Page 1
Cisco Global Site Selector Administration Guide Software Version 2.0 March 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-10410-01...
Page 2
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.;...
Managing the GSS from the CLI C H A P T E R Logging in to the CLI and Enabling Privileged EXEC Mode Understanding GSS Software Licenses Acquiring and Installing CNR and DDoS License Files Cisco Global Site Selector Administration Guide OL-10410-01...
Page 4
Replacing GSS Devices in Your GSS Network 2-30 Replacing the Primary GSSM in the Network 2-31 Converting the Standby GSSM to a Primary GSSM 2-31 Replacing the Primary GSSM with an Available GSS 2-35 Cisco Global Site Selector Administration Guide OL-10410-01...
Page 5
Modifying a GUI User Account 3-12 Removing a GUI User Account 3-12 Changing the User Account GUI Password 3-13 Creating and Modifying User Views for the Primary GSSM GUI 3-15 Custom User View Overview 3-15 Cisco Global Site Selector Administration Guide OL-10410-01...
Page 6
Specifying TACACS+ Authorization of the GSS 4-24 Specifying TACACS+ Accounting on the GSS 4-25 Showing TACACS+ Statistics on the GSS 4-26 Clearing TACACS+ Statistics on the GSS 4-28 Disabling TACACS+ on a GSS 4-28 Cisco Global Site Selector Administration Guide OL-10410-01...
Page 7
Viewing MIB Files on the GSS Backing Up, Restoring, and Downgrading the GSSM Database C H A P T E R Backing Up the Primary GSSM Backup Overview Performing a Full Primary GSSM Backup Cisco Global Site Selector Administration Guide OL-10410-01...
Page 8
Viewing Subsystem Log Files from the CLI 9-11 Rotating Existing Log Files from the CLI 9-12 Viewing System Logs from the Primary GSSM GUI 9-13 Viewing System Logs from the Primary GSSM GUI 9-14 Cisco Global Site Selector Administration Guide viii OL-10410-01...
Page 9
A P P E N D I X Verifying the GSSM Role in the GSS Network Backing up and Archiving the Primary GSSM Obtaining the Software Upgrade Upgrading Your GSS Devices N D E X Cisco Global Site Selector Administration Guide OL-10410-01...
Page 10
Contents Cisco Global Site Selector Administration Guide OL-10410-01...
Page 11
Obtaining Documentation, Obtaining Support, and Security Guidelines • Audience To use this guide, you should be familiar with the Cisco Global Site Selector hardware, which is discussed in the Global Site Selector Hardware Installation Guide. In addition, you should be familiar with basic TCP/IP and networking...
Database up your primary GSSM. Chapter 8, Viewing Log Includes information on auditing logged information Files about your GSS devices. Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide OL-10413-01...
GSS. for the Cisco Global Site Selector Release Note for the Information on operating considerations, caveats, and Cisco Global Site new CLI commands for the GSS software. Selector Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xiii OL-10413-01...
Page 14
Reference and related commands. This document also describes how to use the CLI interface. Several of the Cisco CNS Network Registrar (CNR) documents are referenced in this guide. The CNR version6.2 documentation set consists of the following documents: Document Title...
Screen examples use the following conventions: font Terminal sessions and information the system displays are screen font. screen Information you must enter is in font. boldface screen boldface screen font Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide OL-10413-01...
Page 16
A caution means that a specific action you take could cause a loss of data or Caution adversely impact use of the equipment. Note A note provides important related information, reminders, and recommendations. Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide OL-10413-01...
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 18
Preface Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xviii OL-10413-01...
Page 19
Activating and Modifying GSS Devices • • Logically Removing a GSS or Standby GSSM from the Network Configuring the Primary GSSM GUI • Printing and Exporting GSSM Data • Viewing Third-Party Software Versions • Cisco Global Site Selector Administration Guide OL-10410-01...
Cisco Systems. To avoid approving the signed certificate every time you log in to the primary GSSM, accept the certificate from Cisco Systems, Inc. For instructions on trusting certificates from a particular owner or website, refer to the online help included with your browser.
The Primary GSSM Welcome page (see Figure 1-2) appears. See the Cisco Global Site Selector GUI-based Global Server Load-Balancing Configuration Guide for information about navigating through the primary GSSM GUI. Figure 1-1 Primary GSSM GUI Login Window Cisco Global Site Selector Administration Guide OL-10410-01...
1-1). Logging Into the GSS and Accessing the CNR GUI You can extend the capabilities of GSS by using the Cisco Network Registrar (CNR). CNR is purchased as a separate license add-on and involves upgrading the existing GSS software license. For more information about obtaining, installing,...
Enter the secure HTTP address of your GSS in the address field as follows: http:// gss-machine:8080 where gss-machine is a resolvable name, such as gss-example.cisco.com or the IP address of that machine. For instance, each of the following can serve as valid addresses: http://gss-example.cisco.com:8080...
At the Network Registrar login window, enter your username and password in the fields provided, and then click Login. See the Cisco CNS Network Registrar User’s Guide for information on configuring CNR using its Web-based user interface (Web UI). Activating and Modifying GSS Devices Activate your GSS devices from the primary GSSM GUI to add those devices to your GSS network.
Activating and Modifying GSS Devices Figure 1-4 Global Site Selectors List Page—Inactive Status Click the Modify GSS icon for the first GSS device to activate. The Modifying GSS details page appears (see Figure 1-5). Cisco Global Site Selector Administration Guide OL-10410-01...
Page 26
If this occurs, power cycle the GSS device, check your network connections, and then repeat this procedure. If you still cannot activate the GSS device, contact Cisco TAC. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 27
You can modify the name and location of any of your GSS devices using the primary GSSM GUI. To modify other network information such as the hostname, IP address, or role, you must access the CLI on that GSS device (see the Cisco Global Site Selector Getting Started Guide).
Click OK to confirm your decision and return to the Global Site Selectors list page. The deleted device is removed from the list. To reconfigure the GSS device, see the Cisco Global Site Selector Getting Started Guide. Cisco Global Site Selector Administration Guide...
Stop the GSS software running on the GSS by entering the following command: gss1.example.com# gss stop Disable the GSSM or GSS by entering the following command: gss1.example.com# gss disable gss1.example.com# shutdown Cisco Global Site Selector Administration Guide 1-11 OL-10410-01...
To add the removed GSS or standby GSSM back into the GSS network, follow the procedures outlined in the Cisco Global Site Selector Getting Started Guide. After you configure the GSS or standby GSSM, you may reload the backup copy of the GSS device startup configuration settings (see the “Saving the startup-config and...
Adjust one or more of the GUI configuration parameters as follows: • To modify the length of time that can expire without GUI activity before the primary GSSM automatically terminates the GUI session, do the following: Cisco Global Site Selector Administration Guide 1-13 OL-10410-01...
CSV editor. To print the data, click the Print button. The Print dialog box on your • workstation appears. Choose a printer from the list of available printers. Cisco Global Site Selector Administration Guide 1-14 OL-10410-01...
Page 33
Viewing Third-Party Software Versions To export the output of all primary GSSM GUI configured fields when Note troubleshooting a GSS device with a Cisco technical support representative, enter the show tech-support config CLI command. See Chapter 9, Monitoring GSS Operation for details.
Chapter 1 Managing GSS Devices from the GUI Viewing Third-Party Software Versions Figure 1-8 GSSM Third-Party Software List Page Cisco Global Site Selector Administration Guide 1-16 OL-10410-01...
Page 35
Disabling the GSS Software • Restoring GSS Factory-Default Settings • Replacing GSS Devices in Your GSS Network • Changing the GSSM Role in the GSS Network • Displaying GSS System Configuration Information • Cisco Global Site Selector Administration Guide OL-10410-01...
Note dedicated terminal and about establishing a remote connection using SSH or Telnet, see the Cisco Global Site Selector Getting Started Guide. Specify your GSS administrative username and password to log in to the GSS device. The CLI prompt appears.
If you want to enable the DDoS license package on a particular GSS, you must purchase a DDoS license from Cisco Systems in order to receive a Product Access Key (PAK) number.
Cisco that: Allows you to retrieve or generate a license file for a particular PAK. • Provides a way for Cisco to track licenses as well as a way for you to recover • lost licenses.
Page 39
The license file is copied to the /licenses directory when the installation is complete. To uninstall a license file on the GSS, enter the license command with the uninstall keyword as follows: gssm1.example.com# license uninstall ddos_new.lic Cisco Global Site Selector Administration Guide OL-10410-01...
Connected to 1.1.1.23 (1.1.1.23). 220 3Com 3CDaemon FTP Server Version 2.0 Name (1.1.1.23): cisco 331 User name ok, need password Password: 230 User logged in Remote system type is UNIX. Using binary mode to transfer files. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 41
Note explictly enable CNR to start processing requests. See Step Verify that the GSS software is running: gssm1.example.com# gss status Cisco GSS - 2.0(2) GSSM - primary [Thu Nov 8 14:27:33 EDT 2007] Normal Operation [runmode = 5] START SERVER...
Page 42
GSSM for your GSS network, enter the following command: gssm1.example.com# gss enable gssm-primary See the Cisco Global Site Selector Getting Started Guide for details. Enable the CNR server agent by using the cnr enable command in global configuration mode as shown in the following example: gssm1.example.com# config...
= staged user-name = admin visibility = 5 zone-edit-mode = synchronous nrcmd> See the Cisco CNS Network Registrar CLI Reference Guide, 6.3 for instructions on using nrcmd. Exit the CNR nrcmd program. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 44
Chapter 2 Managing the GSS from the CLI Understanding GSS Software Licenses nrcmd> exit gssm1.example.com# Cisco Global Site Selector Administration Guide 2-10 OL-10410-01...
Enter the utility name to execute any of these CNR utilities. For example: cnr shell> cnr_tactool user: password: See the Cisco CNS Network Registrar User’s Guide for more information about cnr_tactool and the other available CNR utilities. Cisco Global Site Selector Administration Guide 2-11...
Telnet enable—Telnet state of the GSS device (enabled or disabled) • • FTP enable—FTP state of the GSS device (enabled or disabled) FTP client enable—FTP client state of the GSS device (enabled or disabled) • Cisco Global Site Selector Administration Guide 2-12 OL-10410-01...
Page 47
Copy the current running-config file as the new startup-config file for the GSS by entering the following command: new.example.com(config)# copy running-config startup-config Cisco Global Site Selector Administration Guide 2-13 OL-10410-01...
Copy the GSS device current running configuration to a named file located on the GSS by entering the following command: gss1.example.com# copy running-config newrunningconfig Cisco Global Site Selector Administration Guide 2-14 OL-10410-01...
GSS running-config file, use the show running-config command. You can use this command with the show startup-config command to compare the configuration memory to the startup-config file used during the bootup process. Cisco Global Site Selector Administration Guide 2-15 OL-10410-01...
Page 50
2 destination-port 1020 max-failure-ttl 5 max-ttl 40 tcp-rttprobe sourceport static 10 terminal length 23 exec-timeout 150 logging disk enable logging disk priority Notifications(5) no logging host enable logging host priority Warnings(4) Cisco Global Site Selector Administration Guide 2-16 OL-10410-01...
You can view the contents of a GSS file and monitor functions such as transaction logging or system logging using the system.log file. Use the tail and type CLI commands to view the contents of a file in a GSS directory as follows: Cisco Global Site Selector Administration Guide 2-18 OL-10410-01...
Page 53
#=== WHEN WHAT_TABLE WHAT_ID # Start logging at Wed July 2 00:01:25 GMT 2003 #=== WHEN WHAT_TABLE WHAT_ID # Start logging at Thu July 3 14:42:40 GMT 2003 #=== WHEN WHAT_TABLE WHAT_ID Cisco Global Site Selector Administration Guide 2-19 OL-10410-01...
To view the files available in the current directory or subdirectory, use the dir, lls, ls, or pwd commands. See the “Displaying Files in a Directory” section for details. For example, to rename the current GSS startup-config file as newstartupconfig, enter: gssm1.example.com# rename startup-config newstartupconfig Cisco Global Site Selector Administration Guide 2-21 OL-10410-01...
You may be prompted to log in to the remote device before you can navigate to the target directory. To securely copy files from a GSS device that you are logged in to, enter: gssm1.example.com# scp /tmp/system.log [email protected]:/dump/home Cisco Global Site Selector Administration Guide 2-22 OL-10410-01...
• To display information for a particular user, enter: gssm1.example.com#show user paulr-admin Username permission -------- ---------- paulr-admin admin To display information for all users, enter: gssm1.example.com# show users Username permission -------- ---------- Cisco Global Site Selector Administration Guide 2-23 OL-10410-01...
0, the GSS sends all of its data to the screen at once without pausing to buffer the data. To restore the default terminal length of 23 lines, use the no form of this command. The syntax for this command is as follows: terminal-length number Cisco Global Site Selector Administration Guide 2-24 OL-10410-01...
35 Modifying the Attributes of the Security Certificate on the GSSM You can customize the attributes of the security certificate issued by Cisco Systems and installed on the primary GSSM (as described in the “Logging Into the Primary GSSM Graphical User Interface”...
Page 60
64, except for Country Code, which has a maximum character limit of 2. gssm1.example.com(config)# certificate set-attributes Country code (2 chars) [US]: State [California]: MA City [San Jose]: Boston Organization [Cisco Systems, Inc.]: New Organization Organization Unit [ISBU]: e-Mail Address [[email protected]]: [email protected] Boston New Organization ISBU [email protected]...
GSS software. You should also shut down the GSS software before you disable a GSS (see the “Disabling the GSS Software” section). To shut down the GSS software, enter: gssm1.example.com# shutdown Cisco Global Site Selector Administration Guide 2-27 OL-10410-01...
Disabling the GSS Software Disabling a GSS device is necessary when you need to perform the following tasks: Switch the role of a GSS within a network • Change a GSS to a GSSM • Cisco Global Site Selector Administration Guide 2-28 OL-10410-01...
To reenable the GSS device as a primary GSSM, standby GSSM, or a GSS, see the Cisco Global Site Selector Getting Started Guide. Restoring GSS Factory-Default Settings The restore-factory-defaults command erases your GSSM database and all of its data and resets all network settings, returning your GSS hardware to the same state it was in when it first arrived from the factory.
“Replacing the Primary replacement? GSSM With an Available GSS” Configure an available GSS as the primary GSSM. Refer to “Replacing the Primary GSSM With an Available GSS” This section contains the following topics: Cisco Global Site Selector Administration Guide 2-30 OL-10410-01...
“Performing a Full Primary GSSM Backup” section in Chapter 7, Backing Up, Restoring, and Downgrading the GSSM Database). Log in to the CLI of the standby GSSM and enable privileged EXEC mode. gssm2.example.com> enable gssm2.example.com# Cisco Global Site Selector Administration Guide 2-31 OL-10410-01...
Page 66
Configure basic network connectivity settings following the procedures outlined in the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. Specify the same hostname and IP address of the original primary GSSM. Cisco Global Site Selector Administration Guide...
Page 67
Database. Verify the existing global server load-balancing configuration settings (DNS rules and keepalives) and modify the settings as described in the Cisco Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version). You can now use the replacement primary GSSM in your GSS network.
Managing the GSS from the CLI Replacing GSS Devices in Your GSS Network Reconfigure the global server load-balancing configuration settings on the new primary GSSM as described in the Cisco Global Site Selector Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version).
If this is a new GSS device, configure basic network connectivity settings following the procedures outlined in the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. Ensure that you specify the same hostname and IP address of the original primary GSSM.
Page 70
If you do not have a backup of the original primary GSSM database, do the following: Reconfigure the global server load-balancing configuration settings on the new primary GSSM as described in the Cisco Global Site Selector Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version).
Stop the GSS software running on the GSS by entering the following command: gss3.example.com# gss stop Disable the GSS to remove the existing configuration and return the GSS device to an initial state by entering the following command: Cisco Global Site Selector Administration Guide 2-37 OL-10410-01...
“Saving the startup-config and running-config Files” section). If no, reenter the platform configuration following the procedures outlined in • the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. Save your configuration changes to memory by entering the following command: gss3.example.com# copy running-config startup-config...
If no, reenter the platform configuration following the procedures outlined in • the Cisco Global Site Selector Getting Started Guide, Chapter 3, Setting Up Your GSS. If this is an existing GSS device, delete it from your GSS network through the primary GSSM GUI.
You must configure and enable both a primary and a standby GSSM in your • GSS network. Do not attempt to switch GSSM roles until you configure and enable both a primary and a standby GSSM (see the Cisco Global Site Selector Getting Started Guide). Cisco Global Site Selector Administration Guide...
Perform a full backup of your primary GSSM to preserve your current network and configuration settings (see the “Performing a Full Primary GSSM Backup” section in Chapter 7, Backing Up, Restoring, and Downgrading the GSSM Database). Cisco Global Site Selector Administration Guide 2-41 OL-10410-01...
Page 76
Exit privileged EXEC mode. The standby GSSM begins to function in its new role as the interim primary GSSM and is now fully functional. You may now access the GUI. Cisco Global Site Selector Administration Guide 2-42 OL-10410-01...
When the original primary GSSM is available for use in the network, reverse the roles of the two GSSM devices back to the original GSS network deployment. If your original primary GSSM has been replaced by Cisco Systems, see the Note “Replacing the Primary GSSM with an Available GSS”...
Displaying Memory Information • Displaying Boot Configuration • Displaying GSS Processes • Displaying System Uptime • Displaying Disk Information • Displaying UDI Data • Displaying System Status • Displaying GSS Services • Cisco Global Site Selector Administration Guide 2-44 OL-10410-01...
To display general GSS software version information, enter: gssm1.example.com# show version Global Site Selector (GSS) Model Number: GSS-4492-K9 Copyright (c) 1999-2007 by Cisco Systems, Inc. Version 2.0 (1.0.0) Uptime: 4 Hours 0 Minutes and 19 seconds To display detailed GSS software version information, enter: gssm1.example.com# show version verbose...
To see which license files are installed, enter: gssm1.example.com# show license installed License modules are DDoS To obtain a complete listing of the license files, enter: gssm1.example.com# show license file-name list ddos_new.lic Cisco Global Site Selector Administration Guide 2-46 OL-10410-01...
Displaying GSS System Configuration Information To obtain specific license file details, enter: gssm1.example.com# show license file-name ddos_new.lic FEATURE ddos cisco 1 permanent uncounted HOSTID=ANY \ NOTICE=”ddos_new.lic0 \ 1XIOS2C84AB” SIGN=CFF95D462F42 To obtain a complete picture of the licenses installed in the GSS network from the primary GSS, enter: gssm1.example.com# show license gss-all...
Boot Device Physical device used to boot the GSS software. Timeout Length of time that the Linux boot manager, LILO (Linux Loader) waits to receive an input before automatically booting the GSS device. Cisco Global Site Selector Administration Guide 2-48 OL-10410-01...
Name of the GSS subsystem, per operating system process. Process identifier. Percentage of memory used by the process. CPUTIME Amount of CPU time used since the start of the process. START Date or time when the process started. Cisco Global Site Selector Administration Guide 2-49 OL-10410-01...
You can display GSS Unique Device Identifier (UDI) data by using the show inventory command. gssm1.example.com# show inventory NAME: Chassis, DESCR: Global Site Selector 4492 PID: GSS-4491-K9 , VID: V01, SN: QTFNZD606000011 Cisco Global Site Selector Administration Guide 2-50 OL-10410-01...
The equivalent command to show GSS system status is gss status. Note gssm1.example.com# show system-status Cisco GSS - 1.3(1) GSS Manager - primary [Wed Feb 15 16 16:37:37 UTC 2006] Normal Operation [runmode = 5] START...
You can display the current state of the GSS services, such as FTP, NTP, SSH, TACACS+, Telnet, and SNMP by using the show services command. gssm1.example.com(config)# show services START SERVICE Jul23 Jul23 11:08 Snmp 14:47 Jul23 Syslog Jul23 Tacacs Stats Jul23 Telnet Cisco Global Site Selector Administration Guide 2-52 OL-10410-01...
Note The primary GSSM separately maintains the user accounts and passwords created to log in to the CLI of the device from those accounts and passwords created to log in to the GUI. Cisco Global Site Selector Administration Guide OL-10410-01...
Enter an unquoted text string with no spaces and a maximum length of eight characters. privilege—Sets the user privilege level. To create an administrative account, • specify admin. To create a user account, select user. Cisco Global Site Selector Administration Guide OL-10410-01...
You can delete an existing user account for accessing the GSS from the CLI by entering the username command. The GSS restricts you from deleting the “admin” account. For example, enter: gss1.example.com#(config) username user_1 delete User user_1 removed Cisco Global Site Selector Administration Guide OL-10410-01...
Creating a GUI User Account • Modifying a GUI User Account • Removing a GUI User Account • Changing the User Account GUI Password • • Creating and Modifying User Views for the Primary GSSM GUI Cisco Global Site Selector Administration Guide OL-10410-01...
Observer—No configuration privileges in the primary GSSM GUI, but the • observer can monitor global server load-balancing statistics. Table 3-1 outlines the supported primary GSSM GUI functionality and accessibility for the three user roles. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 92
DNS Rules List and Show All DNS Rules icons on the DNS Rules list page. Restricted from the – DNS Rule Builder and DNS Rules Wizard icons and pages on the DNS Rules list page. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 93
Tools tab—Access to only • the Change Password navigation link and detail page. • Traffic Mgmt tab— Access to all navigation links, list pages, and detail pages. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 94
(configuration and statistics) visible on a primary GSSM GUI page using configured answers, shared keepalives, locations, and owners. See the “Creating and Modifying User Views for the Primary GSSM GUI” section for details. Cisco Global Site Selector Administration Guide OL-10410-01...
Click the User Administration navigation link. The Users list page appears (see Figure 3-1). Figure 3-1 Users List Page Click the Create User icon. The Creating New User details page appears (see Figure 3-2). Cisco Global Site Selector Administration Guide OL-10410-01...
Page 96
Operator—Limited configuration privileges in the primary GSSM GUI, – but the operator can view list pages, view detail pages, and monitor statistics. Observer—No configuration privileges in the primary GSSM GUI, but – the observer can monitor statistics. Cisco Global Site Selector Administration Guide 3-10 OL-10410-01...
Page 97
GSSM. (Optional) Fill in the rest of the user contact information: Job Title—Position within the organization – Department—Business unit or group – – Phone—Business telephone number Cisco Global Site Selector Administration Guide 3-11 OL-10410-01...
The Modifying User details page appears (see Figure 3-2), displaying that user’s account information. Click the Delete icon. The software prompts you to confirm your decision to permanently remove the user. You cannot delete the “admin” account. Cisco Global Site Selector Administration Guide 3-12 OL-10410-01...
To change your account password from the primary GSSM GUI, perform the following steps: Click the Tools tab. Click the Change Password navigation link. The Change Password details page (see Figure 3-3) appears displaying your account name in the Username field. Cisco Global Site Selector Administration Guide 3-13 OL-10410-01...
Page 100
In the Re-type New Password field, enter the new password string a second time. This action is used to verify that you have entered your password correctly. Click Submit to update your login password. Cisco Global Site Selector Administration Guide 3-14 OL-10410-01...
The user is restricted from viewing any additional configured answers, shared keepalives, locations, and owners that might exist in the primary GSSM GUI. Cisco Global Site Selector Administration Guide 3-15 OL-10410-01...
Page 102
To create a GUI user view, perform the following steps: From the primary GSSM GUI, click the Tools tab. Click the Views navigation link. The User Views list page appears (see Figure 3-4). Cisco Global Site Selector Administration Guide 3-16 OL-10410-01...
Page 103
Creating and Managing Primary GSSM GUI User Accounts Figure 3-4 User Views List Page Click the Create User Views icon. The Creating New User View—General Configuration details page appears (see Figure 3-5). Cisco Global Site Selector Administration Guide 3-17 OL-10410-01...
Page 104
If the list of answers on your GSS network spans more than one page, select the answers from only the first page of answers, and then click Add Selected before proceeding to another page of answers. Cisco Global Site Selector Administration Guide 3-18 OL-10410-01...
Page 105
If the list of shared keepalives on your GSS network spans more than one page, select the shared keepalives from only the first page of keepalives, and then click Add Selected before proceeding to another page of shared keepalives. Cisco Global Site Selector Administration Guide 3-19 OL-10410-01...
Page 106
Add Selected, before proceeding to another page of locations. Note The primary GSSM GUI supports a maximum of 200 locations in a custom user view. Cisco Global Site Selector Administration Guide 3-20 OL-10410-01...
Page 107
Add Selected before proceeding to another page of owners. The primary GSSM GUI supports a maximum of 500 owners in a custom Note user view. Cisco Global Site Selector Administration Guide 3-21 OL-10410-01...
Page 108
Figure 3-10 illustrates the Remove Answers details page. Click the check boxes that correspond to the items that you want to remove from the custom user view, and then click Remove Selected. Cisco Global Site Selector Administration Guide 3-22 OL-10410-01...
Page 109
Creating New User View - General Configuration details page (see Figure 3-11). The selected items assigned to this view appear in the Current Owners, Current Locations, Current Answers, or Current KeepAlives section of the page. Cisco Global Site Selector Administration Guide 3-23 OL-10410-01...
Page 110
The Modify User View details page appears. In the General Configuration details page (General Configuration navigation link), use the fields provided to modify the name or comments for the user view. Cisco Global Site Selector Administration Guide 3-24 OL-10410-01...
Page 111
Click the Delete icon in the upper right corner of the page. The GSS software prompts you to confirm your decision to delete the user view. Click OK to return to the User Views list page with the user view removed. Cisco Global Site Selector Administration Guide 3-25 OL-10410-01...
To reset the administrator CLI account password, perform the following steps: Attach an ASCII terminal to the Console port on the GSS device. See the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your GSS series hardware.
GSS CLI. • Specify the password that you want to change. Enter an unquoted text string with no spaces and a maximum length of eight characters. Cisco Global Site Selector Administration Guide 3-27 OL-10410-01...
GSSM GUI. Enter an unquoted text string of 6 to 16 characters with no spaces. For example, to change the change the administrator password to mynewpassword, enter: gssm1.example.com# reset-gui-admin-password password mynewpassword Cisco Global Site Selector Administration Guide 3-28 OL-10410-01...
Specifying the TACACS+ Server Timeout on the GSS • Specifying TACACS+ Authentication of the GSS • Specifying TACACS+ Authorization of the GSS • Specifying TACACS+ Accounting on the GSS • • Showing TACACS+ Statistics on the GSS Cisco Global Site Selector Administration Guide OL-10410-01...
(AAA) facilities between a GSS and the TACACS+ server. TACACS+ allows for multiple access control servers (the TACACS+ security daemon) to provide the AAA services. The Cisco Secure Access Control Server (ACS) is an example of an AAA access control server.
Page 117
TACACS+ timeout period to designate how long the GSS waits for a response to a connection attempt from a TACACS+ server. The timeout value applies to all defined TACACS+ servers. Cisco Global Site Selector Administration Guide OL-10410-01...
Table 4-1 TACACS+ Configuration Quick Start Task and Command Example Configure the authentication, authorization, and accounting service settings on the TACACS+ server, such as the Cisco Secure Access Control Server (ACS). Enable global configuration mode on the GSS device. gssm1.example.com# config gssm1.example.com(config)#...
Configuring a TACACS+ Server for Use with the GSS This section describes how to set up a TACACS+ server, such as the Cisco Secure Access Control Server (ACS). It is intended as a guide to help ensure proper communication with a TACACS+ server and a GSS operating as a TACACS+ client.
