applications where state information about the client system is retained on the
server over a series of sequential connections, such as with SSL (Secure Socket Layer,
HTTPS), Web site search results, or multi-page Web forms.
Values:
sslidThis option is for Secure Sockets Layer (SSL), which is a set of protocols built
on top of TCP/IP that allows an application server and user to communicate over an
encrypted HTTP session. SSL provides authentication, non-repudiation, and security.
The session ID is a value comprising 32 random bytes chosen by the SSL server that
gets stored in a session hash table. By enabling the sslid option, all subsequent SSL
sessions which present the same session ID are directed to the same real server.
Default: disable
thash sip|sip+sport
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
tmout
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
ptmout
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
dbind disable|enable|forceproxy
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
450
disableWhen Alteon receives a FIN message from the client, it performs a graceful
closure of both client-side and server-side sessions.
enableWhen Alteon receives a FIN message from the client, it closes the serverside session entry using RST for fastage.
Note: To enable session reset on connection close, full proxy mode (forceproxy)
must be disabled.
Default: disable
nonat disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
direct disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
mirror disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
winsize0 disable|enable
See the description of this command in /cfg/slb/virt <server number>/service/basic-slb
Virtual Server Basic SLB Service Configuration Menu, page 421.
sesslog
Enables or disables session logging.
del
See /cfg/slb/virt <server number>/service/basic-slb Virtual Server Basic SLB Service
Configuration Menu, page 421.
cur
See /cfg/slb/virt <server number>/service/basic-slb Virtual Server Basic SLB Service
Configuration Menu, page 421.
451
sslpol
Sets the SSL policy for this virtual service.
cur
Displays the current SSL configuration.
[Virtual Server
protocol appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dnstype dbind
nonat
dnsslb
direct
mirror
winsize0 sesslog del
cur
-
452
Default: disable
dnstype
Sets the DNS type for this service.
Values: dns, dnssec, both
dnsslb
Enables or disables DNS-based Layer or content load balancing.
453
[Virtual Server
appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
nonat
ftpp
mirror
sesslog del
cur
-
Default: disable
454
[Virtual Server
appshape pip
group
hname
rtspslb thash
tmout
ptmout
softgrid nonat
nortsp
sesslog del
cur
-
hashRTSP parses the URL and hashes the URL to select a server to load balance.
patternMatchAlteon matches the string or pattern within the URL to select a server
based on the string configured on the real server.
Default: hash
softgrid <Enable|disable>
Enables or disables SoftGrid load balancing.
455
[Virtual Server
wts
appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
nonat
direct
mirror
winsize0 sesslog del
cur
-
456
Default: disable
ena [true|false]
Enables WTS load balancing.
dis [true|false]
Disables WTS load balancing.
cur
Displays the current WTS configuration.
457
[Virtual Server
sip
protocol appshape pip
group
rport
hname
cont
pbind
thash
tmout
ptmout
dbind
frag
nonat
direct
mirror
winsize0 sesslog del
cur
-
Table 314: Virtual Server Session Initiation Protocol Service Configuration Options (/cfg/slb/
virt/service/sip)
458
You need to activate Direct Access Mode (DAM) perform SIP load balancing.
You can use only minmiss as the load-balancing metric, because load balancing is
performed based on the Call-ID.
Table 314: Virtual Server Session Initiation Protocol Service Configuration Options (/cfg/slb/
virt/service/sip)
Default: disable
Note: Layer 7 SIP load balancing is supported only in UDP and not in TCP. You must enable UDP for
SIP service.
e (enable)When enabled, you can scan and hash calls based on a SIP Call-ID
header to an MCS server. You need to turn Direct Access Mode (DAM) on to perform
SIP load balancing. You can use only minmiss as the load balancing metric because
load balancing is performed based on the Call-ID.
459
hashlen
Determines the number of bytes from the Call-ID that are used as input to the hash
function.
cur
Displays the current SIP configuration.
[Virtual Server
appshape pip
group
rport
hname
cont
thash
tmout
nonat
direct
reset
ldapslb mirror
sesslog del
cur
-
Table 316: Virtual Server Session Initiation Protocol Service Configuration Options (/cfg/slb/
virt/service/ldap)
ldapslb disable|enable
Enables or disables Layer 7 LDAP server load balancing.
460
/cfg/slb/layer7
slb
Displays the Server Load Balance Resource menu. To view this menu, see /cfg/slb/
layer7/slb Server Load Balance Resource Menu, page 462.
httpmod
Displays the HTTP Modification Rule-List menu. To view this menu, see /cfg/slb/layer7/
httpmod HTTP Modification Rule-List Menu, page 470.
sdp
Displays the SDP Mapping menu. To view this menu, see /cfg/slb/layer7/sdp SDP
Mapping Menu, page 484.
rule
Displays the SIP UDP Rule menu. To view this menu, see /cfg/slb/layer7/rule SIP UDP
Rule Menu, page 485.
cur
Displays the current Layer 7 configuration.
461
/cfg/slb/layer7/slb
addstr
<l7lkup|pattern>
Defines a string for Server Load Balancing or filtering using either a Layer 7 lookup
string or a pattern match.
Values:
Defines an SLB string for content-based server selection using either a Layer 7 lookup
string or a pattern match.
Values:
http
dnsUse a known DNS name or number for the DNS query type, or select any.
For example: DNS name A, DNS number 1
After selecting the DNS type and the DNS query type, you are prompted for the
DNS hostname. Provide the full FQDN on which you want to load balance.
other
SLB string>
462
case disable|enable
Enables or disables case sensitivity for string matching.
Values:
disableIf you disable case sensitivity, all load balancing strings and all the request
strings need to be converted to lowercase before doing any string comparison.
cur
Displays the currently configured SLB strings and their associated string IDs (index
numbers) and the supported HTTP request methods.
/cfg/slb/layer7/slb/cntclss
463
hostname
Displays the Hostname menu. Enter the hostname ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/hostname HTTP Content Class Hostname Menu,
page 465.
path
Displays the Path menu. Enter the path ID to display the menu. To view this menu, see
/cfg/slb/layer7/slb/cntclss/path HTTP Content Class Path Menu, page 465.
filename
Displays the File Name menu. Enter the filename ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/filename Content Class File Name Menu,
page 466.
filetype
Displays the File Type menu. Enter the filetype ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/filetype Content Class File Type Menu, page 467.
header
Displays the Header menu. Enter the header ID to display the menu. To view this menu,
see /cfg/slb/layer7/slb/cntclss/header Content Class Header Menu, page 467.
cookie
Displays the Cookie menu. Enter the cookie ID to display the menu. To view this menu,
see /cfg/slb/layer7/slb/cntclss/cookie Content Class Cookie Menu, page 468.
text
Displays the Text menu. Enter the text ID to display the menu. To view this menu, see /
cfg/slb/layer7/slb/cntclss/text Content Class Text Menu, page 469.
xmltag
Displays the XML Tag menu. Enter the XML tag ID to display the menu. To view this
menu, see /cfg/slb/layer7/slb/cntclss/xmltag Content Class XML Tag Menu, page 469.
logexp
Sets the logical expression between classes.
The following logical operators are supported:
&AND
|OR
!NOT
()Brackets
copy
Copies the HTTP content class.
del
Deletes the HTTP content class.
cur
Displays the currently configured HTTP content class.
464
/cfg/slb/layer7/slb/cntclss/hostname
match [sufx|prefx|equal|include|regex]
Defines the match criteria of the defined string.
Default: include
copy
Copies the hostname element to another element ID in the same class.
del
Deletes the hostname element.
cur
Displays the currently configured hostname.
/cfg/slb/layer7/slb/cntclss/path
465
case
Enables or disables case sensitivity for string matching.
copy
Copies the path.
del
Deletes the path.
cur
Displays the currently configured path.
/cfg/slb/layer7/slb/cntclss/filename
match [sufx|prefx|equal|include|regex]
Defines the path match criteria of the defined string.
Default: include
case
Enables or disables case sensitivity for matching.
copy
Copies the file name.
del
Deletes the file name.
cur
Displays the currently configured file name.
466
/cfg/slb/layer7/slb/cntclss/filetype
match [sufx|prefx|equal|include|regex]
Defines the path match criteria of the defined string.
Default: include
case
Enables or disables case sensitivity for matching.
copy
Copies the file type.
del
Deletes the file type.
cur
Displays the currently configured file type.
/cfg/slb/layer7/slb/cntclss/header
467
case
Enables or disables case sensitivity for matching.
copy
Copies the header.
del
Deletes the header.
cur
Displays the currently configured header.
/cfg/slb/layer7/slb/cntclss/cookie
match [eq|incl|regex]
Defines the path match criteria of the defined string.
Default: include
case
Enables or disables case sensitivity for matching.
copy
Copies the cookie.
del
Deletes the cookie.
cur
Displays the currently configured cookie.
468
/cfg/slb/layer7/slb/cntclss/text
match [include|regex]
Defines the path match criteria of the defined string.
Default: include
area
Defines the lookup area.
case
Enables or disables case sensitivity for matching.
copy
Copies the text.
del
Deletes the text.
cur
Displays the currently configured text.
/cfg/slb/layer7/slb/cntclss/xmltag
469
match
path[eq|sufx] value[eq|include|regex]
Defines the match criteria of the defined string. You are prompted to enter the following:
New matching type for the XML tag path: eq, sufx
New matching type for XML tag value: eq, include, regex
case
Enables or disables case sensitivity for matching.
copy
Copies the XML tag.
del
Deletes the XML tag.
cur
Displays the currently configured XML tag.
/cfg/slb/layer7/httpmod
470
url Set actions for the protocol (HTTP or HTTPS), port, host, path, page name, and
page type.
copy
You can duplicate an entire rule list by copying the rule list to a destination rule list
name.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the HTTP
modification rule list to be operational, you must first enable and apply it.
dis
Disables a rule list to make it non-operational.
del
Deletes this HTTP modification rule list.
cur
Displays the current HTTP modification rule list configuration. Rules display in numerical
order.
/cfg/slb/layer7/httpmod/rule
Tip: Radware recommends that you leave a gap between rule numbers that you create so you can
easily place future rules within the current hierarchy. For example, create rules 1, 5, and 10 in the
event that new rule 3 should be placed between rules 1 and 5, or new rule 7 should be placed
between rules 5 and 10.
471
action
Displays the URL Action menu, used to determine which action the URL rule
performs.
From the URL Action menu, you can set actions for the following parameters:
When the match port is not 0, the port is removed from the URL.
When the match port is not 0, and the port parameter is 0 for both match
and action, the port in the URL remains unchanged. That is, if it was
explicitly specified it remains as it is, if it was not specified it remains not
specified.
Note: Replace and remove are not allowed when the host match type is set to
any.
472
action
(continued)
Example:
Host match type prefix and the host to match www.a match all hosts that
start with www.a. Using host action Insert After with host to insert bbb results
in the following: host www.a.com is modified to www.abbb.com, and host
www.az.com is modified to www.abbbz.com.
Note: Replace and remove are not allowed when the Path Match Type is set to
Any.
When using a path match, an action must be specified. To use path match as
the match criteria only and use the same path, use the replace action with the
same text string in the match.
Example:
Path match type include and path to match abc match any path that contains
abc, such as /abc/, /a/abc, and so on. Using path action remove results in
the following: path abc is removed, and path de/abc/xyz is modified to de/
xyz.
PagenameA new page name. Leave this action empty to remove the matched
page name.
Note: When both match and action are empty, no operation is performed.
PagetypeA new page type. Leave this action empty to remove the matched
page type.
Note: When both match and action are empty, no operation is performed.
473
PortThe port used in the URL. Default: 0, meaning a match when the port is
not explicitly specified in the URL, resulting in using the default port for the
specified protocol (80 for HTTP, 443 for HTTPS).
Note: When the port is 0 for both match and action, this implies that the port
parameter is not checked (the rule is matched regardless of the port that is in the
URL) and not changed.
Host
Host match type can be set to suffix, prefix, equal, include, or any.
Any implies that any host will match.
Path
Path match type can be set to suffix, prefix, equal, include, or any.
This parameter is not required when match type is set to any. Any implies
that any non-empty path match.
474
body
Enables URL modification in the body.
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
475
insertInserts the header field and value at the beginning of the header area.
A value match means a complete word within the value of the header.
Notes:
If you define match criteria, the insert is performed only if the match is met.
Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
replaceReplaces the matched header name and value with the new header
name and value specified.
476
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
477
replaceReplaces the matched cookie key and value with the new specified key
and value:
removeThe entire key=value pair is removed from the header. The value
specified determines if the header should be removed.
directn
Determines the rule direction:
478
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
action
Determines which of the following actions the file type rule performs.
replaceReplaces the matched file type with the new file type:
directn
Determines the rule direction.
Note: For element file type, the direction is automatically set to request and
cannot be updated.
479
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
action
Determines which of the following actions the status line rule performs:
replaceReplaces the matched status line with the new status line:
480
copy
Copies a rule to another rule number in the same rule list. This can also be used to
change the priority of a rule.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
body include|exclude
Enables or disables text modification in the body.
Default: exclude
481
directn
Determines the rule direction:
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the HTTP modification rule list, it is disabled by default. For the
rule to be operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
External-IP-port:$VIP:$VIP_Port
Note: The $ character represents a variable. The string $$ represents the real $ character in the
replacement value text.
Value
Description
$Blank
$Client_IP
482
Value
Description
$Client_Port
$VIP_IP
The original destination IP as it appears in the request that arrives from Alteon.
$VIP_Port
$Server_IP
The IP address of the server that was selected by Alteon for this session.
$Server_Port
The destination port to which traffic is forwarded when sent to the server.
/cfg/slb/layer7/redir
disableAlteon compares the URI against the expression table to determine if all
non-GET requests should be redirected to a cache server or origin server.
Default: enable
cookie disable|enable
Enables or disables auto-allow for cookie to origin servers:
enableAlteon redirects all requests that contain Cookie: in the HTTP header to the
origin server.
Default: disable0
nocache disable|enable
Enables or disables no-cache control header to origin servers:
Default: enable
483
<number (1-255)>
enableYou can set the length of URI used to hash into the cache server by
specifying a number from 1 to 255.
disableAlteon only uses the host header field to calculate the hash key.
Default: disable
cur
Displays the current URL expression table.
/cfg/slb/layer7/sdp
private IP
public IP
rem
private IP
Removes SDP mapping.
cur
Displays the current SDP mapping configuration.
484
/cfg/slb/layer7/rule
1
-
Menu]
SIP UDP Header field name
SIP UDP Header field content
BWM contract for this rule
Alert message for this rule
Severity for this rule
Add Dependent rules
Delete Dependent rules
Enable this rule
Disable this rule
Remove this rule
Display current rule
from
to
replyto
via
method
reqline
callid
cseq
contact
expires
contentlen
sdpcontent
content <content>
Displays and lets you modify the current header content.
message <message>
Displays the alert message after the rule is completed.
