Cisco GSS-4492R-K9 Administration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Server
  5. GSS-4492R-K9
  6. Administration manual

Cisco GSS-4492R-K9 Administration Manual

Administration guide
Hide thumbs
Table of Contents

Quick Links

Enlarged version
Cisco Global Site Selector Administration
Guide
Software Version 2.0
March 2007
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-10410-01
Table of Contents
loading

Related Manuals for Cisco GSS-4492R-K9

Summary of Contents for Cisco GSS-4492R-K9

  • Page 1 Cisco Global Site Selector Administration Guide Software Version 2.0 March 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-10410-01...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.;...

  • Page 3: Table Of Contents

    Managing the GSS from the CLI C H A P T E R Logging in to the CLI and Enabling Privileged EXEC Mode Understanding GSS Software Licenses Acquiring and Installing CNR and DDoS License Files Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 4 Replacing GSS Devices in Your GSS Network 2-30 Replacing the Primary GSSM in the Network 2-31 Converting the Standby GSSM to a Primary GSSM 2-31 Replacing the Primary GSSM with an Available GSS 2-35 Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 5 Modifying a GUI User Account 3-12 Removing a GUI User Account 3-12 Changing the User Account GUI Password 3-13 Creating and Modifying User Views for the Primary GSSM GUI 3-15 Custom User View Overview 3-15 Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 6 Specifying TACACS+ Authorization of the GSS 4-24 Specifying TACACS+ Accounting on the GSS 4-25 Showing TACACS+ Statistics on the GSS 4-26 Clearing TACACS+ Statistics on the GSS 4-28 Disabling TACACS+ on a GSS 4-28 Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 7 Viewing MIB Files on the GSS Backing Up, Restoring, and Downgrading the GSSM Database C H A P T E R Backing Up the Primary GSSM Backup Overview Performing a Full Primary GSSM Backup Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 8 Viewing Subsystem Log Files from the CLI 9-11 Rotating Existing Log Files from the CLI 9-12 Viewing System Logs from the Primary GSSM GUI 9-13 Viewing System Logs from the Primary GSSM GUI 9-14 Cisco Global Site Selector Administration Guide viii OL-10410-01...
  • Page 9 A P P E N D I X Verifying the GSSM Role in the GSS Network Backing up and Archiving the Primary GSSM Obtaining the Software Upgrade Upgrading Your GSS Devices N D E X Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 10 Contents Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 11 Obtaining Documentation, Obtaining Support, and Security Guidelines • Audience To use this guide, you should be familiar with the Cisco Global Site Selector hardware, which is discussed in the Global Site Selector Hardware Installation Guide. In addition, you should be familiar with basic TCP/IP and networking...

  • Page 12: How To Use This Guide

    Database up your primary GSSM. Chapter 8, Viewing Log Includes information on auditing logged information Files about your GSS devices. Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide OL-10413-01...

  • Page 13: Related Documentation

    GSS. for the Cisco Global Site Selector Release Note for the Information on operating considerations, caveats, and Cisco Global Site new CLI commands for the GSS software. Selector Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xiii OL-10413-01...
  • Page 14 Reference and related commands. This document also describes how to use the CLI interface. Several of the Cisco CNS Network Registrar (CNR) documents are referenced in this guide. The CNR version6.2 documentation set consists of the following documents: Document Title...

  • Page 15: Symbols And Conventions

    Screen examples use the following conventions: font Terminal sessions and information the system displays are screen font. screen Information you must enter is in font. boldface screen boldface screen font Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide OL-10413-01...
  • Page 16 A caution means that a specific action you take could cause a loss of data or Caution adversely impact use of the equipment. Note A note provides important related information, reminders, and recommendations. Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide OL-10413-01...

  • Page 17: Security Guidelines

    For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 18 Preface Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xviii OL-10413-01...
  • Page 19 Activating and Modifying GSS Devices • • Logically Removing a GSS or Standby GSSM from the Network Configuring the Primary GSSM GUI • Printing and Exporting GSSM Data • Viewing Third-Party Software Versions • Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 20: Chapter 1 Managing Gs Device From The Gui

    Cisco Systems. To avoid approving the signed certificate every time you log in to the primary GSSM, accept the certificate from Cisco Systems, Inc. For instructions on trusting certificates from a particular owner or website, refer to the online help included with your browser.

  • Page 21: Logging Into The Primary Gssm Graphical User Interface

    The Primary GSSM Welcome page (see Figure 1-2) appears. See the Cisco Global Site Selector GUI-based Global Server Load-Balancing Configuration Guide for information about navigating through the primary GSSM GUI. Figure 1-1 Primary GSSM GUI Login Window Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 22: Logging Into The Gss And Accessing The Cnr Gui

    1-1). Logging Into the GSS and Accessing the CNR GUI You can extend the capabilities of GSS by using the Cisco Network Registrar (CNR). CNR is purchased as a separate license add-on and involves upgrading the existing GSS software license. For more information about obtaining, installing,...

  • Page 23: Logging Into The Gss And Accessing The Cnr Gui

    Enter the secure HTTP address of your GSS in the address field as follows: http:// gss-machine:8080 where gss-machine is a resolvable name, such as gss-example.cisco.com or the IP address of that machine. For instance, each of the following can serve as valid addresses: http://gss-example.cisco.com:8080...

  • Page 24: Activating And Modifying Gss Devices

    At the Network Registrar login window, enter your username and password in the fields provided, and then click Login. See the Cisco CNS Network Registrar User’s Guide for information on configuring CNR using its Web-based user interface (Web UI). Activating and Modifying GSS Devices Activate your GSS devices from the primary GSSM GUI to add those devices to your GSS network.

  • Page 25: Activating And Modifying Gss Devices

    Activating and Modifying GSS Devices Figure 1-4 Global Site Selectors List Page—Inactive Status Click the Modify GSS icon for the first GSS device to activate. The Modifying GSS details page appears (see Figure 1-5). Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 26 If this occurs, power cycle the GSS device, check your network connections, and then repeat this procedure. If you still cannot activate the GSS device, contact Cisco TAC. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 27 You can modify the name and location of any of your GSS devices using the primary GSSM GUI. To modify other network information such as the hostname, IP address, or role, you must access the CLI on that GSS device (see the Cisco Global Site Selector Getting Started Guide).

  • Page 28: Deleting Gss Devices

    Click OK to confirm your decision and return to the Global Site Selectors list page. The deleted device is removed from the list. To reconfigure the GSS device, see the Cisco Global Site Selector Getting Started Guide. Cisco Global Site Selector Administration Guide...

  • Page 29: The Network

    Stop the GSS software running on the GSS by entering the following command: gss1.example.com# gss stop Disable the GSSM or GSS by entering the following command: gss1.example.com# gss disable gss1.example.com# shutdown Cisco Global Site Selector Administration Guide 1-11 OL-10410-01...

  • Page 30: Logically Removing A Gss Or Standby Gssm From The Network

    To add the removed GSS or standby GSSM back into the GSS network, follow the procedures outlined in the Cisco Global Site Selector Getting Started Guide. After you configure the GSS or standby GSSM, you may reload the backup copy of the GSS device startup configuration settings (see the “Saving the startup-config and...

  • Page 31: Configuring The Primary Gssm Gui

    Adjust one or more of the GUI configuration parameters as follows: • To modify the length of time that can expire without GUI activity before the primary GSSM automatically terminates the GUI session, do the following: Cisco Global Site Selector Administration Guide 1-13 OL-10410-01...

  • Page 32: Printing And Exporting Gssm Data

    CSV editor. To print the data, click the Print button. The Print dialog box on your • workstation appears. Choose a printer from the list of available printers. Cisco Global Site Selector Administration Guide 1-14 OL-10410-01...
  • Page 33 Viewing Third-Party Software Versions To export the output of all primary GSSM GUI configured fields when Note troubleshooting a GSS device with a Cisco technical support representative, enter the show tech-support config CLI command. See Chapter 9, Monitoring GSS Operation for details.