Page 120
Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the GSS Figure 4-2 Add AAA Client Page of Cisco Secure ACS Configure the following selections: • AAA Client Hostname—Enter the name that you want assigned to the GSS.
Key—Enter the shared secret that the GSS and Cisco Secure ACS use to • authenticate transactions. For correct operation, you must specify the identical shared secret on both the Cisco Secure ACS and the GSS. The key is case-sensitive. Authenticate Using—Select TACACS+ (Cisco IOS).
Page 122
Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the GSS To define CLI command privileges for the GSS from the Cisco Secure ACS, perform the following steps: Access the Group Setup section of the Cisco Secure ACS interface, then access the Group Setup page.
Page 123 Arguments are case sensitive and must match the text exactly that the GSS sends to the Cisco Secure ACS. For each argument of the Cisco IOS command, specify whether the argument is to be permitted or denied. These should be entered in the format permit argument or deny argument.
Page 124
To permit all CLI commands except for the gss tech-report command (see • Figure 4-5), do the following: Click the Permit option under Per Group Command Authorization. Enter gss in the Command text box. Cisco Global Site Selector Administration Guide 4-10 OL-10410-01...
Page 125
Configuring a TACACS+ Server for Use with the GSS Enter deny tech-report in the Arguments text box. Click the Permit option under Unlisted arguments. Figure 4-5 Command Privileges Example—Permit All CLI Commands Except Specified Command Cisco Global Site Selector Administration Guide 4-11 OL-10410-01...
Configuring Primary GSSM GUI Privilege Level Authorization from the TACACS+ Server You can configure the Cisco Secure ACS TACACS+ server to define the privilege level (role) of a user when accessing the primary GSSM GUI. The primary GSSM GUI learns the user’s associated privilege level when communicating with the TACACS+ server.
Page 127
Cisco Secure ACS, perform the following steps: If this is your first time enabling per-user CLI command authorization, access the Interface Configuration section of the Cisco Secure ACS interface and configure the following selections: Access the TACACS+ (IOS) page. Click the Shell (exec) checkbox under...
Page 128
Figure 4-7 Interface Configuration Page—Advanced Options Page Access the User Setup section of the Cisco Secure ACS interface and choose the name of a user to which you want to assign a primary GSSM GUI privilege level. The Edit page appears.
Page 129
Check the Per User Command Authorization checkbox. Check the Command check box and type GuiEnable in the Command text box (see Figure 4-8). Figure 4-8 Assigning Operator-Level Privileges to a User from Cisco Secure Cisco Global Site Selector Administration Guide 4-15 OL-10410-01...
See the “Custom User View Overview” section in Chapter 3, Creating and Managing User Accounts, for background on custom user views in the primary GSSM GUI. Cisco Global Site Selector Administration Guide 4-16 OL-10410-01...
GSSM GUI in the event that TACACS+ authentication fails for a GUI connection. Configuring Accounting Settings on the TACACS+ Server To configure the accounting service for the Cisco Secure ACS, perform the following steps: In the System Configuration section of the Cisco Secure ACS interface, the Logging Configuration page, click CSV TACACS+ Accounting.
Page 132
Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the GSS Figure 4-9 CSV TACACS+ Accounting File Logging Page of Cisco Secure ACS Click the Log to CSV TACACS+ Accounting report check box. Under elect Columns To Log, in the Attributes column, click the attribute that you want to log.
You can designate a maximum of three servers on the GSS. However, the GSS uses only one server at a time. For recommended guidelines on setting up a TACACS+ server (the Cisco Secure ACS in this example), see the “Configuring a TACACS+ Server for Use with the GSS”...
Page 134
GSS and the TACACS+ server, define an encryption key. If you do not define an encryption key, the GSS transmits packets to the TACACS+ server in clear text. The range for the encryption key is 1 to 100 alphanumeric characters. Cisco Global Site Selector Administration Guide 4-20 OL-10410-01...
Page 135
You can change or remove the encryption key without deleting the TACACS+ server. For example, to remove the key SECRET-123 without removing the TACACS+ server, enter: gss1.example.com(config)# no tacacs-server host 192.168.1.101 key SECRET-123 Cisco Global Site Selector Administration Guide 4-21 OL-10410-01...
To disable the use of TCP keepalives with the active TACACS+ server, enter: gss1.example.com(config)# no tacacs-server keepalive-enable To reenable the use of TCP keepalives with the active TACACS+ server, enter: gss1.example.com(config)# tacacs-server keepalive-enable Cisco Global Site Selector Administration Guide 4-22 OL-10410-01...
You must enable remote access on the GSS device (SSH, Telnet, or FTP) before Note you enable TACACS+ authentication for the specific GSS access method. See the Cisco Global Site Selector Getting Started Guide for details. Cisco Global Site Selector Administration Guide 4-23...
EXEC mode commands issued on the GSS. The command authorizes all attempts to enter user-level and privileged-level EXEC mode commands, including global configuration and interface configuration commands. Cisco Global Site Selector Administration Guide 4-24 OL-10410-01...
CLI command, the accessed primary GSSM GUI page and the performed action, and the time of execution. The Cisco Secure ACS records its logs in comma-separated value (CSV) text files. You can import CSV log files into many popular spreadsheet applications.
You must enable logging for accounting reports on the TACACS+ server and that you select the attributes that you want to log. For general guidelines on the recommended setup of a TACACS+ server for accounting (the Cisco Secure ACS in this example), see the “Configuring Accounting Settings on the TACACS+...
Page 141
GSS, the GSS increments the Authentication Pass counter. If the GSS permits a user to access a specific CLI command through authorization, the GSS increments the Authorization Pass counter. Cisco Global Site Selector Administration Guide 4-27 OL-10410-01...
Attach an ASCII terminal to the console port on the GSS device. See the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your Cisco Global Site Selector series hardware. Press the power control button on the GSS to power cycle the device and perform a restart.
Page 143
Save your configuration changes to memory. gssm1.example.com# copy running-config startup-config If you fail to save your configuration changes, the GSS device reverts to its previous settings (including the previous TACACS+ configuration) upon a reboot. Cisco Global Site Selector Administration Guide 4-29 OL-10410-01...
Page 144
Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Disabling TACACS+ on a GSS Cisco Global Site Selector Administration Guide 4-30 OL-10410-01...
• Adding Rules to an Access List • Removing Rules from an Access List • Segmenting GSS Traffic by Ethernet Interface • Segmenting GSS Traffic by Ethernet Interface • Displaying Access Lists • Cisco Global Site Selector Administration Guide OL-10410-01...
GSS. Outbound traffic is not affected by access lists. However, the return inbound Note traffic must be explicitly permitted because GSS access lists are not stateful. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 147
CRA keepalives 1974 1974 Director Response Protocol (DRP) protocol traffic 2000 Inter-GSS periodic status reporting 2001–2005 Inter-GSS communication 2001–2005 Return traffic of inter-GSS communication 3002–3008 Inter-GSS communication 3002–3008 Return traffic of inter-GSS communication Cisco Global Site Selector Administration Guide OL-10410-01...
