About the WAAS
The Cisco WAAS software command-line interface (CLI) is used in combination with the WAAS Manager GUI to configure, monitor, and maintain a WAAS device. The CLI on a WAAS device can be accessed directly through the console port of an attached PC or remotely through a Telnet session on a PC running terminal emulation software.
Note The WAAS software runs on a variety of WAE and WAVE appliances, WAE-NME and SM-SRE network modules, and as a virtual WAAS appliance (vWAAS).
Throughout this book, the term WAAS device refers collectively to a WAAS Central Manager and a WAE. The term WAE refers collectively to the supported platforms that are running the WAAS software unless otherwise noted.
Command Line Interface
The WAAS CLI allows you to configure, manage, and monitor WAAS devices on a per-device basis through a console connection or a terminal emulation program. The WAAS CLI also allows you to configure certain features that are only supported through the WAAS CLI (for example, configuring LDAP signing on a WAE).
The instructions and examples in this guide describe only those features that can be configured on an individual WAAS device using the WAAS CLI.
Graphical User Interface
In addition to the WAAS CLI, there are two WAAS graphical user interfaces (GUIs) that you access from your browser:
- The WAAS Central Manager GUI allows you to centrally configure, manage, and monitor a WAE or group of WAEs that are registered with the WAAS Central Manager. You also use this GUI to configure, manage, and monitor the WAAS Central Manager, which is the dedicated appliance on which the WAAS Central Manager GUI is running.
Note When you use the WAAS Central Manager GUI, you have the added capability of centrally configuring settings and policies for groups of WAEs (device groups). When you use the WAAS CLI, you can only configure settings and policies on a per-device basis.
The WAAS GUIs are the primary resources for configuration and monitoring WAEs. We strongly recommend that you use the WAAS Central Manager GUI instead of the WAAS CLI, whenever possible. For more information about how to use the WAAS GUIs to configure, manage, and monitor your WAAS devices, see the Cisco Wide Area Application Services Configuration Guide.
We recommend that you be familiar with the basic concepts and terminology used in internetworking, in your network topology, and in the protocols that the devices in your network can use. We also recommend that you have a working knowledge of the operating systems on which you are running your WAAS network, such as Microsoft Windows, Linux, or Solaris. This guide is not a tutorial.
Using Command Modes
The CLI for WAAS software is similar to the CLI for Cisco IOS software. Like Cisco IOS software, the WAAS CLI is organized into different command and configuration modes. Each mode provides access to a specific set of commands. This section describes the command modes provided by the WAAS software CLI and includes the following topics:
Organization of the WAAS CLI
The WAAS software CLI is organized into multiple command modes. Each command mode has its own set of commands that allow you to configure, maintain, and monitor a WAAS Wide Area Application Engine (WAE). The commands available to you at any given time depend on the mode you are in. You can enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.
The WAAS command modes include the following:
- EXEC mode—Sets, views, and tests system operations. This mode is divided into two access levels: user and privileged. To use the privileged access level, enter the enable command at the user access level prompt, and then enter the privileged EXEC password when you see the password prompt.
- Global configuration mode—Sets, views, and tests the configuration of WAAS software features for the entire device. To use this mode, enter the configure command from privileged EXEC mode.
- Interface configuration mode—Sets, views, and tests the configuration of a specific interface. To use this mode, enter the interface command from global configuration mode.
- Standard ACL configuration mode—Creates and modifies standard access lists on a WAAS device for controlling access to interfaces or applications. To use this mode, enter the ip access-list standard command from global configuration mode.
- Extended ACL configuration mode—Creates and modifies extended access lists on a WAAS device for controlling access to interfaces or applications. To use this mode, enter the ip access-list extended command.
- PKI certificate authority configuration mode—Configures public key infrastructure (PKI) encryption certificate authorities on a WAAS device. To use this mode, enter the crypto pki ca command.
- PKI global settings configuration mode—Configures OCSP and revocation checking on a WAAS device. To use this mode, enter the crypto pki global-settings command.
- SSL accelerated service configuration mode—Enables and configures secure socket layer (SSL) acceleration on your WAAS system. To use this mode, enter the crypto ssl service accelerated-service command.
- SSL cipher list configuration mode—Configures SSL encryption cipher lists on a WAAS device. To use this mode, enter the crypto ssl cipher-list command.
