Cisco Global Site Selector Administration Guide Software Version 2.0 March 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-10410-01 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED ORIMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0612R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Global Site Selector Administration Guide © 2007 Cisco Systems, Inc. All rights reserved. C O N T E N T S Preface xi Audience xi How to Use This Guide xii Related Documentation xiii Symbols and Conventions xv Obtaining Documentation, Obtaining Support, and Security Guidelines xvii CHAPTER 1 Managing GSS Devices from the GUI 1-1 Logging Into the Primary GSSM Graphical User Interface 1-2 Logging Into the GSS and Accessing the CNR GUI 1-4 Activating and Modifying GSS Devices 1-6 Activating GSS Devices from the Primary GSSM 1-6 Modifying GSS Device Name and Location 1-9 Deleting GSS Devices 1-10 Logically Removing a GSS or Standby GSSM from the Network 1-11 Configuring the Primary GSSM GUI 1-13 Printing and Exporting GSSM Data 1-14 Viewing Third-Party Software Versions 1-15 CHAPTER 2 Managing the GSS from the CLI 2-1 Logging in to the CLI and Enabling Privileged EXEC Mode 2-2 Understanding GSS Software Licenses 2-3 Acquiring and Installing License Files 2-3 Cisco Global Site Selector Administration Guide OL-10410-01 iii Contents Installing and Activating CNR 2-4 Accessing the CNR CLI 2-6 Invoking the Shell and Executing CNR Utilities 2-7 Using the startup-config and running-config Files 2-8 Changing the startup-config and running- config Files 2-8 Saving the startup-config and running-config Files 2-10 Loading the startup-config from an External File 2-11 Displaying the running-config File 2-11 Displaying the startup-config File 2-13 Managing GSS Files 2-14 Displaying the Contents of a File 2-14 Displaying Files in a Directory 2-16 Renaming GSS Files 2-17 Securely Copying Files 2-18 Deleting Files 2-19 Displaying Users 2-19 Specifying the GSS Inactivity Timeout 2-20 Configuring the Terminal Screen Line Length 2-20 Modifying the Attributes of the Security Certificate on the GSSM 2-21 Stopping the GSS Software 2-23 Shutting Down the GSS Software 2-23 Restarting the GSS Software 2-23 Performing a Cold Restart of a GSS Device 2-24 Disabling the GSS Software 2-24 Restoring GSS Factory-Default Settings 2-25 Replacing GSS Devices in Your GSS Network 2-26 Replacing the Primary GSSM in the Network 2-27 Converting the Standby GSSM to a Primary GSSM 2-27 Replacing the Primary GSSM with an Available GSS 2-31 Cisco Global Site Selector Administration Guide iv OL-10410-01 Contents Replacing the Standby GSSM in the Network 2-33 Replacing a GSS in the Network 2-35 Changing the GSSM Role in the GSS Network 2-36 Switching the Roles of the Primary and Standby GSSM Devices 2-37 Reversing the Roles of the Interim Primary and Standby GSSM Devices 2-39 Displaying GSS System Configuration Information 2-40 Displaying Software Version Information 2-41 Displaying License Information 2-42 Displaying Memory Information 2-43 Displaying Boot Configuration 2-44 Displaying GSS Processes 2-45 Displaying System Uptime 2-46 Displaying Disk Information 2-46 Displaying UDI Data 2-46 Displaying System Status 2-47 Displaying GSS Services 2-48 CHAPTER 3 Creating and Managing User Accounts 3-1 Creating and Managing GSS CLI User Accounts 3-1 Creating a GSS User Account 3-2 Modifying a GSS User Account 3-3 Deleting a GSS User Account 3-3 Creating and Managing Primary GSSM GUI User Accounts 3-4 Privilege Levels for Using the Primary GSSM GUI 3-5 Creating a GUI User Account 3-9 Modifying a GUI User Account 3-12 Removing a GUI User Account 3-12 Changing the User Account GUI Password 3-13 Creating and Modifying User Views for the Primary GSSM GUI 3-15 Custom User View Overview 3-15 Cisco Global Site Selector Administration Guide OL-10410-01 v Contents Creating a GUI User View 3-16 Modifying a GUI User View 3-24 Deleting a GUI User View 3-25 Modifying the Administrator Account Passwords 