  • Page 34: Viewing Third-Party Software Versions

    Chapter 1 Managing GSS Devices from the GUI Viewing Third-Party Software Versions Figure 1-8 GSSM Third-Party Software List Page Cisco Global Site Selector Administration Guide 1-16 OL-10410-01...
  • Page 35 Disabling the GSS Software • Restoring GSS Factory-Default Settings • Replacing GSS Devices in Your GSS Network • Changing the GSSM Role in the GSS Network • Displaying GSS System Configuration Information • Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 36: Chapter 2 Managing The Gs From The Cli

    Note dedicated terminal and about establishing a remote connection using SSH or Telnet, see the Cisco Global Site Selector Getting Started Guide. Specify your GSS administrative username and password to log in to the GSS device. The CLI prompt appears.

  • Page 37: Understanding Gss Software Licenses

    If you want to enable the DDoS license package on a particular GSS, you must purchase a DDoS license from Cisco Systems in order to receive a Product Access Key (PAK) number.

  • Page 38: Acquiring And Installing Cnr And Ddos License Files

    Cisco that: Allows you to retrieve or generate a license file for a particular PAK. • Provides a way for Cisco to track licenses as well as a way for you to recover • lost licenses.
  • Page 39 The license file is copied to the /licenses directory when the installation is complete. To uninstall a license file on the GSS, enter the license command with the uninstall keyword as follows: gssm1.example.com# license uninstall ddos_new.lic Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 40: Installing Cnr

    Connected to 1.1.1.23 (1.1.1.23). 220 3Com 3CDaemon FTP Server Version 2.0 Name (1.1.1.23): cisco 331 User name ok, need password Password: 230 User logged in Remote system type is UNIX. Using binary mode to transfer files. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 41 Note explictly enable CNR to start processing requests. See Step Verify that the GSS software is running: gssm1.example.com# gss status Cisco GSS - 2.0(2) GSSM - primary [Thu Nov 8 14:27:33 EDT 2007] Normal Operation [runmode = 5] START SERVER...
  • Page 42 GSSM for your GSS network, enter the following command: gssm1.example.com# gss enable gssm-primary See the Cisco Global Site Selector Getting Started Guide for details. Enable the CNR server agent by using the cnr enable command in global configuration mode as shown in the following example: gssm1.example.com# config...

  • Page 43: Accessing The Cnr Cli

    = staged user-name = admin visibility = 5 zone-edit-mode = synchronous nrcmd> See the Cisco CNS Network Registrar CLI Reference Guide, 6.3 for instructions on using nrcmd. Exit the CNR nrcmd program. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 44 Chapter 2 Managing the GSS from the CLI Understanding GSS Software Licenses nrcmd> exit gssm1.example.com# Cisco Global Site Selector Administration Guide 2-10 OL-10410-01...

  • Page 45: Invoking The Shell And Executing Cnr Utilities

    Enter the utility name to execute any of these CNR utilities. For example: cnr shell> cnr_tactool user: password: See the Cisco CNS Network Registrar User’s Guide for more information about cnr_tactool and the other available CNR utilities. Cisco Global Site Selector Administration Guide 2-11...

  • Page 46: Using The Startup-Config And Running-Config Files

    Telnet enable—Telnet state of the GSS device (enabled or disabled) • • FTP enable—FTP state of the GSS device (enabled or disabled) FTP client enable—FTP client state of the GSS device (enabled or disabled) • Cisco Global Site Selector Administration Guide 2-12 OL-10410-01...
  • Page 47 Copy the current running-config file as the new startup-config file for the GSS by entering the following command: new.example.com(config)# copy running-config startup-config Cisco Global Site Selector Administration Guide 2-13 OL-10410-01...

  • Page 48: Saving The Startup-Config And Running-Config Files

    Copy the GSS device current running configuration to a named file located on the GSS by entering the following command: gss1.example.com# copy running-config newrunningconfig Cisco Global Site Selector Administration Guide 2-14 OL-10410-01...

  • Page 49: Loading The Startup-Config From An External File

    GSS running-config file, use the show running-config command. You can use this command with the show startup-config command to compare the configuration memory to the startup-config file used during the bootup process. Cisco Global Site Selector Administration Guide 2-15 OL-10410-01...
  • Page 50 2 destination-port 1020 max-failure-ttl 5 max-ttl 40 tcp-rttprobe sourceport static 10 terminal length 23 exec-timeout 150 logging disk enable logging disk priority Notifications(5) no logging host enable logging host priority Warnings(4) Cisco Global Site Selector Administration Guide 2-16 OL-10410-01...

  • Page 51: Displaying The Startup-Config File

    10.86.208.1 ip name-server 172.16.124.122 ssh enable no ssh keys no ssh protocol version 1 telnet enable ftp enable ftp-client enable all ntp enable snmp enable snmp community-string ntp-server 16.1.1.11 cnr enable Cisco Global Site Selector Administration Guide 2-17 OL-10410-01...

  • Page 52: Managing Gss Files

    You can view the contents of a GSS file and monitor functions such as transaction logging or system logging using the system.log file. Use the tail and type CLI commands to view the contents of a file in a GSS directory as follows: Cisco Global Site Selector Administration Guide 2-18 OL-10410-01...
  • Page 53 #=== WHEN WHAT_TABLE WHAT_ID # Start logging at Wed July 2 00:01:25 GMT 2003 #=== WHEN WHAT_TABLE WHAT_ID # Start logging at Thu July 3 14:42:40 GMT 2003 #=== WHEN WHAT_TABLE WHAT_ID Cisco Global Site Selector Administration Guide 2-19 OL-10410-01...

  • Page 54: Displaying Files In A Directory

    9127 Mar 14 21:23 props.cfg -rw-r--r-- 1 root root 63 Mar 14 21:23 runmode-comment -rw-r--r-- 1 root root 553 Mar 8 21:02 running.cfg drwxr-xr-x 4 root root 4096 Mar 8 18:34 squid Cisco Global Site Selector Administration Guide 2-20 OL-10410-01...

  • Page 55: Renaming Gss Files

    To view the files available in the current directory or subdirectory, use the dir, lls, ls, or pwd commands. See the “Displaying Files in a Directory” section for details. For example, to rename the current GSS startup-config file as newstartupconfig, enter: gssm1.example.com# rename startup-config newstartupconfig Cisco Global Site Selector Administration Guide 2-21 OL-10410-01...

  • Page 56: Securely Copying Files

    You may be prompted to log in to the remote device before you can navigate to the target directory. To securely copy files from a GSS device that you are logged in to, enter: gssm1.example.com# scp /tmp/system.log [email protected]:/dump/home Cisco Global Site Selector Administration Guide 2-22 OL-10410-01...

  • Page 57: Deleting Files

    • To display information for a particular user, enter: gssm1.example.com#show user paulr-admin Username permission -------- ---------- paulr-admin admin To display information for all users, enter: gssm1.example.com# show users Username permission -------- ---------- Cisco Global Site Selector Administration Guide 2-23 OL-10410-01...

  • Page 58: Specifying The Gss Inactivity Timeout

    0, the GSS sends all of its data to the screen at once without pausing to buffer the data. To restore the default terminal length of 23 lines, use the no form of this command. The syntax for this command is as follows: terminal-length number Cisco Global Site Selector Administration Guide 2-24 OL-10410-01...

  • Page 59: Modifying The Attributes Of The Security Certificate On The Gssm

    35 Modifying the Attributes of the Security Certificate on the GSSM You can customize the attributes of the security certificate issued by Cisco Systems and installed on the primary GSSM (as described in the “Logging Into the Primary GSSM Graphical User Interface”...
  • Page 60 64, except for Country Code, which has a maximum character limit of 2. gssm1.example.com(config)# certificate set-attributes Country code (2 chars) [US]: State [California]: MA City [San Jose]: Boston Organization [Cisco Systems, Inc.]: New Organization Organization Unit [ISBU]: e-Mail Address [[email protected]]: [email protected] Boston New Organization ISBU [email protected]...

  • Page 61: Stopping The Gss Software

    GSS software. You should also shut down the GSS software before you disable a GSS (see the “Disabling the GSS Software” section). To shut down the GSS software, enter: gssm1.example.com# shutdown Cisco Global Site Selector Administration Guide 2-27 OL-10410-01...

  • Page 62: Restarting The Gss Software

    Disabling the GSS Software Disabling a GSS device is necessary when you need to perform the following tasks: Switch the role of a GSS within a network • Change a GSS to a GSSM • Cisco Global Site Selector Administration Guide 2-28 OL-10410-01...

  • Page 63: Restoring Gss Factory-Default Settings

    To reenable the GSS device as a primary GSSM, standby GSSM, or a GSS, see the Cisco Global Site Selector Getting Started Guide. Restoring GSS Factory-Default Settings The restore-factory-defaults command erases your GSSM database and all of its data and resets all network settings, returning your GSS hardware to the same state it was in when it first arrived from the factory.

  • Page 64: Replacing Gss Devices In Your Gss Network

    “Replacing the Primary replacement? GSSM With an Available GSS” Configure an available GSS as the primary GSSM. Refer to “Replacing the Primary GSSM With an Available GSS” This section contains the following topics: Cisco Global Site Selector Administration Guide 2-30 OL-10410-01...

  • Page 65: Replacing The Primary Gssm In The Network

    “Performing a Full Primary GSSM Backup” section in Chapter 7, Backing Up, Restoring, and Downgrading the GSSM Database). Log in to the CLI of the standby GSSM and enable privileged EXEC mode. gssm2.example.com> enable gssm2.example.com# Cisco Global Site Selector Administration Guide 2-31 OL-10410-01...
  • Page 66 Configure basic network connectivity settings following the procedures outlined in the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. Specify the same hostname and IP address of the original primary GSSM. Cisco Global Site Selector Administration Guide...
  • Page 67 Database. Verify the existing global server load-balancing configuration settings (DNS rules and keepalives) and modify the settings as described in the Cisco Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version). You can now use the replacement primary GSSM in your GSS network.

  • Page 68: Activating Gss Devices From The Primary Gssm

    Managing the GSS from the CLI Replacing GSS Devices in Your GSS Network Reconfigure the global server load-balancing configuration settings on the new primary GSSM as described in the Cisco Global Site Selector Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version).

  • Page 69: Replacing The Primary Gssm With An Available Gss

    If this is a new GSS device, configure basic network connectivity settings following the procedures outlined in the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. Ensure that you specify the same hostname and IP address of the original primary GSSM.
  • Page 70 If you do not have a backup of the original primary GSSM database, do the following: Reconfigure the global server load-balancing configuration settings on the new primary GSSM as described in the Cisco Global Site Selector Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version).

  • Page 71: Replacing The Standby Gssm In The Network

    Stop the GSS software running on the GSS by entering the following command: gss3.example.com# gss stop Disable the GSS to remove the existing configuration and return the GSS device to an initial state by entering the following command: Cisco Global Site Selector Administration Guide 2-37 OL-10410-01...

  • Page 72: Deleting Gss Devices

    “Saving the startup-config and running-config Files” section). If no, reenter the platform configuration following the procedures outlined in • the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. Save your configuration changes to memory by entering the following command: gss3.example.com# copy running-config startup-config...

  • Page 73: Replacing A Gss In The Network

    If no, reenter the platform configuration following the procedures outlined in • the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. If this is an existing GSS device, delete it from your GSS network through the primary GSSM GUI.

  • Page 74: Changing The Gssm Role In The Gss Network

    You must configure and enable both a primary and a standby GSSM in your • GSS network. Do not attempt to switch GSSM roles until you configure and enable both a primary and a standby GSSM (see the Cisco Global Site Selector Getting Started Guide). Cisco Global Site Selector Administration Guide...

  • Page 75: Switching The Roles Of The Primary And Standby Gssm Devices

    Perform a full backup of your primary GSSM to preserve your current network and configuration settings (see the “Performing a Full Primary GSSM Backup” section in Chapter 7, Backing Up, Restoring, and Downgrading the GSSM Database). Cisco Global Site Selector Administration Guide 2-41 OL-10410-01...
  • Page 76 Exit privileged EXEC mode. The standby GSSM begins to function in its new role as the interim primary GSSM and is now fully functional. You may now access the GUI. Cisco Global Site Selector Administration Guide 2-42 OL-10410-01...

  • Page 77: Reversing The Roles Of The Interim Primary And Standby Gssm Devices

    When the original primary GSSM is available for use in the network, reverse the roles of the two GSSM devices back to the original GSS network deployment. If your original primary GSSM has been replaced by Cisco Systems, see the Note “Replacing the Primary GSSM with an Available GSS”...

  • Page 78: Displaying Gss System Configuration Information

    Displaying Memory Information • Displaying Boot Configuration • Displaying GSS Processes • Displaying System Uptime • Displaying Disk Information • Displaying UDI Data • Displaying System Status • Displaying GSS Services • Cisco Global Site Selector Administration Guide 2-44 OL-10410-01...

  • Page 79: Displaying Software Version Information

    To display general GSS software version information, enter: gssm1.example.com# show version Global Site Selector (GSS) Model Number: GSS-4492-K9 Copyright (c) 1999-2007 by Cisco Systems, Inc. Version 2.0 (1.0.0) Uptime: 4 Hours 0 Minutes and 19 seconds To display detailed GSS software version information, enter: gssm1.example.com# show version verbose...

  • Page 80: Displaying License Information

    To see which license files are installed, enter: gssm1.example.com# show license installed License modules are DDoS To obtain a complete listing of the license files, enter: gssm1.example.com# show license file-name list ddos_new.lic Cisco Global Site Selector Administration Guide 2-46 OL-10410-01...

  • Page 81: Displaying Memory Information

    Displaying GSS System Configuration Information To obtain specific license file details, enter: gssm1.example.com# show license file-name ddos_new.lic FEATURE ddos cisco 1 permanent uncounted HOSTID=ANY \ NOTICE=”ddos_new.lic0 \ 1XIOS2C84AB” SIGN=CFF95D462F42 To obtain a complete picture of the licenses installed in the GSS network from the primary GSS, enter: gssm1.example.com# show license gss-all...

  • Page 82: Displaying Boot Configuration

    Boot Device Physical device used to boot the GSS software. Timeout Length of time that the Linux boot manager, LILO (Linux Loader) waits to receive an input before automatically booting the GSS device. Cisco Global Site Selector Administration Guide 2-48 OL-10410-01...

  • Page 83: Displaying Gss Processes

    Name of the GSS subsystem, per operating system process. Process identifier. Percentage of memory used by the process. CPUTIME Amount of CPU time used since the start of the process. START Date or time when the process started. Cisco Global Site Selector Administration Guide 2-49 OL-10410-01...

  • Page 84: Displaying System Uptime

    You can display GSS Unique Device Identifier (UDI) data by using the show inventory command. gssm1.example.com# show inventory NAME: Chassis, DESCR: Global Site Selector 4492 PID: GSS-4491-K9 , VID: V01, SN: QTFNZD606000011 Cisco Global Site Selector Administration Guide 2-50 OL-10410-01...

  • Page 85: Displaying System Status

    The equivalent command to show GSS system status is gss status. Note gssm1.example.com# show system-status Cisco GSS - 1.3(1) GSS Manager - primary [Wed Feb 15 16 16:37:37 UTC 2006] Normal Operation [runmode = 5] START...

  • Page 86: Displaying Gss Services

    You can display the current state of the GSS services, such as FTP, NTP, SSH, TACACS+, Telnet, and SNMP by using the show services command. gssm1.example.com(config)# show services START SERVICE Jul23 Jul23 11:08 Snmp 14:47 Jul23 Syslog Jul23 Tacacs Stats Jul23 Telnet Cisco Global Site Selector Administration Guide 2-52 OL-10410-01...

  • Page 87: Creating And Managing User Accounts

    Note The primary GSSM separately maintains the user accounts and passwords created to log in to the CLI of the device from those accounts and passwords created to log in to the GUI. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 88: Chapter 3 Creating And Managing User Account

    Enter an unquoted text string with no spaces and a maximum length of eight characters. privilege—Sets the user privilege level. To create an administrative account, • specify admin. To create a user account, select user. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 89: Modifying A Gss User Account

    You can delete an existing user account for accessing the GSS from the CLI by entering the username command. The GSS restricts you from deleting the “admin” account. For example, enter: gss1.example.com#(config) username user_1 delete User user_1 removed Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 90: Creating And Managing Primary Gssm Gui User Accounts

    Creating a GUI User Account • Modifying a GUI User Account • Removing a GUI User Account • Changing the User Account GUI Password • • Creating and Modifying User Views for the Primary GSSM GUI Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 91: Privilege Levels For Using The Primary Gssm Gui

    Observer—No configuration privileges in the primary GSSM GUI, but the • observer can monitor global server load-balancing statistics. Table 3-1 outlines the supported primary GSSM GUI functionality and accessibility for the three user roles. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 92 DNS Rules List and Show All DNS Rules icons on the DNS Rules list page. Restricted from the – DNS Rule Builder and DNS Rules Wizard icons and pages on the DNS Rules list page. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 93 Tools tab—Access to only • the Change Password navigation link and detail page. • Traffic Mgmt tab— Access to all navigation links, list pages, and detail pages. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 94 (configuration and statistics) visible on a primary GSSM GUI page using configured answers, shared keepalives, locations, and owners. See the “Creating and Modifying User Views for the Primary GSSM GUI” section for details. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 95: Creating A Gui User Account

    Click the User Administration navigation link. The Users list page appears (see Figure 3-1). Figure 3-1 Users List Page Click the Create User icon. The Creating New User details page appears (see Figure 3-2). Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 96 Operator—Limited configuration privileges in the primary GSSM GUI, – but the operator can view list pages, view detail pages, and monitor statistics. Observer—No configuration privileges in the primary GSSM GUI, but – the observer can monitor statistics. Cisco Global Site Selector Administration Guide 3-10 OL-10410-01...
  • Page 97 GSSM. (Optional) Fill in the rest of the user contact information: Job Title—Position within the organization – Department—Business unit or group – – Phone—Business telephone number Cisco Global Site Selector Administration Guide 3-11 OL-10410-01...

  • Page 98: Modifying A Gui User Account

    The Modifying User details page appears (see Figure 3-2), displaying that user’s account information. Click the Delete icon. The software prompts you to confirm your decision to permanently remove the user. You cannot delete the “admin” account. Cisco Global Site Selector Administration Guide 3-12 OL-10410-01...

  • Page 99: Changing The User Account Gui Password

    To change your account password from the primary GSSM GUI, perform the following steps: Click the Tools tab. Click the Change Password navigation link. The Change Password details page (see Figure 3-3) appears displaying your account name in the Username field. Cisco Global Site Selector Administration Guide 3-13 OL-10410-01...
  • Page 100 In the Re-type New Password field, enter the new password string a second time. This action is used to verify that you have entered your password correctly. Click Submit to update your login password. Cisco Global Site Selector Administration Guide 3-14 OL-10410-01...

  • Page 101: Creating And Modifying User Views For The Primary Gssm Gui

    The user is restricted from viewing any additional configured answers, shared keepalives, locations, and owners that might exist in the primary GSSM GUI. Cisco Global Site Selector Administration Guide 3-15 OL-10410-01...
  • Page 102 To create a GUI user view, perform the following steps: From the primary GSSM GUI, click the Tools tab. Click the Views navigation link. The User Views list page appears (see Figure 3-4). Cisco Global Site Selector Administration Guide 3-16 OL-10410-01...
  • Page 103 Creating and Managing Primary GSSM GUI User Accounts Figure 3-4 User Views List Page Click the Create User Views icon. The Creating New User View—General Configuration details page appears (see Figure 3-5). Cisco Global Site Selector Administration Guide 3-17 OL-10410-01...
  • Page 104 If the list of answers on your GSS network spans more than one page, select the answers from only the first page of answers, and then click Add Selected before proceeding to another page of answers. Cisco Global Site Selector Administration Guide 3-18 OL-10410-01...
  • Page 105 If the list of shared keepalives on your GSS network spans more than one page, select the shared keepalives from only the first page of keepalives, and then click Add Selected before proceeding to another page of shared keepalives. Cisco Global Site Selector Administration Guide 3-19 OL-10410-01...
  • Page 106 Add Selected, before proceeding to another page of locations. Note The primary GSSM GUI supports a maximum of 200 locations in a custom user view. Cisco Global Site Selector Administration Guide 3-20 OL-10410-01...
  • Page 107 Add Selected before proceeding to another page of owners. The primary GSSM GUI supports a maximum of 500 owners in a custom Note user view. Cisco Global Site Selector Administration Guide 3-21 OL-10410-01...
  • Page 108 Figure 3-10 illustrates the Remove Answers details page. Click the check boxes that correspond to the items that you want to remove from the custom user view, and then click Remove Selected. Cisco Global Site Selector Administration Guide 3-22 OL-10410-01...
  • Page 109 Creating New User View - General Configuration details page (see Figure 3-11). The selected items assigned to this view appear in the Current Owners, Current Locations, Current Answers, or Current KeepAlives section of the page. Cisco Global Site Selector Administration Guide 3-23 OL-10410-01...
  • Page 110 The Modify User View details page appears. In the General Configuration details page (General Configuration navigation link), use the fields provided to modify the name or comments for the user view. Cisco Global Site Selector Administration Guide 3-24 OL-10410-01...
  • Page 111 Click the Delete icon in the upper right corner of the page. The GSS software prompts you to confirm your decision to delete the user view. Click OK to return to the User Views list page with the user view removed. Cisco Global Site Selector Administration Guide 3-25 OL-10410-01...

  • Page 112: Modifying The Administrator Account Passwords

    To reset the administrator CLI account password, perform the following steps: Attach an ASCII terminal to the Console port on the GSS device. See the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your GSS series hardware.

  • Page 113: Changing The Administrator Cli Password

    GSS CLI. • Specify the password that you want to change. Enter an unquoted text string with no spaces and a maximum length of eight characters. Cisco Global Site Selector Administration Guide 3-27 OL-10410-01...

  • Page 114: Restoring Or Changing The Administrator Gui Password

    GSSM GUI. Enter an unquoted text string of 6 to 16 characters with no spaces. For example, to change the change the administrator password to mynewpassword, enter: gssm1.example.com# reset-gui-admin-password password mynewpassword Cisco Global Site Selector Administration Guide 3-28 OL-10410-01...

  • Page 115: Chapter 4 Managing Gss User Accounts Through A Tacacs+ Server

    Specifying the TACACS+ Server Timeout on the GSS • Specifying TACACS+ Authentication of the GSS • Specifying TACACS+ Authorization of the GSS • Specifying TACACS+ Accounting on the GSS • • Showing TACACS+ Statistics on the GSS Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 116: Tacacs+ Overview

    (AAA) facilities between a GSS and the TACACS+ server. TACACS+ allows for multiple access control servers (the TACACS+ security daemon) to provide the AAA services. The Cisco Secure Access Control Server (ACS) is an example of an AAA access control server.
  • Page 117 TACACS+ timeout period to designate how long the GSS waits for a response to a connection attempt from a TACACS+ server. The timeout value applies to all defined TACACS+ servers. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 118: Tacacs+ Configuration Quick Start

    Table 4-1 TACACS+ Configuration Quick Start Task and Command Example Configure the authentication, authorization, and accounting service settings on the TACACS+ server, such as the Cisco Secure Access Control Server (ACS). Enable global configuration mode on the GSS device. gssm1.example.com# config gssm1.example.com(config)#...

  • Page 119: Configuring A Tacacs+ Server For Use With The Gss

    Configuring a TACACS+ Server for Use with the GSS This section describes how to set up a TACACS+ server, such as the Cisco Secure Access Control Server (ACS). It is intended as a guide to help ensure proper communication with a TACACS+ server and a GSS operating as a TACACS+ client.
  • Page 120 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the GSS Figure 4-2 Add AAA Client Page of Cisco Secure ACS Configure the following selections: • AAA Client Hostname—Enter the name that you want assigned to the GSS.

  • Page 121: Configuring Authorization Settings On The Tacacs+ Server

    Key—Enter the shared secret that the GSS and Cisco Secure ACS use to • authenticate transactions. For correct operation, you must specify the identical shared secret on both the Cisco Secure ACS and the GSS. The key is case-sensitive. Authenticate Using—Select TACACS+ (Cisco IOS).
  • Page 122 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the GSS To define CLI command privileges for the GSS from the Cisco Secure ACS, perform the following steps: Access the Group Setup section of the Cisco Secure ACS interface, then access the Group Setup page.
  • Page 123 Arguments are case sensitive and must match the text exactly that the GSS sends to the Cisco Secure ACS. For each argument of the Cisco IOS command, specify whether the argument is to be permitted or denied. These should be entered in the format permit argument or deny argument.
  • Page 124 To permit all CLI commands except for the gss tech-report command (see • Figure 4-5), do the following: Click the Permit option under Per Group Command Authorization. Enter gss in the Command text box. Cisco Global Site Selector Administration Guide 4-10 OL-10410-01...
  • Page 125 Configuring a TACACS+ Server for Use with the GSS Enter deny tech-report in the Arguments text box. Click the Permit option under Unlisted arguments. Figure 4-5 Command Privileges Example—Permit All CLI Commands Except Specified Command Cisco Global Site Selector Administration Guide 4-11 OL-10410-01...

  • Page 126: Configuring Primary Gssm Gui Privilege Level Authorization From The Tacacs+ Server

    Configuring Primary GSSM GUI Privilege Level Authorization from the TACACS+ Server You can configure the Cisco Secure ACS TACACS+ server to define the privilege level (role) of a user when accessing the primary GSSM GUI. The primary GSSM GUI learns the user’s associated privilege level when communicating with the TACACS+ server.
  • Page 127 Cisco Secure ACS, perform the following steps: If this is your first time enabling per-user CLI command authorization, access the Interface Configuration section of the Cisco Secure ACS interface and configure the following selections: Access the TACACS+ (IOS) page. Click the Shell (exec) checkbox under...
  • Page 128 Figure 4-7 Interface Configuration Page—Advanced Options Page Access the User Setup section of the Cisco Secure ACS interface and choose the name of a user to which you want to assign a primary GSSM GUI privilege level. The Edit page appears.
  • Page 129 Check the Per User Command Authorization checkbox. Check the Command check box and type GuiEnable in the Command text box (see Figure 4-8). Figure 4-8 Assigning Operator-Level Privileges to a User from Cisco Secure Cisco Global Site Selector Administration Guide 4-15 OL-10410-01...

  • Page 130: Enabling Custom User Gui Views When Authenticating A User From The Tacacs+ Server

    See the “Custom User View Overview” section in Chapter 3, Creating and Managing User Accounts, for background on custom user views in the primary GSSM GUI. Cisco Global Site Selector Administration Guide 4-16 OL-10410-01...

  • Page 131: Configuring Accounting Settings On The Tacacs+ Server

    GSSM GUI in the event that TACACS+ authentication fails for a GUI connection. Configuring Accounting Settings on the TACACS+ Server To configure the accounting service for the Cisco Secure ACS, perform the following steps: In the System Configuration section of the Cisco Secure ACS interface, the Logging Configuration page, click CSV TACACS+ Accounting.
  • Page 132 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the GSS Figure 4-9 CSV TACACS+ Accounting File Logging Page of Cisco Secure ACS Click the Log to CSV TACACS+ Accounting report check box. Under elect Columns To Log, in the Attributes column, click the attribute that you want to log.

  • Page 133: Identifying The Tacacs+ Server Host On The Gss

    You can designate a maximum of three servers on the GSS. However, the GSS uses only one server at a time. For recommended guidelines on setting up a TACACS+ server (the Cisco Secure ACS in this example), see the “Configuring a TACACS+ Server for Use with the GSS”...
  • Page 134 GSS and the TACACS+ server, define an encryption key. If you do not define an encryption key, the GSS transmits packets to the TACACS+ server in clear text. The range for the encryption key is 1 to 100 alphanumeric characters. Cisco Global Site Selector Administration Guide 4-20 OL-10410-01...
  • Page 135 You can change or remove the encryption key without deleting the TACACS+ server. For example, to remove the key SECRET-123 without removing the TACACS+ server, enter: gss1.example.com(config)# no tacacs-server host 192.168.1.101 key SECRET-123 Cisco Global Site Selector Administration Guide 4-21 OL-10410-01...

  • Page 136: Disabling Tacacs+ Server Keepalives On The Gss

    To disable the use of TCP keepalives with the active TACACS+ server, enter: gss1.example.com(config)# no tacacs-server keepalive-enable To reenable the use of TCP keepalives with the active TACACS+ server, enter: gss1.example.com(config)# tacacs-server keepalive-enable Cisco Global Site Selector Administration Guide 4-22 OL-10410-01...

  • Page 137: Specifying The Tacacs+ Server Timeout On The Gss

    You must enable remote access on the GSS device (SSH, Telnet, or FTP) before Note you enable TACACS+ authentication for the specific GSS access method. See the Cisco Global Site Selector Getting Started Guide for details. Cisco Global Site Selector Administration Guide 4-23...

  • Page 138: Specifying Tacacs+ Authorization Of The Gss

    EXEC mode commands issued on the GSS. The command authorizes all attempts to enter user-level and privileged-level EXEC mode commands, including global configuration and interface configuration commands. Cisco Global Site Selector Administration Guide 4-24 OL-10410-01...

  • Page 139: Specifying Tacacs+ Accounting On The Gss

    CLI command, the accessed primary GSSM GUI page and the performed action, and the time of execution. The Cisco Secure ACS records its logs in comma-separated value (CSV) text files. You can import CSV log files into many popular spreadsheet applications.

  • Page 140: Showing Tacacs+ Statistics On The Gss

    You must enable logging for accounting reports on the TACACS+ server and that you select the attributes that you want to log. For general guidelines on the recommended setup of a TACACS+ server for accounting (the Cisco Secure ACS in this example), see the “Configuring Accounting Settings on the TACACS+...
  • Page 141 GSS, the GSS increments the Authentication Pass counter. If the GSS permits a user to access a specific CLI command through authorization, the GSS increments the Authorization Pass counter. Cisco Global Site Selector Administration Guide 4-27 OL-10410-01...

  • Page 142: Clearing Tacacs+ Statistics On The Gss

    Attach an ASCII terminal to the console port on the GSS device. See the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your Cisco Global Site Selector series hardware. Press the power control button on the GSS to power cycle the device and perform a restart.
  • Page 143 Save your configuration changes to memory. gssm1.example.com# copy running-config startup-config If you fail to save your configuration changes, the GSS device reverts to its previous settings (including the previous TACACS+ configuration) upon a reboot. Cisco Global Site Selector Administration Guide 4-29 OL-10410-01...
  • Page 144 Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Disabling TACACS+ on a GSS Cisco Global Site Selector Administration Guide 4-30 OL-10410-01...

  • Page 145: Chapter 5 Configuring Access Lists And Filtering Gss Traffic

    • Adding Rules to an Access List • Removing Rules from an Access List • Segmenting GSS Traffic by Ethernet Interface • Segmenting GSS Traffic by Ethernet Interface • Displaying Access Lists • Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 146: Access List Overview

    GSS. Outbound traffic is not affected by access lists. However, the return inbound Note traffic must be explicitly permitted because GSS access lists are not stateful. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 147 CRA keepalives 1974 1974 Director Response Protocol (DRP) protocol traffic 2000 Inter-GSS periodic status reporting 2001–2005 Inter-GSS communication 2001–2005 Return traffic of inter-GSS communication 3002–3008 Inter-GSS communication 3002–3008 Return traffic of inter-GSS communication Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 148: Creating An Access List

    —Prevents a connection when a packet matches the condition. All • provisions of the condition must be met to make a match. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 149 The following example shows a completed access list (alist1): gss1.example.com(config)# show access-list access-list: alist1 access-list alist1 permit tcp any destination-port range 20 23 access-list alist1 permit tcp any eq 20 access-list alist1 permit tcp any eq 21 Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 150 0.0.0.0/0 0.0.0.0/0 tcp spts:3002:3008 ACCEPT 0.0.0.0/0 0.0.0.0/0 udp dpt:5002 ACCEPT 0.0.0.0/0 0.0.0.0/0 udp spt:1974 dpt:1974 ACCEPT 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 ACCEPT 0.0.0.0/0 0.0.0.0/0 tcp spt:5001 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 DROP 0.0.0.0/0 0.0.0.0/0 Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 151: Associating An Access List With A Gss Interface

    For example, to associate the access list named alist1 with the first interface on your GSS device, enter the following: gss1.example.com# config gss1.example.com(config)# access-group alist1 interface eth0 Use the access-group command for each access list that you want to associate with the interface. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 152: Disassociating An Access List From A Gss Interface

    Use the show access-list command to verify that the rule is added to your access list. gss1.example.com(config)# show access-list access-list:alist1 access-list alist1 permit tcp any destination-port eq 443 access-list alist1 deny tcp host 192.168.1.101 Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 153: Removing Rules From An Access List

    To reconfigure which interface is used for inter-GSS communications on the GSS network, use the gss-communications command. See the Cisco Global Site Selector Getting Started Guide for details. For security reasons you can limit GSS traffic to one Ethernet interface, or segment traffic by constraining a certain type of traffic on a designated interface.

  • Page 154: Displaying Access Lists

    53 access-list alist1 permit udp any eq 123 destination-port eq 123 access-list alist1 permit udp any destination-port eq 161 access-list alist1 permit tcp any destination-port eq 443 Cisco Global Site Selector Administration Guide 5-10 OL-10410-01...
  • Page 155 DROP 0.0.0.0/0 0.0.0.0/0 Use the show access-group command to display a list of the access lists associated with GSS interfaces Ethernet 0 and Ethernet 1. gss1.example.com(config)#show access-group access group alist1 interface eth0 Cisco Global Site Selector Administration Guide 5-11 OL-10410-01...

  • Page 156: Deploying Gss Devices Behind Firewalls

    In addition, use the access-list and access-group commands to enable authorized GSS traffic to the specified ports. By default, the GSS interface blocks all ports not explicitly permitted in your access list once you associate the access list with an Ethernet interface. Cisco Global Site Selector Administration Guide 5-12 OL-10410-01...
  • Page 157 Return traffic of DRP protocol traffic 2000 Inter-GSS periodic status reporting 2001–2005 Inter-GSS communication 2001-2005 Return traffic of inter-GSS communication 3002–3008 Inter-GSS communication 3002-3008 Return traffic of inter-GSS communication 5001 Global sticky mesh protocol traffic Cisco Global Site Selector Administration Guide 5-13 OL-10410-01...
  • Page 158 Traffic of FTP, SCP, and Telnet GSS CLI commands UDP, TCP Return traffic of GSS DNS server traffic GSS software reverse lookup, “dnslookup” queries, and name server forwarding 80 or user- TCP and HTTP keepalives configured Cisco Global Site Selector Administration Guide 5-14 OL-10410-01...
  • Page 159 3341 Sticky communication source 3342 Sticky and DNS processes communication 5001 Global sticky mesh protocol traffic 5001 Return traffic of global sticky mesh protocol traffic 5002 KAL-AP keepalives *Any legal port number Cisco Global Site Selector Administration Guide 5-15 OL-10410-01...

  • Page 160: Configuring Gss Devices Behind A Firewall

    GSS-related ports and protocols to enable for the GSS device to function properly. Construct your access lists to filter traffic incoming and outgoing from your GSS device. See the “Creating an Access List” section for details. Cisco Global Site Selector Administration Guide 5-16 OL-10410-01...

  • Page 161: Configuring Snmp

    SNMP includes a protocol, a database-structure specification, and a set of management data objects. SNMP implementations typically consist of a management application running on one or more network management systems (NMSs), and agent applications, usually executing in firmware on various network devices. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 162: Chapter 6 Configuring Snmp

    To configure SNMP for a GSS device, perform the following steps: Log in to the CLI and enable privileged EXEC mode. gss1.example.com> enable gss1.example.com# Access global configuration mode. gss1.example.com# config gss1.example.com(config)# Enable the SNMP agent by using the following command. gss1.example.com(config)# snmp enable Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 163 Enter new Contact Info: Joe Smith [email protected] gss-pilot1.cisco.com(config)# Using the v2.0 CLI, configure a contact for this GSS device with the snmp-server contact command. Enter an unquoted text string with a maximum of 255 characters without any spaces.

  • Page 164: Configuring Snmp Servers

    Disable the SNMP server or any of the parameters outlined here by using the no form of the snmp-server command. For example, to disable the SNMP location for the GSS, enter: gss1.example.com(config)# no snmp-server community MyCommunity Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 165: Configuring Snmp Server Notifications

    Disable SNMP server notifications by using the no form of the snmp-server enable-traps command. For example, to disable SNMP GSLB keepalive notification, enter: gss1.example.com(config)# no snmp-server enable-traps gslb kal Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 166: Configuring Snmp Server Trap Limits

    10 Set the default trap rate by using the no form of the snmp-server trap-limit command as follows: gss1.example.com(config)# no snmp-server trap-limit answer-trap Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 167: Specifying Recipients For Snmp Notification Operations

    Specify the version of the SNMP protocol used to send the traps by entering the version command and one of the available keywords: 1—Specifies SNMPv1 (the default). • 2—Specifies SNMPv2c. • gss1.example.com(config)# snmp-server host 10.1.1.1 MyCommunity traps version 2 Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 168: Viewing Snmp Status

    0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 169: Viewing Mib Files On The Gss

    4015 Jul 18 08:45 IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt -rw-r--r-- 1 root root 4299 Jul 18 08:45 IANA-LANGUAGE-MIB.txt -rw-r--r-- 1 root root 15661 Jul 18 08:45 IANAifType-MIB.txt -rw-r--r-- 1 root root 5066 Jul 18 08:45 IF-INVERTED-STACK-MIB.txt Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 170 2928 Jul 18 08:45 UCD-DLMOD-MIB.txt -rw-r--r-- 1 root root 8037 Jul 18 08:45 UCD-IPFWACC-MIB.txt -rw-r--r-- 1 root root 30343 Jul 18 08:45 UCD-SNMP-MIB.txt -rw-r--r-- 1 root root 4076 Jul 18 08:45 UDP-MIB.txt Cisco Global Site Selector Administration Guide 6-10 OL-10410-01...

  • Page 171: Chapter 7 Backing Up, Restoring, And Downgrading The Gssm Database

    GSSs and GSSMs and restore the software if you encounter problems with a GSS software upgrade. It contains the following major sections: Backing Up the Primary GSSM • Restoring a Primary GSSM Backup • Downgrading Your GSS Devices • Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 172: Backing Up The Primary Gssm

    Whenever you execute a backup on your primary GSSM, the GSS software automatically creates a tar archive (“tarball”) of the necessary files. A tar archive is a group of files collected together as a single file. This file has the .full extension. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 173: Performing A Full Primary Gssm Backup

    Create a full backup of your primary GSSM by using the gssm backup full command. The gssm backup full command performs a backup of both the database component of the GSSM and its network and device configuration information. Supply a filename for your backup. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 174: Restoring A Primary Gssm Backup

    The GSS database may change between software versions. When you downgrade to an earlier version of the GSSM database, any configuration changes, device configuration information, and DNS rules entered through the primary GSSM (subsequent to your last software upgrade) will be lost. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 175: Restoring Your Primary Gssm From A Previous Backup

    GSSM has stopped. atcr1.cisco.com# gss stop atcr1.cisco.com# gss status Cisco GSS - 1.3(1.0.0) - [Wed Feb 15 11:33:47 UTC 2006] gss is not running. After the GSSM software stops, restore the GSSM from the backup file by using the gssm restore command.
  • Page 176 If you type y to restore the GSS network information and your configuration includes a standby GSSM, you must reenable the standby GSSM and then reregister it with the primary GSSM. See the Cisco Global Site Selector Getting Started Guide for details.
  • Page 177 GSSM GUI, each GSS location is set to Unspecified. If necessary, reestablish the association between a GSS device and location on the Modifying GSS details page as described in the Cisco Global Site Selector Administration Guide. For a DNS sticky configuration, all favored peer associations established •...

  • Page 178: Downgrading Your Gss Devices

    GSS software in your possession is Release 1.1, and your earliest GSSM database backup is for Release 1.1, do not downgrade to a release of GSS software earlier than Release 1.1. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 179 After you downgrade the software on your primary GSSM,see the “Restoring Your Primary GSSM from a Previous Backup” section. Restore the GSSM database backup that was previously saved from the downgraded GSS software release. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 180 Chapter 7 Backing Up, Restoring, and Downgrading the GSSM Database Downgrading Your GSS Devices Cisco Global Site Selector Administration Guide 7-10 OL-10410-01...
  • Page 181 The logging level designates the GSS log emergency, alert, critical, error, and warning messages for the subsystem. The GSS also logs notification, informational, and debugging messages. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 182 GSS has lost contact with the primary GSSM but a local configuration snapshot exists. Notifications The GSS encountered a nonerror condition that should be brought to the administrator’s attention. For example, a GSS software upgrade is required. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 183 Director Response Protocol (DRP) agent logging messages drpagent keepalive Keepalive Engine logging messages Node manager logging messages nodemgr proximity Proximity logging messages sticky Sticky manager logging message System logging messages system tacacs TACACS+ logging messages Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 184 Log Files from the CLI” section). This section contains the following topics: Specifying a Log File on the GSS Disk • Specifying a Host for a Log File Destination • Specifying a Syslog Facility • Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 185 • select a subsystem: boomerang—Boomerang logging messages – – crdirector—CrDirector logging messages crm—GSSM logging messages – ddos—Distributed Denial of Service (DDos) prevention module logging – messages dnsserver—Domain Name System (DNS) logging messages – Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 186 The keywords and arguments are as follows: enable—Enables logging to host. • ip—Sets the remote host (or hosts) that are to receive the GSS log files. • ip_address—Address (or addresses) of the remote logging hosts. • Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 187 – For example, to enable logging to a remote host and to set the priority level for notifications, enter: gssm1.example.com(config)# logging host enable gssm1.example.com(config)# logging host ip 172.16.2.3 Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 188 The GSS supports the following types: auth—Authorization system • daemon—System daemon • • kernal—Kernel local0—Reserved for locally defined messages • • local1—Reserved for locally defined messages local2—Reserved for locally defined messages • local3—Reserved for locally defined messages • Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 189 This section contains the following topics: Viewing the gss.log File from the CLI • Viewing System Message Logging • Viewing Subsystem Log Files from the CLI • Rotating Existing Log Files from the CLI • Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 190 To show all logged information, enter: gssm1.example.com# show logs gss.log Jul 14 21:42:01 gss-css2 KAL-7-KALAP[1240] KAL-AP (seq# 29410)=> Host 192.10.2.1 Jul 14 21:42:02 gss-css2 KAL-7-KALAP[1240] KAL-AP (seq# 29412)=> Host 192.10.4.1 Cisco Global Site Selector Administration Guide 8-10 OL-10410-01...
  • Page 191 The type command lists all logged subsystem information in your terminal Note session. This output may be quite large and may exceed the buffer size set for the terminal. If you want to capture all logged information, use the terminal-length Cisco Global Site Selector Administration Guide 8-11 OL-10410-01...
  • Page 192 GSS, thus completely filling the available GSS disk space. Correct this problem by using the rotate-logs CLI command to replace the log files and resume logging. The syntax for this command is as follows: rotate-logs {delete-rotated-logs} Cisco Global Site Selector Administration Guide 8-12 OL-10410-01...
  • Page 193 “Viewing System Message Logging” section. This section contains the following topics: Viewing System Logs from the Primary GSSM GUI • Purging System Log Messages from the GUI • Common System Log Messages • Cisco Global Site Selector Administration Guide 8-13 OL-10410-01...
  • Page 194 GSS device. Node type—Type of GSS node (GSS or GSSM) on which the logged event • occurred. Node name—Name assigned to the GSS device using the primary GSSM. • Cisco Global Site Selector Administration Guide 8-14 OL-10410-01...

  • Page 195: Purging System Log Messages From The Gui

    – components. Debug—Detailed information about the internal operations of the GSS or – one of its components. Debug log messages are intended for use by Cisco support engineers to troubleshoot a problem. • Description—Text description that explains the event. Message—Information about any relevant conditions encountered while the •...

  • Page 196: Common System Log Messages

    GSS system messages that can appear on the System Log list page. Messages appear alphabetically with a brief description. If you require more detailed information about a specific system message, contact a Cisco technical support representative. Cisco Global Site Selector Administration Guide...
  • Page 197 Server Started the CLI. An error occurred on the standby GSSM Standby GSSM database error embedded database. The GSS has started the process of Started store invalidation marking internally inconsistent database records. Cisco Global Site Selector Administration Guide 8-17 OL-10410-01...
  • Page 198 The GSS syslog host messages support the correct CiscoWorks RME Syslog Note Analyzer message format; however, these messages do not support the Syslog Analyzer MIBs. In addition, not all severity 7 debug messages are compliant with the syslog host message format. Cisco Global Site Selector Administration Guide 8-18 OL-10410-01...
  • Page 199 Code that uniquely identifies the error message (for MNEMONIC example, TCPTRANS GUIEXCEPTION KALPING Text string describing the condition (for example, Message-text KAL_RSP_OK [192.168.100.1] numSuccessfulProbes:2 Detected Ssh is stopped but should be started Cisco Global Site Selector Administration Guide 8-19 OL-10410-01...
  • Page 200 Chapter 8 Viewing Log Files Viewing GSS System Logs Using CiscoWorks RME Syslog Analyzer Cisco Global Site Selector Administration Guide 8-20 OL-10410-01...

  • Page 201: Monitoring Gss Operation

    GSS global server load-balancing operation: Boomerang (CRAs), DNS, DNS sticky, network proximity, and keepalives. See the Cisco Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version) for details about displaying statistics using the show statistics command.

  • Page 202: Monitoring Gss And Gssm Status

    Display the current running status of the GSS device by using the following command: gssm1.example.com# gss status Cisco GSS - 1.3(1) GSS [Wed Feb 15 21:09:09 UTC 2006] Registered to primary GSSM: 10.86.209.167 Normal Operation [runmode = 5] START...
  • Page 203 Include statistics about the CPU utilization when displaying information on the current GSS operating state by entering the following command: gssm1.example.com# gss status verbose Cisco GSS - 1.3(1) GSS [Wed Feb 31 21:09:09 UTC 2006] Registered to primary GSSM: 10.86.209.167 Normal Operation [runmode = 5]...

  • Page 204: Monitoring The Gss Device System Status From The Cli

    Display the current running status of the GSS device by entering the following command: gssm1.example.com# show system-status Cisco GSS - 1.3(1) GSS Manager - primary [Wed Feb 15 16:37:37 UTC 2006] Normal Operation [runmode = 5] START SERVER...

  • Page 205: Monitoring Gssm Database Status

    Log in to the CLI of the primary GSSM and enable privileged EXEC mode. gssm1.example.com> enable gssm1.example.com# Display the operating status of the GSSM database by entering the following command: Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 206: Validating Database Records

    GSSM database validation report written to validation.log. View the contents of your validation report by entering the following command: gss1.example.com# type validation.log validation.log Start logging at Wed Feb 15 19:17:21 GMT+00:00 2006 Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 207 Validating RoutedDomain Validating RoutingConfig Validating RrConfig Validating RrStatus Validating SNodeConfig Validating SourceAddressElement Validating SourceAddressGroup Validating SpInfo Validating SystemConfig Validating UpdateInfo Validating UserConfig Validating VirtualCDN Validating WlpanswerElement Validating User Validations End of file validation.log Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 208: Viewing The Gss Operating Configuration For Technical Support

    [config | core-files]—Displays a report on the current • operating configuration of your GSS device that can be used by a Cisco TAC representative in troubleshooting problems on your GSS network. The config option exports the output of all configured fields from the primary GSSM GUI.
  • Page 209 Global Site Selector: icarus.cisco.com Status: Online Node Services: GSS IP Address: 192.168.209.221 Location: Region: DNS Rules: Rule1: Name: ECommerce Source Address List: Anywhere Domain List: ECommerce Owner: ECommerce-Database Status: Active Match DNS Query Type: A record Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 210 Answer Group 1: Database-Services Balance Method 1: Hashed Balance Clause Options 1: DNS TTL: 20; Return Record Count: 1; Answer Group 2: Balance Method 2: Balance Clause Options 2: Answer Group 3: Balance Method 3: Cisco Global Site Selector Administration Guide 9-10 OL-10410-01...

  • Page 211: Appendix

    This appendix describes how to upgrade the GSS software to a new software version. To upgrade the software, you must do the following: Have access to the GSS download area of the Cisco software download site • and to Cisco.com.

  • Page 212: Verifying The Gssm Role In The Gss Network

    The next step is to ensure that you have a full (and current) backup of the primary GSSM database and that you archive this backup. Proceed to the “Backing up and Archiving the Primary GSSM” section. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 213: Backing Up And Archiving The Primary Gssm

    Download the software update files to a server within your own organization • that is accessible using FTP or SCP from your GSSs and GSSMs. You must have a Cisco.com username and password to download a software update from Cisco.com. To acquire a Cisco.com login, go to http://www.cisco.com and click the Register link.
  • Page 214 Cisco.com username and password. The Cisco GSS Software download page appears, listing the available software upgrades for the GSS software product. If you do not have a shortcut to the Cisco Global Site Selector download page: Log in to Cisco.com using your designated Cisco.com username and password.

  • Page 215: Upgrading Your Gss Devices

    To have the GSS/CNR device process the NON A records for the – authoritative domain, you must configure all the NON A records on the CNR that were earlier processed by the external name service using NS forwarding. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 216 For example, to copy an upgrade file named gss.upg from a remote host, your FTP session may appear as follows: gssm1.example.com> ftp host.example.com Connected to host.example.com. 220 host.example.com FTP server (Version wu-2.6.1-0.6x.21) ready. Name (host.example.com:root): admin Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 217 Note current configuration? [y/n]: prompt appears. At the prompt, type y to continue. The GSS then reboots. After the GSS device reboots, log in to the GSS device and enable privileged EXEC mode. Cisco Global Site Selector Administration Guide OL-10410-01...
  • Page 218 5 by entering the gss status command. Enter configuration mode and enable CNR if the GSS has CNR loaded on it. gssm1.example.com# config gssm1.example.com (config)# cnr enable Repeat the entire procedure for the remaining GSS devices in your network. Cisco Global Site Selector Administration Guide OL-10410-01...

  • Page 219: I N D E X

    2-25 viewing modifying 2-25 activating GSS devices trusting adding rules to access lists changing GSSM roles in GSS network 2-40 administration password changing 3-27, 3-28 GSS device monitoring 8-2, 8-4 Cisco Global Site Selector Administration Guide IN-1 OL-10410-01...
  • Page 220 9-15 downgrading records, purging 9-16 GSS device software restoring GSSM from full backup order of operation validating records Cisco Global Site Selector Administration Guide IN-2 OL-10410-01...
  • Page 221 9-1, 9-5, 9-7 TCP traffic logically removing or replacing 1-11 traffic type login accounts UDP traffic memory blocks and statistics, firewall displaying 2-47 configuring for GSS 5-16 MIB files deploying GSS devices 5-12 Cisco Global Site Selector Administration Guide IN-3 OL-10410-01...
  • Page 222 UDI, displaying 2-50 modifying user account (GUI) 3-12 user account, creating monitoring device status from GUI user account, deleting password 3-13 user account, modifying platform information version information 2-45 printing data 1-14 Cisco Global Site Selector Administration Guide IN-4 OL-10410-01...
  • Page 223 GSSM, logically removing 1-11 host, specifying as log file destination reversing GSSM role 2-43 segmenting network traffic standby GSSM, logically removing 1-11 1-2, 1-5 Info log message 9-15 GSS-related ports and protocols inter-GSS communications Cisco Global Site Selector Administration Guide IN-5 OL-10410-01...
  • Page 224 Analyzer 9-18 primary GSSM GUI logging login accounts facility creating on GSS follow command option 9-10 creating on GSSM host destination, specifying deleting levels 9-1, 9-4 GSSM log activity, displaying 9-11 managing Cisco Global Site Selector Administration Guide IN-6 OL-10410-01...
  • Page 225 See GSS network ports and protocols 5-2, 5-3, 5-12 printing primary GSSM data 1-14 privileged EXEC mode, enabling protocols and ports for GSS devices operator range purging system log messages 9-15 Cisco Global Site Selector Administration Guide IN-7 OL-10410-01...
  • Page 226 2-51, 8-4 overview show tacacs command 4-26 rotating log files 9-12 show tech-support command running configuration file show uptime command 2-50 changing 2-13 show user command 2-23 copying 2-14 show users command 2-23 Cisco Global Site Selector Administration Guide IN-8 OL-10410-01...
  • Page 227 6-5, 6-6 saving running configuration as startup software configuration 2-13 boot information, showing startup configuration file 2-48 disabling GSS device changing 2-29 2-13 downgrade, restoring earlier software copying 2-14 version Cisco Global Site Selector Administration Guide IN-9 OL-10410-01...
  • Page 228 CiscoWorks RME Syslog server, accounting settings 4-17 Analyzer 9-18 server, authentication settings viewing from GUI 9-14 server, authorization settings system uptime, displaying 2-50 server, configuring shared secret with GSS 4-20 statistics, clearing 4-28 Cisco Global Site Selector Administration Guide IN-10 OL-10410-01...
  • Page 229 3-22 user account locations, adding 3-20 CLI account, creating locations, removing 3-22 CLI account, deleting modifying 3-24 CLI account, modifying naming 3-18 CLI user, privilege levels overview 3-15 creating for GUI Cisco Global Site Selector Administration Guide IN-11 OL-10410-01...
  • Page 230 MIB files SNMP status subsystem log files 9-11 system log 9-13 system logs from CiscoWorks RME Syslog Analyzer 9-18 system logs from GUI 9-14 third-party software information 1-15 warning log message 9-15 Cisco Global Site Selector Administration Guide IN-12 OL-10410-01...

Table of Contents