—Prevents a connection when a packet matches the condition. All • provisions of the condition must be met to make a match. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 149
The following example shows a completed access list (alist1): gss1.example.com(config)# show access-list access-list: alist1 access-list alist1 permit tcp any destination-port range 20 23 access-list alist1 permit tcp any eq 20 access-list alist1 permit tcp any eq 21 Cisco Global Site Selector Administration Guide OL-10410-01...
For example, to associate the access list named alist1 with the first interface on your GSS device, enter the following: gss1.example.com# config gss1.example.com(config)# access-group alist1 interface eth0 Use the access-group command for each access list that you want to associate with the interface. Cisco Global Site Selector Administration Guide OL-10410-01...
Use the show access-list command to verify that the rule is added to your access list. gss1.example.com(config)# show access-list access-list:alist1 access-list alist1 permit tcp any destination-port eq 443 access-list alist1 deny tcp host 192.168.1.101 Cisco Global Site Selector Administration Guide OL-10410-01...
To reconfigure which interface is used for inter-GSS communications on the GSS network, use the gss-communications command. See the Cisco Global Site Selector Getting Started Guide for details. For security reasons you can limit GSS traffic to one Ethernet interface, or segment traffic by constraining a certain type of traffic on a designated interface.
53 access-list alist1 permit udp any eq 123 destination-port eq 123 access-list alist1 permit udp any destination-port eq 161 access-list alist1 permit tcp any destination-port eq 443 Cisco Global Site Selector Administration Guide 5-10 OL-10410-01...
Page 155
DROP 0.0.0.0/0 0.0.0.0/0 Use the show access-group command to display a list of the access lists associated with GSS interfaces Ethernet 0 and Ethernet 1. gss1.example.com(config)#show access-group access group alist1 interface eth0 Cisco Global Site Selector Administration Guide 5-11 OL-10410-01...
In addition, use the access-list and access-group commands to enable authorized GSS traffic to the specified ports. By default, the GSS interface blocks all ports not explicitly permitted in your access list once you associate the access list with an Ethernet interface. Cisco Global Site Selector Administration Guide 5-12 OL-10410-01...
Page 157
Return traffic of DRP protocol traffic 2000 Inter-GSS periodic status reporting 2001–2005 Inter-GSS communication 2001-2005 Return traffic of inter-GSS communication 3002–3008 Inter-GSS communication 3002-3008 Return traffic of inter-GSS communication 5001 Global sticky mesh protocol traffic Cisco Global Site Selector Administration Guide 5-13 OL-10410-01...
Page 158
Traffic of FTP, SCP, and Telnet GSS CLI commands UDP, TCP Return traffic of GSS DNS server traffic GSS software reverse lookup, “dnslookup” queries, and name server forwarding 80 or user- TCP and HTTP keepalives configured Cisco Global Site Selector Administration Guide 5-14 OL-10410-01...
Page 159
3341 Sticky communication source 3342 Sticky and DNS processes communication 5001 Global sticky mesh protocol traffic 5001 Return traffic of global sticky mesh protocol traffic 5002 KAL-AP keepalives *Any legal port number Cisco Global Site Selector Administration Guide 5-15 OL-10410-01...
GSS-related ports and protocols to enable for the GSS device to function properly. Construct your access lists to filter traffic incoming and outgoing from your GSS device. See the “Creating an Access List” section for details. Cisco Global Site Selector Administration Guide 5-16 OL-10410-01...
SNMP includes a protocol, a database-structure specification, and a set of management data objects. SNMP implementations typically consist of a management application running on one or more network management systems (NMSs), and agent applications, usually executing in firmware on various network devices. Cisco Global Site Selector Administration Guide OL-10410-01...
To configure SNMP for a GSS device, perform the following steps: Log in to the CLI and enable privileged EXEC mode. gss1.example.com> enable gss1.example.com# Access global configuration mode. gss1.example.com# config gss1.example.com(config)# Enable the SNMP agent by using the following command. gss1.example.com(config)# snmp enable Cisco Global Site Selector Administration Guide OL-10410-01...
Page 163
Enter new Contact Info: Joe Smith [email protected] gss-pilot1.cisco.com(config)# Using the v2.0 CLI, configure a contact for this GSS device with the snmp-server contact command. Enter an unquoted text string with a maximum of 255 characters without any spaces.
Disable the SNMP server or any of the parameters outlined here by using the no form of the snmp-server command. For example, to disable the SNMP location for the GSS, enter: gss1.example.com(config)# no snmp-server community MyCommunity Cisco Global Site Selector Administration Guide OL-10410-01...
Disable SNMP server notifications by using the no form of the snmp-server enable-traps command. For example, to disable SNMP GSLB keepalive notification, enter: gss1.example.com(config)# no snmp-server enable-traps gslb kal Cisco Global Site Selector Administration Guide OL-10410-01...
10 Set the default trap rate by using the no form of the snmp-server trap-limit command as follows: gss1.example.com(config)# no snmp-server trap-limit answer-trap Cisco Global Site Selector Administration Guide OL-10410-01...
Specify the version of the SNMP protocol used to send the traps by entering the version command and one of the available keywords: 1—Specifies SNMPv1 (the default). • 2—Specifies SNMPv2c. • gss1.example.com(config)# snmp-server host 10.1.1.1 MyCommunity traps version 2 Cisco Global Site Selector Administration Guide OL-10410-01...
0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors Cisco Global Site Selector Administration Guide OL-10410-01...
GSSs and GSSMs and restore the software if you encounter problems with a GSS software upgrade. It contains the following major sections: Backing Up the Primary GSSM • Restoring a Primary GSSM Backup • Downgrading Your GSS Devices • Cisco Global Site Selector Administration Guide OL-10410-01...
Whenever you execute a backup on your primary GSSM, the GSS software automatically creates a tar archive (“tarball”) of the necessary files. A tar archive is a group of files collected together as a single file. This file has the .full extension. Cisco Global Site Selector Administration Guide OL-10410-01...
Create a full backup of your primary GSSM by using the gssm backup full command. The gssm backup full command performs a backup of both the database component of the GSSM and its network and device configuration information. Supply a filename for your backup. Cisco Global Site Selector Administration Guide OL-10410-01...
The GSS database may change between software versions. When you downgrade to an earlier version of the GSSM database, any configuration changes, device configuration information, and DNS rules entered through the primary GSSM (subsequent to your last software upgrade) will be lost. Cisco Global Site Selector Administration Guide OL-10410-01...
GSSM has stopped. atcr1.cisco.com# gss stop atcr1.cisco.com# gss status Cisco GSS - 1.3(1.0.0) - [Wed Feb 15 11:33:47 UTC 2006] gss is not running. After the GSSM software stops, restore the GSSM from the backup file by using the gssm restore command.
Page 176
If you type y to restore the GSS network information and your configuration includes a standby GSSM, you must reenable the standby GSSM and then reregister it with the primary GSSM. See the Cisco Global Site Selector Getting Started Guide for details.