- SSL global service configuration mode—Enables and configures basic SSL acceleration settings on your WAAS system. To use this mode, enter the crypto ssl services global-settings command.
- SSL host peering service configuration mode—Configures SSL encryption peering services on a WAAS device. To use this mode, enter the crypto ssl services host-service peering command.
- SSL management service configuration mode—Configures SSL encryption management service parameters on a WAAS device. To use this mode, enter the crypto ssl management-service command.
- WCCP configuration mode—Configures WCCP service parameters on a WAAS device. To use this mode, enter the wccp tcp-promiscuous command.
- AppNav Controller Group configuration mode—Configures an AppNav Controller Group that is part of an AppNav Cluster. To use this mode, enter the service-insertion appnav-controller-group command.
- Service Node Group configuration mode—Configures a WAAS Node Group that is part of an AppNav Cluster. To use this mode, enter the service-insertion service-node-group command.
- Service Node configuration mode—Configures a WAAS Node that is part of an AppNav Cluster. To use this mode, enter the service-insertion service-node command.
- Service Context configuration mode—Configures a service context for an AppNav Cluster. To use this mode, enter the service-insertion service-context command.
- Class Map configuration mode—Configures an AppNav or optimization class map. To use this mode, enter the class-map command.
- Policy Map configuration mode—Configures an AppNav or optimization policy map. To use this mode, enter the policy-map command.
- Policy Class Map configuration mode—Configures a service policy in an AppNav or optimization policy map. To use this mode, enter the class command from Policy Map configuration mode.
Modes are accessed in this order: user EXEC mode, privileged EXEC mode, then global configuration mode. From global configuration mode, you can access the configuration submodes.
Using EXEC Mode
Use the EXEC mode to set, view, and test system operations. The user EXEC commands allow you to connect to remote devices, change terminal line settings on a temporary basis, perform basic tests, and list system information.
Most EXEC mode commands are one-time commands, such as show or more commands, which show the current configuration status, and clear commands, which clear counters or interfaces. EXEC mode commands are not saved across reboots of the WAE.
EXEC Mode Levels
The EXEC mode is divided into two access levels: user and privileged. The user EXEC mode is used by local and general system administrators, while the privileged EXEC mode is used by the root administrator. Use the enable and disable commands to switch between the two levels.
- User level—Access to the user-level EXEC command line requires a valid password. The user-level EXEC commands are a subset of the privileged-level EXEC commands. The user-level EXEC prompt is the hostname followed by a right angle bracket (>). You can change the hostname using the hostname global configuration command.
- Privileged level—The prompt for the privileged-level EXEC command line is the pound sign (#). To execute an EXEC command, enter the command at the EXEC system prompt and press the Return key. The following example shows how to access the privileged-level EXEC command line from the user level:
EXEC Mode Command-Line Processing
Common functions you can use when entering commands in EXEC mode include the following:
- Edit—To edit commands, use the Delete or Backspace keys when you enter commands at the EXEC prompt.
- Abbreviate—As a shortcut, you can abbreviate commands to the fewest letters that make them unique. For example, the letters sho can be entered for the show command.
- Display multiple pages—Certain EXEC commands display multiple screens with the following prompt at the bottom of the screen:
Press the Spacebar to continue the output, or press Return to display the next line. Press any other key to return to the prompt. Also, at the --More-- prompt, you can enter a ? to display the help message.
- Exit—To leave EXEC mode, use the exit command at the system prompt:
- Comment—Any command line that begins with an exclaimation point (!) is considered a comment and is ignored.
Using Global Configuration Mode
Use global configuration mode to set, view, and test the configuration of WAAS software features for the entire device. To enter this mode, enter the configure command from privileged EXEC mode. The prompt for global configuration mode consists of the hostname of the WAE followed by (config) and the pound sign (#). You must be in global configuration mode to enter global configuration commands.
Commands entered in global configuration mode update the running configuration file as soon as they are entered. These changes are not saved into the startup configuration file until you enter the copy running-config startup-config EXEC mode command. See the “Saving Configuration Changes” section. Once the configuration is saved, it is maintained across WAE reboots.
Configuration changes that you make in global configuration mode on a WAE are propagated to the Centralized Management System (CMS) database on the WAAS Central Manager. CLI changes are sent to the Central Manager after you exit out of configuration mode, or if all configuration mode sessions have been inactive for 10 minutes.