3-26 Resetting the Administrator CLI Account Password 3-26 Changing the Administrator CLI Password 3-27 Restoring or Changing the Administrator GUI Password 3-28 CHAPTER 4 Managing GSS User Accounts Through a TACACS+ Server 4-1 TACACS+ Overview 4-2 TACACS+ Configuration Quick Start 4-4 Configuring a TACACS+ Server for Use with the GSS 4-5 Configuring Authentication Settings on the TACACS+ Server 4-5 Configuring Authorization Settings on the TACACS+ Server 4-7 Configuring Primary GSSM GUI Privilege Level Authorization from the TACACS+ Server 4-12 Enabling Custom User GUI Views When Authenticating a User from the TACACS+ Server 4-16 Configuring Accounting Settings on the TACACS+ Server 4-17 Identifying the TACACS+ Server Host on the GSS 4-19 Disabling TACACS+ Server Keepalives on the GSS 4-22 Specifying the TACACS+ Server Timeout on the GSS 4-23 Specifying TACACS+ Authentication of the GSS 4-23 Specifying TACACS+ Authorization of the GSS 4-24 Specifying TACACS+ Accounting on the GSS 4-25 Showing TACACS+ Statistics on the GSS 4-26 Clearing TACACS+ Statistics on the GSS 4-28 Disabling TACACS+ on a GSS 4-28 Cisco Global Site Selector Administration Guide vi OL-10410-01 Contents CHAPTER 5 Configuring Access Lists and Filtering GSS Traffic 5-1 Filtering GSS Traffic Using Access Lists 5-1 Access List Overview 5-2 Creating an Access List 5-4 Associating an Access List with a GSS Interface 5-7 Disassociating an Access List from a GSS Interface 5-8 Adding Rules to an Access List 5-8 Removing Rules from an Access List 5-9 Segmenting GSS Traffic by Ethernet Interface 5-9 Displaying Access Lists 5-10 Deploying GSS Devices Behind Firewalls 5-12 GSS Firewall Deployment Overview 5-12 Configuring GSS Devices Behind a Firewall 5-15 CHAPTER 6 Configuring SNMP 6-1 Overview 6-1 Configuring SNMP on the GSS 6-2 Configuring SNMP Servers 6-4 Configuring SNMP Server Notifications 6-5 Configuring SNMP Server Trap Limits 6-6 Specifying Recipients for SNMP Notification Operations 6-7 Viewing SNMP Status 6-8 Viewing MIB Files on the GSS 6-9 CHAPTER 7 Backing Up, Restoring, and Downgrading the GSSM Database 7-1 Backing Up the Primary GSSM 7-2 Backup Overview 7-2 Performing a Full Primary GSSM Backup 7-3 Cisco Global Site Selector Administration Guide OL-10410-01 vii Contents Restoring a Primary GSSM Backup 7-4 Restore Overview 7-4 Restoring Your Primary GSSM from a Previous Backup 7-5 Downgrading Your GSS Devices 7-8 CHAPTER 8 Viewing Log Files 8-1 Understanding GSS Logging Levels 8-1 Configuring System Logging for a GSS 8-4 Specifying a Log File on the GSS Disk 8-5 Specifying a Host for a Log File Destination 8-6 Specifying a Syslog Facility 8-8 Viewing Device Logs from the CLI 8-9 Viewing the gss.log File from the CLI 8-10 Viewing System Message Logging 8-11 Viewing Subsystem Log Files from the CLI 8-11 Rotating Existing Log Files from the CLI 8-12 Viewing System Logs from the Primary GSSM GUI 8-13 Viewing System Logs from the Primary GSSM GUI 8-14 Purging System Log Messages from the GUI 8-15 Common System Log Messages 8-16 Viewing GSS System Logs Using CiscoWorks RME Syslog Analyzer 8-18 CHAPTER 9 Monitoring GSS Operation 9-1 Monitoring GSS and GSSM Status 9-2 Monitoring the GSS Device Online Status from the CLI 9-2 Monitoring the GSS Device System Status from the CLI 9-4 Monitoring the GSS Device Status from the Primary GSSM GUI 9-4 Monitoring GSSM Database Status 9-5 Monitoring the Database Status 9-5 Cisco Global Site Selector Administration Guide viii OL-10410-01 Contents Validating Database Records 9-6 Creating a Database Validation Report 9-6 Viewing the GSS Operating Configuration for Technical Support 9-8 APPENDIX A Upgrading the GSS Software A-1 Verifying the GSSM Role in the GSS Network A-2 Backing up and Archiving the Primary GSSM A-3 Obtaining the Software Upgrade A-3 Upgrading Your GSS Devices A-5 INDEX Cisco Global Site Selector Administration Guide OL-10410-01 ix Contents Cisco Global Site Selector Administration Guide x OL-10410-01
Description: