Professional Documents
Culture Documents
User Manual
Revision 4.0
Pub no. AOSUG_701_250511
This guide is delivered subject to the following conditions and restrictions:
This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely
for the purpose of assisting explicitly and properly authorized users of the Expand product series.
No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any
means, electronic, photographic or mechanical, without the express prior written permission of Expand Networks,
Inc.
The text and graphics are for the purpose of illustration and reference only. The specifications on which they are
based are subject to change without notice.
The software described in this guide is furnished under a license. The software may be used or copied only in
accordance with the terms of that agreement.
Information in this guide is subject to change without notice. Corporate and individual names and data used in
examples herein are fictitious unless otherwise noted.
Copyright© 2011 Expand Networks Inc. All rights reserved.AcceleratorOS™, Accelerator 9920/6800/6810/6920/
6950/6850/6930/6830/6840/4800/4810/4820/4920/4830/4930/3930/3830/1610/1800/1810/1820/1920™ and
ECT™ are trademarks of Expand Networks Inc.
Flex 2.5™ includes software developed by the University of California, Berkeley and its contributors. Copyright©
1990, The Regents of the University of California. All rights reserved.
Other company and brand product and service names are trademarks or registered trademarks of their
respective holders.
Contents
Understanding Acceleration................................................................ 51
Viewing Compression Statistics per Link.................................................... 53
Viewing Statistics per Link .......................................................................... 54
Discovering Traffic.............................................................................................. 57
Viewing Detected Applications ................................................................... 57
Viewing Detailed Traffic Discovery ............................................................. 57
Creating a New Application from Discovered Traffic .................................. 59
Viewing Monitored Applications.................................................................. 60
Discovering Layer-7 Applications ............................................................... 60
Viewing Statistics and Graphs for Specific Applications..................................... 62
Setting up Graphs ............................................................................... 63
Viewing Utilization Statistics per Application .............................................. 63
Viewing Throughput Statistics per Application............................................ 63
Viewing Acceleration Statistics per Application .......................................... 64
Viewing Compression Statistics per Application......................................... 64
Viewing Bandwidth Distribution Statistics per Application .......................... 65
Monitoring Applications .............................................................................. 65
Viewing Statistics for Applications .............................................................. 67
Viewing Summary Graphs.................................................................................. 68
Viewing Ethernet Statistics ................................................................................. 69
Configuring the Ethernet Statistics Display Fields ...................................... 69
Configuring NetFlow Support ............................................................................. 71
Identifying the Traffic .................................................................................. 72
Enabling NetFlow ....................................................................................... 72
Authentication............................................................................................. 117
Getting Started with WAFS................................................................................. 118
Overview..................................................................................................... 118
Enabling WAFS Configuration............................................................................ 119
Configuring the File Server/Domain Controller........................................... 119
Defining Shared Directories ................................................................ 119
Defining User Permissions.................................................................. 120
Defining Network Settings .......................................................................... 121
Enabling WAFS Operation Mode ............................................................... 124
Excluding Servers or Subnets from WAFS................................................. 126
Configuring the Data Center and Branch Office................................................. 127
Setting Up the File Bank Director ............................................................... 127
File Server Settings............................................................................. 128
Summary............................................................................................. 129
Confirmation and Application .............................................................. 130
Setting Up the File Bank............................................................................. 130
Overview ............................................................................................. 131
Domain Settings.................................................................................. 132
File Bank Director Settings ................................................................. 133
Summary............................................................................................. 134
Confirmation and Application .............................................................. 134
WAFS Management and Operation Modes ....................................................... 136
The WAFS Management Screen................................................................ 136
FileBank Director Categories...................................................................... 137
FileBank Director System ........................................................................... 137
File Services ............................................................................................... 137
FileBank Director Utilities ........................................................................... 138
FileBank Categories ................................................................................... 138
FileBank System ................................................................................. 138
FileBank Services ............................................................................... 139
Additional Services ............................................................................. 140
FileBank Utilities ................................................................................. 140
Managing the Data Center ................................................................................. 141
Starting the Data Center ............................................................................. 141
Managing File Services .............................................................................. 142
Defining FileBank Director Settings .................................................... 142
Managing System Users..................................................................... 144
Adding File Servers............................................................................. 145
4. 0
vi C o nt e nts
4. 0
viii C o nt e nts
4. 0
xii C o nt e nts
4. 0
xiv C o nt e nts
4. 0
xvi C o nt e nts
4. 0
Chapter 1: Introducing the Accelerator
which enable network managers to align network resources with business priorities.
Acceleration of application response times is achieved through next-generation
WAN compression, application-specific acceleration, Layer-7 QoS capabilities and
sophisticated monitoring and reporting.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in
combination with next-generation compression for improving application response
times.
Improves application response times by 100% to 400%, peaks of
1000%+
Extensible architecture based on application acceleration plug-ins for
additional application support
TCP acceleration enables TCP transfer speeds in excess of WAN
link speed, even under challenging latency and packet loss
4 C h ap t er 1: Introducing the Accelerator
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or
directly on the LAN.
The Accelerator can be located either On-Path, on page 8 or On-LAN, on page 9.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on
both sides of the IP network. The data from the LAN segment passes through the
Accelerator that performs traffic optimization, including compression and QoS,
before the data reaches the router. See the sample On-Path application in Figure
1.
On-LAN
On-LAN configuration places the Accelerator directly on the LAN as a host. The
Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The
accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path)
where the data is reconstructed before reaching its destination IP address.
Usually, one Accelerator is installed on the LAN segment. However, if resilience is
to be enhanced, you can install two or more Accelerators for redundancy purposes.
The most common configuration up to Version 6.1.2 involves creating two links (two
Accelerators), one of which is assigned a higher priority (metric - ranging from 11 to
10,000), so it will be used as the default link for the connection. If this link fails,
traffic switches to the other link. See Figure 2.
This chapter assumes that you have successfully installed and turned on the
Accelerator without any errors. If you have not been able to install or turn on the
Accelerator successfully, see Troubleshooting, on page 347 and Contacting TAC,
on page 423. The AcceleratorOS lets you set up the Accelerator either via the
LCD, in conjunction with the Accelerator’s Wizard, or via the Wizard alone, by
using the Accelerator’s default IP address (10.0.99.99). In addition, you can use
the CLI to perform complete setup.
This chapter contains the following topics:
Connecting and Configuring Multi-Port Accelerators, on page 14
Working with By-pass Mode, on page 16
Reviewing the Setup Checklist, on page 17
Performing Setup via the LCD, on page 19
Performing Setup via the WebUI, on page 21
Performing Setup via the Wizard, on page 22
Accelerator Main Menu, on page 29
Modifying the Basic Configuration, on page 30
About the AcceleratorOS License, on page 34
Logging On and Off the Accelerator, on page 41
Integrating the Accelerator into Your Network, on page 42
14 C h ap t er 2: Getting Started
CAUTION! When by-pass is enabled you will lose connectivity to the CLI/WebUI,
!
unless Out-of-Band management is used.
When asked if you want to Save the setup, select Yes or No and press Enter.
At this point, management can be performed via the Accelerator’s
Web UI, via the CLI, Telnet, SSH, or via ExpandView- Centralized
Management. To work with ExpandView, you will need to define the
ExpandView server IP address via the CLI.
For other LCD settings, see section Locking and Unlocking the Keypad, on page
344.
Note: To carry out any modifications and additions after initial configuration,
i
always use the Basic screen or the My Links screen and not the Wizard. The
Wizard resets other parameters to their default values when accessed.
Additional Topics are as follows:
Configuring Basic Accelerator Details, on page 23 for help with the My
Accelerator Screen
Setting Links via the Wizard, on page 24 for help with the My Links
Screen
Setting the Time, on page 26, for help with the Time screen
Modifying the Password, on page 27, for help with the password
screen
Reviewing Wizard Configuration, on page 28, for help with the
summary screen
Device Name Set a name for the Accelerator of up to 60 characters, without spaces and
special characters.
IP Address Enter the IP address of the Accelerator.
Subnet Mask Enter the Subnet Mask to identify this Accelerator’s local subnet.
Default Gateways Enter the network’s Default Gateway to which the Accelerator will forward
the traffic it intercepts. You can add more than one gateway, by typing the IP
address in the field and clicking Add. The maximum number of gateways
that you can add is 5.
Licensing The License Stratus is shown here. Enter the Accelerator’s serial number
(product ID). Select either Evaluation, License Key or License File, and
enter the license key or file number. For more information on Licensing, see
About the AcceleratorOS License, on page 34.
Advanced Settings Select a deployment Type (ON-Path or On-LAN). In the deployment size
field enter the approximate number of Accelerators to which the local
Accelerator will be connected(1-500). Setting an accurate network size
enables the Accelerator to better optimize traffic. In network topologies such
as Mesh and Hub, knowing the network size is important for the Accelerator
in order to know how to divide its system resources correctly among
connected Accelerators.
24 C h ap t er 2: Getting Started
Parameter Description
Destination IP Enter the IP Address of the remote device.
Name Set a name for the link that will let you identify it in the future. Up to 31
characters, no spaces, no special characters.
Bandwidth Set the speed of the link that connects the local Accelerator to the remote
Accelerator. This should be either the local WAN bandwidth or the remote
WAN bandwidth - whichever is lower. To accomplish asymmetrical
bandwidth settings, use either the advanced link parameters or the CLI.
Encapsulation Choose one of the following options, by clicking on the relevant radio
button:
IPComp:
IPComp encapsulation (tunneled encapsulation) compresses the entire
packet. This means that the IP header, the transport header and the
payload are compressed and the packet traversing the network will have an
IPComp header.
IPComp is the default setting, which enables the best compression rate.
Router Transparency (RTM):
In Router Transparency encapsulation, only the packets’ payload is
compressed, leaving the original IP header and the original TCP/UDP
header in their original forms so that their information is available across the
network.
Router Transparency encapsulation is appropriate in an environment where
header preservation is necessary, including QoS deployments, monitoring
(NetFlow), Load Balancing, Billing, encryption, MPLS networks and certain
firewall environments.
UDP:
UDP encapsulation allows for more compatibility with firewalls that use
encapsulated packets.
Note: When using router transparency mode, the payload of packets destined to
i
the router (SNMP requests, Telnet, and so on) will be compressed, making them
unreadable by the router. In this event, it is necessary to set up a decision policy
that does not tunnel specific applications, (like SNMP see Working with
Applications, on page 215), or excludes specific subnets or IP addresses from
being accelerated on the link (see Configuring Link Subnets, on page 90).
Note: Encapsulation settings can be asymmetric. This means that you can set
i
one Accelerator to Router Transparency while setting the other Accelerator to
IPComp in the opposite direction. This is useful for setting RTM mode when one
of the Accelerators is On-LAN and the other is On-Path. However, IPComp
encapsulation will not function if the IPComp protocol is blocked by a firewall.
Therefore, ensure that the IPComp protocol is not blocked before selecting either
IPComp or RTM encapsulation
26 C h ap t er 2: Getting Started
Note: Deleting the non-link is impossible, because this link name is a logical
i
entity that represents all un-specified traffic in the QoS and Monitoring engines
Click the Help button at any time to open the Accelerator’s online help.
This help is pop-up based so make sure your browser’s settings allow
pop-ups.
30 C h ap t er 2: Getting Started
Note: To carry out any modifications and additions after initial configuration,
i
always use the Basic screen or the My Links screen and not the Wizard. The
Wizard resets other parameters to their default values when accessed.
The parameters on this screen are identical to the parameters configurable via the
Setup Wizard’s Basic screen, with the exception of Routing Strategy settings (see
Setting Routing Strategy, on page 31). For more information see Performing Setup
via the Wizard, on page 22. In addition, the Basic screen lets you add a description
to identify the Accelerator.
The Basic screen includes specific details concerning the Accelerator device, as
follows:
Parameter Description
Platform Accelerator type
Product ID The product ID is the unique number identifying the Accelerator, and is used
when licensing the product
AcceleratorOS Version Software (AcceleratorOS) version running on the Accelerator
System Up-Time The last time the device was rebooted, and how much time has elapsed since.
Current Time Time set in the Accelerator
If you need help with the AcceleratorOS interface, see Accelerator Main Menu, on
page 29.
Device Name Set a name for the Accelerator of up to 60 characters, without spaces and
special characters.
Description Type a description that is relevant for your use. For example, 3F ACC
IP Address Type a valid IP address for this Accelerator.
Subnet Mask Type a Subnet Mask to identify this Accelerator’s local subnet.
Routing Strategy See Setting Routing Strategy, on page 31.
Default Gateways Enter the network’s Default Gateway to which the Accelerator will forward the
traffic it intercepts. You can add more than one gateway, by typing the IP
address in the field and clicking Add. The maximum number of gateways that
you can add is 5.
Advanced Settings See Defining Advanced Settings, on page 32
Note: For the Accelerator’s application optimization to work properly, you are
i
advised to set an accurate WAN bandwidth defining the physical link that the
Accelerator sits on. Either select the WAN Bandwidth from the pull-down menu
or select Other and enter a specific figure into the provided field along with its
correct unit (bps, Kbps, Mbps, Gbps).
If you are unsure of your WAN bandwidth setting, use the default setting of 100
Mbps.
Note: The grace period counts only days during which the Accelerator is powered
i
on.
Note: In the unlikely event of Accelerator failure, if you use a non hard drive-
i
based Accelerator, you can immediately replace the Accelerator in the field by
inserting the Compact Flash from an Accelerator with a permanent license into
another Accelerator. This will enable the second Accelerator to function with a an
evaluation license, allowing you time to register the new Accelerator.
36 C h ap t er 2: Getting Started
Dongle ID number in order to register the Dongle. This number is supplied to you
within the Confirmation Letter you received when you purchased the Virtual
Accelerator.
1. Go to www.expand.com. Click the My Expand Link. Customers are to go to the
Extranet site by clicking the Here to Login button on the right.
2. Enter your login information and click Log In. If you have not yet registered click
First Time Here to do so and then log in.
3. Click on the Accelerator Licensing tab.
4. Click the Add Product link.
5. In the popup window, enter the Site Name, and the Reseller. Enter the Dongle
ID Number. Re-enter the Dongle ID Number. Click the Submit button and a new
popup window opens.
6. Download the Licensing Deployment File (.lic) by clicking the underlined hyper-
link.
7. The individual Virtual Accelerator License Keys are also displayed. Download the
Excel spreadsheet and save it for your records.
8. Go to Configuring the Licensing Server via the Accelerator, on page 39, to
continue.
Note: In order to use the Virtual Accelerator, you will need to install the Licensing
i Server and Dongle. For additional information about the Licensing Server
Installation or Licensing Server Dongle, see the documentation included on the
Virtual Accelerator Accessories DVD.
40 C h ap t er 2: Getting Started
Installing in a Web-Intensive
Environment
If your network runs many Web-based applications, or a lot of Web browsing takes
place between branch offices to the central office’s Internet link, DNS Acceleration
may decrease some of the network congestion.
This chapter explains how to use and understand the Accelerator’s advanced
graphic reporting and statistics feature that enables monitoring of Accelerator
performance and throughput. For statistical data for the Collective Branch, see
Monitoring Collective Branch Statistics, on page 330.
This chapter includes the following sections:
Introduction to Monitoring, on page 46
Using Link Statistics and Graphs, on page 49
Discovering Traffic, on page 57
Viewing Statistics and Graphs for Specific Applications, on page 62
Viewing Summary Graphs, on page 68
Viewing Ethernet Statistics, on page 69
Configuring NetFlow Support, on page 71
46 C h ap t er 3: Monitoring the Network
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator
history log, so that if Windows closes or if an Accelerator reboots, you can easily
re-access the chart or graph via the Accelerator WebUI.
The graphs are automatically updated, according to a set frequency. The
Accelerator samples the data behind-the-scenes and stores it in a compact way,
which lets you view data up to the minute over a period of up to a year. This
sampled data represents the average over the selected period of time.
Expand recommends that you open a maximum of five charts per-Accelerator
simultaneously. The monitoring feature, available via the Monitor tab, lets you view
statistics and graphs for the following: From WAN, To LAN, To WAN, and From
LAN traffic, as described in the following figure:
Note: The Accelerator’s graphic reporting feature works with the Java-Applet
i
(JRE 1.4 and up, recommended to use the Java-Applet provided on the Expand
Networks<> Extranet). The PC used for viewing the graphs must support Java
runtime environments and a Java plug-in must be installed in order to view the
Accelerator’s graphs
Option Description
Direction The Accelerator’s monitoring feature lets you view statistics for inbound or outbound
traffic on the Accelerator.
Link The Accelerator’s monitoring feature lets you view statistics, for the following:
• A specific link
• All of the Accelerator’s links
• All compressible links
• The non-link
• All virtual links
View Last Scroll down in the View Last drop-down menu to select the period for which the
graph is displayed. The default period is 30 minutes.
Link Speed You can set the link speed in the fields above the graph to add a line to the
displayed graph, enabling you to see the limit of throughput that can actually
traverse the link.
By default, when Auto is selected in the link speed column, the link speed is set to
the bandwidth set for the link selected. When Total is selected in the Link column,
the default link speed (when Auto is selected in the Link speed column) is set to
either the total bandwidth set for all links or the sum of all WAN bandwidths; total is
the lower value of the two.
Peak Data Select the Show checkbox if you want to see the peak lines representing the
highest statistics achieved for the reported period. All graphs displayed give an
average of the performance for any given interval. Therefore, viewing Peaks is
necessary for understanding the Accelerator’s overall performance.
Click the Save button to save the generated graphs as a JPG or a PDF file. You are
then directed to browse to a location in which to save the file. The PDF file created
displays each graph in the selected Monitoring window and a brief description of
Save each.
Click the Export to CSV button to save the generated graphs as a CSV file. You will
be directed to browse to a location in which to save the file. The file created
generates a table with the following fields:
Name, Description, Period, Interval, Sample Time, In, Peak In, Effective In, Effective
Peak In, Inbound Acceleration, Inbound Peak Acceleration, Inbound Compression,
Inbound Peak Compression, Out, Peak Out, Effective Out, Effective Peak Out,
Export to CSV Outbound Acceleration, Outbound Peak Acceleration, Outbound Compression,
Outbound Peak Compression
For a description of these fields, see section Viewing Statistics for Applications, on
page 67.
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing
and compressing the traffic. This statistic does not take into account traffic that by-
passes the acceleration mechanism. Acceleration percentages are calculated as
follows:
InBytes – 14 X InPackets
------------------------------------------------ – 1 X 100
OutBytes – 14 X OutPackets
For example: in a simple scenario in which the packet size is 1000 bytes:
If InBytes = 300,000 and OutBytes = 100,000 then:
300000 – 14 X 300
--------------------------- – 1 X 100 = 208
100000 – 14 X 300
Figure 5:Calculating Acceleration Example
Packets
In Packets Number of input packets
Out Packets Number of outgoing packets
Errors
CRC Errors Number of CRC-errored packets received
Other Errors Unexpected errors received
56 C h ap t er 3: Monitoring the Network
Acceleration
In Acceleration Inbound Acceleration percentage
Out Acceleration Outbound Acceleration percentage
In Actual Acceleration Acceleration that considers all incoming throughput
Out Actual Acceleration Acceleration that considers all outgoing throughput
In Compression Inbound compression percentage
Out Compression Outbound compression percentage
Note: This will clear all of the statistics counters, so make sure you want to do
i this before proceeding.
Discovering Traffic
The Traffic menu lets you view applications running on the network. Traffic is
divided into the following categories: Detected traffic (all other applications
detected on the network - non-classified traffic that is not part of a predefined or
user-configured application type), Monitored traffic (all applications set to enable
“collect statistics”), and Layer-7 discovery (the application properties discovered on
the network).
This section contains the following topics:
Viewing Detected Applications, on page 57
Viewing Detailed Traffic Discovery, on page 57
Creating a New Application from Discovered Traffic, on page 59
Viewing Monitored Applications, on page 60
Discovering Layer-7 Applications, on page 60
Parameter Description
Application Select an application to view, or select Top 10 or From List.
Top 10 displays results for the ten applications that are most prevalent on your
network.
From List displays the ten applications selected in the Monitored Applications
window.
Direction The Accelerator’s monitoring feature lets you view data for From WAN, To LAN, To
WAN and From LAN traffic on the Accelerator.
Link The Accelerator’s monitoring feature lets you view data per link or for the total for
all of the Accelerator’s links.
View Last Scroll down in the View-last drop-down menu to select the period for which the
graph is displayed. The default period is 30 minutes.
Link Speed You can set the link speed in the fields above the graph to add a line to the
displayed graph, which lets you see the limit of throughput that can actually
traverse the link.
Peak Data Select the Peak Data checkbox if you want to see the peak lines representing the
best statistics achieved for the reported period. Because all graphs displayed give
an estimate of the performance for any given interval, viewing the peaks is
necessary for getting a full picture of the Accelerator’s overall performance.
Setting up Graphs
Only applications defined as “monitored” applications are displayed in the
application graphs. The Traffic Discovery menu lets you view all applications
traversing the network.
Monitoring Applications
This section explains how to use and understand the Accelerator’s advanced
graphic reporting and statistics feature that enables monitoring of accelerated
applications.
Applications are either predefined or user-defined. By default, 50 of the predefined
applications are considered Monitored applications (see Pre-Defined Applications,
on page 381), and all user-defined applications are Monitored by default. Monitored
applications are applications for which statistics are saved in the Accelerator to be
displayed in graphs and charts. You can monitor simultaneously up to 50
applications on each Accelerator, and up to 10 applications on each link.
Applications can be can be monitored on a per-link basis or globally on all links.
Outbound
Out Bytes Number of outgoing bytes
Raw Out Bytes Total outgoing bytes being accelerated using this link
Queued Out Bytes Number of outgoing bytes that are in the queue.
Out Packets Number of outgoing packets
Dropped Out Outgoing Packets that were dropped by QoS enforcements
Packets (queues, obsolete and so on.)
Discarded Out Outgoing Packets that were discarded by a rule with discard
Packets policy (discard all P2P).
Out Acceleration Outbound Acceleration percentage
Out Compression Outbound compression percentage
3. To clear the statistics counters, click the Clear Counters button.
68 C h ap t er 3: Monitoring the Network
The buttons near the Interface field let you clear either the counters of the
currently selected interface or all counters of all interfaces.
All statistic items, in both inbound and outbound directions, are displayed
according to:
Data—Lists type of statistic gathered
System Up—Data transferred over the selected link, which was
collected since the Accelerator was powered on. Data is listed in
KB, in percentages, or in number of packets.
Since Clear—Data transferred over the selected link, which was
collected since the Accelerator’s counters were last cleared. Data
is listed in KB, in percentages, or in number of packets.
Last 5 Seconds—Data transferred over the selected link, which was
collected over the last 5 seconds. Data is listed in Kbps or in
percentages.
Note: The NetFlow collector listening port is needed for establishing a connection
i
between the Accelerator and the collector. Ensure that this port is not blocked by
a firewall installed between the Accelerator and the collector.
72 C h ap t er 3: Monitoring the Network
i Note: For your convenience, an evaluation version of the NetFlow collector has
been provided for you on the Documentation CD.
Enabling NetFlow
To enable NetFlow:
1. Click on the Setup tab, followed by Advanced, followed by Netflow.
2. Use the relevant fields to enter the Collector IP address, port number and
interface. Alternatively, click the Set Default Values button to reset the Netflow
configuration values to factory values.
3. Use the Interface drop-down menu to select one of the detected Accelerator
interfaces. Additional ports are shown only for platforms which support multi-port.
If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words,
the UI shows only the amount of available ports, as indicated in the following
figure:
Point-to-Point The Accelerator’s default settings are designed with a basic point-to-
point network in mind. For point-to-point networks as well as for
branch offices connected to headquarters, the basic Wizard
configuration should suffice.
This is the default setting.
Mesh and Hub In a mesh or hub-and-spoke topology it is recommended for the
Accelerator to have a correct estimate of the size of the network and
the number of Accelerators connected. To adjust the size of the
deployment, see Defining Advanced Settings, on page 31.
If the Topology-Size is set to a number that is too large, the Accelerator will not
use all its resources, resulting in lower acceleration percentages than would be
possible if the Topology-Size were set accurately.
If the Topology-Size is set to a number that is too small, too many negotiation
messages will be sent between the Accelerator and the network. In addition, the
amount of time it takes for the Accelerator to reboot and to recover from a
disconnected link will be longer than necessary.
Note: The link type can either be Accelerator (either MACC to ACC or
i ACC to ACC) or Virtual. Both link types are depicted by different icons.
The acceleration and compression status’ states are explained in the
tables that follow.
The following sections detail the additional operations you can carry out via the
Links screen:
Adding Links, on page 82
Advanced Link Configurations, on page 84
Editing Links, on page 89
Creating Link Templates, on page 92
The CLI procedure for adding and editing links is the same as for creating the first
link. For more information, see Link Commands, on page 458.
Adding Links
Add links to the Accelerator via the Setup - My Links menu. Note that TCP port
1928 is needed for establishing a connection between Accelerators. Ensure that
this port is not blocked by a firewall that is installed between the Accelerators.
Note: When configuring a link, it is advised to set a link metric (in the Advanced
i
menu) for it, which is the actual metric for all the link’s subnets, with the exception
of excluded Subnets. If you do not set a link metric for the link, the system
automatically sets a default for the link, which is the current maximum metric +10,
starting from 11. Also note that changing the local link metrics or the metrics for
redistributed routes on the router, may cause clear traffic to exit the Accelerator
even if you are using IPSec enabled links with a Crypto mode configured as Strict.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab, and then the My Links menu.
The Links screen opens by default. See Figure 3.
Property Description
Source IP IP address of the sending device.
By default, the Accelerator’s primary IP is displayed. You can either
leave this choice or select another source IP address. The Source IP
field, lets you define a source IP for each new link you create, and also
changes the source link while the link is active. In addition, you may use
a virtual IP address for redundancy purposes. In this case the virtual IP
will be a link which, in the case of machine failure, will be redirected to
another machine, unlike a link whose source is a primary IP address.
The valid link source IPs are as follows:
• Primary IP
• Secondary IP
• VLAN IP
• HSRP IP
• VRRP IP
For more details see Using a Virtual IP Address, on page 93.
Name Set a name for the link to let you identify the link in the future. Up to 32
characters, no spaces.
Destination IP IP address of the remote device.
84 C h ap t er 4: Configuring Networking
Property Description
Bandwidth Set the link’s bandwidth, namely: the maximum throughput allowed to
traverse the link.
IPComp IPComp encapsulation enables the best compression rate. IPComp
encapsulation (tunnelled encapsulation) defines complete compression
of the packets intercepted by the Accelerator. This means that the IP
header, the TCP/UDP header and the payload are compressed and the
packet traversing the network will have an Accelerator-proprietary
IPComp header.
Router Transparency In Router Transparency encapsulation, only the packet’s payload is
(RTM) compressed, leaving the original IP header and the original TCP/UDP
header in their original forms so that their information is available across
the network.
Router Transparency encapsulation is appropriate in an environment
where header preservation is necessary, including QoS deployments,
monitoring (NetFlow), load balancing, billing, encryption, MPLS
networks and certain firewall environments.
RTM support for On-LAN deployments is available in AcceleratorOS
5.0(6) and higher.
UDP UDP encapsulation allows for more compatibility with firewalls that use
encapsulated packets.
Note: If you leave the Source IP field empty, the default value is the
i
machine’s primary IP address.
3. If you are finished, click the Add button.
3. Open the different sections by clicking on the + sign next to the section title. After
you have made changes, save the settings by clicking Submit and then click
Back to Links to return to the My Link screen. For Advanced Configuration
options using the CLI, see Additional Commands, on page 640. See the following
table for specific parameter information:
Section/Parameter
Description
Title
Use the Parameters section to edit parameters such as Link Name,
Parameters Destination IP, Source IP, Link Metric, Bandwidth Out and MTU
(Maximum Transmission Unit).
Link Name Supply a logical name for the link. This name is used in the Links Table.
Source IP Enter the IP address of the Accelerator that you are configuring or
another source.
Destination IP Enter the IP address of the destination Accelerator. This is the
Accelerator the source will establish a connection with.
Bandwidth Out Select an Outbound Bandwidth. Choose one from the scroll down menu,
or select Other and supply your own.
Bandwidth In Select an Inbound Bandwidth. Choose one from the scroll down menu, or
select Other and supply your own.
MSS This sets the Maximum Segment Size in bytes of a TCP packet that the
Accelerator will accept in a single, unfragmented piece, excluding the
TCP and IP headers. For maximum efficiency, the MTU should never be
more than the MSS + the headers. MSS can be configured on a per-link
basis or globally on all links.
You can either choose Auto (Link Specific) which lets the Accelerator
decide, or choose Other and enter your own value. By default the setting
is None.
MTU Maximum Transmission Unit. This is the largest packet size (in bytes)
that will be transmitted. Accepted values are 68-6000 bytes.
Metric The actual metric for all the link’s subnets, with the exception of excluded
Subnets. If you do not set a link metric for the link, the system
automatically sets a default for the link, which is the current maximum
metric +10, starting from 11. Also note that changing the local link
metrics or the metrics for redistributed routes on the router, may cause
clear traffic to exit the Accelerator even if you are using IPSec enabled
links with a Crypto mode configured as Strict.
WAN Assigns the link to work on a specific pre-defined WAN. To choose the
WAN, use the scroll down menu. To create a WAN, see Adding WANs,
on page 292.
Fragmentation Select this check box to use fragmentation on packets larger than the
amount of bytes that you enter into the field. Check the box and then put
the byte amount in the field, as long as it is within the accepted range
(68-6000).
Aggregation Select this box to aggregate packets smaller than the amount of bytes
you enter in the field. Check the box then put celibate amount in the field,
as long as it is within the accepted range (68-2500).
86 C h ap t er 4: Configuring Networking
Section/Parameter
Description
Title
Use the Acceleration section to define whether to accelerate the link
Acceleration and to use header compression
Accelerate Select the check box to accelerate the link, clear the check box to not
accelerate the link.
Header Compression Check the Header Compression checkbox to compress the header, clear
the checkbox to not compress it.
Use the Tunneling section to define parameters such as the
Tunneling encapsulation type, preservation and checksum
Encapsulation Choose the encapsulation type - IPComp, UDP, or Transparent. If
choosing UDP, enter the destination and source port IP addresses in the
relevant fields.
System Encapsulation Choose Auto, IPComp, or UDP. If choosing UDP, enter the destination
and source port IP addresses in the relevant field.
ToS Type of Service - select either Preserve to preserve the ToS value, or
Set to pick your own and put this value in the field.
TTL Preservation Preserves the TTL information as used in the original packet header
before it was compressed. Check to enable, clear to disable.
Ports Preservation Preserves the port numbers used in the packet header. Note that if you
selected UDP encapsulation the port information you entered (above) for
UDP will not be used.
SRC Preservation Preserves the source information. Note that if you selected UDP
encapsulation, the source information you entered for UDP (above) will
not be used.
Include checksum When selected, includes checksum information within the compressed
packet header. Check to enable, clear to disable.
In the TCP Acceleration settings section, select whether to use the
Global TCP acceleration settings or Link Specific. In addition, you need
TCP Acceleration to input the Typical Acceleration Rate, as well as choosing the type of
Congestion Control you want to use.
TCP Acceleration To have TCP Acceleration on a specific link, choose Link Specific,
otherwise choose Global.
Typical Round Trip The round trip time is the amount of time for one packet to travel from an
Accelerator to a destination and back. Choose Auto to allow the
Accelerator to automatically adjust, or choose Other and input a time
amount in milliseconds in the field.
Typical Acceleration The rate is the rate at which the TCP sender injects packets into the
Rate network.
Section/Parameter
Description
Title
Congestion Control Choose from one of the following:
• None—no congestion avoidance is used
• Standard—the congestion avoidance conforms to the standard TCP/
IP protocol (Reno)
• Vegas—TCP Vegas reduces latency and increases overall through-
out, by carefully matching the sending rate to the rate at which
packets are successfully being transmitted by the network. The
Vegas algorithm maintains shorter queues, and is therefore suitable
either for low-bandwidth-delay paths, such as DSL, where the sender
is constantly over-running buffers, or for high-bandwidth-delay WAN
paths, where recovering from losses is an extremely time-consuming
process for the sender. The shorter queues should also enhance the
performance of other flows that traverse the same bottlenecks.
• Hybla—reduces penalization of TCP connections that incorporate a
high-latency terrestrial or satellite radio link, due to their longer round
trip times. It consists of a set of procedures which includes, among
others:
- An enhancement of the standard congestion control algorithm
- The mandatory adoption of the SACK policy
- The use of timestamps
In the TCP Acceleration Advanced section, select the type of
TCP Acceleration acceleration you want to implement (Global, link specific, or none). If you
Advanced choose link specific, you will need to fill in additional fields.
Send Window Size Restricts the size of packets sent to X amount (if entered) before sending
an ACK request. You can either select Other and enter your own
amount, or select Auto and the value will dynamically change depending
on network and bandwidth conditions.
Receive Window Size Restricts the size of packets received to X amount (if entered) before
sending an ACK request. You can either select Other and enter your own
amount, or select Auto and the value will dynamically change depending
on network and bandwidth conditions.
Acknowledge Packet Enter the number of packets that will be sent before an ACK request is
Rate sent to the destination. Choose a value between 2-8 packets.
Keep Alive Check this checkbox to enable Keep Alive, which ensures that the
connection will not close until the time out interval has passed.
Keep Alive Time This value determines how long to wait before sending out the first
message. Choose a value between 1-10000 seconds
Keep Alive Direction LAN, WAN or both
Keep Alive Probes This value determines how many times a keep alive message will be
sent. Choose a value between 1-10000 probes.
Keep Alive Interval This value determines the waiting time between messages. Choose a
value between 1-500000 seconds.
In the Post Acceleration Aggregation section, select whether to enable
the Default class, a User Defined class, or the Thin client class, which
Post Acceleration can be set on a per link basis. Each link can have aggregation
Aggregation acceleration enabled or disabled independently of other links. The values
you set here
Status Shows the PoA status. Select Enable to enable, Disable to disable.
88 C h ap t er 4: Configuring Networking
Section/Parameter
Description
Title
Threshold Sets the targeted size of the aggregated packet. PoA will not output
packets that are not at least the threshold byte size. It will queue the
packets until the threshold is reached or the window size has been
reached. Select Auto to have the Accelerator automatically select the
threshold or select Other to input your own value in the field as long as it
is within the acceptable range 40-3000 bytes.
Limit Defines the maximal size a packet can be (in bytes) and still be eligible
for PoA. Any packet greater than this amount is not aggregated. Select
Auto to have the Accelerator automatically select the limit or select
Other to input your own value in the field as long as it is within the
acceptable range 40-3000 bytes
Window Size This dictates how long the PoA will hold the packets in the queue (in 10
millisec units). Small packets enter PoA queues and wait there until
either the aggregate packet becomes large enough (i.e. reaches the
threshold size), or too much time elapses (window size * 10 ms). When
either of these limits is reached, the packet is released. Select Auto to
have the Accelerator automatically select the size or select Other to
input your own value in the field as long as it is within the acceptable
range (between 10 and 1500 msecs).
In the Bandwidth Adjustment section, select the Enable Bandwidth
Bandwidth Adjustment check box and fill in the percentage and interval rates. For
Adjustment details see Using Dynamic Bandwidth, on page 89
Enable Bandwidth Select the checkbox to enable, clear to disable.
Adjustment
Minimal Bandwidth Defines the minimum value to which the bandwidth will be reduced as a
result of congestion. This value is calculated as percentage of the user-
defined outgoing bandwidth size. Default: 50%.
First Decrease Rate Choose from the drop-down box Other to enter a percentage of
reduction, or select None.
Increase Rate Defines the rate by which the link’s bandwidth will be gradually restored
to its former size. Increasing the bandwidth is much less critical than
decreasing it in case of congestion, and therefore the default set of the
increase is 2%.
Increase Interval Type a time interval (1-20 seconds) which will be used to base the
increase rate. (i.e. X% every Y seconds).
Decrease Rate To detect a congestion state more accurately, set longer decrease and
increase intervals.
Decrease Interval Type a time interval (1-20 seconds) which will be used to base the
decrease rate. (i.e. X% every Y seconds).
In the IPsec section, select the Enable IP Sec checkbox and select a
policy name and enter a local and remote IP address. Note that IPsec
cannot be set if you do not enable IPsec and make sure that IPsec is
also enabled on the other end of the link. In addition you can also select
IPsec Encryption which IPsec policy to apply, out of the policies you configured earlier. You
will also have to include a Public IP address for the local and remote
machines. For additional details, see Configuring IPsec Policies, on page
275.
Enable IPsec To enable IPSec, select the checkbox. To disable, clear the checkbox.
Policy Name Select the IPSec policy you want to assign to this link.
Section/Parameter
Description
Title
Local NAT IP Address Enter the local NAT IP address. This IP address is local to the network,
and is usually used as an internal IP address or an intranet address.
When packets are sent out of the network to the WAN, the Remote IP
address (see below) is used.
Remote NAT IP Address Enter the Remote NAT IP address. This IP address is the published,
known IP address. When packets are sent out of the network to the WAN
the local IP address (see above) is replaced with the Remote NAT IP
address.
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This
screen lets you set basic link parameters, acceleration, tunneling and TCP
Acceleration parameters for the link.
The bandwidth adjustment mechanism samples internal messages (of the link’s
internal protocol). Based on these messages, the bandwidth adjustment algorithm
detects a state of congestion and decreases the user-defined outgoing bandwidth.
Once the mechanism detects that the state of congestion no longer exists, the
bandwidth is gradually restored to its user-defined size.
The bandwidth adjustment parameters are as follows:
Minimal Bandwidth—Defines the minimum value to which the
bandwidth will be reduced as a result of congestion. This value is
calculated as percentage of the user-defined outgoing bandwidth size.
Default: 50%
Increase Rate—Defines the rate by which the link’s bandwidth will be
gradually restored to its former size. Increasing the bandwidth is much
less critical than decreasing it in case of congestion, and therefore the
default set of the increase is 2%
Decrease Rate—To detect a congestion state more accurately, set
longer decrease and increase intervals
After setting all required parameters, click Submit.
The source IP (virtual IP) in the sending machine is the destination IP in the
receiving machine.
If an AcceleratorOS link is established, and the Source IP of this link is defined to
be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare
case of primary Accelerator failure, and all of this link’s services are kept. When the
primary Accelerator is available again, the link switches back to it.
94 C h ap t er 4: Configuring Networking
In Figure 6 above, S1 is Accelerator 2’s direct subnet, while S2 and S3 are also
subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices
that are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to
do this, it must detect S1, S2 and S3 as subnets of Accelerator 2.
Accelerator 2 automatically detects S1 and adds it as its local subnet. You can
manually add S2 and S3 to Accelerator 2’s Subnets list, or use routing protocols to
add them dynamically. If the network supports OSPF or RIP the Accelerator can
function as an OSPF or RIP device to receive routing information. If other dynamic
protocols are in use, the Accelerator can poll routers to learn their routing tables.
Then, Accelerator 2 must advertise its subnet list to Accelerator 1, enabling
Accelerator 1 to properly route packets destined to S1, S2 and S3 to Accelerator 2
via Link 1.
Parameter
Description
Item
IP Address Set the IP address of the Subnet that is connected to the Accelerator.
Subnet Mask Set the Subnet Mask of the subnet.
Metric The metric setting defines the priority of the route or the subnet. Set a lower
number for more desirable routes. For example, on a T3 link with 1 hop, set a low
metric value, whereas on a long-haul 128 Kbps link with 8 hops you should set a
high number.
Advertise Advertised subnets are the Accelerator’s subnets that the Accelerator broadcasts
to other Accelerators when link negotiations occur. Select whether to advertise
this subnet.
By default, subnets that are manually added are advertised.
Add route rule When adding a subnet, the Add route rule checkbox lets you create a static route
rule to define how to reach the subnet. This will add an entry in the My Routes
table, which displays access to the subnet via the next hop.
Note: Once the static route is created, no connection exists between the route-
rule added and the subnet. Any change made in the one will not affect the other.
Next hop Add a next hop via which the subnet will be accessed.
Edit The Edit button lets you modify already added subnets by selecting them in the
table and clicking this button. This may be done for manually added subnets as
well as dynamically learned subnets.
Delete To delete subnets, select them in the table and click this button.
When subnets that are set to be advertised are deleted, they are removed from all
connected Accelerators.
96 C h ap t er 4: Configuring Networking
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps
to edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in the Local Subnet table, and
click the Edit button.