You must be in global configuration mode to enter specific subordinate configuration modes.
Configuration Submodes
Configuration submodes are used for the configuration of specific features within the scope of a given configuration mode. From global configuration mode, you can enter the following configuration submodes:
- Interface configuration mode
- Standard ACL configuration mode
- Extended ACL configuration mode
- PKI certificate authority configuration mode
- PKI global settings configuration mode
- SSL accelerated service configuration mode
- SSL cipher list configuration mode
- SSL global service configuration mode
- SSL host peering service configuration mode
- SSL management service configuration mode
- WCCP configuration mode
- AppNav Controller Group configuration mode
- Service Node Group configuration mode
- Service Node configuration mode
- Service Context configuration mode
- Class Map configuration mode
- Policy Map configuration mode
- Policy Class Map configuration mode
Exiting Configuration Mode
Common functions used in configuration modes include the following:
- Exit current mode—To exit global configuration mode or any subordinate configuration mode, use the exit command or Ctrl-Z.
- Exit to privileged EXEC mode—To exit to privileged EXEC mode from global configuration mode or any subordinate configuration mode, use the end global configuration command:
Using Interface Configuration Mode
Use interface configuration mode to set, view, and test the configuration of WAAS software features on a specific interface. To enter this mode, enter the interface command from the global configuration mode. The following example shows how to enter interface configuration mode:
GigabitEthernet Select a gigabit ethernet interface to configure
InlineGroup Select an inline group interface to configure
PortChannel Ethernet Channel of interfaces
WAE(config)# interface gigabitethernet ?
<1-2>/ GigabitEthernet slot/port
WAE(config)# interface gigabitethernet 1/0
To exit interface configuration mode, use the exit command to return to global configuration mode:
Using ACL Configuration Modes
Use the ACL configuration modes to create and modify standard and extended access list configuration on a WAAS device. From global configuration mode, you can enter the standard and extended ACL configuration modes.
- Standard—To work with a standard access list, use the ip access-list standard command from the global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
- Extended—To work with an extended access list, use the ip access-list extended command from the global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
To exit an ACL configuration mode, use the exit command to return to global configuration mode:
WAE(config-std-nacl)# exit
Using PKI Certificate Authority Configuration Mode
Use PKI certificate authority configuration mode to add and configure a certificate authority.
To enter this mode, use the crypto pki ca command from the global configuration mode.
To exit PKI certificate authority configuration mode, use the exit command to return to global configuration mode:
WAE(config)#
Using PKI Global Settings Configuration Mode
Use PKI global settings configuration mode to configure OCSP and revocation checking.
To enter this mode, use the crypto pki global-settings command from the global configuration mode.
To exit PKI global settings configuration mode, use the exit command to return to global configuration mode:
WAE(config-pki-global-settings)# exit
WAE(config)#
Using SSL Accelerated Service Configuration Mode
Use SSL accelerated service configuration mode to enable and configure SSL acceleration on your WAAS system, and define services to be accelerated on the SSL path.
To enter this mode, use the crypto ssl service accelerated-service command from the global configuration mode.
To exit SSL accelerated service configuration mode, use the exit command to return to global configuration mode:
WAE(config-ssl-accelerated)# exit
WAE(config)#
Using SSL Cipher List Configuration Mode
Use SSL cipher list configuration mode to configure secure socket layer (SSL) encryption cipher lists on a WAAS device.
To enter this mode, use the crypto ssl cipher-list command from the global configuration mode.
To exit SSL cipher list configuration mode, use the exit command to return to global configuration mode:
WAE(config-cipher-list)# exit
WAE(config)#
Using SSL Global Service Configuration Mode
Use SSL global service configuration mode to enable and configure basic SSL acceleration settings on your WAAS system.
To enter this mode, use the crypto ssl services global-settings command from the global configuration mode.
To exit SSL global service configuration mode, use the exit command to return to global configuration mode:
WAE(config-ssl-global)# exit
WAE(config)#
Using SSL Host Peering Service Configuration Mode
Use SSL host peering service configuration mode to configure secure socket layer (SSL) encryption peering services on a WAAS device. SSL peering service configuration parameters control secure communications established by the SSL accelerator between WAE devices while optimizing SSL connections.
To enter this mode, use the crypto ssl services host-service peering command from the global configuration mode.
To exit SSL host peering service configuration mode, use the exit command to return to global configuration mode:
WAE(config-ssl-peering)# exit
WAE(config)#
Using SSL Management Service Configuration Mode
Use SSL management service configuration mode to configure SSL parameters used for secure communications between the Central Manager and the WAE devices.
To enter this mode, use the crypto ssl management-service command from the global configuration mode.
To exit SSL management service configuration mode, use the exit command to return to global configuration mode:
WAE(config-ssl-mgmt)# exit
WAE(config)#
Using WCCP Configuration Mode
Use WCCP configuration mode to configure the WCCP version 2 TCP promiscuous mode service.
To enter this mode, use the wccp tcp-promiscuous command from the global configuration mode.
To exit WCCP configuration mode, use the exit command to return to global configuration mode:
WAE(config-wccp-service)# exit
Using AppNav Controller Group Configuration Mode
Use AppNav Controller Group configuration mode to configure an AppNav Controller Group that is part of an AppNav Cluster.
To enter this mode, use the service-insertion appnav-controller-group command from the global configuration mode.
To exit AppNav Controller Group configuration mode, use the exit command to return to global configuration mode:
Using Service Node Group Configuration Mode
Use Service Node Group configuration mode to configure a WAAS Node Group that is part of an AppNav Cluster.
To enter this mode, use the service-insertion service-node-group command from the global configuration mode.
To exit Service Node Group configuration mode, use the exit command to return to global configuration mode:
Using Service Node Configuration Mode
Use Service Node configuration mode to configure a WAAS Node that is part of an AppNav Cluster.
To enter this mode, use the service-insertion service-node command from the global configuration mode.
To exit Service Node configuration mode, use the exit command to return to global configuration mode:
Using Service Context Configuration Mode
Use Service Context configuration mode to configure a service context for an AppNav Cluster.
To enter this mode, use the service-insertion service-context command from the global configuration mode.
To exit Service Context configuration mode, use the exit command to return to global configuration mode:
Using Class Map Configuration Mode
Use Class Map configuration mode to configure an AppNav or optimization class map.
To enter this mode, use the class-map command from the global configuration mode.
To exit Class Map configuration mode, use the exit command to return to global configuration mode:
Using Policy Map Configuration Mode
Use Policy Map configuration mode to configure an AppNav or optimization policy map.
To enter this mode, use the policy-map command from the global configuration mode.
To exit Policy Map configuration mode, use the exit command to return to global configuration mode:
Using Policy Class Map Configuration Mode
Use Policy Class Map configuration mode to configure a service policy in an AppNav or optimization policy map.
To enter this mode, use the class command from the Policy Map configuration mode.
To exit Policy Class Map configuration mode, use the exit command to return to global configuration mode:
Command Modes Summary
Table 1-1 shows a summary of the WAAS command modes.
Table 1-1 WAAS Command Modes Summary
|
|
|
|
user EXEC |
Log in to WAE. |
|
To exit, use the end command. To enter privileged EXEC mode, use the enable command. |
privileged EXEC |
From user EXEC mode, use the enable EXEC command. |
|
To return to user EXEC mode, use the disable command. To enter global configuration mode, use the configure command. |
global configuration |
From privileged EXEC mode, use the configure command. |
|
To return to privileged EXEC mode, use the exit command or press Ctrl-Z. To enter a configuration submode, use the specific command related to the submode. |
interface configuration |
From global configuration mode, use the interface command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
standard ACL configuration |
From global configuration mode, use the ip access-list standard command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
extended ACL configuration |
From global configuration mode, use the ip access-list extended command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
PKI certificate authority configuration |
From global configuration mode, use the crypto pki ca command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
PKI global settings configuration |
From global configuration mode, use the crypto pki global-settings command. |
WAE(config-pki-global-settings)#
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
SSL accelerated service configuration |
From global configuration mode, use the crypto ssl service accelerated-service command. |
WAE(
config-ssl-accelerated)#
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
SSL cipher list configuration |
From global configuration mode, use the crypto ssl cipher-list command. |
WAE(
config-cipher-list)#
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
SSL global service configuration |
From global configuration mode, use the crypto ssl services global-settings command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
SSL host peering service configuration |
From global configuration mode, use the crypto ssl services host-service peering command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
SSL management service configuration |
From global configuration mode, use the crypto ssl management-service command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
WCCP configuration |
From global configuration mode, use the wccp tcp-promiscuous command. |
WAE(config-wccp-service)#
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
AppNav Controller Group configuration |
From global configuration mode, use the service-insertion appnav-controller-group command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
Service Node Group configuration |
From global configuration mode, use the service-insertion service-node-group command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
Service Node configuration |
From global configuration mode, use the service-insertion service-node command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
Service Context configuration |
From global configuration mode, use the service-insertion service-context command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
Class Map configuration |
From global configuration mode, use the class-map command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
Policy Map configuration |
From global configuration mode, use the policy-map command. |
|
To return to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command or press Ctrl-Z. |
Policy Class Map configuration |
From Policy Map configuration mode, use the class command. |
|
To return to Policy Map configuration mode, use the exit command. |
Device Mode
The WAAS software allows you to specify the device mode of a WAAS device. In a WAAS network, you must deploy a WAAS device in one of the following device modes:
- WAAS Central Manager mode—Mode that the WAAS Central Manager uses.
- WAAS application accelerator mode—Mode that a WAAS Accelerator (data center WAEs and branch WAEs that run the WAAS software) uses to optimize and accelerate traffic. (default)
- WAAS AppNav Controller mode—Mode for a WAAS device that is operating as an AppNav Controller (ANC) that is intercepting and distributing traffic to other WAAS devices operating in application accelerator mode.
The set of WAAS CLI commands that are available vary based on the device mode of the WAAS device.
Changing the Device Mode
To change the device mode of a WAAS device, use the device mode global configuration command as follows:
waas-cm(config)#
device mode ?
application-accelerator Configure device to function as a WAAS Engine.
central-manager Configure device to function as a WAAS Central Manager.
For example, after you use the WAAS CLI to specify the basic network parameters for the designated WAAS Central Manager (the WAAS device named waas-cm) and assign it as a primary interface, you can use the device mode configuration command to specify its device mode as central-manager.
waas-cm(config)#
primary-interface gigabitEthernet 1/0
waas-cm(config)#
device mode central-manager
Proceed with reload?[confirm]
y
Shutting down all services, will Reload requested by CLI@ttyS0.
To display the current mode that the WAAS device is operating in, enter the show device-mode current EXEC command:
WAE# show device-mode current
Current device mode: application-accelerator
Displaying the Configured Device Mode
You can display the configured device mode for a change that has not taken effect by using the show device-mode configured EXEC command.
For example, if you changed the device mode to central-manager on a WAAS device (using the device mode central-manager global configuration command), but did not save the running configuration (using the copy run start EXEC command) then, even though the new device mode has not taken effect, the output for the show device-mode configured command would indicate that the configured device mode is central-manager:
WAE# show device-mode configured
Configured device mode: central-manager
Checking Command Syntax
The caret symbol (^) indicates that you have entered an incorrect command, keyword, or argument at a specific point in the command string.
To set the clock, for example, you can use context-sensitive help to check the syntax for setting the clock.
%Invalid input detected at ‘^’ marker.
read-calendar Read the calendar and update system clock
set Set the time and date
update-calendar Update the calendar with system clock
The help output shows that the set keyword is required. You can then check the syntax for entering the time.
<0-23>: Current Time (hh:mm:ss)
Enter the current time in 24-hour format with hours, minutes, and seconds separated by colons.
The system indicates that you need to provide additional arguments to complete the command. Press the Up Arrow to automatically repeat the previous command entry, and then add a space and question mark (?) to display the additional arguments.
WAE# clock set 13:32:00 ?
january Month of the Year
Enter the day and month as prompted, and use the question mark for additional instructions.
WAE# clock set 13:32:00 23 December ?
Now you can complete the command entry by entering the year.
WAE# clock set 13:32:00 23 December 05
%Invalid input detected at '^' marker.
The caret symbol (^) and help response indicate an error with the 05 entry. To display the correct syntax, press Ctrl-P or the Up Arrow. You can also reenter the command string, and then enter a space character, a question mark, and press Enter.
WAE# clock set 13:32:00 23 December ?
WAE# clock set 13:32:00 23 December
Enter the year using the correct syntax, and press Return to execute the command.
WAE# clock set 13:32:00 23 December 2005
WARNING: Setting the clock may cause a temporary service interruption.
Do you want to proceed? [no] yes
Sat Dec 23 13:32:00 EST 2005