485
ena
Enables the current rule.
del
Deletes the current rule.
cur
Displays the current rule information
/cfg/slb/accel
Menu]
- Compression Menu
- Web Performance Optimization Menu
- Display current acceleration configuration
fastview
Displays the FastView menu. To view this menu, see /cfg/slb/accel/fastview FastView
Menu, page 496.
cur
Displays the current acceleration configuration.
486
/cfg/slb/accel/compress
Compression Menu
[Compression Menu]
comppol - Compression Policy Menu
urllist - Compression URL Exceptions Rule-Lists Menu
brwslist - Compression Browser Exceptions Rule-Lists Menu
on
- Globally turn compression ON
off
- Globally turn compression OFF
cur
- Display current compression configuration
urllist
Displays the Compression URL Rule-List menu. To view this menu, see /cfg/slb/accel/
compress/urllist <URL rule-list ID> Compression URL Exception Rule-List Menu,
page 490.
brwslist
Displays the Compression Browser Rule-List menu. To view this menu, see /cfg/slb/accel/
compress/brwslist Compression Browser Exception Rule-Lists Menu, page 493.
on
For the compression support to be operational, you must set compression to on.
Default: off
off
When set to off, compression support is non-operational.
Note: If you have already configured compression support and you then set
compression to off, all applied or saved configuration changes are preserved, but the
compression processes is no longer operational.
Default: off
cur
Displays the current compression configuration settings.
487
algrthm
Defines the preferred compression algorithm used by Alteon, where the client can receive
both gzip and Deflate compressed content.
The prompt displays the current preferred compression algorithm. Enter the new
preferred compression algorithm, if required.
Values: gzip, deflate
Default: gzip
complvl
Sets the compression level.
The prompt displays the current compression level. Set the new compression level, if
required.
Note: Because raising the compression level requires more CPU resources and usually
only results in a small adjustment to the compression ratio, changing this default
should be done with care.
Values: 19
Default: 1
488
maxsize
Defines the maximum value of the file sizes (according to their Content Length header) of
the object to be compressed. Use this to avoid attempting to compress files that are very
big, for which the compression time will be long and high latency may occur.
Values: 12000000000 bytes, unlimited
Default: 10485760 (100 MB)
urllist
Optionally associates a compression URL exceptions rule list to the compression policy.
This lets you define compression exceptions rule lists based on an objects URL (file/
folder). These exceptions are evaluated first, making them the most low-level means of
defining compress or don't-compress behavior.
For details on creating URL exception rule lists, see /cfg/slb/accel/compress/urllist <URL
rule-list ID> Compression URL Exception Rule-List Menu, page 490.
Values: 031 characters
Default: none
brwslist
Optionally associates a browser exceptions rule list to the compression policy. You may
want to do this to skip the compression of certain objects that create a problem when
uncompressed, or that require too much resources with little benefit (such as PDFs and
PPT folders, or for specific browser types (user-agents)).
This lets you define compression exceptions rule lists based on User-Agent (Browser
type) or Content-type (file type). These exceptions are evaluated after the compression
URL exceptions, meaning they can be overridden by the compression URL exceptions.
For details on creating browser exception rule lists, see /cfg/slb/accel/compress/brwslist
Compression Browser Exception Rule-Lists Menu, page 493.
Values: 031 characters
Default: none
brwspred
Enable or disables workarounds for known browser compression-related limitations using
a predefined browser exception rule list. For details on the predefined browser rule list,
see Predefined Browser Rule Table, page 496.
Values: disabled, enabled
Default: disabled
489
ena
When you configure the compression policy, it is disabled by default. In order for
compression to work, you must enable and apply the compression policy.
dis
Disables a compression policy to make it non-operational.
del
Deletes this compression policy.
cur
Displays the current compression policy configuration.
rule
Displays the Compression URL Rule menu. To view this menu, see /cfg/slb/accel/
compress/urllist/rule <rule_number> Compression URL Rule-list Menu, page 491.
490
ena
When you configure the URL exception rule list, it is disabled by default. For the URL rule
list to be operational, you must first enable and apply it.
dis
Disables a rule list to make it non-operational
del
Deletes this URL exceptions rule list.
cur
Displays the current URL exception rule list configuration. Rules display in numerical
order.
/cfg/slb/accel/compress/urllist/rule <rule_number>
Tip: Radware recommends that you leave a gap between rule numbers that you create so you can
easily place future rules within the current hierarchy. For example, create rules 1, 5, and 10 in the
event that new rule 3 should be placed between rules 1 and 5, or new rule 7 should be placed
between rules 5 and 10.
491
domainm
Determines how domain matching should be evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
Values: text, regexp, any (any domain)
Default: any
domain
Optionally defines the domain matching configuration (the virtual host) for which this rule
applies. Use this parameter only when the domain matching method is not set to any.
Example: radware.com
urlm
Determines how URL matching should be evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
Values: text, regexp, any (any URL)
Default: any
url
Determines the URL of the specific object (file/folder) to be matched by this rule. Use this
field only when the URL matching method is not any. The URL can be full or partial
according to the level of granularity required by the configuration.
Example: \Radware\user\documents
compress
Alternately enables or disables compression as the rule action.
Default: disabled
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the URL exception rule list, it is disabled by default. For the rule to be
operational, you must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
492
/cfg/slb/accel/compress/brwslist
rule
Displays the Compression Browser Rule menu. To view this menu, see /cfg/slb/accel/
compress/brwslist/rule Compression Browser Rule Menu, page 494.
Note: If you are accessing the predefined browser exception rule list, you cannot
change any of the rule attributes. For a list of the predefined browser exceptions list
rules, see Predefined Browser Rule Table, page 496.
copy
Duplicates an entire rule list by copying the rule list to a destination rule list ID.
493
dis
Disables a rule list to make it non-operational.
Note: If you are accessing the predefined browser exceptions rule list, you can also
disable the predefined browser exceptions rule list.
del
Deletes this browser exception rule list.
Note: If you are accessing the predefined browser exceptions rule list, you cannot
delete the predefined browser rule list.
cur
Displays the current browser exceptions rule list configuration (including the predefined
browser exception rule list). Rules display in numerical order.
/cfg/slb/accel/compress/brwslist/rule
494
agentm
Determines how user agent matching should be evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
Values: text, regexp, any (any domain)
Default: any
agent
The optional agent matching configuration defines the user agent string for which this
rule applies. Use this parameter only when agent matching method is not set to any.
contentm
Determines how content type matching should be evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
Values: text, regexp, any (any content type)
Default: any
content
Determines the content of the specific object to be matched by this rule. Use this
parameter only when the content matching method is not set to any.
compress
Enables or disables compression as the rule action:
Default: disabled
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the rule, it is disabled by default. For the rule to be operational, you
must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
495
Rule
Number
Name
UA
Method
User Agent
CT
Method
Content Type
Compress
200
Any Browser
text
Compress HTML
text
text/html
Enabled
300
Any Browser
Compress text
text
text
text/plain
Enabled
400
text
image/jpeg
Disabled
500
text
image/gif
Disabled
600
text
image/png
Disabled
700
Firefox
Compress TAR
text
application/xtar
Enabled
800
text
application/xtar
Disabled
900
MSIE higher
than 7
Compress All
regex
Enabled
1100
MSIE 6 SP2
Compress All
text
MSIE 6.0;
Windows NT
5.1; SV1
text
Enabled
1200
Opera
Compress PDF
regex
Opera[ ,/][^35]
text
application/pdf
Enabled
1300
MSIE Do Not
Compress PDF
text
MSIE
text
application/pdf
Disabled
1400
Mozilla/4
text
text
Firefox
Disabled
/cfg/slb/accel/fastview
FastView Menu
[FastView Menu]
fastpol cachlist optlist memcache on
off
cur
-
496
cachlist
Displays the caching Rule-List menu. To view this menu, see /cfg/slb/accel/fastview/
cachlist <rule-list id> Caching Exceptions Rule-List Menu, page 500.
optlist
Displays the optimization Rule-List menu. To view this menu, see /cfg/slb/accel/fastview/
optlist <rule-list ID> Optimization Exceptions Rule-List Menu, page 503.
memcache
A global parameter that defines the maximum percentage of RAM to be allocated for
caching.
Values: 150
Default: 20
Notes:
A log and a syslog message are sent when use of the allocated caching space
exceeds 80% or falls below 80%.
on
For FastView support to be operational, you must set FastView to on.
Default: off
off
When set to off, FastView support is non-operational.
If you have already configured FastView support and you then set FastView to off, all
applied or saved configuration changes are preserved but the FastView processes are no
longer operational.
Note: Changing FastView to off clears all cached content.
Default: off
cur
Displays the current FastView configuration.
Note: Alteon version 29.0 does not include FastView advanced capabilities as an integrated
software module. Radware's FastView Advanced Web Performance Optimization solution is available
as a standalone solution. For more information, see www.radware.com/Solutions/Enterprise/
ApplicationNetworking/ApplicationAcceleration.aspx.
497
name
Sets the descriptive name for the FastView optimization policy.
Values: 032 alphanumeric characters
Default: none
caching
Displays the Caching menu, from which you can manually configure caching behavior. To
view this menu, see /cfg/slb/accel/fastview/fastpol <policy ID (alphanumeric)>/caching
Caching Menu, page 499.
cachlist
Sets the list of rules that define which items are excluded from FastView Web caching.
A FastView caching rule list can be associated to a FastView policy to define exceptions
that prevent caching for matched resources. For more details on creating caching rule
lists, see /cfg/slb/accel/fastview/cachlist <rule-list id> Caching Exceptions Rule-List
Menu, page 500.
optlist
This parameter is not supported.
cmntrm
This parameter is not supported.
csscmbn
This parameter is not supported.
cssinlin
This parameter is not supported.
498
imgdim
This parameter is not supported.
jscmbn
This parameter is not supported.
jsinlin
This parameter is not supported.
trimurl
This parameter is not supported.
wtspcrm
This parameter is not supported.
cur
Displays the current FastView configuration, including the list of defined domains and the
services with which a FastView policy is associated.
Caching Menu
Use this menu to configure caching parameters for FastView. The FastView policy defines the caching
behavior required for the virtual service to which it is associated. A single FastView policy can be
associated to multiple virtual services if they share the same caching configuration. The FastView
policy is identified by an alphanumeric ID.
[Caching Menu]
expire
minsize
maxsize
store
cur
499
If the server header expiration time is longer than the maximum expiration time, the
maximum expiration time value overrides the server header expiration time.
If the server header or configuration using the cache URL rule list expiration time is
shorter than the maximum expiration time, the object is served according to either
the header or the rule list configuration (see /cfg/slb/accel/fastview/fastpol <policy
ID (alphanumeric)> FastView Policy Menu, page 497).
Note: Alteon updates the client browser with the expiration time only if browser
caching is enabled with the browser command, as described in this table.
Values: 6043,200,000 seconds (~500 days)
Default: 86400 (24 hours)
minsize
The minimum object size to be stored, in bytes, in cache.
Values: 165536
Default: 1024 (1 KB)
Radware recommends that you reduce the minimum cache object size to 1 byte when
using .css or JavaScript inlining, as described in /cfg/slb/accel/fastview/fastpol <policy ID
(alphanumeric)> FastView Policy Menu, page 497.
maxsize
The maximum object size to be stored, in bytes, in cache.
Values: 1512,000,000
Default: 1048576 (1 MB)
store
An optional setting that defines caching behavior for storing new objects in cache.
Values:
srvrhdrRespect the cache directive specified by the Web application using HTTP
headers. Caching is performed according to caching headers sent by the back-end
servers.
cacheallCache all content regardless of specified cache directives. For example, the
Private header is not respected when cacheall is used.
Note: If you choose to cache all content, Radware highly recommends using the URL
exceptions rule list as a black list, specifying what should not be cached.
Default: srvrhdr
cur
Displays the current FastView caching configuration.
500
rule
Displays the Rule-list Rule menu. To view this menu, see /cfg/slb/accel/fastview/cachlist
<rule-list id>/rule <rule number> Caching Exceptions Rule-List Rule Menu, page 501.
copy
Duplicates an entire rule list by copying the rule list to a destination rule list name.
ena
When you configure the FastView caching rule list, it is disabled by default. For the
FastView rule list to be operational, you must first enable and apply it.
dis
Disables a rule list to make it non-operational.
del
Deletes this rule list.
cur
Displays the current URL caching rule list configuration. Rules display in numerical order.
501
domainm
Rules can be limited to a specific virtual domain or match any domain. This parameter
determines how domain matching should be evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
Values: any, regex, text
Default: any
domain
Optionally defines the domain matching configuration (virtual host) for which this rule
applies. Use this parameter only when domain matching method is not set to any.
Example: radware.com
urlm
Determines how URL matching is evaluated.
Note: Simple wildcards, such as question marks and asterisks are not considered
regex and will not result in the desired behavior. The regex match for the simple
wildcard asterisk (*) is dot-asterisk (.*)
Values: any, regex, text
Default: any
url
Determines the URL of the specific object (file/folder) to be matched by this rule. This
parameter is used only when the URL matching method is not set to any. The URL can be
full or partial according to the level of granularity required by the configuration.
Example: /Radware/user/documents
502
cache
Enables or disables caching and further FastView processing as the rule action.
Default: disabled
copy
Copies a rule to another rule number in the same rule list. This can also change the
priority of a rule.
ena
When you configure the rule, it is disabled by default. For the rule to be operational, you
must first enable and apply it.
dis
Disables a rule to make it non-operational.
del
Deletes this rule.
cur
Displays the current rule configuration.
503
/cfg/slb/ssl
[SSL Menu]
certs
sslpol
authpol
on
off
cur
sslpol
Displays the SSL Policy menu. To view this menu, see /cfg/slb/ssl/sslpol SSL Policy Menu,
page 514.
authpol
Displays the Client Authentication Policy menu. To view this menu, see /cfg/slb/ssl/
authpol Client Authentication Policy Menu, page 522.
on
For SSL offloading to be operational, you must set caching to on.
Default: Off
off
When set to off, SSL offloading support is non-operational.
If you have already configured SSL offloading support and you then set compression to
off, all applied or saved configuration changes will be preserved but the compression
processes will no longer be operational.
Default: Off
cur
Displays the current SSL configuration settings.
504
/cfg/slb/ssl/certs
request
Displays the Certificate Signing Request menu. To view this menu, see /cfg/slb/ssl/
certs/request Certificate Signing Request Menu, page 509.
key
Displays the Key menu. To view this menu, see /cfg/slb/ssl/certs/key Key Menu,
page 511.
trustca
Displays the Trusted CA Certificate menu. To view this menu, see /cfg/slb/ssl/certs/
trustca Trusted CA Certificate Menu, page 511.
Note: You must first import into Alteon a trusted CA before using this menu.
intermca
Displays the Intermediate CA Certificate menu. To view this menu, see /cfg/slb/ssl/
certs/intermca Intermediate CA Certificate Menu, page 512.
Note: You must first import into Alteon an Intermediate CA before using this menu.
group
Displays the Certificates Group menu. To view this menu, see /cfg/slb/ssl/certs/group
Certificate Group Menu, page 513.
505
Country Name The country where the organization is located. 2-character string.
For example: US
State or Province NameThe full name of the state or province. For example:
California
EmailAny e-mail address that you want to include within the certificate. For
example: admin@company.com
Note: You must apply your changes to the default values for them to apply to new
generated certificates.
For more information on generating new certificate signing requests, see /cfg/slb/ssl/
certs/request Certificate Signing Request Menu, page 509.
506
Key
Server certificate
Intermediate CA certificate
Trusted CA certificate
All components except the certificate and key should be imported in PEM format. The
certificate and key component should be imported in PKCS#12 format.
Note: The maximum file size for importing SSL components (excluding 2424-SSL
configuration) is 200 KB.
For more information on these components, see the section on offloading SSL
encryption and authentication in the Alteon Application Switch Operating System
Application Guide.
Note: This command requires that you have a secure connection.
When you use this command, you are prompted for the following information:
Key passphraseThe same passphrase used to encrypt the private keys so you can
decrypt them.
Import from text or file The source type of the import. The certificate and key
component type can only be imported from a file:
textYou are prompted to copy and paste the text of the component.
file You are prompted to provide the hostname or IP address of the SCP
server, name of the file on the SCP server, and the username and password for
the SCP server.
If are migrating your SSL configuration from an Alteon 2424-SSL platform to Alteon
version 27.0.0.0 or later, select the 2424-SSL component type. For detailed procedures
on migrating the SSL configuration of an Alteon 2424-SSL platform, refer to Migrating
the SSL Offloading Configuration of the Alteon Application Switch 2424-SSL to AlteonOS
version 27.0.0.0. When importing this configuration, all associated certificates are
imported by default, including server certificates, intermediate CA certificates, and
trusted CA certificates.
507
Key
Server certificate
Intermediate CA certificate
Trusted CA certificate
For more information on these components, see the section on offloading SSL
encryption and authentication in the Alteon Application Switch Operating System
Application Guide.
Note: This command requires that you have a secure connection.
When you use this command, you are prompted for the following information:
Export to text or fileThe destination type of the export. The certificate and key
component type can only be exported to a file:
textYou are prompted to copy and paste the text of the component
file You are prompted to provide the hostname or IP address of the SCP
server, name of the file on the SCP server, and the username and password for
the SCP server.
cur
Displays the current certificate repository settings, including all certificates, keys, and
groups, as well as the certificate associations with virtual services and policies.
/cfg/slb/ssl/certs/srvrcert
508
generate
When you generate a certificate, you are prompted to provide the following:
Note: The certificate can be based on an existing key or request created with the
same ID.
Key sizeLarger key sizes offer an increased level of security. Radware recommends
that certificates have a key size of 1024 bits or more. Using a certificate of this size
makes it very difficult to forge a digital signature or decode an encrypted message.
Values: 512, 1024, 2048, 4096
Default: 1024
yUse the default values you defined in the Certificate Repository menu.
If this is a new server certificate with no associated Certificate Signing Request (CSR)
and/or key, after generating the server certificate, a CSR and/or key is also created.
del
Deletes this certificate.
cur
Displays the current server certificate settings.
/cfg/slb/ssl/certs/request
509
generate
When you generate a CSR, you are prompted to provide the following:
Notes:
The CSR can be based on an existing key or request created with the same ID.
Key sizeLarger key sizes offer an increased level of security. Radware recommends
that certificates have a key size of 1024 bits or more. Using a certificate of this size
makes it very difficult to forge a digital signature or decode an encrypted message.
Values: 512, 1024, 2048
Default: 1024
yUse the default values you defined in the Certificate Repository menu.
Validation periodDuration (in days) that the certificate will remain valid.
Values: 1-3650 days (10 years)
Default: 365 (1 year)
To complete the certificate signing process, export the request and send it to signing
Certificate Authority (CA).
When the signed certificate is received from the CA, import it to Alteon using the same ID
as the request you created. For more information on importing a signed certificate, see /
cfg/slb/ssl/certs Certificate Repository Menu, page 505.
del
Deletes this CSR.
cur
Displays the current CSR settings.
510
/cfg/slb/ssl/certs/key
Key Menu
Use this menu to configure a key.
generate
Creates a new key. Use this value when creating or regenerating a server certificate and/
or CSR.
Values: 512, 1024, 2048
Default: 1024
del
Deletes this key. When deleting a key, its associated server certificate and CSR are also
deleted.
cur
Displays the current key settings.
/cfg/slb/ssl/certs/trustca
511
del
Deletes a Trusted CA certificate.
If the certificate is associated with a certificate group or client authentication policy, you
must remove the deleted certificate reference from the associated client authentication
policies and/or certificate groups.
cur
Displays the current Trusted CA certificate settings.
/cfg/slb/ssl/certs/intermca
[Intermediate
name
del
cur
del
Deletes a Intermediate CA group.
If the certificate is associated with a certificate group or SSL policy, you must remove the
deleted certificate reference from the associated SSL policies and/or certificate groups.
cur
Displays the current Intermediate CA settings.
512
/cfg/slb/ssl/certs/group
[Group Group1
name
type
default
add
rem
del
cur
Menu]
- Set descriptive group name
- Set group type
- Set certificate to use for clients with no SNI support
- Add certificate to the group
- Remove certificate from the group
- Delete certificate group
- Display current certificate group configuration
type srvrcert|trustca|intermca
Sets the group type. All certificates in the group must be from the same type.
Values:
Default: intermca
default
Sets the certificate to use for clients with no SNI support.
Note: Use this option for TLS SNI configuration and is only applicable for groups of
type srvrcert.
add
Adds a certificate to the group.
Maximum number of certificates: 256
rem
Removes a certificate from the group.
513
cur
Displays the current certificate group settings.
/cfg/slb/ssl/sslpol
passinfo
Displays the SSL Policy Passinfo menu. To view this menu, see /cfg/slb/ssl/sslpol/
passinfo SSL Policy Passinfo Menu, page 519.
frver
Displays the SSL Policy front-end SSL protocol version menu. To view this menu, see /
cfg/slb/ssl/sslpol/frver SSL Policy Front-end Version Menu, page 521.
514
cipher
When establishing an SSL connection, the client and server negotiate a cipher suite,
exchanging cipher suite codes in the client Hello and server Hello messages which
specifies a combination of cryptographic algorithms for the connection.
The key exchange and authentication algorithms are typically public key algorithms. The
message authentication codes are derived from cryptographic hash functions using the
HMAC construction for TLS, and a non-standard pseudorandom function for SSL. This is
the cipher suite used by the client during the SSL handshake.
You can optionally set which cipher suite is allowed during the SSL handshake. For
example, if you select rsa, only traffic with the RSA cipher suite is allowed to reach the
Alteon service that is using this SSL policy.
When you enter this command, the currently set cipher suite and allowed values display:
all-non-null-ciphersAll cipher suites except the NULL ciphers and ciphers offering
no authentication, which must be explicitly enabled.
highHigh encryption cipher suites. Currently key lengths are larger than 128 bits.
rsa-rc4-128-sha1Cipher suite using RSA key exchange, 128-bit RC4 for encryption
and SHA1 hash for MAC.
rsa-des-sha1Cipher suite using RSA key exchange, 3DES for encryption and SHA1
hash for MAC.
rsa-3des-sha1Cipher suite using RSA key exchange, 3DES for encryption and
SHA1 hash for MAC.
rsa-aes-128-sha1Cipher suite using RSA key exchange, 128-bit AES for encryption
and SHA1 hash for MAC.
rsa-aes-256-sha1Cipher suite using RSA key exchange, 256-bit AES for encryption
and SHA1 hash for MAC.
Default: rsa
515
becipher
If you enable back-end encryption, you can set the cipher strength to use during the
back-end SSL handshake using the becipher option.
Values:
high-"High" encryption cipher suites. Currently key lengths are larger than 128 bits.
Note: For back-end encryption, Alteon plays the client role and negotiates the session
key. HIGH implies highest security is used for the session key and allows back-end
encryption to be as secure as the front-end SSL, or even use higher security than the
front-end connection. You can use LOW for front-end and HIGH for back-end
connection.
authpol
Displays the Client Authentication Policy menu. To view this menu, see /cfg/slb/ssl/
authpol Client Authentication Policy Menu, page 522.
With this menu, you can optionally define a client authentication policy that authenticates
the clients identity as a further operation of the SSL handshake.
516
This option is only available if HTTP redirection conversion is enabled (see the
convert command in this table).
Simple wildcards, such as question marks and asterisks are not considered regex and
will not result in the desired behavior. The regex match for the simple wildcard
asterisk (*) is dot-asterisk (.*)
Example
If a user requests the www.ab.com/base_redirect.html page, and the request is
redirected by the server to www.bb.com/Redirect/Path/redirect_page.html, if the
redirect was from ab.com to ab.com/some-other-path, no regular expression is
needed because this is the same host.
In this example, the redirect was from ab.com to bb.com. This works only when the
regular expression matches the host (the new host). As a result, the regular expression
should be set to include bb.com for the conversion to be performed on it.
fessl
There may be cases where the connection to the client is clear-text (HTTP or other TCP
protocol) and the server connection must be encrypted (HTTPS or SSL).
If your network environment requires it, you can Option to disable front-end encryption
in order to support clear-text front-end to SSL on back-end.
Values: d (disabled), e (enabled)
Default: e
517
When Alteon offloads SSL traffic from the servers, and back-end encryption is not
used, the servers are usually configured to listen on port 80. Therefore, rport is
automatically set to 80.
When Alteon offloads SSL traffic from the servers, and back-end encryption is used,
the servers are usually configured to listen on port 443. Therefore, rport is
automatically set to 443.
If your network environment requires it, you can change the default rport value. For
more information, see /cfg/slb/virt <server number> /service <virtual port or application
name> Virtual Server Service Configuration, page 419.
Values: d (disabled), e (enabled)
Default: d
518
When SSL policy protocol redirection and HTTP header and body modifications are
enabled on the same service, and the server sends a 302 Redirect response, the
protocol of the new location is always set to HTTPS to enable the redirect location to
work for the clients. This is enforced in addition to (and regardless of) the setting in
the HTTP modification rule. For more information about HTTP modifications, see /cfg/
slb/virt <server number>/service/http Virtual Server HTTP Service Configuration
Menu, page 435.
Simple wildcards, such as question marks and asterisks are not considered regex and
will not result in the desired behavior. The regex match for the simple wildcard
asterisk (*) is dot-asterisk (.*)
ena
When you configure the SSL policy, it is disabled by default. In order for SSL offloading to
work, you must enable and apply the SSL policy.
dis
When you configure the SSL policy, it is disabled by default. Select disable to make it
non-operational.
del
Deletes this SSL policy.
cur
Displays the current SSL policy settings.
/cfg/slb/ssl/sslpol/passinfo
519
Notes
If the chosen field is empty in the incoming-traffic, Alteon displays this field without any value.
You cannot configure an empty field name in the configuration.
When a cache policy is enabled on a virtual service, and the cache serves the pages according to
the client requests, Alteon does not send the SSL information to the back-end server.
This feature is HTTP-dependent and cannot be used with simple SSL offloading, when traffic is
directly decrypted and sent to the back-end servers with no manipulation per any SSL protocol.
version
If you want to pass information about the SSL version to the back-end servers, enter the
SSL version header to be used in the HTTP header using this command.
Default Header: SSL-Version
bits
If you want to pass the number of bits used for encryption by the cipher to the back-end
servers, enter the bits header to be used in the HTTP header using this command.
Default Header: Cipher-Bits
frontend
When Alteon performs front-end SSL offloading for certain types of applications (for
example, Outlook Web-Access (OWA)), these applications can adjust their behavior if
they are made aware" that there is front-end SSL offloading. To indicate this to the
application, a special "Front-End-HTTPS" HTTP header can be added to requests.
Values: enabled, disabled
comply
Enables or disables X-SSL header compatible with 2424-SSL headers.
Values: enable, disable
cur
Displays the current status of the SSL policy passinfo configuration.
520
/cfg/slb/ssl/sslpol/frver
tls10
Enables or disables front-end TLS1.0 protocol version support.
If TLS1.0 support is disabled, the client TLS1.0 SSL Hello is rejected; no tunnel setup is
performed and the connection is terminated.
Note: If only TLS1.0 is enabled and the client sends a TLS1.1 Hello, a TLS1.0
handshake will be performed successfully.
Values: enabled, disabled
Default: enabled
tls11
Enables or disables front-end TLS1.1 protocol version support.
If TLS1.1 support is disabled, the client TLS1.1 SSL Hello is rejected; no tunnel setup is
performed and the connection is terminated.
Note: If only TLS1.0 is enabled and the client sends a TLS1.1 Hello, a TLS1.0
handshake will be performed successfully.
Note: If only TLS1.1 is enabled and the client sends a TLS1.0 Hello, the handshake is
rejected.
Values: enabled, disabled
Default: enabled
cur
Displays the current front-end SSL protocol version configuration.
521
/cfg/slb/ssl/sslpol/bever
tls10
Enables or disables back-end TLS1.0 protocol version support for opening an SSL client
connection.
Values: enabled, disabled
Default: enabled
tls11
Enables or disables back-end TLS1.1 protocol version support for opening an SSL client
connection.
TLS1.1 is the highest protocol version supported. When enabled, Alteon opens an SSL
backend connection using TLS1.1 SSL Hello.
Values: enabled, disabled
Default: enabled
cur
Displays the current back-end SSL protocol version configuration.
/cfg/slb/ssl/authpol
522
validity
Displays the Certificate Validation Check menu. To view this menu, see /cfg/slb/ssl/
authpol/validity Certificate Validation Check Menu, page 524.
passinfo
Displays the Pass Certificate Information to Backend Servers menu. To view this menu,
see /cfg/slb/ssl/authpol/passinfo Pass Certificate Information to Backend Servers Menu,
page 526.
trustca
You must specify the trusted client CA certificate or group of trusted client CA certificates
to enable Alteon to recognize which client certificates to accept. Certificates are selected
from the ones imported to the certificate repository. For more information about
importing client Trusted CA certificates to Alteon, see /cfg/slb/ssl/certs/trustca Trusted
CA Certificate Menu, page 511.
Values:
cadepth
You can set the maximum intermediate CAs in the CA chain that Alteon searches to
validate the link between the client's certificate to the specified trusted client CA
certificate.
When prompted, the current maximum depth to search the trusted client CA
configuration displays. Enter the new maximum depth to search, if required.
Values: 19
Default: 2
523
optionalAlteon requires the clients certificate. If not provided, the client is passed
on for Application-based authentication. If provided, the certificate is checked against
the trusted CA for a match (and OCSP if specified).
noneAlteon requires the clients certificate. The client is allowed to continue with or
without a valid certificate.
failurl
Specifies the URL to which clients are redirected if client authentication fails.
ena
You must enable the authentication policy for it take effect. For more information, see the
authpol command under /cfg/slb/ssl/sslpol SSL Policy Menu, page 514.
dis
Disables this policy, making it non-operational.
del
Deletes this client authentication policy.
cur
Displays the current client authentication policy settings.
/cfg/slb/ssl/authpol/validity
Note: If the same client certificate arrives at two different SPs, a Online Certificate Status Protocol
(OCSP) query is sent to the OCSP that responded, even if the OCSP is cache-enabled.
524
staturi
OCSP authenticates the client certificate status by checking the revocation status using
data stored on a remote OCSP server. Client credentials are based on SSL certificates.
The OCSP static URI specifies the destination of OCSP validation requests. It is used
under one of the following conditions:
The OCSP static URI embedded in the certificate does not answer.
uriprior
Sets the priority for sending OCSP validation requests between the URI embedded in the
client certificate and the defined static URI (see the staturi command in this table).
Values: clientcert, staticuri
Default: clientcert
cachtime
Sets the time span for which validated OCSP responses are cached. Since CA servers
update the CRLs on the OCSP server periodically (every 12 hours or 24 hours), there is
no need to overload the OCSP server with repetitive OCSP requests for the same
certificate. Caching is per client authentication policy, and entries are not shared
between policies.
Values: 0180000
Default: 1
525
algorthm
Sets the specific signature algorithms allowed for signing OCSP responses.
Values: all, md5, sha1, sha256, sha384, sha512
Default: all
vchain
When validation of certificate chains is enabled, an OCSP request is sent for every
certificate in the chain of CAs to the trusted client CA. When disabled, an OCSP request is
sent for the client certificate only.
Note: The URIs used for these OCSP requests are the ones embedded in the CA
certificates themselves.
Values: enabled, disabled
Default: disabled
secure
When enabled, a random nonce number is sent with OCSP requests to prevent a manin-the-middle replay attack of older OCSP responses.
Values: enabled, disabled
Default: enabled
cur
Displays the current status for all validity settings.
/cfg/slb/ssl/authpol/passinfo
Notes
If the chosen field is empty in the incoming-traffic, Alteon displays this field without any value.
You cannot configure an empty field name in the configuration.
When a caching policy is enabled on a virtual service, and the cache serves the pages according
to the client requests, Alteon does not send the client authentication information to the back-end
server.
This feature is HTTP-dependent and cannot be used with simple SSL offloading, when traffic is
directly decrypted and sent to the back-end servers with no manipulation per any SSL protocol.
526
serial
Passes the certificate serial number to the back-end servers.
Default Header: CCRT-SN
algo
Passes the certificate signature algorithm to the back-end servers.
Default Header: CCRT-SignatureAlgo
issuer
Passes the certificate issuer to the back-end servers.
Default Header: CCRT-Issuer
nbefore
Passes the certificate not before validity dates information to the back-end servers.
Default Header: CCRT-NotBefore
nafter
Passes the certificate not after validity dates information to the back-end servers.
Default Header: CCRT-NotAfter
subject
Passes the certificate subject information to the back-end servers.
Default Header: CCRT-Subject
keytype
Passes the certificate public key type information to the back-end servers.
Default Header: CCRT-PublicKeyType
527
cert
Passes the certificate information to the back-end servers.
If you select y to pass this information, you are prompted for the following:
Default: multi
charset
Passes the information character set to the back-end servers.
Note: When using ASCII encoding for sending certificate details, Alteon uses slash (/)
as the delimiter between information fields. When using Unicode encoding for sending
the certificate details, Alteon uses comma (,) as the delimiter.
Values: ascii, unicode
Default: ascii
comply
Enables or disables using the 2424-SSL-compliant header format.
cur
Displays the current pass information status for all settings.
528
[Filter 1
Menu]
adv
- Filter Advanced Menu
name
- Set filter name
smac
- Set source MAC address
dmac
- Set destination MAC address
ipver
- Set Filter IP version
sip
- Set source IP address or network class
smask
- Set source IP mask
dip
- Set destination IP address or network class
dmask
- Set destination IP mask
proto
- Set IP protocol
sport
- Set source TCP/UDP port or range
dport
- Set destination TCP/UDP port or range
cntclass - Set content class ID
action
- Set action
group
- Set real server group for redirection
rport
- Set real server port for redirection
nat
- Set which addresses are network address translated
vlan
- Set vlan id
invert
- Enable/disable filter inversion
ena
- Enable filter
dis
- Disable filter
del
- Delete filter
cur
- Display current filter configuration
The following actions are required for filtering:
Defining that address, masks, and/or protocol that will be affected by the filter.
IP protocol
TCP/UDP ports
TCP flags
529
ipver
A range of IP addresses is produced when used with the smask (see in this table).
Default: any, if the source MAC address (smask) is any
This IP address mask is used with the source IP (sip) to select the traffic which this filter
affects. For more information on defining IP address ranges, see Defining IP Address
Ranges for Filters, page 533.
A range of IP addresses is produced when used with the dmask (see in this table). For
more information, see Defining IP Address Ranges for Filters, page 533.
Default: any, if the source MAC address (smask) is any
dmask <IP4 subnet mask (such as, 255.255.255.0)> | <IP6 prefix length (eg, 64)>
This IP address mask is used with the destination IP (dip) to select traffic which this filter
affects.
530
Name
1
2
6
17
58
89
112
icmp
igmp
tcp
udp
icmp6
ospf
vrrp
Name
20
21
22
23
25
37
42
43
53
69
70
79
80
109
110
ftp-data
ftp
ssh
telnet
smtp
time
name
whois
domain
tftp
gopher
finger
http
pop2
pop3
If defined, traffic with the specified real server TCP or UDP destination port is affected by
this filter. Specify the port number, range, name, or any.
Default: any
For a list of the well-known ports, see the sport command in this table.
cntclass
Specifies the current and new content class ID.
531
denyDiscards frames that fit this filter's profile. This can be used for building basic
security profiles.
redirRedirects frames that fit this filter's profile, such as for Web cache redirection.
In addition, Layer 4 processing must be activated (see the /cfg/slb/on command in /
cfg/slb SLB Configuration, page 395).
natPerforms generic Network Address Translation (NAT). This can be used to map
the source or destination IP address and port information of a private network
scheme to and from the advertised network IP address and ports. This is used in
conjunction with the nat option (see in this table), and can also be combined with
proxies.
gotoSpecifies a target filter ID that the filter search should jump to when a match
occurs. This causes filter processing to jump to a designated filter, effectively
skipping over a block of filter IDs. Filter searching action continues from the
designated filter ID.
To specify the new filter to goto, use the /cfg.slb/filt/adv/goto command.
Default: allow
nat source|dest
When nat is set as the filter action (see in this table), this option specifies if NAT is
performed on the source or the destination information.
Values:
sourceThe frame's source IP address (sip) and port number (sport) are replaced
with the destination IP address (dip) and port number (dport) values.
destThe frame's destination IP address (dip) and port number (dport) are replaced
with the source IP address (sip) and port number (sport) values.
Default: dest
532
invert disable|enable
Inverts the filter logic, meaning if the conditions of the filter are met, do not act, and if
the conditions for the filter are not met, perform the assigned action.
Note: When using filter inversion for IPv6, the Neighbor Solicitations (NSol) are
filtered out if no appropriate NSol filter was set up before inversion.
Default: disable
ena
Enables this filter.
dis
Disables this filter.
del
Deletes this filter.
cur
Displays the current configuration of the filter.
Example
You can configure Alteon with two filters so that each handles traffic filtering for one half of the
Internet. To do this, define the following parameters:
Filter
dip
dmask
#1
0.0.0.0 - 127.255.255.255
0.0.0.0
128.0.0.0
#2
128.0.0.0 - 255.255.255.255
128.0.0.0
128.0.0.0
533
tcp
Displays the TCP Advanced menu. To view this menu, see /cfg/slb/filt <filter number> /
adv/tcp TCP Advanced Menu, page 538.
ip
Displays the IP Advanced menu. To view this menu, see /cfg/slb/filt <filter number> /
adv/ip IP Advanced Menu, page 539.
layer7
Displays the Layer 7 Advanced menu. To view this menu, see /cfg/slb/filt <filter
number> /adv/layer7 Layer 7 Advanced Filter Configuration Menu, page 539.
proxyadv
Displays the Proxy Advanced menu. To view this menu, see /cfg/slb/filt/adv/proxyadv
Proxy Advanced Menu, page 542.
534
security
Displays the Security Menu. To view this menu, see /cfg/slb/filt <filter number> /adv/
security SLB Filter Advanced Security Menu, page 543.
icmp
|none
Sets the IDS server group for Intrusion Detection System (IDS) server load balancing.
When filtering is used for IDSLB, each filter added to an IDSLB-enabled port can be
assigned a unique IDS real server group.
idshash sip|dip|both
Sets the hash metric parameter for Intrusion Detection System (IDS) server load
balancing:
Values:
sipSource IP
dipDestination IP
both
thash auto|sip|dip|both|sip+sport|dip32
Selects the hash parameter to use for filter redirection.
sip+sportPerforms tunable hash on both source IP address and source port at the
same time.
Default: auto
535
rtsrcmac disable|enable
Enables or disables the return of traffic to the source MAC address.
reverse disable|enable
Enables or disables the creation of a session for traffic coming from the reverse side to
avoid inspecting traffic in both directions.
cache disable|enable
Enables or disables caching sessions that match the filter.
Note: Use caution when applying cache-enabled and cache-disabled filters to the
same port. A cache-enabled filter creates a session entry so that Alteon can bypass
checking for subsequent frames that match the same criteria.
The cache should be disabled if applying a filter to virtual server IP address when
performing UDP load balancing (see the udp option under /cfg/slb/virt <server
number> /service <virtual port or application name> Virtual Server Service
Configuration, page 419/).
Default: enable
sesslog
Enables or disables session logging.
log disable|enable
Enables or disables generating syslog messages when a filter is matched.
Default: disable
mirror disable|enable
Enables or disables session mirroring on all filters.
nbind
Enables or disables subnet binding for redirection.
cur
Displays the current advanced filter configuration.
Type #
Message Type
Description
echorep
destun
536
Type #
Message Type
Description
quench
redir
ICMP redirect
echoreq
rtradv
10
rtrsol
11
timex
12
param
13
timereq
14
timerep
15
inforeq
16
inforep
17
maskreq
18
maskrep
match <disable|enable>
Enables or disables matching of 802.1p value. When the Management Processor (MP)
reuses the packet to send to the destination, Alteon matches the original priority bits
information with the priority bits information after the frame processing is complete.
cur
Displays the current 802.1p configuration.
537
ack disable|enable
Enables or disables TCP ACK (acknowledgement) flag matching.
Default: disable
psh disable|enable
Enables or disables TCP PSH (push) flag matching.
Default: disable
rst disable|enable
Enables or disables TCP RST (reset) flag matching.
Default: disable
syn disable|enable
Enables or disables TCP SYN (synchronize) flag matching.
Default: disable
fin disable|enable
Enables or disables TCP FIN (finish) flag matching.
Default: disable
ackrst disable|enable
Enables or disables TCP acknowledgement or reset flag matching.
Default: disable
cur
Displays the current Access Control List (ACL) TCP filter configuration.
538
IP Advanced Menu
[IP Advanced Menu]
tos
- Set IP Type of Service
tmask - Set IP TOS mask
newtos - Set new IP TOS
length - Set IP maximum packet length
option - Enable/disable IP option matching
cur
- Display current IP configuration
tmask <0-255>
Sets the IP type of service mask.
newtos <0-255>
Sets the new IP type of service.
option <disable|enable>
Enables or disables IP option matching.
cur
Displays the current advanced IP settings for the selected filter.
539
BW contract>
Sets the URL path Bandwidth (BW) contract for this filter. Only use this command when a
string is shared by multiple filters and each filter requires a separate bandwidth.
addrd [1>2]
Adds an HTTP redirection mapping. Strings are defined using the /cfg/slb/layer7/
slb/add command.
Using this command, if the filter matches on the first string ID it sends back an HTTP
redirection message to the client that contains information in the second string ID.
Removes an HTTP redirection mapping that was added using the addrd command (see in
this table).
layer7/slb/add command.
rdsnp <disable|enable>
Enables or disables WAP RADIUS snooping on this filter.
RADIUS snooping lets Alteon examine RADIUS accounting packets for client information.
This information is needed to add to or delete static session entries in Alteon's session
table so that it can perform the required persistency for load balancing. For more details,
refer to the Alteon Application Switch Operating System Application Guide.
rdswap enable|disable
Enables or disables WAP RADIUS persistence on this filter. This feature allows for RADIUS
and WAP persistence by binding both RADIUS accounting and WAP sessions to the same
server.
A WAP client is first authenticated by the RADIUS server on UDP port 1812. The server
replies with a RADIUS Accept or Reject frame. Alteon forwards this reply to the Remotre
Access Service (RAS). After the RAS receives the RADIUS accept packet, it sends a
RADIUS accounting start packet on UDP port 1813 to the bound server. Alteon snoops on
the RADIUS accounting start packet for the framed IP address attribute. The framed IP
address attribute is used to rebind the RADIUS accounting session to a new server. For
more details, refer to the Alteon Application Switch Operating System Application Guide.
ftpa disable|enable
Enables or disables active FTP Client Network Address Translation (NAT). When a client in
active FTP mode sends a PORT command to a remote FTP server, Alteon examines the
data part of the frame and replace the client 's private IP address with a proxy IP (PIP)
address. The real server port (rport) is replaced with a proxy port (PPORT), that is
(PIP:PPORT).
Default: disable
540
parseall disable|enable
Enables or disables parsing of all packets in a session where Layer 7 lookup is being
performed.
disableLayer 7 lookup is turned off for the remaining packets in the session.
enabledNormally all data packets in a session are examined by the filter. However,
some sessions may contain only one packet containing the Layer 7 content. Once this
packet is found, subsequent packets are ignored.
Default: enable
cur
Displays the current Advanced Layer 7 configuration of the filter, including the RADIUS
and WAP persistence settings.
sipp <enable|disable>
Enables or disables SIP parsing.
sips <enable|disable>
Enables or disables SIP UDP filtering.
This command is available only to the vADC Administrator in ADC-VX mode.
cur
Displays the current advanced SIP configuration.
541
/cfg/slb/filt/adv/proxyadv
epip <enable|disable>
Enables or disables PIP selection based on the outgoing port or VLAN.
proxy <enable|disable>
Enables or disables client proxy.
cur
Displays all proxy statistics.
/cfg/slb/filt<filter number>/adv/redir
linklb
Enables or disables WAN link load balancing. For more information on configuring
inbound link load balancing, see /cfg/slb/linklb Inbound Link Load Balancing
Configuration Menu, page 575.
vpnflood
Enables or disables two-way Virtual Private Network (VPN) load balancing. For more
information on VPN load balancing, see the Alteon Application Guide Operating System
Application Guide.
542
pbind
Enables or disables persistent binding for redirection. For more information on persistent
binding, see the Alteon Application Guide Operating System Application Guide.
rtproxy
Enables or disables traffic redirection to a proxy server.
cur
Displays all current redirection settings.
security/pgroup/add command.
remgrp <pattern match group id>
Removes a pattern group from this filter.
pmatch <disable|enable>
Enables or disables pattern matching on this filter.
matchall <disable|enable>
Enables or disables matching of all configured patterns before the filter can perform the
deny action.
543
parseall <disable|enable>
Enables or disables pattern string lookup (parsing) of all packets in a session where
pattern matching is being performed.
disablePattern matching is turned off for the remaining packets in the session.
enableNormally all data packets in a session are examined by the filter. However,
some sessions may contain only one packet containing the Layer 7 content. Once
this packet is found, subsequent packets can be ignored.
Default: enable
cur
Displays the current configuration.
Menu]
- Set maximum connections for rate limiting
- Set time window for rate limiting
- Set hold down duration for rate limiting
- Enable TCP, UDP, or ICMP rate limiting
- Disable TCP, UDP, or ICMP rate limiting
- Display current rate limiting configuration
544
slowage_time is 2 X 2^slowage
When the number of new connections or packets exceeds the configured limit, any new
TCP connection requests or UDP/ICMP packets from the client are blocked. When
blocking occurs, the client is said to be held down. The client is held down for a specified
number of minutes, after which new TCP connection requests or packets from the client
are allowed once again to pass through. The holddown duration can be configured per
filter and not globally on all the filters.
For more information on the slowage time, see /cfg/slb/adv Advanced Layer 4
Configuration, page 568.
For more information on the hold duration, see the Alteon Application Switch Operating
System Application Guide.
ena
Enables the protocol for rate limiting. Rate limiting is applied to the protocol configured
on the filter. The supported protocols are: TCP, UDP, ICMP
dis
Disables TCP, UDP, or ICMP rate limiting.
cur
Displays the current rate limiting configuration.
545
server disable|enable
Ports configured to provide real server responses to client requests require real servers
to be connected to the Layer 4 switch, directly or through a hub, router, or another
switch. When server processing is enabled, the port re-maps real server IP addresses
and Layer 4 port values to virtual server IP addresses and Layer 4 ports. Traffic not
associated with virtual servers is switched normally.
Default: disable
rts disable|enable
Enables or disables Return to Sender (RTS) load balancing on this port. This option is
used for firewall load balancing or VPN load balancing applications. Enable RTS on all
client-side ports to ensure that traffic ingresses and egresses through the same port.
For more information on using RTS, see the Firewall Load Balancing and VPN Load
Balancing chapters in the Alteon Application Switch Operating System Application Guide.
Note: You cannot use RTS in conjunction with redirection filters for the following
conditions:
546
intersw
Enables or disables interswitch processing. This option is enabled for VLANs connected to
a peer. After enabling interswitching, you are prompted to enter the VLAN number on
which the peer resides.
Default: disable
vlan (1 to 4090)
Sets the VLAN for interswitch processing.
ValuesL 14090
proxy disable|enable
Enables or disables a proxy for traffic that ingresses this port. When the PIP is defined,
client address information in Layer 4 requests is replaced with this proxy IP address. In
SLB applications, this forces the response traffic to return through Alteon, rather than
around it, as is possible in complex routing environments.
Proxies are also useful for application redirection and NAT. When pip is used with
application redirection filters, each filter's rport parameter must also be defined (see
rport at /cfg/slb/filt <filter number> SLB Filter Menu, page 529).
Default: disable
filt disable|enable
Enables or disables filtering on this port. Enabling the filter sets up the real server to
examine VPN session table.
Note: After port filtering is enabled or disabled and you apply the change, session
entries are deleted immediately.
Default: disable
l3filt <disable|enable>
Enables or disables Layer 3 filtering.
Default: disable
idslb <disable|enable>
Enables or disables Intrusion Detection System (IDS) SLB on this port. IDSLB is
perfomed at the end of filter processing or at the end of client processing when filtering
is not enabled. With client processing, IDSLB is enabled on a port and a real server
group is designated for IDSLB.
Default: disable
547
network
Displays the Network Element menu. To view this menu, see /cfg/slb/nwclss/network
Network Element Configuration Menu, page 549.
del
Deletes a network class.
cur
Displays the current network class settings.
548
/cfg/slb/nwclss/network
del
Deletes the network element.
cur
Displays the current network element settings.
/cfg/slb/gslb
549
clntprox
Displays the Client Proximity menu. To view this menu, see /cfg/slb/gslb/clntprox Global
SLB Client Proximity Menu, page 558.
dnsrsvip
Displays the DNS Responder VIP menu. To view this menu, see /cfg/slb/gslb/dnsrsvip
GSLB DNS Responder VIP Menu, page 559.
550
smask
noresp <1-5>
Sets the DNS response code when no server is returned.
Values: 15
551
hostlk <disable|enable>
Enables or disables lookups based on host or domain name in a GSLB configuration.
Values:
redirect <disable|enable>
Enables or disables HTTP or HTTPS redirection-based GSLB.
http <disable|enable>
Enables or disables HTTP redirects to peer sites by this Alteon.
Values:
disableAlteon does not perform HTTP redirects, but instead drops requests for new
connections and causes the client's browser to eventually issue a new DNS request.
enableAlteon redirects client requests to peer sites if its own real servers fail or
have reached their maximum connection limits.
Default: enable
usern <disable|enable>
Enables or disables an HTTP redirect to a real server name. When a site redirects a client
to another site using an HTTP redirect, the client is redirected to the new site's IP
address.
Values:
enableThe client is redirected to the domain name specified by the remote real
server name plus the virtual server domain name.
Default: disable
552
encrypt
Enables or disables encrypting of DSSP updates.
If disabled, Alteon does not encrypt the DSSP messages going out of Alteon. This option
allows the GSLB feature to work with older versions of the Web OS that do not encrypt
DSSP messages.
on
Activates GSLB for this Alteon. This option can be performed only after the optional GSLB
software is activated (for more information, see /oper/swkey Activating Software,
page 617).
off
Turns GSLB off for this Alteon. Any active remote sites still perform GSLB services with
each other, but do not hand off requests to this Alteon.
Default: off
cur
Displays the current GSLB configuration.
553
update disable|enable
Enables or disables remote site updates.
Values:
enableAlteon sends regular DSSP updates to its remote peers using HTTP port 80.
Note: When enabled, GSLB uses service port 80 on the IP interface for DSSP updates.
By default, the Browser-Based Interface (BBI) also uses port 80. Both services cannot
use the same port. If both are enabled, configure BBI to use a different service port
(see the /cfg/sys/access/wport option at /cfg/sys/access System Access Control
Configuration, page 271).
disableAlteon does not send state updates. If your local firewall does not permit
this traffic, disable state updates.
Default: enable
pers disable|enable
Enables or disables the remote site persistence cache. GSLB lets you add only up to two
selected servers to the cache for each source IP address. GSLB can forward the same
information to other remote sites to be added to the cache. GSLB deletes the cached
entries when they time out. The cached entries are automatically deleted from the
remote sites when they time out.
ena
Enables this remote site for use with GSLB.
dis
Disables this remote site. Alteon no longer uses this remote site for GSLB.
del
Removes this remote site from operation and deletes its configuration.
cur
Displays the current remote site configuration.
554
Network Menu
Network preference selects a server based on the preferred network of the source IP address for a
given domain. The preferred network contains a subset of the servers for the domain. You can set
up to 1024 network preference numbers.
[Network 1 Menu]
ipver
- Set IP version
sip
- Set source IP address
mask
- Set source IP and network netmask
addvirt - Add virtual server to network
remvirt - Remove virtual server from network
addreal - Add remote real server to network
remreal - Remove remote real server from network
ena
- Enable network
dis
- Disable network
del
- Delete network
cur
- Display current network configuration
Default: v4
555
dis
Disables the network.
del
Deletes the network entry.
cur
Displays the current Internet network entry configuration.
/cfg/slb/gslb/rule
Rule Menu
Rules enable the GSLB selection to use different metric preferences based on time-of-day. You can
configure one or more rules on each domain. Each rule has a metric preference list. The GSLB
selection selects the first rule that matches the domain and starts with the first metric in the metric
preference list of the rule.
[Rule 1 Menu]
metric
start
end
ttl
rr
dname
ena
dis
del
cur
Metric Menu
Set start time for rule
Set end time for rule
Set Time To Live in seconds of DNS resource records
Set DNS resource records in DNS response
Set network preference domain name for rule
Enable rule
Disable rule
Delete rule
Display current rule configuration
minutes (0-59)>
minutes (0-59)>
556
rr <rr (1-10)>
Sets the number of DNS resource records are returned in the DNS response.
Default: 2
ena
Enables the rule.
dis
Disables the rule.
del
Deletes the rule.
cur
Displays the current rule configuration.
/cfg/slb/gslb/rule/metric
557
remnet <1-128>
Deletes a network that was added to the selected metric.
cur
Displays the current configuration of the metric.
/cfg/slb/gslb/clntprox
mask
<default netmask>
Sets the default netmask in dotted-decimal format for the client network cache. Masking
this value against the IP address of the client derives the subnetwork address that is
stored in the client network cache.
cur
Displays the current client proximity configuration.
558
/cfg/slb/gslb/dnsrsvip
vname
Sets the descriptive name of the DNS Responder VIP.
ipver
Sets the IP version.
vip
Sets the IP address of the DNS Responder VIP.
ena
Enables the DNS Responder VIP.
dis
Disables the DNS Responder VIP.
del
Deletes the DNS Responder VIP.
cur
Displays current DNS Responder VIP configuration.
559
/cfg/slb/gslb/dnssec
keymaster
alert
import
export
on
off
nsec3slen
nsec3slt
nsec3hit
cur
zonekey
Displays the DNS Zone name to DNSSEC KSK/ZSK association menu. To view this menu,
see /cfg/slb/gslb/dnssec/zonekey GSLB DNSSEC Zone to Key Menu, page 562.
rolltm
Sets the automatic rollover phase timer.
kskrolltm
Sets the KSK rollover phase timer.
nsec
nsec|nsec3
Sets the NSEC answer type.
nsec3slen
Sets the NSEC3 salt length.
nsec3slt
Sets the NSEC3 salt lifetime.
nsec3hit
Sets the NSEC3 hash algorithm iterations.
keymaster
Enables or disables the keymaster for VRRP configurations. When enabling the
keymaster, this Alteon is set as the initiator of DNSSEC key rollover processes in VRRP
scenarios.
560
import
Imports the signing keys (ZSKs and KSK).
export
Exports the signing keys (ZSKs and KSK).
on
Turns DNSSEC on globally.
off
Turns DNSSEC off globally.
cur
Displays the current DNSSec configuration.
/cfg/slb/gslb/dnssec/key
expire
Sets the key expiration period.
rollover
Sets the key rollover period.
sigvalid
Sets the key signature validity period.
sigpub
Sets the key signature publication period.
561
ena
Enables the entry.
dis
Disables the entry.
cur
Displays the current key configuration.
/cfg/slb/gslb/dnssec/zonekey
Key Menu]
Set DNS Zone name
add existing Key Signing Key to Zone
add existing Zone Signing Key to Zone
del existing Key Signing Key from Zone
del existing Zone Signing Key from Zone
Set KSK Parent IP, required for rollover
Delete Zonekey association
Enable entry
Disable entry
Display current key configuration
addksk
Adds an existing Key Signing Key (KSK) to the zone.
addzsk
Adds an existing Zone Signing Key (ZSK) to the zone.
delksk
Deletes an existing Key Signing Key (KSK) from the zone.
delzsk
Deletes an existing Zone Signing Key (DZSK) from the zone.
del
Deletes the zone key association.
562
dis
Disables the DNS zone entry.
cur
Displays the current key configuration.
/cfg/slb/appshape
For more information on AppShape++, see the Alteon Application Switch Operating System
Application Guide.
cur
Displays the current AppShape++ scripts.
563
import [[text]|[file < hostname [-v4|-v6]|v4 or v6 IP address > <filename> <tftp|username password> [-mgmt|-data] [-scp]]
Adds the AppShape++ script to the repository. You can paste the script as text, or you
can import a file containing a script.
export [[text]|[file <hostname [-v4|-v6]|v4 or v6 IP address> <filename> <tftp|username password> [-mgmt|-data] [-scp]]
Exports the AppShape++ script from the repository. You can export a script by copying it
from the repository, or you you can export a script to a file.
ena
Enables the AppShape++ script.
dis
Disables the AppShape++ script.
del
Deletes the AppShape++ script from the repository.
cur
Displays the AppShape++ script.
/cfg/slb/wap
WAP Configuration
[WAP Options Menu]
tpcp
- Enable/disable WAP TPCP external notification
debug
- WAP debug level
cur
- Display current WAP configuration
cur
Displays the current WAP configuration
564
/cfg/slb/sync
Notes
For a dedicated (non-virtual) ADC and for vADC instances, this synchronization command is
operated through a data port and cannot be operated from the management interface.
Sessions 33-64 in the auxiliary session table are not synchronized with the backup Alteon.
filt disable|enable
Enables or disables synchronizing the filter configuration.
Default: disable
ports disable|enable
Enables or disables synchronizing the Layer 4 port configuration.
Default: enable
route disable|enable
Enables or disables synchronizing static routes.
Default: enable
565
pips disable|enable
Enables or disables synchronizing proxy IP addresses.
Default: disable
peerpips disable|enable
Enables or disables synchronizing the peer proxy IP addresses. Peer proxy IP addresses
are used in VRRP active-active configurations.
Default: disable
bwm disable|enable
Enables or disables synchronizing Bandwidth Management configuration between
master and backup Alteons.
Default: enable
state disable|enable
Enables or disables stateful failover for synchronizing the persistent session state.
Default: disable
rsync disable|enable
Enables or disables route table synchronization.
Default: disable
certs
Enables or disables synchronizing certificate repository components.
When enabled, the passphrase to encrypt the private keys during configuration sync
must be set at all peers using passphrs (see in this table). The same passphrase should
be set at all peers.
Default: disable
passphrs
Sets the passphrase to encrypt and decrypt the private keys of synced certificates.
Note: To encrypt and decrypt certificate private keys during synchronization
configuration, the passphrase must be set at all peers.
rupdate
Sets the time interval of route table updates from master.
Values: 10-600 seconds
Default: 30
566
cur
Displays the current Layer 4 synchronization configuration.
Current IP address:
Enter new IP address (v4 or v6):
ena
Enables the peer for this Alteon.
Default: dis
dis
Disables the peer for this Alteon.
Default: dis
del
Deletes the peer for this Alteon.
cur
Displays the current peer configuration.
567
/cfg/slb/adv
568
imask
nmask
pprefix <1-128>
Sets the IPv6 persistent prefix length.
569
submac disable|enable
Enables or disables global source MAC address substitution.
Typically (default), the source MAC is not modified for the packets going to the servers
in an SLB environment and the client request is forwarded to the server with the MAC
address of the client. However, if you enable this command, Alteon substitutes the
client source MAC address, for the packets going to the server, with the Alteon MAC
address.
Note: Source MAC address substitution can also be enabled per real service, using
the command /cfg/slb/real/adv/submac. Global submac configuration
supersedes the per real service configuration.
Default: disable
direct disable|enable
Enables or disables Direct Access Mode (DAM) to real servers or services. This also
allows any virtual server to load balance any real server.
Default: disable
570
If sessdrop is enabled, the session is dropped. For TCP traffic, a session reset
is sent.
matrix disable|enable
Enables or disables the use of Virtual Matrix Architecture (VMA).
Default: enable
vmasport enable|disable
Enables or disables VMA with the source port.
vmadip enable|disable
Enables or disables VMA with the destination IP.
tpcp disable|enable
Enables or disables the TPCP (Transparent Proxy Cache Protocol). This command is
used for security reasonsthe UDP port can be closed.
Default: disable
571
rtsvlan disable|enable
Enables or disables the use of VLAN for Return to Sender (RTS) information on the real
server.
pvlantag
Enables or disables preserving VLAN tag during packet forwarding.
portbind disable|enable
Enables or disables the inclusion of the ingress port number in the session table lookup.
rstchk disable|enable
Enables or disables the TCP RST secure sequence number check.
srvckdata disable|enable
Enables or disables the server return data check.
Default: disable
clsrst disable|enable
Enables or disables client reset.
Values:
disableWhen Alteon receives a FIN message from the client, it performs a graceful
closure of both client-side and server-side sessions.
enableWhen Alteon receives a FIN message from the client, it closes the serverside session entry using RST for fastage.
Note: To enable session reset on connection close, full proxy mode (forceproxy)
must be disabled.
Default: disable
subdmac disable|enable
Enables or disables DMAC substitution.
valcksum disable|enable
Enables or disables Layer 7 IP/TCP checksum validation.
riphash disable|enable
Enables or disables including RIP in AUX table hashing.
sessvpt
Enables or disables updating session VPTs.
572
If graceful failover is enabled, and if the real server is disabled either through
configuration or operationally, the following prompt displays:
If graceful failover (grace) is disabled, the session is dropped. For TCP traffic, a
session reset is sent.
If graceful failover is enabled, and if the real server is disabled either through
configuration or operationally, the following prompt displays:
millisec
Enables or disables millisecond resolution for timers.
573
vmacbkp
Enables or disables VMAC substitution on the backup Alteon.
fmrport
Enables or disables the fine tuning of multi RPORT LB.
cur
Displays the current Layer 4 advanced configuration.
ftpdage
Sets the FTP data session age.
/cfg/slb/adv/synatk
on
Globally turns SYN Attack Detection ON.
off
Globally turns SYN Attack Detection OFF.
cur
Displays the current SYN attack detection configuration.
574
/cfg/slb/adv/smtport
Table 395: Advanced SMT Real Server Port Menu Options (/cfg/slb/adv/smtport)
cur
Displays real port configuration.
/cfg/slb/linklb
Menu]
Domain Record Menu
Set real server group
Set Time to Live of DNS resource records
Enable Inbound Linklb
Disable Inbound Linklb
Display current Inbound Linklb configuration
Table 396: Inbound Link Load Balancing Configuration Menu Options (/cfg/slb/linklb)
ena
Enables inbound link load balancing.
dis
Disables inbound link load balancing.
cur
Displays current inbound link load configuration.
575
/cfg/slb/linklb/drecord
domain_number Menu]
Virt Real Mapping Menu
Set Domain Name
Enable Domain Record
Disable Domain Record
Delete Domain Record
Display current Domain Record configuration
Table 397: Inbound Link Load Balancing Domain Record Menu Options (/cfg/slb/linklb/drecord)
ena
Enables the domain records.
dis
Disables the domain records.
del
Deletes the domain records.
cur
Displays the current domain records.
/cfg/slb/linklb/drecord/entry
Mapping 1 Menu]
Set Virtual Server Number
Set Real Server Number
Enable Entry
Disable Entry
Delete Entry
Display current Entry configuration
real
Defines the real server number for mapping.
576
dis
Disables the entry for drecords.
del
Deletes the entry for drecords.
cur
Displays the current real and virtual server mappings for drecord entries.
/cfg/slb/advhc
cur
Displays the current Layer 4 advanced health check configuration.
577
/cfg/slb/advhc/health <type>
Menu
Description
arp
dhcp
dns
ftp
http/https
icmp
imap
ldap/ldaps
nntp
pop3
radius
rtsp
script
sip
smtp
smnp
sslhello
578
Menu
Description
tcp
tftp
udp
wap
wts
logexp
cfg/slb/advhc/health <general>
dport [2-65534|none]
Sets the destination port.
Default: none
inter [1-600]
Sets the interval in seconds between health checks.
Default: 5
579
restr [1-63]
Sets the number of successful attempts to declare a server is up.
Default: 2
timeout [0-600]
Sets the maximum number of seconds to wait for a response. This value must be lower or
equal to the interval parameter. When set to 0, the timeout parameter equals the
interval parameter.
Default: 5
downtime [0-600]
Sets the interval between health checks when a server is down. When set to 0, the
downtime parameter equals the interval parameter.
Default: 0
invert
Enables or disables the inversion of the expected result.
Default: Disabled
copy
Copies the health check to another health check ID destination.
del
Deletes the health check.
cur
Displays the current health check configuration.
Note: You cannot set a destination port for the ARP health check.
580
Table 402: Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/dhcp)
581
Table 403: DHCP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/dhcp/dhcp)
inform
request
inheritTakes the value from the content value of the group to which this health is
bound.
sport [random|strict|inherit]
Sets the source port for the DHCP message.
Values:
inheritTakes the value from the content value of the group to which this health
check is bound.
strictUses port 68 for the IPv4 destination and port 546 for the IPv6 destination.
cur
Displays the current configuration.
Table 404: DNS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/dns)
582
Table 404: DNS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/dns)
Table 405: DNS Health Check Parameters (/cfg/slb/advhc/health <health check ID>/dns/dns)
<domain|inherit|none>
Sets the domain to be resolved.
Values:
domain
inheritTakes the value from the content value of the group to which this health
check is bound.
none
cur
Displays the current configuration.
583
Table 406: FTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/ftp)
Table 407: FTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/ftp/ftp)
filename <path/filename|inherit|none>
Sets the name of the file to be downloaded.
Values:
path/filename
inheritTakes the value from the content value of the group to which this health
check is bound.
none
cur
Displays the current configuration.
584
Table 408: HTTP/HTTPS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/
http)
ssl
Enables or disables SSL for HTTPS health checks.
585
Table 409: HTTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/http>/http)
host <host|inherit|none>
Sets the host header.
Values:
host
inheritTakes the value from the virtual service hostname (hname) and virtual
server domain name (dname) values of the group to which this health check is
bound.
none
path path|inherit|none
Sets the request path.
auth [none|basic|ntlm2]
Sets the authentication type (none, basic or ntlm2), username, and password.
response [incl|regex|none]
Sets the expected response. The return string can only be configured if the return string
type is not set to none.
proxy
Enables or disables the proxy request.
cur
Displays the current configuration.
586
Table 410: IMAP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/imap)
587
Table 411: IMAP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/imap/imap)
cur
Displays the current configuration.
Table 412: LDAP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/ldap)
ssl
Enables or disables SSL for LDAP health checks.
588
Table 413: LDAP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/ldap/ldap)
cur
Displays the current configuration.
Table 414: NNTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/nntp)
589
Table 415: NNTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/nntp/nntp)
inheritTakes this value from the content value of the group to which this health
check is bound.
cur
Displays the current configuration.
Table 416: POP3 Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/pop3)
590
Table 417: POP3 Health Check Parameters (/cfg/slb/advhc/health <health check ID>/pop3/pop3)
inheritTakes this value from the content value of the group to which this health
check is bound.
cur
Displays the current configuration.
Table 418: RADIUS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/radius)
591
Table 419: RADIUS Health Check Parameters (/cfg/slb/advhc/health <health check ID>/radius/
radius)
account
Default: auth
inheritTakes this value from the content value of the group to which this health
check is bound.
inheritTakes this value from the secret value of the group that this health check is
bound to. If the group secret value is empty, this value is taken from the secret
value of the advanced health check.
cur
Displays the current configuration.
592
Table 420: RTSP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/rtsp)
Table 421: RTSP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/rtsp/rtsp)
options
inheritTakes the hostname and path values from the content value of the group to
which this health check is bound.
Default: options
describe
Sets the host name and path for the describe request.
response
Sets the response codes. You can set up to 10 response codes separated by a comma.
cur
Displays the current configuration.
593
Table 422: SCRIPT Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/script)
Table 423: SCRIPT Health Check Parameters (/cfg/slb/advhc/health <health check ID>/script/
script)
594
Table 423: SCRIPT Health Check Parameters (/cfg/slb/advhc/health <health check ID>/script/
script) (cont.)
bsend
Adds the binary send command to the end of the script.
nsend
Adds the additional send binary string to the end of the script.
expect
Adds the expect command to the end of the script.
bexpect
Adds the binary expect command to the end of the script.
nexpect
Adds the additional expect binary string to the end of the script.
offset
Adds the offset command to the end of the script.
depth
Adds the depth command to the end of the script.
wait
Adds the wait command to the end of the script.
close
Adds the close command to the end of the script (TCP only).
rem
Removes the last command from the script.
cur
Displays the current script configuration.
595
Table 424: SIP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/sip)
Table 425: SIP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/sip/sip)
inheritTakes the from and contact values from the content value of the group to
which this health check is bound.
uri
Sets the request URI.
596
Table 425: SIP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/sip/sip)
cur
Displays the current configuration.
Table 426: SMTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/smtp)
597
Table 427: SMTP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/smtp/smtp)
inheritTakes this value from the content value of the group to which this health
check is bound.
cur
Displays the current configuration.
Table 428: SNMP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/snmp)
598
Table 429: SNMP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/snmp/
snmp)
comm
Sets the community string.
response [integer|string]
Sets the expected response.
Values:
string
weight
Enables or disables readjusting of weights based on the response.
cur
Displays the current configuration.
Table 430: SSLHELLO Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/
sslhello)
599
Table 431: TFTP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/tftp)
600
Table 432: SNMP Health Check Parameters (/cfg/slb/advhc/health <health check ID>/tftp/tftp)
inheritTakes this value from the content value of the group to which this health
check is bound.
cur
Displays the current configuration.
601
Table 433: WAP Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/wap/wap)
602
Table 434: WTS Health Check Menu Options (/cfg/slb/advhc/health <health check ID>/wts)
Table 435: WTS Health Check Parameters (/cfg/slb/advhc/health <health check ID>/wts/wts)
inheritTakes this value from the content value of the group to which this health
check is bound.
cur
Displays the current configuration.
Table 436: LOGEXP Health Check Menu Options (/cfg/slb/advhc/health <health check
ID>logexp)
603
Table 436: LOGEXP Health Check Menu Options (/cfg/slb/advhc/health <health check
ID>logexp) (cont.)
&AND
|OR
()Brackets
arp | dns & ftp (brackets are not required here since & has a higher precedence
than |)
Operands must be valid before sending the apply command. Parsing of the logical
expression begins only after you send the apply command. If parsing fails, the Error:
Syntax error in logical expression formula message displays:
The apply command fails if the logical expression contains one or more of the following:
A loop
Two adjacent operands with no operator between them. For example, http
icmp.
An operator at the end of the string, with no following operand. For example,
icmp|.
A logical expression can contain up to 10 health check names. If more than 10 are
configured, the Error: Up to 10 health checks are supported per logical expression
message displays.
copy
Copies the logical expression.
604
Table 436: LOGEXP Health Check Menu Options (/cfg/slb/advhc/health <health check
ID>logexp) (cont.)
cur
Displays the current logical expression.
/cfg/slb/pip
rem <PIP ID
port#|vlan#> |
<port#-port#|vlan#-vlan#>
Removes a port or a VLAN from a proxy IP address. You can also remove all ports or
VLANs assigned to any proxy IP address.
cur
Displays the current Proxy IP address configuration.
605
/cfg/slb/peerpip
cur
Displays the current proxy address configuration of the peer.
/cfg/slb/wlm
port <TCP_port>
Sets the port number for the Workload Manager.
del
Deletes the Workload Manager.
cur
Shows all Workload Manager statistics. For example:
606
/oper
Operations Menu
The following is an example of the Operations menu and an explanation of the Operations menu
options.
<port number>
Displays the Operations Port menu. This menu only appears in the Global
Administrator environment in ADC-VX mode. To view this menu, see /oper/port <port
number> Operations-Level Port Options, page 609.
607
sync
Used to manually synchronize peer vADCs. This command only appears in the Global
Administrator environment in ADC-VX mode.
Note: For a VX administrator, this command is executed through the management
interface and cannot be executed from the data ports.
From the Global Administrator environment, this command synchronizes
configurations on peer vADCs set using the /cfg/vadc command. For example,
maximum throughput, and allowed IP networks. No VLANs or ports are included in
the synchronization. For more information, see vADC Menu, page 292.
From the vADC environment, this command synchronizes configurations on peer
ADCs set using the /cfg/slb/sync command. For example, filters, ports, VRRP
priorities, and proxy IP addresses. For more information, see /cfg/slb/sync
Synchronize Peer Configuration, page 565.
Before you can synchronize peer vADCs, you must first configure and enable them as
peers. For more information on synchronizing peers, see /cfg/sys/sync Global
Administrator Sync Menu, page 252.
Note: In ADC-VX mode, when the VX synchronizes the vADC configuration with its
peer, all configuration parameters are synchronized except the number of capacity
units (CU) and whether they are enabled or disabled.
Sample output and dialog:
vrrp
Displays the VRRP Operations menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /oper/vrrp VRRP
Operations Menu, page 613.
bwm
Displays the Bandwidth Management Operations menu. This menu only appears in
the vADC Administrator environment in ADC-VX mode. To view this menu, see /oper/
bwm Operations-Level Bandwidth Management Options, page 614.
security
Displays the Security menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /oper/security Security Menu,
page 614.
608
clrlog
Clears all syslog messages.
displog on|off
Turns on or off display of syslog messages to Telnet or SSH sessions
defalias
Sets the default port alias.
ntpreq
Allows the user to send requests to the NTP server. This command only appears in the
Global Administrator environment in ADC-VX mode.
sys
Displays the Operational System menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /oper/sys
Operational System Menu, page 618.
609
ena
Temporarily enables the port. The port is returned to its configured operation mode
when Alteon is reset.
dis
Temporarily disables the port. The port is returned to its configured operation mode
when Alteon is reset.
Notes: On an Alteon 4408, on a SFP GBIC link, when a port is manually disabled
the link doesn't go down on the peer switch port.
cur
Displays the current settings for the port.
/oper/slb
gslb
Displays the Global SLB Operations menu. To view this menu, see /oper/slb/gslb Global
SLB Operations Menu, page 612.
610
dis <real server number, 1-1023> [P - allow persistent http 1.0 sessions] p|n
Temporarily disables real servers. The real server is returned to its configured state after
an Alteon reset. This provides for orderly server shutdown to allow maintenance on a
server. For more information, see Disabling and Enabling Real Servers in the Alteon
Application Switch Operating System Application Guide.
Values:
sessdel
Deletes the session table entry.
smirror
Sends a request for an update from the VRRP backup Alteon to the VRRP master. This
request is sent to avoid sessions on the backup Alteon that can be updated only by a
VRRP failover or an Alteon reset.
Note: VRRP must be enabled and Alteon must be a VRRP backup, otherwise this
command returns an error message.
clear
Clears all session tables and allows port filter changes to take effect immediately.
Note: This command disrupts current SLB and application redirection sessions.
cachpurg
When the caching criteria or the server content has changed, you may want to purge
the cached content of HTTP responses. You can purge the cache for:
At the prompt, enter the caching policy ID to purge the cache for a particular caching
policy, or all to purge the cache for all caching policies.
For more information on caching policies, see the section on caching policies in the
Alteon Application Switch Operating System Application Guide.
611
clrpeak
Clears SSL CPS and compression throughput peak values.
cur
Displays the current SLB operational state.
/oper/slb/group
cur
Displays current operational state of the server group.
/oper/slb/gslb
612
add
Adds an entry to the GSLB DNS persistence cache.
arem
Removes all entries from the GSLB DNS persistence cache.
Notes:
The GSLB DSSP version must be set to 3 for persistency advertising to be enabled.
Persistency advertising only affects GSLB if the GSLB rules are configured to use the
availability metric (preferably as Rule 1, Metric 1).
cpclear
Clears the client cache of dynamic entries.
emerg
Performs a DNSSEC emergency rollover procedure of a key.
immed
Performs an immediate DNSSEC rollover of a key.
/oper/vrrp
613
This Alteon owns the virtual router (the IP addresses of the virtual router and its IP
interface are the same)
This Alteon's virtual router has a higher priority and preemption is enabled.
/oper/bwm
/oper/security
Security Menu
[Security Menu]
ipacl
- IP ACL Operations Menu
614
/oper/security/ipacl
darem
Removes all of the operations destination IP addresses and Masks.
oper
Display operations IP addresses and Masks. For example:
615
Operations-Level IP Options
This is available in the vADC Administrator environment only.
Vlan number>
/oper/ip/bgp
cur
Displays the current BGP operational state.
616
/oper/swkey
Activating Software
Use this command to activate any purchased feature. Before you can activate any new feature, you
must obtain a license key from Radware Technical Support. For more information on Radware
licensing procedures, see the Radware Alteon Installation and Maintenance Guide.
These licenses are installed by the Global Administrator.
/oper/rmkey
Note: Deactivated software is still present in memory and can be reactivated at any later time.
To deactivate a feature
1. Issue the command /oper/rmkey <license_key>, command where license_key is the
license key you want to remove.
2. Enter y at the confirmation message to remove the feature.
/oper/vadc
617
/oper/vadc/vrrp
This Alteon owns the virtual router (the IP addresses of the virtual router and
its IP interface are the same).
This Alteons virtual router has a higher priority and preemption is enabled.
/oper/sys
618
/oper/sys/access
Access Menu
[Access menu Menu]
terminate - Terminate SSH/Telnet connections
619
620
/boot
621
virtual
Switches between standalone and ADC-VX mode. This command only displays in
standalone mode. For more information, see the Alteon Application Switch Operating
System Application Guide.
dimage
Lets you select the default software image from a list of existing images. In ADC-VX
mode, this command only appears in the Global Administrator environment. For more
information, see the ADC-VX chapter in the Alteon Application Switch Operating System
Application Guide.
image vx/adc
image <1-10>
Lets you select the software image to run. This command only appears in the Global
Administrator environment in ADC-VX mode or in standalalone mode.
In standalone mode:
Values: 110
For details, see /boot/image Selecting a Software Image to Run, page 623.
conf
Lets you select the configuration block to use. This command only appears on the vADC
Global menu in ADC-VX mode. For details, see /boot/conf Selecting a Configuration
Block, page 624.
reset
Resets Alteon to make your software image file and configuration block changes take
effect. For details, see /boot/reset Resetting Alteon, page 626.
cur
Displays the current boot configuration. This command only appears in the Global
Administrator environment in ADC-VX mode. For details, see /boot/cur Current Boot
Options, page 627.
622
/boot/image
To select which virtual software image you want to run in memory for the next reboot
1. If you have not done so already, enter image at the prompt:
In standalone mode:
Note: After downgrade no configuration will be loaded until you log in and
confirm configuration differences.
Note: For ADC-VX environments, you receive this message when you enter apply.
3. Enter apply.
623
4.
If the apply is not successful, a message displays indicating the configuration issue and
possible instructions for resolving it.
Once all configurations are resolved, after booting and logging in with administrator rights,
Alteon applies the new boot image changes.
In standalone mode:
/boot/conf
To set which configuration block you want Alteon to load the next time it is reset
1.
Enter the name of the configuration block you want Alteon to use:
A message displays indicating which configuration block is currently set to be loaded at the next
reset, and prompts you to enter a new choice:
If you select factory settings, you are prompted to keep management port connectivity:
Next boot will use factory default config block instead of active.
Confirm : Do you want to keep management port connectivity? [y/n]: y
4.
624
/boot/gtimg
Switch quickly and easily between standalone and virtual ADC modes
For more information on Image Management, refer to the ADC-VX Management chapter in the
Alteon Application Switch Operating System Application Guide.
Note: The DNS parameters must be configured if specifying hostnames. See /cfg/l3/dns
Domain Name System Configuration Menu, page 367.
625
Set up the TFTP option (/cfg/sys/mgmt/tftp) for the TFTP connection. This sets the
default option for the gtimg command.
Note: You can override the TFTP option setting with the override option provided to the gtimg
commands
2.
7.
Select a software image to run (see /boot/image Selecting a Software Image to Run, page 623).
/boot/reset
Resetting Alteon
You can reset Alteon to have your software image file and configuration block changes take effect.
Note: Resetting Alteon causes the Spanning Tree Protocol to restart. This process can be lengthy,
depending on the topology of your network.
To reset Alteon
1.
626
/boot/cur
Downloaded
---------12:05:43 Tue Feb 21, 2013
11:05:07 Tue Nov 22, 2013
8:22:35 Fri Dec 16, 2013
8:45:56
14:45:29
9:39:28
18:07:40
18:54:50
10:49:28
tty
Tue
Sun
Fri
Wed
Thu
Mon
Jan
Nov
Jan
Nov
Dec
Jan
17,
27,
20,
30,
8,
23,
2013
2013
2013
2013
2013
2013
Image status
-----------Idle
Idle
Idle
Idle
Image status
-----------Active
Idle
Idle
Idle
Idle
Idle
Idle
Idle
Idle
Assigned
627
628
/maint
Maintenance Menu
The following is an example of the Maintenance Options menu and an explanation of the
Maintenance Options menu options.
The administrator forces a panic. The panic option on the Maintenance menu, causes Alteon to
dump state information to flash memory, and then causes Alteon to reboot.
629
The watchdog timer forces a reset. The purpose of the watchdog timer is to reboot Alteon if the
software freezes.
fdb
Displays the FDB Manipulation menu. To view this menu, see /maint/fdb Forwarding
Database (FDB) Manipulation Menu, page 632.
lacp
Displays the Link Aggregation Control Protocol menu. This menu only appears in the
Global Administrator environment in ADC-VX mode.
arp
Displays the Address Resolution Protocol menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/arp
Address Resolution Protocol Menu, page 633.
route
Displays the IP Route Manipulation menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/route IP
Route Manipulation, page 634.
ip6
Displays the IPv6 Manipulation menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/ip6 IPv6
Menu, page 635.
applog
Displays the Application Trace Log menu. This menu only appears in the vADC
Administrator environment in ADC-VX mode. To view this menu, see /maint/applog
Application Services Trace Log Menu, page 636.
cachcont
Exports the cache content to an FTP, TFTP, or SCP server that you specify. This
command only appears in the vADC Administrator environment in ADC-VX mode. For
details, see /maint/cachcont Cache Content List, page 637.
pktcap
Displays the Packet Capture menu. This menu only appears in the vADC Administrator
environment in ADC-VX mode. To view this menu, see /maint/pktcap Packet Capture
Menu, page 637.
debug
Displays the Miscellaneous Debugging menu.
Caution: Only use debug commands per Radware Technical Support instructions.
630
cldmp
Clears dump information from flash memory. For details, see /maint/cldmp Clearing
Dump Information, page 642.
lsdmp
Displays list flash dump. For details, see /maint/lsdmp View Dump Statistics,
page 642.
panic
Dumps MP information to flash memory and reboots. For details, see /maint/panic
Panic Command, page 642
tsdmp
Dumps all Alteon information, statistics, and configuration. You can log the Technical
Support dump (tsdump) output into a file. For details, see /maint/tsdmp Technical
Support Dump, page 643.
The uploaded tsdump is a .tar file that includes the following files:
tsdump.txt
AE_dump1
AE_dump2
AE_dump3
AE_dumpn...
AE_dxlog
631
/maint/sys
mem
Displays the MP memory and process information.
/maint/fdb
[ <VLAN>
Displays a single database entry by its MAC address. You are prompted to enter the
Alteon MAC address. Enter the MAC address using one of the following formats:
632
<MAC address>
Shows a single SP FDB entry by its MAC address. You are prompted to enter the Alteon
MAC address. Enter the MAC address using one of the following formats:
Port number
empty
Shows FDB entries not referenced by any SP.
dump
Displays all entries in the forwarding database. For details, see /info/l2 Layer 2
Information Menu, page 68.
clear
Clears the entire forwarding database from memory.
/maint/arp
633
dump
Shows all ARP entries.
clear
Clears the entire ARP list from memory.
addr
Shows the list of IP addresses to which Alteon responds for ARP requests.
Note: To display all ARP entries currently held, or a portion according to one of the options on the
Address Resolution Protocol menu, you can also refer to ARP information on the /info/l3/arp ARP
Information Menu, page 84.
/maint/route
IP Route Manipulation
[IP Routing
find
gw
type
tag
if
dump
clear
634
Menu]
- Show a single route by destination IP address
- Show routes to a single gateway
- Show routes of a single type
- Show routes of a single tag
- Show routes on a single interface
- Show all routes
- Clear route table
gw <default gateway IP4 address (eg, 192.4.17.44)> <default gateway IP6 address
(eg, 3001:0:0:0:0:0:abcd:1234)>
Shows routes to a default gateway.
type indirect|direct|local|broadcast|martian|multicast
Shows routes of a single type. For a description of IP routing types, see IP Routing Tag
Parameters (info/l3/route/tag), page 82.
tag fixed|static|addr|rip|ospf|bgp|broadcast|martian|vip
Shows routes of a single tag. For a description of IP routing tags, see IP Routing Tag
Parameters (info/l3/route/tag), page 82.
dump
Shows all routes.
To display all routes, you can also refer to IP routing information on the /info/l3/route/
dump Show All IP Route Information, page 82.
clear
Clears the route table from memory.
/maint/ip6
IPv6 Menu
[IP6 Menu]
nbrcache - Neighbor Cache Manipulation Menu
635
/maint/applog
showlog
Shows the application services trace log.
clearlog
Clears the application services trace log.
getlevel
Displays the log level set in AX for all or specific modules.
setlevel
Sets the log level in AX for all or specific modules.
compress
Enables or disables log compression activities.
caching
Enables or disables log caching activities.
ssl
Enables or disables log SSL activities.
http
Enables or disables log http activities.
cntclss
Enables or disables log content class activities.
httpmod
Enables or disables log HTTP modifications activities.
636
/maint/cachcont
Statistic
Description
cachcont
URL
Size (KB)
Chunked
Compressed
Last access
/maint/pktcap
Notes
Using the flag -m discards packets sent/received by MP from the capture file. This is useful
when there is a tunnel with an SSL (port 443) but the backend flow is clear (port 80).
If you transform the backend flow to port 80 you will see clear text in the capture file. Usage is
described in Packet Capture Menu Options (/maint/pktcap), page 638.
Live capture is not enabled when you are connected using a serial connection.
The output displays GMT time and not the local time.
637
Description
-l
-c
-s
-i
-m
-p
-t
-v
proto
dst host
src host
dst port
src port
port
tcp
udp
icmp
ip multicast
ip broadcast
Note: It is not recommended to use live capture during high stress times; regular
capture should used if needed.
Live capture should only be used during periods of low traffic volume and for
debugging purpose only.
Service interruptions may occur when using live capture during high traffic volume.
stop
Stops the current packet capture process.
638
dumpcap
Displays the original or decrypted captured packets in the CLI.
The following is the command syntax:
snaplen <length_of_packets>
count
Sets the maximum number of captured packets.
The following is the command syntax:
count <number_of_packets>
putcap
Uploads captured packets to a TFTP server. If decrypted captures exist, both the
original and decrypted captures file are uploaded. To distinguish between the original
and decrypted files exported, the following extensions are added to the user-specified
file name: .orig (for the original capture), and *.dcrypt (for the decrypted buffer).
The following is the command syntax:
cur
Displays the current packet capture configuration.
639
/maint/debug/logger
savelevel
Saves the current log level configuration.
rmsavedlevel
Deletes the log level configuration.
setother
Sets the log level for other processes.
This command only appears in the Global Administrator environment in ADC-VX
mode.
allsetlevel
Sets the log level of all modules except commlib.
This command only appears in the Global Administrator environment in ADC-VX
mode.
saveother
Saves the log level for other processes.
This command only appears in the Global Administrator environment in ADC-VX
mode.
640
printlevel
Displays the current configuration.
cleanlogfiles
Cleans the content of all log files.
This command only appears in the Global Administrator environment in ADC-VX
mode.
getlogs
Uploads logs via FTP.
This command only appears in the Global Administrator environment in ADC-VX
mode.
Note: If the TFTP or FTP server is running SunOS or the Solaris operating system, the specified
ptdmp file must exist prior to executing the ptdmp command, and must be writable (set with proper
permission, and not locked by any application). The contents of the specified file are replaced with
the current dump data.
641
/maint/cldmp
>> Maintenance#
cldmp
If the flash dump region is not already clear, Alteon clears the dump region of flash memory
and displays the following message:
If the flash dump region is already clear, Alteon displays the following message:
/maint/lsdmp
/maint/panic
Panic Command
This command causes Alteon to immediately dump state information to flash memory and
automatically reboot.
1.
642
Loading Image:..........
Alteon Application Switch
Rebooted because of Software PANIC.
Booting complete 19:15:23 Thu Jan 9, 2013:
Version 20.2.7 from FLASH image1, active config block.
Jan 9 19:15:32 NOTICE system: link up on port 25
Enter password:
/maint/tsdmp
Note: If there is an unscheduled system dump to flash memory, the following message displays
when you log onto Alteon:
643
644
<Timestamp
Thread ID
Message
where
Timestamp is the time of the message event displays in month day hour:minute:second
format. For example: Aug 19 14:20:30
Log Label is one of the following types of log messages are recorded: LOG_EMERG, LOG_ALERT,
LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, and LOG_DEBUG
Thread ID is the software thread that reports the log message. The following thread IDs are
recorded: stp, ip, slb, console, telnet, vrrp, system, web server, ssh, and bgp
Syslog Messages
To keep this list as short as possible, only Thread ID and Message are shown. The messages are
sorted by Log Label, including:
Note: When the Thread ID is listed as mgmt, one of the following may be shown in the message:
console, telnet, web server, or ssh
LOG_WARNING
The following is the syntax for the LOG-WARNING log label:
FILTER "filter <filter number> fired on port port number> , <source IP address
destination IP address , [ <ICMP type> ] , [ <IP protocol> ], [ <layer-4
ports> ], [ <TCP f1ags> ]"
645
Thread ID
Message
appsvc
SSL Acceleration chip is not available in Alteon and was not detected during boot-up
appsvc
appsvc
appsvc
The space allocated for Application services trace logging has reached 80% of its
capacity. Old log files will be purged when 100% of capacity is reached.
appsvc
appsvc
ntp
ntp
LOG_ALERT
The following is the list of LOG_ALERT Thread IDs and messages.
Thread ID
Message
appsrv
Error while creating the cache directory. Reset is required for caching to work
appsrv
Error while mount the cache tmpfs. Memory not available. Reset is required for
caching to work
appsrv
Error while mount the cache tmpfs. Reset is required for caching to work
appsrv
appsrv
bgp
bgp
dps
dps
gslb
gslb
gslb
gslb
IP
slb
slb
slb
slb
slb
real server failure threshold (threshold) has been reach for group group_id
slb
646
Thread ID
Message
slb
slb
sntp
syn_atk
system
tcplim
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
LOG_CRIT
The following is the list of LOG_CRIT Thread IDs and messages.
Thread ID
Message
SSH
SYSTEM
SYSTEM
LOG_ERR
The following is the list of LOG_ERR Thread IDs and messages.
Thread ID
Message
appsvc
appsvc
appsvc
cli
cli
cli
cli
cli
cli
cli
cli
cli
647
Thread ID
Message
cli
cli
cli
Trunk groups trunk_id and trunk_id cannot share the same port
cli
cli
cli
cli
Virtual router vr_id must have sharing disabled when hotstandby is enabled
cli
cli
cli
Virtual router group must have sharing disabled when hotstandby is enabled
cli
Virtual router group must have preemption enabled when hotstandby is enabled
cli
cli
Virtual router vr_id cannot have same VRID and VLAN as vlan_id
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
Virtual servers server_id and server_id with same IP address must support same
layr3 configuration
cli
Real server server_id cannot be backup server for both real server server_id and
group group_id
cli
Virtual server server_id has same IP address and vport as virtual server server_id
cli
cli
cli
cli
cli
There must be at least one inter-switch port if any hot-standby port exist
648
Thread ID
Message
cli
With VMA, ports 1-8 must all have a PIP if any one does
cli
cli
DAM must be turned on or a PIP must be enabled for port port_id in order for virtual
server to support FTP parsing
cli
Real server server_id and group %u cannot both have backups configured
cli
cli
cli
DAM must be turned on or a PIP must be enabled for port port_id in order for virtual
server server_id to support URL parsing
cli
Port filtering must be disabled on port port_id in order to support cookie based
persistence for virtual server server_id
cli
cli
cli
cli
Virtual servers server_id and server_id that include the same real server server_id
cannot map the same real port or balance UDP
cli
Virtual server server_id: UDP service virtual_port with out-of-range port number
cli
cli
cli
cli
cli
DAM must be turned on or a PIP must be enabled for ports port_id in order to do
URL based redirection
cli
cli
Direct access mode is not supported with default gateway load balancing
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
For Global SLB, Web server must be moved from TCP port 80
cli
cli
cli
cli
Remote site site_id and real server server_id must use different addresses
649
Thread ID
Message
cli
Remote site site_id and virtual server server_id must use different addresses
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
cli
Filter with ICMP types configured (icmp_type) must have IP protocol configure to
ICMP
cli
cli
cli
isd
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
" "apply" "|" "save" " is issued by another user. Try later
mgmt
mgmt
mgmt
ntp
port_mirr
sntp
sntp
vrrp
vrrp
cfg_sync_tx_putsn: ABORTED
vrrp
Synchronization TX Error
vrrp
vrrp
vrrp
vrrp
650
Thread ID
Message
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
vrrp
LOG_NOTICE
The following is the list of LOG_NOTICE Thread IDs and messages.
Thread ID
Message
bgp
IP
""enabled""|""disabled""
651
Thread ID
Message
IP
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
login_level
mgmt
mgmt
mgmt
login_level
port_mirr
slb
slb
slb
slb
slb
slb
slb
slb
slb
slb
slb
652
Thread ID
Message
ssh
ssh
scp login_level
system
Power Supply OK
system
system
temperature ok
system
fan ok
system
rebooted last_reset_information
system
vlan
vrrp
vrrp
LOG_INFO
The following is the list of LOG_INFO Thread IDs and messages.
Thread ID
Message
appsvc
appsvc
appsvc
appsvc
appsvc
appsvc
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
mgmt
login_level
mgmt
mgmt
login_level
ssh
ssh
scp login_level
ssh
ssh
653
Thread ID
Message
ssh
system
vrrp
vrrp
vrrp
vrrp
Synchronizing to host_name
vrrp
vrrp
vrrp
654
Supported MIBs
This section includes the following sub-sections:
altroot.mib
aosSwitch.mib
aosPhysical.mib
aosNetwork.mib
aosLayer4.mib
aosLayer7.mib
aosBwm.mib
aosTrap.mib
SynOptics MIBs
In addition to the enterprise MIB documents, the following SynOptics MIBS are also supported:
Standard MIBs
The SNMP agent supports the following standard MIBs:
RFC 1213MIB II (System, Interface, Address Translation, IP, ICMP, TCP, UDP, SNMP Groups)
655
SNMPv3 MIBs
The following SNMPv3 MIBs are supported:
Supported Traps
SNMPv1, v2, v3 traps can be sent to the hosts configured in the targetAddr table. Up to 16 IP
addresses can be configured in the targetAddr table.
This section includes the following sub-sections:
Generic Traps
The SNMP agent supports the following generic traps as defined in RFC 1215:
ColdStart
WarmStart
LinkDown
LinkUp
AuthenticationFailure
NewRoot
TopologyChange
656
Trap Name
Description
altSwBulkApply
altSwDefGwUp
altSwDefGwDown
altSwDefGwInService
altSwDefGwNotInService
altSwSlbRealServerUp
altSwSlbRealServerDown
altSwSlbBkupRealServerDeact The backup real server is deactivated because the primary real
server is available.
altSwSlbBkupRealServerActOv The backup real server is deactivated because the primary real
erflow
server has overflowed.
altSwSlbBkupRealServerDeact The backup real server is deactivated because the primary real
Overflow
server is no longer in the overflow situation.
altSwfltFilterFired
altSwSlbRealServerServiceUp
altSwSlbRealServerServiceDo
wn
The service port of the real server is down and out of service.
altSwVrrpNewMaster
altSwVrrpNewBackup
altSwVrrpAuthFailure
altSwLoginFailure
altSwSlbSynAttack
altSwTcpHoldDown
altSwTempExceedThreshold
altSwSlbSessAttack
altSwFanFailure
altSwSlbVirtServerServicesUp
altSwSlbVirtServerServicesDo
wn
The service ports of the virtual server is down and out of service.
657
Trap Name
Description
altSwSlbRealGroupAdvhlUp
altSwSlbRealGroupAdvhlDown The real group is down with an advanced health check formula.
altSwSlbBkupGroupAct
altSwSlbBkupGroupDeact
altSwSlbRemoteRealServerUp
altSwSlbRemoteRealServerDo
wn
The remote real server has gone down and is out of service.
altSwSlbRealServerOperDis
altSwSlbRealServerOperEna
altSwIfcVlanDown
altSwPortVlanDown
All the ports are either down or moved to different a VLAN and
interfaces are down in that VLAN.
altSwIfcVlanUp
altSwPortVlanUp
658
Appendix C Glossary
This appendix includes descriptions of important terms and concepts used in this document.
Term
Description
Preemption
Priority
Proto (Protocol)
Redirection or Filter-Based
Load Balancing
The source port (application socket: for example: HTTP-80, HTTPS443, DNS-53).
659
Term
Description
Tracking
VIR (Virtual Interface Router) A VRRP address that is an IP interface address shares between two
or more virtual routers.
Virtual Router
Virtual Server Load Balancing Classic load balancing. Requests destined for a virtual server IP
address (VIP), which is owned by Alteon, are load balanced to a
real server contained in the group associated with the VIP. Network
address translation is done back and forth, by Alteon, as requests
come and go.
Frames come to Alteon destined for the VIP. Alteon then replaces
the VIP and with one of the real server IP addresses (RIPs),
updates the relevant checksums, and forwards the frame to the
server for which it is now destined. This process of replacing the
destination IP (VIP) with one of the real server addresses is called
half NAT. If the frames were not sent to the address of one of the
RIPs using half NAT, a server would receive the frame that was
destined for its MAC address, forcing the packet up to Layer 3. The
server would then drop the frame, because the packet would have
the DIP of the VIP, and not that of the server (RIP).
VRID (Virtual Router
Identifier)
660
Term
Description
661
662
License Grant. Subject to the terms of this Agreement, Radware hereby grants to you, and you
accept, a limited, nonexclusive, nontransferable license to install and use the Software in
machine-readable, object code form only and solely for your internal business purposes
(Commercial License). If the Software is distributed to you with a software development kit
(the SDK), then, solely with regard to the SDK, the Commercial License above also includes a
limited, nonexclusive, nontransferable license to install and use the SDK solely on computers
within your organization, and solely for your internal development of an integration or
interoperation of the Software and/or other Radware Products with software or hardware
products owned, licensed and/or controlled by you (the SDK Purpose). To the extent an SDK is
distributed to you together with code samples in source code format (the Code Samples) that
are meant to illustrate and teach you how to configure, monitor and/or control the Software
and/or any other Radware Products, the Commercial License above further includes a limited,
663
Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which you download the Software, as inferred from any timelimited evaluation license keys that you are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (Evaluation Use) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
discretion (the Evaluation Period). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, you agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and you agree to pay Radware any amounts due for any
applicable license fees at Radware's then-current list prices.
3.
Subscription Software. If you licensed the Software on a subscription basis, your rights to use
the Software are limited to the subscription period. You have the option to extend your
subscription. If you extend your subscription, you may continue using the Software until the end
of your extended subscription period. If you do not extend your subscription, after the expiration
of your subscription, you are legally obligated to discontinue your use of the Software and
completely remove the Software from your system.
4.
Feedback. Any feedback concerning the Software including, without limitation, identifying
potential errors and improvements, recommended changes or suggestions (Feedback),
provided by you to Radware will be owned exclusively by Radware and considered Radware's
confidential information. By providing Feedback to Radware, you hereby assign to Radware all of
your right, title and interest in any such Feedback, including all intellectual property rights
therein. With regard to any rights in such Feedback that cannot, under applicable law, be
assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants
Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable,
sublicensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make,
have made, distribute, sell, offer for sale, display, perform, create derivative works of and
otherwise exploit the Feedback without restriction. The provisions of this Section 4 will survive
the termination or expiration of this Agreement.
5.
Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble, decompile,
reverse engineer or otherwise attempt to derive source code (or the underlying ideas,
algorithms, structure or organization) from the Software; or (c) remove any copyright notices,
identification or any other proprietary notices from the Software (including any notices of Third
Party Software (as defined below); or (d) copy the Software onto any public or distributed
network or use the Software to operate in or as a time-sharing, outsourcing, service bureau,
application service provider, or managed service provider environment. Notwithstanding Section
5(d), if you provide hosting or cloud computing services to your customers, you are entitled to
use and include the Software in your IT infrastructure on which you provide your services. It is
hereby clarified that the prohibitions on modifying, or creating derivative works based on, any
Software provided by Radware, apply whether the Software is provided in a machine or in a
human readable form. Human readable Software to which this prohibition applies includes
(without limitation) Radware AppShape++ Script Files that contain Special License Terms. It
is acknowledged that examples provided in a human readable form may be modified by a user.
664
665
666