2. Edit the IP address, Subnet mask, Metric and Advertise status as necessary
and click the Submit button.
When subnets that are set to be advertised are edited, the change is
broadcasted to all connected Accelerators:
Note: Once Subnets are located by using OSPF or RIP, you can perform manual
i
modifications. For example, subnets located via RIP are set by default as Not
Advertised; however, you can modify them to be Advertised subnets.
For Manual Subnet configuration information, see Configuring Subnets Manually,
on page 95.
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes
Menu.
To configure OSPF:
1. Click on the OSPF button.
2. Set the parameters as follows:
Area ID OSPF divides its networks into areas. Therefore, you must set the
Accelerator with its OSPF area identification number, which lets the
Accelerator identify itself to local routers.
To set the Area of the Accelerator within the OSPF group, use its number
or its IP Address format number. The default is 0.0.0.0.
Low/High Determines a range of subnets to be advertised. If a subnet is between the
Locality Metric high value and the low value, it should be advertised.
100 C h ap t er 4: Configuring Networking
Configuring RIP
Configuring RIP is accomplished via the My Routes menu.
To configure RIP:
1. Click the following menu sequence Setup > My Accelerators > My Routes.
2. Click on the RIP button.
3. Set the parameters as follows:
Parameter Item
Description
RIP Mode Set RIP Mode to Enable or Disabled.
Enabled Mode allows configuration of RIP parameters.
Disabled RIP Mode saves any previously configured RIP settings, but disables
RIP capabilities.
Passive Mode Set Passive mode to Enable or Disable.
Passive mode enables RIP in a listening mode without sending updates.
Version Select the RIP version in use on the network: either RIP version 1 or RIP version
2. Note that in cases where RIP route injection is used, the RIP version should be
set to version 2.
Parameter Item
Description
(Continued)
Authentication Authentication on the Accelerator must match the RIP authentication set across
the network.
When working with RIP version 1, Authentication is automatically disabled. When
working with RIP version 2, set the Authentication to None, Key, or MD5:
Disable: When no authentication is necessary to communicate with other RIP
devices.
Enable: When a non-encrypted authentication password is needed to
communicate with other devices in the RIP network, insert the key used. This
authentication key is a common string (non-encrypted) that must be set according
to what is set across all devices on the network using RIP.
MD5: When an MD5 authentication password is needed to communicate with
other RIP devices, insert the encrypted key used. This must be the password that
is set across all devices on the network that use RIP. Set the ID number
according to this authentication password’s ID number across the RIP network.
Neighbor IP The Accelerator automatically detects neighboring RIP routers. If a router was not
auto-detected, you can manually add up to 20 routers to the Neighbors Table.
This is particularly important if the Accelerator is on a subnet that does not use
RIP. The Accelerator can receive its RIP routing information from a neighboring
router on a subnet that uses RIP.
Note: RIP must be in Active mode and set to version 2 for RIP Route Injection
i
to operate. For more information, see section Working with RIP, on page 102.
Note: For packet-interception with RIP injection, the number of injected routes is
i
as follows:
Note: If Router RIP mode is configured as Passive, you should disable Passive
i
mode in order to enable RIP mode. For details, see Configuring RIP, on page
102.
3. Select the maximal number of subnets that would use packet interception via
RIP (any number between 1 and 2500; the default is 1000).
4. Click Submit.
Note: Enabling WCCP is relevant only with On-LAN deployment. If your currently
i
selected deployment is On-Path, please change it by going to Setup > My
Accelerator > Basic > Advanced Settings.
Use the Routers Table to add or delete routers to the list of routers to be used for
packet interception. When adding a router, you have to indicate its router ID (the
IP address used for connecting him to out network, usually the highest value
number), as well as the router status (Connected/Disconnected - indicating a
connection to the network). If you enable the WCCP Service, and do not set a
router IP address, an error will result.
106 C h ap t er 4: Configuring Networking
3. Use the Services Table to manage the list of services to be used for packet
interception.
It displays by default all of the pre-defined services, which are as follows:
Web—all TCP traffic that is sent on port 80 (http traffic)
ICMP—Internet Conreol Management Protocol, services such as
ping, and trace-route use this protocol
UDP—all UDP traffic
TCP-Promiscuous—all TCP traffic (not port dependent) both
inbound (towards the LAN) and outbound (towards the WAN)
CIFS - WAFS—Common Internet File System all TCP traffic that is
sent on port 445.
Additional services can be added or deleted from the Services Table. The same
services must be configured on the router that is connected to the Accelerator.
4. To add a service, see Adding a Dynamic Service, on page 107. To delete a
service select the table row and click Delete. To enable or disable a service,
click the ID of the service and Parameters for the specified service opens.
Change the Service Mode to Enable or Disable. To change other parameters
see Editing a Dynamic Service, on page 108.
Note: When you enable the WCCP feature, all pre-defined services are enabled by
i
default, except for Web and CIFS. In addition, if you have multiple Accelerators
deployed on your network, the same WCCP services should be enabled on each
appliance.
This chapter introduces you to the Wide Area File Service feature and shows you
how to use it and manage it to streamline your business while maintaining control
over important company documents.
Topics covered in this chapter include:
Introduction to WAFS, on page 114
Getting Started with WAFS, on page 118
Enabling WAFS Configuration, on page 119
Configuring the Data Center and Branch Office, on page 127
WAFS Management and Operation Modes, on page 136
Managing the Data Center, on page 141
Setting Advanced FileBank Features, on page 155
Replication Service, on page 159
Printing Services for the FileBank, on page 168
Using WAFS Printing Services, on page 178
WAN-OUT Operation, on page 180
DNS Masquerading, on page 184
Monitoring WAFS Functionality, on page 189
Troubleshooting, on page 191
114 C h ap t er 5: Configuring and Managing WAFS
Introduction to WAFS
WAFS stands for Wide Area File Service, namely: remote users who access files
over a WAN, such as branch office or mobile users accessing centralized storage.
Such users often experience poor performance when trying to access files that are
stored in a central location.
Expand Networks’ WAFS solution allows users fast and efficient access to
centralized storage by using intelligent, dynamic caching.
Note: This feature is only supported on Accelerators with a hard drive. If your
i Accelerator does not have a hard drive and you want to have WAFS functionality,
contact your supplier.
The corporate Data Center is equipped with an Expand FileBank Director, and each
remote site (requiring access to the center) is equipped with an Expand FileBank.
Once these hardware devices are installed, branch office users can immediately
work with files located in the Data Center, with the same speed level and efficiency
as if they were working on their local file server.
Expand uses a patent-pending file system technology that allows direct access to
files located in distributed file storage architectures throughout the enterprise.
Network architecture can be deployed as a private network of leased lines, or a
virtual private network (VPN) that utilizes the public Internet in a secure way.
Expand provides the following features and benefits:
Centralization of storage and backup resources
Synchronous, reliable file operations
LAN-like performance
WAN Consumption optimization
Ease of installation and management
Seamless integration
Native security support
Many-to-many architecture
Integrated Branch IT Services
High resilience
Expand's pass-through authentication technology seamlessly ensures enforcement
of enterprise policies such as user authentication, access rights verification and
quota management support.
Expand devices use regular LAN and power connections. Configuration is simple,
and no infrastructure changes are required. No client software is installed on the
Data Center file servers or on any of the remote office workstations.
116 C h ap t er 5: Configuring and Managing WAFS
Supported Servers
File Servers
Microsoft Windows® NT Server 4.0 SP3 and above
Microsoft Windows® 2000 Server
Microsoft Windows® 2003 Server
Microsoft Windows® 2008 Server
Network Device Filer series (ONTAP 6.x & 7)
Authentication Servers
Windows NT Server 4.0 Primary Domain Controller (PDC)
Windows NT Server 4.0 Backup Domain Controller (BDC)
Windows 2000 Server Active Directory Domain Controller
Windows 2003 Server Active Directory Domain Controller
Supported Clients
Microsoft Windows® NT Workstation 4.0
Microsoft Windows® 2000
Microsoft Windows® XP Professional
to be equal to the size of the total data set. Various approaches exist for estimating
optimum FileBank disk capacity, the most common of which are as follows:
Complete data set size (migrated from the legacy file server)
Working set size (for example: 30% of complete data set)
Per number of branch users (for example: 0.5GB x number of branch
users)
The FileBank Director is connected On-LAN to the file servers, and
therefore its cache state is less critical than that of the remote branch
FileBank, which is connected over the narrow-bandwidth, high-latency
WAN. FileBank Director disk capacity planning should take into
account the percentage of data that is shared between branches (that
is, the level of inter-branch collaboration), and a size estimation of the
working set. As a rule of thumb 10-20% of the accumulated branch
FileBank cache is sufficient. Both FileBank and FileBank Director
employ LRU (Least Recently Used) cache management, so a
dynamic, working-set cache is always maintained.
Domains
The FileBank acts as a server in the Windows Domain hierarchy. Windows Clients
at the remote office will see the FileBank as part of this domain when connecting to
the network, and after appropriate mapping.
When configuring the FileBank for the first time, you are asked which domain to
join, so obtain the domain name in advance. In order to perform the join operation,
a user with sufficient access rights is required, namely: a user that is part of the
domain administrators’ group.
Authentication
Identify the name of the authentication server. The authentication server must be a
Windows NT/2000/2003 server that can authenticate users accessing the domain
(Windows NT v4.0 Primary/Backup Domain Controller or Windows 2000/2003
Active Directory Server).
Note: You are advised to utilize the domain controller of the local remote branch
i office, when applicable.
118 C h ap t er 5: Configuring and Managing WAFS
Overview
The main steps for configuring the Data Center are as follows:
1. Enabling WAFS Configuration, on page 119 - to prepare the Accelerator for
WAFS Services.
2. Configuring the Data Center and Branch Office, on page 127 - to specify the file
bank and file bank director
3. Viewing the License Status, on page 33 - to verify you have a WAFS license.
4. FileBank Categories, on page 138- to start the WAFS service
Note that the order that these steps are taken does matter and performing these
steps out of sequence may result in the WAFS services not running. Make sure
that you finish a step before proceeding to the next one.
3. If you do not intend to define a link on this device (namely, to use the device as
an Accelerator), press Cancel and continue with the FBD configuration.
4. In the dialog box that appears, click OK to confirm the closure operation.
5. In the Basic tab of the My Accelerator screen, fill-in the device name as shown
below and click Submit.
In the dialog box that opens now, enter the domain name(s) for the servers in the
order of preferential usage and click Submit.
10. Select the IP Domain Lookup type as Enable.
11. Type the domain name server IP address in the field and click Apply.
3. Click Submit.
4. Use the dialog box that appears now to confirm the creation of the WAFS
service.
5. The next dialog box prompts you to execute write configuration and perform
reboot to enable creation of WAFS service.
6. Click OK and then click the Write command at the top of the screen (encircled
below):
7. Click Close.
8. Select Tools > General Tools and click the Reboot button to apply your new
settings.
9. In the dialog box that appears now, click OK to confirm the reboot operation.
Note: WAFS Management is a pop-up window, and therefore you need to allow
i blocked content (pop-up) to be able to display it.
128 C h ap t er 5: Configuring and Managing WAFS
5. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The
wizard has the following screens:
File Server Settings, on page 128 - the one that is open now
Summary, on page 129
Confirmation and Application, on page 130
6. Proceed to the next section, File Server Settings, on page 128.
Alias Here
Summary
In this section you see the settings that you made from the previous section, File
Server Settings, on page 128, as shown here in the diagram.
At this stage the wizard displays a summary of all parameters entered during setup,
prior to applying them to the FileBank Director.
The Setup Wizard lets you set up a FileBank in several simple steps. (In the last
step, you have the option of modifying parameters before accepting them.) Once
Setup is complete, make sure you have a valid FB license. To check if the license
is valid, see Viewing the License Status, on page 33.
Overview
To configure the branch office:
1. Connecting the FileBank device to the branch office LAN.
2. Setting up the FileBank device. For details, see Setting Up the File Bank, on page
130.
3. Configure the client computers.
Note: WAFS Management is a pop-up window, and therefore you need to allow
i blocked content (pop-up) to be able to display it.
1. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The
wizard has four main screens:
File Server Settings, on page 128
File Bank Director Settings, on page 133
Summary, on page 129
Confirmation and Application, on page 130
2. Proceed to the next section, File Server Settings, on page 128.
Domain Settings
In this section you will set the Domain Settings.
Summary
Figure 19:Summary
At this stage the wizard displays a summary of all parameters entered during
setup, prior to applying them to the FileBank Director.
Figure 20:Confirmation
Clicking a selection from the navigation pane opens the relevant page in the
workspace. The navigation pane is divided into the following main categories:
System—for detailed description, see Setting Up the File Bank
Director, on page 127 and Setting Up the File Bank, on page 130.
File Services—for detailed description, see section Managing File
Services, on page 142
Additional Services—(FileBank Operation mode only) for a
detailed description, see Configuring Additional Services, on page
168
Utilities—for detailed description, see section FileBank Utilities, on
page 140
File Services
This section describes the following functions offered by FileBank Director:
138 C h ap t er 5: Configuring and Managing WAFS
FileBank Categories
The following sections describe the WAFS management screen work categories,
as viewed when the WAFS operation mode is FB (FileBank):
FileBank System, on page 138
File Services, on page 137
Additional Services, on page 140
FileBank Utilities, on page 140
FileBank System
The System category includes the following subsections:
FileBank Services
This section describes FileBank File Services functions, which are as follows:
FileBank Directors—displays the current FileBank Director(s) for the
FileBank, and lets you add or delete FileBank Directors as necessary.
Virtual Servers—lets you configure FileBank to automatically add a
prefix and/or suffix to the original file server name defined at the
FileBank Director site, to represent the local virtual server. This helps
distinguishing the local virtual server name from the Central File
Server name.
Windows Domain—lets you join the FileBank to the domain, use
domain administrator credentials (Username and Password), set the
domain name, and add or delete authentication servers.
Cache Settings—gives you cache statistics, and lets you control basic
cache functionality: cache validation frequency, and manual cache
invalidation.
Fetch Settings—lets you define which data will be fetched from the
Data Center for pre-population of the Cache. Once fetched, this data
resides in the Cache and can be accessed immediately. Thus pre-
population optimizes first-time access to this data.
System Users—lets you add and delete FileBank system users.
Filters—provides smart filters to enhance performance and bandwidth
optimization over the WAN.
Replication Services—the method by which the system can be set to
optimize the handling of very large files over the bandwidth-limited
WAN link.
Kerberos Configuration—allows nodes communicating in a non-
secure network the ability to identify each other in a secure manner.
140 C h ap t er 5: Configuring and Managing WAFS
Additional Services
This section describes the FileBank Additional Services, which are:
Print Services—you can configure FileBank to serve as the local
branch print server. This screen lets you add network printers, view a
list of already existing printers, and delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows:
System Diagnostics—lets you run a diagnostic test on the FileBank
device to ensure that the device is working properly. The results of the
test will be displayed in the Results area of this screen.
Logs—lets you generate FileBank activity logs for monitoring,
optimization, and troubleshooting purposes.
System Statistics—displays a list of connected users, with their
Session ID, Username, Group and Machine. To update the list, use
the Refresh button.
CAUTION! Stopping or Restarting the device while users are connected will
!
! interfere with their work in progress.
cache optimization state (namely, the cache associated with the initial ID will
become obsolete). Also, if the ID is changed and matches the ID of another
machine, errors will result.
To add a user:
1. From the WAFS left menu pane, under File Services select System Users.
2. Fill in the new user's Domain Name, Username and Password. Verify the
password by typing in the same password you entered in the Password field.
3. Click Add and the User’s information is added to the list at the bottom.
To add a user:
1. Make sure that you entered the WAFS menu using FileBank Director Operation
Mode.
2. Fill in File Server Name, and optionally an Alias
3. Click Add.
To delete servers:
1. Make sure that you entered the WAFS menu using FileBank Director operation
mode.
2. From the Exported File Servers section, select one or more checkboxes.
3. Click Delete.
To add a filter:
1. From the WAFS left menu pane, under File Services select Filters.
2. Type in the file extension in the form *.xxx (where xxx is a three or four-letter file-
extension).
3. Click Add.
To delete filters:
1. From the WAFS left menu pane, under File Services select Filters.
2. Select one or more filter checkboxes.
3. Scroll down to the bottom of the Compression Filters list.
4. Click Delete
.
CAUTION! Do not delete filters that were included in the list provided by Expand.
!
! Files of these types are known to be compressed and do not require further
compression. You should only delete a filter if was added by mistake.
FileBank Directors
To access the FileBank Directors screen, click File Services > FileBank Directors in the
Navigation Pane (see figure below). This screen displays the current FileBank
Director(s) for the FileBank, and lets you add or delete FileBank Directors as
necessary.
Note: You may leave the TCP and UDP fields blank, in which case the default
ii
value - port 4049 - is applied to both.
To delete a FileBank Director:
1. Make sure that you entered the WAFS menu using FileBank operation mode.
2. Select one or more checkboxes of hostnames in the current FileBank Directors
list
3. Click Delete.
Virtual Servers
You can configure FileBank to automatically add a prefix and/or suffix to the
original file server name defined at the FileBank Director site, used for representing
the local virtual server (File Services > Virtual Servers). This helps distinguishing
the local virtual server name from the Central File Server name.
CAUTION! Virtual Server Name = File Server Alias + any prefix/suffix added here.
!
! neither a prefix nor a suffix is defined, DNS Masquerading or WAFS
If
Transparency must be activated, to avoid name resolution conflicts. For details
regarding DNS Masquerading, see DNS Masquerading, on page 184. For details
regarding WAFS Transparency, see section WAFS Transparency Commands, on
page 698.
CAUTION! If you plan to use WAFS transparency, do not use an Alias name. Also
!
! if you need to use an Alias name, you must block WAFS transparency.
The lower half of the screen lists Exported Virtual Servers and their connection
status (“Connected”/”Disconnected”).
d
Figure 30: Virtual Servers
Windows Domain
The Windows Domain screen (File Services > Windows Domain) is used for
carrying out the following tasks:
Joining the FileBank to the domain.
Using domain administrator credentials (Username and Password)
Setting the domain name
Adding or deleting authentication servers.
152 C h ap t er 5: Configuring and Managing WAFS
Cache Settings
The Cache Management screen (File Services > Cache Settings) provides you
with cache statistics, and lets you control basic cache functionality: cache validation
frequency, and manual cache invalidation.
Invalidate Cache
The Invalidate button resets the TTL for the cached information, thereby forcing the
FB to validate the updated information with the EFS.
Note: Access to Data Center versions of cached files is verified prior to the
ii
invalidation. Cache files are not invalidated if Data Center versions are not
available.
System Users
The System Users screen (File Services > System Users) lets you add and delete
FileBank system users.
154 C h ap t er 5: Configuring and Managing WAFS
The Expand WAFS solution uses smart filters to provide additional performance
and bandwidth optimization over the WAN. Two types of filters are listed on the
Filters screen (File Services > Filters):
Short Term File (STF) filters
Compression filters
STF Filters
Short Term Files (STFs) are files that are saved locally on the FileBank and not
sent to the central server. Use the STF Filter for files that exist for a short term and
for any other files you do not want to be backed up on the central file server (for
example: photos and media files).
The STF Filter list displays all file extensions that the system is currently configured
not to back up. You can add to or delete from this list as necessary.
ii Note: All Files that match the STF filter extensions selected are not backed up.
S e t t i n g A d va n c e d F i l e B a n k Fe a t u r e s
This section covers advanced features that you can configure to the FileBank for
added functionality. Topics covered include:
Configuring the Fetch Mechanism, on page 155
Replication Service, on page 159
Replication Service Activation, on page 161
Configuring Replication Services, on page 162
Configuring Additional Services, on page 168
Fetch User
The fetch user is the internal user that performs the data pre-population on the
cache. The fetch user must have sufficient security permissions to traverse the file
system and read permissions for the files being transferred. You can configure the
fetch user on the FileBank using the user CLI command, or the System Users
option in the management web interface.
Fetch Jobs
The term Fetch jobs describes the entities that will be pre-populated onto the
FileBank cache. A fetch job is defined by the path and the fetch user that will be
used for fetching that path. The path is expressed in UNC format (starting with
virtual server name), and the user command argument is entered in
{domain\user} format.
A fetch job can aggregate multiple paths under one entity (see the fetch jobs paths
option). Activating a multiple path job effectively creates a fetch instance for each
specific path.
Fetch Settings
The Fetch Settings screen (File Services > Fetch Settings) controls the pre-
population of the Cache with specific data from the Data Center. Once fetched, this
data resides in the Cache and can be accessed immediately. Thus pre-population
optimizes first-time access to this data. The Fetch Settings screen lets you define
which data will be fetched for pre-population. This screen lists Fetch Jobs and their
current status.
Fetch Activation
Once configuration is complete, you can activate the Fetch mechanism by running
fetch jobs, and subsequently manage it by running fetch instances.
Fetch Jobs are created with a single path. You can add paths as necessary, as
described below.
158 C h ap t er 5: Configuring and Managing WAFS
Replication Service
One of the main challenges resulting from the consolidation of file services in a data
center, is how to grant users efficient access to very large files over the WAN,
despite limited bandwidth and high latency. The Expand replication service
addresses this challenge, by reducing bandwidth consumption at peak hours. With
this feature, administrator-defined file types (such as. *.PST, *.GHO) are served
locally at the branch by the FileBank virtual server, while a recurring replication
process handles daily synchronization with the data center file server (at times of
low WAN bandwidth consumption).
160 C h ap t er 5: Configuring and Managing WAFS
When you create a new file (of a type that is replicated), this file is synchronously
created on the central file server with its security metadata (namely ACLs), but
without the actual file data. The file data is then updated asynchronously by the
recurring replication process. The same principle applies to changes made to
existing files.
CAUTION! Replication is an asynchronous process, and as such, should be
!
! activated only for files used exclusively by the branch. Sharing replication files
between branches can result in data loss.
Replication service configuration includes the following parameters:
Replication User, on page 160
Replication File Types, on page 160
Replication Schedule, on page 160
Replication Paths, on page 161(optional)
Replication User
The Replication User is an internal user that performs file replication for the
system. The replication user must have sufficient security permissions for
traversing the file system and writing permissions to replicate to the file server.
The replication user is set both on the FileBank and on the FileBank Director.
Replication Schedule
Replication is programmed to run once a day to synchronize changes between the
FileBank and the Data Center file server. You are advised to run replication at off-
peak hours, when WAN bandwidth is least utilized. You define the time of day
(UTC value) that replication starts, and you can also force a stop time (namely: stop
the process even if replication is not complete). You can also run a non-scheduled
replication at any time by using the Replication Start and Stop options, either over
the web or through the CLI.
ii Note: Replication Start and End times are defined as UTC values.
Replication Paths
By default, the Replication Service searches the entire file system for files that
correlate to the Replication File Types list. Alternatively, you may define specific
paths to be searched (instead of the entire file system). The replication path can
point either to a share or to a directory within a share. Defining replication paths
results in a faster replication process. When using this option, files outside the
specified paths are not replicated.
Note: When no replication paths are defined, the replication feature searches
ii
the entire file system for files to be replicated. However, once one or more
replication paths are defined, the feature searches only on the defined paths.
Note: File pre-population onto the FileBank is a prerequisite for working on the
ii
replication files.
Note: Replication files that are on the file server but have not been pre-populated
ii
onto the FileBank cache are visible in directory listings, but are empty if opened.
Note: Before you can start the Replication Service for the first time, you must
ii
define a valid Replication User. For more details, see section Replication User,
on page 163.
Replication User
The Replication User is an internal user that performs file replication for the system.
The Replication User Screen (Replication Services > Replication User) displays
the currently defined user, and lets you clear (in other words, delete) the current
user, and/or set a different user.
164 C h ap t er 5: Configuring and Managing WAFS
Note: The Replication Service cannot function unless a valid Replication User is
ii
set. This user must have sufficient security permissions for traversing the file
system and writing permissions to replicate to the file server.
CAUTION! You should configure the same replication user on the FileBank and
!
! the matching FileBank Director.
Note: The Replication Service cannot function unless a valid Replication User is
ii
set. This user must have sufficient security permissions for traversing the file
system and writing permissions to replicate to the file server.
2. Select the checkbox for the required user, and then click Set.
CAUTION! You should configure the same replication user on the FileBank and
!
! the matching FileBank Director.
The user is no longer the Replication User.
Kerberos Configuration
Kerberos is a computer network configuration protocol which allows nodes
communicating over a non-secure network to prove their identity in a secure
manner. When used in a client-server model, Kerberos provides mutual
authentication, whereby both the user and the server verify each other's identity.
Kerberos Protocol messages are protected against eavesdropping and replay
attacks.
The following configurations are possible:
Enabling or Disabling Kerberos - available on the FB and FBD
Enabling Kerberos on a Specific Server - FBD only
Auto Configuration - FBD only
Print Services
You can configure FileBank to serve as the local branch print server. The Print
Services screen (Additional Services > Print Services) lets you add network
printers, view a list of already existing printers, and delete printers, as required.
For additional information about print functions, see section Setting Advanced
FileBank Features, on page 155.
To add a printer:
1. Type in the printer name (preferably a descriptive name such as “Konica 7022”,
“frontdesk” or “floor5”).
2. Type the printer URI (an identifying string such as socket://192.168.1.21:9100/.)
3. Enter a brief description to help other users identify the printer.
4. Click Add.
The printer is added to the list of printers available to branch users (this list
displays Name, Description, and URI).
To delete a printer:
1. Select the checkbox near the name of the printer you want to delete.
2. Click Delete.
NOTE: Printing administrators must posses full access and write credentials on
ii
the central file server Prints share.
Point’N’Print Configuration
Once you have defined printers, printing mode and printing administrators on
FileBank, you can upload printer drivers to the print server. This Enables clients to
use the “Point'n'Print” feature, which automatically installs the associated printer
driver the first time they access a particular printer.
Uploaded drivers are stored on the central file server and cached on the local
FileBank (a valid network connection between the FileBank and the FileBank
Director is required).
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
P ri nt i ng S erv ice s fo r th e F il eB an k 171
The initial listing of printers in the FileBank Printers and Faxes folder, accessed
from a Client, has no real printer driver assigned to it. The standard Windows Add
Printer Wizard (APW), run from NT/2000/XP clients, is used for printer driver
upload.
7. After driver upload is complete, perform the first client driver installation, as
described in the next section.
Note: If Connect still appears on the right-click menu, the driver is not yet
ii
installed. Return to step 3 above.
At this stage you may also want to set other printing defaults that
will apply to all future clients wanting to carry out “Point’N’Print”
driver installation.
From now on, any client wanting to install this printer can just “Point'N'Print”.
ii Note: If you are running Windows 2000, a dialog box may appear at this stage.
4. Click Yes.
The Add Printer Wizard (APW) opens.
5. Select the driver to associate with the printer, install it and connect.
Note: Installing the IPP printer drivers to a workstation does not require
ii
additional settings on the FileBank other than adding the IPP printer URL to the
FileBank.
3. The next screen lets you either select the port you want your printer to use or
create a new port:
WAN-OUT Operation
This section presents the following topics:
About WAN-OUT, on page 180
Detecting a WAN-OUT Event, on page 180
Working with Files while in WAN-OUT Mode, on page 181
WAN-OUT Known Limitations, on page 183
About WAN-OUT
Expand's WAFS solution comprises of two parts that communicate with one
another: a FileBank (FB) installed at the Remote Branch Office (RBO), and a
FileBank Director (FBD) installed at the Data Center. Expand's WAFS solution lets
users at the RBO optimize their use of shared contents on a File Server installed at
the Data Center.
Expand’s WAFS solution includes support for WAN-OUT mode, thus providing
necessary business continuity for cases of temporary WAN outage, or when the
FileBank Director is temporarily unavailable. When a WAN-OUT event is identified,
the system automatically switches to WAN-OUT Mode, allowing users at the RBO
to open, with READ-ONLY permissions, cached share content stored on the
FileBank.
A WAN-OUT event can be triggered by any of the following scenarios:
The RBO's WAN link is down.
The FBD is inaccessible to the FileBank:.
The FBD is totally inaccessible (disconnected from the network).
The FBD is frequently inaccessible (some network disconnections).
The FBD's WAFS services are down.
Note: If the File Server goes down prior to the communication being cut between
i the FB and FBD, a WAN-OUT event will not be triggered
Cache
When working in WAN-OUT mode, end-users at the RBO can work only with
cached share content stored on the FB. The entire cache content on the FB is
treated as valid. This means that when consulting the FB's cache, all cache TTL
timers are ignored.
182 C h ap t er 5: Configuring and Managing WAFS
File Access
When an user tries to open a file, READ ONLY (RO) access is granted (provided
applicable security). Any other access flags - such as WRITE, DELETE,
TRUNCATE, CREATE are denied. Users opening files receive a notification as if
they have a read-only permission to the file. Copying a file to the Client’s hard-
drive is possible, along with all security and permission data, provided that the user
has the applicable security to do so. In WAN-OUT mode all operations that attempt
to change a file, a file system structure, or data are immediately responded with
“Access Denied” by the FileBank.
For security reasons, the time frame granted to the users to access the cached
share content stored on the remote accelerator is limited to the 10 minutes prior to
the WAN-OUT mode initiation. This means that any files that were not opened by
a specific user within 10 minutes prior to the WAN-OUT event initiation, are
blocked and the user will not be able to open them during the WAN-OUT period.
The file access is granted on a per-user basis, so if one user has the file open, but
another user does not, after a WAN-OUT, only the user who opened the file will be
able to access it.
File Security
The way end-users at the RBO work when the FB is in WAN-OUT mode, changes
with respect to whether a Domain Controller is accessible to the FB. Two
possibilities are available:
For a remote site with a local Domain Controller (the Domain
Controller is still reachable by the accelerator while the site is in
WAN-OUT mode):
Users will be able to continue to work on the files opened at the
time the link is lost.
Users that will need to save their work while the link is down would
not be able to do it on Expand cache, but they will be requested to
use an alternative local storage.
Users will be able to open files or folders that were previously
accessed during the time frame defined in the AcceleratorOS (10
minutes). Only those files will only be accessible and will be limited
to READ-ONLY permission.
For a remote site without a local Domain Controller (the Domain
Controller is not reachable by the Accelerator while the site is in
WAN-OUT mode):
Users will be able to continue to work on the files opened at the
time the WAN link is lost.
Users that will need to save their work while in WAN link is down
would not be able to do it on the Accelerator’s cache, but will need
to use an alternative local storage.
No other files or folders can be opened from the shared cache on
the Accelerator.
Partial Disconnection
In some cases, a single FileBank is connected to multiple FileBank Directors at
different physical locations. A failure in one or several of these FileBank Directors is
possible, resulting in a situation where only a part of the files accessed by the RBO
are now under ‘disconnection’. As the FileBank has the notion of the origin of each
file (namely: the specific FileBank Director that manages the file), the system
selectively enters the WAN-OUT mode for files from FileBank Directors that are
disconnected and operates normally with files from FileBank Directors that have
valid connection.
DNS Masquerading
One primary objective of the Expand solution is to provide a truly dynamic global
file system. To ensure that data is always accessible across the distributed
organization, Expand must anticipate and overcome challenges introduced by
common network issues and user usage patterns. Some key requirements of a
global file system include:
Common name space – the solution must be fully coherent with the
existing naming convention used across different branch offices. For
example, a file server named “efs” should be accessible, using this
name, to branch offices with or without Expand FileBank.
Direct access on failure – users in branch offices should be able to
access the file server at the data center should the FileBank at their
location become unavailable.
Roaming user support – supports mobile users travelling between
different branch offices. The system should automatically redirect
users to the nearest FileBank according to the user's current location.
To meet these requirements, Expand supports DNS Masquerading. Using DNS
Masquerading, Expand becomes part of the DNS scheme in the organization, and
uses DNS to overcome challenges associated with the above requirements.
NOTE: Configuring the NetBios domain name should be carried out via WAFS
ii
CLI.
Fill-in the relevant IP Address (the FileBank IP Address) and Host Name (Fully
qualified domain name)
186 C h ap t er 5: Configuring and Managing WAFS
record. You should set the TTL of the file server record to the
minimum in order to shorten the fail-over time.
The DNS client service does not revert to using the primary
DNS server—The Windows 2000 Domain Name System (DNS)
Client service (DNSCache) follows an algorithm when it decides
the order of the DNS servers configured in the TCP/IP properties.
Refer to Microsoft Knowledge Base for more information http://
support.microsoft.com/default.aspx?scid=kb;EN-US;286834
CIFS session time out—In some cases, the client will fall back
from the EFS to the FileBank only after its CIFS session with the
EFS terminates. The time this takes is influenced by the session
time out on the EFS, and can be configured by using the following
command on the Windows file server:
net config server /autodisconnect:<minutes>
Viewing Logs
The Logs screen lets you generate activity logs of the FileBank Director for
monitoring, optimization, and troubleshooting purposes.
Generating a log archive may take several minutes. When finished, the log file is
saved in a default system location, and a link to the log archive appears in the Log
Archives section of the screen (newest on top).
190 C h ap t er 5: Configuring and Managing WAFS
Troubleshooting
In this troubleshooting section it is assumed that:
1. A complete end-to-end Expand WAFS installation has been set up and
configured
2. Devices are connected to the network (L1, L2) correctly and the right network
(L3) settings have been applied
Troubleshooting Tools
Internal Diagnostics: An automated internal utility that provides an
immediate indication of the Expand device performance and issues.
This is the first tool that should be used when troubleshooting is
necessary. You should run this tool at both branch and data center
ends. For details, see Running System Diagnostics, on page 189
(FileBank), and Running System Diagnostics, on page 189 (FileBank
Director).
Logs: The internal system logs that can be viewed, archived and
uploaded. For details, see Viewing Logs, on page 189 (FileBank) and
(FileBank Director).
Statistics: An internal tool that provides FileBank service statistics (see
DNS Masquerading, on page 184).
Status: The status CLI command reports on the current system
running status.
General Network Utilities: Ping, traceroute, ttcp, ifconfig, route, and
netstat.
Networking
No route/connection to the Expand devices
Check that the device is operational and is connected correctly to
the network (both Ethernet cable ends should be firmly in place).
Verify that the green light at the cable socket of each side is on.
Verify that network settings are correct, by examining the output of
the ifconfig CLI command. Pay particular attention to IP address
and netmask.
192 C h ap t er 5: Configuring and Managing WAFS
Use the route CLI command to verify that routing tables are
correct.
Try to ping a machine in the same subnet (typically the gateway,
depending on your network topology).
No route/connection to the Domain Controller (authentication server)
Use the domain controller's IP address to check connectivity. If this
fails, refer to the previous section and correct networking/routing
problems.
Verify the name set for the authentication server. Use the CLI
authsrv command, or the relevant Web Interface page.
Try to ping the domain controller by its name. Failure to do so
indicates a name resolution issue. To resolve this issue, either add
the domain controller to the static hosts list (using the hosts add CLI
command), or verify correct DNS settings.
Ensure that you have applied valid DNS servers. Use the CLI
prompt command dns, or the relevant web interface page, to
assign/delete/list DNS servers.
Ensure that you have added the DNS suffix required to complete
the FQDN of the authentication server. Use either the CLI prompt
command dns search, or the relevant web page, to apply the
required suffix.
If the FileBank has not been configured with DNS servers, add the
authentication server name under the static hosts. Use the hosts
CLI prompt command, or the relevant web interface page, and
repeat a connectivity check to the authentication server.
No route/connection to Fileserver(s)
Ensure that you have correctly defined the server(s) that needs to
be exported by FileBank Director.
Verify that the file servers’ NetBIOS names are the names you
have defined to be exported by FileBank Director.
Try to ping the file server's NetBIOS names. Failure to do so
indicates a name resolution issue.
Verify correct DNS settings, including DNS search path.
Alternatively, use 'hosts' static entry to add them to the list, as
described in the previous section.
FileBank Director cannot access the file server on port 139 or 445
FileBank Director requires active ports 139 or 445 on the fileserver. If port 139
(SMB over NetBIOS) is disabled, enable the NetBIOS port as follows: browse the
file servers TCP/IP network properties, select the Enable NetBIOS over TCP/IP
checkbox and apply changes.
If NetBIOS is to remain disabled on the fileserver, please consult the Expand
support team support@expand.com for additional configuration settings.
The user that is entered upon joining the domain must have
adequate permissions on the domain to join computer objects.
Ensure that the hostname of the FileBank is a valid NetBIOS
name, and does not exceed 15 characters. If necessary, redefine
the hostname and rejoin the FileBank to the domain.
If the problem persists, contact Expand support at:
support@expand.com.
Service
System status: “Not Running”
Verify the system was started, and try to start it again using
restart CLI command.
Run the status CLI command, and check reported errors in
command output.
Run the diagnostics CLI command, and check reported errors
in command output.
Ensure that the AcceleratorOS license is installed and valid.
If the problem persists, contact Expand support at:
support@expand.com
System is running, no virtual servers appear on FileBank
Run the diagnostics CLI command on the FileBank Director to
verify connectivity to the file server/s, and that FileBank Director is
able to read file server shares.
If FileBank Director cannot read shares, verify the existence of
shares by accessing the file server directly from a workstation
(namely, not via Expand), and define a share listing user (when
necessary) using the FileBank Director cifs user CLI command.
Run the diagnostics CLI command on FileBank to verify
connectivity to FileBank Director.
Run the gns refresh CLI command on FileBank.
Verify that the defined connection ports associated with the various
FileBank Directors match the FileBank Directors’ listen ports (the
listen port can be explored at the FileBank Director end, by issuing
the listenport CLI command or the relevant Web Interface
page).
Verify that no firewall is blocking the FileBank Director/FileBank
connection ports.
Workstations cannot connect to FileBank virtual server(s)
NOTE: A DNS entry can be used when the FileBank exports only one virtual
ii
server, If the FileBank exports more than one virtual server, the Expand DNS
masquerading feature can be utilized to support a DNS resolution (see also
section must be in Active mode and set to version 2 for RIP Route Injection to
operate. For more information, see section DNS Masquerading, on page 184.
Permissions and domain trust issues
Access denied
Continue troubleshooting by verifying user permission to access the central server
resource, and the existence of necessary domain trust when applicable.
Try to connect directly to the central file server (meaning, not via
Expand) by using the same domain user.
Run the diagnostic command via CLI or the web interface, to
validate that FileBank is joined to the domain.
Verify that FileBank is joined to the correct domain.
If the FileBank is joined to a different domain than the centralized
file server, ensure that a trust exists from the central domain to the
FileBank domain.
Cache pre-population failure
Examine the errors in the fetch log.
Validate the correctness of the path given to the fetch job. From a
workstation browse directly to the FileBank giving the same fetch
job path.
196 C h ap t er 5: Configuring and Managing WAFS
Ensure that a valid domain user is assigned to all fetch jobs. From
a workstation, log in as the same user defined in the fetch job, and
browse directly to FileBank. Verify that this user has read
credentials by trying to read a file whose fetch has failed, according
to the logs.
If DFS is in use, ensure that the fetch job path is not a DFS path
(namely, //<virtual server name>/<DFS root>/<path>),
but instead points to the linked virtual server (namely, //<virtual
server name>/<share name>/<path>). To view the FileBank
virtual server names, use the CLI status command or the relevant
web interface page.
Replication failure
The replication service requires the definition of a replication user. The
replication user must have read and write permissions on the paths
where files are to be replicated. The same replication user should be
used for both FileBank Director and FileBank.
Ensure that you set a valid domain user as the replication user.
From a workstation, log in as the replication user, and browse
directly to the FileBank. Verify that this user has read and write
credentials by copying files to a replication folder.
Validate the defined replication paths. From a workstation, browse
directly to the FileBank, using the defined replication UNC path(s).
If DFS is in use, ensure that the replication paths are not DFS
paths
(i.e. //<virtual server name>/<DFS root>/<path>), but
instead point to the linked virtual server (namely, //<virtual
server name>/<share name>/<path>). To view the FileBank
virtual server names, use the CLI status command or the relevant
web interface page.
Some of the DFS shares/folders are inaccessible
Find the physical server name that contains the inaccessible
shares/folders. Ensure that it appears in the exported file server list
(using FileBank Director cifs show CLI command or via FileBank
Director web interface).
Performance
If the Expand network environment has not been deployed/configured correctly,
users may experience the following problems:
Long delays while opening and saving cached files (WAN like)
Mapped network drive disconnections
Network Interfaces
View the NIC settings (use the CLI command ifconfig). Verify that
no errors have accumulated on the interface. Errors may indicate a
duplex/speed mismatch.
