- Preface
- Using the WAAS Command-Line Interface
- Cisco WAAS Software Command Summary
- CLI Commands
- EXEC Mode Commands
- Global Configuration Mode Commands
- Interface Configuration Mode Commands
- Standard ACL Configuration Mode Commands
- Extended ACL Configuration Mode Commands
- PKI Certificate Authority Configuration Mode Commands
- PKI Global Settings Configuration Mode Commands
- SSL Accelerated Service Configuration Mode Commands
- SSL Cipher List Configuration Mode Commands
- SSL Global Service Configuration Mode Commands
- SSL Host Peering Service Configuration Mode Commands
- SSL Management Service Configuration Mode Commands
- WCCP Configuration Mode Commands
- Class Map Configuration Mode Commands
- Policy Map Configuration Mode Commands
- Policy Map Class Configuration Mode Commands
- Acronyms and Abbreviations
- Command Summary by Mode
- About the WAAS
- Using Command Modes
- Organization of the WAAS CLI
- Using EXEC Mode
- Using Global Configuration Mode
- Using Interface Configuration Mode
- Using ACL Configuration Modes
- Using PKI Certificate Authority Configuration Mode
- Using PKI Global Settings Configuration Mode
- Using SSL Accelerated Service Configuration Mode
- Using SSL Cipher List Configuration Mode
- Using SSL Global Service Configuration Mode
- Using SSL Host Peering Service Configuration Mode
- Using SSL Management Service Configuration Mode
- Using WCCP Configuration Mode
- Command Modes Summary
- Device Mode
Using the WAAS Command-Line Interface
This chapter describes how to use the WAAS CLI, including an explanation of CLI command modes, navigation and editing features, and help features.
About the WAAS
The Cisco WAAS software command-line interface (CLI) is used in combination with the WAAS Manager GUI to configure, monitor, and maintain a WAAS device. The CLI on a WAAS device can be accessed directly through the console port of an attached PC or remotely through a Telnet session on a PC running terminal emulation software.
Note The WAAS software runs on a variety of WAE and WAVE appliances, WAE-NME and SM-SRE network modules, and as a virtual WAAS appliance (vWAAS).
Throughout this book, the term WAAS device refers collectively to a WAAS Central Manager and a WAE. The term WAE refers collectively to the supported platforms that are running the WAAS software unless otherwise noted.
Command Line Interface
The WAAS CLI allows you to configure, manage, and monitor WAAS devices on a per-device basis through a console connection or a terminal emulation program. The WAAS CLI also allows you to configure certain features that are only supported through the WAAS CLI (for example, configuring LDAP signing on a WAE).
The instructions and examples in this guide describe only those features that can be configured on an individual WAAS device using the WAAS CLI.
Graphical User Interface
In addition to the WAAS CLI, there are two WAAS graphical user interfaces (GUIs) that you access from your browser:
- The WAAS Central Manager GUI allows you to centrally configure, manage, and monitor a WAE or group of WAEs that are registered with the WAAS Central Manager. You also use this GUI to configure, manage, and monitor the WAAS Central Manager, which is the dedicated appliance on which the WAAS Central Manager GUI is running.
Note When you use the WAAS Central Manager GUI, you have the added capability of centrally configuring settings and policies for groups of WAEs (device groups). When you use the WAAS CLI, you can only configure settings and policies on a per-device basis.
The WAAS GUIs are the primary resources for configuration and monitoring WAEs. We strongly recommend that you use the WAAS Central Manager GUI instead of the WAAS CLI, whenever possible. For more information about how to use the WAAS GUIs to configure, manage, and monitor your WAAS devices, see the Cisco Wide Area Application Services Configuration Guide.
We recommend that you be familiar with the basic concepts and terminology used in internetworking, in your network topology, and in the protocols that the devices in your network can use. We also recommend that you have a working knowledge of the operating systems on which you are running your WAAS network, such as Microsoft Windows, Linux, or Solaris. This guide is not a tutorial.
Using Command Modes
The CLI for WAAS software is similar to the CLI for Cisco IOS software. Like Cisco IOS software, the WAAS CLI is organized into different command and configuration modes. Each mode provides access to a specific set of commands. This section describes the command modes provided by the WAAS software CLI and includes the following topics:
- Organization of the WAAS CLI
- Using EXEC Mode
- Using Global Configuration Mode
- Using Interface Configuration Mode
- Using ACL Configuration Modes
- Using PKI Certificate Authority Configuration Mode
- Using PKI Global Settings Configuration Mode
- Using SSL Accelerated Service Configuration Mode
- Using SSL Cipher List Configuration Mode
- Using SSL Global Service Configuration Mode
- Using SSL Host Peering Service Configuration Mode
- Using SSL Management Service Configuration Mode
- Using WCCP Configuration Mode
Organization of the WAAS CLI
The WAAS software CLI is organized into multiple command modes. Each command mode has its own set of commands that allow you to configure, maintain, and monitor a WAAS Wide Area Application Engine (WAE). The commands available to you at any given time depend on the mode you are in. You can enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.
The WAAS command modes include the following:
- EXEC mode—Sets, views, and tests system operations. This mode is divided into two access levels: user and privileged. To use the privileged access level, enter the enable command at the user access level prompt, and then enter the privileged EXEC password when you see the password prompt.
- Global configuration mode—Sets, views, and tests the configuration of WAAS software features for the entire device. To use this mode, enter the configure command from privileged EXEC mode.
- Interface configuration mode—Sets, views, and tests the configuration of a specific interface. To use this mode, enter the interface command from global configuration mode.
- Standard ACL configuration mode—Creates and modifies standard access lists on a WAAS device for controlling access to interfaces or applications. To use this mode, enter the ip access-list standard command from global configuration mode.
- Extended ACL configuration mode—Creates and modifies extended access lists on a WAAS device for controlling access to interfaces or applications. To use this mode, enter the ip access-list extended command.
- PKI certificate authority configuration mode—Configures public key infrastructure (PKI) encryption certificate authorities on a WAAS device. To use this mode, enter the crypto pki ca command.
- PKI global settings configuration mode—Configures OCSP and revocation checking on a WAAS device. To use this mode, enter the crypto pki global-settings command.
- SSL accelerated service configuration mode—Enables and configures secure socket layer (SSL) acceleration on your WAAS system. To use this mode, enter the crypto ssl service accelerated-service command.
- SSL cipher list configuration mode—Configures SSL encryption cipher lists on a WAAS device. To use this mode, enter the crypto ssl cipher-list command.
- SSL global service configuration mode—Enables and configures basic SSL acceleration settings on your WAAS system. To use this mode, enter the crypto ssl services global-settings command.
- SSL host peering service configuration mode—Configures SSL encryption peering services on a WAAS device. To use this mode, enter the crypto ssl services host-service peering command.
- SSL management service configuration mode—Configures SSL encryption management service parameters on a WAAS device. To use this mode, enter the crypto ssl management-service command.
- WCCP configuration mode—Configures WCCP service parameters on a WAAS device. To use this mode, enter the wccp tcp-promiscuous command
Modes are accessed in this order: user EXEC mode, privileged EXEC mode, then global configuration mode. From global configuration mode, you can access the configuration submodes.
Using EXEC Mode
Use the EXEC mode to set, view, and test system operations. The user EXEC commands allow you to connect to remote devices, change terminal line settings on a temporary basis, perform basic tests, and list system information.
Most EXEC mode commands are one-time commands, such as show or more commands, which show the current configuration status, and clear commands, which clear counters or interfaces. EXEC mode commands are not saved across reboots of the WAE.
EXEC Mode Levels
The EXEC mode is divided into two access levels: user and privileged. The user EXEC mode is used by local and general system administrators, while the privileged EXEC mode is used by the root administrator. Use the enable and disable commands to switch between the two levels.
- User level—Access to the user-level EXEC command line requires a valid password. The user-level EXEC commands are a subset of the privileged-level EXEC commands. The user-level EXEC prompt is the hostname followed by a right angle bracket (>). You can change the hostname using the hostname global configuration command.
