Maestro AFE CN-5500
User Guide
Copyright © 2008 by Crescendo Networks. All rights reserved worldwide. No part of this publication may be reproduced, modified, transmitted, transcribed, stored in retrieval system, or translated into any human or computer language, in any form or by any means, electronic, mechanical, magnetic, chemical, manual, or otherwise, without the express written permission of Crescendo Networks, 6 Yoni Netanyahu Street, Or-Yehuda 60376, Israel.
Crescendo Networks provides this documentation without warranty in any form, either expressed or implied.
Crescendo Networks may revise this document at any time without notice.
This document may contain proprietary information and shall be respected as a proprietary document with permission for review and usage given only to the rightful owner of the equipment to which this document is associated.
This document was designed, produced and published by Technical Publications, Crescendo Networks. Produced in U.S.A.
January 22, 2008
Visit Crescendo Networks website at: http://www.crescendonetworks.com The FCC and cTUVus Wants You to Know
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio
communications.
Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his/her expense.
Use of controls or adjustment or performance of procedures other then those specified herein may result in hazardous radiation exposure
CLASS 1 LASER PRODUCT internal lasers comply with IEC 60 825-1:1993 + A1:1997 + A2:2001 and EN 60825-1:1994+A1:1996+ A2:2001
Equipment may operate in maximum ambient temperature 40°C
FCC Warning
Table of Contents
Chapter 1. Introduction to the Maestro AFE Platform... 1
Overview of the Maestro AFE ... 2
Hardware Technology ... 2
Hardware Platforms... 2
TCP Offload & Delivery Optimization... 3
Connection Management Algorithms ...3
Request Processing Algorithms...3
Response Optimization...4 Load Balancing... 4 Compression... 4 SSL Acceleration ... 5 Deployment Options... 5 Physical Configuration ...5
Single Server Acceleration – Virtual Server Mode...6
Single Server Acceleration – Spoofed Server Mode...7
Load Balanced Server Acceleration...8
VRRPc Redundancy ... 9
Installation and Configuration Guidelines ... 9
Deployment Environment Preparation ...9
Installation and Configuration ...11
Chapter 2. Maestro AFE Installation ... 14
Introduction... 15
Chapter 3. Introduction to the Command Line Interface ... 19
Accessing the CLI ... 20
Serial Console Settings ...20
Conventions Used in this Guide... 20
CLI Prompt Structure... 21
CLI Navigation... 22
Case Sensitivity ...22
Basic Navigation ...22
Online Help ...23
Configurable CLI Parameters ... 23
Using the ‘show’ Command ... 24
Using the ‘no’ Command ... 25
Chapter 4. Introduction to the Graphical User Interface... 26
Graphical User Interface (GUI) Overview ... 27
Preparations – Installing Sun Java ... 27
Logging in to the GUI ... 27
Navigating the GUI ... 28
Summary...29
Monitoring...30
History...31
Configuration ...32
Events ...33
Chapter 5. Initial Configuration & Global Settings... 34
Before Proceeding... 35
Conventions Used in this Guide... 35
Initial Configuration... 36
Initiating the Auto Configuration Dialog (ACD) ...36
Initial Configuration Summary ...39
Outbound Traffic Rate Shaping...39
Global Configuration Commands... 41
Showing Configuration Information from the CLI...42
Using the “no” command from the CLI ...43
Device Name ...44
Calendar and Time Settings ...45
Proxy Signature (HTTP Header Settings) ...51
Interface Commands ... 53
Configuring the Management Ethernet Interface ...53
Configuring the Management Serial Interface ...55
Configuring Gigabit-Ethernet Interfaces...56
Configuring Interface Speed/Duplex Settings for the CN-5500E...58
VLAN Support ...58
Link Aggregation...60
Networking Commands ... 65
Routing...65
Disable Routing of Non-accelerated Traffic between Interfaces...66
Client-side TCP Commands... 68
Client-side TCP Windows ...68
Client-side TCP Inactivity Timers ...70
Client-side MSS...70 FastTCP ...71 Server-side TCP Commands ... 74 Server-side TCP Windows ...74 Security... 76 User Configuration... 76
Access Lists for the Management Ethernet Interface...77
System Commands... 79
Configuration File Management ...79
Loading Additional Configuration Files to a Running Config ...80
File Transfer/Management ...80
File Commands ...82
Software and Operating System Upgrade and Version Control ...83
Logging Commands... 86
Logging ...86
Chapter 6. Server Preparation and Logging Considerations ... 90
Server Preparation... 91
HTTP Server Configuration Requirements...91
TCP Server Configuration Requirements...92
Virtual Servers...99
Load Balancing Concepts - HTTP Application Load Balancing and Acceleration vs. TCP (Layer4) Load Balancing ...100
Health Monitoring...100
Server Topology Configuration... 101
Backend Connections (For HTTP Clusters) ...101
Dynamic File Extensions...102
Acceleration of Authenticated HTTP Sessions ...103
Farm Configuration... 105
Configuration Steps...105
Cluster Configuration (Load Balancing, Health Checking, Persistence)... 107
Cluster Configuration ...107
Load Balancing Configuration...110
Persistency ...114
Health Check Configuration ...115
Server Inactivity Check...120
Real Servers ... 124
Configuring a Real Server ...124
Chapter 8. Virtual Servers, URL Rewriting, and L7 Switching / Redirection.... 127
Before Proceeding... 128
Virtual Servers... 128
Configuring Virtual Servers ...128
URL Rewriting ... 130
URL Rewrite Rules ...131
Configuring URL Rewrite Rules...133
L7 Switching & Redirection (HTTP Virtual Servers)... 138
L7 Switching Criteria ...138
L7 Switching Criteria Options ...139
L7 Switching Actions ...139
L7 Switching Rule Priorities...140
L7 Switching Example Configuration...141
Configuring L7 Switching Rules ...141
HTTP Redirection Rules ... 144
HTTP Redirection Configuration Criteria...144
Configuring HTTP Redirection Rules...146
Chapter 9. Compression... 148
Configuring Compression ...150
Global Configuration (Browser/File Exceptions) ... 154
Configuring Browser/File Exceptions...154
Chapter 10. SSL Acceleration... 156
Before Proceeding... 157
Overview of the SSL Acceleration Module... 157
Configuration Preparation ... 157
SSL Acceleration Configuration Outline ...157
Server Configuration...158
Preparation ...159
Configuring a Virtual Server... 160
Configure Real or Virtual Server ...160
Importing or Creating a Private Key ... 160
Importing or Creating a Private Key ...160
Importing or Creating a Certificate... 164
Importing or Creating a Certificate...164
Cipher Profile ... 169
Creating a Cipher Profile...169
Configuring an SSL Server Profile (Client-side SSL)... 172
SSL Server Profile Configuration Outline ...172
Configuring an SSL Client Profile (Server-side SSL)... 175
SSL Client Profile Configuration Outline...175
Converting Keys, Certificates, and Chained Certificates... 178
OpenSSL...178
Keys ...178
Certificate...179
Converting Certificates and Keys Exported from Microsoft IIS ...181
Chained Certificates ...182
Chapter 11. VRRPc Redundancy ... 184
Before Proceeding... 185
Viewing the Maestro AFE Summary Feature... 193
Overview of the Summary Window...194
Monitoring the Maestro AFE via the CLI... 195
Monitoring the Maestro AFE via the CLI...195
Monitoring the Maestro AFE via the GUI...195
Monitoring the Server ... 201
Monitoring Servers or Groups of Servers via the CLI ...201
Monitoring the Server via the GUI...201
Monitoring Attacks and Abnormal Network Behavior ... 206
Configuring Attack Monitors...207
Chapter 13. Using the Maestro AFE History Feature ... 210
Overview of the Maestro AFE History Feature... 211
Selecting and Viewing Maestro AFE History Graphs... 211
Available Historical Variables ...212
Chapter 14. Troubleshooting ... 216
Common Issues and Solutions... 217
Recovering a Lost Password ... 220
1
Introduction to the Maestro AFE
Platform
Chapter 1 provides an introduction to the Maestro AFE including a feature overview and implementation examples. Additionally, the Installation and Configuration Guidelines section on page 9 of this chapter is used to provide a configuration framework which can be
referenced throughout any stage of configuration.
Overview of the Maestro AFE™ .
Hardware Technology.
Hardware Platforms.
TCP Offload & Delivery Optimization.
Load Balancing.
Compression.
SSL Acceleration.
Deployment Options.
VRRPc™ Redundancy.Overview of the Maestro AFE
The Maestro AFE™ (Maestro Platform) provides a high performance, scalable, rack-mounted solution designed specifically for demanding application environments. It incorporates ground breaking hardware and software technology which increases the performance of HTTP/HTTPS based applications and ensures consistent fast response times regardless of traffic or load demands. The Maestro AFE incorporates several critical technologies to provide best-of-breed performance, including TCP offload and delivery optimization, hardware-based compression, SSL acceleration, and load balancing.
Hardware Technology
The Maestro AFE utilizes Crescendo Networks’ proprietary hardware architecture. Designed to specifically address the requirements of application acceleration and infrastructure scalability, the Maestro Application Delivery Platform provides superior server acceleration and resource optimization. The FreeFlow™ architecture, utilizing Network Processors (NP) and Field Programmable Gate Arrays (FPGA), incorporates over 80 micro-engines, explicitly tasked with various application-specific processes. The
implementation of task-specific hardware enables the Maestro AFE to utilize all
functionality simultaneously without suffering any performance degradation. This concept of Feature Concurrency allows the Maestro AFE to operate at maximum capacity,
regardless of the features or configuration being used. Crescendo Networks’ hardware demonstrates a unique and powerful approach to application acceleration.
Hardware Platforms
Four models of the Maestro AFE are available on the following platforms:
CN-5504E, CN-5504D, CN-5510E and CN-5510D.
2 RU Height*.
4 or 10 SFP GbE interfaces (10/100/1000/Auto Configurable Ethernet)*.
1 Fast Ethernet Management Interface.
1 RS-232 Serial/Console Interface.
Redundant Power Supply Capability* (available for CN-5504D and 5510D).
Enhanced Interface LED Display*.TCP Offload & Delivery Optimization
The Maestro AFE is deployed as an Application Front End (AFE), meaning all application requests and responses are transmitted directly between the Maestro AFE and the servers. For example, a client connection will be sent to, or intercepted by, the Maestro AFE. The Maestro AFE establishes the TCP connection with the client and receives the application request. Since the Maestro AFE maintains several persistent connections directly to each accelerated server, it is able to quickly submit the client’s application request, receive the response, and forward it to the client.
Short Lived Transaction (SLT™) technology is the core of the Maestro AFE. Using SLT, the Maestro AFE intelligently manages how requests are sent to servers and how responses are then transmitted to clients. SLT utilizes three main components:
Connection Management Algorithms
Server-side sessions are managed through a set of advanced algorithms that provide an optimal approach to Connection Consolidation. These algorithms are dependent on a number of factors that include the type of request (dynamic content vs. static content), client-side TCP connection performance, and an inherent knowledge of what connection profiles are best suited for the various web server operating systems.
Request Processing Algorithms
As a session terminating intermediary, the Maestro AFE is responsible for terminating client connections, processing the requests that these connections carry, and then delivering them to the server over existing server-side connections. SLT™ optimizes this process by using two unique phases for handling and delivering the requests to the server:
The device waits until the entire request has arrived from the client before it decides to deliver it to the server. This is incredibly beneficial in situations where long client requests are arriving over slow or problematic TCP connections. If the server were exposed to the weaknesses of these client-side TCP conditions, valuable resources would be tied up while it waited for the arrival of the complete request. By waiting for the entire request to arrive and then delivering it in whole to the server, SLT™ shields the server from client-side TCP conditions and allows it to minimize its processing time for each request.completely transparent to the client who never knows or needs to worry about the way in which objects are fetched from the server by the Maestro AFE.
Response Optimization
One of the main objectives of SLT™ is to shield the server from weaknesses imposed by client connections that are subjected to WAN environments. These client connections experience packet loss, delay, and congestion, all of which would impact the server
through increased CPU and memory utilization if it were exposed to them. By completely shielding the server from these issues, SLT™ allows the Maestro AFE to communicate with the servers in a highly optimized environment. The server is already dealing with fewer connections; and since those connections are managed by the Maestro AFE, the server can transmit its responses to the network at maximum throughput. Client requests are served as optimally as possible, allowing the server to quickly move on to the next request to be processed.
Load Balancing
The Maestro AFE provides a comprehensive load balancing feature set that allows it to efficiently distribute user requests across clusters of identical servers. Additionally, since the Maestro AFE is in control of the actual request flow to the servers, it can direct traffic to them based on real-time request load as well as other L7 switching criteria (url, file name, hostname, browser language, etc.)
All HTTP (L7) load-balancing functionality is fully and seamlessly integrated with all other optimization services provided by the highly scalable, multi-gigabit Maestro AFE platform. Additionally, because of its unique and powerful task-specific hardware architecture, all services can operate concurrently without any degradation in device performance. The Maestro AFE also incorporates traditional Layer 4 Load Balancing for providing load balancing for non-HTTP TCP-based protocols.
A load balancing license must be configured on the Maestro AFE to enable this feature. Please contact your Crescendo Networks Reseller or Sales Associate for assistance with enabling this feature.
Compression
dramatic reduction in outbound bandwidth usage, while also significantly reducing end-user response times.
SSL Acceleration
The hardware-based SSL Acceleration module reduces a significant level of processing resources from servers while allowing secure applications to easily scale beyond what normal server platforms can provide. Because the Maestro AFE™ relieves the servers from handling these tasks, the servers can redirect their full resources to provide up to 10 times more processing performance.
Deployment Options
The Maestro AFE™ is a scalable, non-intrusive solution that is easy to integrate. The Maestro AFE provides flexible physical and logical configuration options to ensure seamless integration in different environments.
The Maestro AFE can be configured to accelerate individual servers, in which each server is seen as a separate entity, or in a load balanced cluster, in which a group of identical servers is represented as a single Virtual Server (Virtual IP) to the outside world. Regardless of whether load balancing is used, all methods of server acceleration including TCP Offload, Compression, and SSL Acceleration can be used. This section describes the two options available for single server acceleration: virtual server and spoofed server modes.
Physical Configuration
The Maestro AFE is available in 4 Gbic (CN-5504), and 10 Gbic (CN-5510) Gigabit Ethernet interface configurations. The Maestro AFE supports several physical configuration options enabling deployment in virtually any environment.
Configuration options include:
“One-leg” single interface deployment.
“Routed” multiple interface deployment.Single Server Acceleration – Virtual Server Mode
In Virtual Server mode, a Virtual Server IP address and TCP port is configured on the Maestro AFE and is then mapped to a single real server IP and port. Client traffic is destined to the Virtual Server on the Maestro AFE, which communicates with the real server directly. Traffic previously destined to the real server is directed to the Virtual Server Address on the Maestro AFE instead. The following diagrams present examples of Virtual mode configured in either one or two interface configurations.
Figure 2: Virtual Server – Two Interfaces
Single Server Acceleration – Spoofed Server Mode
In Spoofed server mode, the Maestro AFE will be deployed as a router between client traffic and the real server. The real server IP address and port is configured in the Maestro AFE as a “spoofed” address and port. Traffic destined to this address will be intercepted by the Maestro AFE, which communicates with the real server directly. All other traffic is routed normally.
Figure 3: Spoofed Server – Two Interfaces
Load Balanced Server Acceleration
When using Load Balancing, a cluster of identically configured servers will be configured with a single Virtual Server IP address.
Figure 5: Load Balancing – Two Interfaces
VRRPc Redundancy
VRRPc is Crescendo Networks’ proprietary redundancy protocol for Application Front End devices. VRRPc can be implemented in one of two ways: hot/standby or load-sharing (i.e. active/active). Implemented in a similar fashion to VRRP—using virtual MAC and IP addresses—VRRPc extends the capabilities of traditional VRRP by enabling more
intelligent redundancy decisions. VRRPc tests more than simple network availability between two redundant devices as VRRP does. Instead, failover decisions are based on upstream network device availability as well as application server health and connectivity.
Installation and Configuration Guidelines
The following section provides a basic configuration outline as well as chapter references associated with each specific concept. Required configuration information will be
Physical Network Topology
What type of configuration topology will be used? Determine the number of physical interfaces desired.
Using a single interface configuration provides the flexibility of installing the Maestro AFE without making any additional network changes.
Using a two interface configuration requires the Maestro AFE to act as a router, meaning servers, routers, and other devices may require additional configuration (static or default routes, etc.).Will single server acceleration or load balancing be used? If using single server, which method will be configured – virtual or spoofed?
A two-interface configuration is recommended when using spoofed mode.IP Address Requirements
Prepare IP addresses and route information. The following is a list of basic IP address requirements:
The Management Ethernet interface will require an IP address.
Each data interface of the Maestro AFE will require an IP address.
Each Virtual Server will require an IP address (unless using a spoofed server, in which an additional IP is not necessary).
VRRPc requires a separate IP address which will be shared between the redundantly deployed units.SSL Considerations
If configuring SSL Acceleration, the following information is required:
Private Key and Certificate in PEM format.
Most keys/certificates can be exported from existing servers and then imported into the Maestro AFE.
Additionally, the certificate must have the text prepend before the “BEGIN CERTIFICATE” statement.
If keys/certificates do not exist yet, a Certificate Request will have to be created and submitted to a Certificate Authority, which will then issue the appropriate certificate for import into the Maestro AFE.Installation and Configuration
Physical Installation
Unpack and securely install unit.
Plug in required Gbic(s) and attach Maestro AFE to local switch(es).
Attach provided serial cable to workstations running terminal emulation software (for example, Microsoft HyperTerminal or TeraTerm). Default serial configuration is as follows:
Baud: 115,200
Data: 8 bit
Parity: none
Stop: 1 bit
Flow Control: noneRefer to Chapter 2. Maestro AFE Installation for specific information regarding unpacking and mounting instructions.
Initial Boot Configuration
Power on Maestro AFE.
During the initial boot process, the Maestro AFE will detect the existence of a startup configuration file. If one does not exist, a menu is displayed prompting the user to enter one of several configuration modes. It is recommended that the Automatic Configuration Dialog (ACD) be used. (Use option “2” to enter the ACD.) The following information should be configured:
Configure device name.
Create admin username and password.
Configure IP address and default route for Management Ethernet Interface.
Configure IP address and default route for Gigabit Ethernet Interfaces.
Configuring “Accelerated services” at this point is optional, but is covered in later chapters to provide a more detailed explanation.Log in to Maestro AFE
Log in with the newly configured admin account.Refer to Chapter 3. Introduction to the Command Line Interface or Chapter 4. Introduction to the Graphical User Interface for specific information regarding log in procedures and options.
Additional Basic Configuration Options
Once logged into the device, additional options can be configured.
Additional IP addresses and/or routes.
Management Access Control Lists.
Logging Options.
HTTP Header Options.Refer to Chapter 5. Initial Configuration & Global Settings for additional configuration details and options.
Acceleration Topology Configuration
Create Farm(s).
Create Cluster(s).
Clusters are created inside of a farm.
Configure Real Server(s).
One server per cluster for single server acceleration.
The load balancing license is required to add more than one server to a cluster.
Create Virtual Server.
If deploying in “spoofed” mode, the Virtual Server IP will be the same as the real server. Otherwise, the Virtual Server IP should be a new, unused IP address.
Map Virtual Server to a Cluster.Refer to Chapter 7. Server Topology – Farms/Clusters/Real Servers for additional information.
Compression Configuration
Create Compression Profile.
Define content-type to be compressed within Compression Profile.
Enable Compression Profile per Cluster.SSL Configuration
Import or create private key.
Import or create Certificate/Request.
Create SSL Server Profile.
Profile should include previously created/imported key and certificate.
Enable SSL Profile per Cluster or Virtual Server.Refer to Chapter 10. SSL Acceleration for additional configuration details.
VRRPc Redundancy Configuration
Install two Maestro AFE units.
Configure VRRPc Interface IP addresses.
Configure VRRPc groups and enable feature.2
Maestro AFE Installation
Chapter 2 describes the hardware installation process for the Maestro AFE.
Introduction.
Maestro AFE Kit General Specifications.
Installing the Maestro AFE Hardware.
Device LED Status DefinitionsIntroduction
This chapter provides the essential information required to unpack and mount the Maestro AFE.
The CN-5500E is a 2U rack mounted device. The Maestro AFE is offered in 2, 4, 8, or 10 SFP GbE interface configurations. Gbic interfaces enable the use of either Copper or Fiber Gigabit Ethernet connectivity based on the module(s) installed.
The Maestro AFE™ comes with two management interfaces:
RS-232/RJ45 Console port.
100BT/RJ45 Out of Band Ethernet Interface.Maestro AFE™ Kit General Specifications
The Maestro AFE™ kit provides you with the following items:
Maestro AFE™ unit.
SFP (Gbic) Gigabit Ethernet modules (Fiber or Copper).
Documentation provided on CD.
Serial Cables.
Brackets and screws.
Power Cable(s) – Units sold in U.S.A. only.Do not drop. Handle the Maestro AFE unit with care.
Maestro AFE Installation Kit Detailed Items List
The Maestro AFE™ kit that you purchased should include the following equipment:
SFP (Gbic) Gigabit Ethernet modules – Comes according to the number and type you
Brackets and screws:
Rack mount brackets.
Screws (+1 spare) for the Maestro AFE™ brackets.Installing the Maestro AFE™ Hardware
Unpack the Maestro AFE™ unit from its protective cardboard box (packed with Styrofoam inserts). The next step requires that you prepare it for installation in the rack.
The Maestro AFE unit is an electrical device, handle it carefully and do not plug in the power cord until after it is installed in the rack.
Installing the Maestro AFE in the Rack
To install the Maestro AFE1. Install the rack mount brackets included in the installation kit to the front of the
Maestro AFE. Be sure to use the black screws that accompany the brackets, as they are longer than the screws removed from the Maestro AFE.
2. Tighten screws to ensure the brackets are securely connected to the front sides of the Maestro AFE.
3. Slide the Maestro AFE into an available rack.
4. Secure the Maestro AFE to the rack with the screws provided by the rack manufacturer as illustrated in Figure 6 below.
Figure 6: Mounting Brackets
Inserting the SFP Gigabit Ethernet Modules and Connecting
the Cables
Inserting the SFP Gigabit Ethernet module into the Ports
Insert the module (optical or copper) into the ports on the front panel of the Maestro AFE™ (Figure 7).Figure 7: SFP (Gbic) Interfaces
Connecting Cables
For the initial setup, you are required to attach the following cables to the Maestro AFE™:
Serial Console cable – See Maestro AFE Installation Kit Detailed Items List on page 15 for adescription.
Management Ethernet cable – See Maestro AFE Installation Kit Detailed Items List on page 15 for a description.
Power cable – Standard 110 (US) or 220 (Europe/Asia) cable according to your location.
Gigabit Ethernet cables – Standard optical or copper cables.To connect the cables
1. Connect the serial console cable into the Maestro AFE™ console port and to the console (see Figure 8).
2. Connect the Management cable into the Maestro AFE™ Ethernet port and to the management network (see Figure 8).
3. Connect the power cable. The unit will become powered-on immediately after plugging the cable in.
Device LED Status Definitions
The Maestro AFE has three operational status LEDs located on the right front panel as well as a single LED for each physical interface. The blinking activity and related status of each LED is defined in this section.
Device Status LEDs
Power.
On – Power is on.
System.
Off – Normal state.
On – Problem with FLASH memory, user intervention required.
Status.
Blinking – System is operational; ready for use.
Fast Blinking – Error; not operational.Interface LEDs for CN-5500E
The CN-5500E incorporates LEDs to represent interface activity in addition to the basic link notification.
Link LED
On – Interface has link.
Off – Interface has no link.Activity LED
3
Introduction to the Command Line
Interface
Chapter 3 describes the Maestro AFE CLI command set. This chapter provides the basic information needed to access, navigate, and use the CLI as a powerful means of
configuration.
Accessing the CLI.
Conventions used in this Guide.
CLI Prompt Structure.
CLI Navigation.
Configurable CLI Parameters.
Using the ‘show’ Command.
Using the ‘no’ Command.Accessing the CLI
Connection – The CLI can be accessed via the Serial interface (RS-232) and Ethernet Management interface using SSH or Telnet.
Number of connections – The Maestro AFE supports up to 5 concurrent remote management connections via SSH or Telnet.
Authentication – Each connection requires a username and password. Each user is given privileges according to the user level (user, admin, or tech). In general, an“admin” or “tech” user level is required to perform configuration operations. All users can view the current configuration and the system status.
Serial Console Settings
Use the serial port in conjunction with the provided serial cable to open a console session using a Terminal Emulation program (for example, Microsoft HyperTerminal, TeraTerm, etc.).
Setup the serial port as follows:
Bits per second: 115,200.
Data bits: 8.
Parity: None.
Stop bits: 1.
Flow control: None.Conventions Used in this Guide
This User Guide presents instructions for configuring the Maestro AFE. All configuration variables are available through the CLI while a majority of them are also available in the GUI. When discussing configuration concepts, the CLI version of a command will be demonstrated first, followed by a GUI example if applicable.
The CLI conventions used for this user guide are as follows:
Table 1: CLI Conventions
Convention Description
Italicized Indicates user input command elements like specifying a name or IP address.
? Enter a question mark at any point to get help.
| Indicates a delimiter between options.
{Braces} Commands enclosed in braces indicate mandatory command elements.
[Brackets] Commands enclosed in brackets indicate optional settings.
CLI Prompt Structure
CLI navigation is composed of a prompt level based hierarchy. Each level contains specific commands relevant to that level. For example, at the interface level the user enters an interface name and can configure all the relevant parameters for that interface (i.e. IP address, VLAN information, etc.).
The CLI command set consists of all the available CLI commands required to configure and monitor the Maestro AFE™. The command structure is based on the following prompt levels:
Examples:
In Root level, the prompt is (crescendo>).
In System level, the prompt is (system>).
In Configuration level, the prompt is (config>).
In Configuration Æ Interface level, the prompt is (gigabit-ethernet port 1>).
In Configuration Æ Farm level, the prompt is (farm "Farm">).Commands on a higher level in the command tree are available. Command completion is only available when in the correct prompt level.
CLI Navigation
Case Sensitivity
CLI commands, keywords, and reserved words are not case-sensitive. Commands and keywords can be entered in upper or lower case.
User-defined text strings are not case-sensitive and can be defined in both upper and lower case (including mixed cases). Character case in the user-defined text strings is preserved in the configuration for readability purposes only.
Basic Navigation
The CLI allows for the use of the TAB key for command completion as well as supporting abbreviated commands. For example, instead of typing the command “configure terminal” a user can input “c t” instead.
The CLI contains a command buffer of the last 16 commands. When using the up/down arrows, only the relevant commands related to the current configuration level display. Also, prior to accepting a configuration entry (line) the line can be edited
Additionally, the following special keys can be used to aid in navigating within the CLI.
Table 2: Special Keys for Navigating within CLI
Key Function
Tab Completes command word. [ESC] [ESC] Clears the prompt line.
Ctrl-N or Down Arrow Go to the next line in the history buffer. Ctrl-P or Up Arrow Go to the previous line in the history buffer.
The special keys rely on a VT compatible terminal.
Online Help
Commands that enable you to query the Online Help feature are specified according to:
Command mode.
Command.
Keyword.
Argument.Table 3: Online Help Query Commands
Convention Description
abbreviated-command-entry Obtain a list of commands that begin with a particular character string.
abbreviated-command-entry<Tab> Complete a partial command name. ? List all commands available for a particular
command mode in given prompt level and with current user credentials.
command ? List a command’s associated keywords. command keyword ? List a keyword’s associated arguments.
Configurable CLI Parameters
There are several options for adjusting the way information is displayed within the CLI. All options can be accessed via the crescendo> prompt as displayed below:
Using the ‘show’ Command
The show command is one of the most important commands available in the GUI. Show can be used to view virtually any configuration variable. The command is located in the root prompt level “crescendo>” but will operate within any prompt level.
To show configuration information Command Syntax:
show variable Prompt level - Root Example command: config> show ? Output:
crescendo> show
cli show cli information
ip display IP information
vrrpc display vrrpc information ftp-record display ftp record
system display system parameters version display version
running display running configuration startup display startup configuration
file display a file from /FLD/cfg directory users display users table
compression display compression profiles data boot-test display startup test status
global-data show global data
license-codes show codes for activated features server-queue-limit show long queue protection status connection-inactivity show time intervals to wait before
resetting the connections server-rx-window show server RX window size
tcp display TCP information
real display real server information virtual display virtual server information
farm display farms
cluster display clusters counters display counters
interfaces display interfaces table vlans display vlans table snmp display snmp information logging show logging information
config> show interfaces gigabit-ethernet 1 Output:
gigabit-ethernet 1, Admin UP, Status UP Description giga ethernet 1
Hardware address 00-50-C2-22-A3-29 Fiber Sfp
Internet address 10.1.1.100, Mask 255.255.255.0 MTU 9216 bytes, BW 1000 Mbit, FULL duplex
config> show system Output:
Hostname CN-5500, Date: 11:02:05 Time: 17:45:37
Servers: HTTP Server Enabled, SNMP Enabled, SSH Disabled, Telnet Enabled
Using the ‘no’ Command
The CLI provides the “no” command to undo or disable most configuration elements of the Maestro AFE.
To undo a command Command Syntax:
no command [variable] Prompt level - Configure Example command:
To remove an IP Address from an interface: gigabit-ethernet-1> no ip address To disable the http server for the GUI:
4
Introduction to the Graphical User
Interface
Chapter 4 introduces and explains the Maestro AFE Web-based Graphical User Interface (GUI).
Graphical User Interface (GUI) Overview.
Preparations – Installing Sun Java.
Logging in to the GUI.
Navigating the GUI.Graphical User Interface (GUI) Overview
The Maestro AFE GUI is a powerful tool for monitoring and managing the device. The GUI is a Java-based SNMP management application launched via a Web browser.
Preparations – Installing Sun Java
The workstation accessing the Maestro AFE must have the latest version of Sun Java installed. Java can be freely downloaded and installed at http://www.java.com.
Logging in to the GUI
From a Web browser, connect to the IP address of the management interface of the Maestro AFE.
Ensure that ports 80 and 161 are available to enable access to the GUI.
Once connected, a Crescendo Networks image will display in the existing browser window as shown in Figure 10. Do not close this window; doing so will close the Java-based GUI management application.
Figure 11: Login Screen
Log in using a user name and password created during the Auto Configuration Dialog or normal CLI configuration. Once logged in, the Maestro AFE GUI will be presented as a separate window. See Chapter 5. Initial Configuration & Global Settings.
Navigating the GUI
The GUI functions in five primary modes:
Summary – Displays basic real time information and device status.
Monitoring – Enables the user to view real-time and “last 5 minutes” performance information for the Maestro AFE, farms, clusters, and servers.
History – Displays historical performance information for the Maestro AFE, farms, clusters, and servers.
Configuration – Enables the user to configure most aspects of the Maestro AFE.
Events – Enables the user to view real-time and past events.Summary
Summary mode displays basic global information such as the number of operational farms, clusters, and servers. Additionally, it shows real time relative performance and transaction performance within the previous 24 hours.
Monitoring
Monitoring Mode enables the user to view real-time and “last 5 minutes” performance information for the Maestro AFE, farms, clusters, and servers. Click on an object in the Topology window to view related performance information. Selecting a cluster will
present the aggregate information for all servers contained in that specific cluster. Selecting a farm will present the aggregate information for all clusters and servers contained in that specific farm.
History
The History mode displays historical performance information for the Maestro AFE, farms, clusters, and servers. The History service must be enabled for each device you wish to view historical information for. History can be enabled through the Configuration mode.
Figure 14: History Screen
While in History mode, click on an object in the Topology window. If historical
information is available, the pull down data menus will be available. Up to 4 data types can be viewed simultaneously. Once selected, the information will be charted in the right panel.
Selecting a cluster will present the aggregate information for all servers contained in that specific cluster. Selecting a farm will present the aggregate information for all clusters and servers contained in that specific farm.
Additionally, the graphs time scale can be adjusted to minutes, days, or weeks by cycling through the icon at the bottom of the window.
Configuration
Configuration mode enables the user to configure most aspects of the Maestro AFE. Click on an object in the Topology window. Available configuration variables will be displayed in the right panel. Always click Apply to implement changes. To make the configuration change permanent for subsequent device startups, make sure to save the running
configuration by clicking File Æ Save Configuration.
Events
Events mode enables the user to view GUI Event information. In order to see information, GUI Events and Logging per device/object must be enabled.
Figure 16: Events Screen
To enable GUI Events, enter Configuration mode. From the Topology window, select the Maestro AFE icon. In the right pane, select the Events & Logging tab. Check the box labeled “GUI Events” and customize the logging level for associated events you would like displayed in the Events mode window. Click Apply. Next, you will have to enable
logging for each device you would like to see logging information. Do this by selecting each device in the Topology window and checking the box labeled “logging”. Click Apply.
5
Initial Configuration & Global Settings
Chapter 5 introduces the initial configuration and basic administrative configuration options of the Maestro AFE.
Before Proceeding.
Conventions Used in this Guide.
Initial Configuration (Auto Configuration Dialog).
Global Configuration Commands.
Interface Commands.
Networking Commands.
Client-side TCP Commands.
Server-side TCP Commands.
Security Commands.
System Commands.
Supportability Commands.Before Proceeding
In order to proceed with the Initial Configuration & Global Setting, the following steps should be satisfied.
The Maestro AFE should be properly mounted and connected to power. Please see Chapter 2. Maestro AFE Installation.
The Gbic interfaces should be installed and connected via Fiber or Copper to a switch. Please see Chapter 2. Maestro AFE Installation.
Management connectivity, whether through Serial Console or via Management Ethernet Interface (GUI, Telnet, or SSH). Please see Chapter 3. Introduction to the Command Line Interface.Conventions Used in this Guide
This User Guide presents instructions for configuring the Maestro AFE. All configuration variables are available through the CLI while a majority of them are also available in the GUI. When discussing configuration concepts, the CLI version of a command will be demonstrated first, followed by a GUI example if applicable.
The CLI conventions used for this user guide are as follows:
Table 4: CLI Conventions
Convention Description
Italicized Indicates user input command elements like specifying a name or IP address.
? Enter a question mark at any point to get help.
| Indicates a delimiter between options.
{Braces} Commands enclosed in braces indicate mandatory command elements.
Initial Configuration
Once the Maestro AFE is properly mounted and connected to a terminal via the provided serial cable (See Chapter 2. Maestro AFE Installation and Chapter 3. Introduction to the
Command Line Interface), the unit can be powered on for the first time.
The following section will demonstrate the configuration of a newly installed Maestro AFE by demonstrating the Auto Configuration Dialog. The remaining sections of Chapter 5 demonstrate additional global configuration parameters. The example used throughout this section assumes a basic network environment as displayed in Figure 17.
Figure 17: Basic Network Environment
Initiating the Auto Configuration Dialog (ACD)
After the boot process initializes successfully, the following options will be displayed through the Serial Console if the Maestro AFE shipped without a configuration file (startup.cfg):
[1] Run startup config file from the current directory [2] Activate the A.C.D (Auto Configuration Dialog)
If a configuration file exists (i.e. if the preceding menu is not displayed upon boot up) the existing startup.cfg file should be deleted or renamed, after which the box will present the startup menu upon the next reboot. The startup.cfg file can be renamed or deleted by logging into the CLI as an administrator or with the “rescue” account, entering the system> prompt, and then issuing the rename or delete commands for the
“startup.cfg” file. File management operations are covered in greater detail later in this chapter.
Proceed by selecting option “2” to enter the Auto Configuration Dialog input the required information.Table 5: CLI Conventions
Configuration Comments
Would you like to enter the initial configuration dialog (yes/no)? [yes] yes Enter host name [CN-5500]: CN-5500 Enter admin username [Admin]: admin Enter password: *****
Retype password for verification: *****
The username and password defined is case sensitive. Enter IP address for the Management
interface: 192.168.1.100
Enter subnet mask for this interface [255.255.255.0] : 255.255.255.0 Enter Management Default Gateway IP address: 192.168.1.1
Do you wish to enable SSH server (yes/no)? [yes] yes
Do you wish to enable HTTP GUI (yes/no)? [yes] yes
If no DG is required, press enter
If SSH is disabled during this process, Telnet will be
automatically enabled. Please select a data port 1-8: 1
Enter IP address for this interface:
10.1.1.254
Enter subnet mask for this interface [255.255.255.0] : 255.255.255.0
Do you want to define an IP-address to another data port (yes/no)? [no] no
Configuration Comments
Enter Real Server name: Server-1 Enter Real Server IP address:10.1.1.1 Please select Real Server port [80]:80 Do you wish to add more real servers (yes/no)? [NO]:yes
Enter Real Server name: Server-2 Enter Real Server IP address:10.1.1.2 Please select Real Server port [80]:80 Do you wish to add more real servers (yes/no)? [NO]:no
Do you wish to add more clusters (yes/no)? [NO]:no
Do you wish to add more farms (yes/no)? [NO]:no
Do you wish to configure Virtual Servers (yes/no)? [NO]:yes
Enter Virtual Server name: Virtual-1 Enter Virtual Server IP address:10.1.1.100 Please select Virtual Server port [80]: Do you wish to define a default cluster (yes/no)? [NO]:yes
Enter Default Cluster name: Cluster-1 Do you wish to add more virtual servers (yes/no)? [NO]:no
Once complete, the Maestro AFE will display the configuration details, as follows: The following configuration has been created:File : /RAMD/auto_startup.cfg hostname CN-5080E
user admin admin admin
interface management ethernet
ip address 192.168.1.100 255.255.255.0 ip route 0.0.0.0 0.0.0.0 192.168.1.1 ssh-server v1 http-server interface gigabit-ethernet 1 ip address 10.1.1.254 255.255.255.0 ip route 0.0.0.0 0.0.0.0 10.1.1.253 farm Farm-1 cluster Cluster-1 real Server-1 10.1.1.1 80 real Server-2 10.1.1.2 80
virtual Virtual-1 10.1.1.100 80 default cluster Cluster-1
Enter option “1” to cancel the configuration and restart the ACD, or choose option “2” to save and load the new configuration.Enter your selection [2]: 2 Copy OK: 314 bytes copied
run startup script "/FLD/cfg/startup.cfg"... login: admin
password: ***** crescendo>
Log in with the admin account created during the ACD.Initial Configuration Summary
It is not required that “Accelerated Services” be configured during the ACD. The
remaining sections in Chapter 5 deal with Global Configuration Settings such as interface, routing, user administration, and logging issues. Additional configuration details are provided in individual chapters for Server Acceleration & Load Balancing, Compression, SSL Acceleration, and device redundancy.
Outbound Traffic Rate Shaping
The Maestro AFE is equipped with Gigabit Ethernet data interfaces. Many outbound links utilize a Fast Ethernet (100Mb/s) connection. Therefore, all data transmissions are sent at Gigabit speed to the outbound link. In some network environments, this could result in the Maestro AFE flooding the outbound link causing dropped packets and subsequently poor performance. In these instances, the Maestro AFE must be configured to “shape” the rate at which data is transmitted to accommodate the slower outbound connection. This is accomplished with the rate-shaping command. By default, rate-shaping is disabled; meaning data is transmitted at maximum speed and burst rates. When installing the Maestro AFE in a network with slower outbound link connectivity, the command should be used as follows:
To set the rate-shaping globally Command Syntax:
Prompt level - Configure Example command:
To set the rate-shaping for a Fast Ethernet (100Mb/s) link: config> rate-shaping 100 128
To set the rate-shaping per interface Command Syntax:
rate-shaping {value in Mb/s} {max burst size in KB/s}
no rate-shaping
Prompt level – Configure Æ Interface Gigabit Example command:
To set the rate-shaping for a Fast Ethernet (100Mb/s) link: gigabit-ethernet port 1> rate-shaping 100 128
To set the rate-shaping per interface from the GUI
1. Once logged in through the GUI, click on the Configuration button on the left panel. 2. In the Topology window, click on the Maestro AFE device icon, then select the Ports &
3. Select the Port and Aggregator interface for adjusting the rate shaping.
4. Configure the Rate and Maximum Burst Size. A rate of 0 and Maximum Burst Size of 16 are the default values which represent no rate shaping.
Global Configuration Commands
Use the CLI Global Commands to define the Maestro AFE™ basic administrative settings. They are as follows:
Showing Configuration Information.
Device Name.
Calendar set.
Internal clock.
Services for Remote Management (SSH/Telnet).
Services for SNMP server access.
SNMP Configuration.
HTTP Server Configuration.Showing Configuration Information from the CLI
The show command is one of the most important commands available in the GUI. Show can be used to view almost any configuration variable. The command is located in the root prompt level “crescendo>” but will operate within any prompt level.
To show configuration information Command Syntax:
show variable
Prompt level - Root Example command: config> show ? Output:
cli show cli information
ip display IP information
vrrpc display vrrpc information
ftp-record display ftp record
system display system parameters
version display version
running display running configuration startup display startup configuration
file display a file from /FLD/cfg directory
users display users table
compression display compression profiles data boot-test display startup test status
global-data show global data
license-codes show codes for activated features server-queue-limit show long queue protection status connection-inactivity show time intervals to wait before
resetting the connections server-rx-window show server RX window size
tcp display TCP information
real display real server information virtual display virtual server information
farm display farms
cluster display clusters
counters display counters
interfaces display interfaces table
vlans display vlans table
snmp display snmp information
logging show logging information
config> show interfaces gigabit-ethernet 1 Output:
gigabit-ethernet 1, Admin UP, Status UP Description giga ethernet 1
Hardware address 00-50-C2-22-A3-29 Copper Sfp
Internet address 10.1.1.100, Mask 255.255.255.0 MTU 9216 bytes, BW 1000 Mbit, FULL duplex
config> show system Output:
Hostname CN-5020E, Date: 25:07:06 Time: 16:19:23 Servers: HTTP Server Enabled (listening on port 80),
SNMP Enabled, SSH Disabled, Telnet Disabled
Using the “no” command from the CLI
The CLI provides the “no” command to undo or disable most configuration elements of the Maestro AFE.
To undo a command Command Syntax:
no command [variable] Prompt level - Configure Example command:
To remove an IP Address from an interface: gigabit-ethernet-1> no ip address
To disable the http server for the GUI: config> no http
Device Name
The device/host name is specified to distinguish the Maestro AFE being managed. Perform the following commands to set the Maestro AFE hostname.
To set the hostname from the CLI Command Syntax:
hostname box-name Prompt level - Configure Example command:
config> hostname CN-1
To set the Hostname from the GUI
1. Once logged in through the GUI, click on the Configuration button on the left panel. 2. In the Topology window, click on the Maestro AFE icon.
Figure 19: Setting the Hostname
Calendar and Time Settings
To set the Calendar from the CLIPerform the following example commands to set the Maestro AFE calendar.
Command Syntax:
calendar dd:mm:yy Prompt level - Configure Example command:
config> calendar 22:02:04
To set the Calendar from the GUI
The calendar can be set in the GUI via the Configuration Æ Maestro AFE Æ System tab screen as shown in Figure 19.
To Set the Internal Clock from the CLI
Perform the following example commands to set the Maestro AFE internal clock settings.
Command Syntax:
clock hh:mm:ss Prompt level - Configure Example command:
config> clock 15:00:00
To set the Clock from the GUI
The clock can be set in the GUI via the Configuration Æ Maestro AFE Æ Global tab screen as shown in Figure 19.
Telnet and Secure Shell (SSH) Management Configuration
Perform the following example commands to set the Maestro AFE service availability (Telnet/SSH):When performing the initial configuration using the Auto Configuration Dialog (A.C.D.), an option is presented to enable or disable SSH access. If the ssh-server is disabled, the telnet-server is automatically enabled.
To enable/disable telnet server from the CLI Command Syntax
telnet-server no telnet-server
Prompt level - Configure Example commands:
config>telnet-server Output: enabling telnet access config>no telnet-server Output: disabling telnet access
To enable/disable the SSH server from the CLI Command Syntax
ssh-server [v1 | v2] no ssh-server
Prompt level - Configure Example commands:
config> ssh-server Output: enabling ssh access config> no ssh-server Output: disable ssh-server
The telnet-server and ssh-server toggle each other. When one is enabled, the other is disabled.
To enable/disable Telnet or SSH from the GUI
The clock can be set in the GUI via the Configuration Æ Maestro AFE Æ Global tab screen as shown in Figure 19.
To configure Telnet/SSH Session Idle Inactivity Timer from the CLI
Telnet/SSH connection made to the Maestro AFE’s management port are automatically closed by the Maestro AFE after a configured period of inactivity. The default value for telnet/SSH session inactivity is 10 minutes, but the value can be changed if necessary.
Command Syntax
cli idle-inactivity {seconds}
no cli idle-inactivity
Prompt level - Configure Example commands:
crescendo> cli idle-inactivity 1200 crescendo> no cli idle-inactivity
SNMP Management Configuration
The SNMP server can be enabled and disabled only from the CLI. Perform the following example commands to set the Maestro AFE SNMP server configuration.
To enable/disable the SNMP server from the CLI Command Syntax
snmp-server no snmp-server
Prompt level - Configure Example commands:
config> snmp-server
Output: enabling Snmp access config> no snmp-server Output: disabling Snmp access
The SNMP server status can be enabled or disabled only from the CLI. The SNMP “name” and “location” variables are the only fields modifiable via the GUI. Additionally, the SNMP server must be enabled for the GUI to operate.
To configure the SNMP server contact from the CLI Command Syntax
snmp-server contact contact-string Prompt level - Configure
Example command:
config> snmp-server contact jones
To configure the SNMP server location from the CLI Command Syntax
Prompt level - Configure Example command:
config> snmp-server location "main office"
To configure the SNMP server community from the CLI Command Syntax
snmp-server community community-string {read | write-read}
Prompt level - Configure Example commands:
config> snmp-server community-string read password
config> snmp-server community-string write-read read_and_write
SNMP Configuration from the GUI
The SNMP server must be enabled for the GUI to operate. The SNMP server status can be enabled or disabled only from the CLI.
The SNMP “name” and “location” variables are the only fields modifiable via the GUI. These options can be set in the GUI via the Configuration Æ Topology screen as shown in Figure 4.1.3.1.
HTTP Management Configuration
The HTTP service can be enabled and configured. Perform the following example commands to set the Maestro AFE HTTP server configuration.
The HTTP service must be enabled in order for the GUI to function properly. To enable/disable the HTTP server from the CLI
Prompt level - Configure Example commands: config> http-server
Output: enabling HTTP access config> no http-server Output: disabling HTTP access
Auto Configuration Dialog (A.C.D.)
The Auto Configuration Dialog provides a wizard-like approach to configuring the Maestro AFE. When the Maestro AFE boots and the initial configuration file (startup.cfg) does not exist, the user is prompted to use the A.C.D. to create a configuration file. Upon completion of the wizard, the user will be prompted to load and save the new
configuration information as startup.cfg. During the next boot process, the Maestro AFE will use the information found in the startup.cfg file.
To initiate the Auto Configuration Dialog during normal operation from the CLI Command Syntax
auto-config
Prompt level – Configure
Global History Service
To enable the Maestro AFE to save historical performance information for specified objects like farms, clusters, or servers, the History service must be enabled globally. Once enabled globally, individual objects must enable the history function as a separate configuration action before historical data will be available.
To enable/disable history from the CLI Command Syntax:
service history no service history
Prompt level - Configure Example command:
config>service history config>no service history
Proxy Signature (HTTP Header Settings)
The Maestro AFE acts as a TCP intermediary, maintaining separate client and server connections. In this way, the Maestro AFE operates as a proxy and enables the ability to insert special headers on the client and server connections to identify itself. By default, the Maestro AFE inserts the following header into client-side responses and server-side
requests:
Via: CN-5500E
The header used to identify the Maestro AFE can be disabled or configured as either “Via” or “X-Via” for either the client or server side connections.
To configure proxy signature from the CLI Command Syntax:
proxy-sign {via | x-via} {to-client | to-server | [CR] (to both)} no proxy-sign
Prompt level - Configure Example command:
config> proxy-sign via
config> proxy-sign x-via to-server
To configure proxy signature (to backend server) from the GUI
1. From the Configuration mode of the GUI, click on the Servers Topology icon. 2. Adjust the Proxy Signature settings in the General tab.
Figure 20: Setting the Proxy Signature to the Backend Server
To configure proxy signature (to clients) from the GUI
1. From the Configuration mode of the GUI, click on the Virtual Servers icon. 2. Adjust the Proxy Signature settings in the Advanced tab.
Interface Commands
Use the CLI commands to configure the following Maestro AFE’s interfaces:
Management Ethernet port.
Management Serial port.Use the CLI and the GUI to configure the following Maestro AFE interface:
Gigabit-Ethernet data ports.It is important to understand that the Maestro AFE utilizes an out-of-band management architecture for enhanced security and manageability. Because of this, two terms are used throughout this User Guide to discuss the path of data: data-path and management-path. Data-path refers to any traffic being accelerated or routed through the primary interfaces of the Maestro AFE. Management-path refers only to traffic destined to the management Ethernet port. For each path, there is a separate routing table and PING commands.
Configuring the Management Ethernet Interface
The management Ethernet interface can only be configured from the CLI. Perform the following commands to configure the Maestro AFE Management interfaces.
The management Ethernet interface is used for all remote management access, e.g., GUI, SNMP, Software and configuration file management, etc. The management Ethernet interface has a separate routing table and must have a default route to access a remote network.
To configure the management Ethernet interface from the CLI Command Syntax
interface management ethernet
Prompt level - Configure Example commands:
Prompt level - Configure Æ Interface Management Ethernet Example commands:
management-ethernet> ip address 192.168.1.100 255.255.255.0 management-ethernet>no ip address
To configure management Ethernet interface description from the CLI Command Syntax:
description interface-description
Prompt level - Configure Æ Interface Management Ethernet Example commands:
management-ethernet> description FW_DMZ_2
To configure the management interface route from the CLI Command Syntax:
ip route prefix-ip-address prefix-mask nexthop-ip
no ip route prefix-ip-address prefix-mask nexthop-ip Prompt level - Configure Æ Interface Management Ethernet Example commands:
management-ethernet> ip route 0.0.0.0 0.0.0.0 10.0.0.1 management-ethernet> no ip route 0.0.0.0. 0.0.0.0
To ping via the management interfaces from the CLI Command Syntax:
ping mgmt IP-address [count number of pings] [size buffer-size] Prompt level - Root
Example commands:
