Content Switching Module with SSL Commands
This chapter contains an alphabetical listing of the commands necessary to configure the CSM-S. These commands are unique to server load-balancing (SLB) and Layer 3 switching.
configure a static ARP entry:
When you enter the CAPP UDP submode, the following commands are available:
•default—Sets a command to its default.
•exit—Saves changes and exits from the subcommand mode; see the "agent (DFP submode)" command section.
•no—Negates a command or sets the specified command to its defaults.
•options—Sets optional parameters for a specified IP address. see the "options (CAPP UDP submode)" command section.
•port—Configures the CAPP port. Range is from 1 to 65535. Default is 5002, see the "port (CAPP UDP submode)" command section.
•secure—Enables encryption, see the "secure (CAPP UDP submode)" command section.
clear module csm
Usage Guidelines
When a connection is closed, a reset (RST) is sent to both the client and the server. Counters reset all the CSM statistics information, except for the show mod csm X tech-support counters, which are reset any time that you run the show command. The linecard-configuration command forces a soft-reset of the CSM, which erases all existing connections and run-time information. The CSM then reloads its configuration from Cisco IOS. This process takes about 3 seconds.
The ft active command is used to force the active CSM to the failover state. Fault tolerance preempt must not be enabled.
dfp
To enter the Dynamic Feedback Protocol (DFP) submode, and then configure DFP, use the dfp command. To remove the DFP configuration, use the no form of this command.
dfp [password password [timeout]]
no dfp [password password]
Syntax Description
Defaults
Timeout value is 180 seconds.
Command Modes
Module CSM configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Usage Guidelines
The timeout option allows you to change the password without stopping messages between the DFP agent and its manager.
During a timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After a timeout expires, the agent sends and receives packets with only the new password; received packets that use the old password are discarded.
If you are changing the password for an entire load-balanced environment, set a longer timeout. The extended timeout allows enough time for you to update the password on all agents and servers before the timeout expires. The embedded timeout also prevents mismatches between agents and servers that have the new password and agents and servers that have the old password.
Examples
This example shows how to initiate DFP agent configuration mode, configure DFP, set the password to flounder, and configure a 60-second timeout:
Cat6k-2(config-module-csm)# dfp password flounder 60
Cat6k-2(config-slb-dfp)#
Related Commands
agent (DFP submode)
To configure the DFP agent to which the CSM is going to communicate, use the agent command in the SLB DFP submode. To remove the agent configuration, use the no form of this command.
agent ip-address port [keepalive-timeout [retry-count [retry-interval]]]
no agent ip-address port
Syntax Description
Defaults
Keepalive timeout is 0 (no keepalive message).
Retry count is 0 seconds (0 seconds allows infinite retries).
Retry interval is 180 seconds.
Command Modes
SLB DFP configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Examples
This example shows how to initiate the DFP agent, configure a 350-second timeout, and configure the number of retries to 270:
Cat6k-2(config-slb-dfp)# agent 111.101.90.10 2 350 270
Related Commands
dfp
manager (DFP submode)
show module csm dfp
manager (DFP submode)
To set the port where an external DFP can connect to the CSM, use the manager command in SLB DFP submode. To remove the manager configuration, use the no form of this command.
manager port
no manager
Syntax Description
port |
Port number. |
Defaults
This command has no default settings.
Command Modes
SLB DFP configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Usage Guidelines
This command enables the CSM to listen to DFP connections from an external DFP manager.
Examples
This example shows how to set the DFP manager port:
Cat6k-2(config-slb-dfp)# manager 4
Related Commands
agent (DFP submode)
dfp
show module csm dfp
exit
To log out of the system or to leave a subcommand mode, use the exit command.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Command mode
Usage Guidelines
To leave a subcommand mode, use the exit command. The exit command saves any changes before leaving the submode.
Examples
This example shows how to log out of the CSM:
Cat6k-2(config-module-csm)# exit
Cat6k-2(config)#
ft group
To enter the fault tolerant submode, and then configure fault tolerance on the CSM, use the ft group command. To remove the fault-tolerant configuration, use the no form of this command.
ft group group-id vlan vlan number
no ft group
Syntax Description
Defaults
This command has no default settings.
Command Modes
Module CSM configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Usage Guidelines
A fault-tolerant group is comprised of two Catalyst 6500 series switches each containing a CSM configured for fault-tolerant operation. Each fault-tolerant group appears to network devices as a single device. A network may have more than one fault-tolerant group.
When you enter the fault tolerance group submode, the following commands are available:
•default—Sets a command to its default.
•exit—Saves changes and exits from the subcommand mode; see the "agent (DFP submode)" command section.
•failover—Saves changes and exits from the subcommand mode; see the "failover (fault tolerant submode)" command section.
•heartbeat-time—Saves changes and exits from the subcommand mode; see the "heartbeat-time (fault tolerant submode)" command section.
•no—Negates a command or sets the specified command to its defaults.
•preempt—Sets optional parameters for a specified IP address. See the "preempt (fault tolerant submode)" command section.
•priority—Configures the CAPP port. Range is from 1 to 65535; default is 5002. See the "priority (fault tolerant submode)" command section.
Examples
This example shows how to configure a fault-tolerant group named 123 on VLAN 5 and set the failover time to 3 seconds:
Cat6k-2(config-module-csm)# ft group 123 vlan 5
Cat6k-2(config-slb-ft)# failover 3
Related Commands
failover (fault tolerant submode)
heartbeat-time (fault tolerant submode)
preempt (fault tolerant submode)
priority (fault tolerant submode)
show module csm ft
failover (fault tolerant submode)
To set the time for a standby CSM to wait before becoming an active CSM, use the failover command in the SLB fault-tolerant configuration submode. To remove the failover configuration, use the no form of this command.
failover failover-time
no failover
Syntax Description
failover-time |
Amount of time the CSM must wait after the last heartbeat message is received before assuming the other CSM is not operating; the range is from 1 to 65535. |
Defaults
Failover time is 3 seconds.
Command Modes
SLB fault-tolerant configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Examples
This example shows how to set a failover period of 6 seconds:
Cat6k-2(config-slb-ft)# failover 6
Related Commands
heartbeat-time (fault tolerant submode)
To set the time interval between heartbeat messages that are transmitted by the CSM, use the heartbeat-time command in the SLB fault-tolerant configuration submode. To restore the default heartbeat interval, use the no form of this command.
heartbeat-time heartbeat-time
no heartbeat-time
Syntax Description
heartbeat-time |
Time interval between heartbeat transmissions in seconds; the range is from 1 to 65535. |
Defaults
Heartbeat-time is 1 second.
Command Modes
SLB fault-tolerant configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Examples
This example shows how to set the heartbeat time to 2 seconds:
Cat6k-2(config-slb-ft)# heartbeat-time 2
Related Commands
preempt (fault tolerant submode)
To allow a higher priority CSM to take control of a fault-tolerant group when it comes online, use the preempt command in the SLB fault-tolerant configuration submode. To restore the preempt default value, use the no form of this command.
preempt
no preempt
Syntax Description
This command has no arguments or keywords.
Defaults
The default value is that preempt is disabled.
Command Modes
Privileged
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Usage Guidelines
When you enable preempt, the higher priority CSM preempts the other CSM in the fault-tolerant group when the higher priority CSM comes online. When you enable no preempt, the current primary CSM remains the primary CSM when the next CSM comes online.
Note You must set both members of the fault-tolerant CSM pair to preempt for this feature to work.
Examples
This example shows how to set the fault-tolerance mode to preempt:
Cat6k-2(config-slb-ft)# preempt
Related Commands
ft group
priority (fault tolerant submode)
show module csm ft
priority (fault tolerant submode)
To set the priority of the CSM, use the priority command in the SLB fault-tolerant configuration submode. To restore the priority default value, use the no form of this command.
priority value
no priority
Syntax Description
value |
Priority of a CSM; the range is from 1 to 254. |
Defaults
Value is 10.
Command Modes
SLB fault-tolerant configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Usage Guidelines
The CSM with the largest priority value is the primary CSM in the fault-tolerant pair when the modules are both operating.
Examples
This example shows how to set the priority value to 12:
Cat6k-2(config-slb-ft)# priority 12
Related Commands
ft group
preempt (fault tolerant submode)
show module csm ft
ip slb mode
To operate as a CSM load-balancing device instead of a Cisco IOS server load balancing (SLB) device, use the ip slb mode command to configure the switch. To remove the mode configuration, use the no form of this command.
ip slb mode {csm | rp}
no ip slb mode
Syntax Description
Defaults
Route processor mode
Command Modes
Global configuration
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM release 2.1(1) |
This command now enables module csm commands for the rp mode. |
CSM-S release 1.1(1) |
This command was introduced. |
Usage Guidelines
We recommend that you use the rp mode for all configurations. The rp mode allows you to configure both the switch and the CSM or other modules without changing modes.
Note You need to reboot the switch to change the mode.
This command allows you to change from the Cisco IOS SLB mode to the CSM load-balancing mode.
Note Specifying the no ip slb mode command is the same as specifying the rp mode.
Note In csm mode, all ip slb commands apply to a CSM module; Cisco IOS SLB is not available. In rp mode (the default), ip slb commands apply to Cisco IOS SLB. The module csm commands are available to configure multiple CSMs.
Examples
This example shows how to configure the CSM load-balancing mode:
Cat6k-2(config)# ip slb mode csm
Related Commands
module csm
show ip slb mode
map cookie
To create a cookie map, and then enter the cookie map configuration submode for specifying cookie match rules, use the map cookie command. To remove the cookie maps from the configuration, use the no form of this command.
map cookie-map-name cookie
no map cookie-map-name
Syntax Description
cookie-map-name |
Cookie map instance; the character string is limited to 15 characters. |
cookie |
Enters the cookie map submode. |
Defaults
This command has no default settings.
Command Modes
Module CSM configuration submode
Command History
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Examples
This example shows how to create a cookie map:
Cat6k-2(config-module-csm)# map upnready cookie
Related Commands
cookie-map (policy submode)
match protocol http cookie (cookie map submode)
show module csm map