Page 177
GSSM GUI, each GSS location is set to Unspecified. If necessary, reestablish the association between a GSS device and location on the Modifying GSS details page as described in the Cisco Global Site Selector Administration Guide. For a DNS sticky configuration, all favored peer associations established •...
GSS software in your possession is Release 1.1, and your earliest GSSM database backup is for Release 1.1, do not downgrade to a release of GSS software earlier than Release 1.1. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 179
After you downgrade the software on your primary GSSM,see the “Restoring Your Primary GSSM from a Previous Backup” section. Restore the GSSM database backup that was previously saved from the downgraded GSS software release. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 180
Chapter 7 Backing Up, Restoring, and Downgrading the GSSM Database Downgrading Your GSS Devices Cisco Global Site Selector Administration Guide 7-10 OL-10410-01...
Page 181
The logging level designates the GSS log emergency, alert, critical, error, and warning messages for the subsystem. The GSS also logs notification, informational, and debugging messages. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 182
GSS has lost contact with the primary GSSM but a local configuration snapshot exists. Notifications The GSS encountered a nonerror condition that should be brought to the administrator’s attention. For example, a GSS software upgrade is required. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 183
Director Response Protocol (DRP) agent logging messages drpagent keepalive Keepalive Engine logging messages Node manager logging messages nodemgr proximity Proximity logging messages sticky Sticky manager logging message System logging messages system tacacs TACACS+ logging messages Cisco Global Site Selector Administration Guide OL-10410-01...
Page 184
Log Files from the CLI” section). This section contains the following topics: Specifying a Log File on the GSS Disk • Specifying a Host for a Log File Destination • Specifying a Syslog Facility • Cisco Global Site Selector Administration Guide OL-10410-01...
Page 185
• select a subsystem: boomerang—Boomerang logging messages – – crdirector—CrDirector logging messages crm—GSSM logging messages – ddos—Distributed Denial of Service (DDos) prevention module logging – messages dnsserver—Domain Name System (DNS) logging messages – Cisco Global Site Selector Administration Guide OL-10410-01...
Page 186
The keywords and arguments are as follows: enable—Enables logging to host. • ip—Sets the remote host (or hosts) that are to receive the GSS log files. • ip_address—Address (or addresses) of the remote logging hosts. • Cisco Global Site Selector Administration Guide OL-10410-01...
Page 187
– For example, to enable logging to a remote host and to set the priority level for notifications, enter: gssm1.example.com(config)# logging host enable gssm1.example.com(config)# logging host ip 172.16.2.3 Cisco Global Site Selector Administration Guide OL-10410-01...
Page 188
The GSS supports the following types: auth—Authorization system • daemon—System daemon • • kernal—Kernel local0—Reserved for locally defined messages • • local1—Reserved for locally defined messages local2—Reserved for locally defined messages • local3—Reserved for locally defined messages • Cisco Global Site Selector Administration Guide OL-10410-01...
Page 189
This section contains the following topics: Viewing the gss.log File from the CLI • Viewing System Message Logging • Viewing Subsystem Log Files from the CLI • Rotating Existing Log Files from the CLI • Cisco Global Site Selector Administration Guide OL-10410-01...
Page 190
To show all logged information, enter: gssm1.example.com# show logs gss.log Jul 14 21:42:01 gss-css2 KAL-7-KALAP[1240] KAL-AP (seq# 29410)=> Host 192.10.2.1 Jul 14 21:42:02 gss-css2 KAL-7-KALAP[1240] KAL-AP (seq# 29412)=> Host 192.10.4.1 Cisco Global Site Selector Administration Guide 8-10 OL-10410-01...
Page 191
The type command lists all logged subsystem information in your terminal Note session. This output may be quite large and may exceed the buffer size set for the terminal. If you want to capture all logged information, use the terminal-length Cisco Global Site Selector Administration Guide 8-11 OL-10410-01...
Page 192
GSS, thus completely filling the available GSS disk space. Correct this problem by using the rotate-logs CLI command to replace the log files and resume logging. The syntax for this command is as follows: rotate-logs {delete-rotated-logs} Cisco Global Site Selector Administration Guide 8-12 OL-10410-01...
Page 193
“Viewing System Message Logging” section. This section contains the following topics: Viewing System Logs from the Primary GSSM GUI • Purging System Log Messages from the GUI • Common System Log Messages • Cisco Global Site Selector Administration Guide 8-13 OL-10410-01...
Page 194
GSS device. Node type—Type of GSS node (GSS or GSSM) on which the logged event • occurred. Node name—Name assigned to the GSS device using the primary GSSM. • Cisco Global Site Selector Administration Guide 8-14 OL-10410-01...
– components. Debug—Detailed information about the internal operations of the GSS or – one of its components. Debug log messages are intended for use by Cisco support engineers to troubleshoot a problem. • Description—Text description that explains the event. Message—Information about any relevant conditions encountered while the •...
GSS system messages that can appear on the System Log list page. Messages appear alphabetically with a brief description. If you require more detailed information about a specific system message, contact a Cisco technical support representative. Cisco Global Site Selector Administration Guide...
Page 197
Server Started the CLI. An error occurred on the standby GSSM Standby GSSM database error embedded database. The GSS has started the process of Started store invalidation marking internally inconsistent database records. Cisco Global Site Selector Administration Guide 8-17 OL-10410-01...
Page 198
The GSS syslog host messages support the correct CiscoWorks RME Syslog Note Analyzer message format; however, these messages do not support the Syslog Analyzer MIBs. In addition, not all severity 7 debug messages are compliant with the syslog host message format. Cisco Global Site Selector Administration Guide 8-18 OL-10410-01...
Page 199
Code that uniquely identifies the error message (for MNEMONIC example, TCPTRANS GUIEXCEPTION KALPING Text string describing the condition (for example, Message-text KAL_RSP_OK [192.168.100.1] numSuccessfulProbes:2 Detected Ssh is stopped but should be started Cisco Global Site Selector Administration Guide 8-19 OL-10410-01...
Page 200
Chapter 8 Viewing Log Files Viewing GSS System Logs Using CiscoWorks RME Syslog Analyzer Cisco Global Site Selector Administration Guide 8-20 OL-10410-01...
GSS global server load-balancing operation: Boomerang (CRAs), DNS, DNS sticky, network proximity, and keepalives. See the Cisco Global Server Load-Balancing Configuration Guide (GUI-based or CLI-based version) for details about displaying statistics using the show statistics command.
Display the current running status of the GSS device by using the following command: gssm1.example.com# gss status Cisco GSS - 1.3(1) GSS [Wed Feb 15 21:09:09 UTC 2006] Registered to primary GSSM: 10.86.209.167 Normal Operation [runmode = 5] START...
Page 203
Include statistics about the CPU utilization when displaying information on the current GSS operating state by entering the following command: gssm1.example.com# gss status verbose Cisco GSS - 1.3(1) GSS [Wed Feb 31 21:09:09 UTC 2006] Registered to primary GSSM: 10.86.209.167 Normal Operation [runmode = 5]...
Display the current running status of the GSS device by entering the following command: gssm1.example.com# show system-status Cisco GSS - 1.3(1) GSS Manager - primary [Wed Feb 15 16:37:37 UTC 2006] Normal Operation [runmode = 5] START SERVER...
Log in to the CLI of the primary GSSM and enable privileged EXEC mode. gssm1.example.com> enable gssm1.example.com# Display the operating status of the GSSM database by entering the following command: Cisco Global Site Selector Administration Guide OL-10410-01...
GSSM database validation report written to validation.log. View the contents of your validation report by entering the following command: gss1.example.com# type validation.log validation.log Start logging at Wed Feb 15 19:17:21 GMT+00:00 2006 Cisco Global Site Selector Administration Guide OL-10410-01...
Page 207
Validating RoutedDomain Validating RoutingConfig Validating RrConfig Validating RrStatus Validating SNodeConfig Validating SourceAddressElement Validating SourceAddressGroup Validating SpInfo Validating SystemConfig Validating UpdateInfo Validating UserConfig Validating VirtualCDN Validating WlpanswerElement Validating User Validations End of file validation.log Cisco Global Site Selector Administration Guide OL-10410-01...
[config | core-files]—Displays a report on the current • operating configuration of your GSS device that can be used by a Cisco TAC representative in troubleshooting problems on your GSS network. The config option exports the output of all configured fields from the primary GSSM GUI.
Page 209
Global Site Selector: icarus.cisco.com Status: Online Node Services: GSS IP Address: 192.168.209.221 Location: Region: DNS Rules: Rule1: Name: ECommerce Source Address List: Anywhere Domain List: ECommerce Owner: ECommerce-Database Status: Active Match DNS Query Type: A record Cisco Global Site Selector Administration Guide OL-10410-01...
Page 210
Answer Group 1: Database-Services Balance Method 1: Hashed Balance Clause Options 1: DNS TTL: 20; Return Record Count: 1; Answer Group 2: Balance Method 2: Balance Clause Options 2: Answer Group 3: Balance Method 3: Cisco Global Site Selector Administration Guide 9-10 OL-10410-01...
This appendix describes how to upgrade the GSS software to a new software version. To upgrade the software, you must do the following: Have access to the GSS download area of the Cisco software download site • and to Cisco.com.
The next step is to ensure that you have a full (and current) backup of the primary GSSM database and that you archive this backup. Proceed to the “Backing up and Archiving the Primary GSSM” section. Cisco Global Site Selector Administration Guide OL-10410-01...
Download the software update files to a server within your own organization • that is accessible using FTP or SCP from your GSSs and GSSMs. You must have a Cisco.com username and password to download a software update from Cisco.com. To acquire a Cisco.com login, go to http://www.cisco.com and click the Register link.
Page 214
Cisco.com username and password. The Cisco GSS Software download page appears, listing the available software upgrades for the GSS software product. If you do not have a shortcut to the Cisco Global Site Selector download page: Log in to Cisco.com using your designated Cisco.com username and password.
To have the GSS/CNR device process the NON A records for the – authoritative domain, you must configure all the NON A records on the CNR that were earlier processed by the external name service using NS forwarding. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 216
For example, to copy an upgrade file named gss.upg from a remote host, your FTP session may appear as follows: gssm1.example.com> ftp host.example.com Connected to host.example.com. 220 host.example.com FTP server (Version wu-2.6.1-0.6x.21) ready. Name (host.example.com:root): admin Cisco Global Site Selector Administration Guide OL-10410-01...
Page 217
Note current configuration? [y/n]: prompt appears. At the prompt, type y to continue. The GSS then reboots. After the GSS device reboots, log in to the GSS device and enable privileged EXEC mode. Cisco Global Site Selector Administration Guide OL-10410-01...
Page 218
5 by entering the gss status command. Enter configuration mode and enable CNR if the GSS has CNR loaded on it. gssm1.example.com# config gssm1.example.com (config)# cnr enable Repeat the entire procedure for the remaining GSS devices in your network. Cisco Global Site Selector Administration Guide OL-10410-01...
2-25 viewing modifying 2-25 activating GSS devices trusting adding rules to access lists changing GSSM roles in GSS network 2-40 administration password changing 3-27, 3-28 GSS device monitoring 8-2, 8-4 Cisco Global Site Selector Administration Guide IN-1 OL-10410-01...
Page 220
9-15 downgrading records, purging 9-16 GSS device software restoring GSSM from full backup order of operation validating records Cisco Global Site Selector Administration Guide IN-2 OL-10410-01...
Page 221
9-1, 9-5, 9-7 TCP traffic logically removing or replacing 1-11 traffic type login accounts UDP traffic memory blocks and statistics, firewall displaying 2-47 configuring for GSS 5-16 MIB files deploying GSS devices 5-12 Cisco Global Site Selector Administration Guide IN-3 OL-10410-01...
Page 222
UDI, displaying 2-50 modifying user account (GUI) 3-12 user account, creating monitoring device status from GUI user account, deleting password 3-13 user account, modifying platform information version information 2-45 printing data 1-14 Cisco Global Site Selector Administration Guide IN-4 OL-10410-01...
Page 223
GSSM, logically removing 1-11 host, specifying as log file destination reversing GSSM role 2-43 segmenting network traffic standby GSSM, logically removing 1-11 1-2, 1-5 Info log message 9-15 GSS-related ports and protocols inter-GSS communications Cisco Global Site Selector Administration Guide IN-5 OL-10410-01...
Page 225
See GSS network ports and protocols 5-2, 5-3, 5-12 printing primary GSSM data 1-14 privileged EXEC mode, enabling protocols and ports for GSS devices operator range purging system log messages 9-15 Cisco Global Site Selector Administration Guide IN-7 OL-10410-01...
Page 226
2-51, 8-4 overview show tacacs command 4-26 rotating log files 9-12 show tech-support command running configuration file show uptime command 2-50 changing 2-13 show user command 2-23 copying 2-14 show users command 2-23 Cisco Global Site Selector Administration Guide IN-8 OL-10410-01...
Page 227
6-5, 6-6 saving running configuration as startup software configuration 2-13 boot information, showing startup configuration file 2-48 disabling GSS device changing 2-29 2-13 downgrade, restoring earlier software copying 2-14 version Cisco Global Site Selector Administration Guide IN-9 OL-10410-01...
Page 228
CiscoWorks RME Syslog server, accounting settings 4-17 Analyzer 9-18 server, authentication settings viewing from GUI 9-14 server, authorization settings system uptime, displaying 2-50 server, configuring shared secret with GSS 4-20 statistics, clearing 4-28 Cisco Global Site Selector Administration Guide IN-10 OL-10410-01...
Page 230
MIB files SNMP status subsystem log files 9-11 system log 9-13 system logs from CiscoWorks RME Syslog Analyzer 9-18 system logs from GUI 9-14 third-party software information 1-15 warning log message 9-15 Cisco Global Site Selector Administration Guide IN-12 OL-10410-01...