- Privileged level—The prompt for the privileged-level EXEC command line is the pound sign (#). To execute an EXEC command, enter the command at the EXEC system prompt and press the Return key. The following example shows how to access the privileged-level EXEC command line from the user level:
EXEC Mode Command-Line Processing
Common functions you can use when entering commands in EXEC mode include the following:
- Edit—To edit commands, use the Delete or Backspace keys when you enter commands at the EXEC prompt.
- Abbreviate—As a shortcut, you can abbreviate commands to the fewest letters that make them unique. For example, the letters sho can be entered for the show command.
- Display multiple pages—Certain EXEC commands display multiple screens with the following prompt at the bottom of the screen:
Press the Spacebar to continue the output, or press Return to display the next line. Press any other key to return to the prompt. Also, at the --More-- prompt, you can enter a ? to display the help message.
Using Global Configuration Mode
Use global configuration mode to set, view, and test the configuration of WAAS software features for the entire device. To enter this mode, enter the configure command from privileged EXEC mode. The prompt for global configuration mode consists of the hostname of the WAE followed by (config) and the pound sign (#). You must be in global configuration mode to enter global configuration commands.
Commands entered in global configuration mode update the running configuration file as soon as they are entered. These changes are not saved into the startup configuration file until you enter the copy running-config startup-config EXEC mode command. See the “Saving Configuration Changes” section. Once the configuration is saved, it is maintained across WAE reboots.
Configuration changes that you make in global configuration mode on a WAE are propagated to the Centralized Management System (CMS) database on the WAAS Central Manager. CLI changes are sent to the Central Manager after you exit out of configuration mode, or if all configuration mode sessions have been inactive for 10 minutes.
You must be in global configuration mode to enter specific subordinate configuration modes.
Configuration Submodes
Configuration submodes are used for the configuration of specific features within the scope of a given configuration mode. From global configuration mode, you can enter the following configuration submodes:
- Interface configuration mode
- Standard ACL configuration mode
- Extended ACL configuration mode
- PKI certificate authority configuration mode
- PKI global settings configuration mode
- SSL accelerated service configuration mode
- SSL cipher list configuration mode
- SSL global service configuration mode
- SSL host peering service configuration mode
- SSL management service configuration mode
- WCCP configuration mode
Exiting Configuration Mode
Common functions used in configuration modes include the following:
- Exit current mode—To exit global configuration mode or any subordinate configuration mode, use the exit command or Ctrl-Z.
- Exit to privileged EXEC mode—To exit to privileged EXEC mode from global configuration mode or any subordinate configuration mode, use the end global configuration command:
Using Interface Configuration Mode
Use interface configuration mode to set, view, and test the configuration of WAAS software features on a specific interface. To enter this mode, enter the interface command from the global configuration mode. The following example shows how to enter interface configuration mode:
To exit interface configuration mode, use the exit command to return to global configuration mode:
Using ACL Configuration Modes
Use the ACL configuration modes to create and modify standard and extended access list configuration on a WAAS device. From global configuration mode, you can enter the standard and extended ACL configuration modes.
- Standard—To work with a standard access list, use the ip access-list standard command from the global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
- Extended—To work with an extended access list, use the ip access-list extended command from the global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
To exit an ACL configuration mode, use the exit command to return to global configuration mode:
Using PKI Certificate Authority Configuration Mode
Use PKI certificate authority configuration mode to add and configure a certificate authority.
To enter this mode, use the crypto pki ca command from the global configuration mode.
To exit PKI certificate authority configuration mode, use the exit command to return to global configuration mode:
Using PKI Global Settings Configuration Mode
Use PKI global settings configuration mode to configure OCSP and revocation checking.
To enter this mode, use the crypto pki global-settings command from the global configuration mode.
To exit PKI global settings configuration mode, use the exit command to return to global configuration mode:
Using SSL Accelerated Service Configuration Mode
Use SSL accelerated service configuration mode to enable and configure SSL acceleration on your WAAS system, and define services to be accelerated on the SSL path.
To enter this mode, use the crypto ssl service accelerated-service command from the global configuration mode.
To exit SSL accelerated service configuration mode, use the exit command to return to global configuration mode:
Using SSL Cipher List Configuration Mode
Use SSL cipher list configuration mode to configure secure socket layer (SSL) encryption cipher lists on a WAAS device.
To enter this mode, use the crypto ssl cipher-list command from the global configuration mode.
To exit SSL cipher list configuration mode, use the exit command to return to global configuration mode:
Using SSL Global Service Configuration Mode
Use SSL global service configuration mode to enable and configure basic SSL acceleration settings on your WAAS system.
To enter this mode, use the crypto ssl services global-settings command from the global configuration mode.
To exit SSL global service configuration mode, use the exit command to return to global configuration mode:
Using SSL Host Peering Service Configuration Mode
Use SSL host peering service configuration mode to configure secure socket layer (SSL) encryption peering services on a WAAS device. SSL peering service configuration parameters control secure communications established by the SSL accelerator between WAE devices while optimizing SSL connections.
To enter this mode, use the crypto ssl services host-service peering command from the global configuration mode.
To exit SSL host peering service configuration mode, use the exit command to return to global configuration mode:
Using SSL Management Service Configuration Mode
Use SSL management service configuration mode to configure SSL parameters used for secure communications between the Central Manager and the WAE devices.
To enter this mode, use the crypto ssl management-service command from the global configuration mode.
To exit SSL management service configuration mode, use the exit command to return to global configuration mode:
Using WCCP Configuration Mode
Use WCCP configuration mode to configure the WCCP version 2 TCP promiscuous mode service.
To enter this mode, use the wccp tcp-promiscuous command from the global configuration mode.
To exit WCCP configuration mode, use the exit command to return to global configuration mode:
Command Modes Summary
Table 1-1 shows a summary of the WAAS command modes.
Device Mode
The WAAS software allows you to specify the device mode of a WAAS device. In a WAAS network, you must deploy a WAAS device in one of the following device modes:
- WAAS Central Manager mode—Mode that the WAAS Central Manager uses.
- WAAS application accelerator mode—Mode that a WAAS Accelerator (data center WAEs and branch WAEs that run the WAAS software) uses to optimize and accelerate traffic. (default)
The set of WAAS CLI commands that are available vary based on the device mode of the WAAS device.
Changing the Device Mode
To change the device mode of a WAAS device, use the device mode global configuration command as follows:
waas-cm(config)#
device mode ?
application-accelerator Configure device to function as a WAAS Engine.
central-manager Configure device to function as a WAAS Central Manager.
For example, after you use the WAAS CLI to specify the basic network parameters for the designated WAAS Central Manager (the WAAS device named waas-cm) and assign it as a primary interface, you can use the device mode configuration command to specify its device mode as central-manager.
waas-cm#
configure
waas-cm(config)#
waas-cm(config)#
primary-interface gigabitEthernet 1/0
waas-cm(config)#
device mode central-manager
waas-cm(config)#
exit
waas-cm#
copy run start
waas-cm#
reload
Proceed with reload?[confirm]
y
Shutting down all services, will Reload requested by CLI@ttyS0.
Restarting system.
To display the current mode that the WAAS device is operating in, enter the show device-mode current EXEC command:
Displaying the Configured Device Mode
You can display the configured device mode for a change that has not taken effect by using the show device-mode configured EXEC command.
For example, if you changed the device mode to central-manager on a WAAS device (using the device mode central-manager global configuration command), but did not save the running configuration (using the copy run start EXEC command) then, even though the new device mode has not taken effect, the output for the show device-mode configured command would indicate that the configured device mode is central-manager:
Using Command-Line Processing
Cisco WAAS software commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to be different from any other currently available commands or parameters.
You can also scroll through the last 20 commands stored in the history buffer and enter or edit the command at the prompt. Table 1-2 lists and describes the function performed by the available WAAS command-line processing options.
|
|
---|---|
Ctrl-F or the Right Arrow key1 |
|
Transposes the character at the cursor with the character to the left of the cursor. |
|
Deletes from the cursor to the beginning of the command line. |
|
Erases a mistake when entering a command; you must re-enter the command after using this key. |
1.The arrow keys function only on ANSI-compatible terminals such as VT100s. |
Checking Command Syntax
The caret symbol (^) indicates that you have entered an incorrect command, keyword, or argument at a specific point in the command string.