Check the Switch/Hub port settings to which the Expand device is
connected. The port settings must match the NIC settings of the
Expand device. In the case of a mismatch, use the CLI command
ifconfig to force settings on the NIC, such as the auto-negotiation
mode, speed and duplex settings.
For optimum performance, ensure that the Link supports 100Mbps
FD settings.
Quality of Service (QoS)
Branch offices that utilize QoS should prioritize the DSFS protocol
between FileBank and FileBank Director. This will generally result in
an immediate and marked improvement in user experience. The
protocol uses by default port 4049, but for QoS you are advised to
use a different, distinguishable port. You can change protocol port
by using listenport/fport commands on the FileBank Director/
FileBank respectively. Ensure that you change all communicating
devices at the same time.
Route
Investigate the route legs along the communication path from a
workstation to the FileBank to the FileBank Director, terminating at
the file server.
Network location
Ensure that there is no significant latency (latency greater than
1ms) between the FileBank Director and its associated file servers.
Improved performance may be achieved if the file servers and the
FileBank Directors reside on the same LAN segment.
Ensure that there is no significant latency (latency greater than
1ms), or any link mismatch, between the FileBank and the
workstations. Improved performance may be achieved if the
workstations and the FileBank reside on the same LAN segment
Bandwidth issues
198 C h ap t er 5: Configuring and Managing WAFS
Use the ttcp command (for more details, refer to the Expand CLI
Reference Guide) to check the available bandwidth between the
FileBank and the FileBank Director. Ensure that you compare both
directions (the FileBank should be the Client at the first check, the
Server at the second). This check can reveal bottlenecks and bad
settings along the network path.
Name resolution: Failover (WAN) issues
Several name resolution techniques, such as DNS masquerading and DFS, can
add seamless failover capabilities to the Expand solution. For more details see
section DNS Masquerading, on page 184.
With DNS masquerading in place, in the case of a failure, workstations are
automatically switched to resolve the virtual server name as the centralized file
server name. Failover lets the user continue to work without interruption, though
there may be a deterioration in user experience.
Ensure that workstations resolve the correct virtual server name.
You are advised to execute the nslookup command from the
workstations command prompt, giving the virtual server name as a
parameter. Verify that the IP returned is the same as the IP of the
FileBank.
Ensure that FileBank is defined as the workstation's primary DNS
(use ipconfig /all at the workstation command prompt).
DHCP Services
When FileBank acts as a branch level DHCP, FileBank’s network settings must all
be static (DNS, NTP, IP, routes, DNS search path and so on).
DNS lookup failed after defining a DHCP service
Define a valid FQDN extension for the DHCP server.
DNS Services
Workstations cannot browse the Internet or network mapping when
using the FileBank as a DNS proxy
Verify that DNS masquerading is running (for more details see DNS
Masquerading, on page 184).
Ensure that the FileBank is defined as the workstation's primary
DNS (use ipconfig /all at the workstation command prompt).
Use the CLI dns command (or the relevant web interface page) to
verify that the primary corporate DNS server is properly set on the
FileBank.
DNS lookup failed for branch workstations
Ensure that the FileBank is defined as the primary DNS for that
client, and that a secondary DNS points to an corporate DNS.
Use the CLI prompt dns command (or the relevant Web Interface
page) to verify that DNS servers are set onto the FileBank.
Ensure that a search path (DNS suffix) is configured for the
workstations.
Duplicate IP error appeared when connecting in file server
Error message:
System error 52 has occurred: A duplicate name exists on the network.
Global Name-Space support (exported virtual servers equals file server alias
name): DNS masquerading might generate this error. To resolve, see Microsoft
Knowledge Base 281308 http://support.microsoft.com/default.aspx?scid=kb;en-
us;281308.
200 C h ap t er 5: Configuring and Managing WAFS
This chapter describes the procedures necessary for configuring the Accelerator’s
QoS plug-in. The QoS plug-in lets you prioritize traffic traversing the Accelerator
network.
The chapter is divided into the following basic sections:
Accelerator QoS, on page 202
Carrying Out Basic QoS Configuration, on page 214
Working with Applications, on page 215
Viewing QoS Rules, on page 229
Setting QoS Rules, on page 229
Making Decisions for Specific Applications, on page 235
External QoS, on page 237
QoS Troubleshooting, on page 238
Note: QoS settings take effect when there is congestion. Any minimum
i
bandwidth guaranteed to a traffic type is set aside for this type of traffic only if
enough of this type of traffic traverses the line.
202 C h ap t er 6: Applying QoS
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network
in order to combat the congestion, latency and greedy and rogue applications that
all contribute to poor application and network performance. Organizations need to
be able to allocate bandwidth to mission-critical applications, slow down non-critical
applications, and stop bandwidth abuse in order to efficiently deliver networked
applications to the branch office.
This section contains the following topics:
About QoS, on page 202
How to Know What is on Your Network, on page 203
How to Prioritize Applications, on page 203
Studying the QoS Solution, on page 203
About QoS
QoS (Quality of Service) is a general term for the control mechanisms that can
assign different priorities to different users, applications, or data flows. These
control mechanisms or priority levels guarantee a certain level (or quality) of
performance of the data flow (service) and simultaneously addresses the requests
from the application. Quality of Service guarantees are important if the network
capacity is limited, especially for real-time multimedia streaming applications, such
as VoIP and IPTV. Such applications often require a fixed bit rate, are delay-
sensitive, and cannot tolerate packets dropping or being delivered in the wrong
order. You can use the QoS feature to prevent such factors and to accelerate
packets passing through the Accelerator based on your policy and reservation
criteria. QoS allows you to maximize the bandwidth you pay for more effectively.
The key to managing the traffic and achieving bandwidth effectiveness, is closely
tied to your knowledge of the type of traffic that is on your network and to the
demands of your users.
what should be traversing the network. Once a clear picture of the current network
and the ideal network is attained, easy to understand shaping policies like “real-
time” or “block” govern the flow of traffic. The Accelerator’s QoS mechanism is
single-sided, in that it can also work across a Virtual Link, in which the Local
Accelerator does not work opposite a Remote Accelerator. For a complete
explanation as to how the QoS mechanism functions and is implemented, see
Setting QoS Rules, on page 229.
For additional QoS Benefits see the following:
Automatic Traffic Discovery, on page 204
End-to-end application performance monitoring, on page 205
Transparency to existing QoS infrastructure, on page 205
Priority treatment for critical applications, on page 205
Guaranteed bandwidth for specific applications, on page 205
Restricting rogue and greedy applications, on page 205
Seamless integration with compression, on page 205
to traffic after the traffic has been compressed, because the important result is end-
user experience, not the physical link usage.
While basic traffic management is simple via the My Applications menu, you can
program complex QoS with nested rules, decision trees and other advanced
features.
Note: While the Accelerator enables the same QoS capabilities on inbound and
i
outbound traffic, most QoS is accomplished on outgoing bandwidth only.
Incoming traffic shaping is useful for non-links and virtual links, and instances in
which limiting or blocking incoming traffic is desired, for example blocking P2P
traffic or limiting incoming Internet traffic.
Note: Using inbound traffic shaping when the remote Accelerator uses outbound
i
traffic shaping is not recommended; in such a case, the inbound shaping may
have only a partial effect on the traffic.
Prerequisites
Follow these steps before working with QoS:
1. Set an accurate Bandwidth for the WAN. This setting ensures that all traffic
shaping applied is relative to the actual physical bandwidth on the WAN pipe. The
default bandwidth set for the default WAN is 100 Mbps (fast Ethernet).
2. This bandwidth setting assumes the largest possible bandwidth so that the
Accelerator does not limit its throughput over the WAN due to a WAN bandwidth
setting lower than the actual bandwidth. However, to get an accurate QoS
shaping you are advised to modify the bandwidth setting to its actual rate. For
208 C h ap t er 6: Applying QoS
more information on setting WAN bandwidth see Performing Setup via the
Wizard, on page 22.
3. You must set the bandwidth of each link on the WAN. For more information on
setting the Link Bandwidth, see Performing Setup via the Wizard, on page 22.
Rule Description
Filter The Filter defines what kind of traffic qualifies as part of an application. Filters are
generally Layer-4 definitions such as port number, protocol number, and traffic type. For
example, the application FTP is defined by the traffic type TCP and the port number 20.
You can modify and add traffic type and port number for applications that already exist by
default in the Accelerator, as well as defining new applications.
Shaper The traffic shaper defines how to handle the traffic filtered into this application: what
priority the application receives, and how the application is treated by the Accelerator.
Shaping the traffic enables setting a desired (or guaranteed) amount of bandwidth to be
preserved for a specific application, setting a limit on how much bandwidth an application
can consume (to avoid starvation of other applications), and setting the CoS (Class of
Service priority) and ToS (Type of Service) values for the application.
Shaping is crucial for ensuring application integrity - that critical traffic applications get the
bandwidth they need, and that other important applications are not starved completely.
Marking An application in the Accelerator can include a marker per application. You can save the
ToS marking on the rules, either the original ToS value or a newly defined ToS value.
This also means that you can set each application type to be Not-Accelerated or Not-
Tunnelled. This is particularly useful for applications like HTTPS or Encrypted Citrix,
whose packets do not compress, and ensures that the Accelerator does not waste
resources attempting to process these packets.
WAN Bandwidth
First, the bandwidth set for the WAN is honored. All further application QoS
decisions are based on the WAN bandwidth.
Link Bandwidth
You can set the bandwidth of the Link with a maximum value, limiting the amount
of the total throughput of the WAN available to a particular link. All Application
decisions based on a particular link are bound by this bandwidth.
Like the WAN bandwidth setting, the bandwidth set for a link can never be
exceeded. The bandwidth set for the links is divided by the WAN according to the
priority of the traffic coming across the links. This means that if the WAN bandwidth
is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one
link has high priority traffic, the lower priority traffic on the other link could be
starved. However, if the Link bandwidth is set to a portion of the WAN bandwidth,
then the link does not exceed this portion, and bandwidth is left over for other links.
Bandwidth Limits
Maximum bandwidth limits set for applications are honored and the traffic
throughput is limited according to this setting.
Bursts
In addition to the hierarchy, if, after all bandwidth is allocated, there is spare
bandwidth, and an application is set to allow bursts, this application uses all spare
bandwidth even if it is set to ordinarily have a maximum bandwidth limit.
For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed FTP
will be able to use the entire 64 Kbps if no other traffic traverses the link, and when
there is traffic, the limit of 16 Kbps is enforced on FTP.
To allow bursts on applications, you have to ensure that the default setting on the
WAN, which allows bursts, is kept. The WAN Burst parameter also lets you set a
maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can
set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum
utilization situations because of burst traffic. By default the WAN bursts are allowed
to use the entire WAN bandwidth. In certain environments, lowering the WAN burst
by up to 10% may be useful in order to protect the line from congestion caused by
bursts.
Note: QoS settings take effect when the WAN link is full. Any limitations and
i
guarantees placed on traffic apply only if not enough bandwidth exists for all
traffic to flow freely.
Note: In the Accelerator, rule limit and desired shaping are applied to traffic
i
before it is compressed, while link shaping (bandwidth for the link and the WAN)
is applied to traffic after the traffic has been compressed.
Desired Bandwidth
Minimum bandwidth Desired set for applications is allocated to all applications on
which a desired minimum bandwidth was set. This is true even for low priority
applications.
For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the
Acceleration percentage, like a cake, with the desired bandwidth applications
reserving the first piece. As long as no congestion exists, all applications set to
Desired receive their guaranteed bandwidth. When there is congestion, if high
priority applications are guaranteed bandwidth, they will receive it before low priority
applications that were guaranteed bandwidth. If there is not enough bandwidth for
numerous high priority applications that were guaranteed a desired bandwidth, the
desired bandwidth will be divided proportionately between those applications.
212 C h ap t er 6: Applying QoS
Priority
The relative QoS priority set to the application is considered and bandwidth is
divided proportionally among the applications as follows:
Block
Blocked traffic is discarded.
Real-time
Traffic set to real time receives “strict priority”. This means that as long as real-time
traffic is traversing the network it will receive the entire bandwidth. All lower priority
traffic types wait until there is free bandwidth, thus starving all lower priority
applications (unless a Minimum bandwidth (desired) was set for them). For this
reason it is important to use the Real-time setting with great care. If a chatty/
bandwidth-greedy application constantly transmits traffic, it is possible that no other
application will receive bandwidth (except those set with a Minimum bandwidth
(desired)).
High/Average/Low: High, average and low traffic priorities divide the bandwidth that
is still available (after desired and real-time traffic) in a proportional method based
on time. High priority traffic waits the shortest amount of time before waiting to be
sent, average priority traffic waits longer than the high priority and low priority traffic
waits longer than the average traffic to be sent. This does not mean that high
priority traffic transmits completely before average traffic starts transmitting, rather
high traffic transmits at a faster rate.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
H o w Q o S Wo r k s 213
Setting the priority to high/average/low is appropriate for most traffic types, setting
the relative importance between the applications without causing starvation.
In advanced configuration, you can set the WAN to handle QoS according to
“strict-priority.” This would set the priorities to act deterministically rather than
proportionally: high priority traffic receives all the available bandwidth (after
desired and real-time traffic), average priority traffic receives bandwidth only if no
high priority traffic exists, and so on. If there is constant high-priority traffic,
average and low priority traffic are starved completely.
Deleting an Application
To remove an application from the Applications Table:
1. Click the application name and then click Delete.
2. There is no confirmation for this action. The application is immediately deleted as
well as all of the statistics that were collected for the application.
To edit an application click the application name in the table and then click Edit.
See Editing an Application, on page 217 to edit an application.
To create a new application, see the information according to the application you
want to create:
General Applications—Creating New Applications, on page 219
HTTP or Web applications—Creating Web Applications, on page
222
Citrix applications—Creating Citrix Applications, on page 224
Remote Desktop services—Creating Remote Desktop Services,
on page 226
Editing an Application
Selecting an application lets you modify the application definition (the type of traffic,
also known as the traffic rule, or filter) and set up the way the traffic is treated (or
prioritized, also known as shaping).
To edit an application:
1. In the My Applications menu, click the application name (alternatively, highlight
the application line and click the Edit button). The Edit Application menu opens.
2. The Edit Application menu lets you modify all application parameters as listed in
Creating New Applications, on page 219.
3. In addition, you can select one or more of the following check boxes:
218 C h ap t er 6: Applying QoS
i Note: When creating an Application Name, spaces are not allowed. You may use
an underscore to create a visual space. For example, my_application.
The compressed packets are aggregated in the link per class. The classes are
defined via the CLI and set the aggregation packet limit, and allows a pre-defined
delay (window) before sending the packets.
For aggregation class configuration details via the CLI, see
Aggregation Class Commands, on page 617.
To Delete an application, see Deleting an Application, on page 217.
To create a new application, see the information according to the
application you want to create:
General Applications—Creating New Applications, on page 219
i Note: When creating an Application Name, spaces are not allowed. You may use
an underscore to create a visual space. For example, my_application.
2. Update the following parameters to define the Application and how it is handled:
Parameter
Description
Item
Application The default name for a new application is new_application. You have to modify
name the name of the application to a name indicating the type of traffic considered in
this application. Maximum of 31 characters, no spaces. Special characters are
allowed.
Collect Enabling statistics history saves statistics for this application for up to one year.
statistics Click the checkbox to enable, clear to disable.
The Application Criteria box lets you set the type of traffic to be considered in an
Application application. These fields define a rule for identifying traffic as part of this
criteria application
TCP Port To set the application to be defined on the basis of a TCP port or a span of TCP
ports:
• Select TCP port from the drop-down menu.
• In the From field enter the first port to be considered, in the To field enter the
last port to be considered. For example, to change HTTP application 80 to
HTTP application 8080, enter 8080 into the From field.
To define a single port, enter the port number into the From field and leave
the To field empty.
• Click the Add button.
The Criteria created appears in the Criteria Table.
220 C h ap t er 6: Applying QoS
Parameter
Description
Item
UDP Port To set the application to be defined on the basis of a UDP port or a span of UDP
ports:
• Select UDP Port from the drop-down menu.
• In the From field enter the first port to be considered, in the To field enter the
last port to be considered. For example, to change the TFTP application from
port 69 to port 4444, enter 69 into the From field and 4444 into the To field.
To define a single port, enter the port number into the From field and leave
the To field empty.
• Click the Add button.
The Criteria created appears in the Criteria Table.
Over-IP To define an application based on a specific protocol:
• Select Over IP from the drop-down menu.
• In the From field enter the first protocol number to be considered, in the To
field enter the last protocol number to be considered.
To define a single protocol, enter the number into the From field and leave
the To field empty.
• Click the Add button.
The Criteria created appears in the Criteria Table.
The criteria table lists all the criteria that must be met in order for traffic to be
Criteria considered part of this application.
Table To delete entries in the Criteria Table, highlight them and click the Delete button
The Prioritize box lets you set the shaping or prioritization to be applied to the
Prioritize traffic type.
Order The order parameter sets the importance of this rule. Traffic that enters the
Accelerator is dealt with by the QoS mechanism based on Prioritization order
number. Traffic that matches the Application criteria set in order number 100 is
handled according to the setting for this application type, even if it may match the
criteria of other Applications with other, less important priority order numbers.
If the two applications are set with the same order priority, applications are
matched according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one application is
created for all traffic in ports ranging from 2020 to 2060 and the other application
is created for traffic on port number 2062, the 2062 traffic is handled first.
Another example of higher specificity is when one application defines Layer-7
values and another application with the same priority order defines values only
up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic.
Most QoS settings do not necessitate setting the Order field.
You can set the order from 100 to 65534.
Minimum The Minimum bandwidth desired setting should be used carefully. This
bandwidth parameter allocates a certain amount of bandwidth to be saved for a specific
(desired) application type during periods of congestion. You should set desired bandwidth
only for mission-critical, time-sensitive applications, such as VoIP, which need 8
to 16 Kbps allocated throughput to function.
Maximum The Maximum bandwidth limit setting puts a ceiling on the amount of
bandwidth bandwidth that an application can consume. This is useful for bandwidth-greedy
(limited) applications such as FTP or P2P, to limit the amount of bandwidth they consume.
Parameter
Description
Item
ToS You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
• To preserve the original ToS value, click the Preserve radio button. By
default, ToS preservation is enabled.
• To set a new ToS value for this traffic, click the Set radio button and select
one of the following options:
• ToS value - lets you select a ToS value (0-254) for the Accelerator.
• Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64,
namely: 63) different values.
• CoS ToS - combines the values of the IP precedence field (otherwise known
as CoS, which stands for Class of Service) and the ToS (type of service
field).
Burst To allow applications to have a burst of additional bandwidth, click the Enable
checkbox. This is disabled by default. To disable, clear the checkbox.
Priority You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
Set the Priority of the application to:
• Blocked: Traffic set to Blocked is dropped.
• Low, Average and High: Traffic set to Low, Average and High are assigned
bandwidth on a proportional scale:
• Low receives the lowest proportion of the bandwidth.
• Average receives a medium proportion of the bandwidth.
• High receives the greatest proportion of the bandwidth.
• Real Time: Real-time traffic always receives bandwidth allocation according
to strict priority. This means that as long as real-time traffic is traversing the
network, all lower priority traffic types waits until there is free bandwidth, thus
starving all lower priority applications with the exception of applications that
received a Minimum bandwidth (desired) setting.
• Diagnostic Mode: You should set traffic to Diagnostic Mode only if the
Application is not responding at all to QoS settings. This is because
Diagnostic Mode traffic overrides all other QoS settings and starves all other
applications (including real-time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be working, set the class
to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
Diagnostic Clicking this button will disable the Priority section.
Mode
CAUTION! Ensure that you click the Submit button to save configuration changes
!
! before exiting the Create Application menu.
222 C h ap t er 6: Applying QoS
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that
i
two new preconfigured applications were added in this version that may affect
user-defined applications on the same ports. If applications have been
configured for port of 1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in the preconfigured
application before performing an upgrade.
If an application exists for a list of ports or range of ports that include the
specified port numbers (1928 and 2598), remove these ports from the list or
range, and create applications expand-internal with port 1928, and citrix-ica-sr
with port 2598. Then change the policy rules to match this application as well.
CAUTION! Ensure that you click the Submit button to save configuration changes
!
! before exiting the Edit Application menu.
Layer-7 Applications
The Accelerator lets you filter HTTP web applications, Citrix applications, and
Remote Desktop Services at the application layer (Layer-7). This higher level of
specification enables specific applications to receive tailored traffic prioritization
within the Accelerator. Creating a Layer-7 or L7 application is the same procedure
as described in Creating Web Applications, on page 222. Note that traffic is no
longer limited to only port 80. Other ports are now used.
For information on discovering Layer-7 applications, see Discovering Layer-7
Applications, on page 60. For more information on creating/defining specific Layer-
7 applications, see one of the following topics:
Creating Web Applications, on page 222
Creating Citrix Applications, on page 224
Creating Remote Desktop Services, on page 226
i Note: When creating an Application Name, spaces are not allowed. You may use
an underscore to create a visual space. For example, my_application.
2. The Web application parameters (see Working with Applications, on page 215)
are identical to the parameters set for all applications, with the following additions.
Parameter
Description
Item
Application You cannot modify the Application Criteria box from within the Create Web
Criteria Application box. The Layer-4 information for this web-based application is taken
from the web definition. To modify the Layer-4 criteria, return to the My
Applications menu and click on HTTP to edit the web application. This is also
disabled for L7 Applications.
224 C h ap t er 6: Applying QoS
Parameter
Description
Item
Layer-7 Host Name: the host name of the web application. The Host Name is the
Information internet address up until the first “/”, for example, for the address http://
172.10.10.10/loginindex.asp, the Host Name is 172.10.10.10.
For the Internet site http://www.expand.com/extranet/support the Host Name is
www.expand.com
URL Name: the URL name is the internet address after the first “/”. In the
example above, “extranet” can be used as the URL name.
MIME Type: enter the content type.
User Agent: enter the name of the HTTP client (Netscape, Mozilla, and so on)
All Layer-7 information criteria use pattern matching, meaning that, for example,
if the Host Name is www.expand.com, using expand as the host name is
sufficient (up to 128 character string for all HTTP Layer-7 parameters).
Prioritize Prioritizing the traffic based on rules is accomplished by setting the same
parameters available when creating an application. For more information on
available settings, see Working with Applications, on page 215.
CAUTION! Ensure that you click the Submit button to save configuration
!
! changes before exiting the Create Web Application menu.
i Note: When creating an Application Name, spaces are not allowed. You may use
an underscore to create a visual space. For example, my_application.
2. The Citrix application parameters are identical to the parameters set for all
applications (see Creating Web Applications, on page 222), with the following
additions.
Citrix Benefits
The Citrix Acceleration Plug-in feature has the following benefits:
It utilizes network resources more efficiently in LAN-based Accelerator
deployments and delivers improved acceleration results for Citrix-
hosted applications.
Citrix MetaFrame users repeatedly access the same content from the
network. The Accelerators’ Citrix Acceleration Plug-in feature
enhances support for Citrix MetaFrame applications because, through
the use of statistical multiplexing, the Citrix Acceleration plug-in allows
more Metaframe data to traverse the WAN. The Accelerator achieves
this increase in throughput by:
Consolidating Citrix header data in pure IP implementations - IP
header represents significant overhead in small packets generated by
Citrix. It constitutes almost 30% of the Citrix packet. The Citrix
Acceleration plug-in removes repeat header information and sends
this data only once across the network.
Consolidating Citrix payload in all environments - the Citrix
Acceleration plug-in extracts data from small packets originating from
different Citrix MetaFrame users, and sends packets optimized for
specific WAN conditions. The Citrix Acceleration plug-in eliminates all
redundant data transmissions across the WAN.
Controlling latency and jitter - the Citrix Acceleration plug-in
reduces latency and jitter, especially over slow WAN links that are
commonly used for Citrix Metaframe deployments.
The end-result is better, more consistent Citrix performance; and support of up to
four times more Citrix users on the existing infrastructure. Aggregation is performed
at the link-level and improves acceleration for traffic with small to medium packets
(like Citrix/ICA traffic or Telnet traffic), and aggregates compressed packets. The
Aggregation class sets the class to which this application is related. Aggregation
reduces the size of the traffic by aggregating compressed packets, before sending
them over the WAN.
i Note: When creating an Application Name, spaces are not allowed. You may use
an underscore to create a visual space. For example, my_application.
2. Use the table to set the parameters, click Submit to save the application
Parameter
Description
Item
Application Name The default name for a new application is new_application. You have to modify
the name of the application to a name indicating the type of traffic considered in
this application. Maximum of 31 characters, no spaces. Special characters are
allowed.
Discover If you want this application to be included when a discovery of applications is
run, select this checkbox (selected by default). If not, clear the checkbox.
Application This section is disabled
Criteria
Prioritize Window
Order Either select the default value (200) or select the open radio button, and in the
field, type your own (100-65534)
Minimum Desired Choose a value from the drop-down box, or other and enter your own value,
Bandwidth remembering to select the bit speed from the second drop-down box. This
amount should be less than the Maximum Bandwidth.
Maximum Choose a value from the drop-down box, or other and enter your own value,
Bandwidth Limit remembering to select the bit speed from the second drop-down box. This
amount should be greater than the Minimum Bandwidth amount.
TOS You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
• To preserve the original ToS value, click the Preserve radio button. By
default, ToS preservation is enabled.
• To set a new ToS value for this traffic, click the Set radio button and select
one of the following options:
• ToS value - lets you select a ToS value (0-254) for the Accelerator.
• Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64,
namely: 63) different values.
• CoS ToS - combines the values of the IP precedence field (otherwise known
as CoS, which stands for Class of Service) and the ToS (type of service
field).
228 C h ap t er 6: Applying QoS
Parameter
Description
Item
Burst To allow applications to have a burst of additional bandwidth, click the Enable
checkbox. This is enabled by default. To disable, clear the checkbox.
Priority You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
Set the Priority of the application to:
• Blocked: Traffic set to Blocked is dropped.
• Low, Average and High: Traffic set to Low, Average and High are assigned
bandwidth on a proportional scale:
• Low receives the lowest proportion of the bandwidth.
• Average receives a medium proportion of the bandwidth.
• High receives the greatest proportion of the bandwidth.
• Real Time: Real-time traffic always receives bandwidth allocation according
to strict priority. This means that as long as real-time traffic is traversing the
network, all lower priority traffic types waits until there is free bandwidth, thus
starving all lower priority applications with the exception of applications that
received a Minimum bandwidth (desired) setting.
• Diagnostic Mode: You should set traffic to Diagnostic Mode only if the
Application is not responding at all to QoS settings. This is because
Diagnostic Mode traffic overrides all other QoS settings and starves all other
applications (including real-time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be working, set the class
to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic
type.
To create a rule:
1. Click on the QoS tab, and then select QoS Rules.
2. Click the Create New Rule button. The Create Rule menu opens.
3. Use the Define and Prioritize sections to enter the necessary information per your
networking requirements
Parameters Description
Define
Section
Application Select the Application onto which to apply this rule from the drop-down menu. You
can define additional applications via the My Applications menu only. For
information, see Working with Applications, on page 215.
Parameters Description
Source IP If you want to filter the application by its source IP address: Choose from Other,
Any, Single IP, Subnet, Range, or List.
• Other—Displayed if advanced configuration was made via the CLI, which is
more complex than the WebUI display.
• Any—Set the Source IP to Any if the application should consider traffic coming
from any device (this is the default).
• Single IP—Select this option if only traffic coming from a single device should
receive the treatment defined in this rule. Enter the IP address
• Subnet Mask—Select Subnet if only traffic from a particular subnet should
receive the treatment defined in this rule. Enter the subnet address and the
subnet mask.
• Range—Select Range if a particular range of source IP addresses should
receive the treatment defined in this rule. Enter the first and last IP address to
be considered.
• List—Select List and enter up to four IP addresses to receive the treatment
defined in this rule.
Destination IP If you want to filter the application by its destination IP address:
Choose from Other, Any, Single IP, Subnet, Range, or List.
• Other—Displayed if advanced configuration was made via the CLI, which is
more complex than the WebUI display
• Any—Set the Source IP to Any if the application should consider traffic coming
from any device (this is the default).
• Single IP—Select single IP if only traffic headed to a single device should
receive the treatment defined in this rule. Enter the IP address.
• Subnet—Select Subnet if only traffic toward a particular subnet should receive
the treatment defined in this rule. Enter the subnet address and the subnet
mask.
• Range—Select range if a particular range of destination IP addresses should
receive the treatment defined in this rule. Enter the first and last IP address to
be considered.
• List—Select List and enter up to four destination IP addresses to receive the
treatment defined in this rule.
ToS Bits To filter traffic based on its ToS setting, in the drop-down menu select from Other,
Any, and Value.
• Other—Displayed if advanced configuration was made via the CLI, which is
more complex than the WebUI display
• Any—To set the rule to apply to the application’s traffic, if it has any ToS value
set (this is the default).
• Value—To set a ToS value, thereby limiting traffic on which this rule is applied
to the application’s traffic that has a particular ToS value (0 - 255).
Links Traffic rules and shaping are applied per link. Select Global to apply to all links, a
specific link to determine how traffic is categorized and prioritized over a specific
link, or select Non-link.
Direction If a link is selected as a filter for this rule, you can select the direction of the traffic:
• Inbound—towards the LAN
• Outbound—towards the WAN
232 C h ap t er 6: Applying QoS
Parameters Description
Scope This allows you to create a rule on all links, specific links or if you have Mobile
Accelerators, rules on a Collective Branch.
Select one of the following radio buttons:
• Global—for all links
• Link—for a specific link. Select the link, using the drop-down menu. Make sure
the link you want to set the rule for has already been defined. See Adding Links,
on page 82 to add a new link.
• Collective Branch—for a specific Collective Branch. Choose the Collective
Branch from the drop-down menu. Make sure the Collective Branch has already
been defined. See Creating a Collective Branch, on page 327, to create a new
Collective Branch.
Prioritize
Section
Order The order parameter sets the importance of this rule. Traffic that enters the
Accelerator is dealt with by the QoS mechanism based on Prioritization order
number.
If the two applications are set with the same order, applications are matched
according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one application is
created for all traffic in ports ranging from 2020 to 2060 and the other application is
created for traffic on port number 2062, the 2062 traffic is handled first, as a specific
port is more specific than a port range.
Note that, most QoS settings do not require setting the Order parameter.
Acceptable values are from 100 to 65534. 200 is the default value.
Minimum The Minimum bandwidth desired setting should be used carefully. This parameter
bandwidth allocates a certain amount of bandwidth to be saved for a specific application type
(desired) during periods of congestion. You should set desired bandwidth only for mission-
critical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps
allocated throughput to function.
Maximum The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth
bandwidth that an application can consume. This is useful for bandwidth-greedy applications
(limited) such as FTP or P2P, to limit the amount of bandwidth they consume.
Parameters Description
ToS You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
To preserve the original ToS value, click the Preserve radio button. By default, ToS
preservation is enabled.
To set a new ToS value for this traffic, click the Set radio button and select one of
the following options:
• ToS value - lets you select a ToS value (0-254) and a ToS Mask (0-254). When
entering a number in the ToS Mask field, this value is ANDed to the value
entered in the TOS field in the packet’s header and compared against the TOS
entered for this rule. You can use the TOS Mask for comparing specific bits
(Precedence/Type of Service) from the TOS field in the packet’s IP header
against the TOS value entered for this rule.
• Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64,
namely: 63) different values.
• CoS ToS - combines the values of the IP precedence field (otherwise known
as CoS, which stands for Class of Service) and the ToS (type of service field).
Burst To temporarily allow this application to have bursts of bandwidth, click the checkbox
to enable or clear the checkbox to disable. By default, this feature is enabled.
Priority You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
Set the Priority of the application to any of the following options:
• Blocked: Traffic set to Blocked is dropped.
• Low, Medium, and High: Traffic set to Low, Average and High are assigned
bandwidth on a proportional scale:
• Low receives the lowest proportion of the bandwidth.
• Medium receives a medium proportion of the bandwidth.
• High receives the greatest proportion of the bandwidth.
• Real Time: Real-time traffic always receives bandwidth allocation according to
strict priority. This means that as long as real-time traffic is traversing the
network, all lower priority traffic types waits until there is free bandwidth, thus
starving all lower priority applications with the exception of applications that
received a Minimum bandwidth (desired) setting.
• Diagnostic Mode: You should set traffic to Diagnostic Mode only if the
Application is not responding at all to QoS settings. This is because Diagnostic
Mode traffic overrides all other QoS settings and starves all other applications
(including real-time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be working, set the class to
Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
234 C h ap t er 6: Applying QoS
To edit a rule:
1. Highlight the Rule to be edited in the Rules Table and click .
2. Make the necessary changes. For any necessary explanation, see section
Creating QoS Rules, on page 230.
External QoS
To set the Accelerator to enable external QoS:
1. In the WebUI, in the Setup menu, click My Links.
2. Select the link to be affected by a QoS device and set it to work in Router
Transparency mode. For more information on Router Transparency mode and
Link configuration, see Adding Links, on page 82.
QoS Tro u b l e s h o o t i n g
If the QoS mechanism does not seem to be functioning properly, it could be a
result of the Maximum Queue Length. If there is much latency on the line, the
packet drops may be the result of the queue buffer size, which is normally set per
link rate, or because the packets are waiting too long and are therefore being
considered obsolete packets. By default the packets are considered obsolete after
500 ms.
If limits do not seem to be enforced on traffic, check to see if it is because of the
Burst status. When Burst is enabled during periods of no congestion, limits will
appear not to be enforced properly.
If a class is not transmitting properly and problems are encountered after QoS has
been applied, try setting the class to Diagnostic mode, thereby disabling QoS for
this traffic type. For additional troubleshooting, see Troubleshooting, on page 347
or Contacting TAC, on page 423.
Expand’s Accelerator lets you reduce the impact of the TCP protocol shortcomings
by applying TCP Acceleration, a standards-based plugin that modifies TCP settings
to optimize throughput in certain environments. In addition, the Accelerator
provides Domain Name Server caching capabilities to shorten the round-trip-time
and save bandwidth over the WAN.
This chapter contains information about the following topics:
Studying TCP Acceleration, on page 240
Configuring TCP Acceleration, on page 248
Understanding Web Acceleration, on page 254
Configuring HTTP Acceleration, on page 255
FTP Acceleration, on page 264
Configuring DNS Acceleration, on page 268
Enabling Aggregation, on page 271
Enabling Traffic Encryption, on page 273
Remote Desktop Protocol Services, on page 278
For information regarding WAFS service, see Configuring and Managing WAFS, on
page 113.
240 C h ap t er 7: Optimizing Acceleration Services
Window Size
8 KB 16 KB 32 KB 64 KB
0
5 16 Kbps 32 Kbps 64 Kbps 128
0 Kbps
0
1 8 Kbps 16 Kbps 32 Kbps 64
0 Kbps
0
0
Once the connection is established, TCP data packets are sent in accordance with
the TCP window set - each time the window threshold is met, the receiver responds
with an acknowledge packet, as described in the following figure:
242 C h ap t er 7: Optimizing Acceleration Services
While these TCP functions are useful in controlling and managing congestion
over the LAN, they cause expensive long-distance links to appear slow.
Congestion Avoidance
SCPS enhances flexibility of Congestion avoidance mechanisms. TCP
automatically uses congestion avoidance, which is not necessary in networks
where drops are not the result of congestion. You can configure SCPS in such a
way that congestion avoidance is not used when it is unnecessary. If there is
congestion on the line, you can select the method of congestion avoidance and
control (standard TCP, Vegas, or Hybla).
3584
With TCP
Acceleration Newly created
No TCP
3072 bandwidth
Acceleration
2560
Kbps
2048
1024
512
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Time
Throughput Link Speed
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the
computation that follows.
The network in the diagram above will be used for example purposes. The math
used for calculating the theoretical maximum throughput is based on this drawing.
Substitute the values from your specific network in order to learn the TCP
theoretical limitation for a single session in your network.
The network poses 150 milliseconds (msec) of latency between the Client (C) and
the Server (S). You can use a ping for determining the end-to-end latency between
a Client and Server by sending a ping 100 times from the client to the server
during business hours with a 750 byte payload. This payload size ensures some
stress on the network, and should provide a better measurement for latency than
simply sending a 64 or 32 byte ping as some operating systems do. An example of
this ping command used on Windows is:
ping x.x.x.x –l 750 –n 100
(x.x.x.x = the server’s IP address, –l is the payload size, and -n is the amount of
pings)
You can use the following formula to calculate the theoretical limitation:
Bandwidth equals the window size divided by the round trip time
WindowSize
---------------------------- = Bandwidth
RoundTripTime
Figure 6: Bandwidth Calculation
Bandwidth (BW the maximum theoretical throughput. The bandwidth
of a link is normally represented in bits per second.
Window Size (WS the amount of data TCP can send before waiting for
an acknowledgement. This value is in bytes; ensure that any values in
bytes are converted to bits.
Round Trip Time (Rtt though this value is in seconds, most network
tools, such as ping, report it in milliseconds. In the network example
shown above, the latency was 150 msec, and because 1000 msec
equals a full second, then the latency of this network can be
represented in a fraction as 150/1000 msec. Always convert this
fraction into decimal format when calculating the values. In this case
the latency will be represented as.15.
The default window size for Microsoft XP is 8 KBytes. For additional window size
values please consult your operating system vendor. This example assumes that
the client is running Windows XP.
Using the example network provided above, some of the values needed for this
formula are known and can therefore be plugged into the formula in order to
determine the maximum theoretical bandwidth for a single TCP session.
BW = 64000 /.15
After calculating the values, the BW equals 426,666 Bytes. Remember that
because this value is in bytes, it should be multiplied by 8 in order to get the bits
per second (bps). The product shows that the theoretical maximum bandwidth is
3,413,328 bps.
As seen in the example network shown above, the link is a 6 Mb link. 150 msec
of latency has limited a session to about half of the link speed.
The following Throughput table lists some common Round Trip Times and the
effects on TCP:
Window Size
8 KB 16 KB 32 KB 64 KB
Round Trip Time
Parameter/Section Description
Typical RTT Enter the typical RTT in miliseconds by choosing Other in the drop down
menu and enter an amount in the field. Alternatively, you can allow the
Accelerator to decide by selecting Auto from the drop down menu.
Typical Acceleration Enter a percentage by selecting Other in the drop-down menu and enter a
Rate value in the field. Alternatively, you can allow the Accelerator to decide by
selecting Auto from the drop down menu
Congestion Control Select from one of the following:
• None—no congestion avoidance is used
• Standard—the congestion avoidance conforms to the standard TCP/
IP protocol (Reno)
• Vegas—TCP Vegas reduces latency and increases overall through-
out, by carefully matching the sending rate to the rate at which packets
are successfully being transmitted by the network.
The Vegas algorithm maintains shorter queues, and is therefore
suitable either for low-bandwidth-delay paths, such as DSL, where the
sender is constantly over-running buffers, or for high-bandwidth-delay
WAN paths, where recovering from losses is an extremely time-
consuming process for the sender. The shorter queues should also
enhance the performance of other flows that traverse the same
bottlenecks.
• Hybla—reduces penalization of TCP connections that incorporate a
high-latency terrestrial or satellite radio link, due to their longer round
trip times. It consists of a set of procedures which includes, among
others:
- An enhancement of the standard congestion control algorithm
- The mandatory adoption of the SACK policy
- The use of timestamps
- The adoption of channel bandwidth estimates
- The implementation and mandatory use of packet spacing
techniques
See TCP Acceleration Advanced Settings, on page 252.
TCP Acceleration
Advanced
Keep Alive See Keepalive, on page 253
250 C h ap t er 7: Optimizing Acceleration Services
Note: When TCP acceleration is enabled, all traffic is transferred through the
i
Accelerator in routing-only mode and is not bridged. For additional information
see Setting Routing Strategy, on page 30.
If after enabling TCP Acceleration the Accelerator does not perform as expected,
you should check the size of the window set by Windows:
WARNING! Editing the registry or using a Registry Editor incorrectly can cause
! serious, system-wide problems that may require you to reinstall Windows to
correct them. Microsoft does not guarantee that problems resulting from the
incorrect use of Registry Editor can be solved. Back up your registry first and use
Registry Editor at your own risk.
Parameter Value/Description
Send Window Size Choose Auto for the 10MByte default setting or choose Other
and enter a different value (from 4Kb-50Mb) and select the
byte value (Kbytes or Mbytes) from the drop down list
accordingly.
Receive Window Size Choose Auto for the 10MByte default setting or choose Other
and enter a different value (from 4Kb-50Mb) and select the
byte value (Kbytes or Mbytes) from the drop down list
accordingly.
Acknowledge Packet Rate Enter the number of packets that the Accelerator will receive
from a source before sending the source a confirmation
message (called an Acknowledge Packet) that the packet
was received successfully. By default the rate is set to two
packets, and the preferred range is between two and eight
packets.
Keep Alive See Keepalive, on page 253.
Note: Even though the upper limit for the sizes of the receive and send
i
windows is 50MB, setting the size to a value greater than 10MB may
adversely affect the system performance, and therefore a warning message
notifying you about such a possibility appears when you select a value that
exceeds 10MB.
Keepalive
If for any reason there is a disconnect between an appliance and a network device
(LAN) or between an appliance and another appliance, the keepalive setting
ensures that the connection will not close until the time out interval has passed.
Note: Because the Web Acceleration plugin consumes RAM, it affects the
i
number of tunnels configurable on the Accelerator. Web Acceleration can cache
objects up to 1 GB in size.
The Web Acceleration plug-in serves requested objects from its cache. If the object
is not in the cache, the plug-in retrieves the object on behalf of the client from the
original server, caches it (when relevant) and serves the client's request.
Web Acceleration guarantees network transparency. When the Accelerator is
deployed on the network, there is no need for any configuration modification of
connected LAN clients.
In On-Path deployments—HTTP transparency also applies to the
Server side, meaning that if a sniffer is used between an Accelerator
and the default gateway, HTTP packets will be seen to contain the
client and server IP addresses. FTP traffic will be transparent only on
the client side.
In On-LAN deployments—transparency applies only to the Client
side. A sniffer placed between an Accelerator and the default gateway
will see packets containing the Accelerator and server IP addresses.
This later is necessary to guarantee that replies will travel via the
Accelerator’s Web Cache engine and not be delivered directly to the
client.
Web Acceleration supports both FTP and HTTP caching.
FTP caching—the Web Acceleration cache guarantees that objects
sent to the client from the cache are always fresh (only supported if
the FTP server supports MDTM ex, vsftpd as well as SIZE headers).
Both Passive and Active FTP caching modes are supported.
HTTP caching—the object will have an aging time in the cache until it
is retrieved again from the server.
Parameter
Description
Item
Connect Time The time period (in seconds) that should pass before disconnection (default: 60).
out To set the Connect time out, fill in a number (between 1 and 600 seconds) in the
field
Maximum Cache Sets the Maximum size an object can be in order to be held in the cache. Object
Object Size larger than this number are not held. This parameter is set in KB.
To set the Maximum Cache Object Size, enter a number between 1 and
1,000,000 KB. By default, the size is 102,400 KB.
Note that the Maximum Cache object size must be larger than the Minimum
Cache object size.
Minimum Cache Sets the Minimum size an object can be in order to be held in the cache. Object
Object Size smaller than this number are not held. This parameter is set in KB.
To set the Minimum Cache Object Size, enter a number between 1 and
1,000,000 KB. By default, the size is 102,400 KB.
Note that the Minimum Cache object size must be smaller than the Maximum
Cache object size.
Maximum Client Sets the amount of time the client (browser) can be connected to the cache
Connect Time process before a timeout is initiated. This is merely a safeguard against clients
that disappear without properly shutting down. It is designed to prevent a large
number of sockets from being tied up in a CLOSE_WAIT state. The default for
this
option is 1440 minutes, or 1 day. Acceptable values are between 1 and 5,000
minutes. To set the Maximum Client Connect time, enter a number in the field
between 1 and 5,000 minutes
Persistent Time Sets the amount of time to wait for an HTTP request from the client after the
out connection was established, or after the last request was finished. It is set in
seconds with acceptable values between 1 and 10,000 seconds. To set the
Persistent Time out value, enter a number between 1 and 10,000.
Parameter
Description
Item
Transparency This command configures the status of the interception proxy.
The interception proxy can be configured as transparent (namely, the proxy
server’s IP address will not be detected by sniffing). Three statuses are possible:
• Semi—applying transparency only on the Client side.
• Full—applying transparency on both the Client and the server sides.
• Auto—setting the transparency status automatically according to
deployment, namely: Semi in On-LAN deployment and Full in On-Path
deployment.
To set the transparency mode, select one of the options from the drop-down
menu
Port When enabled, preserves the original client’s source port information. By default,
Transparency this is disabled. When Transparency (above) is set to either Semi or Auto in an
On-Lan deployment scenario, it is not recommended to set this feature to enable.
TCP When TCP Acceleration is configured in the TCP Acceleration menu, you must
Acceleration also enable this parameter in order for the acceleration to work correctly. By
default, TCP Acceleration is disabled, but to enable TCP Acceleration, select
Enable from the drop-down menu.
Cache Lets you define whether to cache data that arrives from authenticated servers,
Authenticated such as authentication requests.
Requests If you set this option to Enable, the data from such servers is cached even if no
Public indication was set in the authenticated server. If any other condition
exists, which prevents the data from being cached (for example: a Private flag),
the data is not be cached, but it is still accelerated.
Collect Statistics Lets you start or stop the statistics collection.
Cache Range
Server Ports The list in this table represents the port numbers that will be intercepted by HTTP
Table Acceleration. By default Port 80 is used for HTTP traffic. Using this table, you can
add additional non-standard HTTP ports. Make sure the port number you add is
not used for other types of traffic.
Enable Proxy Select this box to enable the proxy server.
Server If this box is selected, you can set manually the proxy IP address and the proxy
port number.
The expression entered in Direct Rule should be valid on a URL, and determines
that all requests that match this expression are always forwarded directly to the
origin server, without using the proxy server. For example: if you apply rule
direct avaya, all requests that match the avaya regular expression are
forwarded directly to the origin server.
The expression entered in No Cache rule determines that traffic directed to a
specific URL, which matches this specific expression (for example: no cache
avaya) is neither cached nor retrieved from the cache, and after the traffic is
retrieved from the server it will not be cached.
In both cases (Direct and No Cache rules) you can define multiple rules.
Parameter Description
Job Name Type a name for this job. The job name can only contain alphanumeric characters.
Special characters and spaces are not permitted You can use an underscore, but other
non-alphanumeric characters are not allowed.
Schedule Using the drop-down menu, decide when the job is to occur. Select from one of the
following options:
• None—the job is created, but does not run
• Once immediately—occurs one time, immediately
• Once at—occurs one time on a specific date at a specific hour
• Once in—occurs one time at a specific hour in X amount of days
• Recur daily—occurs every day at a specific hour
• Recur weekly—occurs once very week on a specific day and a specific hour
• Recur monthly —occurs once a month on a specific date and hour (not
recommended to set this to 31, as not every month has 31 days).
URL Type the complete URL in the field
Depth Dictates the level to go down to for caching the web pages.
For example, if your main web site has 3 links that open 3 pages and each of those links
has 2 links to open 2 separate pages, a depth of 1 would cache 3 pages and a depth of
2 would cache 9 pages. Note that the higher the number is, the more resources you will
consume.
To choose a depth select the level from the drop-down menu. Depth values from 1-16
are permitted.
User / Password Some Web sites have User/Password requirements, if your URL requires it, enter the
information in the appropriate field.
Add URL Allows you to add additional URLs to the same fetch job.
FTP Acceleration
Parameter Description
DNS Masquerade DNS masquerading enables the Accelerator to intercept traffic sent from the
Client to the DNS server and back, and masquerade the DNS response’s
address. Select Enable to enable, or Disable to disable. Note that, the
translation of host names into the Accelerator’s user-defined addresses is
defined in the next section of this screen - the Static Hosts table.
DNS Acceleration Enabling allows the Accelerator to cache the DNS addresses, thereby
eliminating repetitive queries over the WAN. Select Enable to enable, Disable
to disable.
Use Accelerator defining the Accelerator as a DNS client. By so doing, the Accelerator will
DNS always intercept traffic and use its setting to process it, even if that traffic was
sent to another DNS server. If you enable this option, you have to configure a
domain name server under Setup > Networking > DNS. For details, see
Configuring DNS, on page 303.
Cache Unresolved Caches DNS queries that were unresolved and will therefore not attempt to
resolve them in the future. Select Enable to enable, Disable to disable.
Transparency Select the appropriate transparency method:
• Semi—the traffic is transparent to the Client, but the server sees it as
coming from the Accelerator.
• Full—the traffic is transparent to both the Client and the Server.
• Auto—the transparency is determined automatically according to the
deployment level: either Semi (in On-LAN deployment) or Full (in On-Path
deployment).
Min TTL Determines whether to keep the Time-to-leave settings defined by the DNS
server (Preserve TTL) or set your own settings (1-1440 minutes).
If the TTL settings you defined here are longer than those set by the DNS
Server (for example: 60 minutes compared with 10 minutes, respectively), for
any period between these two values (as, in this example, 20 minutes) the
Accelerator does not use the DNS Server’s address and takes the address
from its own cache.
To view the statistics for the queries since the last time the DNS Acceleration
feature was enabled, use the Statistics (lower most) section of the DNS
Acceleration screen
Cache Size Defines the maximum number of records that are to be kept in the cache. You
can either select Auto to keep the system-defined default, or select your own
value.
Enabling Aggregation
Aggregation optimizes applications by using small packets such as Citrix, rdp, and
telnet. This menu allows you to configure aggregation, match applications to
classes and enable the class on all links.
Note: The Citrix Acceleration screen lets you apply Citrix aggregation only on all
i
links. To apply Citrix aggregation on a specific link, use the Post Acceleration
Aggregation section of the My Links table under Setup tab. For details, see
Editing Links, on page 89.
272 C h ap t er 7: Optimizing Acceleration Services
Note: To prevent any option for by-pass mode, connect one cable to ETH 0 port
i
and the other cable to either ETH 0/0 or ETH 0/1 port. However, you may want to
use ETH 0 port for Management, in which case both ETH 0/0 and ETH 0/1 ports
will be connected to cables, and a by-pass mode may be enabled.
To connect cables to both ETH 0/0 and ETH 0/1 ports, and still prevent any
option of by-pass mode, ensure that both cables are of the same type (either
Cross or Straight), and that none of the devices connected to the ETH 0/0 and
ETH 0/1 ports has an MDIX.
i Note: The pre-shared key must be identical on both sides of the link, otherwise
the link will not be established.
274 C h ap t er 7: Optimizing Acceleration Services
Note: Defining crypto mode requires entering first a pre-shared key (password).
i
For details, see Configuring an IKE Policy, on page 273.
None—disables the configuration of IPSec links.
Strict—allows only encrypted traffic to pass the box at all times.
Split-Tunneling—allows clear traffic to pass only after all IPSec
links have been established. (See Note)
Lenient—allows clear links to pass traffic regardless of IPSec links
status.
Note: If you choose strict mode, any traffic whose destination is a local subnet is
i
not accelerated. This is because in Strict mode, the IPSec guards only the traffic
exiting its subnet. This means if a packet comes through the non-link to a local
subnet, the Accelerator will let it pass even if the packet contains clear text and
the traffic will not be blocked. However, traffic that is sent to an unknown subnet
or a remote subnet to which no link is present will be dropped.
i Note: The ESP algorithm you define here as ESP algorithm 1 is the default
algorithm that will be activated when enabling the IPsec on a link.
In addition, IPSec services are license dependent. You are supplied with a
temporary license when you install the software that is valid for 30 days. You will
need to change this license into a permanent license to prevent loss of IPSec
services.
Note: Should your license expire, the IPsec link will be down. This prevents the
i
local Accelerator from informing the remote Accelerator that the license is
dropped. The remote Accelerator therefore, will not be able to list in its log that
its remote IPsec license is dropped.
Note: When you edit existing links, you choose whether to enable IPsec on the
i
link, and which IPsec policy to apply. For details, see Applying IPsec Policies on
a Link, on page 276.
Note: IPSec uses the primary IP address of the Accelerator to create the IPSec
i
tunnel. If you use a protocol that uses an IP address other than the primary (as
is done in virtual IP addresses) the traffic sent out will be dropped. Therefore it is
not recommended to use IPsec in conjunction with features that use virtual IP
addresses (as in HSRP and VRRP).
276 C h ap t er 7: Optimizing Acceleration Services
Note: You will not be able to apply an IPsec policy on a link if the Crypto mode is
i
“None”.
To terminate the SA time and replace the encryption key immediately, click the
SA Link Renegotiate button. To disable the IPsec on the link, click the Disable
IPsec on Link button.
5. Make sure that the remote and local NAT IP address has been configured, by
clicking Setup > My Links and the Advanced button and then opening the IPSec
Menu, by clicking on the + sign. Make sure that the Enable IPSec checkbox is
checked and that the Local and Remote NATIP address fields are complete. For
further assistance on the link setup, see Editing Links, on page 89.
278 C h ap t er 7: Optimizing Acceleration Services
You can configure the Accelerator via CLI via Telnet, SSH, or direct Console
connection. Alternatively, you can configure the Accelerator via WebUI, accessed
by using HTTP or HTTPS. Logging can be sent to SNMP or SyslogD servers and
can be sent via email.
Note: By default, all options mentioned above are enabled (Telnet, SSH, direct
i
console, HTTP and HTTPS). To disable a specific service, see Configuring
AAA, on page 338.
This chapter contains information on the following:
Studying the ExpandView System, on page 282
Using Out-of-Band Management, on page 284
Using SNMP, on page 285
Receiving Log Error Messages, on page 287
282 C h ap t er 8: Configuring Management Options
Note: any change made outside of Expand View will be overwritten by the
i configuration settings that are sent from Expand View. If you have
ExpandView installed, it is not recommended to make configuration
changes via AcceleratorOS, or the CLI.
Using SNMP
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP
agent for monitoring performance statistics from a Network Management System
(NMS). In addition, the Accelerator can send SNMP traps to the NMS and other
network devices. To work with the Accelerator’s SNMP management, you have to
update the network’s SNMP settings in the Accelerator. Define the following SNMP
Communities and enable traps (if requested).
Figure 2: SNMP
286 C h ap t er 8: Configuring Management Options
The SNMP Version 3 default initial user name is expand_user and the default
i
initial password is expand_initial_password. If you are entering a new
password, spaces may not be used.
Parameter
Description
Item
Facility The Facility setting sets the Syslog level (0-23), as follows:
0—kernel messages
1—random user-level messages
2—Mail system
3—system daemons
4—security/authorization messages
5—messages generated internally by syslog
6—line printer subsystem
7 —network news subsystem
8—UUCP subsystem
9 —clock daemonother codes through 15 reserved for system use
16—reserved for local use
17 —reserved for local use
18—reserved for local use
19—reserved for local use
20 —reserved for local use
21—reserved for local use
22—reserved for local use
23—reserved for local use
Server IP Enter the IP address of the Syslog server.
Address
Severity Select the maximum severity that you want to be notified about by email, the
Maximum default is Fatal. Other choices include: Error, Warning, or Information. It is best
that the maximum level be higher than the minimum level. The hierarchy of
error messages from least to most is information, warning, error and fatal.
Severity Select the minimum severity that you want to be notified about by email, the
Minimum default is Information. Other choices include: Fatal, Error, and Warning. It is
best that the minimum level be lower than the maximum level. The hierarchy of
error messages from least to most is information, warning, error and fatal.
Parameter
Description
Item
From Enter the information you want to appear in the From field of the e-mail when it is
received. This can either be text (as in your name) or an e-mail address. Make sure
you have checked your spam filter settings if needed.
Recipient Enter the e-mail address to which the e-mail should be sent. Make sure the e-mail
address is valid and correct.
Subject Enter the subject that you want to appear in the subject field of the e-mail. This subject
will be used each time the mail message is sent.
Server IP Enter the IP address of the e-mail server
Address
Server port Enter the port number that the e-mail server uses. The default is 25
Severity Select the maximum severity about which you want to be notified by email; the default
Maximum is fatal. Other choices include: Error, Warning, or Information. It is best that the
maximum level be higher than the minimum level. The hierarchy of error messages
from least to most is information, warning, error and fatal.
Severity Select the minimum severity about which you want to be notified by email; the default
Minimum is Information. Other choices include: Fatal, Error, and Warning. It is best that the
minimum level be lower than the maximum level. The hierarchy of error messages
from least to most is information, warning, error and fatal.
290 C h ap t er 8: Configuring Management Options
Adding WANs
The Accelerator arrives preconfigured with one default WAN. To define the
bandwidth setting for this default WAN, select Setup >My Accelerator > Basic
menu, and then click the Advanced Settings button to open the Advanced
Settings screen. See Defining Advanced Settings, on page 32.
On large networks (for example in cases where there are two routers or one router
with multiple WAN interfaces) in which the Accelerator will optimize the traffic of
more than one WAN, you can add additional WANs to the Accelerator.
Parameter Description
Bandwidth Out Select the outbound bandwidth maximum value
Strict Priority Out Select Enable to enable encrypted outbound traffic to have priority, Disable to
disable.
Burst Out If you want to allow “greedier” outbound traffic to temporarily take more
bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it
will only take what hasn’t been taken by any other application, up to the fixed
amount or up to the maximum available), then do one of the following:
• Select Always Allow Burst Out to always allow bandwidth bursts on
outgoing traffic. This will allow the Accelerator to automatically adjust the
bandwidth and to allow bursts in bandwidth where needed.
• Deselect Always Allow Burst Out and select a limit to the burst, using the
Burst Out drop-down menu. This will allow bursts of bandwidth on the
outbound traffic up to the amount selected. If there is more bandwidth
available the application will not use it.
Enable Bandwidth Select the Enable Bandwidth In checkbox to set a bandwidth limit on
In incoming traffic, then select the Bandwidth In value.
Strict Priority In Select Enable to enable encrypted inbound traffic to have priority, Disable to
disable.
Burst In If you want to allow “greedier” inbound traffic to temporarily take more
bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it
will only take what hasn’t been taken by any other application, up to the fixed
amount or up to the maximum available), then do one of the following:
• Select Always Allow Burst In to always allow bandwidth bursts on
outgoing traffic. This will allow the Accelerator to automatically adjust the
bandwidth and to allow bursts in bandwidth where needed.
• Deselect Always Allow Burst In and select a limit to the burst, using the
Burst In drop-down menu. This will allow bursts of bandwidth on the
outbound traffic up to the amount selected. If there is more bandwidth
available the application will not use it.
4. Click Add and the new WAN will appear below the default-WAN in the WAN
table.
To delete a WAN:
Highlight a WAN and use the Delete button if at any point you want to delete a
WAN.
294 C h ap t er 9: Setting Advanced Parameters
To edit a WAN:
To edit an existing WAN, highlight the WAN in the WAN Table and click the Edit
WAN button. The Edit WAN popup appears, letting you modify the fields you set
previously (explained in the table above). Click Submit to confirm your changes.
Handling Interfaces
Note: The total WAN bandwidth will always be enforced. It is the sum of all
i
WANs configured for the Accelerator
The Accelerator automatically detects the MAC address and Speed and Duplex
settings for each of its interfaces. You can perform all required speed and duplex
setting modifications via the My Interfaces menu. The interface name corresponds
to the name printed on the back panel of the Accelerator and cannot be modified.
The MAC address is permanent and cannot be modified.
The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or
1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex.
The Auto setting automatically configures the Accelerator to the detected link speed
and duplex setting (this is the default setting).
Note: Setting wrong interface speed and duplex values for the Accelerator may
i
result in many errors on the line towards the router, and even loss of connectivity.
If you are uncertain as to the speed and duplex setting required, you can use the
Auto setting; however, you are advised to manually set the speed and duplex.
To edit an interface:
1. Click the following sequence: Setup > Advanced > My Interfaces.
2. In the Interfaces Table, click on the name of the Interface to be modified.
3. The edit dialog box opens. Information about the interface (MAC address, name,
hardware type, etc.) is given and cannot be modified.
4. The following parameters however can be modified as follows:
Parameter Description
Link Mode Choose the link speed in Mbits and if the link is to be full or half duplex.
Bridged State When enabled, allows all Interfaces to receive the same logical IP as the
Accelerator. When disabled, you will have to enter the IP address and subnet
mask of the interface in the fields that follow.
IP Address The IP address of the interface. This is only enabled, when the Bridged state
(above) is Disabled.
Mask The Subnet mask of the interface. This is only enabled, when the Bridged state
(above) is Disabled.
5. Click Submit.
Note: It is unusual for the Native VLAN to be tagged. Please check if indeed it
i
is. Otherwise the IP address in the Local Interface will act in the Native VLAN
Configuring DNS
The Domain Name Server (DNS) Configuration screen lets you manage Domain
Name Servers and define domain name, domain name search path and static
hosts.
Dial-on-Demand
You can deploy the Accelerator in environments that have routers with dial-up (dial-
on-demand) interfaces.
These interfaces initiate a call (dial to) the remote end (typically over ISDN or
Satellite links) when “interesting” traffic is being sent. After a specific quiet period,
the link goes down again until new “interesting” traffic is sent.
Link establishment of the dial-up interfaces and connectivity time can be fairly
expensive. Therefore you may sometimes want to keep the link down until new
“interesting” traffic is forwarded via the link. The Accelerator poses a problem in
these environments as it uses a keep-alive mechanism to check the health of the
link between the remote sites. By default, the keep alive messages are considered
“interesting” and will keep the dial-up link alive (and costly).
The dial-on-demand solution enables the Accelerator to support dial-on-demand
environments by not sending keepalive messages.
i Note: Both peers must configure the link in dialup mode with the same time out.
i Note: Connecting to a link by using its HSRP address will not work.
306 C h ap t er 9: Setting Advanced Parameters
This chapter explains how to get added resiliency and redundancy with the use of
one or more Accelerators. The features documented in this chapter are hardware
specific and the Accelerator you purchased may or may not feature all of these
benefits. Where noted the feature is model specific. If you want to change your
Accelerator model to be able to use these features, contact your account
representative.
The topics in this chapter include:
RAID, on page 308
Multi-Port Support, on page 311
Router Redundancy Protocols, on page 315
308 C h ap t er 10: Resiliency and Redundancy
RAID
Topics in this section include:
About RAID, on page 308
RAID Support in Accelerators' Hard Drives, on page 308
About RAID
RAID (redundant array of independent disks) is a way of storing the same data in
different places (thus, redundantly) on multiple hard disks. By placing data on
multiple disks, I/O (input/output) operations can overlap in a balanced way,
improving performance. Since multiple disks increases the mean time between
failures (MTBF), storing data redundantly also increases fault tolerance.
A RAID appears to the operating system to be a single logical hard disk. RAID
employs the technique of disk striping, which involves partitioning each drive's
storage space into units ranging from a sector (512 bytes) up to several
megabytes. The stripes of all the disks are interleaved and addressed in order.
In a single-user system where large records, such as medical or other scientific
images, are stored, the stripes are typically set up to be small (perhaps 512 bytes)
so that a single record spans all disks and can be accessed quickly by reading all
disks at the same time.
In a multi-user system, better performance requires establishing a stripe wide
enough to hold the typical or maximum size record. This allows overlapped disk I/O
across drives.
Figure 1: RAID-1
Figure 2:RAID-5
Using the CLI, you can view the list of disk drives, the disk status, and remove
faulty disks. To get the CLI commands for these options, click on one of the
following links:
(RAID) add-disk, on page 614
(RAID) remove-disk, on page 615
(RAID) show, on page 616
(RAID) exit, on page 615
Multi-Port Support
Specific Accelerator models (6850, 6950, 7930, and 7940) feature ports that are
designed with optical or copper fail-to-wire circuitry in order to provide maximum up
time for the network. This feature is particularly useful in the event of a host system
failure, power off, or upon software request. In such instances, a crossed
connection loop-back is created between the Ethernet ports and traffic is not
affected. Hence, in by-pass mode all packets received from one port are transmitted
to the other port and vice versa. This feature enables the ports to by-pass a failed
system and provides maximum up time for the entire network.
Accelerator models 6850, 6950, 7930 and 7940 have port pairs. In the 6x50, the
port number is the numerator (the top of the fraction) and you should make sure to
use both ports from the same pair. For example, ETH0/0 and ETH0/1 are pairs. The
port pairs are shown in below:
These ports are a These ports are a
pair pair
314 C h ap t er 10: Resiliency and Redundancy
For information on Go to
Installing a multi-port Accelerator Connecting and Configuring Multi-Port
Accelerators, on page 14
Getting information on, or selecting a Handling Interfaces, on page 295
specificAccelerator interface
Enabling NetFlow on a specific Accelerator Enabling NetFlow, on page 72
interface
Receiving a statistic detailing the data displayed Configuring the Ethernet Statistics Display Fields,
on the monitoring graphs per a specific on page 69
Accelerator interface
Enabling AccDump on a specific Accelerator Accdump, on page 377
interface
Initiating by-pass Working with By-pass Mode, on page 16 and in
the CLI, By-pass Mode Commands, on page
762.
VRRP works in much the same way. In general, the Master device is configured to
have the highest priority and is active in the group. It acquires the Virtual IP
address of the group, but does not have management functionality of the Virtual IP,
only the transfer capabilities. The Backup devices perform the standby function. The
VRRP can include many backup devices, and this protocol does not support
knowing, at any given time, which backup device takes over in the event of failure.
Hosts continue to forward IP packets to a consistent IP and MAC address, and the
changeover of devices is transparent. The recovery time of the VRRP is about three
316 C h ap t er 10: Resiliency and Redundancy
times faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in
VRRP).
Accelerators can take part in HSRP and VRRP and work in tandem with the
routers that provide backup for the network. The following figures display an
Accelerator application working with routers in a virtual HSRP and VRRP group.
The Accelerator and routers are configured with the MAC address and the IP
network address of the virtual HSRP/VRRP group.
The Accelerator is configured to have the highest priority and work as the Active/
Master device. It is configured with the IP address and MAC address of the virtual
router and forwards any packets addressed to the virtual router.
In HSRP, one of the routers acts as the Standby router, so that if, due to severe
power failure or any other unlikely event, the Accelerator stops transferring
packets, the router protocol gets into effect and the router assumes the duties of
the Accelerator and becomes the Active device.
In VRRP, both routers are configured as backup routers. Therefore, if due to
severe power failure or any other unlikely event the Accelerator stops transferring
packets, one of the backup routers assumes the duties of the Accelerator.
HSRP
The AcceleratorOS lets you set up HSRP groups, either manually or by automatic
detection.
The following sections describe the options for configuring HSRP groups.
Enabling HSRP Automatic Detection, on page 317
Setting Manual HSRP Configuration, on page 318
(config) HSRP autodetect, on page 641
i Note: If you have a network with multiple Accelerators, you must enable the
same HSRP services on every appliance.
Note: IPSec uses the primary IP address of the Accelerator to create the IPSec
i
tunnel. If you use a protocol that uses an IP address other than the primary (as
is done in virtual IP addresses) the traffic sent out will be dropped. Therefore it is
not recommended to use IPsec in conjunction with features that use virtual IP
addresses (as in HSRP and VRRP).
i Note: If you have a network with multiple Accelerators, you must enable the
same HSRP services on every appliance.
VRRP
Unlike HSRP, you cannot configure VRRP automatically and must add it manually.
Parameter
Description
Item
Group ID You must enter a group number, even if the target group is group 0. Accelerator
VRRP does not have a default group number.
Virtual IP All devices in the VRRP group must have the same Virtual IP address.
Priority Setting the Accelerator’s priority lets you select its status in the VRRP group.
If two devices in the VRRP group have the same priority, the Active router is set
according to IP address. Expand does not recommend this setup.
Once the Accelerator is set to have the highest priority, it becomes the active router
in the VRRP group.
Parameter
Description
Item
Preempt Preempt is used for determining how to react when a higher priority router joins the
group. When enabled, the higher priority router will prevail, when disabled, the
higher priority router will assume the Standby mode until the current Active router
experiences a failure.
Setting the Accelerator to enable preempt is useful when you want the Accelerator to
remain active as much as possible. On the other hand, the change-over between
one device and another can take two to three seconds, during which the network
has no default gateway, so you have to use preempt carefully.
Timer Sets the interval between the Hello messages sent between VRRP group members.
All devices in the VRRP group must have the same Timer setting. If for some reason
you have to modify this setting, you should modify it for all devices in the group. The
default setting is 1.
VRRP over If the Accelerator is part of a VLAN, operating with VRRP requires updating the
VLAN VLAN group number (1 to 4094).
322 C h ap t er 10: Resiliency and Redundancy
In the event that ExpandView is not available, you can use the AcceleratorOS
WebUI to configure a MACC without using ExpandView. On the PC that has the
Mobile Accelerator Client installed, you can edit the XML file that contains the
MACC configuration and then import this file to the Mobile Accelerator Client.
Additional configurations can be implemented via the AcceleratorOS CLI.
Topics in this chapter include:
Overview, on page 324
Configuring the Mobile Accelerator Client, on page 326
Monitoring Collective Branch Statistics, on page 330
324 C h ap t er 11: Working with Mobile Accelerators
Overview
If this is your first time working with the Mobile Accelerator Client, a basic
understanding of the terminology may prove to be helpful. See the diagram below.
Note: A note about distributed POAA: In order to help links that are subject to
i congestion, you can implement POAA (or Post Acceleration Aggregation)
parameters. Unlike standard POAA, where packets are aggregated and sent
to one Accelerator, distributed POAA, combines the packets meant for
multiple MACCs within the Collective Branch and sends them as one large
packet to the first MACC whose destination is received by the Accelerator.
The MACC that receives the packet will deliver the smaller packets to the
other recipients over the LAN. This allows the bandwidth to be maximized and
doesn't congest the pipe with smaller packets and lots of ACK replies.
Packets
In Packets Number of input packets
Out Packets Number of outgoing packets
Packets
Discarded In Packets Incoming packets that were discarded by a rule with discard policy
Errors
CRC Errors Number of CRC-errored packets received
Other Errors Unexpected errors received
Errors
Acceleration
In Acceleration Inbound Acceleration percentage
Out Acceleration Outbound Acceleration percentage
334 C h ap t er 11: Working with Mobile Accelerators
Note: This will clear all of the statistics counters, so make sure you want to do
i this before proceeding.
This chapter describes the various methods for ensuring security within the
Accelerator.
This chapter includes the following sections:
Studying the AcceleratorOS AAA, on page 336
Configuring AAA, on page 338
Auditing Administration Activities, on page 343
Locking and Unlocking the Keypad, on page 344
336 C h ap t er 12: Security
Setting different user roles, allowing different access levels to the system is
supported with pre-defined roles available in the system. Definition of new roles is
user-configurable.
AAA includes auditing of all major operations performed on the Accelerator into log
entries saved in the system log files and routable to email message, syslog server
and SNMP trap.
338 C h ap t er 12: Security
Configuring AAA
The following Configuration options are available:
Configuring Users, on page 338
Viewing the Authentication Servers, on page 340
Defining the Security Settings, on page 342
Configuring Users
Deleting Users
To delete an Accelerator user:
1. Click on Setup followed by Security.
2. In the User’s menu, highlight the line in the User’s Table that includes the name
of the user to be deleted. Click the Delete button.
3. Click the Submit button to apply settings.
340 C h ap t er 12: Security
3. In the Add New Authentication Server dialog box, enter the following information:
Name Description
Server Name The name of the server you want to add.
Server Type The server type (Radius or Tacacs).
IP Address The new server’s IP address.
Server Port The server’s port.
Server Order Defines whether the server is the first, second or third to be addressed.
Encryption Key The server’s encryption key
Server Time out Time period after which the connection times out.
4. Click Submit.
In the Authentication menu, scroll down in the 1 field to set the first level of
Authentication. In the 2 field set the second level of Authentication and so on.
It is recommended that the first level be set to Local.
2. Click the Submit button.
Turning By-pass On
You can lock the Accelerator’s keypad via the LCD, the WebUI or the CLI. To
unlock the keypad, enter the unlock sequence. The default unlock sequence is
Right button, Left button, Up button, Down button, Enter. You can modify the lock
sequence via the WebUI as described in section Locking and Unlocking the
346 C h ap t er 12: Security
Keypad, on page 344, or via the CLI, as described in section (config) lcd lock, on
page 755.
Product ID
Management IP
Management Mask
This chapter describes troubleshooting procedures for the Accelerator and explains
Accelerator alerts and events, as follows:
Carrying out the Troubleshooting Procedure, on page 348
Password Issues, on page 349
Checking the Event Log, on page 352
Displaying Information for Troubleshooting, on page 355
Checking the Link Status, on page 356
Checking Ethernet Settings, on page 357
Checking Lack of Acceleration, on page 360
Checking Link Malfunction, on page 361
Checking for a Corrupted Terminal, on page 362
348 C h ap t er 13: Troubleshooting
Password Issues
Topics in this section include:
Resetting the Password, on page 349
Choosing a Legal Password, on page 349
Note: You must connect to the Accelerator you want to reset using a Console
i
connection.
Password Strength
A password that is strong enough is considered to be valid. A strong password has
the following:
At least 6 characters if in mixed character types
At least 8 characters if in the same character type
Is not composed of a dictionary word (meaning a string of letters that
can be recognized as an English word) or a reverse dictionary word
(in either mixed case or with letters separated by other characters)
Is not a keyboard sequence
Is not a numerical sequence
Is not a palindrome
Is not considered to be too simplistic or too systematic
There are no maximum limits for character length, but it is not advised to make the
password too long, which increases the possibility of a typographical error.
Password
Good/Bad Comments
Choice
dfghkeg Bad characters in all the same character type. This password is too
short if it is to be of the same character type
dfghke9 Good 7 characters, but it is combined of two character types
AeFgL9 Good Only 6 characters but it has 3 character types
31415926 Good 8 characters in length meets the minimum for a single
character type password
1122332211 Bad Although this password is appropriate in length, it is a
palindrome.
Network Bad Although it is appropriate in length and is mixed case, it is a
dictionary word.
Admin223 Good Contains mixed text of appropriate length.
Li!tt!le Bad Contains a dictionary word
Qwerty Bad Contains keyboard sequence
Displaying Statistics in a
Compressed, Archived File
The statistics displayed by using the method described above is one of the logs that
you can concentrate to create one compressed archive file. For details, see section
Archiving Log Files, on page 376.
356 C h ap t er 13: Troubleshooting
Description.............................ethernet 0/0
MAC.....................................00:02:B3:C8:4E:9C
Hardware type...........................mii
Link mode...............................auto (100Mbit-Full) -
link is up
Link detected...........................yes
Supports auto-negotiation...............yes
Supports link modes.....................10baseT/Half 10baseT/
Full
100baseT/Half 100baseT/Full
358 C h ap t er 13: Troubleshooting
Last 30 Secs
LAN throughput data System Up Since Clear
In Frame Error 0 N/A N/A
In Overruns 0 N/A N/A
Dropped In Packets 0 N/A N/A
In Total Errors 0 N/A N/A
Out Collisions 0 N/A N/A
Out Lost Carrier 92 N/A N/A
Out Underruns 0 N/A N/A
Out Total Errors 92 N/A N/A
Ensure that Speed and Duplex settings are set correctly. Expand recommends
using the following command to manually set Speed and Duplex values:
Command l i nk -m o de
1 0 0M bi t -f u ll 1 0 0 Me g a b it f u ll d u pl e x
1 00 Mb i t- h al f 1 00 M e ga bi t h al f d up l ex
1 0M bi t -f u ll 1 0 M eg a b i t fu l l du p le x
1 0M bi t -h a lf 1 0 M eg a b i t ha l f du p le x
a ut o A u to
The Accelerator Tools let you manage AcceleratorOS upgrade versions, save and
replace the Accelerator’s configuration file and perform tasks such as traceroute
and ping.
This chapter contains the following sections:
Upgrading the AcceleratorOS Software, on page 366
Using the Configuration Tools, on page 368
Using the General Tools, on page 370
Managing User Files, on page 374
Viewing System Information, on page 375
Archiving Log Files, on page 376
Accdump, on page 377
366 C h ap t er 14: Using the Accelerator Tools
To upgrade software:
1. Click on the Tools tab, followed by Upgrade.
2. Scroll down in the Copy method field, to select the way the file will be copied
(FTP, TFTP or HTTP).
3. In the fields provided, enter the User Name, Password and IP address of the
device from which the files are to be copied.
4. Enter the path to the file, followed by the file name (the file will be a *.tgz file).
5. Click the Submit button to copy the file to the user area.
6. Reboot the Accelerator with the new file name.
After rebooting, the Accelerator extracts the file and runs it.
7. Select Locally stored on Accelerator to upgrade to an AcceleratorOS version
that is stored locally on the Accelerator, in case of a hard drive-based
Accelerator. Alternatively, if your Accelerator uses a Compact Flash card, at least
10 MB of free space is provided on the card for file extraction.
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that
i
two new preconfigured applications were added in this version that may affect
user-defined applications on the same ports. If applications have been
configured for port of 1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in the preconfigured
application before performing an upgrade.
If an application exists for a list of ports or range of ports that include the
specified port numbers (1928 and 2598), remove these ports from the list or
range, and create applications expand-internal with port 1928, and citrix-ica-sr
with port 2598. Then change the policy-rules to match also this application.
368 C h ap t er 14: Using the Accelerator Tools
To send a traceroute:
1. Click Tools followed by General Tools.
2. Under Traceroute, in the Destination IP Address field, enter the IP address of
the device to which the traceroute is to be sent.
3. In the Maximum Number of Hops field, enter the maximum length the packet
can travel before arriving at the designated destination (default is 30).
4. Click the Trace Route button.
372 C h ap t er 14: Using the Accelerator Tools
2. Use the Log Archive Prefix field to set the prefix for the log file you want to create
(default: acclog). The suffix is predetermined by the system (time stamp).
3. Click the Create Log Archive button to create a new log archive.
The newly created log file now appears in the log archive files table.
To download one file or more, select these files in the table and click the
Download button.
To delete one file or more, select these files in the table and click the Delete
button.
Accdump
i Note: This feature is only available to Accelerators that are configured with a hard
drive.
The Accdump feature lets you download and display tcpdump information from the
system, namely: to intercept and display TCP/IP and other packets being
transmitted or received over a network to which the computer is connected. You
can capture the tcpdump information from various sources, and select whether to
receive this information from all these sources or only from a single source. Note
that once the Accdump is activated a new file will be created for approximately
every 10MB of data. This data is stored in the user area of the Accelerator as a zip
file in the following format/location: /user_area/ACCDumpfiles*.zip.
See the following for more information:
Enabling Accdump, on page 378
Deleting Accdump Files, on page 380
Downloading Accdump Files, on page 380
Enabling Accdump
For more information on Accdump, see Accdump, on page 377. To download an
Accdump file, see Downloading Accdump Files, on page 380. To delete an
Accdump file, see Deleting Accdump Files, on page 380.
To enable Accdump:
1. Click Tools followed by Accdump.
2. Click on the scroll box near the Accdump field, and select the Enabled option to
start the Accdump operation.
3. Under Interface, select whether to enable all interfaces (Any), none available (N/
A) or a particular interface.
The Interface drop-down menu shows all detected Accelerator interfaces.
Additional ports are shown only for platforms which support multi-port. If optional
panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI
shows only the amount of available ports, as indicated in the following figure:
i Note: The number of files cannot exceed 999, and the maximum size of all files
combined must not exceed 1GB. Note too, the files are saved in a cyclic manner.
5. If you want to use one or more optional flags, enter these flags in the Optional
Flags field. For a detailed description of the optional flags, see TCPDump
Optional Flags, on page 425.
6. If you do not want to dump all of the packets (default), you can use the Filter
Expression field to intercept only packets that come from a specific source or IP
address, are destined to a specific port or IP address, or belong to a specific type.
For some examples, see the following table which also uses the TCP optional
flags as part of the expression for the filter. The entire flag list is found in the
section TCPDump Optional Flags, on page 425:
7. Use the File Format scroll box to select in which file format the files are to be
saved and downloaded to the local host. The available types are Pcap (saves the
default format) and Enc (reformats the file).
Having set all the requested definitions, you are now ready to enable
Accdump and download the tcpdump files. Alternatively, if you want to
380 C h ap t er 14: Using the Accelerator Tools
revert to default values, click the Set Default Values button and
confirm this operation.
8. Click the Submit button.
9. Click OK to confirm the operation. To stop the Accdump operation, click on the
scroll box near the Accdump field and select the Disabled option. When you
enable the Accdump feature again, all existing Accdump files are deleted.
10. if you want to download the Accdump file, see Downloading Accdump Files, on
page 380.
The following table lists all applications that are predefined in the Accelerator, their
port/protocol number and whether they are monitored by the Accelerator by default.
Automatically
Application Port/Protocol Number
Monitored?
tcpmux 1 No
compressnet-mgmt 2 No
compressnet 3 No
echo 7 No
discard 9 No
systat 11 No
daytime 13 No
qotd 17 No
msp 18 No
chargen 19 No
ftp-data 20 Yes
ftp 21 Yes
ssh 22 Yes
telnet 23 Yes
priv-mail 24 No
smtp 25 Yes
nsw-fe 27 No
msg-icp 29 No
msg-auth 31 No
dsp 33 No
priv-print 35 No
time 37 No
rap 38 No
graphics 41 No
nicname 43 No
382 A p pe n di x A: Pre-Defined Applications
Automatically
Application (Continued) Port/Protocol Number
Monitored?
ni-ftp 47 No
auditd 48 No
tacacs 49 No
xns-time 52 No
domain 53 Yes
xns-ch 54 No
isi-gl 55 No
xns-auth 56 No
priv-term 57 No
xns-mail 58 No
priv-file 59 No
ni-mail 61 No
acas 62 No
whois++ 63 No
covia 64 No
tacacs-ds 65 No
sql*net 66 No
gopher 70 No
priv-dialout 75 No
deos 76 No
priv-rje 77 No
vettcp 78 No
finger 79 No
http-www 80 Yes
hosts2-ns 81 No
xfer 82 No
mit-ml-dev 83 No
ctf 84 No
mfcobol 86 No
priv-termlink 87 No
su-mit-tg 89 No
dnsix 90 No
mit-dov 91 No
npp 92 No
dcp 93 No
objcall 94 No
dixie 96 No
Automatically
Application (Continued) Port/Protocol Number
Monitored?
swift-rvf 97 No
tacnews 98 No
metagram 99 No
newacct 100 No
hostname 101 No
iso-tsap 102 No
gppitnp 103 No
acr-nema 104 No
csnet-ns 105 No
3com-tsmux 106 No
snagas 108 No
pop2 109 No
pop3 110 Yes
mcidas 112 No
auth 113 No
audionews 114 No
ansanotify 116 No
uucp-path 117 No
sqlserv 118 No
nntp 119 No
erpc 121 No
smakynet 122 No
ansatrader 124 No
locus-map 125 No
unitary 126 No
locus-con 127 No
gss-xlicen 128 No
pwdgen 129 No
cisco-fna 130 No
cisco-tna 131 No
cisco-sys 132 No
ingres-net 134 No
endpoint-mapper 135 No
profile 136 No
netbios-ns 137 Yes
netbios-dgm 138 Yes
netbios-ssn 139 Yes
384 A p pe n di x A: Pre-Defined Applications
Automatically
Application (Continued) Port/Protocol Number
Monitored?
emfis-data 140 No
emfis-cntl 141 No
bl-idm 142 No
imap2 143 Yes
uma 144 No
uaac 145 No
iso-tp0 146 No
iso-ip 147 No
jargon 148 No
aed-512 149 No
sql-net 150 No
bftp 152 No
netsc-prod 154 No
netsc-dev 155 No
sqlsrv 156 No
knet-cmp 157 No
pcmail-srv 158 No
nss-routing 159 No
snmp 161 Yes
snmptrap 162 Yes
xns-courier 165 No
s-net 166 No
namp 167 No
rsvd 168 No
send 169 No
print-srv 170 No
multiplex 171 No
cl-1 172 No
xyplex-mux 173 No
mailq 174 No
vmnet 175 No
genrad-mux 176 No
nextstep 178 No
bgp 179 No
ris 180 No
unify 181 No
audit 182 No
Automatically
Application (Continued) Port/Protocol Number
Monitored?
ocbinder 18 No
ocserver 184 No
remote-kis 185 No
kis 186 No
aci 187 No
mumps 188 No
qft 189 No
gacp 190 No
prospero 191 No
osu-nms 192 No
srmp 193 No
irc 194 No
dn6-nlm-aud 195 No
dn6-smm-red 196 No
dls 197 No
dls-mon 198 No
smux 199 No
src 200 No
at-rtmp 201 No
at-nbp 202 No
at-3-5-7-8 203 No
at-echo 204 No
at-zis 206 No
quickmail 209 No
z39-50 210 No
914c-g 211 No
anet 212 No
vmpwscs 214 No
softpc 215 No
cai-lic 216 No
dbase 217 No
mpp 218 No
uarps 219 No
imap3 220 No
fln-spx 221 No
rsh-spx 222 Yes
cdc 223 No
386 A p pe n di x A: Pre-Defined Applications
Automatically
Application (Continued) Port/Protocol Number
Monitored?
peer-direct 242 No
sur-meas 243 No
daynachip 244 No
link 245 No
dsp3270 246 No
bh-fhs 248 No
ldap 389 Yes
https 443 Yes
smtps 465 No
exec 512 No
login 513 No
shell 514 No
printer 515 No
talk 517 No
ntalk 518 No
ibm-db2 523 No
uucp 540 No
rtsp 554 No
nntps 563 No
banyan-vip 573 No
alternate-http 591, 8008, 8080 No
sshell 614 No
ldaps 636 No
doom 666 No
ftps-data 989 No
ftps 990 No
telnets 992 No
ircs 994 No
pop3s 995 No
notes 1352 Yes
timbuktu-srv 1419 No
ms-sql-server 1433 No
ms-sql-monitor 1434 No
ms-sna-server 1477 No
ms-sna-base 1478 No
citrix-ica 1494 Yes
sybase_sqlany 1498 Yes
Automatically
Application (Continued) Port/Protocol Number
Monitored?
t-120 1503 No
oracl-tns 1521, 1526, 1527 No
ingres-lock 1524 No
oracl-srv 1525 Yes
oracl-coauthor 1529 No
oracl-remdb 1571 No
oracl-names 1575 No
america-online No
h323 1720 No
oracl-em1 1748 No
oracl-em2 1754 No
ms-streaming 1755 No
ms-sms No
ms-mqs 1801, 2101, 2103, 2105 No
oracl-vp2 1808 No
oracl-vp1 1809 No
openwindows 2000 No
gupta-sqlbase 2155 No
cvs-pserver 2401 No
citrix-ica-sr 2598 No
sybase-sqlanywhere 2638 No
ccmail 3264 No
ms-terminal-server 3389 Yes
sap-r3 3200 No
ibm-db2-conn-svc 3700 No
ibm-db2-int-svc 3701 No
ichat 4020 No
pc-anywhere-data 5631 No
xwin Yes
ircu No
vdolive 7000 No
realaudio 7070 No
cu-seeme No
alternate-rtsp 8554 No
the-palace No
quake 26000 No
filenet-RPC 32769 No
388 A p pe n di x A: Pre-Defined Applications
Automatically
Application (Continued) Port/Protocol Number
Monitored?
filenet-NCH 32770 No
kazaa 1214 No
gnutella-svc 6346 No
gnutella-rtr 6347 No
edonkey 4662 No
radius 1812 No
radius-acct 1813 No
groupwise 1677 No
smaclmgr 4660 No
nameserver 42 No
wins 1512 No
pcanywhere 65301 No
bittorent No
winmx 6699, 6257 No
microsoft-ds 445 Yes
rlp 39 No
re-mail-ck 50 No
la-maint 51 No
bootps 67 No
bootpc 68 No
tftp 69 Yes
kerberos 88 Yes
cfdptkt 120 No
ntp 123 Yes
xdmcp 177 No
ipx-tunnel 213 No
subnet-bcast-tftp 247 No
backweb 370 No
timbuktu 407 No
biff 512 No
who 513 No
syslog 514 No
ip-xns-rip 520 No
streamworks-xing-mpeg 1558 No
citrix-icabrowser 1604 No
h323-gatekeeper-disc 1718 No
h323-gatekeeper-stat 1719 No
Automatically
Application (Continued) Port/Protocol Number
Monitored?
ms-mqs-discovery 1801 No
ms-mqs-ping 3527 No
rtp 5004 No
rtcp 5005 No
pc-anywhere-stat 5632 No
ivisit 9943, 9945, 56768 No
l2tp 1701 No
sgcp 2427 No
hsrp 1985 No
timed 525 No
nfs 2049 Yes
dhcp 546, 547, 647, 847 Yes
mimix-dr1 Yes
mimix-ha1 Yes
mimix-rj 3777 Yes
novel-netware-over-ip 396 Yes
icmp 1 Yes
igmp 2 Yes
ipencap 4 Yes
egp 8 Yes
igp 9 Yes
trunk-1 23 Yes
trunk-2 24 Yes
leaf-1 25 Yes
leaf-2 26 Yes
ipv6 41 Yes
rsvp 46 Yes
gre 47 Yes
ipv6-crypt 50 Yes
ipv6-auth 51 Yes
ipv6-icmp 58 Yes
eigrp 88 Yes
ospf 89 Yes
ipip 94 Yes
pim 103 Yes
scps 105 Yes
ipcomp 108 Yes
390 A p pe n di x A: Pre-Defined Applications
Automatically
Application (Continued) Port/Protocol Number
Monitored?
ipx-in-ip 111 Yes
vrrp 112 Yes
l2tp-over-ip 115 Yes
stp 118 Yes
isis 124 Yes
Integrating the Accelerator into environments in which third party applications run
on the network sometimes requires a certain amount of fine tuning. This appendix
describes various environments and applications and how to best set them for
Accelerator performance.
This appendix covers the following topics:
Acceleration and Citrix Traffic, on page 392
Configuring NetFlow, on page 401
Disabling Compression on SAP, on page 404
Calculating Acceleration using other Applications, on page 406
392 A p pe n di x B: Accelerator Integration
Both RDP and Citrix can compress traffic sent to and from the servers. However,
these capabilities are limited, and do not perform as well as Expand’s Accelerator.
Both RDP and Citrix can encrypt traffic sent to and from the servers. However,
because encryption is random by definition, its very nature limits the ability of the
Accelerators to remove repetitive data.
Once set, the setting will replicate to the environment. To speed up the process,
you can manually update the group policy by running the following command from
the command line:
gpupdate /force
396 A p pe n di x B: Accelerator Integration
For RDP
Only compression can be set on the client and not encryption as previously
discussed regarding the Citrix client. The place to set these values depends on
how the RDP session is being launched. For most environments this will be done
through the Client Connection Manager.
When applications are added manually, the Accelerator still has to monitor the
control session (UDP), which is never encrypted or compressed.
400 A p pe n di x B: Accelerator Integration
Note: When creating Layer-7 Citrix applications in the Accelerator, the application
i names defined must match the application names exactly as entered into the
Citrix server
WARNING! Editing the registry or using a Registry Editor incorrectly can cause
! serious, system-wide problems that may require you to reinstall Windows to
correct them. Microsoft does not guarantee that problems resulting from the
incorrect use of Registry Editor can be solved. Back up your registry first and use
Registry Editor at your own risk.
Configuring NetFlow
The following configuration modifications are needed in order to use NetFlow with
the Expand Accelerator. While previous versions of AcceleratorOS included RMON,
the AcceleratorOS 6.0 and up integrates NetFlow support for detailed reporting.
This combination enables extracting statistics like in RMON’s Top Talker.
The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network
Optimization and Planning and Detection of Network Security Violations, as follows.
KNOWN LIMITATION—You can enable NetFlow only on ethernet or bridge and not
per link or virtual link.
You can configure only one NetFlow probe.
404 A p pe n di x B: Accelerator Integration
Application
Application MIME Types
andrew-inset applefile atomicmail
batch-SMTP beep+xml cals-1840
cnrp+xml commonground cpl+xml
csta+xml CSTAdata+xml cybercash
dca-rft dec-dx dialog-info+xml
dicom dns dvcs
EDI-Consent EDIFACT EDI-X12
epp+xml eshop fits
font-tdpfr http hyperstudio
iges im-iscomposing+xml index
index.cmd index.obj index.response
index.vnd iotp ipp
isup kpml-request+xml kpml-response+xml
mac-binhex40 macwriteii marc
mathematica mbox mikey
mpeg4-generic msword news-message-id
news-transmission ocsp-request ocsp-response
octet-stream oda ogg
parityfec pdf pgp-encrypted
pgp-keys pgp-signature pidf+xml
pkcs10 pkcs7-mime pkcs7-signature
pkix-cert pkixcmp pkix-crl
pkix-pkipath postscript prs.alvestrand.titrax-sheet
prs.cww prs.nprend prs.plucker
rdf+xml qsig reginfo+xml
remote-printing resource-lists+xml riscos
rls-services+xml rtf samlassertion+xml
samlmetadata+xml sbml+xml sdp
set-payment set-payment-initiation set-registration
set-registration-initiation sgml sgml-open-catalog
shf+xml sieve simple-filter+xml
simple-message- slate soap+xml
summary
Audio
Im age
M e ssage
Model
Multipart
Text
Video
You may encounter several TCP flags when using TCPDump. The AcceleratorOS
supports the following flags: -A, -e, -f, -l, -O, -p, -q, -R, -S, -t, -u, -v, -x, -X.
This chapter describes the uses of each of these flags.
-a
Print each packet (minus its link level header) in ASCII. Handy for capturing web
pages.
-e
Print the link-level header on each dump line.
-f
Print `foreign' IPv4 addresses numerically rather than symbolically (this option is
intended to get around serious brain damage in Sun's NIS server --- usually it
hangs forever translating non-local internet numbers).
The test for `foreign' IPv4 addresses is done using the IPv4 address and netmask
of the interface on which capture is being done. If that address or netmask are not
available, either because the interface on which capture is being done has no
address or netmask or because the capture is being done on the Linux “any”
interface, which can capture on more than one interface, this option will not work
correctly.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
Note: The use of the -l flag by the ‘|’ pipe is not supported in the WebUI, and
i
any attempt for such a use results in an error message.
426 A p pe n di x E: TCPDump Optional Flags
-O
Do not run the packet-matching code optimizer. This is useful only if you suspect a
bug in the optimizer.
-p
Don't put the interface into promiscuous mode. Note that the interface might be in
promiscuous mode for some other reason; hence, `-p' cannot be used as an
abbreviation for `ether host {local-hw-addr} or ether broadcast'.
-q
Quick (quiet?) output. Print less protocol information so output lines are shorter.
-R
Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829).
If specified, tcpdump will not print replay prevention field. Since there is no protocol
version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/
AH protocol.
-S
Print absolute, rather than relative, TCP sequence numbers.
-t
Don't print a timestamp on each dump line.
-u
Print undecoded NFS handles.
-v
When parsing and printing, produce (slightly more) verbose output. For example,
the time to live, identification, total length and options in an IP packet are printed.
Also enables additional packet integrity checks such as verifying the IP and ICMP
header checksum.
-w
When writing to a file with the -w option, report, every 10 seconds, the number of
packets captured.
-x
Print each packet (minus its link level header) in hex. The smaller of the entire
packet or snaplen bytes will be printed. Note that this is the entire link-layer packet,
so for link layers that pad (For example Ethernet), the padding bytes will also be
printed when the higher layer packet is shorter than the required padding.
-X
Print each packet (minus its link level header) in hex and ASCII. This is very handy
for analyzing new protocols.
type
qualifiers say what kind of thing the id name or number refers to. Possible types are
host, net and port. For example, `host foo', `net 128.3', `port 20'. If there is no type
qualifier, host is assumed.
dir
qualifiers specify a particular transfer direction to and/or from id. Possible directions
are src, dst, src or dst and src and dst. For example, `src foo', `dst net 128.3', `src
or dst port ftp-data'. If there is no dir qualifier, src or dst is assumed. For some link
layers, such as SLIP and the ``cooked'' Linux capture mode used for the ``any''
device and for some other device types, the inbound and outbound qualifiers can
be used to specify a desired direction.
proto
qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi,
tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. For example, `ether src foo', `arp net
128.3', `tcp port 21'. If there is no proto qualifier, all protocols consistent with the
type are assumed. For example, `src foo' means `(ip or arp or rarp) src foo' (except
the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port
53' means `(tcp or udp) port 53'.
[`fddi' is actually an alias for `ether'; the parser treats them identically as meaning
``the data link level used on the specified network interface.'' FDDI headers contain
Ethernet-like source and destination addresses, and often contain Ethernet-like
packet types, so you can filter on these FDDI fields just as with the analogous
Ethernet fields. FDDI headers also contain other fields, but you cannot name them
explicitly in a filter expression.
Similarly, `tr' and `wlan' are aliases for `ether'; the previous paragraph's statements
about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers.
For 802.11 headers, the destination address is the DA field and the source address
is the SA field; the BSSID, RA, and TA fields aren't tested.]
In addition to the above, there are some special `primitive' keywords that don't
follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All
of these are described below.
428
More complex filter expressions are built up by using the words and, or and not to
combine primitives. For example, `host foo and not port ftp and not port ftp-data'. To
save typing, identical qualifier lists can be omitted. For example, `tcp dst port ftp or
ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or
tcp dst port domain'.
Allowable primitives are:
dst host host
True if the IPv4/v6 destination field of the packet is host, which may be either an
address or a name.
src host host
True if the IPv4/v6 source field of the packet is host.
host host
True if either the IPv4/v6 source or destination of the packet is host. Any of the
above host expressions can be pre-pended with the keywords, ip, arp, rarp, or ip6
as in:
ip host host
which is equivalent to:
ether proto \ip and host host
If host is a name with multiple IP addresses, each address will be checked for a
match.
ether dst ehost
True if the ethernet destination address is ehost. Ehost may be either a name
from /etc/ethers or a number (see ethers(3N) for numeric format).
ether src ehost
True if the ethernet source address is ehost.
ether host ehost
True if either the ethernet source or destination address is ehost.
gateway host
True if the packet used host as a gateway. I.e., the ethernet source or destination
address was host but neither the IP source nor the IP destination was host. Host
must be a name and must be found both by the machine's host-name-to-IP-
address resolution mechanisms (host name file, DNS, NIS, etc.) and by the
machine's host-name-to-Ethernet-address resolution mechanism (/etc/ethers,
etc.). (An equivalent expression is
ether host ehost and not host host
429 A p pe n di x E: TCPDump Optional Flags
which can be used with either names or numbers for host / ehost.) This syntax
does not work in IPv6-enabled configuration at this moment.
dst net net
True if the IPv4/v6 destination address of the packet has a network number of
net. Net may be either a name from /etc/networks or a network number (see
networks(4) for details).
src net net
True if the IPv4/v6 source address of the packet has a network number of net.
net net
True if either the IPv4/v6 source or destination address of the packet has a
network number of net.
net net mask netmask
True if the IP address matches net with the specific netmask. May be qualified
with src or dst. Note that this syntax is not valid for IPv6 net.
net net/len
True if the IPv4/v6 address matches net with a netmask len bits wide. May be
qualified with src or dst.
dst port port
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port
value of port. The port can be a number or a name used in /etc/services (see
tcp(4P) and udp(4P)). If a name is used, both the port number and protocol are
checked. If a number or ambiguous name is used, only the port number is
checked (For example, dst port 513 will print both tcp/login traffic and udp/who
traffic, and port domain will print both tcp/domain and udp/domain traffic).
src port port
True if the packet has a source port value of port.
port port
True if either the source or destination port of the packet is port. Any of the
above port expressions can be prepended with the keywords, tcp or udp, as in:
tcp src port port
which matches only tcp packets whose source port is port.
less length
True if the packet has a length less than or equal to length. This is equivalent to:
len <= length.
greater length
True if the packet has a length greater than or equal to length. This is equivalent
to:
len >= length.
ip proto protocol
True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol
can be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp,
udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and
must be escaped via backslash (\), which is \\ in the C-shell. Note that this
primitive does not chase the protocol header chain.
ip6 proto protocol
True if the packet is an IPv6 packet of protocol type protocol. Note that this
primitive does not chase the protocol header chain.
ip6 protochain protocol
True if the packet is IPv6 packet, and contains protocol header with type protocol
in its protocol header chain. For example,
ip6 protochain 6
matches any IPv6 packet with TCP protocol header in the protocol header chain.
The packet may contain, for example, authentication header, routing header, or
hop-by-hop option header, between IPv6 header and TCP header. The BPF code
emitted by this primitive is complex and cannot be optimized by BPF optimizer
code in tcpdump, so this can be somewhat slow.
ip protochain protocol
Equivalent to ip6 protochain protocol, but this is for IPv4.
ether broadcast
True if the packet is an ethernet broadcast packet. The ether keyword is optional.
ip broadcast
True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes
and all-ones broadcast conventions, and looks up the subnet mask on the
interface on which the capture is being done.
If the subnet mask of the interface on which the capture is being done is not
available, either because the interface on which capture is being done has no
netmask or because the capture is being done on the Linux "any" interface, which
can capture on more than one interface, this check will not work correctly.
431 A p pe n di x E: TCPDump Optional Flags
ether multicast
True if the packet is an ethernet multicast packet. The ether keyword is optional.
This is shorthand for `ether[0] & 1 != 0'.
ip multicast
True if the packet is an IP multicast packet.
ip6 multicast
True if the packet is an IPv6 multicast packet.
ether proto protocol
True if the packet is of ether type protocol. Protocol can be a number or one of
the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp,
ipx, or netbeui. Note these identifiers are also keywords and must be escaped
via backslash (\).
[In the case of FDDI (For example, `fddi protocol arp'), Token Ring (For example,
`tr protocol arp'), and IEEE 802.11 wireless LANS (For example, `wlan protocol
arp'), for most of those protocols, the protocol identification comes from the 802.2
Logical Link Control (LLC) header, which is usually layered on top of the FDDI,
Token Ring, or 802.11 header.
When filtering for most protocol identifiers on FDDI, Token Ring, or 802.11,
tcpdump checks only the protocol ID field of an LLC header in so-called SNAP
format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated
Ethernet; it doesn't check whether the packet is in SNAP format with an OUI of
0x000000. The exceptions are:
iso
tcpdump checks the DSAP (Destination Service Access Point) and SSAP
(Source Service Access Point) fields of the LLC header;
stp and netbeui
tcpdump checks the DSAP of the LLC header;
atalk
tcpdump checks for a SNAP-format packet with an OUI of 0x080007 and the
AppleTalk etype.
In the case of Ethernet, tcpdump checks the Ethernet type field for most of those
protocols. The exceptions are:
iso, sap, and netbeui
tcpdump checks for an 802.3 frame and then checks the LLC header as it does
for FDDI, Token Ring, and 802.11;
atalk
tcpdump checks both for the AppleTalk etype in an Ethernet frame and for a
SNAP-format packet as it does for FDDI, Token Ring, and 802.11;
aarp
tcpdump checks for the AppleTalk ARP etype in either an Ethernet frame or an
802.2 SNAP frame with an OUI of 0x000000;
ipx
tcpdump checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC
header, the 802.3-with-no-LLC-header encapsulation of IPX, and the IPX etype in
a SNAP frame.
decnet src host
True if the DECNET source address is host, which may be an address of the form
``10.123'', or a DECNET host name. [DECNET host name support is only
available on ULTRIX systems that are configured to run DECNET.]
decnet dst host
True if the DECNET destination address is host.
decnet host host
True if either the DECNET source or destination address is host.
ifname interface
True if the packet was logged as coming from the specified interface (applies only
to packets logged by OpenBSD's pf(4)).
on interface
Synonymous with the ifname modifier.
rnr num
True if the packet was logged as matching the specified PF rule number (applies
only to packets logged by OpenBSD's pf(4)).
rulenum num
Synonymous with the rnr modifier.
reason code
True if the packet was logged with the specified PF reason code. The known
codes are: match, bad-offset, fragment, short, normalize, and memory (applies
only to packets logged by OpenBSD's pf(4)).
rset name
True if the packet was logged as matching the specified PF ruleset name of an
anchored ruleset (applies only to packets logged by pf(4)).
433 A p pe n di x E: TCPDump Optional Flags
ruleset name
Synonymous with the rset modifier.
srnr num
True if the packet was logged as matching the specified PF rule number of an
anchored ruleset (applies only to packets logged by pf(4)).
subrulenum num
Synonymous with the srnr modifier.
action act
True if PF took the specified action when the packet was logged. Known actions
are: pass and block (applies only to packets logged by OpenBSD's pf(4)).
ip, ip6, arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui
Abbreviations for:
ether proto p
where p is one of the above protocols.
lat, moprc, mopdl
Abbreviations for:
ether proto p
where p is one of the above protocols. Note that tcpdump does not currently
know how to parse these protocols.
vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only
true is the packet has the specified vlan_id. Note that the first vlan keyword
encountered in expression changes the decoding offsets for the remainder of
expression on the assumption that the packet is a VLAN packet.
tcp, udp, icmp
Abbreviations for:
ip proto p or ip6 proto p
where p is one of the above protocols.
iso proto protocol
True if the packet is an OSI packet of protocol type protocol. Protocol can be a
number or one of the names clnp, esis, or isis.
clnp, esis, isis
Abbreviations for:
iso proto p
where p is one of the above protocols.
bcc
True if the packet is an ATM packet, for SunATM on Solaris, and is on a
broadcast signaling circuit (VPI=0 & VCI=2).
sc
True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling
circuit (VPI=0 & VCI=5).
ilmic
True if the packet is an ATM packet, for SunATM on Solaris, and is on an ILMI
circuit (VPI=0 & VCI=16).
connectmsg
True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling
circuit and is a Q.2931 Setup, Call Proceeding, Connect, Connect Ack, Release,
or Release Done message.
metaconnect
True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta
signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Release, or
Release Done message.
expr relop expr
True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an
arithmetic expression composed of integer constants (expressed in standard C
syntax), the normal binary operators [+, -, *, /, &, |, <<, >>], a length operator, and
special packet data accessors. To access data inside the packet, use the
following syntax:
proto [ expr : size ]
Proto is one of ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp or
ip6, and indicates the protocol layer for the index operation. (ether, fddi, wlan, tr,
ppp, slip and link all refer to the link layer.) Note that tcp, udp and other upper-
layer protocol types only apply to IPv4, not IPv6 (this will be fixed in the future).
The byte offset, relative to the indicated protocol layer, is given by expr. Size is
optional and indicates the number of bytes in the field of interest; it can be either
one, two, or four, and defaults to one. The length operator, indicated by the
keyword len, gives the length of the packet.
For example, `ether[0] & 1 != 0' catches all multicast traffic. The expression `ip[0]
& 0xf != 5' catches all IP packets with options. The expression `ip[6:2] & 0x1fff =
0' catches only un-fragmented datagrams and frag zero of fragmented
datagrams. This check is implicitly applied to the tcp and udp index operations.
For instance, tcp[0] always means the first byte of the TCP header, and never
means the first byte of an intervening fragment.
Some offsets and field values may be expressed as names rather than as
numeric values. The following protocol header field offsets are available:
icmptype (ICMP type field), icmpcode (ICMP code field), and tcpflags (TCP flags
field).
The following ICMP type field values are available: icmp-echoreply, icmp-
unreach, icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmp-
routersolicit, icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply,
icmp-ireq, icmp-ireqreply, icmp-maskreq, icmp-maskreply.
The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcp-
push, tcp-ack, tcp-urg.
437 A p pe n di x E: TCPDump Optional Flags
This chapter lists and describes the commands that you can use with the
Command Line Interface (CLI). Unless noted, the commands herein may also be
configured using the WebUI and are referenced accordingly. This chapter is built
hierarchically, based on the tree created in the CLI. For a alphabetical listing of
commands, see the CLI index.
Topics in this chapter include:
Getting Started, on page 440
Configuration Commands, on page 452
Configuring Security, on page 748
Technical Information and Trouble Shooting Tools, on page 762
440 A p pe n di x F: Command Line Interface
Getting Started
The following command topics are available:
Understanding the CLI Documentation, on page 440
Accessing the CLI, on page 441
Login and Logout Commands, on page 442
Licensing Commands, on page 444
Basic Setup Commands, on page 447
Configuration Settings Commands, on page 448
Customizing the CLI, on page 450
login
Logging into the Accelerator is accomplished in a series of steps.
When accessing the Accelerator from the CLI, at the login prompt, enter your user
name and password. The default user name is expand (case sensitive), and the
default password is Expand (case sensitive).
Command lo g i n:
Pa s s wo r d
Description Logs you into the CLI
Parameters Both login and password are case sensitive
Example lo g i n: e x pa n d
Pa s s wo r d :E x p an d
Related Commands exit, on page 442
exit
At any point you can use the Exit command to log out of the Accelerator. The Exit
command exits each level of the CLI hierarchy one at a time, so you may need to
use the Exit command a number of times to leave the Accelerator session.
Command ex i t
Description Logs you out of the CLI
Parameters No additional parameters are necessary
Example ex i t
Related Commands login, on page 442
To complete a command:
To complete a command, enter a few known characters followed by a tab. The
CLI will fill in the missing letters For example if you type and press the Tab key:
Acc1(config)#sh
By pressing the Tab key, the CLI will fill in the following:
Acc1(config)#show
Licensing Commands
Licensing the Accelerator is accomplished by logging into the Accelerator via the
enable mode by using the show licensing command, as shown in (config) show
licensing, on page 446.
This section contains the following commands:
(config) activate-license, on page 445
(config) interface link refresh-acceleration, on page 460
(config) licensing server, on page 445
(config) show interface link summary, on page 462
(config) show licensing, on page 446
(config) activate-license
You must have a valid license key or file which is supplied to you from Expand
Networks<>. If you use a license key copy it from the letter you receive in your
email and paste it where shown. If you use a license file, FTP it to the /user_area/
of the Accelerator and note its name.
Command AC C1 ( co nf i g) # a c ti v at e- l ic en s e [ ke y| f il e]
Description Activates an Accelerator’s license via a license key or file.
Parameters Key - copy the license key (supplied via e-mail) and paste it
File - FTP the file and type its name.
Example AC C1 ( co nf i g) # a c ti v at e- l ic en s e k ey
my LI c en Se K eY 39 2
Related Commands • (config) interface link refresh-acceleration, on page 460
• (config) licensing server, on page 445
• (config) show interface link summary, on page 462
• (config) show licensing, on page 446
Command A CC 1( c on f ig )# l ic en s in g s er v er [ I P| Ho s t| a ut o-
d is co v er y |f or c e]
Description Connects to the Licensing server by the method entered.
Parameters • A.B.C.D type the licensing server IP address
• WORD type the licensing server hostname
• auto-discovery the Accelerator will automatically discover the Licensing
Server (if it is on the same LAN and connected
• force forces the licensing mechanism activation
Example A CC 1( c on f ig )# l ic en s in g s er v er 1.1.1.1
Related Commands • (config) activate-license, on page 445
• (config) licensing server, on page 445
• (config) show interface link summary, on page 462
• (config) show licensing, on page 446
446 A p pe n di x F: Command Line Interface
Command AC C1 ( co nf i g) # sh ow li ce n si n g
Description Lets you view the entire details of Accelerator’s licensing state, such as the licensed
features and the maximum possible links.
Parameters No additional parameters are required.
Example AC C1 ( co nf i g) # sh ow li ce n si n g
with Syntax
Related Commands • (config) activate-license, on page 445
• (config) licensing server, on page 445
A c c2 21 _ 10 (c o nf i g) # s ho w l ic e ns in g
D i sp la y w ar n in g s. .. . .. .. . .. . .. .. . .e na b le
W a rn in g d ay s .. . .. .. . .. .. . .. . .. .. . .3 0
A l lo ca t ed m a x l in ks . .. .. . .. . .. .. . .3 75
R e qu es t ed m a x l in ks . .. .. . .. . .. .. . .0
M a x po s si bl e l i nk s. . .. .. . .. . .. .. . .4 00
C u rr en t l ic e ns e s ta t e:
F e at ur e L ic e ns e T im e L ef t
- - -- -- - - -- - -- - - -- - -- -- -
B a nd wi d th Al l ow an c e 1 00 Mb p s Un li m it e d
I P se c D i sa bl e d Un l im i te d
L 7 -Q oS E n ab le d Un l im i te d
W A FS -F B Di s ab l ed Un l im i te d
W A FS -F B D Di sa b le d Un l im it e d
T C P A cc e le ra t io n E n ab l ed U nl i mi te d
W e b Ca c hi n g En a bl ed Un li m it e d
QoS E na b le d U nl i mi te d
L a st l o ad ed li c en se ke y:
(config) write
Command ACC1(config)#wr it e
Description Saves the basic configuration as the startup configuration. [Mandatory]
Parameters No additional parameters
Example ACC1(config)#wr it e
with Syntax
Related Commands (config) show running-config, on page 448
Command ACC1(config)#s ho w r un n in g- c on fi g
Description Displays the configuration that was set to the Accelerator. This is optional
Parameters No additional parameters are required.
Example ACC1(config)#s ho w r un n in g- c on fi g
with Syntax
Related Commands (config) write, o n p ag e 4 48
ACC1(config)#s ho w r un n in g- c on f ig
copy banner
You can customize the following fields, which can be displayed as part of the
banner:
Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series,
Serial Number, Software Version, Time and Date.
$OEM_EXTRANET (“extranet.expand.com”)
$PRODUCT_ID (“4820”)
$SERIES (“4800”)
$SERIAL_NUMBER (“0030.0257.0005”)
$SOFTWARE_VERSION (“Version v5.0(7) (Build1.03)”)
$TIME = hh:mm:ss (24-hour format)
$DATE = DD-MMM-YYYY (the day-of-month “DD” is two-digit
number, with leading '0' if needed).
Configuration Commands
The following sections are configurable in this section:
General Commands, on page 453
Local Interface Commands, on page 454
Link Commands, on page 458
Subnet Commands, on page 504
Alias Commands, on page 507
OSPF Commands, on page 509
Router Polling Commands, on page 514
RIP Commands, on page 517
WCCP Commands, on page 522
SNTP Server Commands, on page 527
DHCP Server Commands, on page 528
DHCP Relay Commands, on page 531
WEB Acceleration Commands, on page 533
HTTP Acceleration Commands, on page 536
TCP Acceleration Commands, on page 572
Keep Alive Commands, on page 579
FTP Acceleration Commands, on page 581
Studying a Subnet Configuration Network, on page 587
Ethernet Statistics Display Commands, on page 588
NetFlow Commands, on page 593
QoS Commands, on page 594
Aggregation Class Commands, on page 617
DNS Acceleration Commands, on page 624
Traffic Encryption Commands, on page 632
ARP Commands, on page 638
Additional Commands, on page 640
Link Commands, on page 646
Expand View Commands, on page 653
SNMP Commands, on page 655
Log Commands, on page 658
Log Archives Commands, on page 665
Configuration Tool Commands, on page 667
Accdump Commands, on page 671
RDP Proxy Commands, on page 676
Mobile Accelerator Commands, on page 680
General Commands
The following commands are explained:
enable, on page 453
config, on page 453
enable
To make any configuration changes to your Accelerator, you must be in
configuration mode. This section describes how to enter configuration mode while
using a terminal or PC that is connected to your router CONSOLE port.
Command ac c el er a to r >e na b le [ M an d at or y ]
Description Enters enable mode. This is necessary for beginning work with the Accelerator. Once
you have entered Enable mode, the prompt at the end of the command line changes
from > to #
Parameters No additional parameters
Example ac c el er a to r > enable
with Syntax
Related Commands config, on page 453
Enable mode is indicated by the # in the prompt. You can now carry out various
operations in the system, such as deleting data, printing and sending messages.
config
To make any configuration changes to your Accelerator, you must be in
configuration mode. This section describes how to enter configuration mode while
using a terminal or PC that is connected to your router CONSOLE port.
Command ac c 1# co n fi g
Description Enters enable mode. This is necessary for beginning work with the Accelerator. Once
you have entered Enable mode, the prompt at the end of the command line changes
from > to #
Parameters No additional parameters
Example ac c 1# config
with Syntax
Related Commands enable, o n p ag e 4 53
Command A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x
x .x .x . x
or
A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x / x
Description Sets an IP address and subnet mask for the Accelerator.
You can add the parameter secondary after the command, to set this IP address as
the Accelerator’s secondary IP address.
Parameters Valid IP address must be supplied
Example ACC1(local interface)#IP address 10.0.99.99/24
with Syntax
Related Commands • (local interface) deployment, on page 454
• (local interface) hostname, on page 455
• (local interface) ip address secondary, on page 456
• (local interface) ip default-gateway, on page 456
• (local interface) routing-strategy, on page 457
• (wan) bandwidth, on page 457
456 A p pe n di x F: Command Line Interface
(wan) bandwidth
Command ACC1(wan)#ba n dw id t h
Description Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth.
Parameters A number in Kbps larger than 0 and smaller than 1000000
Example ACC1(wan)#ba n dw id t h 10000
with Syntax
Related Commands • (local interface) deployment, on page 454
• (local interface) hostname, on page 455
• (local interface) ip address, on page 455
• (local interface) ip address secondary, on page 456
• (local interface) ip default-gateway, on page 456
• (local interface) routing-strategy, on page 457
458 A p pe n di x F: Command Line Interface
Link Commands
These commands are link specific commands. If you want to apply global
commands on all links, see the specific command within the config menu.
Commands within this section include:
(config) interface link, on page 459
(config) interface link refresh-acceleration, on page 460
(config) interface link template, on page 461
(config) show interface link summary, on page 462
(link) acceleration, on page 464
(link) aggregation auto, on page 465
(link) bandwidth, on page 466
(link) bandwidth adjust, on page 467
(link) cancel, on page 469
(link) checksum, on page 470
(link) clear counters, on page 471
(link) crypto, on page 472
(link) description, on page 473
(link) encapsulation, on page 474
(link) encapsulation transparent, on page 475
(link) exit, on page 477
(link) fragmentation, on page 478
(link) header, on page 479
(link) keepalive dialer, on page 480
(link) link, on page 481
(link) metric, on page 482
(link) mss, on page 483
(link) mtu, on page 484
(link) no, on page 485
(link) ping, on page 486
(link) priority, on page 487
(link) remote-unique-id, on page 488
(link) show, on page 489
(link) subnet, on page 490
(link) system encapsulation, on page 491
(link) system udp-destination-port, on page 492
(link) system udp-source-port, on page 493
(link) tcp-acceleration, on page 494
(link) traffic-gauge, on page 495
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n f ig u r at io n C om m an d s / 459
Command A CC 1 (c on f ig ) # sh o w in t er f ac e l in k s um m ar y
Description Shows the status of all interfaces.
Parameters No Additional Parameters Needed
Example A CC 1 (c on f ig ) # sh o w in t er f ac e l in k s um m ar y
Related Commands • (config) interface link, on page 459
• (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
Destination
Link Description Bandwidth Link Status
IP Address
1 28.0.214.6 L-28.0.214.6 2000 N/A |active
2 28.0.224.6 L-28.0.224.6 6000 N/A|partial
non N/A non-link 100000 N/A |active
Once you have Renewed or updated the license, you will need to refresh the link in
order to start Accelerating on it. See (config) interface link refresh-acceleration, on
page 460.
464 A p pe n di x F: Command Line Interface
(link) acceleration
Command ACC1(LINK)# a cc e le ra t io n
Description Enables or disables acceleration on the specified link.
Parameters Enable to enable Disable to disable.
Example ACC1(LINK)# a cc e le ra t io n enable
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) bandwidth
Command ACC1(LINK)# b an d wi dt h < n um be r >
Description Sets the bandwidth limit for the specified link.
Parameters Enter the bandwidth amount (1 - 1000000).
Example ACC1(LINK)# b an d wi dt h 2000
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) cancel
Command ACC1(LINK)# c an ce l
Description Exits the Link node and moves to the parent node.
Parameters No additional parameters necessary
Example ACC1(LINK)# c an ce l
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
470 A p pe n di x F: Command Line Interface
(link) checksum
Command ACC1(LINK)# c he c ks um <e n ab le |d is a bl e >
Description Enables or disables checksum
Parameters Enable to enable, Disable to disable
Example ACC1(LINK)# c he c ks um enable
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) crypto
Command ACC1(LINK)# c ry p to
Description Opens the IP Sec node. Requires an IPsec License.
Parameters No additional parameters necessary.
Example ACC1(LINK)# c ry p to
with Syntax
Related • Crypto Commands, on page 503 for the Crypto node commands
Commands • (config) interface link, on page 459
• (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) description
Command ACC1(LINK)# d es cr i pt io n
Description Gives a description for the link.
Parameters Provide a description that contains no spaces or special characters
Example ACC1(LINK)# d es cr i pt io n link_to_branch_office
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
474 A p pe n di x F: Command Line Interface
(link) encapsulation
Command ACC1(LINK)# en ca p su la t io n <i p- c om p |t ra n sp ar e nt |
ud p >
Description Sets the type of encapsulation that is to be done on the specific link.
Parameters Choose from one of the following:
• IP-comp
• Transparent
• UDP
Example ACC1(LINK)# e nc a ps ul a ti o n ud p
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
Note: Encapsulation settings can be asymmetric. This means that you can set one
ii Accelerator to Router Transparency while setting the other Accelerator to IPComp in
the opposite direction. This is useful when RTM mode is desired and one of the
Accelerators is On-LAN and the other is On-Path. However, IPCOMP encapsulation will
not function if the IPCOMP protocol is blocked by a firewall. Therefore, ensure that the
IPCOMP protocol is not blocked before selecting either IPCOMP or RTM
encapsulation.
Note: Once the link parameters have been modified, saving the parameters requires
ii you to exit the link mode. If after changing the requested parameters you press Cancel
instead of Exit, the parameters are not saved
476 A p pe n di x F: Command Line Interface
Command ACC1(link)#e nc a ps ul a ti o n tr a ns pa r en t
[ O pt io n al ]
Description Sets the link to work in router transparent mode. This setting is optional
Parameters No additional parameters
Example ACC1(link)#e nc a ps ul a ti o n tr a ns pa r en t
with Syntax
Related Commands • (config) interface link, on page 459
• (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) exit
Command ACC1(LINK)# e xi t
Description Exits the Link node and goes to the parent node.
Parameters No additional parameters necessary.
Example ACC1(LINK)# e xi t
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
478 A p pe n di x F: Command Line Interface
(link) fragmentation
(link) header
Command ACC1(LINK)# k ee p al iv e d i al er
Description Creates a keepalive value for a specified link.
Parameters Enter an acceptable keepalive value in seconds (3-86400).
Example ACC1(LINK)# k ee p al iv e d i al er 10000
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) link
(link) metric
(link) mss
(link) mtu
(link) no
(link) ping
Command ACC1(LINK)# p in g < de s ti n at io n >
Description Sends a ping to a specific destination
Parameters Enter a valid IP address of the destination.
Example ACC1(LINK)# p in g 1.1.1.1
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) priority
Command ACC1(LINK)# p ri or i ty < m ax - ql en | ob so l et e |w ei g ht s>
Description Sets priority flags for the specific link
Parameters Enter one of the following:
• max-qlen+auto
• max-qlen+discard+prioroty value (0-1000000)
• obsolete+auto
• obsolete+discard+prioroty value (0-1000000)
• weights+auto
• weights+discard+priority value (0-1000000)
Example ACC1(LINK)# p ri or i ty max-qlen discard 500
with Syntax
ACC1(LINK)# p ri or i ty obsolete auto
ACC1(LINK)# p ri or i ty weights discard 800
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
488 A p pe n di x F: Command Line Interface
(link) remote-unique-id
(link) show
Command ACC1(LINK)# s ho w
Description Shows the current configuration of the specific link
Parameters No additional parameters necessary.
Example ACC1(LINK)# s ho w
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
490 A p pe n di x F: Command Line Interface
(link) subnet
(link) tcp-acceleration
Command ACC1(LINK)# t cp - ac ce l er a ti on
Description Opens the TCP acceleration node
Parameters No additional parameters are necessary
Example ACC1(LINK)# t cp - ac ce l er a ti on
with Syntax
Related • TCP Acceleration Commands, on page 572, for commands within the TCP
Commands acceleration node
• (config) interface link, on page 459
• (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) traffic-gauge
Command ACC1(LINK)# t ra ff i c- ga u ge <e na b le |d i sa b le >
Description Sets the traffic gauge for the specific link
Parameters Enable to enable, disable to disable
Example ACC1(LINK)# t ra ff i c- ga u ge en ab l e
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
496 A p pe n di x F: Command Line Interface
(link) udp-destination-port
Command ACC1(LINK)# u dp - de st i na t io n- p or t < nu m be r>
Description Sets the link’s UDP destination port
Parameters Enter a valid port number (1-65535)
Example ACC1(LINK)# u dp - de st i na t io n- p or t 422
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
(link) udp-source-port
Command ACC1(LINK)# u dp -s o ur ce - po r t <n u mb er >
Description Sets the link’s UDP source port
Parameters Enter a valid port number (1-65535)
Example ACC1(LINK)# u dp -s o ur ce - po r t 222
with Syntax
Related • (config) interface link, on page 459
Commands • (config) interface link refresh-acceleration, on page 460
• (config) interface link template, on page 461
• (config) show interface link summary, on page 462
• (link) acceleration, on page 464
• (link) aggregation auto, on page 465
• (link) bandwidth, on page 466
• (link) bandwidth adjust, on page 467
• (link) cancel, on page 469
• (link) checksum, on page 470
• (link) clear counters, on page 471
• (link) crypto, on page 472
• (link) description, on page 473
• (link) encapsulation, on page 474
• (link) encapsulation transparent, on page 475
• (link) exit, on page 477
• (link) fragmentation, on page 478
• (link) header, on page 479
• (link) keepalive dialer, on page 480
• (link) link, on page 481
• (link) metric, on page 482
• (link) mss, on page 483
• (link) mtu, on page 484
• (link) no, on page 485
• (link) ping, on page 486
• (link) priority, on page 487
• (link) remote-unique-id, on page 488
• (link) show, on page 489
• (link) subnet, on page 490
• (link) system encapsulation, on page 491
• (link) system udp-destination-port, on page 492
• (link) system udp-source-port, on page 493
• (link) tcp-acceleration, on page 494
• (link) traffic-gauge, on page 495
• (link) udp-destination-port, on page 496
• (link) udp-source-port, on page 497
• (link) wan-id, on page 498
498 A p pe n di x F: Command Line Interface
(link) wan-id
(BW-ADJ) adjust
Command ACC1(BW-ADJ)# a dj us t <e na b le |d is a bl e>
Description Enables or disables bandwidth adjustment
Parameters Enable to enable, Disable to disable
Example ACC1(BW-ADJ)# a dj us t enable
with Syntax
Related • (link) bandwidth adjust, on page 467
Commands • (BW-ADJ) adjust, on page 499
• (BW-ADJ) decrease interval, on page 499
• (BW-ADJ) decrease rate, on page 500
• (BW-ADJ) exit, on page 500
• (BW-ADJ) increase interval, on page 501
• (BW-ADJ) increase rate, on page 501
• (BW-ADJ) minimal-bandwidth, on page 502
• (BW-ADJ) no, on page 502
• (BW-ADJ) show, on page 502
(BW-ADJ) exit
Command ACC1(BW-ADJ)# e xi t
Description Exits the Bandwidth Adjust node and goes to the parent node
Parameters No Additional parameters are necessary.
Example ACC1(BW-ADJ)# e xi t
with Syntax
(BW-ADJ) minimal-bandwidth
Command ACC1(BW-ADJ)# m in i ma l- b an dw i dt h < nu m be r>
Description Configures the minimal bandwidth percentage
Parameters Enter the percentage (5-95%). This number should be lower than the bandwidth limit.
Example ACC1(BW-ADJ)# m in i ma l- b an dw i dt h 10
with Syntax
Related • (link) bandwidth adjust, on page 467
Commands • (BW-ADJ) adjust, on page 499
• (BW-ADJ) decrease interval, on page 499
• (BW-ADJ) decrease rate, on page 500
• (BW-ADJ) exit, on page 500
• (BW-ADJ) increase interval, on page 501
• (BW-ADJ) increase rate, on page 501
• (BW-ADJ) minimal-bandwidth, on page 502
• (BW-ADJ) no, on page 502
• (BW-ADJ) show, on page 502
(BW-ADJ) no
Command ACC1(BW-ADJ)# n o < pa ra m et er >
Description Negates a command, or resets the parameter to its default setting.
Parameters Enter the parameter you want to negate.
Example ACC1(BW-ADJ)# n o increase rate
with Syntax
Related • (link) bandwidth adjust, on page 467
Commands • (BW-ADJ) adjust, on page 499
• (BW-ADJ) decrease interval, on page 499
• (BW-ADJ) decrease rate, on page 500
• (BW-ADJ) exit, on page 500
• (BW-ADJ) increase interval, on page 501
• (BW-ADJ) increase rate, on page 501
• (BW-ADJ) minimal-bandwidth, on page 502
• (BW-ADJ) no, on page 502
• (BW-ADJ) show, on page 502
(BW-ADJ) show
Command ACC1(BW-ADJ)# s ho w < pa r am et e r>
Description Shows the current settings for the specified parameter.
Parameters Enter the parameter whose settings you want to view.
Crypto Commands
This section covers the following commands:
504 A p pe n di x F: Command Line Interface
Subnet Commands
This section describes subnet configuration and management.
The section includes the following commands:
(link) link source, on page 504
(link) subnet exclude, on page 504
(subnets) advertise, on page 505
(subnets) advertise, on page 505
(subnets) no network, on page 505
(subnets) show, on page 506
(subnets) advertise
Command ACC1(SUBNETS)#a d ve rt i se or n o t- ad v er t is e
x. x. x .x x. x. x .x | me t ri c [ number]
Description Sets the subnet to be advertised or not advertised (can optionally add the subnet mask).
Adds a metric value to the subnet.
Parameters Choose advertise to advertise the subnet and not-advertise to not advertise it.
Example ACC1(SUBNETS)#advertise 10.0.99.99/24 | metric
with Syntax
[ 10]
Related Commands • (link) link source, on page 504
• (link) subnet exclude, on page 504
• (subnets) advertise, on page 505
• (subnets) no network, on page 505
• (subnets) show, on page 506
(subnets) network
Command ACC1(SUBNETS)#ne tw o rk
Description Adds a subnet
Parameters Enter a valid IP address for the subnet, followed by the subnet mask.
Example ACC1(SUBNETS)#ne tw o rk 125.125.2.5 101.120.15.2
with Syntax
Related Commands • (link) link source, on page 504
• (link) subnet exclude, on page 504
• (subnets) advertise, on page 505
• (subnets) no network, on page 505
• (subnets) show, on page 506
(subnets) no network
Command ACC1(SUBNETS)#n o n et w or k x .x . x. x
Description Deletes the subnet (can optionally add the subnet mask).
Parameters Enter the IP address of the subnet
Example ACC1(SUBNETS)#n o n et w or k 10.0.99.99
with Syntax
Related Commands • (link) link source, on page 504
• (link) subnet exclude, on page 504
• (subnets) advertise, on page 505
• (subnets) advertise, on page 505
• (subnets) show, on page 506
506 A p pe n di x F: Command Line Interface
(subnets) show
Command ACC1(SUBNETS)#s ho w
Description Displays the configured subnet.
Parameters No additional parameters
Example ACC1(SUBNETS)#s ho w
with Syntax
Related Commands • (link) link source, on page 504
• (link) subnet exclude, on page 504
• (subnets) advertise, on page 505
• (subnets) advertise, on page 505
• (subnets) no network, on page 505
Alias Commands
Displays and manages virtual server aliasing. The following commands are
available:
alias show, on page 507
alias set, on page 507
alias map, on page 508
alias map add, on page 508
alias map delete, on page 508
alias show
Displays alias information and manages prefix/suffix for exported names.
alias set
Command {hostname}:filecontroller0#alias set/delete
prefix {prefix}
Description Changes/removes prefix for all exported aliases.
Parameters No additional parameters
Example {hostname}:filecontroller0#alias set/delete
with Syntax
prefix {prefix}
Related Commands • alias show, on page 507
• alias map, on page 508
• alias map add, on page 508
• alias map delete, on page 508
508 A p pe n di x F: Command Line Interface
alias map
Command {hostname}:filecontroller0#alias map [list]
Description Shows virtual servers alias information
Parameters No additional parameters
Example {hostname}:filecontroller0#alias map [list]
with Syntax
Related Commands • alias show, on page 507
• alias set, on page 507
• alias map add, on page 508
• alias map delete, on page 508
OSPF Commands
The following commands are available:
(config-ospf) area number, on page 509
(config-ospf) authentication-key string, on page 510
(config-ospf) authentication-mode enable, on page 510
(config-ospf) high locality-metric, on page 511
(config-ospf) neighbor, on page 511
(config-ospf) network (ip address), on page 512
(config-ospf) ospf-mode enable, on page 512
(config-ospf) show, on page 513
(config-ospf) neighbor
Command AC C1 (c on fi g-o sp f) # ne i gh b or x . x. x. x
Description Defines an OSPF neighbor for the Accelerator via the IP address.
Parameters Enter a valid IP address
Example AA CC 1( co nf ig- os pf )# n e ig hb o r 1 00 .1 0 0. 10 . 3
with Syntax
Related Commands • (config-ospf) area number, on page 509
• (config-ospf) authentication-key string, on page 510
• (config-ospf) authentication-mode enable, on page 510
• (config-ospf) high locality-metric, on page 511
• (config-ospf) network (ip address), on page 512
• (config-ospf) ospf-mode enable, on page 512
• (config-ospf) show, on page 513
512 A p pe n di x F: Command Line Interface
(config-ospf) show
Command A CC 1( co nf ig -o sp f) # sh ow
Description Displays OSPF settings.
Parameters No additional parameters
Example A CC 1( co nf ig -o sp f) # sh ow
with Syntax
Related Commands • (config-ospf) area number, on page 509
• (config-ospf) authentication-key string, on page 510
• (config-ospf) authentication-mode enable, on page 510
• (config-ospf) high locality-metric, on page 511
• (config-ospf) neighbor, on page 511
• (config-ospf) network (ip address), on page 512
• (config-ospf) ospf-mode enable, on page 512
514 A p pe n di x F: Command Line Interface
(config) router-polling
Command ACC1(config)# r o u t e r - p o ll i n g
Description Opens the Router-polling node.
Parameters No additional parameters
Example AC C1 (c on fi g) # ro ut e r- p ol li n g
with Syntax
Related Commands • (router-polling) router-polling enable, on page 514
• (router-polling) poll [protocol name(s)], on page 515
• (router-polling) polling-interval, on page 515
• (router-polling) router ip, on page 515
• (router-polling) snmp version, on page 516
• (router-polling) snmp community, on page 516
(router-polling) polling-interval
Command ACC1(router-polling)#p ol l in g- i nt e rv al
Description Sets the frequency with which the router is polled (in seconds). Default is 180 seconds
Parameters Enter a frequency in seconds
Example A CC 1( ro ut er -p ol li ng )# po ll i ng - in te r va l 1 80
with Syntax
Related Commands • (config) router-polling, on page 514
• (router-polling) router-polling enable, on page 514
• (router-polling) poll [protocol name(s)], on page 515
• (router-polling) router ip, on page 515
• (router-polling) snmp version, on page 516
• (router-polling) snmp community, on page 516
(router-polling) router ip
Command ACC1(router-polling)# ro ut e r ip ( x.x.x.x)
Description Sets the IP address of the router to be polled.
Parameters Enter a valid IP address
Example AC C1 (r ou te r- po ll in g) # ro ut e r ip ( 1 0 0 . 1 0 0 . 5 0 . 5 )
with Syntax
Related Commands • (config) router-polling, on page 514
• (router-polling) router-polling enable, on page 514
• (router-polling) poll [protocol name(s)], on page 515
• (router-polling) polling-interval, on page 515
• (router-polling) snmp version, on page 516
• (router-polling) snmp community, on page 516
516 A p pe n di x F: Command Line Interface
RIP Commands
The following commands are available:
(config) router rip, on page 517
(config-rip) authentication-mode enable, on page 518
(config-rip) authentication-key string, on page 518
(config-rip) network, on page 520
(config-rip) neighbor, on page 518
(config-rip) passive-mode enable, on page 520
(config-rip) rip-mode enable, on page 521
(config-rip) show, on page 521
(config-rip) neighbor
Command ACC1(config-rip)# n ei g hb or x. x. x .x
Description Defines a RIP neighbor for the Accelerator via the IP address.
Parameters Enter a valid IP address
Example ACC1(config-rip)# n ei g hb or x. x. x .x
with Syntax
(config-rip) network
Command AC C1 (c on fi g- ri p) # ne tw o rk ( i p a d d r e s s ) x . x. x . x
( s u b n e t m a s k ) x. x . x . x
Description Sets the networks that the Accelerator broadcasts to its RIP neighbors.
Parameters Enter a valid IP address and subnet mask
Example AC C1 (c on fi g- ri p) # network ( i p a d d r e s s ) x . x . x . x
with Syntax
( s u b n e t m a s k ) x. x . x . x
Related Commands • (config) router rip, on page 517
• (config-rip) authentication-mode enable, on page 518
• (config-rip) authentication-key string, on page 518
• (config-rip) network, on page 520
• (config-rip) neighbor, on page 518
• (config-rip) passive-mode enable, on page 520
• (config-rip) rip-mode enable, on page 521
• (config-rip) show, on page 521
(config-rip) show
Command ACC1(config-rip)# s h ow
Description Displays RIP settings
Parameters No additional parameters required
Example ACC1(config-rip)# s h ow
with Syntax
Related Commands • (config) router rip, on page 517
• (config-rip) authentication-mode enable, on page 518
• (config-rip) authentication-key string, on page 518
• (config-rip) network, on page 520
• (config-rip) neighbor, on page 518
• (config-rip) passive-mode enable, on page 520
• (config-rip) rip-mode enable, on page 521
522 A p pe n di x F: Command Line Interface
WCCP Commands
The following options are available:
(config) packet-interception wccp, on page 522
(packet interception WCCP) authentication, on page 523
(packet interception WCCP) priority, on page 523
(packet interception WCCP) router-ip, on page 524
(packet interception WCCP) show, on page 524
(packet interception WCCP) tcp-service id, on page 525
(packet interception WCCP) udp-service id, on page 526
(packet interception WCCP) wccp-mode, on page 526
Command ACC1(config)#p a ck et - in te r ce p ti on wc cp
Description Enters the WCCP configuration node.
Parameters No additional parameters required
Example ACC1(config)#p a ck et - in te r ce p ti on wc cp
with Syntax
Related • (packet interception WCCP) authentication, on page 523
Commands • (packet interception WCCP) priority, on page 523
• (packet interception WCCP) router-ip, on page 524
• (packet interception WCCP) show, on page 524
• (packet interception WCCP) tcp-service id, on page 525
• (packet interception WCCP) udp-service id, on page 526
• (packet interception WCCP) wccp-mode, on page 526
(config) dhcp
Command ACC1(config)#dh cp
Description Enters the DHCP node
Parameters Enable to enable, disable to disable
Example ACC1(config)#dhcp
with Syntax
Related Commands • (DHCP) enable, on page 528
• (DHCP) reload, on page 529
• (DHCP) show DHCP, on page 529
• (DHCP) show lease, on page 529
• (DHCP) test, on page 530
• (DHCP) upload, on page 530
(DHCP) enable
Command ACC1(DHCP)#en a bl e/ d is ab l e
Description Enables or disables the DHCP Server. Enabling the Server requires having a DHCP
configuration file. If this file does not exist, you are prompted to upload it. The DHCP
configuration file should be in the user_area, otherwise you have to use the copy
command to copy it. Alternatively, upload the DHCP configuration file via the WebUI,
thereby copying it directly to the user_area.
Parameters Enable to enable, disable to disable
Example AC C1 (D HC P) # enable
with Syntax
Related Commands • (config) dhcp, on page 528
• (DHCP) reload, on page 529
• (DHCP) show DHCP, on page 529
• (DHCP) show lease, on page 529
• (DHCP) test, on page 530
• (DHCP) upload, on page 530
(DHCP) reload
Command ACC1(DHCP)#r el o ad [path] [filename]
Description Reloads the DHCP configuration file from the user_area, if you want to update this file
with changes you have made in it.
Parameters Enter a valid path and filename
Example ACC1(DHCP)#reload/user_area/dhcp/dhcpfile
with Syntax
Related Commands • (config) dhcp, on page 528
• (DHCP) enable, on page 528
• (DHCP) show DHCP, on page 529
• (DHCP) show lease, on page 529
• (DHCP) test, on page 530
• (DHCP) upload, on page 530
(DHCP) test
Command ACC1(DHCP)#t es t [path] [filename]
Description Tests the syntax of the DHCP configuration file.
Parameters Enter a valid path and file name
Example ACC1(DHCP)#test/user_area/dhcp/dhcpfile
with Syntax
Related Commands • (config) dhcp, on page 528
• (DHCP) enable, on page 528
• (DHCP) reload, on page 529
• (DHCP) show DHCP, on page 529
• (DHCP) show lease, on page 529
• (DHCP) upload, on page 530
(DHCP) upload
Command ACC1(DHCP)#u pl o ad [path] [filename]
Description Uploads the DHCP configuration file from the user_area.
Parameters Enter a valid path and a file name.
Example ACC1(DHCP)#upload /user_area/dhcp/dhcpfile
with Syntax
Related Commands • (config) dhcp, on page 528
• (DHCP) enable, on page 528
• (DHCP) reload, on page 529
• (DHCP) show DHCP, on page 529
• (DHCP) show lease, on page 529
• (DHCP) test, on page 530
(config) web-acceleration
Command A C C1 (c o nf i g) #w e b- ac c el e ra ti o n
Description Enters Web-Acceleration configuration mode
Parameters No additional parameters needed
Example A C C1 (c o nf i g) # web-acceleration
with Syntax
Related Commands • (web-acceleration) cache clear, on page 533
• (web-acceleration) cancel, on page 534
• (web-acceleration) exit, on page 534
• (web-acceleration) http-acceleration, on page 534
• (web-acceleration) show, on page 535
• (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) cancel
Command AC C 1( c on fi g )# we b -a c ce le r at io n
Description Exits without updating web acceleration parameters
Parameters No additional parameters needed
Example AC C 1( c on fi g )# web-acceleration
with Syntax
Related Commands • (config) web-acceleration, on page 533
• (web-acceleration) cache clear, on page 533
• (web-acceleration) exit, on page 534
• (web-acceleration) http-acceleration, on page 534
• (web-acceleration) show, on page 535
• (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) exit
Command AC C1 ( we b- a cc e le ra t io n) # e x it
Description Exits the web acceleration node
Parameters No additional parameters needed
Example AC C1 ( we b- a cc e le ra t io n) # exit
with Syntax
Related Commands • (config) web-acceleration, on page 533
• (web-acceleration) cache clear, on page 533
• (web-acceleration) cancel, on page 534
• (web-acceleration) http-acceleration, on page 534
• (web-acceleration) show, on page 535
• (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) http-acceleration
Command A CC 1 (w eb - ac ce l er a ti on ) #h tt p -a c ce le r at io n
Description Enters the HTTP acceleration node.
Parameters No additional parameters are needed.
Example A CC 1 (w eb - ac ce l er a ti on ) # http-acceleration
with Syntax
Related Commands • (config) web-acceleration, on page 533
• (web-acceleration) cache clear, on page 533
• (web-acceleration) cancel, on page 534
• (web-acceleration) exit, on page 534
• (web-acceleration) show, on page 535
• (web-acceleration) tcp-acceleration, on page 535
• see HTTP Acceleration Commands, on page 536 for the HTTP Acceleration
Commands
(web-acceleration) show
Command AC C1 ( we b- a cc e le ra t io n) # sh ow
Description Displays Web-Acceleration parameters.
Parameters No additional parameters required
Example AC C1 ( we b- a cc e le ra t io n) # show
with Syntax
Related Commands • (config) web-acceleration, on page 533
• (web-acceleration) cache clear, on page 533
• (web-acceleration) cancel, on page 534
• (web-acceleration) exit, on page 534
• (web-acceleration) http-acceleration, on page 534
• (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) tcp-acceleration
Command AC C 1( w eb -a c ce le r at i on )# tc p- a cc e le ra t io n
Description Opens the TCP acceleration node
Parameters No additional parameters needed
Example AC C 1( w eb -a c ce le r at i on )# tcp-acceleration
with Syntax
Related • (config) web-acceleration, on page 533
Commands • (web-acceleration) cache clear, on page 533
• (web-acceleration) cancel, on page 534
• (web-acceleration) exit, on page 534
• (web-acceleration) http-acceleration, on page 534
• (web-acceleration) show, on page 535
536 A p pe n di x F: Command Line Interface
(web-acceleration) http-acceleration
Command AC C 1( w eb -a c ce le r at i on )# h tt p- a cc e le ra t io n
Description Enters the HTTP acceleration node.
Parameters No additional parameters are needed.
Example AC C 1( w eb -a c ce le r at i on )# http-acceleration
with Syntax
Related Commands • (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
538 A p pe n di x F: Command Line Interface
(http-acceleration) cache-auth-requests
Command A CC 1 (h tt p -a cc e le r at io n )# ca h ce - au th - re qu e st s
Description Allows you to enable or disable cache authenticated requests.
Parameters Enable to enable Disable to disable.
Example A CC 1 (h tt p -a cc e le r at io n )# cache-auth-requests
with Syntax
enable
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) cache-content
Command A CC 1 (h tt p -a cc e le r at io n )# ca c he - co nt e nt
[ en t er pr i se | in t er ne t | a l l]
Description Sets the type of content to be cached:
• Enterprise caches all traffic from links and virtual links.
• Internet caches all traffic on the non-link.
• All caches all link, virtual link and non-link traffic.
Parameters Enterprise, Internet or All, as described above.
Example A CC 1 (h tt p -a cc e le r at io n )# ca c he - co nt e nt all
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) cache-range
Command AC C 1( ht t p- a cc el e ra ti o n) #ca ch e -r an g e [ en ab l e
| d is ab l e]
Description Enables or disables (disabled by default) the cache range
Parameters Enable to enable, Disable to disable
Example AC C 1( ht t p- a cc el e ra ti o n) #ca ch e -r an g e enable
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
542 A p pe n di x F: Command Line Interface
(http-acceleration) cache-size
Command A C C1 (h t tp -a c ce l er at i on )# c ac h e- si z e [n u m b e r i n
MB]
Description Sets the size of the cache (between 1 and 60 GB). Default is 16 GB.
Parameters Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is
needed for each 1 GB of data cached.
Example A C C1 (h t tp -a c ce l er at i on )# c ac h e- si z e 16
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) cancel
Command A CC 1 (h tt p -a c ce le r at io n )# c an ce l
Description Exits the node without updating the parameters.
Parameters No additional parameters are necessary
Example A CC 1 (h tt p -a c ce le r at io n )# c an ce l
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
544 A p pe n di x F: Command Line Interface
(http-acceleration) connect-timeout
Command A CC 1 (h t tp -a c ce le r at i on )# c on ne c t- t im eo u t
[ nu m be r ]
Description Sets the amounts of time (in seconds, between 1 and 600) for a client to remain
connected with no traffic being cached. Default is 600 seconds.
Parameters Enter the time amount in seconds, as described above.
Example A CC 1 (h t tp -a c ce le r at i on )# connect-timeout 600
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) deny-content-encoding
Command A CC 1 (h t tp -a c ce le r at i on )# d en y- c on t en t-
e nc o di n g
Description Enables or disables web page content from being encoded.
Parameters Enable to enable Disable to disable.
Example A CC 1 (h t tp -a c ce le r at i on )# d en y- c on t en t-
with Syntax
e nc o di n g enable
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) exit
Command A CC 1( h tt p -a cc e le ra t io n )# ex i t
Description Exits the current node and returns to the node that is the parent node.
Parameters No additional parameters are necessary
Example A CC 1( h tt p -a cc e le ra t io n )# ex i t
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
548 A p pe n di x F: Command Line Interface
(http-acceleration) ie-refresh
Command A CC 1 (h t tp -a c ce le r at i on )# i e- re f re s h [e n ab le |
d is a bl e ]
Description Refreshes Internet Explorer.
Parameters Enable to enable, disable to disable.
Example A CC 1 (h t tp -a c ce le r at i on )# ie-refresh enable
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) log-level
Command A C C1 ( ht tp - ac ce l er a ti on ) #l og - le v el [ a le rt |
e r ro r | i n fo | wa r ni ng ]
Description You can set the Accelerator’s log file to accumulate events that occur in HTTP
Acceleration. To set the type of alerts to be accumulated, set the lowest level of alert to
be logged. By default, logging is disabled. When enabled, the default level is Error.
Parameters Enter the time ammount in seconds, as described above.
Example A C C1 ( ht tp - ac ce l er a ti on ) #l og - le v el error
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
552 A p pe n di x F: Command Line Interface
(http-acceleration) max-client-connect-time
Command AC C 1( ht t p- ac c el e ra ti o n) #m a x- c li en t -c on n ec t -
ti m e
Description Sets in minutes the time limit the client will remain connected to the cache process.
Parameters Enter the time ammount in minutes 1-5000.
Example AC C 1( ht t p- ac c el e ra ti o n) #m a x- c li en t -c on n ec t -
with Syntax
ti m e 300
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) no
Command A C C1 ( ht tp - ac ce l er a ti on ) #n o
Description Negates a command within a rule.
Parameters Enter a configured regular expression
Example A C C1 ( ht tp - ac ce l er a ti on ) # no rule direct avaya
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
556 A p pe n di x F: Command Line Interface
(http-acceleration) persistent-timeout
Command AC C 1( ht t p- ac c el er a ti o n) #p e rs is t en t -t im e ou t
<1 - 10 00 0 >
Description Allows persistent connections to be timed out.
Parameters Enter a value in seconds. 1-10000 seconds.
Example AC C 1( ht t p- ac c el er a ti o n) # persistent-timeout 1000
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) port
Command AC C 1( ht t p- a cc el e ra ti o n) # po rt [p or t n u mb er ]
Description Sets the default port on which HTTP traffic generally arrives. The default is 80.
Parameters Enter a valid port number
Example AC C 1( ht t p- a cc el e ra ti o n) # port 80
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
558 A p pe n di x F: Command Line Interface
(http-acceleration) port-transparency
Note: Preserving the port may have bad implications on outgoing traffic from the Web
i cache. On the other hand, you cannot activate the QoS mechanism according to the
source port, if the source port is not preserved.
Command AC C 1( ht t p- ac c el er a ti o n) #p o rt -t r an s pa re n cy
[e n ab le | di s ab le ]
Description This command configures whether the Client's original source port will be preserved. By
default, port transparency is disabled.
Parameters Enable to enable, disable to disable
Example AC C 1( ht t p- ac c el er a ti o n) #p o rt -t r an s pa re n cy
with Syntax
enable
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
i Note: After proxy was enabled, disabling DNS requires you to disable proxy first.
(http-acceleration) read-ahead
Command AC C 1( ht t p- a cc el e ra ti o n) #re ad - ah ea d
Description Enables or disables read-ahead
Parameters Enable to enable Disable to disable.
Example AC C 1( ht t p- a cc el e ra ti o n) # read-ahead enable
with Syntax
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) reset-to-default
Command AC C1 ( ht t p- ac c el er a ti o n) # r e se t- t o- d ef au l t
Description Erases the HTTP Acceleration configuration, including statistics, and resets all values to
the factory default settings.
Parameters Y to confirm N to deny.
Example AC C1 ( ht t p- ac c el er a ti o n) # reset-to-default
with Syntax
Th e c on f ig ur a ti on of HT TP ac ce l er a ti on wi ll
be e r as e d an d r es e t t o fa c to ry va l ue s. Ar e
yo u s ur e ? (Y / N) Y
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
564 A p pe n di x F: Command Line Interface
(http-acceleration) rule
Note: You should configure this command only if proxy server is configured. You can
i define multiple rules.
Note: The CLI does not allow regular expression using the following characters: # ‘ “ ,.
i A message error will be displayed as a result of any attempt to insert such a character.
Note: Before configuring a rule direct regular expression, you must configure in the
i client’s browser the same settings configured in the Accelerator.
Command A CC 1( h tt p -a cc e le ra t io n )# ru l e
Description Defining a regular expression that is valid on a URL. For example: rule direct avaya. When this rule is
applied, all requests for the avaya URL will be forwarded directly to the avaya server, without passing
through the proxy server.
Parameters Enter a valid URL
Example A CC 1( h tt p -a cc e le ra t io n )# rule direct avaya
with Syntax
Related • (web-acceleration) http-acceleration, on page 537
Commands • (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
(http-acceleration) show
Command A C C1 ( ht tp - ac ce l er a ti on ) #s ho w
Description Displays the settings of the specified rule or parameter
Parameters Enter the name of the rule or setting.
Example A C C1 ( ht tp - ac ce l er a ti on ) #s ho w direct avaya
with Syntax
A C C1 ( ht tp - ac ce l er a ti on ) #s ho w read-ahead
Related Commands • (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) tcp-acceleration, on page 566
• (http-acceleration) transparency, on page 567
566 A p pe n di x F: Command Line Interface
(http-acceleration) tcp-acceleration
Command AC C 1( ht t p- ac c el er a ti o n) #t c p- ac c el e rt io n
<e n ab le | di sa b le >
Description Enables or disables TCP Acceleration
Parameters Enable to enable, Disable to disable.
Example AC C 1( ht t p- ac c el er a ti o n) #t c p- ac c el e ra ti o n
with Syntax
enable.
Related Commands • TCP Acceleration Commands, on page 572, for additional TCP Acceleration
configuration options
• (web-acceleration) http-acceleration, on page 537
• (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) transparency, on page 567
(http-acceleration) transparency
Command AC C 1( h tt p- a cc el e ra t io n) # tr an s pa r en cy [a ut o |
se m i | f ul l ]
Description This command configures the status of the interception proxy.
You can configure the interception proxy as transparent, thereby preventing the detection
of the proxy server’s IP address by sniffing). The following statuses are possible:
• Semi - applying transparency only on the Client side.
• Full - applying transparency on both the Client and the server sides.
• Auto - setting the transparency status automatically according to deployment,
namely: Semi in On-LAN deployment and Full in On-Path deployment.
Parameters Semi, Full, or Auto as explained above.
Example AC C 1( h tt p- a cc el e ra t io n) # transparency full
with Syntax
Related • (web-acceleration) http-acceleration, on page 537
Commands • (http-acceleration) cache-auth-requests, on page 538
• (http-acceleration) cache clear, on page 539
• (http-acceleration) cache-content, on page 540
• (http-acceleration) cache-range, on page 541
• (http-acceleration) cache-size, on page 542
• (http-acceleration) cancel, on page 543
• (http-acceleration) connect-timeout, on page 544
• (http-acceleration) collect statistics, on page 545
• (http-acceleration) deny-content-encoding, on page 546
• (http-acceleration) exit, on page 547
• (http-acceleration) fetch job, on page 548
• (http-acceleration) http-acceleration enable, on page 549
• (http-acceleration) ie-refresh, on page 550
• (http-acceleration) log-level, on page 551
• (http-acceleration) max-client-connect-time, on page 552
• (http-acceleration) max cached-object-size, on page 553
• (http-acceleration) min cached-object-size, on page 554
• (http-acceleration) no, on page 555
• (http-acceleration) persistent-timeout, on page 556
• (http-acceleration) port, on page 557
• (http-acceleration) port-transparency, on page 558
• (http-acceleration) proxy outgoing host, on page 559
• (http-acceleration) read-ahead, on page 560
• (http-acceleration) read-ahead fetch-full-page, on page 561
• (http-acceleration) read-ahead operation-mode, on page 562
• (http-acceleration) reset-to-default, on page 563
• (http-acceleration) rule, on page 564
• (http-acceleration) show, on page 565
• (http-acceleration) tcp-acceleration, on page 566
568 A p pe n di x F: Command Line Interface
(config-fetch-job) cancel
Command A CC 1( c on f ig -f e tc h- j ob )#c an c el
Description Exits the current node without updating and returns to the parent node.
Parameters No additional parameters required.
Example A CC 1( c on f ig -f e tc h- j ob )#c an c el
with Syntax
Related Commands • (http-acceleration) fetch job, on page 569
• (config-fetch-job) exit, on page 569
• (config-fetch-job) no, on page 570
• (config-fetch-job) schedule, on page 570
• (config-fetch-job) show, on page 571
• (config-fetch-job) url, on page 571
(config-fetch-job) exit
Command A CC 1( c on f ig -f e tc h- j ob )#e xi t
Description Exits the current node and returns to the parent node.
Parameters No additional parameters required.
Example A CC 1( c on f ig -f e tc h- j ob )#e xi t
with Syntax
Related Commands • (http-acceleration) fetch job, on page 569
• (config-fetch-job) cancel, on page 569
• (config-fetch-job) no, on page 570
• (config-fetch-job) schedule, on page 570
• (config-fetch-job) show, on page 571
• (config-fetch-job) url, on page 571
570 A p pe n di x F: Command Line Interface
(config-fetch-job) no
Command A CC 1 (c o nf ig - fe tc h -j o b) #n o < co m ma n d>
Description Removes commands
Parameters Command that you want to remove
Example A CC 1 (c o nf ig - fe tc h -j o b) #n o url www.expand.com
with Syntax
To delete an entire fetch job, exit to the HTTP acceleration node and apply the
command no fetch job <job number|job name>
Related Commands • (http-acceleration) fetch job, on page 569
• (config-fetch-job) cancel, on page 569
• (config-fetch-job) exit, on page 569
• (config-fetch-job) schedule, on page 570
• (config-fetch-job) show, on page 571
• (config-fetch-job) url, on page 571
(config-fetch-job) schedule
Command A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e
< im m ed i at e| n on e| o nc e |r ec u rr in g >
Description Schedules the fetch job according to the parameters defined.
Parameters Enter one of the following options
• none—the job is created, but does not run
• immediate—occurs one time, immediately
• once at—occurs one time on a specific date at a specific hour
• once in—occurs one time at a specific hour in X amount of days
• recurring daily—occurs every day at a specific hour
• recurring weekly—occurs once very week on a specific day and a specific
hour
• recurring monthly —occurs once a month on a specific date and hour (not
recommended to set this to 31, as not every month has 31 days).
Example A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e once at 11:45
with Syntax
This will run the job one time at 11:45
A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e recurring
weekly monday 11:45
This will run the job every Monday at 11:45
Related Commands • (http-acceleration) fetch job, on page 569
• (config-fetch-job) cancel, on page 569
• (config-fetch-job) exit, on page 569
• (config-fetch-job) no, on page 570
• (config-fetch-job) show, on page 571
• (config-fetch-job) url, on page 571
(config-fetch-job) show
Command A CC 1( c on f ig -f e tc h- j ob )#s ho w
Description Shows the parameters for all fetch jobs
Parameters No additional parameters required
Example A CC 1( c on f ig -f e tc h- j ob )#s ho w
with Syntax
Related Commands • (http-acceleration) fetch job, on page 569
• (config-fetch-job) cancel, on page 569
• (config-fetch-job) exit, on page 569
• (config-fetch-job) no, on page 570
• (config-fetch-job) schedule, on page 570
• (config-fetch-job) url, on page 571
(config-fetch-job) url
Command A CC 1( c on f ig -f e tc h- j ob )#u rl
Description Defines the URL to use for the fetch job.
Parameters Enter a valid complete URL.
You may add multiple URLs. To delete a URL, use the no command.
Example A CC 1( c on f ig -f e tc h- j ob )#u rl www.expand.com
with Syntax
Related Commands • (http-acceleration) fetch job, on page 569
• (config-fetch-job) cancel, on page 569
• (config-fetch-job) exit, on page 569
• (config-fetch-job) no, on page 570
• (config-fetch-job) schedule, on page 570
• (config-fetch-job) show, on page 571
572 A p pe n di x F: Command Line Interface
(conf) tcp-acceleration
Command A CC 1( c on f )# tc p -a cc e le r at io n
Description Opens the TCP acceleration node.
Parameters No additional parameters needed.
Example A CC 1( w eb - ac ce l er at i on ) # tcp-acceleration
with Syntax
Related • (tcp-acc) acknowledge packet rate, on page 573
Commands • (tcp-acc) congestion-control, on page 574
• (tcp-acc) exclude, on page 575
• (tcp-acc) show, on page 575
• (tcp-acc) tcp-acceleration enable, on page 576
• (tcp-acc) typical-acceleration rate, on page 576
• (tcp-acc) typical round-trip, on page 577
• (tcp-acc) window receive, on page 577
• (tcp-acc) window send, on page 578
(tcp-acc) congestion-control
Command AC C 1( tc p -a c c) # c on ge s ti o n- co n tr ol
[n o ne |s t an d ar d| v eg as ]
Description Selects the type of congestion control to be used.
Parameters Choose from one of the following:
• None—no congestion avoidance is used
• Standard—the congestion avoidance conforms to the standard TCP/IP protocol
(Reno)
• Vegas—TCP Vegas reduces latency and increases overall through-out, by carefully
matching the sending rate to the rate at which packets are successfully being
transmitted by the network. The Vegas algorithm maintains shorter queues, and is
therefore suitable either for low-bandwidth-delay paths, such as DSL, where the
sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths,
where recovering from losses is an extremely time-consuming process for the
sender. The shorter queues should also enhance the performance of other flows
that traverse the same bottlenecks.
Example AC C 1( tc p -a c c) # c on ge s ti o n control vegas
with Syntax
Related • (conf) tcp-acceleration, on page 572
Commands • (tcp-acc) acknowledge packet rate, on page 573
• (tcp-acc) exclude, on page 575
• (tcp-acc) show, on page 575
• (tcp-acc) tcp-acceleration enable, on page 576
• (tcp-acc) typical-acceleration rate, on page 576
• (tcp-acc) typical round-trip, on page 577
• (tcp-acc) window receive, on page 577
• (tcp-acc) window send, on page 578
(tcp-acc) exclude
Command A CC 1( t cp - ac c) ex cl u de [c li e nt |s e rv e r| wo r d| IP ]
Description Adds a server or client to the exclude list.
Parameters • Client - choose client to exclude the client
• Server - choose server to exclude the server
• Word - server’s logical name
• IP - IP address of the server or subnet
Example A CC 1( t cp - ac c) # e xc l ud e 120.44.10.2
with Syntax
Related • (conf) tcp-acceleration, on page 572
Commands • (tcp-acc) acknowledge packet rate, on page 573
• (tcp-acc) congestion-control, on page 574
• (tcp-acc) show, on page 575
• (tcp-acc) tcp-acceleration enable, on page 576
• (tcp-acc) typical-acceleration rate, on page 576
• (tcp-acc) typical round-trip, on page 577
• (tcp-acc) window receive, on page 577
• (tcp-acc) window send, on page 578
(tcp-acc) show
Command A C C1 (t c p- ac c )# s ho w
Description Shows the TCP Acceleration data.
Parameters No additional parameters required.
Example A C C1 (t c p- ac c )# show
with Syntax
Related • (conf) tcp-acceleration, on page 572
Commands • (tcp-acc) acknowledge packet rate, on page 573
• (tcp-acc) congestion-control, on page 574
• (tcp-acc) exclude, on page 575
• (tcp-acc) tcp-acceleration enable, on page 576
• (tcp-acc) typical-acceleration rate, on page 576
• (tcp-acc) typical round-trip, on page 577
• (tcp-acc) window receive, on page 577
• (tcp-acc) window send, on page 578
576 A p pe n di x F: Command Line Interface
(tcp-acceleration) keepalive
Command A CC 1 (t c p- ac c ) ke e pa l iv e [ di sa b le | en ab l e]
Description Enables or disables Keep Alive messaging.
Parameters Choose Enable to enable, Disable to disable.
Example A CC 1 (t c p- ac c )# k e ep a li ve enable
with Syntax
Related • (tcp-acceleration) keepalive direction, on page 579
Commands • (tcp-acc) keepalive interval, on page 580
• (tcp-acc) keepalive probes, on page 580
• (tcp-acc) keepalive time, on page 580
(web-acceleration) ftp-acceleration
Command AC C1 ( we b -a cc e le ra t io n )# ft p -a cc e le r at io n
Description Enters the FTP acceleration node.
Parameters No additional parameters are necessary.
Example AC C1 ( we b -a cc e le ra t io n )# ftp-acceleration
with Syntax
Related Commands • (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
582 A p pe n di x F: Command Line Interface
(ftp-acceleration) cache-content
Command A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t
[ e nt e rp ri s e | i nt e rn et | al l ]
Description Sets the type of content to be cached:
Enterprise caches all traffic from links and virtual links.
Internet caches all traffic on the non-link.
All caches all link, virtual link and non-link traffic.
Parameters Enter a valid content type as described above.
Example A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t a ll
with Syntax
Related Commands • (web-acceleration) ftp-acceleration, on page 581
• (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) cache-per-user
Command AC C1 ( ft p -a cc e le ra t io n) # cache-per-user [enable
| disable]
Description Enables/disables the allocation of cache memory per a specific user.
Parameters Enable to enable, Disable to disable
Example AC C1 ( ft p -a cc e le ra t io n) # cache-per-user enable
with Syntax
Related Commands • (web-acceleration) ftp-acceleration, on page 581
• (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) cache-size
Command A CC 1( f tp -a c ce l er at i on )# c ac h e- si z e [ n um b er i n
M B]
Description Sets the size of the cache (between 1 and 60 GB). Default is 50 GB.
Approximately 360 KB + 8 MB of RAM is needed for each 1 GB of data cached
Parameters Enter a valid size as described above.
Example A CC 1( f tp -a c ce l er at i on )# cache-size 50
with Syntax
Related Commands • (web-acceleration) ftp-acceleration, on page 581
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) connect-timeout
Command AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t
[n u mb e r]
Description Sets the amount of time (in seconds, between 1 and 600) for a client to remain
connected with no traffic being cached. Default is 60 seconds.
Parameters Enter a valid time as described above.
Example AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t 60
with Syntax
Related Commands • (web-acceleration) ftp-acceleration, on page 581
• (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
584 A p pe n di x F: Command Line Interface
(ftp-acceleration) ftp-acceleration
Command A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on
[ en ab l e | d is a bl e]
Description Enables/disables FTP Acceleration. By default FTP Acceleration is disabled.
Parameters Enable to enable, Disable to disable.
Example A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on
with Syntax
d is ab l e
Related Commands • (web-acceleration) ftp-acceleration, on page 581
• (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) localization
Command AC C1 ( ft p -a cc e le ra t io n )# lo c al iz a ti o n [e n ab le
| di s ab l e]
Description Lets you enable or disable the option to view files in languages that require Unicode
characters, such as Chinese.
Parameters Enable to enable, Disable to disable.
Example AC C1 ( ft p -a cc e le ra t io n ) #localization enable
with Syntax
Related Commands • (web-acceleration) ftp-acceleration, on page 581
• (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) transparency, on page 585
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) transparency
Command AC C 1( f tp -a c ce le r at i on )# t ra ns p ar e nc y [ au to |
se m i | f ul l ]
Description This command configures the status of the interception proxy.
You can configure the interception proxy as transparent, thereby preventing the detection
of the proxy server’s IP address by sniffing). The following statuses are possible:
• Semi - applying transparency only on the Client side.
• Full - applying transparency on both the Client and the server sides.
• Auto - setting the transparency status automatically according to deployment,
namely: Semi in On-LAN deployment and Full in On-Path deployment.
Parameters Semi, Full, or Auto as explained above.
Example AC C 1( f tp -a c ce le r at i on )# transparency full
with Syntax
Related • (web-acceleration) ftp-acceleration, on page 581
Commands • (ftp-acceleration) cache-size, on page 583
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) cache-per-user, on page 582
• (ftp-acceleration) ftp-acceleration, on page 584
• (ftp-acceleration) min cached-object-size, on page 585
• (ftp-acceleration) localization, on page 584
• (ftp-acceleration) transparency exclude, on page 586
• (ftp-acceleration) transparency excluded-servers, on page 586
586 A p pe n di x F: Command Line Interface
A CC 1 # co n fi gu r e t er mi n al
A CC 1 (c on f ig )# ro u te r r ip
A CC 1 (c on f ig -r i p) # a ut h en ti c at i on -m o de m d 5
A CC 1 (c on f ig -r i p) # a ut h en ti c at i on -k e y ac c el e ra to r
A CC 1 (c on f ig -r i p) # n ei g hb or 30 . 0. 0. 0 /8
A CC 1 # co n fi gu r e t er mi n al
A CC 1 (c on f ig )# su b ne ts
A CC 1 (S UB N ET S) # ne t wo rk 30 .0 . 0. 0 2 55 . 25 5. 0 .0
A CC 1 (S UB N ET S) # no t -a dv e rt is e 3 0 .0 .0 . 0 25 5 .2 5 5. 0. 0
A CC 1 (S UB N ET S) # ex i t
588 A p pe n di x F: Command Line Interface
(config) monitored-application
Command ACC1(config)# m o ni t or ed - ap pl i ca t io n [ application
name] no r ma l [ link number | Total]
Description Sets a specified application to be monitored over a certain link or over all links.
Parameters Enter the application name and link number
Example ACC1(config)# m o ni t or ed - ap pl i ca t io n [ application
with Syntax
name] no r ma l [ link number | Total]
Related Commands • (config) show application, on page 589
• (config) show discovered, on page 589
• (config) show interface link, on page 590
• (config) show traffic-discovery, on page 590
• (statistic) discover, on page 591
• (config) [application name] statistics-history, on page 591
• (config) clear counters link, on page 592
(statistic) discover
Command ACC1(statistic)# d is co v er [ h tt p | c i tr ix ]
[ en a bl e | d i sa bl e ]
Description Enables traffic discovery of HTTP or Citrix traffic traversing the network.
Parameters Enter the name of the link.
Example A CC 1( st at is tic )# discover http enable
with Syntax
Related Commands • (config) monitored-application, on page 588
• (config) show application, on page 589
• (config) show discovered, on page 589
• (config) show interface link, on page 590
• (config) show traffic-discovery, on page 590
• (config) [application name] statistics-history, on page 591
• (config) clear counters link, on page 592
NetFlow Commands
netflow
Command ACC1# ne tf l ow
ACC1(netflow)# i p f l ow -e x po rt [x . x. x. x ] po r t
[1 to 6 5 53 5] ve r si on [5 ]i n te rf a ce et he r ne t
[0 , 0 /0 , 0 /1 ] t e mp la t e [f u ll , l on g , sh o rt ]
Description Sets the Accelerator to forward all statistic information to the NetFlow server for
monitoring and analysis.
Enter the IP address and port number of the NetFlow collector, as well as the NetFlow
version number. In addition, enter the interface ethernet to be monitored (the LAN
interface Ethernet).
For more information on NetFlow statistics collected, see NetFlow Monitored
Statistics, on page 323, on page 357
Parameters Enable to enable, Disable to disable
Example ACC1# ne tf l ow
with Syntax
ACC1(netflow)# i p f l ow -e x po rt 100.100.10.5
po r t 80 v er s io n [ 5] in t er f ac e e th er n et 0
te m pl at e full
Related Commands Setting the Max Queue Length, on page 593
QoS Commands
The following lists the commands necessary to perform QoS configuration as
described above via the CLI.
The following configurations are available:
(config) application name, on page 595
(config) application l-7 name http, on page 596
(config) decision, on page 597
(config) policy-rule global, on page 598
(config) policy-rule link number, on page 599
(config) show application, on page 600
(config) wan, on page 601
(decision) match application, on page 602
(decision) set accelerate, on page 603
(decision) set tunnel, on page 604
(rule) match, on page 605
(rule) set policy pass-through, on page 607
(rule) set policy priority, on page 608
(rule) set policy rate burst enable, on page 609
(rule) set policy rate desired number, on page 610
(rule) set policy rate limit number, on page 611
(WAN) strict-priority, on page 612
(WAN) burst, on page 613
(config) decision
Command ACC1(config)#d ec i si on
Description Enters the Decision node
Parameters No additional Parameters
Example ACC1(config)#d ec i si on
with Syntax
Related Commands • (config) application name, on page 595
• (config) application l-7 name http, on page 596
• (config) policy-rule global, on page 598
• (config) policy-rule link number, on page 599
• (config) show application, on page 600
• (config) wan, on page 601
• (decision) match application, on page 602
• (decision) set accelerate, on page 603
• (decision) set tunnel, on page 604
• (rule) match, on page 605
• (rule) set policy pass-through, on page 607
• (rule) set policy priority, on page 608
• (rule) set policy rate burst enable, on page 609
• (rule) set policy rate desired number, on page 610
• (rule) set policy rate limit number, on page 611
• (WAN) strict-priority, on page 612
• (WAN) burst, on page 613
598 A p pe n di x F: Command Line Interface
(config) wan
Command ACC1(config)#w a n [name] /[default]
Description Enters the WAN node
Parameters WAN name.
Example ACC1(config)#w a n
with Syntax
Related Commands • (config) application name, on page 595
• (config) application l-7 name http, on page 596
• (config) decision, on page 597
• (config) policy-rule global, on page 598
• (config) policy-rule link number, on page 599
• (config) show application, on page 600
• (decision) match application, on page 602
• (decision) set accelerate, on page 603
• (decision) set tunnel, on page 604
• (rule) match, on page 605
• (rule) set policy pass-through, on page 607
• (rule) set policy priority, on page 608
• (rule) set policy rate burst enable, on page 609
• (rule) set policy rate desired number, on page 610
• (rule) set policy rate limit number, on page 611
• (WAN) strict-priority, on page 612
• (WAN) burst, on page 613
602 A p pe n di x F: Command Line Interface
(rule) match
Command ACC1(rule)#ma t ch
a pp li c at io n [ name o r l - 7 name]
i p [a n y, s o ur c e, d e st in a ti o n] x . x. x. x t o s
b it s
Description Defines the filter for what type of traffic is handled by this rule per IP, tos bits and/or
application name.
Parameters Enter the application name and a valid IP address
Example ACC1(rule)#ma t ch
with Syntax
a pp li c at io n [ name o r l - 7 name]
i p [a n y, s o ur c e, d e st in a ti o n] x . x. x. x t o s
b it s
Related Commands • (config) application name, on page 595
• (config) application l-7 name http, on page 596
• (config) decision, on page 597
• (config) policy-rule global, on page 598
• (config) policy-rule link number, on page 599
• (config) show application, on page 600
• (config) wan, on page 601
• (decision) match application, on page 602
• (decision) set accelerate, on page 603
• (decision) set tunnel, on page 604
• (rule) set policy pass-through, on page 607
• (rule) set policy priority, on page 608
• (rule) set policy rate burst enable, on page 609
• (rule) set policy rate desired number, on page 610
• (rule) set policy rate limit number, on page 611
• (WAN) strict-priority, on page 612
• (WAN) burst, on page 613
606 A p pe n di x F: Command Line Interface
(WAN) strict-priority
Command AC C 1( WA N )# st r ic t -p ri o ri ty [e n ab le | di sa b le ]
[i n bo un d |o ut b ou n d| bo t h]
Description Sets strict-priority for inbound and/or outbound traffic.
Parameters • Inbound for inbound
• Outbound for outbound
• Both for both
Example AC C 1( WA N )# st r ic t -p ri o ri ty enable both
with Syntax
Related Commands • (config) application name, on page 595
• (config) application l-7 name http, on page 596
• (config) decision, on page 597
• (config) policy-rule global, on page 598
• (config) policy-rule link number, on page 599
• (config) show application, on page 600
• (config) wan, on page 601
• (decision) match application, on page 602
• (decision) set accelerate, on page 603
• (decision) set tunnel, on page 604
• (rule) match, on page 605
• (rule) set policy pass-through, on page 607
• (rule) set policy priority, on page 608
• (rule) set policy rate burst enable, on page 609
• (rule) set policy rate desired number, on page 610
• (rule) set policy rate limit number, on page 611
• (WAN) burst, on page 613
(WAN) burst
Command ACC1(WAN)#b u rs t [ nu mb e r]
Description Enables bursts on the WAN up to the set bandwidth (1 to 1000000).
Parameters Enter the bandwidth
Example ACC1(WAN)#b u rs t [ nu mb e r]
with Syntax
Related Commands • (config) application name, on page 595
• (config) application l-7 name http, on page 596
• (config) decision, on page 597
• (config) policy-rule global, on page 598
• (config) policy-rule link number, on page 599
• (config) show application, on page 600
• (config) wan, on page 601
• (decision) match application, on page 602
• (decision) set accelerate, on page 603
• (decision) set tunnel, on page 604
• (rule) match, on page 605
• (rule) set policy pass-through, on page 607
• (rule) set policy priority, on page 608
• (rule) set policy rate burst enable, on page 609
• (rule) set policy rate desired number, on page 610
• (rule) set policy rate limit number, on page 611
• (WAN) strict-priority, on page 612
614 A p pe n di x F: Command Line Interface
RAID Commands
For general information on RAID, see About RAID, on page 308. The 6950 has 2
RAID arrays with up to two disks. The 79xx has 1 RAID array and up to 8 disks.
Your specific Accelerator, may be configured differently.
The following commands are available:
(config) raid, on page 614
(RAID) add-disk, on page 614
(RAID) exit, on page 615
(RAID) remove-disk, on page 615
(RAID) show, on page 616
(config) raid
Command Acc(config)# r ai d
Description Enters the RAID node
Parameters No additional parameters are necessary
Example Acc(config)# r ai d
with Syntax
Related Commands • (RAID) add-disk, on page 614
• (RAID) exit, on page 615
• (RAID) remove-disk, on page 615
• (RAID) show, on page 616
(RAID) add-disk
Command A cc 2 3- 79 4 0( RA I D) a dd -d i sk [ d is k -n am e ]
Description Adds a disk to the RAID array.
Parameters Enter the disk name, HDD01 for example
Example A cc 2 3- 79 4 0( RA I D) add-disk HDD01
with Syntax
Related Commands • (config) raid, on page 614
• (RAID) exit, on page 615
• (RAID) remove-disk, on page 615
• (RAID) show, on page 616
(RAID) exit
Command Ac c( R AI D) ex i t
Description Exits the RAID menu and returns to the Configuration Menu.
Parameters No additional parameters needed
Example Ac c( R AI D) exit
with Syntax
Related Commands • (config) raid, on page 614
• (RAID) add-disk, on page 614
• (RAID) remove-disk, on page 615
• (RAID) show, on page 616
(RAID) remove-disk
Command A cc (R A ID ) r em o ve -d i sk [d is k -n am e ]
Description Removes a disk from the RAID array.
Parameters Enter the disk name, HDD01 for example
Example A cc (R A ID ) remove-disk HDD01
with Syntax
Related Commands • (config) raid, on page 614
• (RAID) add-disk, on page 614
• (RAID) exit, on page 615
• (RAID) show, on page 616
616 A p pe n di x F: Command Line Interface
(RAID) show
This command allows you to view the RAID array list and the disk list that are
included in the RAID array. This list is dependent on the model of Accelerator that
you have deployed.
Note: Should the status of the RAID disk be displayed as dirty, no errors it is not
i indicative of a problem.
Command A cc 23 - 79 40 ( RA I D) sh o w
Description Shows the RAID Arrays list and the Disk List (list will be different for each Accelerator)
Parameters No additional parameters are necessary
Example A cc 23 - 79 40 ( RA I D) show raid arr0
with Syntax
Related Commands • (config) raid, on page 614
• (RAID) add-disk, on page 614
• (RAID) exit, on page 615
• (RAID) remove-disk, on page 615
A similar screen is shown:
A c c2 3- 7 94 0( R AI D ) show raid arr0
T h is o p er at i on ma y t ak e a f e w se c on ds . P l ea se be p a ti e nt ..
A r ra y T yp e. . .. . .. .. . .. .. . .. . .. .. . .R AI D 1
A r ra y S ta te . .. . .. .. . .. .. . .. . .. .. . .d ir t y, no -e r ro rs
A r ra y S iz e. . .. . .. .. . .. .. . .. . .. .. . .4 88 2 79 4 88
A r ra y N um be r O f D ev i ce s. . .. . .. .. . .1
A r ra y A ct iv e D e vi ce s .. .. . .. . .. .. . .1
A r ra y F ai le d D e vi ce s .. .. . .. . .. .. . .0
A r ra y S pa re De v ic es . .. .. . .. . .. .. . .0
A r ra y D ev ic e L i st :
A r ra y D ev ic e 0 . .. .. . .. .. . .. . .. .H D D0 0
A r ra y D ev ic e 1 . .. .. . .. .. . .. . .. .H D D0 1
(Conf) dns-acceleration
Command A CC 1 (c on f )# Dn s -a c ce le r at io n
Description Enables/disables DNS Acceleration. By default DNS Acceleration is disabled.
Parameters Enable to enable, Disable to disable
Example A CC 1 (c on f )# Dn s -a c ce le r at io n
with Syntax
Related Commands • (Conf) dns-acceleration, on page 624
• (DNS-ACC) cache clear, on page 625
• (DNS-ACC) cache size, on page 625
• (DNS-ACC) dns-acceleration, on page 626
• (DNS-ACC) Dns-masquerading, on page 626
• (DNS-ACC) ip host, on page 627
• (DNS-ACC) ip host purge, on page 627
• (DNS-ACC) min TTL, on page 628
• (DNS-ACC) query timeout, on page 628
• (DNS-ACC) show cache, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) dns-acceleration
Command A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n [ en a bl e |
d is a bl e]
Description Enables/disables DNS Acceleration. By default DNS Acceleration is disabled.
Parameters Enable to enable, Disable to disable
Example A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n enable
with Syntax
Related Commands • (Conf) dns-acceleration, on page 624
• (DNS-ACC) cache clear, on page 625
• (DNS-ACC) cache size, on page 625
• (DNS-ACC) Dns-masquerading, on page 626
• (DNS-ACC) ip host, on page 627
• (DNS-ACC) ip host purge, on page 627
• (DNS-ACC) min TTL, on page 628
• (DNS-ACC) query timeout, on page 628
• (DNS-ACC) show cache, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) Dns-masquerading
Command A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng [ e na bl e |
d i sa bl e ]
Description Enables/disables DNS masquerading. By default DNS masquerading is disabled.
Parameters Enable to enable, Disable to disable
Example A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng enable
with Syntax
Related Commands • (Conf) dns-acceleration, on page 624
• (DNS-ACC) cache clear, on page 625
• (DNS-ACC) cache size, on page 625
• (DNS-ACC) dns-acceleration, on page 626
• (DNS-ACC) ip host, on page 627
• (DNS-ACC) ip host purge, on page 627
• (DNS-ACC) min TTL, on page 628
• (DNS-ACC) query timeout, on page 628
• (DNS-ACC) show cache, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) ip host
Command A C C1 (D N S- AC C )# i p ho s t [W O RD ] [I P]
Description Lets you define a static host-name to address, by using the WORD parameter followed
by an IP address.
Parameters Enter the site name and the correct IP address.
Example A C C1 (D N S- AC C )# i p ho s t mysite 100.100.20.5
with Syntax
Related Commands • (Conf) dns-acceleration, on page 624
• (DNS-ACC) cache clear, on page 625
• (DNS-ACC) cache size, on page 625
• (DNS-ACC) dns-acceleration, on page 626
• (DNS-ACC) Dns-masquerading, on page 626
• (DNS-ACC) ip host purge, on page 627
• (DNS-ACC) min TTL, on page 628
• (DNS-ACC) query timeout, on page 628
• (DNS-ACC) show cache, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) transparency
Command A C C1 (D N S- A CC )# t ra ns p ar e nc y [ au to | f ul l |
s e mi ]
Description Lets you set your requested transparency mode:
• Semi - the traffic is transparent to the Client, but the server sees it as coming
from the Accelerator.
• Full - the traffic is transparent to both the Client and the Server.
• Auto - the transparency is determined automatically according to the
deployment level: either Semi (in On-LAN deployment) or Full (in On-Path
deployment). The default value is Auto.
Parameters Enter a valid transparency mode as described above.
Example A C C1 (D N S- A CC )# t ra ns p ar e nc y auto
with Syntax
Related Commands • (Conf) dns-acceleration, on page 624
• (DNS-ACC) cache clear, on page 625
• (DNS-ACC) cache size, on page 625
• (DNS-ACC) dns-acceleration, on page 626
• (DNS-ACC) Dns-masquerading, on page 626
• (DNS-ACC) ip host, on page 627
• (DNS-ACC) ip host purge, on page 627
• (DNS-ACC) min TTL, on page 628
• (DNS-ACC) query timeout, on page 628
• (DNS-ACC) show cache, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) use-accelerator-dns
Command A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s [ e na bl e |
d i sa bl e ]
Description Enables/disables the use of Accelerator DNS, thereby defining the Accelerator as a
DNS client. By so doing, the Accelerator will always intercept traffic and use its setting
to process the traffic, even if that traffic was sent to another DNS server.
If you enable the use of Accelerator DNS, you have to configure an IP name server
under the DNS node.
Parameters Enable to enable, Disable to disable.
Example A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s enable
with Syntax
Related Commands • (Conf) dns-acceleration, on page 624
• (DNS-ACC) cache clear, on page 625
• (DNS-ACC) cache size, on page 625
• (DNS-ACC) dns-acceleration, on page 626
• (DNS-ACC) Dns-masquerading, on page 626
• (DNS-ACC) ip host, on page 627
• (DNS-ACC) ip host purge, on page 627
• (DNS-ACC) min TTL, on page 628
• (DNS-ACC) query timeout, on page 628
• (DNS-ACC) show cache, on page 629
• (DNS-ACC) show statistics, on page 629
• (DNS-ACC) show statistics, on page 629
632 A p pe n di x F: Command Line Interface
(crypto) ipsec
Command A CC 1 (c r yp to ) #i ps e c
Description Lets you enter the IPsec node
Parameters No additional parameters required.
Example A CC 1 (c r yp to ) #i ps e c
with Syntax
Related Commands • (config) show crypto, on page 632
• (config) show interface link, on page 633
• (config) show running-config, on page 633
• (crypto) show tech-encryption, on page 634
• (ike_policy) description, on page 635
• (ike_policy) esp-algorithm, on page 635
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ipsec) ike-policy, on page 637
(ike_policy) description
Command A CC 1( i ke _ po li c y) #d e sc r ip ti o n [W O RD ]
Description Lets you add a description to the IKE policy.
Parameters Legal text string. Use underscores in place of spaces.
Example A CC 1( i ke _ po li c y) #d e sc r ip ti o n th i s_ d es cr i pt io n
with Syntax
Related • (config) show crypto, on page 632
Commands • (config) show interface link, on page 633
• (config) show running-config, on page 633
• (crypto) ipsec, on page 634
• (crypto) show tech-encryption, on page 634
• (ike_policy) esp-algorithm, on page 635
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ipsec) ike-policy, on page 637
(ike_policy) esp-algorithm
Command A C C1 (i k e_ po l ic y )# es p -a lg o ri t hm
< 1 -3 >
Description Lets you set the ESP algorithm for the IKE policy.
Parameters Pick an order from 1-3.
Example A C C1 (i k e_ po l ic y )# esp-algorithm 2
with Syntax
Related Commands • (config) show crypto, on page 632
• (config) show interface link, on page 633
• (config) show running-config, on page 633
• (crypto) ipsec, on page 634
• (crypto) show tech-encryption, on page 634
• (ike_policy) description, on page 635
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ipsec) ike-policy, on page 637
636 A p pe n di x F: Command Line Interface
(ipsec) ike-policy
Command AC C1 ( ip s ec )# i ke -p o li c y
Description Lets you enter the IKE policy node.
Parameters No additional parameters required.
Example AC C1 ( ip s ec )# i ke -p o li c y
with Syntax
Related Commands • (config) show crypto, on page 632
• (config) show interface link, on page 633
• (config) show running-config, on page 633
• (crypto) ipsec, on page 634
• (crypto) show tech-encryption, on page 634
• (ike_policy) description, on page 635
• (ike_policy) esp-algorithm, on page 635
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
• (ike_policy) pre-shared key, on page 636
638 A p pe n di x F: Command Line Interface
ARP Commands
This section contains the following configurations:
(config) arp, on page 638
(config) arp cache limits, on page 638
(config) arp cache max-size, on page 639
(config) arp clear-table, on page 639
(config) arp
Command ACC1(config)#a r p [ IP a d dr es s x .x . x. x ] [M A C
ad dr e ss x x: x x: xx : xx : xx :x x ]
Description Sets manual ARP cache entries
Parameters Enter a valid IP address and MAC address.
Example ACC1(config)#a r p I P ad d re ss 100.100.50.2 MA C
with Syntax
Ad dr e ss 00:06:5B:15:04:B4
Related Commands • (config) arp cache limits, on page 638
• (config) arp cache max-size, on page 639
• (config) arp clear-table, on page 639
Additional Commands
This section contains the following configuration commands:
(config) HSRP, on page 640
(config) HSRP autodetect, on page 641
(config) interface ethernet 0, on page 642
(config) interface vlan, on page 642
(config) VRRP, on page 643
(config) wan, on page 643
(interface) bridged-state disable, on page 644
(interface) ip address, on page 644
(interface) link-mode, on page 645
(config) HSRP
ACC1(config)#H SR P 20
a ut h en ti c at i on myauthentication
f or c e- pr i or i ty
i p 100.100.50.2
j oi n
p re e mp t
p ri o ri ty 1
t im e rs
v ir t ua l- m ac F:F:F:F:F:F:F:
v la n 2
(config) VRRP
Command A C C1 (c o nf i g) #V R RP [ n um b er ]
Description Sets manual configuration of VRRP
Parameters Enter the following parameters:
• ip (update IP address- create group if it does not exist)
• preempt
• priority [number 0 - 254]
• timer
Example A C C1 (c o nf i g) #V R RP [ n um b er ]
with Syntax
i p 1 .1 . 1. 1
p r ee mp t
p r io ri t y 100
t i me r
Related Commands • (config) HSRP, on page 640
• (config) HSRP autodetect, on page 641
• (config) interface ethernet 0, on page 642
• (config) interface vlan, on page 642
• (config) wan, on page 643
• (interface) bridged-state disable, on page 644
• (interface) ip address, on page 644
• (interface) link-mode, on page 645
(config) wan
Command ACC1(config)#w an [name]
Description Creates a new WAN.
Parameters Enter the name of the WAN.
Example ACC1(config)#w an mywan
with Syntax
Related Commands • (config) HSRP, on page 640
• (config) HSRP autodetect, on page 641
• (config) interface ethernet 0, on page 642
• (config) interface vlan, on page 642
• (config) VRRP, on page 643
• (interface) bridged-state disable, on page 644
• (interface) ip address, on page 644
• (interface) link-mode, on page 645
644 A p pe n di x F: Command Line Interface
(interface) ip address
Command ACC1(interface)# i p a dd re s s [x . x. x .x y . y. y. y ]
Description Sets an IP address and subnet mask for the Ethernet 0 interface.
Parameters Enter a valid IP and subnet mask
Example AC C 1( in t er fa c e) # i p a dd re s s 100.100.23.2
with Syntax
255.255.255.255
Related Commands • (config) HSRP, on page 640
• (config) HSRP autodetect, on page 641
• (config) interface ethernet 0, on page 642
• (config) interface vlan, on page 642
• (config) VRRP, on page 643
• (config) wan, on page 643
• (interface) bridged-state disable, on page 644
• (interface) link-mode, on page 645
(interface) link-mode
Command ACC1(config)#i nt e rf a ce e t he rn e t [0, 0/1, 0/0]
ACC1(interface)l in k -m o de
Description Sets the speed and duplex setting of the interface.
Parameters You can use any of the following speed settings:
• 1000Mbit-full
• 100Mbit-full
• 100Mbit-half
• 10Mbit-full
• 10Mbit-half
• auto
Example ACC1(config)#i nt e rf a ce e t he rn e t 0
with Syntax
ACC1(interface)l in k -m o de auto
Related Commands • (config) HSRP, on page 640
• (config) HSRP autodetect, on page 641
• (config) interface ethernet 0, on page 642
• (config) interface vlan, on page 642
• (config) VRRP, on page 643
• (config) wan, on page 643
• (interface) bridged-state disable, on page 644
• (interface) ip address, on page 644
646 A p pe n di x F: Command Line Interface
Link Commands
The following commands are available:
(config) interface link, on page 646
(LINK) acceleration, on page 647
(LINK) aggregation, on page 647
(LINK) cache-size large, on page 648
(LINK) checksum, on page 648
(LINK) force, on page 649
(LINK) fragmentation, on page 649
(LINK) header compression, on page 650
(LINK) header preservation, on page 650
(LINK) wan-id, on page 652
(LINK) header preservation tos, on page 651
(LINK) header preservation ttl, on page 652
(LINK) wan-id, on page 652
(LINK) acceleration
Command ACC1(LINK)# ac ce l er at i on en ab l e/ di s ab l e
Description Sets the link to accelerate all traffic
Parameters Enable to enable, Disable to disable.
Example ACC1(LINK)# ac ce l er at i on enable
with Syntax
Related Commands • (config) interface link, on page 646
• (LINK) aggregation, on page 647
• (LINK) cache-size large, on page 648
• (LINK) checksum, on page 648
• (LINK) force, on page 649
• (LINK) fragmentation, on page 649
• (LINK) header compression, on page 650
• (LINK) header preservation, on page 650
• (LINK) wan-id, on page 652
• (LINK) header preservation tos, on page 651
• (LINK) header preservation ttl, on page 652
• (LINK) wan-id, on page 652
(LINK) aggregation
Command AC C1 ( LI NK ) #a g gr eg a ti on au t o [n u mb er ]
Description Enables small packets to be aggregated on this link. If packets arrive smaller than the set size
(68 to 6000), the QoS mechanism aggregates them and sends them together across the link.
This only applies to traffic set with a CoS value of low, medium and high priority.
Aggregation is accomplished on outgoing packets before the packets are compressed, and
therefore you do not have to configure the aggregation symmetrically on both ends.
Aggregation is applied only on congested links, to avoid adding unnecessary latency on non-
problematic links.
Parameters Enter a valid number as described above, or Auto for the Accelerator to decide.
Example AC C1 ( LI NK ) #a g gr eg a ti on au t o 900
with Syntax
Related • (config) interface link, on page 646
Commands • (LINK) acceleration, on page 647
• (LINK) cache-size large, on page 648
• (LINK) checksum, on page 648
• (LINK) force, on page 649
• (LINK) fragmentation, on page 649
• (LINK) header compression, on page 650
• (LINK) header preservation, on page 650
• (LINK) wan-id, on page 652
• (LINK) header preservation tos, on page 651
• (LINK) header preservation ttl, on page 652
• (LINK) wan-id, on page 652
648 A p pe n di x F: Command Line Interface
(LINK) checksum
Command ACC1(LINK)# c he ck s um e n ab l e/ di s ab le
Description Includes a checksum in all packet transmissions. This setting is useful for high error rate
links and troubleshooting purposes.
Parameters Enable to enable, Disable to disable
Example ACC1(LINK)# c he ck s um enable
with Syntax
Related Commands • (config) interface link, on page 646
• (LINK) acceleration, on page 647
• (LINK) aggregation, on page 647
• (LINK) cache-size large, on page 648
• (LINK) force, on page 649
• (LINK) fragmentation, on page 649
• (LINK) header compression, on page 650
• (LINK) header preservation, on page 650
• (LINK) wan-id, on page 652
• (LINK) header preservation tos, on page 651
• (LINK) header preservation ttl, on page 652
• (LINK) wan-id, on page 652
(LINK) force
Command ACC1(LINK)# f or c e e na bl e /d is a bl e
Description Sets the link to force all traffic into the tunnel.
Parameters Enable to enable, Disable to disable
Example ACC1(LINK)# f or c e enable
with Syntax
Related Commands • (config) interface link, on page 646
• (LINK) acceleration, on page 647
• (LINK) aggregation, on page 647
• (LINK) cache-size large, on page 648
• (LINK) checksum, on page 648
• (LINK) fragmentation, on page 649
• (LINK) header compression, on page 650
• (LINK) header preservation, on page 650
• (LINK) wan-id, on page 652
• (LINK) header preservation tos, on page 651
• (LINK) header preservation ttl, on page 652
• (LINK) wan-id, on page 652
(LINK) fragmentation
Command A CC 1( L IN K )# fr a gm en t at i on a u to [ n um b er ]
Description Enables packets to be fragmented on this link. If packets arrive larger than the set size (68 to
6000), the QoS mechanism breaks them up. This setting is useful for handling latency on low
bandwidth links, and applies only to traffic set with a CoS value of low, medium and high
priority.
Fragmentation does not have to be configured symmetrically on both ends. Fragmentation is
accomplished on outgoing packets before the packets are compressed.
Parameters Enter a valid number as described above, or auto for the Accelerator to pick.
Example A CC 1( L IN K )# fr a gm en t at i on 900
with Syntax
Related • (config) interface link, on page 646
Commands • (LINK) acceleration, on page 647
• (LINK) aggregation, on page 647
• (LINK) cache-size large, on page 648
• (LINK) checksum, on page 648
• (LINK) force, on page 649
• (LINK) header compression, on page 650
• (LINK) header preservation, on page 650
• (LINK) wan-id, on page 652
• (LINK) header preservation tos, on page 651
• (LINK) header preservation ttl, on page 652
• (LINK) wan-id, on page 652
650 A p pe n di x F: Command Line Interface
(LINK) wan-id
Command ACC1(LINK)#w an - id [ number/ de f au lt ]
Description Sets the WAN to which this Link is assigned.
Parameters Enter a valid IP, VRRP group number, and priority number
Example ACC1(LINK)#w an - id [ number/ de f au lt ]
with Syntax
Related Commands • (config) interface link, on page 646
• (LINK) acceleration, on page 647
• (LINK) aggregation, on page 647
• (LINK) cache-size large, on page 648
• (LINK) checksum, on page 648
• (LINK) force, on page 649
• (LINK) fragmentation, on page 649
• (LINK) header compression, on page 650
• (LINK) header preservation, on page 650
• (LINK) wan-id, on page 652
• (LINK) header preservation tos, on page 651
• (LINK) header preservation ttl, on page 652
(config) expand-view
Command ACC1(config)# ex pa n d- v ie w
Description Enables/Disables interaction with ExpandView.
Parameters Enable to enable, Disable to disable
Example ACC1(config)# ex pa n d- v ie w
with Syntax
Related Commands • (EVIEW) agent, on page 653
• (EVIEW) IP address, on page 654
• (EVIEW) port, on page 654
• (EVIEW) show, on page 654
(EVIEW) agent
Command AC C 1( E VI EW ) # ag e nt [e na b le /d i sa b le ]
Description Enables/Disables interaction with ExpandView.
Parameters Enable to enable, Disable to disable
Example AC C 1( E VI EW ) # ag e nt enable
with Syntax
Related Commands • (config) expand-view, on page 653
• (EVIEW) IP address, on page 654
• (EVIEW) port, on page 654
• (EVIEW) show, on page 654
654 A p pe n di x F: Command Line Interface
(EVIEW) IP address
Command A CC 1 (E VI E W) # I P ad d re s s [x . x. x. x ]
Description Sets the address of the ExpandView server in an Accelerator.
Parameters Enter a valid IP address of the ExpandView server
Example A CC 1 (E VI E W) # I P ad d re s s 100.100.25.5
with Syntax
Related Commands • (config) expand-view, on page 653
• (EVIEW) agent, on page 653
• (EVIEW) port, on page 654
• (EVIEW) show, on page 654
(EVIEW) port
Command A CC 1 (E VI E W) # p or t [ xx x x]
Description Sets the port to use for interaction with the ExpandView server.
Parameters Enter a legal port number that should be used to interact with the ExpandView server.
Example A CC 1 (E VI E W) # p or t 81
with Syntax
Related Commands • (config) expand-view, on page 653
• (EVIEW) agent, on page 653
• (EVIEW) IP address, on page 654
• (EVIEW) show, on page 654
(EVIEW) show
Command AC C 1( EV I EW )# sh ow
Description Verifies whether the unit is connected to ExpandView.
Parameters No additional parameters
Example AC C 1( EV I EW )# show
with Syntax
Related Commands • (config) expand-view, on page 653
• (EVIEW) agent, on page 653
• (EVIEW) IP address, on page 654
• (EVIEW) port, on page 654
Note: For more information on ExpandView, please refer to the ExpandView user
i guide.
SNMP Commands
This section contains the following configuration options:
(config) snmp change-v3-password, on page 655
(config) snmp community access, on page 656
(config) snmp enable, on page 656
(config) snmp trap community, on page 657
(config) snmp traps, on page 657
Note: When monitoring for specific MIBs, add the index number of the processor even
i if only one processor exists. Failing to add the index number results in an error
message.
For example: using the snmpget command with the syntax
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3
returns the following error:
There is no such variable name in this MIB.
Failed object: SNMPv2-SMI:enterprises.3405.1.3.1.1.2.1.3
Note: If, after defining snmp trap manager-ip, snmp read community or snmp trap
i community, you want to clear these values, use the no command to reverse this
definition. For example: no snmp read community [name]
Command ACC1(config)#s nm p t r ap c o mm un i ty [n am e ]
Description Sets the name of the SNMP trap community. The default is Public.
Parameters Enter a valid name as described above.
Example ACC1(config)#s nm p t r ap c o mm un i ty public
with Syntax
Related Commands • (config) snmp change-v3-password, on page 655
• (config) snmp community access, on page 656
• (config) snmp enable, on page 656
• (config) snmp traps, on page 657
Log Commands
The following commands are available:
(config) logging, on page 658
(logging) mail active, on page 659
(logging) mail from, on page 660
(logging) mail recipient, on page 660
(logging) mail server ip, on page 661
(logging) mail server port, on page 661
(logging) mail severity, on page 662
(logging) syslog active, on page 662
(logging) syslog facility, on page 663
(logging) syslog server ip, on page 663
(logging) syslog severity maximum, on page 664
(logging) syslog severity minimum, on page 664
(config) logging
Command ACC1(config)#l og g in g
Description Enters the Logging node.
Parameters No additional parameters are necessary.
Example ACC1(config)#l og g in g
with Syntax
Related Commands • (logging) mail active, on page 659
• (logging) mail from, on page 660
• (logging) mail recipient, on page 660
• (logging) mail server ip, on page 661
• (logging) mail server port, on page 661
• (logging) mail severity, on page 662
• (logging) syslog active, on page 662
• (logging) syslog facility, on page 663
• (logging) syslog server ip, on page 663
• (logging) syslog severity maximum, on page 664
• (logging) syslog severity minimum, on page 664
log archive
Command ACC1#lo g a r ch iv e [ pr e fi x ]
Description Enables creating a log archive.
To insert your selected prefix, type this prefix in the WORD field.
Parameters Enter a valid prefix if desired
Example ACC1#lo g a r ch iv e myprefix
with Syntax
Related Commands • log archive delete, on page 665
• log upload, on page 666
• show log archive, on page 666
log upload
Command ACC1#l og u p lo ad [m e th od ] [ fi l en a me ] |
[ la te s t] [d es t in at i on ]
Description Lets you select the parameters for uploading log archive files: which method to use,
which files to upload, and the requested destination.
The optional values are as follows:
• Method - FTP, SFTP, TFTP and SCP
• Filename - to select a specific file.
• Latest - to upload the latest generated log archive.
• Destination - the destination of the file.
Parameters Enter parameters as described above
Example ACC1#l og u p lo ad FTP myfilename latest
with Syntax
T:\\mynetworkdrive
Related Commands • log archive, on page 665
• log archive delete, on page 665
• show log archive, on page 666
(config) ping
Command ACC1(config)#pi n g [ ip (x.x.x.x) | hostname]
Description Pings network devices
Parameters Enter a valid IP and host
Example ACC1(config)#pi n g 100.100.10.4 myhostname
with Syntax
Related Commands • (config) copy startup-config running-config, on page 667
• (config) erase startup configuration, on page 668
• (config) show tech-support, on page 669
• (config) traceroute, on page 669
• (config) traceroute host, on page 670
• (config) write startup-config, on page 670
• (config) write terminal, on page 670
(config) traceroute
Command ACC1(config)#t r ac er o ut e [ ip (x.x.x.x) | hostname]
Description Sends a traceroute to network devices
Parameters Enter a valid IP and host
Example ACC1(config)#t r ac er o ut e 100.100.10.4 myhostname
with Syntax
Related • (config) copy startup-config running-config, on page 667
Commands • (config) erase startup configuration, on page 668
• (config) ping, on page 668
• (config) show tech-support, on page 669
• (config) traceroute host, on page 670
• (config) write startup-config, on page 670
• (config) write terminal, on page 670
670 A p pe n di x F: Command Line Interface
Accdump Commands
The following configuration options are available:
(config) accdump, on page 671
(ACCDUMP) ipaccdump enable, on page 672
(ACCDUMP) ip tcpdump files-number, on page 673
(ACCDUMP) ip tcpdump files-number, on page 673
(ACCDUMP) ip tcpdump file-size, on page 673
(ACCDUMP) ip tcpdump filter, on page 674
(ACCDUMP) ip tcpdump flags, on page 674
(ACCDUMP) ip tcpdump filter, on page 674
(ACCDUMP) ip tcpdump upload, on page 675
(config) accdump
Command A CC 1( c on fi g )# a cc du m p
Description Enters the Accdump node.
Parameters No additional parameters needed
Example A CC 1( c on fi g )# accdump
with Syntax
Related • (ACCDUMP) ipaccdump enable, on page 672
Commands • (ACCDUMP) ip tcpdump files-number, on page 673
• (ACCDUMP) ip tcpdump files-number, on page 673
• (ACCDUMP) ip tcpdump file-size, on page 673
• (ACCDUMP) ip tcpdump filter, on page 674
• (ACCDUMP) ip tcpdump flags, on page 674
• (ACCDUMP) ip tcpdump filter, on page 674
• (ACCDUMP) ip tcpdump upload, on page 675
672 A p pe n di x F: Command Line Interface
(remote-desktop-proxy) exclude
Command A CC 1( r em ot e -d e sk to p -p ro x y) ex cl u de
[ cl ie n t| se r ve r |w or d |I P]
Description This allows you to exclude a specific server, client, or subnet from the RDP services. Note
that enabling other services on an excluded machine will have to be done by hand.
Parameters Enter one of the following parameters:
• Client - choose client to exclude the client
• Server - choose server to exclude the server
• Word - server’s logical name
• IP - IP address of the server or subnet
Example ACC1(remote-desktop-proxy)# exclude client 120.44.10.2
with Syntax
Related • (remote-desktop-proxy) copy certificate, on page 676
Commands • (remote-desktop-proxy) default certificate, on page 677
• (remote-desktop-proxy) excluded-servers, on page 678
• (remote-desktop-proxy) no <removal parameter>, on page 678
• (remote-desktop-proxy) proxy, on page 679
• (remote-desktop-proxy) show, on page 679
678 A p pe n di x F: Command Line Interface
(remote-desktop-proxy) excluded-servers
Command AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs
Description This allows you to clear the servers from the excluded servers table. This action clears all of
the servers that are on the list in a single execution.
Parameters Clear to clear, and when prompted enter Y or N to continue or cancel.
Example AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs
with Syntax
cl e ar
Wa r ni ng : T hi s o p er at i on w i ll de le t e al l
ex c lu de d s er v er s .
Ar e y ou su re ? ( y /n ) Y
Related • (remote-desktop-proxy) copy certificate, on page 676
Commands • (remote-desktop-proxy) default certificate, on page 677
• (remote-desktop-proxy) exclude, on page 677
• (remote-desktop-proxy) no <removal parameter>, on page 678
• (remote-desktop-proxy) proxy, on page 679
• (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) no <removal
parameter>
Command A CC 1( r em ot e -d e sk to p -p ro x y) # n o < re mo v al
p ar am e te r>
Description This allows you to clear the servers from the excluded servers table. This action clears all of
the servers that are on the list in a single execution.
Parameters enter one of the following commands:
• Default certificate - to remove the default authentication certificate
• Exclude - to remove the exclude servers
• Proxy - disables the RDP Proxy
Example A CC 1( r em ot e -d e sk to p -p ro x y) # n o d ef au l t
with Syntax
c er ti f ic at e
Related • (remote-desktop-proxy) copy certificate, on page 676
Commands • (remote-desktop-proxy) default certificate, on page 677
• (remote-desktop-proxy) exclude, on page 677
• (remote-desktop-proxy) excluded-servers, on page 678
• (remote-desktop-proxy) proxy, on page 679
• (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) proxy
Command A CC 1 (r em o te -d e sk t op -p r ox y) # p r ox y
Description Enables or disables the RDP service
Parameters Enable to enable Disable to Disable
Example A CC 1 (r em o te -d e sk t op -p r ox y) # proxy enable
with Syntax
Related • (remote-desktop-proxy) copy certificate, on page 676
Commands • (remote-desktop-proxy) default certificate, on page 677
• (remote-desktop-proxy) exclude, on page 677
• (remote-desktop-proxy) excluded-servers, on page 678
• (remote-desktop-proxy) no <removal parameter>, on page 678
• (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) show
Command A CC 1( r em o te -d e sk to p -p ro x y) # s ho w
Description Shows the RDP service status
Parameters • Proxy - for proxy status
• Remote-desktop-proxy for RDP status
Example A CC 1( r em o te -d e sk to p -p ro x y) # sh remote-desktop-proxy
with Syntax
Related • (remote-desktop-proxy) copy certificate, on page 676
Commands • (remote-desktop-proxy) default certificate, on page 677
• (remote-desktop-proxy) exclude, on page 677
• (remote-desktop-proxy) excluded-servers, on page 678
• (remote-desktop-proxy) no <removal parameter>, on page 678
• (remote-desktop-proxy) proxy, on page 679
The following screen appears (in this example the RDP status is shown):
Proxy.............................enable
Default certificate...............enable
Proxy statistics
-----------------------------------------------------
Peak number of concurrent sessions: 3
Current number of sessions: 1
Average RDP PDU size: 952.43
Max RDP PDU size: 15452
-----------------------------------------------------
For an explanation on the statistics output, see Collecting RDP Proxy Statistics, on
page 279.
680 A p pe n di x F: Command Line Interface
remote-unique-id
Command ACC1(LINK)# re m ot e- u ni qu e -i d
Description Sets the unique id for the remote device (Mobile Accelerator Client)
Parameters You need to enter the unique id of the remote device. It is 27 characters long. The ID must
have the following syntax where X is a number:
XXXX—XXXX—XXXX—XXXXXXXXXXXX
Example ACC1(LINK)# re m ot e- u ni qu e -i d 3030-3033-6233-
with Syntax
2334324347934
Related • interface link mobile, on page 680
Commands • interface link template, on page 680
• show interface link template, on page 681
• show remote-unique-id, on page 682
• show unique-id, on page 682
show remote-unique-id
Note that Mobile Accelerator Clients that are not connected will be shown as idle.
Command ACC1(LINK)# s ho w r em o te -u n iq ue - id
Description Displays the unique id for the remote device. This can be an Accelerator or a Mobile
Accelerator Client.
Parameters no additional parameters necessary
Example ACC1(LINK)# s ho w r em o te -u n iq ue - id
with Syntax
Related • interface link mobile, on page 680
Commands • interface link template, on page 680
• remote-unique-id, on page 681
• show interface link template, on page 681
• show unique-id, on page 682
show unique-id
Command ACC1(config)# s ho w u ni q ue -i d
Description Displays the unique id for the Accelerator.
Parameters no additional parameters necessary
Example ACC1(config)# s ho w u ni q ue -i d
with Syntax
Related • interface link mobile, on page 680
Commands • interface link template, on page 680
• remote-unique-id, on page 681
• show interface link template, on page 681
• show remote-unique-id, on page 682
Configuring WAFS
Most of the WAFS configuration is done through the CLI, letting you display and
manage printing devices and printing authorizations.
The following configurations are available:
Basic Operation Commands, on page 684
Print Administration Commands, on page 688
Printer Driver Commands, on page 690
CUPS Commands, on page 692
Printer Port Commands, on page 693
Printer Management Commands, on page 696
WAFS Transparency Commands, on page 698
Excluded Server Commands, on page 699
CIFS Commands, on page 700
Compression Filter Commands, on page 701
Time and Date Commands, on page 702
Additional Commands, on page 703
Fetch Commands, on page 706
FileBank Director Commands, on page 707
WAFS Help Commands, on page 711
WAFS Licensing Commands, on page 712
WAFS Log File Commands, on page 713
Replication Service Commands, on page 718
Replication User Commands, on page 725
Event Scheduling Commands, on page 731
Service Management Commands, on page 734
Software Commands, on page 738
Statistic Commands, on page 739
Stf_filter Commands, on page 740
Transaction Monitoring Commands, on page 742
TTCP Commands, on page 743
User Commands, on page 745
Virtual Memory Statistic Commands, on page 746
Wins Commands, on page 747
684 A p pe n di x F: Command Line Interface
{hostname}:filecontroller0# exit
Command { ho s tn am e }: fi l ec o nt ro l le r0 # [ e xi t| q ui t]
Description Logs out from shell.
Parameters No additional parameters needed.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # quit
with Syntax
Related • {hostname}:filecontroller0# ping [host], on page 684
Commands • {hostname}:filecontroller0# reboot, on page 685
• {hostname}:filecontroller0# restart, on page 685
• {hostname}:filecontroller0# shutdown, on page 685
• {hostname}:filecontroller0# start, on page 686
• {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# reboot
Command { ho st n am e} : fi l ec on t ro ll e r0 # r eb o ot
Description Reboots the WAFS module.
Parameters No additional parameters are needed
Example { ho st n am e} : fi l ec on t ro ll e r0 # reboot
with Syntax
Related • {hostname}:filecontroller0# exit, on page 684
Commands • {hostname}:filecontroller0# ping [host], on page 684
• {hostname}:filecontroller0# restart, on page 685
• {hostname}:filecontroller0# shutdown, on page 685
• {hostname}:filecontroller0# start, on page 686
• {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# restart
Command {h os t na me } :f i le co n tr ol l er 0 # re s ta rt
Description Stops and then restarts the application.
Parameters No additional parameters required.
Example {h os t na me } :f i le co n tr ol l er 0 # restart
with Syntax
Related • {hostname}:filecontroller0# exit, on page 684
Commands • {hostname}:filecontroller0# ping [host], on page 684
• {hostname}:filecontroller0# reboot, on page 685
• {hostname}:filecontroller0# shutdown, on page 685
• {hostname}:filecontroller0# start, on page 686
• {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# shutdown
Command { ho s tn am e }: fi l ec o nt ro l le r0 # s h ut do w n
Description Shuts down the system.
Parameters No additional parameters are needed
Example { ho s tn am e }: fi l ec o nt ro l le r0 # shutdown
with Syntax
Related • {hostname}:filecontroller0# exit, on page 684
Commands • {hostname}:filecontroller0# ping [host], on page 684
• {hostname}:filecontroller0# reboot, on page 685
• {hostname}:filecontroller0# restart, on page 685
• {hostname}:filecontroller0# start, on page 686
• {hostname}:filecontroller0# stop, on page 686
686 A p pe n di x F: Command Line Interface
{hostname}:filecontroller0# start
Command { ho s tn am e }: f il ec o nt ro l le r 0# s t ar t
Description Starts the WAFS module on the logged device.
Parameters No additional parameters required.
Example { ho s tn am e }: f il ec o nt ro l le r 0# start
with Syntax
Related • {hostname}:filecontroller0# exit, on page 684
Commands • {hostname}:filecontroller0# ping [host], on page 684
• {hostname}:filecontroller0# reboot, on page 685
• {hostname}:filecontroller0# restart, on page 685
• {hostname}:filecontroller0# shutdown, on page 685
• {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# stop
Command { ho s tn a me }: f il ec o nt ro l le r 0# s t op
Description Stops the WAFS module on the logged device.
Parameters No additional parameters required.
Example { ho s tn a me }: f il ec o nt ro l le r 0# stop
with Syntax
Related • {hostname}:filecontroller0# exit, on page 684
Commands • {hostname}:filecontroller0# ping [host], on page 684
• {hostname}:filecontroller0# reboot, on page 685
• {hostname}:filecontroller0# restart, on page 685
• {hostname}:filecontroller0# shutdown, on page 685
• {hostname}:filecontroller0# start, on page 686
Cache Commands
Manages and displays cache-related information. The following commands are
available:
{hostname}:filecontroller0# cache invalidate, on page 687
{hostname}:filecontroller0# cache [show], on page 687
{hostname}:filecontroller0# cache ttl set, on page 687
{hostname}:filecontroller0#printing drivers
show
Command { ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g d ri v er s
s ho w
Description Displays the status of the printing drivers.
Parameters No additional parameters required
Example { ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g d ri v er s
with Syntax
show
Related • {hostname}:filecontroller0# printing admins add group, on page 688
Commands • {hostname}:filecontroller0#printing admins add user, on page 688
• {hostname}:filecontroller0#printing admins list, on page 689
• {hostname}:filecontroller0# printing devices list, on page 689
690 A p pe n di x F: Command Line Interface
CUPS Commands
The following commands are available:
{hostname}:filecontroller0# printing restart, on page 692
{hostname}:filecontroller0# printing status, on page 692
(config) wafs
Command AC C 1( co n fi g) # w a fs
Description Enters the WAFS node
Parameters No additional parameters are necessary.
Example AC C 1( co n fi g) # wafs
with Syntax
Related • (WAFS) transparency, on page 698
Commands • (WAFS) transparency exclude excluded-servers, on page 698
(WAFS) transparency
Command AC C 1( WA F S) #t r an s pa re n cy e n ab l e| d i sa bl e
Description Enables or disables WAFS transparency.
Parameters Enable to enable, disable to disable. When WAFS transparency is enabled, the
FileBank polls all servers by default.
If you are enabling an Alias, this should be set to disable.
Example AC C 1( WA F S) #t r an s pa re n cy enable
with Syntax
Related • (config) wafs, on page 698
Commands • (WAFS) transparency exclude excluded-servers, on page 698
CIFS Commands
The following commands are available:
{hostname}:filecontroller0# cifs status, on page 700
{hostname}:filecontroller0# comp_filters
Command { ho st n am e }: fi l ec on t ro l le r0 # co mp _ fi l te rs ad d/
d el et e { f il te r }
Description Adds/deletes a given filter to/from a list.
Parameters Add to add Delete to delete
Example { ho st n am e }: fi l ec on t ro l le r0 # co mp _ fi l te rs
with Syntax
d el et e { f il te r }
Related • {hostname}:filecontroller0# comp_filters list, on page 701
Commands
{hostname}:filecontroller0# date
Command {h o st na m e} :f i le c on tr o ll er 0 #d a te [ D AT E]
[T I ME ]
Description Changes the current system’s date and time.
Parameters Make sure the date is mmddyyyy and time is hh:mm:ss
Example {h o st na m e} :f i le c on tr o ll er 0 #d a te 11112011
with Syntax
12:12:12
Related • {hostname}:filecontroller0# date show, on page 702
Commands
Additional Commands
The following configurations are available:
{hostname}:filecontroller0# diagnostics, on page 703
{hostname}:filecontroller0# domain set, on page 704
{hostname}:filecontroller0# domain show, on page 704
{hostname}:filecontroller0# domain join, on page 704
{hostname}:filecontroller0# enable, on page 705
{hostname}:filecontroller0# exit|quit, on page 705
{hostname}:filecontroller0# diagnostics
Command { h o st n a me } : fi l e co n t ro l l er 0 # di a g no s t ic s
Description Runs diagnostics tests. You can use this command to diagnose either the full system,
the configuration settings of the Accelerator, hardware problems or communication
problems.
Parameters Enter one of the following:
• all - runs a complete diagnostic check
• settings - checks the settings
• hardware - checks hardware functioning
• communication - tests communication settings.
Example { h o st n a me } : fi l e co n t ro l l er 0 # di a g no s t ic s
with Syntax all
Related • {hostname}:filecontroller0# domain set, on page 704
Commands • {hostname}:filecontroller0# domain show, on page 704
• {hostname}:filecontroller0# domain join, on page 704
• {hostname}:filecontroller0# enable, on page 705
• {hostname}:filecontroller0# exit|quit, on page 705
704 A p pe n di x F: Command Line Interface
{hostname}:filecontroller0# enable
Command { ho s tn am e }: fi l ec o nt ro l le r0 # e na b le
Description Switches to privileged mode command prompt (root shell). Requires knowledge of the
root password.
Parameters No additional parameters needed. Enter password when prompted.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # e na b le
with Syntax
Related • {hostname}:filecontroller0# diagnostics, on page 703
Commands • {hostname}:filecontroller0# domain set, on page 704
• {hostname}:filecontroller0# domain show, on page 704
• {hostname}:filecontroller0# domain join, on page 704
• {hostname}:filecontroller0# exit|quit, on page 705
{hostname}:filecontroller0# exit|quit
Command { ho s tn am e }: f il ec o nt ro l le r 0# e x it |q u it
Description Logs out from shell.
Parameters No additional parameters needed.
Example { ho s tn am e }: f il ec o nt ro l le r 0# quit
with Syntax
Related • {hostname}:filecontroller0# diagnostics, on page 703
Commands • {hostname}:filecontroller0# domain set, on page 704
• {hostname}:filecontroller0# domain show, on page 704
• {hostname}:filecontroller0# domain join, on page 704
• {hostname}:filecontroller0# enable, on page 705
706 A p pe n di x F: Command Line Interface
Fetch Commands
Manages fetch jobs and instances. The fetch commands are used for pre-
populating the FileBank’s cache.
Fetch jobs describe the entity that should be fetched, namely: a specific directory
on a file server. Fetch instances perform the actual work.
The following commands are available:
{hostname}:filecontroller0# fetch, on page 706
{hostname}:filecontroller0# fetch log, on page 706
{hostname}:filecontroller0# fetch
Command {h os t na m e} :f i le co n tr o ll er 0 # fe t ch [j ob s |
in st a nc e s]
Description Manages fetch jobs or instances.
Parameters Jobs to fetch jobs, Instances to fetch instances.
Example {h os t na m e} :f i le co n tr o ll er 0 # fetch jobs
with Syntax
Related • {hostname}:filecontroller0# fetch log, on page 706
Commands
{hostname}:filecontroller0# iostat
Command {h o st na m e} : fi le c on tr o ll er 0 # i os ta t
Description Shows the disk utilization report.
Parameters No additional parameters required.
Example {h o st na m e} : fi le c on tr o ll er 0 # iostat
with Syntax
Related • {hostname}:filecontroller0# fport add, on page 707
Commands • {hostname}:filecontroller0# fport define, on page 708
• {hostname}:filecontroller0# fport disconnected force, on page 708
• {hostname}:filecontroller0# fport disconnected handle, on page 709
• {hostname}:filecontroller0# fport list, on page 709
• {hostname}:filecontroller0# gns refresh, on page 710
{hostname}:filecontroller0# help
Command { ho st n am e }: fi l ec on t ro l le r0 # h el p
Description Lists the commands and parameters.
Parameters No additional parameters required.
Example { ho st n am e }: fi l ec on t ro l le r0 # help
with Syntax
Related • {hostname}:filecontroller0# help command, on page 711
Commands
{hostname}:filecontroller0# replication
instances
Command {h o st n am e} : fi le c on t ro ll e r0 # r ep l ic at i on
in s ta n ce s
Description Manages the replication instances. For details see Replication Service, on page 159
Parameters No additional parameters are needed
Example {h o st n am e} : fi le c on t ro ll e r0 # replication
with Syntax
instances
Related • {hostname}:filecontroller0# replication enable, on page 718
Commands • {hostname}:filecontroller0# replication filters, on page 719
• {hostname}:filecontroller0# replication log, on page 720
• {hostname}:filecontroller0# replication log list, on page 720
• {hostname}:filecontroller0# replication paths, on page 721
• {hostname}:filecontroller0# replication setup, on page 721
• {hostname}:filecontroller0# replication start, on page 722
• {hostname}:filecontroller0# replication start initial, on page 722
• {hostname}:filecontroller0# replication status, on page 723
• {hostname}:filecontroller0# replication stop, on page 723
• {hostname}:filecontroller0# replication user, on page 724
720 A p pe n di x F: Command Line Interface
{hostname}:filecontroller0# replication
instances
Command { ho s tn a me }: f il ec o nt r ol le r 0# r e pl i ca ti o n
i ns t an c es [ l is t]
Description Displays all replication instances.
Parameters The possible values are as follows:
• Running - The instance is running
• Finished - The instance has finished successfully
• Failed - The instance has failed due to an error (see log)
• Aborted - The instance has been aborted by the user
Example { ho s tn a me }: f il ec o nt r ol le r 0# replication
with Syntax
instances running
Related • {hostname}:filecontroller0# replication filters add, on page 725
Commands • {hostname}:filecontroller0# replication filters clear, on page 726
• {hostname}:filecontroller0# replication filters list, on page 726
• {hostname}:filecontroller0# replication paths add, on page 727
• {hostname}:filecontroller0# replication paths clear, on page 728
• {hostname}:filecontroller0# replication paths delete, on page 728
• {hostname}:filecontroller0# replication paths list, on page 729
• {hostname}:filecontroller0# replication user delete, on page 729
• {hostname}:filecontroller0# replication user set, on page 730
• {hostname}:filecontroller0# replication user show, on page 730
Software Commands
Displays version numbers for all currently installed software packages.
The following commands are available:
{hostname}:filecontroller0# software version, on page 738
Statistic Commands
Shows product statistics. The following configuration options are available:
{hostname}:filecontroller0# statistics, on page 739
{hostname}:filecontroller0# statistics upload, on page 739
{hostname}:filecontroller0# status, on page 739
{hostname}:filecontroller0# statistics
Command { ho st n am e} : fi l ec on t ro ll e r0 # s ta t is ti c s
Description Displays a table of indicated file statistics for today/past week/past month.
Parameters No additional parameters required.
Example { ho st n am e} : fi l ec on t ro ll e r0 # statistics
with Syntax
Related • {hostname}:filecontroller0# statistics upload, on page 739
Commands • {hostname}:filecontroller0# status, on page 739
{hostname}:filecontroller0# status
Command {h os t na me } :f i le co n tr ol l er 0 # st a tu s
Description Shows the current status of the system.
Parameters No additional parameters required.
Example {h os t na me } :f i le co n tr ol l er 0 # status
with Syntax
Related • {hostname}:filecontroller0# statistics, on page 739
Commands • {hostname}:filecontroller0# statistics upload, on page 739
740 A p pe n di x F: Command Line Interface
Stf_filter Commands
Displays, adds and deletes STF (Short Term Files) filters. STF filters define the
files which are not sent by the FileBank to the FileBank Director. For example, the
default STF filter in the FileBank includes *.TMP files which are not sent by the
FileBank to the FileBank Director.
The following commands are available:
{hostname}:filecontroller0# stf filters add, on page 740
{hostname}:filecontroller0# stf filters clear, on page 740
{hostname}:filecontroller0# stf filters list, on page 741
TTCP Commands
Times the transmission and reception of the data between two systems using TCP
protocol. Client should receive a server's hostname parameter, which indicates the
remote TCP server destination.
The following commands are available:
{hostname}:filecontroller0# uptime, on page 744
{hostname}:filecontroller0# ttcp server, on page 743
{hostname}:filecontroller0# uptime, on page 744
{hostname}:filecontroller0# uptime
Command {h os t na m e} :f i le co n tr o ll er 0 # up t im e
Description Displays the period of time for which the system has been running since it was last
booted.
Parameters No additional parameters required.
Example {h os t na m e} :f i le co n tr o ll er 0 # uptime
with Syntax
Related • {hostname}:filecontroller0# uptime, on page 744
Commands • {hostname}:filecontroller0# ttcp server, on page 743
User Commands
Manages the users’ database. The following commands are available:
{hostname}:filecontroller0# user add, on page 745
{hostname}:filecontroller0# user list, on page 745
{hostname}:filecontroller0# user password, on page 745
{hostname}:filecontroller0# vmstat
Command { h os tn a me }: f il e co nt r ol le r 0# vm st a t
Description Reports virtual memory statistics. The report is repeated 10 times at 5 second
intervals.
Note:Press Ctrl-C to interrupt
Parameters No additional parameters required.
Example { h os tn a me }: f il e co nt r ol le r 0# uptime
with Syntax
Wins Commands
Manages WINS server settings for automatic registration. The following commands
are available:
{hostname}:fp0# wins server delete, on page 747
{hostname}:fp0# wins server set, on page 747
{hostname}:fp0# wins server show, on page 747
Configuring Security
You can set the following basic AAA parameters:
Transport Type Commands, on page 748
Server Configuration Commands, on page 750
User Account Configuration Commands, on page 754
Software OS Upgrade Commands, on page 761
(config) aaa
Command ACC1(conf)# aa a
Description Opens the AAA node.
Parameters No additional parameters are necessary.
Example ACC1(conf)# aaa
with Syntax
Related • (config) transport input, on page 749
Commands
(aaa) tacacs+
Command AC C1 ( aa a) # ta c ac s+ na me [ server name] i p
[x .x . x. x] | k e y [ encryption key] | or d er [server
authentication order]| po rt [tcp port for the server]
Description Sets the TACACS server and server information including IP address, encryption key
and TCP port.
Parameters Enter parameters as follows:
• Server name - enter the correct server name
• IP address - enter a valid IP address
• Encryption Key - enter the encryption key
• Server authentication order -enter the server authentication order
• Port - enter the TCP port for the server The default port is 1645.
Example AC C1 ( aa a) # tacacs+ name myserver ip 122.22.222
with Syntax
mykey order 2 port 1645
Related • (aaa) authentication login, on page 750
Commands • (aaa) radius name, on page 751
• (aaa) radius name timeout, on page 752
• (aaa) tacacs name timeout, on page 753
• {hostname}:filecontroller0# authsrv add, on page 753
• {hostname}:filecontroller0# authsrv list, on page 753
Note: If you lock the keypad via the WebUI or via the CLI, you cannot use the
i keypad’s unlock sequence to unlock the keypad. In such a case, the unlock operation
can be carried out only via the CLI or the WebUI
Command ACC1(config)#lc d l oc k | u n lo c k
Description Locks/unlocks the keypad.
Parameters Lock to lock, Unlock to unlock
Example ACC1(config)#lc d lock
with Syntax
Related • (aaa) user lock, on page 754
Commands • (aaa) user role, on page 755
• password local, on page 756
• show aaa, on page 757
756 A p pe n di x F: Command Line Interface
password local
Command A cc 1 # pa s sw o rd l o ca l
Description To set a local password, type in the user name and local password and press Enter.
You will be prompted to enter a password.
Parameters Enter parameter string as described above
Example A cc 1 # pa s sw o rd l o ca l myusername
with Syntax
mypssword
Related • (aaa) user lock, on page 754
Commands • (aaa) user role, on page 755
• (config) lcd lock, on page 755
• show aaa, on page 757
Note: Use the command no user [name] to remove a user. You cannot remove a
i root user, but you can modify the password. (Changing an Expand user’s password will
automatically change the root user as well.)
show aaa
Command A cc 1# sh ow aa a
Description Displays the security settings
Parameters No additional parameters are required.
Example A cc 1# show aaa
with Syntax
Related • (aaa) user lock, on page 754
Commands • (aaa) user role, on page 755
• (config) lcd lock, on page 755
• password local, on page 756
758 A p pe n di x F: Command Line Interface
show aaa
You can enter the show aaa command from the configuration mode. This
command lists all the AAA options and their settings.
te l ne t t ra n sp or t -i np u t s ta tu s .. .. . en a bl e
ss h t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e
co n so le tr a ns po r t- in p ut st at u s. .. . en a bl e
we b t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e
se c ur e- w eb tr an s po rt - in p ut s t at us . en a bl e
ft p t ra n sp o rt -i n pu t s ta t us .. . .. .. . di s ab le
tf t p tr a ns p or t- i np ut st a tu s. . .. .. . di s ab le
sn m p tr a ns p or t- i np ut st a tu s. . .. .. . en a bl e
Fi r st A u th e nt ic a ti on Me t ho d. . .. .. . Lo c al
Se c on d A ut h en ti c at io n M e th od . .. .. . Ra d iu s
Th i rd A u th e nt ic a ti on Me t ho d. . .. .. . TA C AC S+
Ma x im um Fa i le d L og in At t em pt s .. .. . 5
Co n fi gu r at i on C h an ge Au d it E v en t. . .. . di sa b le
Cr e at e L in k A ud i t Ev e nt . .. .. . .. .. . di s ab le
Server
Server Order IP Port Time-out
Name
radius first rad2 10.0.130.139 1645 180
radius second rad3 10.0.130.132 1645 180
radius third rad4 24.0.214.160 1645 180
tacacs first tac2 21.0.214.160 49 180
The show authentication order command lists which of the authentication servers is
set as the first, second and third level authentication server.
show servers
The show servers command lists the authentication servers defined in the
Accelerator.
A cc 1 (a aa ) # show servers
Server
Server Order IP Port Time-out
Name
radius first rad2 10.0.130.139 1645 180
radius second rad3 10.0.130.132 1645 180
radius third rad4 24.0.214.160 1645 180
tacacs first tac2 21.0.214.160 49 180
760 A p pe n di x F: Command Line Interface
Ac c 1( aa a )# sh ow tr an s po r t in p ut
te l ne t t ra n sp or t -i np u t s ta tu s .. .. . en a bl e
ss h t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e
co n so le tr a ns po r t- in p ut st at u s. .. . en a bl e
we b t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e
se c ur e- w eb tr an s po rt - in p ut s t at us . en a bl e
ft p t ra n sp o rt -i n pu t s ta t us .. . .. .. . di s ab le
tf t p tr a ns p or t- i np ut st a tu s. . .. .. . di s ab le
sn m p tr a ns p or t- i np ut st a tu s. . .. .. . en a bl e
show user
The show user command lists the users and their authorization levels.
A c c1 (a a a) # show user
bypass activate
Command A CC 1# b y p as s ac t i va t e |d e ac t i va t e
Description Activates or Deactivates the by-pass functionality on all the interfaces.
Parameters Activate to activate, Deactivate to deactivate.
Example A CC 1# b y p as s ac t i va t e
with Syntax
Related • bypass activate interface, on page 763
Commands • bypass enable, on page 763
• bypass enable interface, on page 763
• show bypass, on page 764
• show bypass interface, on page 764
Note: After entering the by-pass Deactivate command it is necessary to Write this
i change. Failure to do so in the case where an Accelerator shuts down will cause the
Accelerator to be in by-pass activate state following reboot.
Note: After entering the by-pass Deactivate command it is necessary to Write this
i change. Failure to do so in the case where an Accelerator shuts down will cause the
Accelerator to be in by-pass activate state following reboot.
bypass enable
Command A C C 1# by p a ss e na b l e/ d i sa b l e
Description Enable or disable the by-pass on all the interfaces.
Parameters Enable to enable, Disable to disable
Example A CC 1# b y p as s en a b le
with Syntax
Related • bypass activate, on page 762
Commands • bypass activate interface, on page 763
• bypass enable interface, on page 763
• show bypass, on page 764
• show bypass interface, on page 764
show bypass
Command A CC 1# s h o w b y pa s s
Description Shows the by-pass status on all the interfaces. (enabled, disabled,
activated, deactivated)
Parameters No additional parameters required
Example A CC 1# s h o w b y pa s s
with Syntax
Related • bypass activate, on page 762
Commands • bypass activate interface, on page 763
• bypass enable, on page 763
• bypass enable interface, on page 763
• show bypass interface, on page 764
show events
Command AC C 1# sh o w e ve nt s [ lo n g | s ho r t] f i lt e r
se v er it y f r om [ f at al | w ar ni n g | e rr o r |
in f o] t o [ f at al | wa r ni n g | e rr or |i n fo ]
ta i l [n u mb e r of la st x e ve nt s t o b e
di s pl ay e d]
Description Lists Accelerator events. Long gives all available information on the event, while short
gives a brief summary of each event.
Parameters Enter the same bundle name you entered in the previous section
Example AC C 1# sh o w A CC 1# s ho w e ve n ts long filter
with Syntax
severity from fatal to info tail 100
766 A p pe n di x F: Command Line Interface
To assign cores:
1. In the Accelerator’s CLI, in configuration mode, type core-allocation.
2. In core alloc mode, type greedy-threshold followed by the minimum
number of Accelerators to equally share memory, as follows:
ACC1(CORE ALLOC)# greedy-threshold [minimum number of Accelerators]
The default greedy-threshold size is 1.
Standards
Acceptance
These terms and conditions of sale (“Terms and Conditions”) are the terms and conditions upon which Expand
Networks, Ltd. and its affiliates and subsidiaries (together “Expand“) make all sales. Expand will not accept any
other terms and conditions of sale, unless Purchaser and Expand have executed an agreement that expressly
supersedes and replaces these Terms and Conditions. Acceptance of all purchase orders is expressly made
conditional upon Purchaser's assent, expressed or implied, to the Terms and Conditions set forth herein without
modification or addition. Purchaser's acceptance of these Terms and Conditions shall be indicated by Purchaser's
acceptance of any shipment of any part of the items specified for delivery (the “Products”) or any other act or
expression of acceptance by Purchaser. Expand's acceptance is expressly limited to the Terms and Conditions
hereof in their entirety without addition, modification or exception, and any term, condition or proposals hereafter
submitted by Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and
Conditions set forth hereon is objected to and is hereby rejected by Expand.
Risk of Loss
Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the common
carrier, regardless of whether the purchase price has been paid in full. Unless advised otherwise, Expand may
insure the Products shipped to full value and all such insurance costs shall be for the Purchaser's account. The
Purchaser shall inspect the Products immediately upon receipt and shall promptly file any applicable claims with the
carrier when there is evidence of damage during shipping.
Warranty
Expand warrants to the purchaser for a period of ninety (90) days from shipment that the products shall be free
from defects in material and workmanship and shall perform in substantial conformance with specifications
published by Expand. Expand's obligations under these terms and conditions shall be limited solely to Expand
making, at Expand's cost and expense, such repairs and replacements as are necessary to place the products in
good working order and to conform the products to Expand's published specifications. This warranty is in lieu of all
other warranties, express or implied, including without limitation, implied warranties of merchantability and fitness
for a particular purpose.
Product Returns
Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the date of the
invoice. Expand reserves the right to modify or eliminate such policies at any time. The right to return defective
Products, as previously described, shall constitute Expand's sole liability and Purchaser's exclusive remedy in
connection with any claim of any kind relating to the quality, condition or performance of any Product, whether such
claim is based upon principles of contract, warranty, negligence or other tort, breach of any statutory duty,
principles of indemnity or contribution, the failure of any limited or exclusive remedy to achieve its essential
purpose, or otherwise. In the event Expand issues a return authorization to Purchaser allowing Purchaser to return
Product to Expand, Purchaser will deliver the Product to Expand's address in the United States, if so required by
Expand, and Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as
sales, use and similar taxes) as well as import or customs duties, license fees and similar charges, however
designated or levied, on any replacement Product to be shipped by Expand to Purchaser.
License Grant
The Products, though primarily composed of hardware components, contain software that is proprietary to Expand
or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal non-exclusive,
nontransferable license to use the Program, in object code form only, and the accompanying documentation
(collectively referred to as the “Software”) only as authorized in these Terms and Conditions. The Software is
licensed for Purchaser's internal use and the Software or any derivative or by-product of the Software may not be
used by, sub-licensed, re-sold, rented or distributed to any other party. Purchaser agrees that Purchaser will not
assign, sublicense, transfer, pledge, lease, rent, or share Purchaser's rights under these Terms and Conditions.
Purchaser shall not copy, modify, reverse assemble, reverse engineer, reverse compile, or otherwise translate all or
any portions of the Software. The Software and the Documentation are proprietary to Expand and are protected
under U.S. and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to
the Software, including associated intellectual property rights, are and shall remain with Expand.
772 A p pe n di x G : Specifications and Warranty
Limitation of Liability
In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential damages
(including, without limitation, loss of use, income or profits, losses sustained as a result of personal injury or death,
or loss of or damage to property including, but not limited to, property handled or processed by the use or
application of the products) arising out of any breach of these Terms and Conditions or obligations under these
Terms and Conditions. Expand shall not be liable for any damages caused by delay in delivery, installation, or
furnishing of the Products hereunder. No action arising out of any claimed breach of these Terms and Conditions
or transactions under these Terms and Conditions may be brought by either party more than two years after the
cause of action has accrued. Expand's liability under these Terms and Conditions shall in no event exceed the
purchase price of the Products.
Default
The failure of the Purchaser to perform its obligations under these Terms and Conditions including but not limited
to payment in full of the purchase price for the Products, or the filing of any voluntary or involuntary petition under
the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or liquidation of the Purchaser's business
shall constitute a default under these Terms and Conditions and shall afford Expand all the remedies of a secured
party under the Uniform Commercial Code. In the event of default, Expand may, with or without demand or notice
to Purchaser, declare the entire unpaid amount immediately due and payable, enter the premises where the
Products is located and remove it, and sell any or all the Products as permitted under applicable law. Expand may,
in addition to any other remedies which Expand may have, refuse to provide service on the Products under any
applicable maintenance agreement relating to the Products then in effect between the parties at the time of the
default.
Indemnity
Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that Products
sold hereunder constitutes an infringement of any existing United States patent, copyright or trade secret providing
that Expand is notified promptly in writing and is given complete authority and information required for the defense.
Expand shall pay all damages and costs awarded against Purchaser, but shall not be responsible for any cost,
expense or compromise incurred or made by Purchaser without Expand's prior written consent. If any Products is
in the opinion of Expand likely to or does become the subject of a claim for patent infringement, Expand may, at
its sole option, procure for the Purchaser the right to continue using the Products or modify it to become non-
infringing. If Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using
the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of a
reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use of the
Products in combination with other Products or with software not supplied by Expand or with modifications made
by the Purchaser.
General
Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's obligations
under these Terms and Conditions if such performance is prevented, hindered or delayed by reason of any cause
beyond the reasonable control of Expand. These Terms and Conditions and the rights and duties hereunder shall
not be assignable by either party hereto except upon written consent of the other. Purchaser agrees to pay to
Expand any reasonable attorney's fees and other costs and expenses incurred by Expand in connection with the
enforcement of these Terms and Conditions. These Terms and Conditions and performance hereunder shall be
Index