- Preface
- Using the WAAS Command-Line Interface
- Cisco WAAS Software Command Summary
- CLI Commands
- EXEC Mode Commands
- Global Configuration Mode Commands
- Interface Configuration Mode Commands
- Standard ACL Configuration Mode Commands
- Extended ACL Configuration Mode Commands
- Preposition Configuration Mode Commands
- Virtual Blade Configuration Mode Commands
- PKI Certificate Authority Configuration Mode Commands
- PKI Global Settings Configuration Mode Commands
- SSL Accelerated Service Configuration Mode Commands
- SSL Cipher List Configuration Mode Commands
- SSL Global Service Configuration Mode Commands
- SSL Host Peering Service Configuration Mode Commands
- SSL Management Service Configuration Mode Commands
- WCCP Configuration Mode Commands
- AppNav Controller Group Configuration Mode Commands
- Service Node Group Configuration Mode Commands
- Service Node Configuration Mode Commands
- Service Context Configuration Mode Commands
- Class Map Configuration Mode Commands
- Policy Map Configuration Mode Commands
- Policy Map Class Configuration Mode Commands
- Acronyms and Abbreviations
- Command Summary by Mode
- (config-if) autosense
- (config-if) bandwidth
- (config-if) bridge-group
- (config-if) cdp
- (config-if) channel-group
- (config-if) description
- (config-if) encapsulation dot1Q
- (config-if) exit
- (config-if) failover timeout
- (config-if) full-duplex
- (config-if) half-duplex
- (config-if) inline
- (config-if) ip
- (config-if) ip access-group
- (config-if) load-interval
- (config-if) mtu
- (config-if) shutdown
- (config-if) standby
Interface Configuration Mode Commands
To set, view, and test the configuration of WAAS software features on a specific interface, use the interface global configuration command.
interface {GigabitEthernet slot/port | InlineGroup slot/group | PortChannel index | Standby group-index | TenGigabitEthernet slot/port | bvi bridge-id}
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Within interface configuration mode, you can use the interface commands (autosense, bandwidth, cdp, and so on) to configure the specified interface.
To return to global configuration mode, use the exit command at the interface configuration mode prompt.
Examples
The following example shows how to enter interface configuration mode:
Related Commands
(config) interface InlineGroup
(config-if) autosense
To enable autosense on an interface, use the autosense interface configuration command. To disable this function, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Cisco router Ethernet interfaces do not negotiate duplex settings. If the WAAS device is connected to a router directly with a crossover cable, the WAAS device interface must be manually set to match the router interface settings. Disable autosense before configuring an Ethernet interface. When autosense is on, manual configurations are overridden. You must reboot the WAAS device to start autosensing.
Examples
The following example shows how to disable autosense on Gigabit Ethernet port 1/0:
The following example shows how to reenable autosense on Gigabit Ethernet port 1/0:
Related Commands
(config-if) bandwidth
To configure the link speed on a network interface, use the bandwidth interface configuration command. To restore default values, use the no form of this command.
no bandwidth { 10 | 100 | 1000 }
Syntax Description
Sets the link speed to 1000 Mbps. This option is not available on all ports and is the same as autosense. |
Defaults
Command Modes
Device Modes
Usage Guidelines
To configure the link speed of a network interface on a WAAS device, use the bandwidth interface configuration command. The speed is specified in megabits per second (Mbps). The WAAS software automatically enables autosense if the speed is set to 1000 Mbps.
Note Changing the interface bandwidth, duplex mode, or MTU can cause network disruption for up to 10 seconds. The best practice is to make such changes when traffic interception is disabled or at an off-peak time when traffic disruption is acceptable.
You can configure the Gigabit Ethernet interface settings (autosense, link speed, and duplex settings) if the Gigabit over copper interface is up or down. If the interface is up, it applies the specific interface settings. If the interface is down, the specified settings are stored and then applied when the interface is brought up. For example, you can specify any of the following commands for a Gigabit over copper interface, which is currently down, and have these settings automatically applied when the interface is brought up.
WAE(config-if)#
bandwidth 10
WAE(config-if)#
bandwidth 100
WAE(config-if)#
bandwidth 1000
WAE(config-if)#
autosense
WAE(config-if)#
half-duplex
WAE(config-if)#
full-duplex
Note We strongly recommend that you do not use half duplex on the WAE, routers, switches, or other devices. Half duplex impedes the system ability to improve performance and should not be used. Check each Cisco WAE interface and the port configuration on the adjacent device (router, switch, firewall, WAE) to verify that full duplex is configured.
Examples
The following example shows how to set an interface bandwidth to 1000 Mbps:
The following example shows how to restore default bandwidth values on an interface:
Related Commands
(config-if) bridge-group
To configure the bridge group for a network interface, use the bridge-group interface configuration command. To restore default values, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Use this command to configure a network interface with a bridge group for use by a virtual blade or an AppNav Controller Interface Module that is intercepting traffic in inline mode.
Examples
The following example shows how to configure an interface with a bridge group for a virtual blade:
The following example shows how to configure interfaces with a bridge group for use in inline mode on an AppNav Controller Interface Module:
Related Commands
(config-if) cdp
To enable the Cisco Discovery Protocol (CDP) on a particular interface on a WAAS device, rather than on all interfaces, use the cdp interface configuration command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Using the cdp enable command in global configuration mode enables CDP globally on all the interfaces of the WAAS device. If you want to control CDP behavior per interface, then use the cdp enable command in interface configuration mode.
Note Enabling CDP at the interface level overrides the global control. However, you must enable CDP globally on the WAAS device before you enable CDP on an interface. Otherwise, the following message is displayed in the command output:
Examples
The following example shows how to enable CDP on Gigabit Ethernet interface (slot 1/port 0) of the WAAS device:
Related Commands
(config-if) channel-group
To configure the port-channel group for a network interface, use the channel-group interface configuration command. To restore default values, use the no form of this command.
Syntax Description
Assigns the interface to the port channel with the specified index 1–7. |
Defaults
Command Modes
Device Modes
Examples
The following example shows how to configure an interface with a channel group:
Related Commands
(config-if) description
To configure the description for a network interface, use the description interface configuration command. To remove the description, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Examples
The following example shows how to configure an interface with a description:
Related Commands
(config-if) encapsulation dot1Q
To set the VLAN ID that is to be assigned to traffic that leaves a WAE, use the encapsulation dot1Q interface configuration command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
The encapsulation dot1Q command is available only for the inlineGroup interface.
Note If the VLAN ID that you set with the encapsulation dot1Q interface command does not match the VLAN ID expected by the router subinterface, you may not be able to connect to the inline interface IP address.
The inline adapter or module supports only a single VLAN ID for each inline group interface. If you have configured a secondary address from a different subnet on an inline interface, you must have the same secondary address assigned on the router subinterface for the VLAN.
Examples
The following example shows how to set a VLAN ID to encapsulate traffic leaving the WAE:
Related Commands
(config-if) exit
To terminate interface configuration mode and return to the global configuration mode, use the exit command.
Syntax Description
Defaults
Command Modes
Device Modes
Examples
The following example shows how to terminate interface configuration mode and return to global configuration mode:
(config-if) failover timeout
To set the maximum time for the inline interface to transition traffic to another port after a failure event, use the failover timeout interface configuration command. To disable this function, use the no form of this command.
failover timeout { 1 | 3 | 5 }
no failover timeout { 1 | 3 | 5 }
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
This command applies only to interfaces on the Cisco WAE Inline Network Adapter card. To set the failover timeout for all interfaces together on the Cisco Interface Module, use the (config) inline command.
The failover timeout command is used in inlineGroup interface scope. It sets the maximum time (in seconds) for the inline interface to transition to a fail-to-wire mode of operation after a failure event occurs (such as a power outage and kernel crash). For example, if the timeout is set to 3 seconds, traffic is dropped for a maximum of 3 seconds after the WAE loses power or suffers a kernel crash. After this time, all traffic received on either port of the group interface is sent out of the other port in the group. The default timeout is 1 second.
Examples
The following example shows how to set the failover time limit for the inline group 0 of the adapter that is installed in slot 1 to 5 seconds and then remove that setting:
Related Commands
(config-if) full-duplex
To configure an interface for full-duplex operation on a WAAS device, use the full-duplex interface configuration command. To disable this function, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Use this interface command to configure an interface for full duplex. Full duplex allows data to travel in both directions at the same time through an interface or a cable. Half duplex ensures that data travels only in one direction at any given time. Although full duplex is faster, the interfaces sometimes cannot operate effectively in this mode. If you encounter excessive collisions or network errors, configure the interface for half duplex rather than full duplex.
Note We strongly recommend that you do not use half duplex on the WAE, routers, switches, or other devices. Half duplex impedes the system ability to improve performance and should not be used. Check each Cisco WAE interface and the port configuration on the adjacent device (router, switch, firewall, WAE) to verify that full duplex is configured.
Note Changing the interface bandwidth, duplex mode, or MTU can cause network disruption for up to 10 seconds. The best practice is to make such changes when traffic interception is disabled or at an off-peak time when traffic disruption is acceptable.
Examples
The following example shows how to configure full duplex on a Gigabit Ethernet interface in slot 1/port 0:
The following example shows how to disable full duplex:
Related Commands
(config-if) half-duplex
To configure an interface for half-duplex operation on a WAAS device, use the half-duplex interface configuration command. To disable this function, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Use this interface configuration command to configure an interface for half duplex. Full duplex allows data to travel in both directions at the same time through an interface or a cable. Half duplex ensures that data travels only in one direction at any given time. Although full duplex is faster, the interfaces sometimes cannot operate effectively in this mode. If you encounter excessive collisions or network errors, configure the interface for half duplex rather than full duplex.
Note We strongly recommend that you do not use half duplex on the WAE, routers, switches, or other devices. Half duplex impedes the system ability to improve performance and should not be used. Check each Cisco WAE interface and the port configuration on the adjacent device (router, switch, firewall, WAE) to verify that full duplex is configured.
Note Changing the interface bandwidth, duplex mode, or MTU can cause network disruption for up to 10 seconds. The best practice is to make such changes when traffic interception is disabled or at an off-peak time when traffic disruption is acceptable.
Examples
The following example shows how to configure half duplex on the Gigabit Ethernet interface in slot 1/port 0:
The following example shows how to disable half duplex:
Related Commands
(config-if) inline
To enable inline interception for an inlineGroup interface, use the inline interface configuration command. To disable inline interception, use the no form of this command.
inline [ vlan { all | native | vlan_list }]
no inline [vlan { all | native | vlan_list }]
Syntax Description
List of VLAN IDs to either allow or restrict on this interface. A comma (,) is used to separate list entries. A hyphen (-) is used to specify a range of VLAN IDs. The valid range is 0 to 4095. |
Defaults
The default is enabled for all VLANs if you have a WAE inline network adapter installed.
Command Modes
Device Modes
Usage Guidelines
The inline command is used in the inlineGroup interface scope. It enables or disables inline interception. If the VLAN list is omitted, the command applies to all VLAN tagged or untagged packets.You can restrict the inline feature to any specified set of VLANs.
The VLAN list can be “all,” a comma-separated list of VLAN IDs, or ranges of VLAN IDs. The special VLAN ID “native” can be included to specify untagged packets.
Note When inline inspection is active, you cannot configure WCCP until you explicitly disable the inline capability on all VLANs. Conversely, you cannot enable inline interception on any inline groups until you disable WCCP.
Examples
The following example shows how to enable inline interception for all untagged and tagged packets with any VLAN ID received on ports in inlineGroup 0 of the adapter that is installed in slot 1:
The following example shows how to disable inline interception on the same ports for 802.1Q-encapsulated packets that have the VLAN ID 5 or any VLAN ID between 10 and 15, inclusive. If the two VLANs are combined in the given order, inline interception is performed for all packets received on ports in group 0 of slot 1, except those packets on VLANs 5, 10, 11, 12, 13, 14, and 15.
The following example shows how to enable inline interception for all untagged traffic and traffic only on VLANs 0 through 100 on the ports in group 1 in slot 2:
The following example shows how to enable inline interception for traffic only on VLAN 395 on the ports in group 1 in slot 2. Because the default behavior is to enable traffic on all VLANs, you must first disable all VLANs, and then enable just the set that you want.
Related Commands
(config-if) ip
To configure the IP address or subnet mask, or to negotiate an IP address from DHCP on the interface of the WAAS device, use the ip interface configuration command. To disable this function, use the no form of this command.
ip address { ip-address ip-subnet [ secondary ] | dhcp [ client-id id ][ hostname name ]}
no ip address { ip-address ip-subnet [ secondary ] | dhcp [ client-id id ][ hostname name ]}
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Use this command to set or change the IP address, subnet mask, or DHCP IP address negotiation of the network interfaces of the WAAS device or inline module. The change in the IP address takes place immediately.
The ip address interface configuration command allows configuration of secondary IP addresses for a specified interface as follows:
Up to four secondary IP addresses can be specified for each interface. The same IP address cannot be assigned to more than one interface. The secondary IP address becomes active only after a primary IP address is configured. The following command configures the primary IP address:
The secondary IP addresses are disabled when the interface is shut down and are enabled when the interface is brought up.
Use the no form of the command to disable a specific IP address:
Note No two interfaces can have IP addresses in the same subnet.
Use the ip-address dhcp command to negotiate a reusable IP address from DHCP.
Examples
The following example shows how to configure the port-channel interface with an IP address of 10.10.10.10 and a netmask of 255.0.0.0:
The following example shows how to delete the IP address configured on the interface:
The following example shows how to enable an interface for DHCP:
The following example shows how to configure a client identifier and hostname on the WAAS device to be sent to the DHCP server:
Related Commands
(config-if) ip access-group
To control connections on a specific interface of a WAAS device by applying a predefined access list, use the ip access-group interface configuration command. To disable an access list, use the no form of this command.
ip access-group { acl-name | acl-num } { in | out }
no ip access-group { acl-name | acl-num } { in | out }
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Use the ip access-group interface configuration command to activate an access list on a particular interface. You can use one outbound access list and one inbound access list on each interface.
Before entering the ip access-group command, enter interface configuration mode for the interface to which you want to apply the access list. Define the access list to apply using the ip access-list command.
Examples
The following example shows how to apply the access list named acl-out to outbound traffic on the interface Gigabit Ethernet 1/2:
Related Commands
(config-if) load-interval
To configure the interval at which to poll the network interface for statistics, use the load-interval interface configuration command. To remove the configuration, use the no form of this command.
Syntax Description
Sets the interval at which to poll the interface for statistics and calculate throughput. Ranges from 30 to 600 seconds. The default is 30 seconds. |
Defaults
Command Modes
Device Modes
Examples
The following example shows how to configure the load interval for an interface:
Related Commands
(config-if) mtu
To set the interface Maximum Transmission Unit (MTU) packet size, use the mtu interface configuration command. To reset the MTU packet size, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
The MTU is the largest size of IP datagram that can be transferred using a specific data link connection. Use the mtu command to set the maximum packet size in bytes.
The MTU field is not editable if the interface is assigned to a standby or port channel group.
Note Changing the interface bandwidth, duplex mode, or MTU can cause network disruption for up to 10 seconds. The best practice is to make such changes when traffic interception is disabled or at an off-peak time when traffic disruption is acceptable.
Examples
The following example shows how to set the MTU to 1500 bytes and then remove that setting:
Related Commands
(config-if) shutdown
To shut down a specific hardware interface on a WAAS device, use the shutdown interface configuration command. To restore an interface to operation, use the no form of this command.
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
See the “(config) interface GigabitEthernet” command for alternative syntax.
Examples
The following example shows how to shut down a Gigabit Ethernet interface on the WAAS device:
Related Commands
(config-if) standby
To configure an interface on a WAAS device to be a backup for another interface, use the standby interface configuration command. To restore the default configuration of the interface, use the no form of this command.
standby group-index [ primary ] { description text | ip ip-address netmask | shutdown | bridge-group bridge-id }
no standby group-index [ primary ] { description text | ip ip-address netmask | shutdown | bridge-group bridge-id }
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
You can associate an interface with a standby group by using the standby interface configuration command. To make an interface the active interface in a standby group, use the standby group-index primary interface configuration command. If you have already associated an interface with a standby group but have not made it the primary interface, you cannot specify the command again to add the primary designation. First, remove the interface from the standby group by using the no standby group-index command and then reassign it, specifying the primary option at the same time.
A physical interface can be a member of a standby group or a port channel, but not both.
Examples
The following example shows how to create a standby group:
WAE#
configure
WAE(config)#
interface standby 1
WAE(config-if)#
The following example shows how to assign a group IP address of 10.10.10.10 and a netmask of 255.0.0.0 to Standby Group 1. You can configure a group IP address regardless of whether the standby group is shut down or not.
WAE(config-if)#
ip address 10.10.10.10 255.0.0.0
The following example shows how to add two Gigabit Ethernet interfaces to Standby Group 1 and then assign one of these member interfaces as the active interface in the group:
a. A Gigabit Ethernet interface (slot 1/port 0) is added to Standby Group 1.
WAE(config)#
interface gigabitEthernet 1/0
WAE(config-if)#
standby 1
b. A second Gigabit Ethernet interface (slot 2/port 0) is added to Standby Group 1 and assigned as the primary (active) interface.
WAE(config)#
interface gigabitEthernet 2/0
WAE(config-if)#
standby 1 primary
WAE(config-if)#
exit
WAE(config)#
The following example shows how to remove the GigabitEthernet slot 1/port 0 interface from Standby Group 1 using the no form of the standby command:
WAE(config)#
interface gigabitEthernet 1/0
WAE(config-if)#
no standby 1
WAE(config-if)#
exit
WAE(config)#
The following example shows how to shut down Standby Group 1. When a standby group is shut down, all of the alarms previously raised by this standby group are cleared:
WAE(config)#
interface standby 1
WAE(config-if)#
exit
WAE(config)#
exit
The following example shows how to tear down Standby Group 1:
WAE(config)#
interface standby 1
WAE(config-if)#
no ip address 10.10.10.10 255.0.0.0
Please remove member interface(s) from this standby group first.
WAE(config)#
interface GigabitEthernet 2/0
WAE(config-if)#
no standby 1
WAE(config-if)#
exit
WAE(config)#
interface standby 1
WAE(config-if)#
no ip address 10.10.10.10 255.0.0.0
WAE(config-if)#
exit
WAE(config)#
no interface standby 1
WAE(config)#
exit