To set the clock, for example, you can use context-sensitive help to check the syntax for setting the clock.
The help output shows that the set keyword is required. You can then check the syntax for entering the time.
Enter the current time in 24-hour format with hours, minutes, and seconds separated by colons.
The system indicates that you need to provide additional arguments to complete the command. Press the Up Arrow to automatically repeat the previous command entry, and then add a space and question mark (?) to display the additional arguments.
Enter the day and month as prompted, and use the question mark for additional instructions.
Now you can complete the command entry by entering the year.
The caret symbol (^) and help response indicate an error with the 05 entry. To display the correct syntax, press Ctrl-P or the Up Arrow. You can also reenter the command string, and then enter a space character, a question mark, and press Enter.
Enter the year using the correct syntax, and press Return to execute the command.
Using the no Form of Commands
Almost every configuration command has a no form. The no form of a command is generally used to disable a feature or function, but it can also be used to set the feature or function to its default values. Use the command without the no keyword to reenable a disabled feature or to enable a feature that is disabled by default.
Using System Help
You can obtain help when you enter commands by using the following methods:
- For a brief description of the context-sensitive help system, enter help.
- To list all commands for a command mode, enter a question mark (?) at the system prompt.
- To obtain a list of commands that start with a particular character set, enter an abbreviated command immediately followed by a question mark (?).
Saving Configuration Changes
To avoid losing new configurations, save them to NVRAM using the copy or write commands, as shown in the following example:
See the copy running-config startup-config and write commands for more information about running and saved configuration modes.
WAAS Directories on a WAE
This section describes how to navigate the WAAS directories on a WAE and provides directory descriptions useful for troubleshooting and monitoring the WAE.
Navigating WAAS Directories
The WAAS CLI provides several commands for navigating among directories and viewing their contents. These commands are entered from privileged EXEC mode. Table 1-3 lists and describes these commands.
The following example displays a detailed list of all the files for the WAE’s current directory:
------------- ------------------------- -----------
4096 Fri Feb 24 14:40:00 2006 <DIR> actona
4096 Tue Mar 28 14:42:44 2006 <DIR> core_dir
4096 Wed Apr 12 20:23:10 2006 <DIR> crash
4506 Tue Apr 11 13:52:45 2006 dbupgrade.log
4096 Tue Apr 4 22:50:11 2006 <DIR> downgrade
4096 Sun Apr 16 09:01:56 2006 <DIR> errorlog
4096 Wed Apr 12 20:23:41 2006 <DIR> logs
16384 Thu Feb 16 12:25:29 2006 <DIR> lost+found
4096 Wed Apr 12 03:26:02 2006 <DIR> sa
24576 Sun Apr 16 23:38:21 2006 <DIR> service_logs
4096 Thu Feb 16 12:26:09 2006 <DIR> spool
9945390 Sun Apr 16 23:38:20 2006 syslog.txt
10026298 Thu Apr 6 12:25:00 2006 syslog.txt.1
10013564 Thu Apr 6 12:25:00 2006 syslog.txt.2
10055850 Thu Apr 6 12:25:00 2006 syslog.txt.3
10049181 Thu Apr 6 12:25:00 2006 syslog.txt.4
4096 Thu Feb 16 12:29:30 2006 <DIR> var
508 Sat Feb 25 13:18:35 2006 wdd.sh.signed
The following example displays only the detailed information for the logs directory:
Directory Descriptions
Several top-level directories of the WAAS software contain information used internally by the software and are not useful to you. These directories include the core_dir, crash, downgrade, errorlog, lost+found, sa, service_logs, spool, and var directories.
Table 1-4 describes the directories that contain information that is useful for troubleshooting or monitoring.
Note The WAAS software uses the CONTENT file system for the data redundancy elimination (DRE) cache.
Managing WAAS Files Per Device
The WAAS CLI provides several commands for managing files and viewing their contents per device. These commands are entered from privileged EXEC mode. Table 1-5 describes the WAAS file management commands.
The following example shows how to save the currently running configuration to the startup configuration using the copy EXEC command:
The following example shows how to remove a file named sample from the directory named test using the delfile command:
The following example shows how to view the last lines of the Watchdog.log file: