Riverbed Command-Line Interface
Uploaded by
Matthew CantuRiverbed Command-Line Interface
Uploaded by
Matthew CantuRiverbed Command-Line Interface Reference Manual
Version 5.5.4 July 2009
2003-2009 Riverbed Technology, Incorporated. All rights reserved. Riverbed Technology, Riverbed, Steelhead, RiOS, Interceptor and the Riverbed logo are trademarks or registered trademarks of Riverbed Technology, Inc. All other trademarks used or mentioned herein belong to their respective owners. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware is a trademark of VMware, Incorporated. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation. Microsoft, Windows, Vista, Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/Open Company, Ltd. Parts of this product are derived from the following software: Apache 2000-2003. The Apache Software Foundation. All rights reserved. Busybox 1999-2005 Eric Andersen ethtool 1994, 1995-8, 1999, 2001, 2002 Free Software Foundation, Inc. Less 1984-2002 Mark Nudelman Libevent 2000-2002 Niels Provos. All rights reserved. LibGD, Version 2.0 licensed by Boutell.Com, Inc. Libtecla 2000, 2001 by Martin C. Shepherd. All rights reserved. Linux Kernel Linus Torvalds login 2.11 1993 The Regents of the University of California. All rights reserved. md5, md5.cc 1995 University of Southern California, 1991-2, RSA Data Security, Inc. my_getopt.{c,h} 1997, 2000, 2001, 2002, Benjamin Sittler. All rights reserved. NET-SNMP Copyright 1989, 1991, 1992 by Carnegie Mellon University. All rights reserved. Derivative Work 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of the University of California. All rights reserved. OpenSSH 1983, 1990, 1992, 1993, 1995, 1993 The Regents of the University of California. All rights reserved. pam 2002-2004 Tall Maple Systems, Inc. All rights reserved. pam-radius 1989, 1991 Free Software Foundation, Inc. pam-tacplus 1997-2001 by Pawel Krawczyk ssmtp GNU General Public License syslogd 2002-2005 Tall Maple Systems, Inc. All rights reserved. Vixie-Cron 1988,1990,1993,1994 by Paul Vixie. All rights reserved. Zile 1997-2001 Sandro Sigalam 2003 Reuben Thomas. All rights reserved. This product includes software developed by the University of California, Berkeley and its contributors. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. For detailed copyright and license agreements or modified source code (where required), see the Riverbed Technical Support site at https://support.riverbed.com. Certain libraries were used in the development of this software, licensed under GNU Lesser General Public License, Version 2.1, February 1999. For a list of libraries, see the Riverbed Technical Support at https://support.riverbed.com. You must log in to the support site to request modified source code. Other product names, brand names, marks, and symbols are registered trademarks or trademarks of their respective owners. The content of this manual is furnished on a RESTRICTED basis and is subject to change without notice and should not be construed as a commitment by Riverbed Technology, Incorporated. Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in Subparagraphs (c) (1) and (2) of the Commercial Computer Software Restricted Rights at 48 CFR 52.227-19, as applicable. Riverbed Technology, Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in this book.
Riverbed Technology
199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Web: http://www.riverbed.com
Part Number 712-00002-09
Contents
Introduction................................................................................................................................................. 7 About This Guide ..........................................................................................................................................7 Types of Users .........................................................................................................................................7 Organization of This Guide...................................................................................................................7 Document Conventions .........................................................................................................................8 Hardware and Software Dependencies......................................................................................................8 Additional Resources ....................................................................................................................................9 Online Notes............................................................................................................................................9 Related Riverbed Documentation ........................................................................................................9 Online Documentation...........................................................................................................................9 Riverbed Support Knowledge Base .....................................................................................................9 Related Reading ......................................................................................................................................9 Contacting Riverbed....................................................................................................................................10 Internet ...................................................................................................................................................10 Technical Support .................................................................................................................................10 Professional Services ............................................................................................................................10 Documentation......................................................................................................................................10 Chapter 1 - Using the Command-Line Interface ....................................................................................11 Connecting to the CLI .................................................................................................................................11 Overview of the CLI ....................................................................................................................................12 Entering Commands ...................................................................................................................................12 Accessing Online Help................................................................................................................................13 Error Messages .............................................................................................................................................13 Command Negation ....................................................................................................................................13 Saving Configuration Changes..................................................................................................................13 Chapter 2 - User-Mode Commands.........................................................................................................15 System Administration Commands..........................................................................................................15 Displaying System Data..............................................................................................................................20
Riverbed Command-Line Interface Reference Manual
iii
Contents
Chapter 3 - Enable-Mode Commands .....................................................................................................93 System Administration Commands..........................................................................................................93 Displaying System Data............................................................................................................................114 Chapter 4 - Configuration-Mode Commands .......................................................................................129 Displaying Role-Based Management Configuration Settings.............................................................130 System Administration Commands........................................................................................................133 AAA and Role-Based Management Commands ...........................................................................133 Secure Shell Access Commands .......................................................................................................144 CLI Terminal Configuration Commands ........................................................................................147 Management Console Configuration Commands.........................................................................149 Configuration File Commands .........................................................................................................155 Port Label Commands .......................................................................................................................164 Statistics Manipulation Command ..................................................................................................165 Notification and SNMP Commands ................................................................................................166 Data Store Management Commands...............................................................................................172 Logging Commands...........................................................................................................................180 License and Hardware Upgrade Commands.................................................................................183 System Administration and Service Commands ...........................................................................186 Host Setup Commands......................................................................................................................188 Steelhead Appliance Feature Configuration Commands ....................................................................196 In-Path and Virtual In-Path Support Commands ..........................................................................197 Out-of-Path Support...........................................................................................................................210 Peering Commands ............................................................................................................................210 Asymmetric Route Detection Commands ......................................................................................218 Connection Forwarding.....................................................................................................................224 Simplified Routing Support Commands ........................................................................................230 NetFlow Support Commands...........................................................................................................231 PFS Support Commands ...................................................................................................................239 CIFS Prepopulation Support Commands .......................................................................................251 CIFS Support Commands..................................................................................................................254 SMB Signing Commands...................................................................................................................259 RiOS TCP Dump Commands ...........................................................................................................262 HS-TCP Support Commands............................................................................................................267 Oracle Forms Support Commands ..................................................................................................269 MAPI Support Commands ...............................................................................................................271 MS-SQL Blade Support Commands ................................................................................................277 NFS Support Commands ..................................................................................................................284 HTTP Support Commands ...............................................................................................................289 Lotus Notes Commands ....................................................................................................................296 SSL Support Commands ...................................................................................................................297 QoS Support Commands...................................................................................................................318 Connection Pooling Commands ......................................................................................................329 WAN Visibility (Transparency) Commands ...................................................................................329 WCCP Support Commands ..............................................................................................................333 Failover Support Commands............................................................................................................337 Data Replication Commands ............................................................................................................340
iv
Riverbed Command-Line Interface Reference Manual
Contents
Riverbed Services Platform Commands .........................................................................................342 DNS Cache Commands .....................................................................................................................358 Domain and Workgroup Commands ..............................................................................................365 Job Commands....................................................................................................................................370 Generating Debugging Reports........................................................................................................374 Raid Commands .................................................................................................................................374 Top Talkers Commands .....................................................................................................................376 Interceptor Appliance Feature Commands............................................................................................377 Load-Balancing Commands..............................................................................................................378 Interceptor Peering Support Commands ........................................................................................382 Displaying Interceptor Settings ........................................................................................................386 Central Management Console Feature Commands..............................................................................390 CMC Email Commands.....................................................................................................................392 CMC Policy Commands ....................................................................................................................393 CMC Send CLI Commands...............................................................................................................394 CMC Upgrade Commands ...............................................................................................................395 CMC Export Commands ...................................................................................................................398 Displaying CMC Data........................................................................................................................399 Steelhead Mobile Controller Feature Commands.................................................................................401 Acceleration Policy Commands .......................................................................................................401 Endpoint Information Commands...................................................................................................404 Endpoint Policy Commands .............................................................................................................405 Package Commands ...........................................................................................................................406 Displaying Steelhead Mobile System Information ........................................................................408 Chapter 5 - Troubleshooting..................................................................................................................413 Appendix A - Riverbed Ports .................................................................................................................415 Default Ports...............................................................................................................................................415 Commonly Excluded Ports ......................................................................................................................416 Interactive Ports Forwarded by the Steelhead Appliance ...................................................................416 Secure Ports Forwarded by the Steelhead Appliance ..........................................................................417 Appendix B - Riverbed MIB ...................................................................................................................421 Accessing the Steelhead Enterprise MIB ................................................................................................421 SNMP Traps................................................................................................................................................422 Acronyms and Abbreviations................................................................................................................427 Glossary ..................................................................................................................................................433 Index ........................................................................................................................................................439
Riverbed Command-Line Interface Reference Manual
Contents
vi
Riverbed Command-Line Interface Reference Manual
Introduction
Welcome to the Riverbed Command-Line Interface Reference Manual. Read this introduction for an overview of the information provided in this guide and for an understanding of the documentation conventions used throughout. This introduction contains the following sections:
About This Guide, next Hardware and Software Dependencies on page 8 Additional Resources on page 9 Contacting Riverbed on page 10
About This Guide
The Riverbed Command-Line Interface Reference Manual is a reference manual for the command-line interface for the Steelhead appliance, Steelhead Central Management Console, and the Interceptor appliance. This manual lists commands, syntax, parameters, and example usage.
Types of Users
This guide is written for storage and network administrators who are familiar administering and managing WAN using common network protocols, such as TCP, CIFS, HTTP, FTP, and NFS, and so forth.
Organization of This Guide
The Riverbed Command-Line Interface Reference Manual includes the following chapters:
Chapter 1, Using the Command-Line Interface, describes how to connect and use the CLI. Chapter 2, User-Mode Commands, provides a reference for user-mode commands. You can perform basic networking tasks such as ping and display basic system settings and statistics that are available to monitor users. Chapter 3, Enable-Mode Commands, provides a reference for enable-mode commands. You can perform system administration tasks such as image and file administration tasks and you can display system settings and statistics. Enable-mode commands are only available to administrator users.
Riverbed Command-Line Interface Reference Manual
Introduction
Chapter 4, Configuration-Mode Commands, provides a reference for configuration-mode commands. You can perform configuration tasks while in configuration-mode. You must be an administrator user to perform configuration tasks. Appendix A, Riverbed Ports, provides a reference of ports used by the Riverbed system. Appendix B, Riverbed MIB, provides information about accessing the Steelhead MIB and a summary of SNMP traps.
A list of acronyms and a glossary of terms follows the chapters. A comprehensive index directs you to areas of particular interest.
Document Conventions
This manual uses the following standard set of typographical conventions to introduce new terms, illustrate screen displays, describe command syntax, and so forth.
Convention italics boldface Meaning Within text, new terms and emphasized words appear in italic typeface. Within text, commands, keywords, identifiers (names of classes, objects, constants, events, functions, program variables), environment variables, filenames, GUI controls, and other similar terms appear in bold typeface. Information displayed on your terminal screen and information that you are instructed to enter appears in Courier font. Within syntax descriptions, values that you specify appear in angle brackets. For example: interface <ipaddress> Within syntax descriptions, optional keywords or variables appear in brackets. For example:
Courier <> [] {} |
ntp peer <addr> [version <number>]
Within syntax descriptions, required keywords or variables appear in braces. For example: {delete <filename> | upload <filename>} Within syntax descriptions, the pipe symbol represents a choice to select one keyword or variable to the left or right of the symbol. (The keyword or variable can be either optional or required.) For example: {delete <filename> | upload <filename>}
Hardware and Software Dependencies
The following table summarizes the hardware and software requirements for the Riverbed CLI.
Riverbed CLI Hardware Requirements One of the following: An ASCII terminal or emulator that can connect to the serial console (9600 baud, 8 bits, no parity, 1 stop bit, and no flow control). A computer with an SSH client that is connected by an IP network to the appliance primary interface. Software/Operating System Requirements Secure Shell. Free SSH clients include PuTTY for Windows computers, OpenSSH for many Unix and Unix-like operating systems, and Cygwin.
Riverbed Command-Line Interface Reference Manual
Introduction
Additional Resources
This section describes resources that supplement the information in this guide. It contains the following sections:
Online Notes, next Related Riverbed Documentation on page 9 Online Documentation on page 9 Riverbed Support Knowledge Base on page 9 Related Reading on page 9
Online Notes
The following online file supplements the information in this manual. It is available on the Riverbed Technical Support site at https://support.riverbed.com.
Online File <product>_<version_number>.txt Purpose Describes the product release and identifies fixed problems, known problems, and workarounds. This file also provides documentation information not covered in the manuals or that has been modified since publication.
Please examine this file before you begin the installation and configuration process. It contains important information about this release of the software.
Related Riverbed Documentation
For a complete list of Riverbed documentation log in to the Riverbed Technical Support Web site located at https://support.riverbed.com.
Online Documentation
The Steelhead appliance documentation set is periodically updated with new information. To access the most current version of the Steelhead appliance documentation and other technical information, consult the Riverbed Technical Support site located at https://support.riverbed.com.
Riverbed Support Knowledge Base
The Riverbed Knowledge Base is a database of known issues, how-to documents, system requirements, and common error messages. You can browse titles or search for key words and strings. To access the Riverbed Knowledge Base, log in to the Riverbed Technical Support site located at https://support.riverbed.com.
Related Reading
To learn more about network administration, consult the following books:
Riverbed Command-Line Interface Reference Manual
Introduction
Microsoft Windows 2000 Server Administrators Companion by Charlie Russell and Sharon Crawford (Microsoft Press, 2000) Common Internet File System (CIFS) Technical Reference by the Storage Networking Industry Association (Storage Networking Industry Association, 2002) TCP/IP Illustrated, Volume I, The Protocols by W. R. Stevens (Addison-Wesley, 1994) Internet Routing Architectures (2nd Edition) by Bassam Halabi (Cisco Press, 2000)
Contacting Riverbed
This section describes how to contact departments within Riverbed.
Internet
You can find out about Riverbed products through our Web site at http://www.riverbed.com.
Technical Support
If you have problems installing, using, or replacing Riverbed products contact Riverbed Technical Support or your channel partner who provides support. To contact Riverbed Technical Support, please open a trouble ticket at https://support.riverbed.com or call 1-888-RVBD-TAC (1-888-782-3822) in the United States and Canada or +1 415 247 7381 outside the United States.
Professional Services
Riverbed has staff of professionals who can help you with installation assistance, provisioning, network redesign, project management, custom designs, consolidation project design, and custom coded solutions. To contact Riverbed Professional Services go to http://www.riverbed.com or email proserve@riverbed.com.
Documentation
We continually strive to improve the quality and usability of our documentation. We appreciate any suggestions you may have about our online documentation or printed materials. Send documentation comments to techpubs@riverbed.com.
10
Riverbed Command-Line Interface Reference Manual
CHAPTER 1
Using the Command-Line Interface
This chapter describes how to access and use the CLI. This chapter includes the following sections:
Connecting to the CLI, next Overview of the CLI on page 12 Entering Commands on page 12 Accessing Online Help on page 13 Error Messages on page 13 Command Negation on page 13 Saving Configuration Changes on page 13
Connecting to the CLI
This section assumes you have already performed the initial setup of the appliance using the configuration wizard. For detailed information, see the installation guide for the system. To connect the CLI 1. You can connect to the CLI using one of the following options:
An ASCII terminal or emulator that can connect to the serial console. It must have the following settings: 9600 baud, 8 bits, no parity, 1 stop bit, and no flow control. A computer with an SSH client that is connected to the appliance Primary port (in rare cases, you might connect through the Auxiliary port).
2. At the system prompt enter the following command if the appliance resolves to your local DNS:
ssh admin@host.domain
otherwise at the system prompt enter the following command:
ssh admin@ipaddress
3. When prompted, enter the administrator password. This is the password you set during the initial configuration process. The default password is password.
Riverbed Command-Line Interface Reference Manual
11
Using the Command-Line Interface
You can also log in as a monitor user (monitor). Monitor users cannot make configuration changes to the system. Monitor users can view statistics and system logs.
Overview of the CLI
The CLI has the following modes:
User. When you start a CLI session, you begin in the default, user-mode. From user-mode you can run common network tests such as ping and view network configuration settings and statistics. You do not enter a command to enter user-mode. To exit this mode, enter exit at the command line. Enable. To access all commands, you must enter enable-mode. From enable-mode, you can enter any enable-mode command or enter configuration-mode. You must be an administrator user to enter enable-mode. To exit this mode, enter exit at the command line. You cannot enter enable-mode if you are a monitor user.
Configuration. To make changes to the running configuration, you must enter configuration-mode. To save configuration changes to memory, you must enter the write memory command. To enter configuration-mode, you must first be in enable-mode. To exit this mode, enter exit at the command line.
The commands available to you depend on which mode you are in. Entering a question mark (?) at the system prompt provides a list of commands for each command mode.
Mode user Access Method Each CLI session begins in user-mode. System Prompt host > Exit Method exit Description Perform common network tests, such as ping. Display system settings and statistics. enable Enter the enable command at the system prompt while in user-mode. host # disable Note: To exit to usermode, enter the exit command. Perform basic system administration tasks, such as restarting and rebooting the system. Display system data and statistics. Perform all user-mode commands. configuration Enter the configure terminal command at the system prompt while in enable-mode. host (config) # exit Configure system parameters. Perform all user and enable-mode commands.
Entering Commands
The CLI accepts abbreviations for commands. The following example is the abbreviation for the configure terminal command:
12
Riverbed Command-Line Interface Reference Manual
Using the Command-Line Interface
tilden # configure t
You can press the tab key to complete a CLI command automatically.
Accessing Online Help
At the system prompt, type the full or partial command string followed by a question mark (?). The CLI displays the command keywords or parameters for the command and a short description. To access online help
At the system prompt enter the following command:
tilden (config) # show ?
The CLI does not display the question mark.
Error Messages
If at any time the system does not recognize the command or parameter, it displays the following message:
tilden (config) # logging files enable % Unrecognized command "enable". Type "logging files?" for help.
If a command is incomplete, the following message is displayed:
tilden (config) # logging % Incomplete command. Type "logging ?" for help.
Command Negation
You can type no before many of the commands to negate the syntax. Depending on the command or the parameters, command negation disables the command or returns the parameter to the default value.
Saving Configuration Changes
The show configuration running command displays the current configuration of the system. When you make a configuration change to the system, the change becomes part of the running configuration. The change does not automatically become part of the configuration file in memory until you write the file to memory. If you do not save your changes to memory, they are lost when the system restarts. To save all configuration changes to memory, you must enter the write memory command while in configuration-mode.
Riverbed Command-Line Interface Reference Manual
13
Using the Command-Line Interface
14
Riverbed Command-Line Interface Reference Manual
CHAPTER 2
User-Mode Commands
This chapter is a reference for user-mode commands. It includes the following sections:
System Administration Commands, next Displaying System Data on page 20
User-mode commands allow you to enter enable-mode, display system data, and perform standard networking tasks. Monitor users can perform user-mode commands. All commands available in user-mode are also available to administrator users. To enter user-mode Connect to the CLI. For detailed information, see Connecting to the CLI on page 11.
System Administration Commands
This section describes the system administration commands that are available in user-mode. It includes the following commands:
enable, next exit on page 16 ping on page 16 slogin on page 17 ssh slogin on page 17 stats export on page 17 telnet on page 19 terminal on page 19 traceroute on page 20
Riverbed Command-Line Interface Reference Manual
15
User-Mode Commands
enable
Description Syntax Parameters Usage Example Product Enters enable-mode. enable None You must enter enable-mode before you can perform standard network monitoring tasks.
amnesiac > enable
CMC appliance, Interceptor appliance, Steelhead appliance
exit
Description Syntax Parameters Example Product Exits the CLI when in user-mode; exits enable-mode when in enable-mode; exits configurationmode when in configuration-mode. exit None
amnesiac > exit
CMC appliance, Interceptor appliance, Steelhead appliance
ping
Description Syntax Parameters Executes the ping utility to send ICMP ECHO_REQUEST packets to network hosts for troubleshooting. ping [<options>] <options> [-L RUbdfnqrvVaA] [-c count] [-i interval] [-w deadline] [-p pattern] [-s packet size] [-t ttl] [-I interface address] For example: ping 10.1.1.1 10.11.22.15 [-M MTU discovery hint] [-S sndbuf] [-T timestamp option] [-Q tos] [hop1...]destination. Specify intermediate hops.
Usage
The ping command without any options pings from the primary or the auxiliary (aux) interface and not the in-path interfaces. If the primary and auxiliary interfaces are not on the same network as the in-path interfaces, you will not be able to ping an IP address on the in-path interface network unless you have a gateway between the two networks. To ping from an in-path interface, use the following syntax:
ping -I <in-path interface IP address> <destination IP address>
16
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > ping -I 10.1.1.1 10.11.22.15 PING 10.11.22.15 (10.11.22.15) from 10.1.1.1: 56(84) bytes of data. 64 bytes from 10.11.22.15: icmp_seq=0 ttl=64 time=0.044 ms 64 bytes from 10.11.22.15: icmp_seq=1 ttl=64 time=0.038 ms 64 bytes from 10.11.22.15: icmp_seq=2 ttl=64 time=0.040 ms
Product
CMC appliance, Interceptor appliance, Steelhead appliance
slogin
Description Syntax Parameters Example Product Related Topics Enables log in to another system securely using SSH. slogin [<options>] <options> Specify slogin options. To view options, enter slogin at the system prompt.
amnesiac > slogin -l usertest
CMC appliance, Interceptor appliance, Steelhead appliance show ssh client, show ssh server
ssh slogin
Description Syntax Parameters Example Product Related Topics Enables log in to another system using ssh. ssh slogin <cr> <slogin options> <slogin options> Specify slogin options. To view options, enter slogin at the system prompt.
amnesiac > ssh slogin amnesiac >
CMC appliance, Interceptor appliance, Steelhead appliance show ssh client, show ssh server
stats export
Description Syntax Enables export of statistics ssh export <format> <report name> after <yyyy>/<mm>/<dd> before <yyyy>/<mm>/<dd> email <email-addr> filename <filename>
Riverbed Command-Line Interface Reference Manual
17
User-Mode Commands
Parameters
<format> <report name>
Specify the file format for export. For example csv Specify one of the following reports: cpu_util. CPU utilization. memory. Memory utilization. paging. Paging I/O. bw. Aggregate Bandwidth. th_peak. Peak Throughput. th_p95. P95 Throughput. pass. Aggregate Passthrough Traffic. cpool. Aggregate Connection Pooling. nfs. Aggregate NFS Report. pfs. Aggregate PFS Report. conn_history. Connection History. dstore. Data Store Hit. ssl. SSL statistics. ssl_peak. SSL peak statistics. http. HTTP statistics. qos. QOS statistics. top-conversations. Top Conversations Report. top-senders. Top Senders Report. top-receivers. Top Receivers Report. top-applications. Top Applications Report.
after <yyyy>/ <mm>/<dd> before <yyyy>/ <mm>/<dd> email <emailaddr> filename <filename> Example Product Related Topics
Includes statistics collected before a specific time.
Includes statistics collected before a specific time.
Specify the address where the report is to be emailed.
Specify the filename to give to the new report.
amnesiac > stats export csv ssl after 2008/09/01 filename ssltest amnesiac >
CMC appliance, Interceptor appliance, Steelhead appliance show stats alarm
18
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
telnet
Description Syntax Parameters Enables log in to another system using telnet telnet <cr> <telnet options> <telnet options> Specify telnet command options: close. Close current connection. logout. Forcibly logout remote user and close the connection. display. Display operating parameters. mode. Try to enter line or character mode ('mode ?' for more). open. Connect to a site. quit. Exit telnet. send. Transmit special characters ('send ?' for more). set. Set operating parameters ('set ?' for more). unset. Unset operating parameters ('unset ?' for more). status. Print status information. toggle. Toggle operating parameters ('toggle ?' for more). slc. Change state of special characters ('slc ?' for more). z. Suspend telnet. !. Invoke a subshell. environ. Change environment variables ('environ ?' for more). ?. Print help information. Example Product Related Topics
amnesiac > telnet telnet >
Steelhead appliance show terminal
terminal
Description Syntax Parameters Sets terminal settings. terminal length <lines> | type <terminal_type> | terminal width <number of characters>} terminal length <lines> terminal type <terminal_type> terminal width <number of characters> Usage Sets the number of lines 0-1024; 0 to disable paging. The no command option disables the terminal length. Sets the terminal type. The no command option disables the terminal type. Sets the width number of characters. The no command option disables the terminal width.
The no command option disables CLI option settings.
Riverbed Command-Line Interface Reference Manual
19
User-Mode Commands
Example Product Related Topics
amnesiac > terminal width 1024 amnesiac >
CMC appliance, Interceptor appliance, Steelhead appliance show cli, show clock, show terminal
traceroute
Description Syntax Parameters Example Executes the traceroute utility. The traceroute command takes the standard Linux options. traceroute [<options>] <options> The traceroute command takes the standard Linux options. For detailed information, see the Linux man page.
amnesiac > traceroute amnesiac traceroute to amnesiac.domain.com (10.0.0.3), 30 hops max, 38 byte packets 1 amnesiac (10.0.0.3) 0.035 ms 0.021 ms 0.013 ms
Product
CMC appliance, Interceptor appliance, Steelhead appliance
Displaying System Data
This section describes the commands to display system data. Monitor users can display non-sensitive system data (for example, data that does not include passwords or user role information.)
show admission
Description Syntax Example Displays admission control settings. show admission <cr> | control
amnesiac > show admission control Enable Admission Control Override: no Override: Connection Enable: 625 Connection Cutoff: 650 Memory Enable: 1300 Memory Cutoff: 1350 Current: Connection Enable: 625 Connection Cutoff: 650 Memory Enable: 1300 Memory Cutoff: 1350
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
20
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show bootvar
Description Syntax Parameters Example Displays the software image that is booted upon the next reboot. show bootvar None
amnesiac > show bootvar Installed images: Partition 1: rbtsh/linux columbia #1 2004-02-07 19:24:24 root@test:repository Partition 2: rbtsh/linux Columbia #2 2004-02-13 17:30:17 root@test:repository Last boot partition: 1 Next boot partition: 1
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance hardware watchdog, image boot
show cli
Description Syntax Parameters Example Displays current CLI settings. show cli None
amnesiac > show cli CLI current session settings Maximum line size: 8192 Terminal width: 157 columns Terminal length: 15 rows Terminal type: xterm Auto-logout: 30 minutes Paging: enabled CLI defaults for future sessions Auto-logout: 30 minutes Paging: enabled
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance CLI Terminal Configuration Commands
show clock
Description Syntax Parameters Displays current date and time. show clock None
Riverbed Command-Line Interface Reference Manual
21
User-Mode Commands
Example
amnesiac > show clock Time: 15:11:13 Date: 2008/10/18 Zone: America North United_States Pacific
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show cmc
Description Syntax Parameters Example Displays CMC related settings. show cmc None
amnesiac > show cmc CMC auto-registration enabled: CMC auto-registration hostname: Managed by CMC: CMC hostname: Auto configuration status: Last message sent to cmc: Time that message was sent: yes riverbedcmc.nbttech.com yes tsfe7 (10.02.20.7) Inactive Auto-registration Fri Oct 17 09:37:57 2008
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show connection
Description Syntax Parameters Displays information about a single connection. show connection srcip <source IP addr> srcport <source port> dstip <destination IP addr> dstport <destination port> srcip <source IP addr> srcport <source port> dstip <destination IP address> dstport <destination port> Specify the source IP address. Specify the source port. Specify the destination IP address. Specify the destination port.
22
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show connection srcip 10.11.62.56 srcport 36433 dstip 10.11.60.9 dstport 7810 Type: Passthrough Source: 10.11.62.56:36433 Destination: 10.11.60.9:7810 Application: Reduction: 0% Client Side: no Since: 2006/02/21 17:24:00 Peer Appliance: 0.0.0.0:0 Inner Local Port: 0 Outer Local: 0.0.0.0:0 Outer Remote: 0.0.0.0:0 LAN Side Statistics: Bytes: 0 Packets: 0 Retransmitted: 0 Fast Retransmitted: 0 Timeouts: 0 Congestion Window: 0 WAN Side Statistics: Bytes: 0 Packets: 0 Retransmitted: 0 Fast Retransmitted: 0 Timeouts: 0 Congestion Window: 0
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Raid Commands
show connections
Description Syntax Displays connections running through the appliance. show connections <cr> | <type> brief | full | filter <filter-string> | sort-by <state>
Riverbed Command-Line Interface Reference Manual
23
User-Mode Commands
Parameters
<type>
all optimized
Displays all connection types. Displays the total active connections optimized. A U is displayed next to the appliance name if the connection is in an unknown state. Displays the total connections passed through, unoptimized. A U is displayed next to the appliance name if the connection is in an unknown state. Displays the total number of connections that were forwarded when you have configured a connection forwarding neighbor to manage the connection. Displays the total half-opened active connections. A half-opened connection is a TCP connection in which the connection has not been fully established. Half-opened connections count toward the connection count-limit on the appliance because at any time they might become fully opened connections. If you are experiencing a large number of half-opened connections, consider deploying an appropriately sized appliance. A U is displayed next to the appliance name if the connection is in an unknown state. Displays the total half-closed active connections. A half-closed connection is a TCP connection which has been closed on one side. The other side of the connection can still send data. These connections count toward the appliance connection count-limit. If you experience a large number of half-closed connections, consider deploying an appropriately sized appliance. A U is displayed next to the appliance name if the connection is in an unknown state. Displays discarded connections only. Displays denied connections only.
passthrough
forwarded
opening
closing
discarded denied brief | full filter <string> sort-by <state>
Specify a brief or full report. Filters the list according to string. For example, to filter by IP address (such as srcip or destip); the filter string is the IP address. Sort results by the following states: state. Sort connections by state. srcip. Sort connections by source IP address. srcport. Sort connections by source port. destip. Sort connections by destination IP address. destport. Sort connections by destination port. peerip. Sort connections by peer IP address. peerport. Sort connections by peer port. app. Sort connections by application, such as HTTP. reduction. Sort connections by percent of reduction in bandwidth. bytes_in. Sort connections by total number of bytes in. bytes_out. Sort connections by total number of bytes out. starttime. Sort connections by start time.
24
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show connections T Source Destination App Rdxn Since -------------------------------------------------------------------------------O 10.11.141.1 2842 10.11.141.2 135 EPM 45% 2007/05/02 14:21:59 O 10.11.141.1 2843 10.11.141.2 1025 TCP 16% 2007/05/02 14:22:00 O 10.11.141.3 4765 10.11.141.4 445 CIFS 23% 2007/05/02 14:21:14 O 10.11.141.4 4667 10.11.141.2 445 CIFS 1% 2007/05/02 14:04:40 -------------------------------------------------------------------------------Established Optimized (O): 4 Half-Opened Optimized (H): 0 Half-Closed Optimized (C): 0 Pass Through (P): 0 Forwarded (F): 0 Discarded (not shown): 0 Denied (not shown): 0 -------------------------------Total: 4
Product Related Topics
Steelhead appliance Raid Commands
show datastore
Description Syntax Parameters Example Displays current data store settings. show datastore None
amnesiac > show datastore Datastore Wrap-Around Notification: no Expected Period (days) Before Datastore Wrap-Around: 1 Priority for Deferred Writes: Anchor Selection: Encryption Type: Automated Online Datastore Synchronization: Master: Peer IP Address: Port: Reconnect Seconds: Connection Status: Catch-Up Synchronization Status: Catch-Up Percent Completed: Keep-Up Synchronization Status: Disk Load: SDR_A Traffic: Hit Rate: Hit Count: Miss Count: yes 1 NONE no no 0.0.0.0 7744 30 disconnected disconnected 0 disconnected 0 0 0 1255716 95134116
Product Related Topics
Steelhead appliance Data Store Management Commands
Riverbed Command-Line Interface Reference Manual
25
User-Mode Commands
show datastore disk
Description Syntax Parameters Example Product Related Topics Displays current data store disk configuration. show datastore disk None
amnesiac > show datastore disk Read Pressure Check Interval: 90
Steelhead appliance Data Store Management Commands
show datastore disklayout
Description Syntax Parameters Example Product Related Topics Displays current data store disk layout status. show datastore disk None
amnesiac > show datastore disklayout Datastore disk layout: fifo
Steelhead appliance Data Store Management Commands
show datastore sdr-policy
Description Syntax Parameters Example Product Related Topics Displays data store SDR policy. show datastore sdr-policy None
amnesiac > show datastore sdr-policy datastore sdr policy: default
Steelhead appliance Data Store Management Commands
show datastore sync
Description Syntax Parameters Displays data store disk synchronization status. show datastore sync None
26
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show datastore sync Keepup enabled: yes Keepup max pages: 1024 Catchup enabled: yes
Product Related Topics
Steelhead appliance Data Store Management Commands
show datastore write-q-prior
Description Syntax Parameters Example Product Related Topics Displays the data store disk write priority setting. show datastore write-q-prior None
amnesiac > show datastore write-q-prior Priority for deferred writes: yes
Steelhead appliance Data Store Management Commands
show dns cache
Description Syntax Parameters Example Displays the DNS cache settings. show dns cache None
amnesiac > show dns cache Cache size: 1048576 bytes Minimum cache TTL: 0 seconds Maximum cache TTL: 604800 seconds Minimum ncache TTL: 0 seconds Maximum ncache TTL: 10800 seconds Cache frozen: no amnesiac >
Product Related Topics
Steelhead appliance DNS Cache Commands
show dns forwarders
Description Syntax Parameters Displays a list of all the forwarders. show dns forwarders None
Riverbed Command-Line Interface Reference Manual
27
User-Mode Commands
Example Product Related Topics
amnesiac > show dns forwarders
Steelhead appliance DNS Cache Commands
show dns interfaces
Description Syntax Parameters Example Product Related Topics Displays a list of all the interfaces listed. show dns interfaces None
amnesiac > show dns interfaces amnesiac >
Steelhead appliance DNS Cache Commands
show dns settings
Description Syntax Parameters Example Displays the DNS settings. show dns settings None
amnesiac > show dns settings DNS: Fallback to root nameservers: Detect down forwarders: Time til forwarder is down: Lost requests til forwarder is down: Time for forwarder to stay down: amnesiac > running yes no 120 seconds 30 300 seconds
Product Related Topics
Steelhead appliance DNS Cache Commands
show domain
Description Displays the domain name, the status of the domain (whether it is ready, busy, or has an error), status messages, domain controller information (if configured), host IP address, NTB domain name (if configured) show domain configuration | status configuration status Displays domain configuration. Displays domain status.
Syntax Parameters
28
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show domain configuration Domain Name : Short Domain Name : Login : Domain Controller List : Domain Required : yes Domain Check Required : no
Product Related Topics
Steelhead appliance, CMC appliance Domain and Workgroup Commands
show email
Description Syntax Parameters Example Displays current email settings. show email None
amnesiac > show email Mail hub: exchange Mail hub port: 30 Domain: example.com Event emails Enabled: yes Recipients: example@riverbed.com Failure emails Enabled: yes Recipients: example@riverbed.com Autosupport emails Enabled: no Recipient: autosupport@eng.riverbed.com Mail hub: eng.riverbed.com
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Notification and SNMP Commands
show failover
Description Syntax Parameters Displays current failover device settings. show failover None
Riverbed Command-Line Interface Reference Manual
29
User-Mode Commands
Example
amnesiac > show failover Enabled: no Master: yes Local Port: 7220 Buddy IP Address: 0.0.0.0 Buddy Port: 7220 amnesiac >
Product Related Topics
Interceptor appliance, Steelhead appliance Peering Commands
show hardware
Description Syntax Parameters Example Displays hardware information. show hardware None
amnesiac > show hardware Hardware Revision: B Mainboard: Series 3000/5000 motherboard, ................. CMP-00072 Slot 0: 4 Port Copper GigE Network Bypass Card, ....... CMP-00074 Slot 1: (Empty) Slot 2: (Empty) Slot 3: (Empty) Slot 4: 6 Port SATA RAID I/O Card, .................... CMP-00014 Slot 5: (Empty)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance hardware upgrade model
show hardware error-log
Description Syntax Parameters Displays IPMI system event log entries. show hardware error-log all | new all new Example Displays all IPMI SEL entries Display IPMI SEL entries since the last show hardware error-log command.
amnesiac > show hardware error-log all 1 | 11/28/2006 11:55:10 | Event Logging Disabled SEL | Log area reset/cleared | Asserted = yes. 2 | 01/04/2007 21:09:07 | Slot/Connector Drive | Fault Status | Asserted = yes. 3 | 01/07/2007 03:24:07 | Slot/Connector Drive | Fault Status | Asserted = yes.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show hardware spec
30
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show hardware spec
Description Syntax Parameters Example Displays the hardware specifications that are available for the platform. Includes an indicator that displays what model specification is active and which specifications are available. show hardware spec None
amnesiac > show hardware spec Spec Description - ---- ------------------------------------50 BW Limit: 256 KB/s Connection Limit: * 100 BW Limit: 1000 KB/s Connection Limit: 200 BW Limit: 1000 KB/s Connection Limit: (unavailable) 300 BW Limit: 2000 KB/s Connection Limit: (unavailable) * = active
250 30 110 165
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance clear hardware error-log
show hardware watchdog
Description Syntax Parameters Example Displays hardware watchdog information. show hardware watchdog None
amnesiac > show hardware watchdog Enable: yes Last Ping: 2006-05-12 14:31:49.412973153 -0700 Saved Ping: 2006-04-21 07:25:51.000000000 -0700
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance hardware watchdog
show hosts
Description Syntax Parameters Example Displays system hosts. show hosts None
amnesiac > show hosts Hostname: amnesiac Name server: 10.0.0.2 (configured) Domain name: domain.com (configured) Domain name: domain.com (configured) IP 107.0.0.1 maps to hostname localhost amnesiac >
Riverbed Command-Line Interface Reference Manual
31
User-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show images
Description Syntax Parameters Example Displays the available software images and which partition the appliance boots the next time the appliance is restarted. show images None
amnesiac > show images Images available to be installed: webimage.tbz rbtsh/linux 4.0 #12 2007-05-15 11:54:52 root@test:CVS_TMS/HEAD image.img rbtsh/linux 4.0 #17 2007-05-22 16:39:32 root@test:CVS_TMS/HEAD Installed images: Partition 1: rbtsh/linux 4.0-HEAD-2007-06-15-07:19:19 #0 2007-06-15 07:19:19 root@test:CVS_TMS/ HEAD Partition 2: rbtsh/linux 4.0 2007-05-15 11:54:52 root@test:CVS_TMS/HEAD Last boot partition: 2 Next boot partition: 2
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance License and Hardware Upgrade Commands
show info
Description Syntax Parameters Example Displays the system information, including the current state of the system. show info None
amnesiac > show info Status: Healthy Config: working Appliance Up Time: 15d 1h 14m 4s Service Up Time: 15d 1h 12m 25s Serial: H180000697a Model: 8800 Revision: A Version: spitfire-1.0
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance. Steelhead Mobile Controller show connection
32
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show in-path
Description Syntax Parameters Example Displays in-path interface settings. show in-path None
amnesiac > show in-path Enabled: yes Kickoff: no L4/PBR/WCCP: no Main Interface: inpath1_0 Optimizations Enabled On: inpath1_0 VLAN Tag IDs: inpath1_0: 0 inpath1_1: 0 amnesiac >
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance In-Path and Virtual In-Path Support Commands
show in-path ar-circbuf
Description Syntax Parameters Example Product Related Topics Displays the asymmetric routing table. show in-path ar-circbuf None
amnesiac > show in-path ar-circbuf
CMC appliance, Interceptor appliance, Steelhead appliance Asymmetric Route Detection Commands
show in-path asym-route-tab
Description Syntax Parameters Displays the asymmetric route table. The table contains any asymmetric routes that currently exist. It includes the source IP, destination IP, reason code, and time-out. show in-path asym-route-tab None
Riverbed Command-Line Interface Reference Manual
33
User-Mode Commands
Usage
The following types of asymmetry are displayed in the asymmetric routing table: bad RST. Complete Asymmetry: packets traverse both Steelhead appliances going from client to server but bypass both Steelhead appliances on the return path. bad SYN/ACK. Server-Side Asymmetry: Packets traverse both Steelhead appliances going from client to server but bypass the server-side Steelhead appliance on the return path. no SYN/ACK. Client-Side Asymmetry: Packets traverse both Steelhead appliances going from client to server but bypass the client-side Steelhead appliance on the return path. probe-filtered (not-AR). Probe-Filtered: Occurs when the client-side Steelhead appliance sends out multiple SYN+ frames and does not get a response. probe-filtered (not-AR). SYN-Rexmit: Occurs when the client-side Steelhead appliance receives multiple SYN retransmits from a client and does not see a SYN/ACK packet from the destination server.
Example
amnesiac > show in-path asym-route-tab Format: [IP 1] [IP 2] [reason] [timeout( 10.111.111.19 10.111.25.23 no-SYNACK 770 amnesiac >
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path cdp
Description Syntax Parameters Example Displays CDP settings for failover deployments using PBR to redirect traffic to the backup Steelhead appliance. show in-path cdp None
amnesiac > show in-path cdp CDP Enabled: no Interval: 10 seconds Hold Time: 180 seconds amnesiac >
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path cf-timer
Description Syntax Parameters Example Show connection forwarding timer settings. show in-path cf-timer None
amnesiac > show in-path ACK Timer Count: ACK Timer Interval: Read Timeout: Reconnect Timeout: cf-timer 3 1000 10000 10000
34
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path drop-when-flap
Description Syntax Parameters Usage Example Product Related Topics Show dropped packets if route flapping is detected. show in-path drop-when-flap None Route flapping occurs when a router alternately advertises a destination network via one route then another (or as unavailable, and then available again) in quick sequence.
amnesic # show in-path drop-when-flap Drop packets on flap: no
Steelhead appliance Asymmetric Route Detection Commands
show in-path lsp
Description Syntax Parameters Example Displays whether link state propagation is enabled. When LSP is enabled, if the LAN interface drops the link then the WAN also drops the link. show in-path lsp None
amnesiac > show in-path lsp Link State Propagation Enabled: no amnesiac >
Product Related Topics
Steelhead appliance protocol oracle-forms http-enable
show in-path mac-match-vlan
Description Syntax Parameters Example Displays settings in-path settings if VLAN IDs in simplified routing table look ups for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. show in-path mac-match-vlan None
amnesiac > show in-path mac0match-vlan Use VLAN IDs in simplified routing table lookups: no
Riverbed Command-Line Interface Reference Manual
35
User-Mode Commands
Product Related Topics
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path macmap-tables
Description Syntax Parameters Example Product Related Topics Displays the mac-map tables for Wan Visibility. For detailed information, see the Steelhead Appliance Deployment Guide. show in-path mac-map-tables None
amnesiac > show in-path mac-map-tables
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path neighbor
Description Syntax Parameters Example Displays connection forwarding settings. For detailed information about connection forwarding alarms, see the Steelhead Management Console Users Guide. show in-path neighbor None
amnesiac > show in-path neighbor In-path Neighbor Enabled: no In-path Neighbor Port: 7850 Keepalive Count: 3 Keepalive Interval: 1 Allow Failure: no Advertise Resync: yes Use the VLAN & destination MAC address as forwarded by the neighbor: Multi-interface support: Enabled: Neighbor Name -------------------No neighbors.
no
no Port -----
Main Address ---------------
Product Related Topics
Steelhead appliance, Interceptor appliance Asymmetric Route Detection Commands, Connection Forwarding
36
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show in-path neighbor-detail
Description Displays connection forwarding settings. For detailed information, see the Steelhead Management Console Users Guide.
Syntax Parameters Example
show in-path neighbor-detail None
amnesiac > show in-path neighbor-detail Neighbor 1 : 172.1.34.4 State : Reading message header NAT requests sent : 64 NAT DEL messages sent : 64 NAT ACKs received : 64 NAT requests received : 0 NAT DEL messages received : 0 NAT ACKs sent : 0 DYN requests sent : 0 DYN DEL messages sent : 0 DYN ACKs received : 0 DYN requests received : 0 DYN DEL messages received : 0 DYN ACKs sent : 0 REDIR requests sent : 64 REDIR DEL messages sent : 64 REDIR ACKs received : 64 REDIR requests received : 0 REDIR DEL messages received : 0 REDIR ACKs sent : 0 Connection failures : 0 Keepalive timeouts : 0 Request timeouts : 0 Max latency seen : 26 ms
Product Related Topics
Steelhead appliance, Interceptor appliance Asymmetric Route Detection Commands, Connection Forwarding
show in-path neighbor advertiseresync
Description Syntax Parameters Example Product Related Topics Displays advertisements on synchronize settings. show in-path neighbor advertiseresync None
amnesiac > show in-path neighbor advertiseresync Advertise Resync: yes
Steelhead appliance Asymmetric Route Detection Commands
Riverbed Command-Line Interface Reference Manual
37
User-Mode Commands
show in-path neighbor advertiseresync
Description Syntax Parameters Example Product Related Topics Displays advertisements on synchronize settings. show in-path neighbor advertiseresync None
amnesiac > show in-path neighbor advertiseresync Advertise Resync: yes
Steelhead appliance Asymmetric Route Detection Commands
show in-path peering auto
Description Syntax Parameters Example Displays whether or not automatic in-path peer detection is enabled. show in-path peering auto None
meow-mix # show in-path peering auto Automatic Peering Enabled: yes meow-mix #
Product Related Topics
Steelhead appliance in-path peering auto
show in-path peering disc-outer-acpt
Description Syntax Parameters Example Product Related Topics Displays outer connection for the accept rules. show in-path peering disc-outer-acpt None
amnesiac > show in-path peering disc-outer-acpt
Steelhead appliance in-path peering rule
show in-path peering rules
Description Syntax Displays in-path peering rules. show in-path peering rules
38
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Parameters Example
None
amnesiac > show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- ------------1 pass * * * 10.0.1.3 2 pass * * * 10.0.1. def auto * * * *
Product Related Topics
Steelhead appliance in-path peering rule
show in-path peering oobtransparency
Description Syntax Parameters Example Displays out-of-band transparency settings. show in-path peering oobtransparency None
amnesiac > show in-path peering oobtransparency Mode: none Port: 708
Product Related Topics
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path probe-caching
Description Syntax Parameters Example Product Related Topics Displays probe caching settings for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. show in-path probe-caching None
amnesiac > show in-path probe-caching Probe Caching Enabled: no
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path probe-mapi-data
Description Syntax Parameters Displays in-path settings if MAPI data connections are probed to learn VLAN information. For detailed information, see the Steelhead Appliance Deployment Guide. show in-path probe-mapi-data None
Riverbed Command-Line Interface Reference Manual
39
User-Mode Commands
Example Product Related Topics
amnesiac > show in-path probe-mapi-data Probe MAPI connections to learn VLAN info: no
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path rules
Description Syntax Parameters Example Steelhead appliance Displays current in-path rules and VLAN identification numbers. show in-path rules None
amnesiac > Rule Type ----- ---1 pass 2 pass 3 pass 4 pass def auto show in-path rules P O L N W VLAN Source Addr - - - - - ---- ------------------ - - - - all all - - - - - all all - - - - - all all - - - - - all all N F F A C all all Dest Addr -----------------all all all all all Port --------------139 Secure Interactive RBT-Proto all
4 user-defined rule(s) (P) (O) (L) (N) (W) Preoptimization Policy: Optimization Policy: Latency Optimizations: Neural Framing: WAN Visibility Mode: O=Oracle-Forms S=SSL +=Oracle-Forms-over-SSL N=None F=Full S=SDR-only C=Compression-only N=None F=Full H=HTTP-only N=None A=Always D=Dynamic T=TCP hints N=Never C=Correct-Addressing P=Port-Transparency F=Full-Transparency
Product Related Topics
Interceptor appliance, Steelhead appliance In-Path and Virtual In-Path Support Commands
show in-path send-storeid
Description Syntax Parameters Example Product Related Topics Displays send-store ID settings. show in-path send-storeid None
amnesiac > show in-path send-storeid Send Storeid: no
Steelhead appliance Simplified Routing Support Commands
40
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show in-path simplified routing
Description Syntax Parameters Example Displays simplified routing settings. show in-path simplified routing None
amnesiac > show in-path simplified routing Collect mappings from destination MAC data: no Collect mappings from source MAC data: no Collect data from un-natted connections: no amnesiac >
Product Related Topics
Steelhead appliance Simplified Routing Support Commands
show in-path vlan-conn-based
Description Syntax Parameters Example Product Related Topics Displays if VLAN connection based mapping is in use. For detailed information, see the Steelhead Appliance Deployment Guide. show in-path vlan-conn-based None
amnesiac > show in-path vlan-conn-based
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path ar-circbuf
Description Syntax Parameters Usage Displays the asymmetric route circular buffer. show in-path ar-circbuf None The buffer contains all the asymmetric routes that have been detected. This is a circular buffer and wraps after a period of time. The circular buffer displays artable-match if a new TCP connection is created for a pair of IP addresses that already have an asymmetric routing table entry. The buffer is set up with source IP:source port, destination IP:destination port, and reason code.
amnesiac > show in-path ar-circbuf Format: [IP 1]:[port 1] [IP 2]:[port 2] [reason] 10.21.111.19:33280 10.11.55.23:5001 artable-match 10.21.111.19:33278 10.11.55.23:5001 no-SYNACK 10.21.111.19:33277 10.11.55.23:5001 SYN-rexmit 10.21.111.19:33271 10.11.55.23:5001 artable-match 10.21.111.19:33270 10.11.55.23:5001 SYN-rexmit
Example
Riverbed Command-Line Interface Reference Manual
41
User-Mode Commands
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path asym-route-tab
Description Syntax Parameters Example Product Related Topics Displays in-path asymmetric routing table. show in-path asym-rout-tab flush None
amnesiac > show in-path asym-route-tab flush
CMC appliance, Steelhead appliance in-path asym-route-tab flush, in-path asym-route-tab remove
show ip
Description Syntax Displays the IP settings. show ip { flow-export <cr> | flow-setting <cr> | lan-subnets | in-path route <interface> <cr> | static | in-path-gateway <interface> <cr> | static | security <cr> | peers} flow-export <cr> flow-setting <cr> | lansubnets in-path route <interface> <cr> | static in-path-gateway <interface> <cr> | static security <cr> | peers Example Displays NetFlow export settings. Displays NetFlow settings. Optionally, display LAN subnets. Displays in-path route settings for inpath0_0, inpath1_1, and so forth. Displays in-path gateway settings for inpath0_0, inpath1_1, and so forth. Displays IPSec connections to other appliances.
1800 1800 15
Parameters
amnesiac > show ip flow-setting Configured active flow timeout: In-use active flow timeout: Inactive flow timeout:
The in-use active flow timeout can be different from the configured active flow timeout when Top Talkers is enabled. gen-sh75 > show ip flow-setting Configured active flow timeout: 1800 In-use active flow timeout: 1800 Inactive flow timeout: 15 The in-use active flow timeout can be different from the configured active flow timeout when Top Talkers is enabled.
42
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show legacy-rsp
Description Syntax Parameters Example Product Related Topics Displays RSP v5.0.x information. show legacy-rsp None
amnesiac > show legacy-rsp Present and reserving 12288 bytes from PFS store
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show limit bandwidth
Description Syntax Parameters Example Displays bandwidth limit settings. show limit bandwidth None
amnesiac > show limit bandwidth Max rate: 10000 kb/s Max burst: 750000 bytes
Product Related Topics
Steelhead appliance Host Setup Commands
show limit connection
Description Syntax Parameters Example Product Related Topics Displays the connection limit setting. show limit connection None
amnesiac > show limit connection Per source IP connection limit: 4096
Steelhead appliance Host Setup Commands
Riverbed Command-Line Interface Reference Manual
43
User-Mode Commands
show logging
Description Syntax Parameters Example Displays logging settings. show logging None
amnesiac > show logging Local logging level: notice Default remote logging level: notice No remote syslog receivers configured. Number of archived log files to keep: 10 Log rotation frequency: daily amnesiac >
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Logging Commands
show ntp
Description Syntax Parameters Example Displays NTP settings. show ntp None
amnesiac > show ntp NTP enabled: yes No NTP peers configured. NTP server: 190.6.38.127 (version 4) NTP server: 46.187.224.4 (version 4) NTP server: 46.187.233.4 (version 4)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show out-of-path
Description Syntax Parameters Example Displays out-of-path configuration settings. show out-of-path None
amnesiac > show out-of-path Enabled: no Inner Port: 7810
Product Related Topics
Steelhead appliance Out-of-Path Support
44
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show peer version
Description Syntax Parameters Example Product Related Topics Displays the current service connection protocol. show peer version None
amnesiac > show peer version No peer setting defined.
Steelhead appliance Peering Commands
show peers
Description Syntax Parameters Example Displays information about connected peers. show peers None
amnesiac > show peers S IP Name Model Version Licenses - --------------- ---------------- ------- ------- ----------------------------O 10.11.62.75 gen-sh75 2020 5.5.0-rc CIFS/MAPI/SSL/JINIT O = online, U = unknown
Product Related Topics
Steelhead appliance, Interceptor appliance Peering Commands
show pfs all-info shares
Description Syntax Parameters Displays PFS share settings. show pfs all-info shares <cr> | local-name <localname> <cr> local-name <localname> Example Product Related Topics Displays PFS settings for all shares. Displays the PFS settings for the specified local share.
amnesiac > show pfs all-info shares no registered shares
Steelhead appliance PFS Support Commands
Riverbed Command-Line Interface Reference Manual
45
User-Mode Commands
show pfs status
Description Syntax Parameters Displays the status of local shares. show pfs status <cr> | {shares [<cr>] | [local-name <localname>] <cr> shares <cr> local-name <localname> Example Displays whether or not PFS is enabled. Displays the status of all PFS shares. Displays the status for the specified local share.
amnesiac > show pfs status shares +============================= | Information for PFS share lshare1 | | ----- Status ----| Last Sync Status: true | Share Ready: true | Status: START_SYNC in progress since Fri Mar | Size (MB): 39 | Last Synced: Fri Mar 9 17:05:30 2007
9 17:04:26 2007
Product Related Topics
Steelhead appliance PFS Support Commands
show pfs configuration
Description Syntax Parameters Displays PFS configuration settings. show pfs configuration shares <cr> | local-name <localname> <cr> local-name <localname> Example Product Related Topics Displays the PFS settings for all shares. Displays the PFS settings for the specified local share.
amnesiac > show pfs configuration shares
Steelhead appliance PFS Support Commands
show pfs settings
Description Syntax Parameters Example Displays PFS general settings. show pfs settings None
amnesiac > show pfs settings % PFS not enabled
46
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
Steelhead appliance PFS Support Commands
show pfs stats shares
Description Syntax Parameters Example Displays PFS share statistics. show pfs stats shares <cr> | local-name <localname> local-name <localname> Specify the name of the local share for which to display statistics.
amnesiac > show pfs stats shares +============================= | Information for PFS share field_kit | | ----- Statistics ----+============================= | Information for PFS share internal-test | | ----- Statistics ----+============================= | Information for PFS share internal-townsend | | ----- Statistics ----+=============================
Product Related Topics
Steelhead appliance PFS Support Commands
show prepop
Description Syntax Displays prepopulation settings. show prepop {all-info shares <cr> | remote-path <remote-path> | configuration shares <cr> | remote-path <remote-path> | stats shares <cr> | remote-path <remote-path> | status shares <cr> | remote-path <remote-path> all-info <cr> | remotepath <remote-path> configuration <cr> | remote-path <remotepath> stats shares <cr> | remote-path <remotepath> status shares <cr> | remote-path <remotepath> Example Displays all information for the prepopulation share or the specified share. Displays configuration of the prepopulation share or the specified share. Displays prepopulation statistics for all shares or the specified share.
Parameters
Displays status for the prepopulation shares or the specified share.
amnesiac > show prepop all-info shares No registered shares
Riverbed Command-Line Interface Reference Manual
47
User-Mode Commands
Product Related Topics
Steelhead appliance CIFS Prepopulation Support Commands
show protocol cifs
Description Syntax Parameters Example Displays CIFS settings. show protocol cifs None
amnesiac > show protocol cifs Enable Transparent Prepopulation Support: no Disable CIFS Write Optimization: no Security Signature Optimization: yes Overlapping Open Enabled: yes
Product Related Topics
Steelhead appliance CIFS Support Commands
show protocol cifs applock
Description Syntax Parameters Example Product Related Topics Displays CIFS applock settings. show protocol cifs applock None
gen-sh75 # show protocol cifs applock Enabled: no
Steelhead appliance CIFS Support Commands
show protocol cifs oopen
Description Syntax Parameters Example Displays CIFS overlapping open sessions. show protocol cifs oopen None
amnesiac > show protocol cifs oopen Enabled: yes Optimization Policy: deny first Extensions to always allow: doc, pdf, ppt, sldasm, slddrw, slddwg, sldprt, txt, vsd, xls Extensions to always deny: ldb, mdb
48
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
Steelhead appliance CIFS Support Commands
show protocol connection
Description Syntax Parameters Example Displays the HS-TCP settings. show protocol connection None
amnesiac > show protocol connection LAN: Send socket buffer size: Receive socket buffer size: WAN: Default send socket buffer size: Default receive socket buffer size:
81920 bytes 32768 bytes 262140 bytes 262140 bytes
Product Related Topics
Steelhead appliance HS-TCP Support Commands
show protocol ftp
Description Syntax Parameters Example Displays FTP settings. show protocol ftp None
amnesiac > show protocol ftp FTP Port Enable -------- -----21 true
Product Related Topics
Steelhead appliance web proxy host
show protocol http
Description Syntax Parameters Displays HTTP settings. show protocol http None
Riverbed Command-Line Interface Reference Manual
49
User-Mode Commands
Example
amnesiac > show protocol http Enabled: yes NTLM Authentication Settings: Default Reuse Auth: no Pre-Fetch Objects with Extensions: css gif jpg js meow-mix #
Product Related Topics
Steelhead appliance HTTP Support Commands
show protocol mapi
Description Syntax Parameters Example Displays MAPI settings. show protocol mapi None
amnesiac > show protocol mapi MAPI Optimization Enabled: Incoming MAPI Port: Prepop Enabled: Prepop Max Connections: Prepop Poll Interval: Prepop Timeout: MAPI NSPI Optimization Enabled: NSPI Port: MAPI/Exchange 2003 Support: MAPI Port Remap: MAPI 2k7 Native: MAPI Encryption Enabled: MAPI 2k7 Force NTLM Auth: yes 7830 yes 1500 20 min(s) 96 hr(s) yes 7840 yes yes yes yes yes
Product Related Topics
Steelhead appliance protocol oracle-forms http-enable
show protocol ms-sql
Description Syntax Parameters Example Displays MS SQL settings. show protocol ms-sql None
amnesiac > show protocol ms-sql Enable entire MS-SQL blade: MS-SQL server port: MS-SQL number of preacknowledgement: MS-SQL prefetch fetch-next: yes 1433 5 yes
50
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
Steelhead appliance MS-SQL Blade Support Commands
show protocol ms-sql rules
Description Syntax Parameters Displays MS SQL rules. show protocol ms-sql rules default-cmds | default-config default-cmds default-config Example Displays only the MS-SQL default commands. Displays only the MS-SQL default configuration.
amnesiac > show protocol ms-sql rules default-config MS-SQL RPC Rule MS-SQL RPC Rule Rule ID Enable ------- -----1 true MS-SQL RPC Action Action ID Enable --------- -----1 true MS-SQL RPC Arg Action Arg Offset Enable ---------- -----5 true Action ID Enable --------- -----2 true MS-SQL RPC Arg Action Arg Offset Enable ---------- -----5 true Action ID Enable --------- -----3 true (this is a partial example)
Product Related Topics
Steelhead appliance MS-SQL Blade Support Commands
show protocol nfs
Description Syntax Displays NFS server and volume settings. show protocol nfs server <name> <cr> | full | lookup-volumes | volume id <fsid> | servers <cr> | full
Riverbed Command-Line Interface Reference Manual
51
User-Mode Commands
Parameters
server <name> full | lookup-volumes | volume id <fsid>
Displays information for the NFS server specified by <name>. You can specify the following levels of detail: full. Displays full details. lookup-volumes. Displays a list of NFS server volumes that have been exported. volume id <fsid>. Displays details for the NFS server volume.
servers <cr> | full Example
Displays NFS server settings.
amnesiac > show protocol nfs server example Global: NFS Enabled: yes V2/V4 Alarm Enabled: yes Memory Soft Limit: 10000000 Memory Hard Limit: 12000000 Max Directory Count: 5242880 bytes Max Symlink Count: 524288 bytes Default NFS Server Settings: Policy: Global Read-Write Default NFS Volume Settings: Policy: Global Read-Write
Product Related Topics
Steelhead appliance NFS Support Commands
show protocol notes
Description Syntax Parameters Example Displays NFS server and volume settings. show protocol notes None
amnesiac > show protocol notes Enable notes blade: no Notes port number: 1352
Product Related Topics
Steelhead appliance NFS Support Commands
show protocol oracle-forms
Description Syntax Parameters Displays Oracle Forms settings. show protocol oracle-forms None
52
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show protocol oracle-forms Enabled: yes HTTP mode enabled: no
Product Related Topics
Steelhead appliance Oracle Forms Support Commands
show protocol ssl
Description Syntax Parameters Example Displays SSL configuration settings and certificates. show protocol ssl [<cr>] <cr> Show all.
minna # show protocol ssl Enabled: no Fail handshakes if a relevant CRL cannot be found: no CA certificates: AOL_Time_Warner_1 AOL_Time_Warner_2 Actalis AddTrust_Class_1 AddTrust_External AddTrust_Public <<partial list>>
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl backend
Description Syntax Parameters Example Displays SSL configuration settings and certificates. show protocol ssl [<cr>] [{backend {client | server} cipher-string}] [ca] [expiring-certs] [{peering {ca | certificate | cipher-strings}}] [server] backend {client | server} cipher-string} Show cipher strings.
minna # show protocol ssl backend client cipher-string # Cipher String/Suite Name --- -----------------------------1 DEFAULT
Product Related Topics
Steelhead appliance SSL Support Commands
Riverbed Command-Line Interface Reference Manual
53
User-Mode Commands
show protocol ssl ca
Description Syntax Parameters Displays current status of CRL polling. show protocol ssl ca <ca name> <cr> certificate raw <cr>| text <cr> ca <ca name> certificate raw <cr> text <cr> Example Specify the CA name. Displays SSL CA certificate. Display CA in raw format. Displays CA certificate in text format.
amnesiac > show protocol ssl crl ca Actalis certificate text Certificate: Data: Version: 3 (0x2) Serial Number: 1034588298 (0x3daa908a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=Actalis S.p.A., OU=Certification Service Provider, CN=Ac talis Root CA Validity Not Before: Oct 14 09:38:38 2002 GMT Not After : Oct 14 08:38:38 2022 GMT Subject: C=IT, O=Actalis S.p.A., OU=Certification Service Provider, CN=A ctalis Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bc:54:63:8a:98:15:48:be:6a:ae:e1:70:90:4a: a4:55:00:26:8b:6e:8d:4f:eb:b3:df:ca:c8:53:6c: 84:e4:30:ba:3d:bb:fb:f3:c0:40:8c:c1:62:ce:ae: 20:4e:37:1f:5c:36:fe:7a:88:5e:00:e2:a9:8a:1e: 5d:a6:ca:d3:81:c9:f5:74:33:62:53:c2:28:72:2b: c2:fb:b7:c1:81:d3:c3:fa:d7:eb:a9:62:05:94:1e: ac:1f:53:69:2b:ca:39:1c:36:8f:63:38:c5:31:e4: <<partial listing>>
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl crl
Description Syntax Displays current status of CRL polling. show protocol ssl crl ca <ca name> | cas <cr> | crl-file <string> text | peering {ca <string> | cas crl-file <string> text}
54
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Parameters
ca <ca name> crl cas <cr> | crl-file <string> text crl peering ca <string> | cas crl-file <string> text crl report ca <string> | peering ca <string>
Display current state of CRL polling of a CA. Display CRL in text format version. Display CRL file by peering CA(s).
Display reports of CRL polling from CA or display reports of CRL polling from peer.
Example
amnesiac > show protocol ssl crl ca Actalis Automatically Discovered CDPs: (can be overriden by manually configured CDP URIs): CA: Actalis CDP Index: 1 DP Name 1: URI:ldap://ldap.actalis.it/cn%3dActalis%20Root%20CA,ou%3dCertifi cation%20Service%20Provider,o%3dActalis%20S.p.A.,c%3dIT?certificateRevocationLis t;binary Last Query Status: unavailable CDP Index: 2 DP Name 1: URI:http://ca.actalis.it/crl/root/getCRL Last Query Status: unavailable Manually Configured CDP URIs: (Dangling manually configured CDP URIs for certificates that do not exist will NOT be updated.) No manually configured CDP URIs.
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl expiring-certs
Description Syntax Parameters Example Displays expiring or expired SSL certificates. show protocol ssl expiring-certs expiring-certs Display any certificates with impending expiration dates (60 days) and expired dates.
amnesiac > show protocol ssl expiring-certs Peering certificate is OK. All server certificates are OK. All server chain certificates are OK. All CA certificates are OK. All peering trust certificates are OK.
Product Related Topics
Steelhead appliance SSL Support Commands
Riverbed Command-Line Interface Reference Manual
55
User-Mode Commands
show protocol ssl peering
Description Syntax Parameters Displays current status of CRL polling. show protocol ssl crl ca <ca name> | cas <cr> | crl-file <string> text | peering {ca <string> | cas crl-file <string> text} ca <ca name> certificate <cr> | raw | text certificate <cr> | raw | text cipher-strings <cr> | verbose crl report ca <string> | peering ca <string> Example Product Related Topics Displays SSL peering trusted CAs in raw or text format.
Displays SSL peering certificate in raw or text format. Display CRL file by peering CA(s). Displays the cipher strings used for peering.
amnesiac > show protocol ssl peering ca Actalis certificate
Steelhead appliance SSL Support Commands
show protocol ssl scep peering
Description Syntax Parameters Example Displays SCEP peering settings show protocol ssl scep peering None
amnesiac > show protocol ssl peering scep peering Peering SCEP settings: URL: When server responds with 'pending': Maximum number of polls: 5 Poll frequency: 5 (minutes) Automatic re-enrollment: Enabled: no Expiration threshold: 30 (days) No peering SCEP CA certificates.
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl scep peering auto-reenroll
Description Syntax Displays SCEP automatic re-enrollment information. show protocol ssl scep peering auto-reenroll csr | last-result
56
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Parameters
csr last-result
Displays auto-reenrollment CSR. Displays result of the last completed automatic re-enrollment.
Example Product Related Topics
amnesiac > show protocol ssl scep peering auto-reenroll last-result % No completed (non-interrupted) automatic re-enrollment since boot.
Steelhead appliance SSL Support Commands
show protocol ssl scep peering ca
Description Syntax Parameters Displays SCEP peering CA. show protocol ssl scep peering ca <ca name> certificate <ca name> certificate Example Product Related Topics Specify the CA name. Displays SCEP peering CA certificate.
amnesiac > show protocol ssl scep peering ca GoDaddy certificate
Steelhead appliance SSL Support Commands
show protocol ssl scep peering enrollment status
Description Syntax Parameters Example Product Related Topics Displays SCEP enrollment information. show protocol ssl scep peering enrollment status None
amnesiac > show protocol ssl scep peering enrollment status
Steelhead appliance SSL Support Commands
show protocol ssl scep peering on-demand
Description Syntax Parameters Displays SCEP on-demand enrollment information. show protocol ssl scep peering on-demand csr | last-result csr last-result Example Displays enrollment CSR. Displays the result of the last completed automatic re-enrollment.
amnesiac > show protocol ssl scep peering on-demand csr
Riverbed Command-Line Interface Reference Manual
57
User-Mode Commands
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl server
Description Syntax Parameters Displays SSL servers and certificates. show protocol ssl server <cr> {ip <ip address> <cr> port <port> [certificate | chain-cert <name> certificate | chain-certs <cr>]} <cr> Displays SSL servers. Specifies the IP address of the SSL server you want to display. Displays SSL server certificate. Specifies the name of the chain certificate that you want to display. Displays all chain certificates.
{ip <ip address> <cr> port <port> [certificate | chain-cert <name> certificate | chain-certs <cr>]} certificate chain-cert <name> certificate chain-certs <cr> Example
minna (config) # show protocol ssl server SSL servers: 1.1.1.1:443 (Enabled: yes) 2.2.2.2:443 (Enabled: yes) tcfe51 (config) # show protocol ssl server ip 1.1.1.1 chain-certs No chain certificates.
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl peering black-lst-peer
Description Syntax Parameters Example Product Related Topics Displays self-signed black list peers. show protocol ssl peering black-lst-peer | black-lst-peers None
amnesiac > show protocol ssl peering black-lst-peers
Steelhead appliance SSL Support Commands
58
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show protocol ssl peering gray-lst-peers
Description Syntax Parameters Example Product Related Topics Displays self-signed gray list peers. show protocol ssl peering gray-lst-peer | gray-lst-peers None
amnesiac > show protocol ssl peering gray-lst-peers
Steelhead appliance SSL Support Commands
show protocol ssl peering white-lst-peers
Description Syntax Parameters Example Product Related Topics Displays self-signed white list peers. show protocol ssl peering white-lst-peer | white-lst-peers None
amnesiac > show protocol ssl peering white-lst-peers
Steelhead appliance SSL Support Commands
show protocol ssl scep peering
Description Syntax Parameters Example Product Related Topics Displays SCEP peering settings show protocol ssl scep peering None
amnesiac > show protocol ssl peering scep peering
Steelhead appliance SSL Support Commands
show protocol ssl scep peering auto-reenroll
Description Syntax Displays auto-reenrollment information. show protocol ssl scep peering auto-reenroll csr | last-result
Riverbed Command-Line Interface Reference Manual
59
User-Mode Commands
Parameters
csr last-result
Displays auto-reenrollment CSR. Displays result of the last completed automatic re-enrollment.
Example Product Related Topics
amnesiac > show protocol ssl scep peering auto-reenroll csr
Steelhead appliance SSL Support Commands
show protocol ssl scep peering ca
Description Syntax Parameters Displays SCEP peering CA. show protocol ssl scep peering ca <ca name> certificate <ca name> certificate Example Product Related Topics Specify the CA name. Displays SCEP peering CA certificate.
amnesiac > show protocol ssl scep peering ca GoDaddy certificate
Steelhead appliance SSL Support Commands
show protocol ssl scep peering enrollment status
Description Syntax Parameters Example Product Related Topics Displays enrollment information. show protocol ssl scep peering enrollment status None
amnesiac > show protocol ssl scep peering enrollment status
Steelhead appliance SSL Support Commands
show protocol ssl scep peering on-demand
Description Syntax Parameters Displays on-demand enrollment information. show protocol ssl scep peering on-demand csr | last-result csr last-result Example Displays auto-reenrollment CSR. Displays result of the last completed automatic re-enrollment.
amnesiac > show protocol ssl scep peering on-demand csr
60
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl server
Description Syntax Parameters Displays SSL servers and certificates. show protocol ssl server <cr> {ip <IP addr> <cr> port <port> [certificate | chain-cert <name> certificate | chain-certs <cr>]} <cr> Displays SSL servers. Specify the IP address and port of the SSL server you want to display. Displays SSL server certificate. Specify the name of the chain certificate that you want to display. Displays all chain certificates.
{ip <IP addr> <cr> port <port> [certificate | chaincert <name> certificate | chain-certs <cr>]} certificate chain-cert <name> certificate chain-certs <cr> Example
amnesiac > show protocol ssl server SSL servers: 1.1.1.1:443 (Enabled: yes) 2.2.2.2:443 (Enabled: yes) tcfe51 (config) # show protocol ssl server ip 1.1.1.1 chain-certs No chain certificates.
Product Related Topics
Steelhead appliance SSL Support Commands
show qos classification
Description Syntax Parameters Displays QoS classification settings. show qos classification <cr> | classes | rules classes rules Example Displays QoS classification class settings. Displays QoS classification rules.
amnesiac > show qos classification QoS Settings (QoS Enabled) Interface Burst (kbit) LinkRate (kbps) --------- ------------ --------------wan0_0 2500 10000
Product Related Topics
Steelhead appliance QoS Support Commands
Riverbed Command-Line Interface Reference Manual
61
User-Mode Commands
show qos dscp rules
Description Syntax Parameters Example Displays QoS DSCP rules. show qos dscp rules traffic-type {optimized | pass-through} None
amnesiac > show qos dscp rules traffic-type optimized Rule Source Destination Port DSCP ----- ------------------ ------------------ --------------- ---def all all all refl ---------------------------------------------------------------0 user added rule(s)
Product Related Topics
Steelhead appliance QoS Support Commands
show raid configuration
Description Syntax Parameters Example Displays RAID configuration information. show raid configuration [detail] [detail] Displays RAID configuration details.
amnesiac > show raid configuration UnitType Status Stripe Size(GB) ------------------------------------------RAID-10 ONLINE 064KB 931.52 RAID-1 ONLINE DISK 01 ONLINE 232.00 DISK 02 ONLINE 232.00 RAID-1 ONLINE DISK 03 ONLINE 232.00 DISK 04 ONLINE 232.00
Product Related Topics
Steelhead appliance show hardware, show hardware watchdog
show raid diagram
Description Syntax Parameters Displays the physical layout of the RAID disks and the state of each drive: Online; Offline; Fail; Rebuild; Missing; Spare. show raid diagram None
62
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show raid diagram series 3000 layout: [============][============][============][============] [ ][ ][ ][ spare ] [============][============][============][============] -------------------------------------------------------[============][============][============][============] [ ][ ][ ][ ] [============][============][============][============] -------------------------------------------------------[============][============][============][============] [ 1 : online ][ 2 : online ][ 3 : online ][ 4 : online ] [============][============][============][============] series 5000 layout: [============][============][============][============] [ ][ ][ ][ spare ] [============][============][============][============] -------------------------------------------------------[============][============][============][============] [ 5 : online ][ 6 : online ][ ][ ] [============][============][============][============] -------------------------------------------------------[============][============][============][============] [ 1 : online ][ 2 : online ][ 3 : online ][ 4 : online ] [=========-===][============][============][============]
Product Related Topics
Steelhead appliance show hardware, show hardware watchdog
show raid error-msg
Description Syntax Parameters Example Product Related Topics Displays RAID error messages. show raid error-msg None
amnesiac > show raid error-msg Alarm raid_error: ok
Steelhead appliance show hardware, show hardware watchdog
show raid info
Description Syntax Parameters Displays RAID information. show raid info [detail] [detail] Displays detailed RAID information.
Riverbed Command-Line Interface Reference Manual
63
User-Mode Commands
Example
amnesiac > show raid info Firmware => 713R Bios => G121 Memory => 64MB Raid type => Raid 10 Auto rebuild => Enabled Raid status => OK Stripe size => 64K Num of drives => 4 Disk Vendor => WDC Serial Number => ^B33686018
Product Related Topics
Steelhead appliance show hardware, show hardware watchdog
show raid physical
Description Syntax Parameters Example Displays RAID physical details. show raid physical None
amnesiac > show raid physical Adapter 0, Channel 0, Target ID 0 ---------------------------------------Type: DISK Vendor : Product: WD2500SD-01KCB0 Revision : Synchronous : No Wide-32 : LinkCmdSupport: No TagQ support: Removable : No SoftReset :
WDC 08.0 No No No
Wide-16: No RelAddr: No AENC : No
Adapter 0, Channel 0, Target ID 1 ---------------------------------------Type: DISK Vendor : Product: WD2500SD-01KCB0 Revision : Synchronous : No Wide-32 : LinkCmdSupport: No TagQ support: Removable : No SoftReset :
WDC 08.0 No No No
Wide-16: No RelAddr: No AENC : No
(this is a partial example)
Product Related Topics
Steelhead appliance show hardware, show hardware watchdog
show rsp
Description Syntax Parameters Displays RSP settings. show rsp <dataflow> Specify the dataflow to display. For example: inpath0_0
64
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Usage
Use the dataflow option to display RSP dataflow settings. Each RSP package uses its own RSP network interfaces to communicate. These network interfaces are matched with the physical intercept points that create VNIs. VNIs are network taps that enable data flow in and out of the RSP packages. VNIs are available on the LAN, WAN, primary, and auxiliary interfaces of the Steelhead appliance.
Example
amnesiac > show rsp Supported: Yes Installed: No Enabled: No Disk Space: 10.53 GB used / 196.17 GB free / 206.70 GB total Memory: 0 MB used / 128 MB free / 128 MB total amnesiac > show rsp inpath0_0 Dataflow inpath0_0: # -1 VNI -----------------------------lan0_0 RiOS0_0 wan0_0 Type -------RiOS
An "X" means the VNI is not in effect. Possible reasons include the slot is disabled/uninstalled, the VNI is invalid, etc.
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp backups
Description Syntax Parameters Example Displays RSP backup files. show rsp backups None
amnesiac > show rsp backups Backups: No backups.
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp images
Description Syntax Parameters Displays RSP installation images on the disk. show rsp images RSP installation images contain the software that must be installed before RSP functionality can be enabled on the Steelhead appliance. You can download multiple RSP installation images, but only one can be installed at any one time.
Riverbed Command-Line Interface Reference Manual
65
User-Mode Commands
Example
amnesiac > show rsp images RSP Installation images: RSP Image 1 File: rsp-image.img Version: rbt_sh guam-i386-flamebox-latest-39316 #0 2008-10-16 04:06:43 i386 root@paris:svn://svn/mgmt/trunk RSP Installed image: 4.0 rbt_sh guam-i386-flamebox-latest-39316 #0 2008-10-16 04:06:43 i386 root@pa ris:svn://svn/mgmt/trunk
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp opt-vni
Description Syntax Parameters Displays optimization virtual network interfaces. show rsp opt-vni <VNI name> <cr> | rules <vni name> rules Example Specify the virtual network interface name. Displays configured rules for the optimization virtual network interface.
amnesiac > show rsp opt-vni RiOS0_0 VNI RiOS0_0: LAN # --1 2 3 WAN # --1 to WAN direction: Type Source Addr -------- -----------------pass all redirect all copy 123.123.123.0/24
Source Port ----------all 12345-54321 all
Dest Addr -----------------all all 123.123.123.123/32
Dest Port ----------1956 all all
Proto ----UDP all 24
to LAN direction: Type Source Addr Source Port Dest Addr Dest Port Proto -------- ------------------ ----------- ------------------ ----------- ----redirect 1.1.1.1/32 12-23 4.4.4.4/32 6621 TCP
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp package
Description Syntax Parameters Example Displays a third-party package. show rsp package <package> Specify the package filename.
amnesiac > show rsp package Packages: centospkg.pkg
66
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp packages
Description Syntax Parameters Example Product Related Topics Displays RSP Services packages. show rsp packages None
amnesiac > show rsp packages Packages: No packages
Steelhead appliance Riverbed Services Platform Commands
show rsp slot
Description Syntax Parameters Example Displays specified slot. show rsp slot <slot name> <slot name> Specify the slot name or number: 1, 2, 3, 4, 5
amnesiac > show rsp slot 1 Slot 1: Package: Name: centospkg Description: <none> Enabled: Power State: VMware Tools State: Memory Size: Number of CPUs: Watchdog: Frequency: Timeout: IP: Fail-to-Block: yes on unknown 256 (MB) 1 unused 0 0 0.0.0.0 no
Optimization VNIs: myslot:Rsp0In (type: Lan, VLAN: none) myslot:Rsp0Out (type: Wan, VLAN: none) Management VNIs: myslot:mgmt0 (bridged to: aux) myslot:mgmt1 (bridged to: primary)
Riverbed Command-Line Interface Reference Manual
67
User-Mode Commands
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp slots
Description Syntax Parameters Example Displays slots. show rsp slots None
amnesiac > show rsp slots Slot 1: Vacant. --------------------------------------------------------------------------Slot 2: Vacant. --------------------------------------------------------------------------Slot 3: Vacant. --------------------------------------------------------------------------Slot 5: Vacant. --------------------------------------------------------------------------Slot myslot: Vacant. ---------------------------------------------------------------------------
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp vmware
Description Syntax Displays VMware server information. show rsp vmware {log hostid <cr> | [index <index>] | vi-access | web-access
68
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Parameters
log hosid index <index> vi-access
Displays VMware Server logs. Displays host agent logs. Optionally, specify the log index. The index is an optional number which requests a numbered virtual machine log. Displays virtual infrastructure access information. For example:
Virtual Infrastructure Server: main.lab.test.com:8333 Download URL for Windows VI Client: https://main.lab.test.com:8333/client/VMware-viclient.exe
Download URL for Windows Client. A URL at which you can point your Web browser to download the VMware Virtual Infrastructure Client for Windows application. Downloading and installing this application on a Windows machine allows you to connect to VMware Server v2.0 as it runs on the Steelhead appliance. Virtual Infrastructure Server. The VMware server that the client must be pointed to. This client can be used instead of the your Web browse. It provides better performance when interacting with VMware Server v2.0. web-access Example Displays the URL for VMware Server as it is running on the Steelhead appliance. It also displays the VMware SSL certificate details for the Steelhead appliance.
amnesiac > show rsp vmware vi-access Virtual Infrastructure Server: main.lab.test.com:8333 Download URL for Windows VI Client: https://main.lab.test.com:8333/client/VMware-viclient.exe
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
show rsp vnis
Description Syntax Parameters Example Displays optimization and management VNIs. show rsp vnis None
amnesiac > show rsp vnis Optimization VNIs: RiOS0_0 (type: RiOS, VLAN: None) Management VNIs: No management VNIs.
Product Related Topics
Steelhead appliance Riverbed Services Platform Commands
Riverbed Command-Line Interface Reference Manual
69
User-Mode Commands
show running-config
Description Syntax Parameters Example Product Related Topics Displays the running configuration settings that differ from the defaults. show running-config [full] full Displays all settings, including those set to the default value.
amnesiac > show running-config (displays running configuration)
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show service
Description Syntax Parameters Example Product Related Topics Displays the state of the Steelhead service. show service None
amnesiac > show service Optimization Service: Running
Steelhead appliance System Administration and Service Commands
show service connection pooling
Description Syntax Parameters Example Product Related Topics Displays connection pooling settings. show service connection pooling None
amnesiac > show service connection pooling Connection Pooling Max Pool Size: 20
Steelhead appliance Connection Pooling Commands
show service neural-framing
Description Syntax Parameters Displays neural framing settings. show service neural-framing None
70
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show service neural-framing Enable Computation of Neural heuristics: no amnesiac >
Product Related Topics
Steelhead appliance System Administration and Service Commands
show service ports
Description Syntax Parameters Example Displays service port settings. show service ports None
amnesiac > show service ports Service ports: 7800 (default) 7810 amnesiac >
Product Related Topics
Steelhead appliance System Administration and Service Commands
show smb signing delegation domains
Description Syntax Parameters Example Product Related Topics Displays SMB signing trusted delegation domains. show smb signing delegation domains None
amnesiac > show smb signing delegation domains No domains configured
Steelhead appliance SMB Signing Commands
show smb signing rules
Description Syntax Parameters Example Displays SMB signing rules. show smb signing rules None
amnesiac > show smb signing rules
Riverbed Command-Line Interface Reference Manual
71
User-Mode Commands
Product Related Topics
Steelhead appliance SMB Signing Commands
show smb signing status
Description Syntax Parameters Example Product Related Topics Displays SMB signing status. show smb signing status None
amnesiac > show smb signing status
Steelhead appliance SMB Signing Commands
show snmp
Description Syntax Parameters Example Displays SNMP server settings. show snmp None
amnesiac > show snmp SNMP enabled: yes System location: System contact: Read-only community: public Traps enabled: yes No trap sinks configured.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Notification and SNMP Commands
show ssh client
Description Syntax Parameters Example Displays the client settings. show ssh client None
amnesiac > show ssh client SSH server enabled: yes
72
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Secure Shell Access Commands
show ssh server
Description Syntax Parameters Example Displays ssh server. show ssh server [publickey] publickey Display SSH server-public host key.
amnesiac > show ssh server publickey SSH server public key: ssh-rsa AAAAB3NzaC1yc2XXXXXXXwAAAQEAwz7zKAc1NbTKSp40mRg7J 9YV5CeoGRQoCEPS17ValtEQbepaQygdifueiejht39837482y74982u7ridejbvgiIYZs/E23zmn212kj dXFda8zJxJm07RIKOxNDEBUbAUp8h8dkeiejgfoeoriu39438598439gfjeNLfhjWgh1dzeGYycaAoEA K21Igg+Sg0ELGq2cJ8mMzsSsCq5PnOmj63RAMuRgBdrtBdIAd32fy642PQJveqtfl7MBN6IwTDECRpex F3Ku98pRefc2h0u44VZNT9h4tXCe8qHpuO5k98oA
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Secure Shell Access Commands
show stats alarm
Description Syntax Parameters Displays alarm status. For detailed information about alarms, see the Steelhead Management Console Users Guide. show stats alarm None
Riverbed Command-Line Interface Reference Manual
73
User-Mode Commands
Example
amnesiac > show stats alarm Alarm admission_conn: Alarm admission_mem: Alarm arcount: Alarm bypass: Alarm certs_expiring: Alarm certs_expiring: Alarm cf_ack_timeout: Alarm cf_conn_failure: Alarm cf_conn_lost_eos: Alarm cf_conn_lost_err: Alarm cf_keepalive_timeout: Alarm cf_latency_exceeded: Alarm cf_read_info_timeout: Alarm cpu_util_indiv: Alarm critical_temp: Alarm datastore_error: Alarm datastore_sync_error: Alarm domain_join_error: Alarm fan_error: Alarm fs_mnt: Alarm halt_error: Alarm hardware_error: Alarm ipmi: Alarm license: Alarm linkstate: Alarm memory_error: Alarm nfs_v2_v4: Alarm paging: Alarm pfs_config: Alarm pfs_operation: Alarm power_supply: Alarm rsp_license_expired: Alarm rsp_license_expiring: Alarm rsp_not_on_vms: Alarm rsp_watchdog_error: Alarm secure_vault_unlocked: Alarm serial_cascade_misconfig: Alarm service_error: Alarm smb_alert: Alarm ssl_hardware: Alarm store_corruption: Alarm sw-version: Alarm warning_temp:
ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok (disabled) ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok ok
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance stats alarm
show stats bandwidth
Description Syntax Displays the bandwidth statistics. show stats bandwidth <port> | all [bi-directional | lan-to-wan | wan-to-lan [1min | 5min | hour | day | week | month]
74
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Parameters
<port> | all bi-directional | lan-to-wan | wan-to-lan 1min | 5min | hour | day | week | month
Specify all ports or a specific port. Specify the traffic type.
Specify the time period.
Example
amnesiac > show stats bandwidth all lan-to-wan hour WAN Data: 0 Bytes LAN Data: 0 Bytes Data Reduction: 0% Data Reduction Peak: 0% Data Reduction Peak Time: Capacity Increase: 1X
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Raid Commands
show stats connections
Description Syntax Parameters Displays connection statistics. show stats connections 1min | 5min | hour | day | week | month 1min | 5min | hour | day | week | month Specify the time period.
Example
amnesiac > show stats connections hour Avg Total Optimized: 0 Peak Total Optimized: 0 (2008/10/17 17:26:23) Avg Established: 0 Peak Established: 0 (2008/10/17 17:26:23) Avg Half Opened: 0 Peak Half Opened: 0 (2008/10/17 17:26:23) Avg Half Closed: 0 Peak Half Closed: 0 (2008/10/17 17:26:23) Avg Active Optimized: 0 Peak Active Optimized: 0 (2008/10/17 17:26:23) Avg Pass Through: 0 Peak Pass Through: 0 (2008/10/17 17:26:23) Avg Forwarded: 0 Peak Forwarded: 0 (2008/10/17 17:26:23)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Raid Commands
Riverbed Command-Line Interface Reference Manual
75
User-Mode Commands
show stats conn-pool
Description Syntax Parameters Displays connection pooling statistics. show stats conn-pool 1min | 5min | hour | day | week | month 1min | 5min | hour | day | week | month Specify the time period.
Example
amnesiac > show stats conn-pool hour Total Connection Pool: Connection Hit : Connection Hit Ratio:
0 0
Product Related Topics
CMC appliance, Steelhead appliance Connection Pooling Commands
show stats cpu
Description Syntax Parameters Example Displays connection pooling statistics. show stats cpu None
amnesiac > show stats cpu CPU 1 Utilization: 3% Peak Utilization Last Hour: 10% at 2008/10/17 18:10:03 Avg. Utilization Last Hour: 4% CPU 2 Utilization: 7% Peak Utilization Last Hour: 9% at 2008/10/17 17:43:13 Avg. Utilization Last Hour: 4%
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show stats memory
show stats datastore
Description Syntax Parameters Displays data store statistics. show stats datastore 1min | 5min | hour | day | week | month 1min | 5min | hour | day | week | month Specify the time period.
76
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show stats datastore hour Total Hits: 0 Misses: 0
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Data Replication Commands
show stats dns
Description Syntax Parameters Displays the DNS statistics. show stats dns 1min | 5min | hour | day | week | month 1min | 5min | hour | day | week | month Specify the time period.
Example
amnesiac > show stats dns hour Total Requests: 0 Cache Hit Rate: 0% Average Cache Entries: 0 Average Cache Usage: 0 Bytes
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance DNS Cache Commands
show stats ecc-ram
Description Syntax Parameters Example Product Related Topics Displays the ECC error counts. show stats ecc-ram None
amnesiac > show stats ecc-ram No ECC memory errors have been detected
CMC appliance, Interceptor appliance, Steelhead appliance show stats memory
show stats fan
Description Syntax Parameters Displays the fan statistics. show stats fan None
Riverbed Command-Line Interface Reference Manual
77
User-Mode Commands
Example
amnesiac > show FanId RPM 1 3825 2 3750
stats fan Min RPM Status 750 ok 750 ok
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show hardware
show stats http
Description Syntax Parameters Example Displays http statistics. show stats http None
amnesiac > show stats http ---HTTP Prefetch Stats--Objects Requested: Parse-and-Prefetch Hits: Metadata Hits: URL Learning Hits: Total Hits: Total Misses: Parse-and-Prefetch Hit %: Metadata Hit %: URL Learning Hit %: Total Hit %:
0 0 0 0 0 0 0.000000 0.000000 0.000000 0.000000
Product Related Topics
CMC appliance, Steelhead appliance HS-TCP Support Commands
show stats memory
Description Syntax Parameters Example Displays memory statistics. show stats memory None
amnesiac > show stats memory Total Swapped Over Last Hour: Average Swapped Over Last Hour: Peak Swapped Over Last Hour: Peak Swapped Time: 0 pages 0 pages 0 pages 2008/10/17 17:37:41
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show stats ecc-ram
78
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show stats neighbor-fwd
Description Syntax Parameters Displays connection forwarding statistics. For detailed information about alarms, see the Steelhead Management Console Users Guide. show stats neighbor-fwd <port> | all [packet | byte] [1min | 5min | hour | day | week | month] <port> | all packet | byte 1min | 5min | hour | day | week | month Example Specify the all ports or a specific port. Specify the data type. Specify the time period.
amnesiac > show stats neighbor-fwd packet hour Total Sent: 0 packets Data Sent Peak: 0 packets Data Sent Peak Time: 2008/10/17 17:42:20
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Connection Forwarding
show stats pfs
Description Syntax Parameters Displays PFS statistics. show stats pfs <port> | all [1min | 5min | hour | day | week | month] <port> | all 1min | 5min | hour | day | week | month Example Specify the all ports or a specific port. Specify the time period.
amnesiac > show stats pafs all hour Byte Sent: 0 Bytes Data Sent Peak: 0 Bytes Data Sent Peak Time: Byte Recv: 0 Bytes Data Recv Peak: 0 Bytes Data Recv Peak Time:
Product Related Topics
CMC appliance, Steelhead appliance PFS Support Commands
Riverbed Command-Line Interface Reference Manual
79
User-Mode Commands
show stats qos
Description Syntax Parameters Displays QoS statistics. show stats qos all | unknown | default packet | [byte 1min | 5min | hour | day | week | month} all | unknown | default} packet | byte} 1min | 5min | hour | day | week | month Example Specify the QoS type.
Specify the data type. Specify the time period.
amnesiac > show stats qos all unknown packet hour Total Sent: 0 packets Total Drop: 0 packets
Product Related Topics
CMC appliance, Steelhead appliance QoS Support Commands
show stats rsp
Description Syntax Parameters Displays RSP statistics. show stats rsp {all-opt-vnis | opt-vni <vni name> interface lan | wan | package | period 1min | 5min | hour | day | week | month} all-opt-vnis opt-vni <vni> interface lan | wan | package period 1min | 5min | hour | day | week | month Example Display RSP statistics for all VNIs. Display RSP VNI statistics for the specified VNI, for example RiOS. Displays the statistics for the specified interface. For example, the WAN side.
Specify the time period.
amnesiac > show stats rsp all-opt-vnis period hour VNI: RiOS0_0 Interface: lan Bytes in: 0 Packets in: Bytes out: 0 Packets out: VNI: RiOS0_0 Interface: wan Bytes in: 0 Bytes out: 0
0 0
Packets in: Packets out:
0 0
VNI: RiOS0_0 Interface: package Bytes in: 0 Packets in: Bytes out: 0 Packets out:
0 0
80
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Product Related Topics
CMC appliance, Steelhead appliance QoS Support Commands
show stats settings
Description Syntax Parameters Displays settings used to generate statistics. show stats settings bandwidth ports | top-talkers bandwidth ports top-talkers Example Displays monitored ports. Displays Top Talker settings.
amnesiac > show stats settings bandwidth ports Monitoring the following ports: 21 FTP 80 HTTP 139 CIFS:NetBIOS 443 SSL 445 CIFS:TCP 1352 Lotus Notes 1433 SQL:TDS 7830 MAPI 8777 RCU 10566 SnapMirror
Product Related Topics
CMC appliance, Steelhead appliance QoS Support Commands
show stats ssl
Description Syntax Parameters Displays SSL statistics. show stats ssl 1min | 5min | hour | day | week | month 1min | 5min | hour | day | week | month Specify a time period.
Example
amnesiac > show stats ssl hour Total Connection Requests: Successful Requests: Failed Requests: Average Connections/Second: Peak Connections/Second: Number of Current Connections: tcfe52 >
0 0 0 0 0 0
connections connections connections connections per second connections per second
Product Related Topics
CMC appliance, Steelhead appliance QoS Support Commands
Riverbed Command-Line Interface Reference Manual
81
User-Mode Commands
show stats throughput
Description Syntax Parameters Displays throughput statistics. show stats throughput <port> | all [lan-to-wan | wan-to-lan] [1min | 5min | hour | day | week | month] <port> | all lan-to-wan | wan-to-lan 1min 1min | 5min | hour | day | week | month Example Specify all ports or a specified port. Specify the traffic type.
Specify a time period.
amnesiac > show stats throughput all lan-to-wan hour LAN Link Throughput Average Throughput: 0 bps 95th Percentile Throughput: 0 bps Peak Throughput: 0 bps Peak Throughput Time: 2008/10/18 10:56:30
WAN Link Throughput Average Throughput: 95th Percentile Throughput: Peak Throughput: Peak Throughput Time:
0 bps 0 bps 0 bps 2008/10/18 10:56:30
Product Related Topics
CMC appliance, Steelhead appliance QoS Support Commands
show stats top-talkers
Description Syntax Parameters Displays top talkers statistics. show stats top-talkers end-time <YYYY/MM/DD HH:MM:SS> | start-time <YYYY/MM/DD HH:MM:SS> end-time <endtime> start-time <start time> Example Product Related Topics Specify the end time period for top talkers. Use the following format: YYYY/MM/ DD HH:MM:SS Specify the start and end time period for top talkers. Use the following format: YYYY/MM/DD HH:MM:SS
amnesiac > show stats top-talkers end-time 2008/09/10 05:00:00
Steelhead appliance Raid Commands
82
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show stats top-talkers protocol
Description Syntax Parameters Displays top talkers protocol statistics. show stats top-talkers protocol tcp | udp | both <cr> [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] [start-time <starttime> end-time <endtime>]] protocol tcp | udp | both] <cr>] [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only [start-time <starttime>] | [endtime <endtime>] Example Product Related Topics Displays top talkers for the specified protocol: TCP, UDP, or both. Display report statistics for the specified protocol. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS For detailed information about report types, see show stats top-talkers report on page 83. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
amnesiac > show stats top-talkers protocol tcp report conversation start-time 2008/ 09/09 00:00:00 end-time 2008/09/29 00:00:00
Steelhead appliance Raid Commands
show stats top-talkers report
Description Syntax Displays top talkers report statistics. show stats top-talkers report conversation <cr>] | dest_host_only <cr> | src_host_only <cr> | ignore_ports <cr> | app_port_only <cr> [start-time <start-time> end-time <end-time>]
Riverbed Command-Line Interface Reference Manual
83
User-Mode Commands
Parameters
conversation <cr> [starttime <starttime> endtime <endtime>] dest_host_o nly <cr> [start-time <start-time> end-time <end-time>] src_host_onl y <cr> [starttime <starttime> endtime <endtime>] ignore_ports <cr> [starttime <starttime> endtime <endtime>] app_port_on ly <cr> [start-time <start-time> end-time <end-time>]
Displays top talkers with IP address and ports. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Display top destinations receiving traffic. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Display top sources generating traffic. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Displays the top talkers while ignoring ports. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Display the top applications carrying traffic Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Example Product Related Topics
amnesiac > show stats top-talkers report conversation
Steelhead appliance Raid Commands
show stats top-talkers top-n
Description Syntax Displays the statistics for the specified number of top talkers. show stats top-talkers top-n <top-number> <cr> | [protocol *] [traffic *] [report *] [start-time *] [end-time *]
84
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Parameters
[start-time <start time> endtime <end time>] [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>]] [traffic [optimized | passthrough | both] <cr>] | [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>] | [start-time <starttime> end-time <endtime>]] [protocol [tcp | udp | both] <cr>] | [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>]] | [start-time <starttime>] | [end-time <endtime>]]
Specify the start time period for top talkers. Use the following format: YYYY/MM/DD HH:MM:SS Specify the report type and optionally the start and end time period for top talkers. Use the following format for the start and end time: YYYY/ MM/DD HH:MM:SS For details about report types, see show stats top-talkers report on page 83 Specify the traffic type and optionally the report and the start and end time. Use the following format for the start and end time: YYYY/ MM/DD HH:MM:SS For details about traffic types, see show stats top-talkers traffic on page 85
Specify the protocol type and optionally the report and the start and end time. Use the following format for the start and end time: YYYY/ MM/DD HH:MM:SS For details about protocol types, see show stats top-talkers traffic on page 85
Example Product Related Topics
amnesiac > show stats top-talkers top-n 5 report conversation start-time 2008/09/ 09 00:00:00 end-time 2008/09/29 00:00:00
Steelhead appliance Raid Commands
show stats top-talkers traffic
Description Syntax Displays top talkers traffic statistics. show stats top-talkers traffic [optimized | pass-through | both] <cr>] | [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>]]| [start-time <starttime> end-time <endtime>]]
Riverbed Command-Line Interface Reference Manual
85
User-Mode Commands
Parameters
[optimized | passthrough | both]
Displays top talkers with the specified traffic type: optimized, passthrough, or both. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
[report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] endtime <endtime> starttime <starttime>] [start-time <starttime> end-time <endtime>]]
Display report statistics for the specified protocol. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS For detailed information about report types, see show stats toptalkers report on page 83. Displays the top talkers while ignoring ports. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Example Product Related Topics
amnesiac > show stats top-talkers traffic optimized report conversation start-time 2008/09/09 00:00:00 end-time 2008/09/29 00:00:00
Steelhead appliance Raid Commands
show tcp highspeed
Description Syntax Parameters Example Product Related Topics Displays HS-TCP settings. show tcp highspeed None
amnesiac > show tcp highspeed High Speed TCP enabled: no
CMC appliance, Steelhead appliance HS-TCP Support Commands
show tcp max-time-out
Description Syntax Parameters Example Displays time-out settings for TCP connections. show tcp max-time-out None
amnesiac > show tcp max-time-out TCP max-time-out mode enabled: no Maximum time out value for TCP connections: 1800 secs
Product Related Topics
Steelhead appliance tcp connection send keep-alive
86
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show tcp reordering
Description Syntax Parameters Example Displays TCP reordering information. show tcp reordering None
amnesiac > show tcp reordering TCP reordering enabled: no TCP reordering threshold: 3
Product Related Topics
Steelhead appliance tcp connection send reset
show tcp statistics
Description Syntax Parameters Example Displays TCP connected peer appliances. show tcp statistics None
amnesiac > show tcp statistics 739788 packets received 486921 packets sent 6854 packets retransmitted 798 packets fast retransmitted 3200 timeouts 1805 other TCP loss events
Product Related Topics
Steelhead appliance Raid Commands
show tcpdump
Description Syntax Parameters Example Product Related Topics Displays currently running tcpdumps. show tcpdump None
amnesiac > show tcpdump No running capture
Steelhead appliance RiOS TCP Dump Commands
Riverbed Command-Line Interface Reference Manual
87
User-Mode Commands
show terminal
Description Syntax Parameters Example Displays terminal settings. show terminal None
amnesiac > show terminal CLI current session settings Terminal width: 80 columns Terminal length: 24 rows Terminal type: xterm
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance CLI Terminal Configuration Commands
show version
Description Syntax Parameters Displays the installed software version, including build number. show version <cr> | concise | history concise history Example Displays the installed software version without build information. Displays upgrade version history.
#amnesiac > show version Product name: rbt_ib Product release: spitfire-1.0 Build ID: #0 Build date: 2005-10-18 16:36:45 Build arch: i386 Built by: root@moscow.nbttech.com Uptime: 15d 19h 40m 38s Product model: System memory: 208 MB used / 3681 MB free / 3890 MB total Number of CPUs: 4 CPU load averages: 0.00 / 0.00 / 0.00
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance image fetch, license delete
show wccp
Description Syntax Parameters Displays WCCP settings. show wccp None
88
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
Example
amnesiac > show wccp WCCP Support Enabled: no WCCP Multicast TTL: 1 Service Groups(s): 91: Protocol: tcp Priority: 200 Password: Encapsulation Scheme: either Assignment Scheme: hash Weight: 1 Flags: dst-ip-hash, src-ip-hash Router(s): 1.1.1.1 amnesiac > show wccp WCCP Support Enabled: no WCCP Multicast TTL: 1 Service Groups(s): 91: Protocol: tcp Priority: 200 Password: Encapsulation Scheme: either Assignment Scheme: mask Source IP Mask: 0x1741 Destination IP Mask: 0x0 Source Port Mask: 0x0 Destination Port Mask: 0x0 Router(s): 1.1.1.1
Product Related Topics
Steelhead appliance WCCP Support Commands
show wccp service-group
Description Syntax Parameters Usage Displays WCCP settings for the specified service group. show wccp service-group <num> detail None This command is the most useful troubleshooting command for WCCP status. It provides the following information: what redirection, return, and assignment methods have been negotiated between the Steelhead appliance and the WCCP routers. whether the wccp override-return route-no-gre command is in use (displayed as WCCP Return via Gateway Override). if the Steelhead appliance is receiving WCCP control messages from the router (I-see-you messages). details the load distribution for either mask or hash assignment.
Riverbed Command-Line Interface Reference Manual
89
User-Mode Commands
Example
amnesiac > show wccp service-group 61 detail WCCP Support Enabled: yes WCCP Multicast TTL: 1 WCCP Return via Gateway Override: no Router IP Address: Identity: State: Redirect Negotiated: Return Negotiated: Assignment Negotiated: i-see-you Message Count: Last i-see-you Message: Removal Query Message Count: Last Removal Query Message: here-i-am Message Count: Last here-i-am Message: Redirect Assign Message Count: Last Redirect Assign Message: Web Cache Client Id: 89.1.1.2 Weight: 25 Distribution: 1 (25.00%) Mask ---0000: Value ----0000: SrcAddr ------0x02000000 SrcAddr ------0x00000000 DstAddr ------0x00000000 DstAddr ------0x00000000 SrcPort ------0x0000 SrcPort ------0x0000 DstPort ------0x0001 DstPort ------0x0000 Cache-IP -------89.1.1.2 89.1.1.1 1.1.1.1 Connected l2 l2 mask 20 2008/07/06 22:05:16 (1 second(s) ago) 0 N/A (0 second(s) ago) 20 2008/07/06 22:05:16 (1 second(s) ago) 1 2008/07/06 22:02:21 (176 second(s) ago)
Web Cache Client Id: 89.1.1.6 Weight: 25 Distribution: 2 (50.00%) Mask ---0000: Value ----0002: 0003: SrcAddr ------0x02000000 SrcAddr ------0x00000000 0x02000000 DstAddr ------0x00000000 DstAddr ------0x00000000 0x00000000 SrcPort ------0x0000 SrcPort ------0x0000 0x0000 DstPort ------0x0001 DstPort ------0x0001 0x0001 Cache-IP -------89.1.1.6 89.1.1.6
Web Cache Client Id: 89.1.1.5 Weight: 25 Distribution: 1 (25.00%) Mask ---0000: Value ----0001: SrcAddr ------0x02000000 SrcAddr ------0x02000000 DstAddr ------0x00000000 DstAddr ------0x00000000 SrcPort ------0x0000 SrcPort ------0x0000 DstPort ------0x0001 DstPort ------0x0000 Cache-IP -------89.1.1.5
Product Related Topics
Steelhead appliance WCCP Support Commands
90
Riverbed Command-Line Interface Reference Manual
User-Mode Commands
show web
Description Syntax Parameters Example Displays current Web settings. show web None
amnesiac > show web web-based management console enabled: HTTP enabled: yes HTTP port: 80 HTTPS enabled: yes HTTPS port: 443 Inactivity timeout: 15 minutes Session timeout: 60 minutes Session renewal threshold: 30 minutes
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Management Console Configuration Commands
show web prefs
Description Syntax Parameters Example Displays current Web preferences. show web prefs None
amnesiac > show web prefs Log: Lines Per Page: 100
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Management Console Configuration Commands
show workgroup account
Description Syntax Parameters Example Product Related Topics Displays current workgroup account settings. show workgroup account None
amnesiac > show workgroup account
CMC appliance, Steelhead appliance Domain and Workgroup Commands
Riverbed Command-Line Interface Reference Manual
91
User-Mode Commands
show workgroup configuration
Description Syntax Parameters Example Product Related Topics Displays current workgroup configuration settings. show workgroup configuration None
amnesiac > show workgroup configuration
CMC appliance, Steelhead appliance Domain and Workgroup Commands
show workgroup status
Description Syntax Parameters Example Product Related Topics Displays current workgroup status settings. show workgroup status None
amnesiac > show workgroup status
CMC appliance, Steelhead appliance Domain and Workgroup Commands
92
Riverbed Command-Line Interface Reference Manual
CHAPTER 3
Enable-Mode Commands
This chapter is a reference for enable-mode commands. It includes the following sections:
System Administration Commands, next Displaying System Data on page 114
You can perform basic system administration tasks in enable-mode. Only administrator users can perform enable-mode commands. All commands available in user-mode are also available in enable-mode. Some enable commands are described in the Chapter 4, Configuration-Mode Commands because they are more easily understood in relationship to the feature set of which they are a part. For example, the inpath asym-route-tab flush and the in-path asym-route-tab remove commands are described with the inpath asymmetric routing commands. The usage section for these enable-mode commands remind you that you can also access these commands while in enable-mode. To enter enable-mode 1. Connect to the CLI. For detailed information, see Connecting to the CLI on page 11. 2. To enter enable-mode, at the system prompt enter:
amnesiac > enable
To exit enable-mode, enter exit. For information about the exit command, see exit on page 16.
System Administration Commands
This section describes the system administration commands that are available in enable-mode. It includes the following commands:
clear arp-cache, next clear hardware error-log on page 95 clear interface on page 95 clock set on page 95 configure terminal on page 96 debug generate dump on page 96 disable on page 96
Riverbed Command-Line Interface Reference Manual
93
Enable-Mode Commands
file debug-dump delete on page 97 file debug-dump email on page 97 file debug-dump upload on page 97 file process-dump delete on page 98 file process-dump upload on page 98 file sa delete on page 98 file sa generate on page 99 file sa upload on page 99 file stats delete on page 99 file stats move on page 100 file stats upload on page 100 file tcpdump on page 100 image delete on page 101 image fetch on page 101 image install on page 101 image move on page 102 ntpdate on page 102 reload on page 102 restart on page 103 service enable on page 103 service error reset on page 103 service restart on page 104 stats alarm on page 105 stats clear-all on page 109 stats convert on page 109 stats export on page 109 stats settings on page 111 tcpdump on page 111 tproxytrace on page 114
clear arp-cache
Description Syntax Parameters Example Clears dynamic entries from the ARP cache. This command does not clear static entries. clear arp-cache None
amnesiac # clear arp-cache
94
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show bootvar
clear hardware error-log
Description Syntax Parameters Usage Example Product Related Topics Clears IPMI System Event Log (SEL). clear hardware error-log None The amber LED light stops blinking on the system.
amnesiac # clear hardware error-log amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show hardware error-log
clear interface
Description Syntax Parameters Example Product Related Topics Sets the interface counters for the specified interface to 0. clear interface {<interface name> <interface name> Specify the interface name: aux, primary, lo, wan1_1, lan1_1, wan1_0, lan1_0, inpath1_0, inpath1_1, all.
amnesiac # clear interface aux amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show in-path ar-circbuf
clock set
Description Syntax Parameters Example Product Related Topics Sets the system date and time. clock set {<yyyy/mm/dd>/<hh:mm:ss>} <yyyy/mm/dd>/ <hh:mm:ss> Specify the date and time (year, month, day, hour, minutes, and seconds).
amnesiac # clock set 2003/12/31 23:59:59' amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show clock
Riverbed Command-Line Interface Reference Manual
95
Enable-Mode Commands
configure terminal
Description Syntax Parameters Usage Enables configuration from the terminal by entering the configuration subsystem. You must execute the enable command first to enter configuration-mode. [no] configure terminal None To exit the configuration subsystem, type exit. The no command option disables the terminal configuration. Example Product Related Topics
amnesiac # configure terminal amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show terminal, show connection
debug generate dump
Description Syntax Parameters Example Product Related Topics Generates a file to debug the appliance. debug generate dump None
amnesiac # debug generate dump amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
disable
Description Syntax Parameters Example Product Related Topics Exits enable-mode. disable None
amnesiac # disable amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance exit
96
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
file debug-dump delete
Description Syntax Parameters Example Product Related Topics Deletes debug dump file. file debug-dump delete <filename> <filename> Specify the debug dump file to delete.
amnesiac # file debug-dump delete sysdump-amnesiac-20071113-184243.tgz amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance debug generate dump, tcpdump-x all-interfaces show hardware
file debug-dump email
Description Syntax Parameters Example Product Related Topics Emails a debug dump file to pre-configured recipients. file debug-dump email <filename> <filename> Emails a debug dump file to pre-configured recipients.
amnesiac # file debug-dump email sysdump-amnesiac-20071113-184243.tgz amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance debug generate dump, tcpdump-x all-interfaces, show files process-dump, show hardware
file debug-dump upload
Description Syntax Parameters Uploads a debug dump file to a remote host. file debug-dump <filename> <URL or scp://username:password@hostname/path/filename> <filename> <URL or scp:// username:pa ssword@hos tname/path/ filename> Example Uploads a debug dump file to a remote host. Specify the URL or scp path.
amnesiac # file debug-dump upload sysdump-amnesiac-20071113-184243.tgz scp:// admin:password@10.22.24.113/var/tmp amnesiac #
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance debug generate dump, tcpdump-x all-interfaces, show files process-dump, show hardware
Riverbed Command-Line Interface Reference Manual
97
Enable-Mode Commands
file process-dump delete
Description Syntax Parameters Example Product Related Topics Deletes a crash dump file. file process-dump upload <filename> <filename> Uploads a crash dump file to a remote host.
amnesiac # file process-dump delete sysdump-amnesiac-20071113-184243.tgz
CMC appliance, Interceptor appliance, Steelhead appliance debug generate dump, tcpdump-x all-interfaces, show files process-dump, show hardware
file process-dump upload
Description Syntax Parameters Uploads a crash dump file to a remote host. file process-dump upload <filename> <URL or scp://username:password@hostname/path/ filename> <filename> <URL or scp:// username:pa ssword@hos tname/path/ filename> Example Product Related Topics Uploads a debug dump file to a remote host. Specify the URL or scp path.
amnesiac # file process-dump upload sysdump-amnesiac-20071113-184243.tgz scp:// admin:password@10.22.24.113/var/tmp
CMC appliance, Interceptor appliance, Steelhead appliance debug generate dump, tcpdump-x all-interfaces, show files process-dump, show hardware
file sa delete
Description Syntax Parameters Example Product Related Topics Delete a system activity report (SAR) log file. file sa delete <filename> <filename> Specify the filename for the SAR file.
amnesiac # file sa delete 2007.12.18.23.54.sar amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show files sa, show files stats
98
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
file sa generate
Description Syntax Parameters Example Product Related Topics Generates a system activity report (SAR) log file. file sa delete <filename> None
amnesiac # file sa generate amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show files sa, show files stats
file sa upload
Description Syntax Parameters Upload an system activity report (SAR) log file to a remote host. file sa upload <filename> <URL or scp://username:password@hostname/path/filename> <filename> <URL or scp:// username:pa ssword@hos tname/path/ filename> Example Product Related Topics Specify the name of the file to upload. Specify the destination of the file in URL or scp format.
amnesiac # file sa upload 2007.12.18.23.54.sar http://www.riverbed.com/support amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show files sa, show files stats
file stats delete
Description Syntax Parameters Example Product Related Topics Deletes statistics file. file stats delete <filename> <filename> Specify the statistics file to delete.
amnesiac # file stats delete throughput amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show files sa, show files stats
Riverbed Command-Line Interface Reference Manual
99
Enable-Mode Commands
file stats move
Description Syntax Parameters Renames a statistics file. file stats move <source filename> <destination filename> <source filename> <destination filename> Example Product Related Topics Specify the source file to rename. Specify the new filename.
amnesiac # file stats move throughput throughput2 amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show files sa, show files stats
file stats upload
Description Syntax Parameters Uploads a statistics report file to a remote host. file stats upload <filename> <URL, scp://, or ftp://username:password@hostname/path/filename> <filename> <URL, scp://, or ftp:// username:password@host name/path/filename> Example Product Related Topics Specify the source filename. Specify the upload protocol, the location, and authentication credentials for the remote file.
amnesiac # file stats upload throughput http://www.test.com/stats amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show files sa, show files stats
file tcpdump
Description Syntax Parameters Deletes or uploads a TCP dump file. file tcpdump {delete <filename> | upload <filename> <URL or scp://username:password@hostname/path/filename>} delete <filename> upload <filename> <URL or scp:// username:password@hos tname/path/filename> Deletes the tcpdump file. Uploads a tcpdump output file to a remote host. Specify the upload protocol, the location, and authentication credentials for the remote configuration file.
100
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac amnesiac amnesiac amnesiac
# file tcpdump delete dumpfile # # file tcpdump upload dump http://www.test.com/stats #
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance debug generate dump, tcpdump-x all-interfaces, show hardware
image delete
Description Syntax Parameters Example Product Related Topics Deletes the specified software image. image delete <image-filename> <imagefilename> Specify the software image to delete.
amnesiac # image delete snkv1.0 amnesiac #
CMC appliance, Steelhead appliance, Interceptor appliance show images, show bootvar, show info, show version
image fetch
Description Syntax Parameters Downloads a software image from a remote host. image fetch <URL, scp://, or ftp://username:password@hostname/path/filename> <image-filename> <URL, scp://, or ftp:// username:password@ hostname/path/ filename> <image-filename> Example Product Related Topics Specify the upload protocol, the location, and authentication credentials for the remote image file. A carriage return downloads the image and gives it the same name it had on the server. Specify the filename under which to store the image locally.
amnesiac # image fetch http://www.domain.com/v.1.0 version1.0 amnesiac #
CMC appliance, Steelhead appliance, Interceptor appliance show images, show bootvar, show info, show version
image install
Description Syntax Installs the software image onto a system partition. image install <image-filename> <partition>
Riverbed Command-Line Interface Reference Manual
101
Enable-Mode Commands
Parameters
<image-filename> <partition>
Specify the software image filename. Specify the partition number: 1, 2.
Example Product Related Topics
amnesiac # image install version1.0 2 amnesiac #
CMC appliance, Steelhead appliance, Interceptor appliance show images, show bootvar, show info, show version
image move
Description Syntax Parameters Moves or renames an inactive system image on the hard disk. image move <source-image-name> <new-image-name> <source-imagename> <new-image-name> Example Product Related Topics Specify the name of the software image to move or rename. Specify the new name of the software image.
amnesiac # image move www.domain.com/v.1.0 version1.0 amnesiac #
CMC appliance, Steelhead appliance, Interceptor appliance show images, show bootvar, show info, show version
ntpdate
Description Syntax Parameters Example Product Related Topics Conducts a single-time synchronization with a specified NTP server. ntpdate <ip-addr> <ip-addr> Specify the NTP server with which to synchronize.
amnesiac # ntpdate 10.10.10.1 amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show ntp
reload
Description Syntax Parameters Reboots the system. reload [clean [halt] | halt | force] clean [halt] halt Clears the data store, then reboots or shuts down the system. Shuts down the system.
102
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
force Example
Force an immediate reboot of the system even if it is busy.
amnesiac # reload The session will close. It takes about 2-3 minutes to reboot the appliance.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show connection, show datastore
restart
Description Syntax Parameters Example Restarts the optimization service. restart [clean] clean Restarts the optimization service and clears the data store.
amnesiac # restart Terminating the process.... Relaunching the process.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show connection, show datastore
service enable
Description Syntax Parameters Usage Example Product Related Topics Starts the Riverbed service. [no] service enable None The no command option disables the service (that is, it disables all the configured in-path IP addresses and ports and the appliance loses its connection to the Management Console).
amnesiac # service enable amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show connection, show datastore
service error reset
Description Syntax Parameters Resets the Steelhead service after a service error. service error reset None
Riverbed Command-Line Interface Reference Manual
103
Enable-Mode Commands
Example Product Related Topics
amnesiac # service error reset amnesiac #
Steelhead appliance show connection, show service
service restart
Description Syntax Parameters Example Product Related Topics Restarts the Riverbed service. service restart None
amnesiac # service restart amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance show connection, show service
104
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
stats alarm
Description Syntax Parameters Configures alarms based on sampled or computed statistics. stats alarm {<type> <options>} <type> admission_conn. Should not be disabled. Whether the system connection limit has been reached. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. admission_mem. Should not be disabled. Whether the system connection memory limit has been reached. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. arcount. Should not be disabled. Whether the system is experiencing asymmetric traffic. If the system experiences asymmetric traffic, this condition is detected and reported here. In addition, the traffic is passed through, and the route appears in the Asymmetric Routing table. bypass. Should not be disabled. Whether the system is in bypass mode. If the Steelhead appliance is in bypass mode, restart the Steelhead service. certs_expiring. Whether the system has expiring SSL certificates. cpu_util_indiv. Whether the system has reached the CPU threshold for any of the CPUs in the Steelhead appliance If the system has reached the CPU threshold, check your settings. cf_ack_timeout. A connection cannot be established with a connection forwarding neighbor. This alarm is cleared the next time the system successfully connects to this neighbor. cf_conn_failure. A connection cannot be established with a connection forwarding neighbor.This alarm is cleared the next time the system successfully connects to this neighbor. cf_conn_lost_eos. A connection is closed by the connection forwarding neighbor. This alarm is cleared the next time the system successfully connects to this neighbor. cf_conn_lost_err. A connection has been lost with the connection forwarding neighbor due to an error. This alarm is cleared the next time the system successfully connects to this neighbor. cf_keepalive_timeout. The connection forwarding neighbor has not sent a keep-alive message within the time-out period to the neighbor Steelhead appliances, indicating that the connection has been lost. This alarm is cleared the next time the system successfully connects to this neighbor. cf_latency_exceeded. The amount of latency between connection forwarding neighbors has exceeded the specified threshold. This alarm is cleared when the connection latency drops below the threshold. cf_read_info_timeout. The connection times out waiting for an initialization message from connection forwarding neighbor. This alarm is cleared only when reading initialization information from this neighbor succeeds. cpu_util_indiv. Whether the system has reached the CPU threshold for any of the CPUs in the Steelhead appliance If the system has reached the CPU threshold, check your settings. If your alarm thresholds are correct, reboot the Steelhead appliance.
Riverbed Command-Line Interface Reference Manual
105
Enable-Mode Commands
critical_temp. Whether the CPU temperature has exceeded the critical threshold. The default value for the rising threshold temperature is 80 C; the default reset threshold temperature is 70 C. crl_error. Whether the CRL verification on the server certificate fails. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs. To clear the alarm, execute the no stats alarm crl_error enable command. datastore_error. Whether the data store is corrupt. Clear the data store to clear the alarm. datastore_sync_error. Whether the system has detected a problem with the synchronized data. domain_join_error. Whether he system has encountered an error when attempting to join a domain. fan_error. Whether the system has detected a fan error. fs_mnt. Whether the system has detected a file system error in the software. halt_error. Cannot be disabled. Whether the system has detected a software error in the Steelhead service. The Steelhead service continues to function, but an error message appears in the logs that you should investigate. hardware_error. Whether the system has detected a problem with the Steelhead appliance hardware. The alarm clears when you add the necessary hardware, remove the non-qualified hardware, or resolve other hardware issues. The following issues trigger the hardware error alarm: the Steelhead appliance does not have enough disk, memory, CPU cores, or NIC cards to support the current configuration; the Steelhead appliance is using a memory Dual In-line Memory Module (DIMM), a hard disk, or a NIC that is not qualified by Riverbed; an RSP upgrade requires additional memory or a memory replacement; other hardware issues. ipmi. Whether the system has detected IPMI SEL errors. license. Whether the system has detected an expired license. linkstate. Whether the system has detected a link that is down. You are notified via SNMP traps, email, and alarm status.By default this alarm is not enabled. The no stats alarm linkstate enable command disables the link state alarm. memory_error. Whether the system has detected a memory error. mismatch_peer. Whether there is a mismatch between software versions in your network. If a software mismatch is detected, resolve the mismatch by upgrading or reverting to a previous version of the software. nfs_v2_v4. Whether the system has triggered a v2 or v4 NFS alarm. paging. Whether the system has reached the memory paging threshold. If 100 pages are swapped approximately every two hours the Steelhead appliance is functioning properly. If thousands of pages are swapped every few minutes, then reboot the Steelhead appliance. If rebooting does not solve the problem, contact Riverbed Technical Support. pfs_config. Whether there has been a PFS or prepopulation operation error. If an operation error is detected, restart the Steelhead service and PFS. pfs_operation. Whether a synchronization operation has failed. If an operation failure is detected, attempt the operation again.
106
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
datastore_sync_error. Whether the system has detected a problem with the synchronized data. domain_join_error. Whether he system has encountered an error when attempting to join a domain. fan_error. Whether the system has detected a fan error. fs_mnt. Whether the system has detected a file system error in the software. halt_error. Cannot be disabled. Whether the system has detected a software error in the Steelhead service. The Steelhead service continues to function, but an error message appears in the logs that you should investigate. hardware_error. Whether the system has detected a problem with the Steelhead appliance hardware. The alarm clears when you add the necessary hardware, remove the non-qualified hardware, or resolve other hardware issues. The following issues trigger the hardware error alarm: the Steelhead appliance does not have enough disk, memory, CPU cores, or NIC cards to support the current configuration; the Steelhead appliance is using a memory Dual In-line Memory Module (DIMM), a hard disk, or a NIC that is not qualified by Riverbed; an RSP upgrade requires additional memory or a memory replacement; other hardware issues. ipmi. Whether the system has detected IPMI SEL errors. license. Whether the system has detected an expired license. linkstate. Whether the system has detected a link that is down. You are notified via SNMP traps, email, and alarm status.By default this alarm is not enabled. The no stats alarm linkstate enable command disables the link state alarm. memory_error. Whether the system has detected a memory error. mismatch_peer. Whether there is a mismatch between software versions in your network. If a software mismatch is detected, resolve the mismatch by upgrading or reverting to a previous version of the software. nfs_v2_v4. Whether the system has triggered a v2 or v4 NFS alarm. paging. Whether the system has reached the memory paging threshold. If 100 pages are swapped approximately every two hours the Steelhead appliance is functioning properly. If thousands of pages are swapped every few minutes, then reboot the Steelhead appliance. If rebooting does not solve the problem, contact Riverbed Technical Support. pfs_config. Whether there has been a PFS or prepopulation operation error. If an operation error is detected, restart the Steelhead service and PFS. pfs_operation. Whether a synchronization operation has failed. If an operation failure is detected, attempt the operation again. power_supply. Whether the system has detected a power supply error. raid_error. Whether the system has encountered RAID errors (for example, missing drives, pulled drives, drive failures, and drive rebuilds). For drive rebuilds, if a drive is removed and then reinserted, the alarm continues to be triggered until the rebuild is complete. Rebuilding a disk drive can take 4-6 hours. rsp_license_expired. Whether an RSP license has expired. rsp_license_expiring. Whether an RSP virtual machine is powered off. When the alarm is triggered, it provides a link to the RSP Packages page.
Riverbed Command-Line Interface Reference Manual
107
Enable-Mode Commands
rsp_not_on_vms. Whether an RSP virtual machine is powered off. When the alarm is triggered, it provides a link to the RSP Packages page. rsp_watchdog_error. Whether an RSP watchdog error has been detected. secure_vault_unlocked. Wheher the secure vault is locked. When the vault is locked, SSL traffic is not optimized and you cannot encrypt a data store. serial_cascade_misconfig. Whether the system has detected a serial cascade misconfiguration error. service_error. Whether the system has detected an error with the service. smb_alert. Whether the system has detected an SMB signing error. ssl_hardware. Whether the system has detected an SSL hardware error. ssl_peer_scep_auto_reenroll. Whether the system has detected an SSCEP error. The Steelhead appliance uses SCEP to dynamically re-enroll a peering certificate to be signed by a certificate authority. The alarm clears automatically when the next automatic re-enrollment succeeds. To clear the alarm, execute the protocol ssl peering auto- reenroll last-result clear-alarm command. store_corruption. Cannot be disabled. Whether the data store is corrupt. To clear the data store of data, restart the Steelhead service and clear the data store on the next restart. sw-version. Whether there is a mismatch between software versions in your network. If a software mismatch is detected, resolve the mismatch by upgrading or reverting to a previous version of the software. warning_temp. Whether the CPU temperature has exceeded the warning threshold. The default value for the rising threshold temperature is 80 C; the default reset threshold temperature is 70 C. <options> Specify the following alarm options: clear. Clears alarm settings. enable. Enables alarm. rate-limit {count [long | medium | short] | [reset] | [window [long | medium | short]}. Sets alarm event rate-limit values. rising. Sets the rising threshold. rising clear_threshold <amount>. Sets the threshold to clear rising alarm. The default value for CPU temperature is 50 C. rising error_threshold <amount>. Sets threshold to trigger rising alarm. The default value for the CPU temperature is 50 C. falling clear_threshold <amount>. Sets the threshold to clear falling alarm. The default value for the CPU temperature is 0 C. falling error_threshold <amount>. Sets the threshold to trigger falling alarm. The default value for the CPU temperature is 0 C. Usage Critical temperature settings cannot be changed. Warning temperature settings can be changed. The no command option disables all statistical alarms. The no stats alarm <type> enable command disables specific statistical alarms. Example Product Related Topics
amnesiac # stats alarm bypass enable amnesiac #
Interceptor appliance, Steelhead appliance show stats alarm
108
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
stats clear-all
Description Syntax Parameters Example Product Related Topics Clears data for all samples, computed history data points (CHDs), and status for all alarms. stats clear-all None
amnesiac # stats clear-all amnesiac #
Interceptor appliance, CMC appliance, Steelhead appliance show stats alarm
stats convert
Description Syntax Parameters Convert statistical data from one storage format to another. stats convert <format> <format> Specify the storage format: 1. Storage 1 version. 2. Storage 2 version. Example Product Related Topics
amnesiac # stats convert 2 amnesiac #
Interceptor appliance, CMC appliance, Steelhead appliance show stats alarm
stats export
Description Syntax Export statistics to a file. stats export <format> <report name> <cr> | [after <yyyy>/<mm>/<dd> <hh>:<mm>:<ss> <cr> | before <yyyy>/<mm>/<dd> <hh>:<mm>:<ss> <cr> | email <email address> | filename <filename> <cr>] csv Export statistics in CSV (comma-separated value) format.
Parameters
Riverbed Command-Line Interface Reference Manual
109
Enable-Mode Commands
<report name>
Specify the report name: cpu_util. CPU utilization memory. Memory utilization paging. Paging I/O bw. Aggregate Bandwidth th_peak. Peak Throughput th_p95. P95 Throughput pass. Aggregate Passthrough Traffic cpool. Aggregate Connection Pooling nfs. Aggregate NFS Report pfs. Aggregate PFS Report conn_history. Connection History dstore. Data Store Hit ssl. SSL statistics ssl_peak. SSL peak statistics http. HTTP statistics qos. QOS statistics top-conversations. Top Conversations Report top-senders. Top Senders Report top-receivers. Top Receivers Report top-applications. Top Applications Report
after <yyyy>/ <mm>/<dd> <hh>:<mm> :<ss> <cr> before <yyyy>/ <mm>/<dd> <hh>:<mm> :<ss> <cr> email <email address> filename <filename> Example Product Related Topics
Specify the date and time to include stats collected after a specific time.
Specify the date and time to include stats collected before a specific time.
Specify the address where the report should be emailed.
Specify file name to give new report.
amnesiac # stats export csv ssl email example@examplehost.com amnesiac #
Interceptor appliance, CMC appliance, Steelhead appliance show stats alarm
110
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
stats settings
Description Syntax Parameters Configure settings to generate statistics. stats settings {bandwidth port <port number> desc <string>| top-talkers enable | interval <hours> bandwidth port <port number> desc <string> top-talkers enable interval <hours> Example Product Related Topics Specify a port to be monitored for statistics.
Specify a description for the port. Enables top-talkers. Specify the time interval: 24 or 48 hours.
amnesiac # stats settings top-talkers enable amnesiac #
Interceptor appliance, CMC appliance, Steelhead appliance show stats alarm
tcpdump
Description Executes the tcpdump utility. You can quickly diagnose problems and take traces for Riverbed Technical Support. The tcpdump command takes the standard Linux options. For detailed information, see the Linux man page. tcpdump [<options>] [<filter string>]
Syntax
Riverbed Command-Line Interface Reference Manual
111
Enable-Mode Commands
Parameters
<options>
The tcpdump command takes the standard Linux options: -a Attempt to convert network and broadcast addresses to names. -c Exit after receiving count packets. -d Dump the compiled packet-matching code in a human readable form to standard output and stop. -dd Dump packet-matching code as a C program fragment. -ddd Dump packet-matching code as decimal numbers (preceded with a count). -e Print the link-level header on each dump line. -E Use algo:secret for decrypting IPsec ESP packets. -f Print foreign internet addresses numerically rather than symbolically. -F Use file as input for the filter expression. An additional expression given on the command line is ignored. -i Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. -n Do not convert addresses (such as host addresses, port numbers, and so forth) to names. -N Do not print domain name qualification of hostnames. For example, if you specify this flag, then tcpdump will print nic instead of nic.ddn.mil. -m Load SMI MIB module definitions from file module. This option can be used several times to load several MIB modules into tcpdump. -q Quiet output. Print less protocol information so output lines are shorter. -r Read packets from file (which was created with the -w option). Standard input is used if file is -. -S Print absolute, not relative, TCP sequence numbers. -v (Slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. -w Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is -. -x Print each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. -X When printing hex, print ascii too. Thus if -x is also set, the packet is printed in hex/ascii. This option enables you to analyze new protocols. For detailed information, see the Linux man page.
112
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Usage
Make sure you take separate tcpdumps for the LAN and WAN to submit to Riverbed Technical Support. Make sure you take the tcpdump on the in-path interface. The most common options are: -n Do not resolve addresses via DNS -i <interface> capture on <interface> To take traces on lanX_Y and wanX_Y, not inpathX_Y: -e display layer 2 headers, MAC addresses, and VLAN tags -s <bytes> capture up to <bytes> bytes per packet The default is 96 bytes; not enough for deep packet inspection for Riverbed Technical Support, instead use: -s 0 to capture full frames -w <file> store the trace in <file> (needed when taking traces for offline analysis) Common Packet Filters src host <ip> source IP address is <ip> dst host <ip> destination IP address is <ip> host <ip> either source or destination is <ip> Same for src port, dst port, and port Can connect multiple filters together with logical operators: and, or, and not. Use parentheses to override operator precedence. For example:
tcpdump i lan0_0 not port 22 tcpdump i lan0_0 host 1.1.1.1 and port 2222 tcpdump i wan0_0 host 3.3.3.3 and (port 4444 or port 5555)
Suppose two Steelhead appliances are having a problem optimizing a connection:
Client Client Server Server IP SH IP SH = 10.10.10.10 IP = 10.10.10.20 = 11.11.11.11 IP = 11.11.11.21
Take traces on all LAN/WAN interfaces on both Steelhead appliances to diagnose:
C-SH# tcpdump n i lan0 host 10.10.10.10 and host 11.11.11.11 C-SH# tcpdump n i wan0_0 (host 10.10.10.10 and host 11.11.11.11) or (host 10.10.10.20 and host 11.11.11.21) S-SH# tcpdump n i lan0 host 10.10.10.10 and host 11.11.11.11 S-SH# tcpdump n i wan0_0 (host 10.10.10.10 and host 11.11.11.11) or (host 10.10.10.20 and host 11.11.11.21)
Keep the tcpdump running and establish a connection. If the problem is not obvious, use -w to capture to files, and examine in a tool like Wireshark. Sometimes you can capture very large traces of data and traffic you are interested in is a small subset of the entire trace. To work around this problem, run tcpdump through its own trace to cut down on the number of packets. Use the -r <file> option, to read from a file instead of capture on an interface
tcpdump n r my_trace.cap w my_filtered_trace.cap host 5.5.5.5 and port 2323
Example
amnesiac # tcpdump tcpdump: listening on primary 18:59:13.682568 amnesiac.domain.com.ssh > dhcp-22.domain.com.3277: P 3290808290:3290808342(52) ack 3412262693 win 5840 (DF) [dscp 0x10] 18:59:13.692513 amnesiac.domain.com.ssh > dhcp-22.domain.com.3277: P 0:52(52) ack 1 win 5840 (DF) [dscp 0x10] 18:59:13.702482 amnesiac.domain.com.ssh > dhcp-22.domain.com.3277: P 0:52(52) ack 1 win 5840 (DF) [dscp 0x10]
Riverbed Command-Line Interface Reference Manual
113
Enable-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance RiOS TCP Dump Commands
tproxytrace
Description Syntax Parameters Describes the proxy path in real time. tproxytrace [options] target_ip:target_port [options] target_ip:tar get_port Specify tproxytrace options and the target IP address and port: -h. Print this help text -i. Use this interface to send probes on -d. Probe to this depth of proxies -s. Use this source ip address for probes -t. Milliseconds per depth to listen for probe responses -o. TCP option to use for probes Example
amnesiac # tsfe17 # tproxytrace 10.0.0.0:124 Probe from 10.11.34.17 (primary) to 10.0.0.0:124 depth 1 timed out
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
Displaying System Data
This section describes the show commands that require you to be in enable-mode. These commands are not available in user-mode because the output can include sensitive system administration data such as passwords. This type of data is not available to monitor users; it is only available to administrator users.
Note: All the show commands that are available in user-mode are available in enable-mode.
show aaa
Description Syntax Parameters Displays the authentication methods used for log in. show aaa None
114
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac # aaa AAA authorization: Default User: admin Map Order: remote-first Authentication fallback mode: always fallback Authentication method(s): for console login local Authentication method(s): for remote login local Per-command authorization method(s): local Per-command accounting method(s): local
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance AAA and Role-Based Management Commands
show arp
Description Syntax Parameters Example Displays the contents of the ARP cache. The ARP cache includes all statically-configured ARP entries as well as any that the system has picked up dynamically. show arp <cr> | static static Displays static ARP addresses.
amnesiac # show arp ARP cache contents IP 10.0.0.1 maps to MAC 00:07:E9:70:20:15 IP 10.0.0.2 maps to MAC 00:05:5D:36:CB:29 IP 10.0.100.22 maps to MAC 00:07:E9:55:10:09
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance clear arp-cache
show banner
Description Syntax Parameters Example Displays the banner settings. show banner None
amnesiac # show banner Banners: MOTD: Issue: Riverbed Interceptor Net Issue: Riverbed Interceptor
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance CLI Terminal Configuration Commands
Riverbed Command-Line Interface Reference Manual
115
Enable-Mode Commands
show cmc
Description Syntax Parameters Example Displays CMC appliance settings. show cmc None
amnesiac # show cmc CMC auto-registration enabled: CMC auto-registration hostname: Managed by CMC: CMC hostname: Auto configuration status: Last message sent to cmc: Time that message was sent: yes riverbedcmc.nbttech.com yes tsfe7 (10.0.2.2) Inactive Auto-registration Thu Nov 13 12:02:25 2008
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance CLI Terminal Configuration Commands
show configuration
Description Syntax Parameters Displays the current and saved configuration settings that differ from the default settings. show configuration None
116
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac # show configuration ## ## Network interface configuration ## no interface aux dhcp interface aux duplex "auto" no interface aux shutdown interface aux speed "auto" interface primary ip address 10.0.0.3 /16 ## ## Routing configuration ## ip default-gateway "10.0.0.1" ## ## Other IP configuration ## hostname "amnesiac" ip domain-list domain.com ip domain-list domain.com ip name-server 10.0.0.2 ## ## Logging configuration ## logging local "info" ## ## Process Manager configuration ## pm process mgmtd launch timeout "4000" pm process sport shutdown order "0" pm process statsd shutdown order "0" ## ## Network management configuration ## ## Miscellaneous other settings (this is a partial list of settings)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show configuration files
Description Syntax Parameters Displays the list of active and backup configuration files or the contents of a specified file. show configuration files [<filename>] <filename> Specify a specified configuration file. The default filenames are: initial initial.bak cold working (active) working.bak
Riverbed Command-Line Interface Reference Manual
117
Enable-Mode Commands
Example
amnesiac # show configuration files initial ## ## Network interface configuration ## no interface aux dhcp interface aux duplex "auto" interface aux ip address 10.0.62.75 /16 interface aux mtu "1500" no interface aux shutdown interface aux speed "auto" interface aux txqueuelen "100" no interface primary dhcp ## ## Routing configuration ## ip default-gateway "10.0.0.1" ## ## Logging configuration ## logging 10.1.10.200 logging 10.1.10.200 trap "info" <<this is a partial display>>
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show configuration running
Description Syntax Parameters Displays running configuration settings that are different from the defaults. show configuration running | full running full Display commands to recreate current running configuration. Does not exclude commands that set default values.
118
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac # show configuration running ## ## Network interface configuration ## no interface aux dhcp interface aux duplex "auto" interface aux ip address 10.0.62.75 /16 interface aux mtu "1500" no interface aux shutdown interface aux speed "auto" interface aux txqueuelen "100" no interface inpath0_0 dhcp interface inpath0_0 duplex "auto" interface inpath0_0 ip address 10.11.62.75 /16 interface inpath0_0 mtu "1500" no interface inpath0_0 shutdown interface inpath0_0 speed "auto" interface inpath0_0 txqueuelen "100" no interface lan0_0 dhcp interface lan0_0 duplex "auto" interface lan0_0 mtu "0" no interface lan0_0 shutdown interface lan0_0 speed "auto" interface lan0_0 txqueuelen "100" lines 1-23 ##(displays running configuration; this is a partial list of settings.)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show files debug-dump
Description Syntax Example Displays a list of debug dump files. show files debug-dump
amnesiac # show files debug-dump sysinfo-sysdump-amnesiac-20050725-183016.txt sysdump-amnesiac-20050606-140826.tgz
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show files process-dump
Description Syntax Example Displays a list of crash dump files. show files process-dump
amnesiac # show files process-dump
Riverbed Command-Line Interface Reference Manual
119
Enable-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show files sa
Description Syntax Parameters
Displays Steelhead appliance log files.
show files sa <cr> | <filename> <cr> <filename> To display a list of log files, press Enter after the command. To display the contents of the log file, specify the filename and press Enter.
Example
amnesiac # show files sa 2006.05.16.23.53.sar 2006.05.17.23.53.sar 2006.05.18.23.53.sar 2006.05.19.23.53.sar 2006.05.20.23.53.sar 2006.05.21.23.53.sar
Product Related Topics
Steelhead appliance Configuration File Commands
show files stats
Description Syntax Usage Example Product Related Topics Displays performance statistics files. show files stats You export performance statistics to files using the stats export command.
amnesiac # show files stats
Steelhead appliance Configuration File Commands
show files tcpdump
Description Syntax Parameters Displays files saved by the tcpdump utility. show files tcpdump None
120
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac # show files tcpdump unopt.cap big-noopt.cap big-opt.cap big.tgz big-opt2.cap
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Configuration File Commands
show interfaces
Description Syntax Parameters Displays the running state settings and statistics. show interfaces [<intname>] | [brief | configured] <intname> brief configured Usage Example Specify the interface name. For example, aux, lan0_0, wan0_0, primary, in-path0_0, lo. Displays the running state settings without statistics. Displays configured settings for the interface.
The set of settings and statistics displayed varies when using DHCP.
amnesiac # show interfaces lo Interface lo state Up: yes IP address: 127.0.0.1 Netmask: 255.0.0.0 Speed: Duplex: Interface type: loopback MTU: 16436 HW address: XX:XX:XX:XX:XX RX bytes: 656 RX packets: 12 RX mcast packets: 0 RX discards: 0 RX errors: 0 RX overruns: 0 RX frame: 0 TX bytes: 656 TX packets: 12 TX discards: 0 TX errors: 0 TX overruns: 0 TX carrier: 0 TX collisions: 0
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance interface
Riverbed Command-Line Interface Reference Manual
121
Enable-Mode Commands
show ip default-gateway
Description Syntax Parameters Example Product Related Topics Displays the IP default gateway. show ip default gateway <cr> | static static Displays the static default gateway.
amnesiac # show ip default-gateway static Configured default gateway: 10.0.0.1
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
show ip route
Description Syntax Parameters Example Displays active routes, both dynamic and static. show ip route <cr> | static static Displays configured static routes.
Gateway 10.0.0.4
amnesiac # show ip route static Destination Mask default 0.0.0.0
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Simplified Routing Support Commands
show job
Description Syntax Parameters Example Displays the status of a scheduled job. show job <job-id> <job-id> Specify the job identification number.
amnesiac # show job 10 job {job_id}: 10 Status: pending Name: myjob Comment: this is a text Absolute range: Commands: show info. show connections. show version.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance System Administration and Service Commands
122
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
show jobs
Description Syntax Parameters Example Product Related Topics Displays a list of all jobs. show jobs None
amnesiac # show jobs % No jobs configured.
CMC appliance, Interceptor appliance, Steelhead appliance System Administration and Service Commands
show licenses
Description Syntax Parameters Example Displays installed (active) licenses. show licenses None
amnesiac # show licenses XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX Feature: SH10BASE Valid: yes Active: yes Start date: End date: XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX Feature: SH10CIFS Valid: yes Active: yes Start date: End date: XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX Feature: SH10EXCH Valid: yes Active: yes Start date: End date:
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance License and Hardware Upgrade Commands
show log
Description Syntax Displays system logs. show log [continuous | files <log number> | matching]
Riverbed Command-Line Interface Reference Manual
123
Enable-Mode Commands
Parameters
continuous files <log number> reverse matching
Displays the log continuously, similar to the Linux tail -f command. Displays a list of log files or a specific log file. Displays the log information, in reverse order, with the latest entry at the top. Displays a list of matching log files.
Example
amnesiac # show log May 22 20:00:00 localhost /usr/sbin/crond[784]: (root) CMD (/usr/sbin/logrotate / etc/logrotate.conf) May 22 20:00:00 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:02:31 localhost cli[555]: [cli.INFO]: user admin: Executing command: show ip route May 22 20:02:38 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) Dec 22 20:03:16 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:04:00 localhost cli[555]: [cli.INFO]: user admin: Executing command: show ip route static May 22 20:05:02 localhost cli[555]: [cli.INFO]: user admin: Executing command: show licenses Dec 22 20:05:09 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:06:44 localhost cli[555]: [cli.INFO]: user admin: Executing command: show limit bandwidth May 22 20:06:49 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:07:12 localhost cli[555]: [cli.INFO]: user admin: Executing command: show log
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Logging Commands
show port-label
Description Syntax Parameters Displays a list of port label configuration or a list of ports that belong to the label. show port-label <cr> | <port label> <port label> Specify one of the following default port label names or a port label name that you have created: Secure. Displays the list of ports that belong to the system label for secure ports. The Steelhead appliance automatically passes through traffic on commonly secure ports (for example, ssh, https, and smtps). For a list of secure ports, see Appendix A, Riverbed Ports. If you do not want to pass through secure ports, you must delete the default secure in-path rule. For detailed information, see in-path rule fixed-target on page 205. Interactive. Displays ports that belong to the system label for interactive ports. The Steelhead appliance automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell). RBT-Proto. Displays the list of ports that belong to the label for system processes: 7744 (data store synchronization), 7800-7801 (in-path), 7810 (out-ofpath), 7820 (failover), 7850 (connection forwarding), 7860 (Interceptor appliance), 7870 (Steelhead Mobile Controller).
124
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac # show port-label Port Label: Interactive Port Label: Secure amnesiac > show port-label Interactive Port Label: Interactive 7, 23, 37, 107, 179, 513-514, 1494, 1718-1720, 2000-2003, 2427, 2598, 2727, 3389 , 5060, 5631, 5900-5903, 6000
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Port Label Commands
show radius
Description Syntax Parameters Example Product Related Topics Displays RADIUS configuration settings. show radius None
amnesiac # show radius No radius settings.
CMC appliance, Interceptor appliance, Steelhead appliance AAA and Role-Based Management Commands
show tacacs
Description Syntax Parameters Example Product Related Topics Displays TACACS+ settings. show tacacs None
amnesiac # show tacacs No tacacs settings.
CMC appliance, Steelhead appliance AAA and Role-Based Management Commands
show telnet-server
Description Syntax Parameters Displays Telnet server settings. show telnet-server None
Riverbed Command-Line Interface Reference Manual
125
Enable-Mode Commands
Example
amnesiac # show telnet-server TCP reordering enabled: no TCP reordering threshold: 3
Product Related Topics
Steelhead appliance CLI Terminal Configuration Commands
show userlog
Description Syntax Parameters Displays current user log file in a scrollable pager. show userlog <cr> continuous | files <file number> continuous files <file number> Example Displays new user log messages as they occur. Displays archived user log files.
amnesiac # show userlog Oct 17 15:38:54 gen-sh75 cli[26992]: Oct 17 15:39:00 gen-sh75 cli[26992]: enable Oct 17 17:18:03 gen-sh75 cli[26992]: show raid diagram Oct 17 17:18:13 gen-sh75 cli[26992]: show version Oct 17 18:00:00 gen-sh75 cli[26992]: atching: show rsp slots Oct 17 18:00:36 gen-sh75 cli[26992]: atching: show rsp dataflow RiO Oct 17 18:00:46 gen-sh75 cli[26992]: atching: show rsp dataflow RiOS Oct 17 18:00:57 gen-sh75 cli[26992]: atching: show rsp dataflow inpath0_0 Oct 17 18:01:10 gen-sh75 cli[26992]: atching: show rsp images Oct 17 18:08:22 gen-sh75 cli[26992]: show service Oct 17 18:11:18 gen-sh75 cli[26992]: show smb signing delegation domains <<this is partial display>>
[cli.NOTICE]: user admin: CLI launched [cli.INFO]: user admin: Executing command: [cli.INFO]: user admin: Executing command: [cli.INFO]: user admin: Executing command: [cli.INFO]: user admin: Executing command m [cli.INFO]: user admin: Executing command m [cli.INFO]: user admin: Executing command m [cli.INFO]: user admin: Executing command m [cli.INFO]: user admin: Executing command m [cli.INFO]: user admin: Executing command: [cli.INFO]: user admin: Executing command:
Product Related Topics
Steelhead appliance Logging Commands
show usernames
Description Syntax Parameters Displays current user log file in a scrollable pager. show usernames None.
126
Riverbed Command-Line Interface Reference Manual
Enable-Mode Commands
Example
amnesiac # show usernames User Status Active Capability --------------------------------------------------------------admin@ enabled y admin monitor enabled n monitor --------------------------------------------------------------@ = current user
Product Related Topics
CMC appliance, Steelhead appliance AAA and Role-Based Management Commands
Riverbed Command-Line Interface Reference Manual
127
Enable-Mode Commands
128
Riverbed Command-Line Interface Reference Manual
CHAPTER 4
Configuration-Mode Commands
This chapter is a reference for configuration-mode commands. It includes the following sections:
Displaying Role-Based Management Configuration Settings, next System Administration Commands on page 133 Steelhead Appliance Feature Configuration Commands on page 196 Interceptor Appliance Feature Commands on page 377 Central Management Console Feature Commands on page 390
You can perform configuration tasks while in configuration-mode. Only administrator users can perform configuration-mode and enable-mode commands. All commands available in user-mode and enable-mode are also available in configuration-mode. Monitor users cannot perform configuration tasks. To enter configuration-mode 1. Connect to the CLI. For detailed information, see Connecting to the CLI on page 11. 2. Enter enable-mode; at the system prompt enter enable:
amnesiac > enable
3. Enter configuration-mode; at the system prompt enter configure terminal:
amnesiac # configure terminal amnesiac #
You are now in configuration-mode. To exit configuration-mode, enter exit. For information about the exit command, see exit on page 16. Although most of the Steelhead appliance configuration commands are also available in the Interceptor appliance, CMC appliance, and Steelhead Mobile Controller. Riverbed strongly recommends that you do not use the CLI to perform configuration tasks. Riverbed recommends that you use their respective Management Consoles to perform configuration, system administration, and system reporting and monitoring tasks.
Tip: For an alphabetical list of commands, see the Index at the end of this book.
Riverbed Command-Line Interface Reference Manual
129
Configuration-Mode Commands
Displaying Role-Based Management Configuration Settings
This section describes the commands to display role-based management settings. The following commands are only available in configuration-mode. You must be and administrator user and you must be in configuration mode to display these system settings.
show rbm primitives
Description Syntax Parameters Example Displays the list of all role-based management primitives. show rbm primitives None
amnesiac (config) # show rbm primitive /role_primitive /role_primitive/acceleration/data_store /role_primitive/acceleration/inpath_rules /role_primitive/acceleration/rcu /role_primitive/acceleration/service_protocols/cifs /role_primitive/acceleration/service_protocols/hstcp /role_primitive/acceleration/service_protocols/http /role_primitive/acceleration/service_protocols/jinitiator /role_primitive/acceleration/service_protocols/lotus_notes /role_primitive/acceleration/service_protocols/mapi /role_primitive/acceleration/service_protocols/nfs /role_primitive/acceleration/service_protocols/sql /role_primitive/acceleration/service_protocols/tcp_blaster /role_primitive/acceleration/service_settings /role_primitive/acceleration/socket_buffer_size /role_primitive/acceleration/ssl /role_primitive/reports/appliance/computed_historical_datapoints /role_primitive/reports/appliance/connected_appliances /role_primitive/reports/appliance/connection_history /role_primitive/reports/appliance/connection_pooling /role_primitive/reports/appliance/cpu_utilization /role_primitive/reports/appliance/current_connections /role_primitive/reports/appliance/data_store <this is a partial display>
Product Related Topics
Steelhead appliance AAA and Role-Based Management Commands
show rbm role
Description Syntax Displays primitives in a role. show rbm role <role>
130
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
<role>
Specify the role-based management type: acceleration_service cifs_acceleration diagnostics general_settings highspeed_tcp http_acceleration in-path_rules jinitiator_acceleration mapi_acceleration network_settings nfs_acceleration notes_acceleration proxy_file_service qos reports rios_services_platform security_settings sql_acceleration ssl_acceleration
Example
amnesiac (config) # show rbm role reports Role: reports /role_primitive/reports/appliance/computed_historical_datapoints /role_primitive/reports/appliance/connected_appliances /role_primitive/reports/appliance/connection_history /role_primitive/reports/appliance/connection_pooling /role_primitive/reports/appliance/cpu_utilization /role_primitive/reports/appliance/current_connections /role_primitive/reports/appliance/data_store /role_primitive/reports/appliance/dns_statistics /role_primitive/reports/appliance/interface_statistics /role_primitive/reports/appliance/memory_paging /role_primitive/reports/appliance/neighbor_statistics /role_primitive/reports/appliance/qos_statistics /role_primitive/reports/appliance/statistics_export /role_primitive/reports/appliance/tcp_statistics /role_primitive/reports/appliance/toptalkers /role_primitive/reports/appliance/traffic_overview /role_primitive/reports/diagnostics/alarm_status /role_primitive/reports/monitored_ports /role_primitive/reports/performance/bandwidth_optimization /role_primitive/reports/performance/data_reduction /role_primitive/reports/performance/data_store /role_primitive/reports/performance/http_statistics <<this is a partial display>>
Product Related Topics
Steelhead appliance AAA and Role-Based Management Commands
Riverbed Command-Line Interface Reference Manual
131
Configuration-Mode Commands
show rbm roles
Description Syntax Parameters Example Displays all roles. show rbm roles None
amnesiac (config) # show rbm roles Role: acceleration_service /role_primitive/acceleration/data_store /role_primitive/acceleration/service_settings /role_primitive/acceleration/socket_buffer_size /role_primitive/reports/appliance/connected_appliances /role_primitive/reports/appliance/connection_history /role_primitive/reports/appliance/connection_pooling /role_primitive/reports/appliance/current_connections /role_primitive/reports/appliance/data_store /role_primitive/reports/appliance/tcp_statistics /role_primitive/reports/appliance/traffic_overview /role_primitive/reports/monitored_ports /role_primitive/reports/performance/bandwidth_optimization /role_primitive/reports/performance/data_reduction /role_primitive/reports/performance/data_store /role_primitive/reports/performance/throughput /role_primitive/system_setup/advanced_networking/peering /role_primitive/system_setup/advanced_networking/service_ports /role_primitive/system_setup/host_settings/port_labels Role: cifs_acceleration /role_primitive/acceleration/service_protocols/cifs /role_primitive/reports/appliance/current_connections /role_primitive/reports/appliance/traffic_overview <<this is a partial display>>
Product Related Topics
Steelhead appliance AAA and Role-Based Management Commands
show rbm user
Description Syntax Parameters Example Product Related Topics Displays user configuration. show rbm user <username> <username> Specify the username.
amnesiac (config) # show rbm user admin
Steelhead appliance AAA and Role-Based Management Commands
132
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
show rbm users
Description Syntax Parameters Example Product Related Topics Displays user configuration for all users. show rbm users None
amnesiac (config) # show rbm users
Steelhead appliance AAA and Role-Based Management Commands
System Administration Commands
This section describes commands you use to perform system administration tasks. Many system administration commands are common to the CMC appliance, the Interceptor appliance, and the Steelhead appliance.
AAA and Role-Based Management Commands
This section describes the AAA commands. The Steelhead appliance supports authentication and authorization.
aaa accounting per-command default
Description Syntax Parameters Usage Configure per-command account settings. [no] aaa accounting per-command default <method> <method> Specify the authentication method: tacacs+ or local. Use a space separated list.
The order in which the methods are specified is the order in which the accounting is done. The no command option clears all accounting states and returns the per-command accounting to the local method (local logs).
Example Product Related Topics
amnesiac (config) # aaa accounting per-command default tacacs+ local
Steelhead appliance, CMC appliance show aaa, show radius, show tacacs
Riverbed Command-Line Interface Reference Manual
133
Configuration-Mode Commands
aaa authentication cond-fallback
Description Syntax Parameters Usage Fall-back only if server is unavailable. [no] aaa authentication cond-fallback None If enabled the next authentication method is tried only if the servers for the current authentication method are unavailable. The no command option disables fall-back mode. Example Product Related Topics
amnesiac (config) # aaa authentication cond-fallback
Steelhead appliance, CMC appliance show aaa, show radius, show tacacs
aaa authentication console-login default
Description Syntax Parameters Usage Configures local, RADIUS, or TACACS+ console settings for log in. aaa authentication console-login default <method> <method> Specify the authentication method: radius, tacacs+, or local. Use a space separated list.
The order in which the methods are specified is the order in which the authorization is attempted. The no command option clears all authentication states and returns user authentication to the local user name database.
Example Product Related Topics
amnesiac (config) # aaa authentication console-login default radius tacacs+ local
Steelhead appliance, CMC appliance show aaa, show radius, show tacacs
aaa authentication login default
Description Syntax Parameters Usage Configures local, RADIUS, or TACACS+ login settings. [no] aaa authentication login default <method> <method> Specify the authentication method: radius, tacacs+, or local. Use a space separated list.
The order in which the methods are specified is the order in which the authentication is attempted. The no command option clears all authentication states and returns user authentication to the local user name database.
134
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # aaa authentication login default radius tacacs+
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tacacs
aaa authorization map default-user
Description Specify what local user the authenticated user will be logged in as when they are authenticated (through RADIUS or TACACS+) and do not have a local user mapping specified in the remote database. [no] aaa authorization map default-user <user_name> <user_name> Specify the user name for RADIUS or TACACS+ authentication: admin or monitor.
Syntax Parameters Usage
When a user is authenticated through RADIUS or TACACS+ and does not have a local account, this command specifies what local account the authenticated user is logged in as. For the local authentication method, this setting is ignored. This mapping depends on the setting of the aaa authorization map order command. The no command option disables user default mapping.
Example Product Related Topics
amnesiac (config) # aaa authorization map default-user admin
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tacacs
aaa authorization map order
Description Syntax Parameters Sets the order for remote-to-local user mappings for RADIUS or TACACS+ server authentication. [no] aaa authorization map order <policy> <policy> Specify the order in which to apply the authentication policy: remote-only, remote-first, local-only.
Riverbed Command-Line Interface Reference Manual
135
Configuration-Mode Commands
Usage
The order determines how the remote user mapping behaves. If the authenticated user name is valid locally, no mapping is performed. The setting has the following behaviors: remote-first. If a local-user mapping attribute is returned and it is a valid local user name, map the authenticated user to the local user specified in the attribute. If the attribute is not present or not valid locally, use the user name specified by the default-user command. (This is the default behavior.) remote-only. Map only to a remote authenticated user if the authentication server sends a local-user mapping attribute. If the attribute does not specify a valid local user, no further mapping is attempted. local-only. All remote users are mapped to the user specified by the aaa authorization map default-user <user name> command. Any vendor attributes received by an authentication server are ignored. To set TACACS+ authorization levels (admin and read-only) to allow certain members of a group to log in, add the following attribute to users on the TACACS+ server:
service = rbt-exec { local-user-name = "monitor" }
where you replace monitor with admin for write access. To turn off general authentication in the Interceptor appliance, enter the following command at the system prompt:
aaa authorization map order remote-only
The no command option disables authentication. Example Product Related Topics
amnesiac (config) # aaa authorization map order remote-only
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tacacs
aaa authorization per-command default
Description Syntax Parameters Usage Configures authorization mapping settings. [no] aaa authorization per-command default <method> <method> Specify the authentication method: tacacs+ or local. Use a space separated list.
The order in which the methods are specified is the order in which the authorization is attempted. The no command option clears all authorization states and returns the user authorization to the local user name database.
Example Product Related Topics
amnesiac (config) # a0aa authorization per-command default tacacs+ local
Steelhead appliance, CMC appliance show aaa, show radius, show tacacs
136
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
radius-server host
Description Syntax Parameters Adds a RADIUS server to the set of servers used for authentication. [no] radius-server host {<ip-addr> | auth-port <port-number> | timeout <seconds> | retransmit <retries> | key <string>} <ip-addr> auth-port <port> timeout <seconds> retransmit <number> Specify the RADIUS server IP address. Specify the authentication port number to use with this RADIUS server. The default value is 1812. Specify the time-out period to use with this RADIUS server. Specify the number of times the client attempts to authenticate with any RADIUS server. The default value is 1. The range is 0-5. To disable retransmissions, set it to 0. Specify the shared secret text string used to communicate with this RADIUS server. The range is 0-7.
key <keynumber> Usage
RADIUS servers are tried in the order they are configured. The same IP address can be used in more than one radius-server host command if the auth-port value is different for each. The auth-port value is a UDP port number. The auth-port value must be specified immediately after the host <ip-addr> option (if present). Some parameters override the RADIUS server global defaults. For detailed information, see the Steelhead Appliance Deployment Guide. The no command option stops sending RADIUS authentication requests to the host. If no radius-server host <ip-addr> is specified, all radius configurations for the host are deleted. The no radius-server host <ip-addr> auth-port <port> command can be specified to refine which host is deleted, as the previous command deletes all RADIUS servers with the specified IP address.
Example Product Related Topics
amnesiac (config) # radius-server host 10.0.0.0 key XXXX retransmit 3 timeout 10
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius
radius-server key
Description Syntax Parameters Usage Sets the shared secret text string used to communicate with a RADIUS server. [no] radius-server key <string> <string> Sets the shared secret text string used to communicate with any RADIUS server.
This command can be overridden using the radius-server host command. The no command option resets the key to the default value.
Example Product Related Topics
amnesiac (config) # radius-server key XYZ
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius
Riverbed Command-Line Interface Reference Manual
137
Configuration-Mode Commands
radius-server retransmit
Description Syntax Parameters Usage Specify the number of times the client attempts to authenticate with any RADIUS server. [no] radius-server retransmit <retries> <retries> Specify the number of times the client attempts to authenticate with any RADIUS server. The range is 0-5. The default value is 1.
This command can be overridden in a radius-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # radius-server retransmit 5
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius
radius-server timeout
Description Syntax Parameters Usage Sets the time-out in seconds for retransmitting a request to any RADIUS server. [no] radius-server timeout <seconds> <seconds> Sets the time-out for retransmitting a request to any RADIUS server. T.
The range is 1-60. The default value is 3. This command can be overridden in a radius-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # radius-server timeout 30
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius
138
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
rbm role
Description Syntax Parameters Allows for the creation of a RBM (role-based management) role. [no] rbm role <role> primitive <primitive> <role> Specify a role-based management type: acceleration_service. Start and stop the optimization service. cifs_acceleration. Enable CIFS optimization settings and Overlapping Open Optimization. diagnostics. Customize system diagnostic logs, including system and user log settings. general_settings. Per source IP connection limit and the maximum connection pooling size. highspeed_tcp. HS TCP settings including: LAN send and receive buffer size, WAN send and receive buffer size. http_acceleration. HTTP optimization settings including: cache settings, keepalive, insert cookie, file extensions to prefetch, and ability to set up HTTP optimization for a specific server subnet. in-path_rules. Configure which TCP traffic to optimize and how to optimize traffic by setting in-path rules. Includes WAN visibility to preserve TCP/IP address or port information. oracle_forms_acceleration. Optimize Oracle E-business application content and forms applications. mapi_acceleration. Optimize MAPI, set Exchange and NSPI ports. network_settings. Configure host and network interface settings, including DNS cache settings. nfs_acceleration. Configure NFS optimization. proxy_file_service. Enable the Proxy File Service. qos. Enforce QoS policies. reports. Set system report parameters. rios_services_platform. Add various types of functionality into a virtualized environment on the client Steelhead appliance. The functionality can include a print server, a streaming video server and a package that provides core networking services (DNS, DHCP, TFTP and Radius mirroring). security_settings. Configure security settings, including RADIUS and TACACS authentication settings and secure vault password. sql_acceleration. Configure MS-SQL optimization. ssl_acceleration. Configure SSL support. primitive <primitive> Usage For a complete list of options, see the CLI help.
Roles are made up of Steelhead appliance feature sets. You can assign particular users to particular roles. For example, you could assign Judy read and write permissions on the role qos. Thus, Judy will only be able to make configuration changes for QoS settings. The no command option disables the role.
Example Product Related Topics
amnesiac (config) # rbm role qos primitive /role_primitive/system_control/hardware
CMC appliance, Steelhead appliance show rbm role
Riverbed Command-Line Interface Reference Manual
139
Configuration-Mode Commands
rbm user
Description Syntax Parameters Assigns a a role (that is, a feature set) to a user. A user can be associated with one or more roles. [no] rbm user <username> role <role> permissions <permissions> <username> role <role> permissions <permissions> Specify the user name. Specify the role (that is, feature set) to be associated with the user. For detailed information about the feature sets that make up roles, see rbm role on page 139. You can also create users, assign passwords to the user, and assign varying configuration roles to the user. A user role determines whether the user has permission to: read-only. With read privileges you can view current configuration settings but you cannot change them. write-only. With write privileges you can view settings and make configuration changes for a feature. deny-only. With deny privileges you cannot view settings or make configuration changes for a feature. Usage Example Product Related Topics The no command option allows for the deletion of a role.
amnesiac (config) # rbm role qos permissions read-only
Steelhead appliance show rbm user
tacacs-server first-hit
Description Syntax Parameters Usage Enables first-hit option for TACACS+ servers. [no] tacacs-server first-hit <ip-addr> Specify the TACACS+ server IP address.
TACACS+ servers are tried in the order they are configured. If this option is enabled, only the first server in the list of TACACS+ servers is queried for authentication and authorization purposes. The no command option disables TACACS+ first-hit option.
Example Product Related Topics
minna (config) # tacacs-server first-hit minna (config) #
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tcp highspeed
140
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
tacacs-server host
Description Syntax Adds a TACACS+ server to the set of servers used for authentication. [no] tacacs-server host {<ip-addr> <cr>| auth-port <port> | auth-type <type> | timeout <seconds> | retransmit <retries> | key <string>} Parameters <ip-addr> auth-port <port> auth-type <type> key <keynumber> retransmit <number> Specify the TACACS+ server IP address. Specify the authorization port number. The default value is 49. Specify the authorization type to use with this TACACS+ server: ascii, pap. Sets the shared secret text string used to communicate with any TACACS+ server. Specify the number of times the client attempts to authenticate with any TACACS+ server. The default value is 1. The range is 0-5. To disable retransmissions set it to 0. Sets the time-out for retransmitting a request to any TACACS+ server. The range is 1-60. The default value is 3.
timeout <seconds> Usage
TACACS+ servers are tried in the order they are configured. The same IP address can be used in more than one tacacs-server host command if the auth-port value is different for each. The auth-port value is a UDP port number. The auth-port value must be specified immediately after the hostname option (if present). Some of the parameters given can override the configured global defaults for all TACACS+ servers. For detailed information, see the Steelhead Appliance Deployment Guide. If no tacacs-server host <ip-addr> is specified, all TACACS+ configurations for this host are deleted. The no tacacs-server host <ip-addr> auth-port <port> command can be specified to refine which host is deleted, as the previous command deletes all TACACS+ servers with the specified IP address. The no command option disables TACACS+ support.
Example Product Related Topics
amnesiac (config) # tacacs-server host 10.0.0.0
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tcp highspeed
tacacs-server key
Description Syntax Parameters Usage Sets the shared secret text string used to communicate with any TACACS+ server. [no] tacacs-server key <string> <string> Sets the shared secret text string used to communicate with any TACACS+ server.
The tacacs-server key command can be overridden using the tacacs-server host command. The no command option resets the value to the default value.
Riverbed Command-Line Interface Reference Manual
141
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # tacacs-server key XYZ
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tcp highspeed
tacacs-server retransmit
Description Syntax Parameters Usage Specify the number of times the client attempts to authenticate with any TACACS+ server. [no] tacacs-server retransmit <retries> <retries> Specify the number of times the client attempts to authenticate with any TACACS+ server. The range is 0-5. The default value is 1.
The default value is 1. The range is 0-5. To disable retransmissions set it to 0. The tacacs-server retransmit command can be overridden in a tacacs-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # tacacs-server retransmit 5
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tcp highspeed
tacacs-server timeout
Description Syntax Parameters Usage Sets the time-out for retransmitting a request to any TACACS+ server. [no] tacacs-server timeout <seconds> <seconds> Sets the time-out for retransmitting a request to any TACACS+ server. The range is 1-60. The default value is 3.
This command can be overridden with the tacacs-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # tacacs-server timeout 30
CMC appliance, Interceptor appliance, Steelhead appliance show aaa, show radius, show tcp highspeed
username disable
Description Syntax Parameters Disables the account so that no one can log in. [no] username <userid> disable <userid> Specify the user login: admin or monitor.
142
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option re-enables the specified user account.
amnesiac (config) # username monitor disable
CMC appliance, Interceptor appliance, Steelhead appliance show version
username nopassword
Description Syntax Parameters Example Product Related Topics Disables password protection for a user. username <userid> nopassword <userid> Specify the user login: admin or monitor.
amnesiac (config) # username monitor nopassword
CMC appliance, Interceptor appliance, Steelhead appliance show version
username password
Description Syntax Parameters Sets the password for the specified user. username <userid> password <cleartext> <userid> <cleartext> Usage Example Product Related Topics Specify the user login: admin or monitor. Specify the password. The password must be at least 6 characters.
The password is returned in cleartext format on the command line.
amnesiac (config) # username admin password xyzzzZ
CMC appliance, Interceptor appliance, Steelhead appliance show version
username password 0
Description Syntax Parameters Sets the password for the specified user. username <userid> password 0 <cleartext password> <userid> <cleartext password> Specify the user login: admin or monitor. Specify the password. The password must be at least 6 characters.
Riverbed Command-Line Interface Reference Manual
143
Configuration-Mode Commands
Usage Example Product Related Topics
The password is returned in cleartext format on the command line.
amnesiac (config) # username admin password 0 xyzzzZ
CMC appliance, Interceptor appliance, Steelhead appliance show version
username password 7
Description Syntax Parameters Sets the password for the specified user using the encrypted format of the password. Use this command if it become necessary to restore your appliance configuration, including the password. username <userid> password 7 <encrypted password> <userid> <encrypted password> Usage Specify the user login: admin or monitor. Specify the encrypted password. The password must be at least 6 characters.
Use this command to restore your password using an encrypted version of the password. You can display the encrypted version of the password using the show running configuration command. For example, executing username monitor password awesomepass results in the following line being added to the running configuration file:
username monitor password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/
If you need to restore your password in the future, you would paste:
username monitor password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/
in the CLI, to restore your monitor password to awesomepass. Example Product Related Topics
amnesiac (config) # username admin password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/
CMC appliance, Interceptor appliance, Steelhead appliance show version
Secure Shell Access Commands
This section describes the secure shell access commands.
ssh client generate identity user
Description Syntax Parameters Usage Generates SSH client identity keys for the specified user. SSH provides secure log in for Windows and Unix clients and servers. ssh client generate identity user <user> <user> Specify the client user login.
The no ssh client identity user <user> command disables SSH client identity keys for a specified user.
144
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # ssh client generate identity user test
CMC appliance, Interceptor appliance, Steelhead appliance show ssh client
ssh client user authorized-key rsakey sshv2
Description Syntax Parameters Sets the RSA encryption method by RSA Security and authorized-key for the SSH user. [no] ssh client user <user> authorized-key rsakey sshv2 <public key> <user> <public key> Usage Example Product Related Topics Specify the user name. Specify the public key for SSH version 2 for the specified SSH user.
The no command option disables the authorized-key encryption method.
amnesiac (config) # ssh client user admin authorized-key rsakey sshbv2
CMC appliance, Interceptor appliance, Steelhead appliance show ssh client
ssh server enable
Description Syntax Parameters Usage Example Product Related Topics Enables SSH access to the system. [no] ssh server enable None The no command option disables SSH access.
amnesiac (config) # ssh server enable
CMC appliance, Interceptor appliance, Steelhead appliance show ssh server
ssh server listen enable
Description Syntax Parameters Enables SSH interface restriction access to the system (that is, it enables access control and blocks requests on all the interfaces). [no] ssh server listen enable None
Riverbed Command-Line Interface Reference Manual
145
Configuration-Mode Commands
Usage
If the list of interfaces is empty, none of the interfaces respond to the queries. The no command option disables SSH interface restrictions which causes SSH to accept connections from all interfaces. SSH interface restrictions are not available through the Management Console.
Example Product Related Topics
amnesiac (config) # ssh server listen enable
CMC appliance, Interceptor appliance, Steelhead appliance show ssh server
ssh server listen interface
Description Syntax Parameters Usage Adds one or more interfaces to the SSH server access restriction list (thus, it unblocks requests on the specified interface). [no] ssh server listen interface <interface> <interface> Specify the interface: primary, aux, inpath0_0, inpath0_1, rios-lan0_0, rios_wan0_0
If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces. To add an interface to the list
ssh server listen interface primary
To remove an interface
no ssh server listen interface <interface>
The no command option removes the interface. SSH interface restrictions are not available through the Management Console Example Product Related Topics
amnesiac (config) # ssh server listen interface primary
CMC appliance, Interceptor appliance, Steelhead appliance show ssh server
ssh server v2-only enable
Description Syntax Parameters Usage Enables SSH server to accept only v2 connections, which are more secure. [no] ssh server v2-only enable None This command restricts the server to accept only v2 protocol connections, which are more secure. The no command option removes the restriction.
146
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # ssh server v2-only enable
CMC appliance, Interceptor appliance, Steelhead appliance show ssh server
CLI Terminal Configuration Commands
This section describes the CLI terminal configuration commands.
banner login
Description Syntax Parameters Usage Example Product Related Topics Sets the system log in banner. [no] banner login <message string> <message string> Specify the login banner message. Enclose the message in quotation marks ( ).
The no command option disables the login banner.
amnesiac (config) # banner login reminder: meeting today
CMC appliance, Interceptor appliance, Steelhead appliance show bootvar
banner motd
Description Syntax Parameters Usage Example Product Related Topics Sets the system Message of the Day banner. [no] banner motd <message string> <message string> Specify the login Message of the Day.
The no command option disables the system Message of the Day banner.
amnesiac (config) # banner motd customer visit today
CMC appliance, Interceptor appliance, Steelhead appliance show bootvar
Riverbed Command-Line Interface Reference Manual
147
Configuration-Mode Commands
cli clear-history
Description Syntax Parameters Example Product Related Topics Clears the command history for the current user. cli clear-history None
amnesiac (config) # cli clear-history
CMC appliance, Interceptor appliance, Steelhead appliance show cli
cli default auto-logout
Description Syntax Parameters Usage Sets keyboard inactivity time for automatic log out. [no] cli default auto-logout <minutes> <minutes> Specify the number of minutes before log out occurs.
Suppose you are using telnet versus ssh to access your Steelhead appliances and thus have enabled a telnet server. To disable timeout
cli default auto-logout 0
The no command option disables the automatic logout feature. Example Product Related Topics
amnesiac (config) # cli default auto-logout 25
CMC appliance, Interceptor appliance, Steelhead appliance show cli
cli default paging enable
Description Syntax Parameters Usage Example Product Related Topics Sets ability to view text one screen at a time. [no] cli default paging enable None The no command option disables paging.
amnesiac (config) # cli default paging enable
CMC appliance, Interceptor appliance, Steelhead appliance show cli
148
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
cli session
Description Syntax Parameters Sets CLI options for the current session only. [no] cli session {auto-logout <minutes> | paging enable | terminal length <lines> | type <terminal_type> | terminal width <number of characters>} auto-logout <minutes> paging enable Sets the number of minutes before the CLI automatically logs out the user. The default value is 15 minutes. The no command option disables the automatic logout feature. Sets paging. With paging enabled, if there is too much text to fit on the page, the CLI prompts you for the next page of text. The no command option disables paging. Sets the terminal length. The no command option disables the terminal length. Sets the terminal type. The no command option disables the terminal type. Sets the terminal width. The no command option disables the terminal width.
terminal length <lines> terminal type <terminal_type> terminal width <number of characters> Usage Example Product Related Topics
The no command option disables CLI option settings.
amnesiac (config) # cli session auto-logout 20
CMC appliance, Interceptor appliance, Steelhead appliance show cli
Management Console Configuration Commands
This section describes the management console configuration commands.
web auto-logout
Description Syntax Parameters Usage Example Product Related Topics Sets the number of minutes before the Management Console automatically logs out the user. [no] web auto-logout <minutes> <minutes> Specify the number of minutes before the system automatically logs out the user. The default value is 15 minutes.
The no command option disables the automatic log out feature.
amnesiac (config) # web auto-logout 20
CMC appliance, Interceptor appliance, Steelhead appliance show web
Riverbed Command-Line Interface Reference Manual
149
Configuration-Mode Commands
web auto-refresh timeout
Description Syntax Parameters Usage Example Product Related Topics Sets time-out when graphs are auto-refreshing. [no] web auto-refresh timeout None The no command option disables time-out.
amnesiac (config) # web auto-refresh timeout 20
CMC appliance, Interceptor appliance, Steelhead appliance show web
web enable
Description Syntax Parameters Usage Enables the Management Console. [no] web enable None The Management Console is enabled by default. The no command option disables the Interceptor Management Console. Example Product Related Topics
amnesiac (config) # web enable
CMC appliance, Interceptor appliance, Steelhead appliance show web
web http enable
Description Syntax Parameters Usage Enables HTTP access to the Management Console. [no] web http enable None The Management Console is enabled by default. The no command option disables the Interceptor Management Console. Example Product Related Topics
amnesiac (config) # web http enable
CMC appliance, Interceptor appliance, Steelhead appliance show web
150
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
web http port
Description Syntax Parameters Usage Example Product Related Topics Sets the Web port for HTTP access. [no] web http port <port> <port> Specify the port number. The default value is 80.
The no command option resets the Web port to the default value.
amnesiac (config) # web http port 8080
CMC appliance, Interceptor appliance, Steelhead appliance show web
web httpd listen enable
Description Syntax Parameters Usage Enables Web interface restriction access to this system (that is, it enables access control and blocks requests on all the interfaces). [no] web httpd listen enable None The no command option disables Web interface restrictions. Web interface restrictions are not available through the Management Console. Example Product Related Topics
amnesiac (config) # web httpd listen enable
CMC appliance, Interceptor appliance, Steelhead appliance show web
web httpd listen interface
Description Syntax Parameters Usage Adds an interface to the Web server access restriction list. [no] web httpd listen interface <interface> <interface> Specify the interface: primary, aux, inpath0_0, rios-lan0_0, rios_wan0_0
If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces. To add an interface to the list to listen on
web httpd listen interface primary
To remove an interface so that it is no longer listened to
no web httpd listen interface <interface>
Web interface restrictions are not available through the Management Console.
Riverbed Command-Line Interface Reference Manual
151
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # web httpd listen interface aux
CMC appliance, Interceptor appliance, Steelhead appliance show web
web https enable
Description Syntax Parameters Usage Example Product Related Topics Sets HTTPS for accessing a secure Web server. [no] web https enable None The no command option disables secure port support.
amnesiac (config) # web https enable
CMC appliance, Interceptor appliance, Steelhead appliance show web
web https port
Description Syntax Parameters Usage Example Product Related Topics Sets the HTTPS secure Web port. [no] web https port <port> <port> Specify the port number.
The no command option disables support on a secure port.
amnesiac (config) # web https port 8080 amnesiac (config) #
CMC appliance, Interceptor appliance, Steelhead appliance show web
web prefs log lines
Description Syntax Parameters Usage Sets the number of lines per system log page. [no] web prefs log lines <number> <number> Specify the number of lines per log page.
The no command option disables the number of log lines.
152
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # web prefs logs lines 10
CMC appliance, Interceptor appliance, Steelhead appliance show web
web proxy host
Description Syntax Parameters Sets the HTTP, HTTPS, and FTP proxy. [no] web proxy host <ip-addr> [port <port>] <ip-addr> <port> Usage Example Product Related Topics Specify the IP address for the host. Specify the port for the host.
The no command option disables the Web proxy.
amnesiac (config) # web proxy 10.1.2.1 port 1220
CMC appliance, Interceptor appliance, Steelhead appliance show web
web session renewal
Description Syntax Parameters Usage Sets the session renewal time. This is the time before the Web session time-out, at which if a Web request comes in, it automatically renews the session. [no] web session renewal <minutes> <minutes> Specify the number of minutes.
The default value is 10 minutes. The no command option resets the session renewal time to the default value.
Example Product Related Topics
amnesiac (config) # web session renewal 5
CMC appliance, Interceptor appliance, Steelhead appliance show web
web session timeout
Description Syntax Parameters Sets the session time-out value. This is the amount of time the cookie is active. [no] web session timeout <minutes> <minutes> Specify the number of minutes.
Riverbed Command-Line Interface Reference Manual
153
Configuration-Mode Commands
Usage
The default value is 60 minutes. The no command option resets the session time-out to the default value.
Example Product Related Topics
amnesiac (config) # web session timeout 120
CMC appliance, Interceptor appliance, Steelhead appliance show web
web snmp-trap conf-mode enable
Description Syntax Parameters Usage Example Product Related Topics Enables sending of SNMP trap in Web configure mode. [no] web snmp-trap conf-mode enable None The no command option disables this setting.
amnesiac (config) # web snmp-trap conf-mode enable
CMC appliance, Steelhead appliance show web
web ssl protocol sslv2
Description Syntax Parameters Usage Example Product Related Topics Choose SSL v2 protocols for Apache to use. [no] web ssl protocol sslv2 None The no command option disables this setting.
amnesiac (config) # web ssl protocol sslv2
CMC appliance, Steelhead appliance show web
web ssl protocol sslv3
Description Syntax Parameters Usage Choose SSL v3 protocols for Apache to use. [no] web ssl protocol sslv3 None The no command option disables this setting.
154
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # web ssl protocol sslv3
CMC appliance, Steelhead appliance show web
web ssl protocol tslv1
Description Syntax Parameters Usage Example Product Related Topics Choose SSL v1 protocols for Apache to use. [no] web ssl protocol tslv1 None The no command option disables this setting.
amnesiac (config) # web ssl protocol tslv1
CMC appliance, Steelhead appliance show web
Configuration File Commands
This section describes the configuration file commands.
cmc enable
Description Syntax Parameters Usage Example Product Related Topics Enables auto-registration with CMC. [no] cmc enable None The no command option disable CMC auto-registration.
amnesiac (config) # cmc enable
Steelhead appliance show running-config
Riverbed Command-Line Interface Reference Manual
155
Configuration-Mode Commands
cmc hostname
Description Syntax Parameters Usage Example Product Related Topics Set the CMC hostname used for auto-registration. [no] cmc hostname None The no command option disable CMC auto-registration.
amnesiac (config) # cmc hostname test
Steelhead appliance show running-config
configuration copy
Description Syntax Parameters Copies a configuration file. configuration copy <sourcename> <new-filename> <sourcename> <newfilename> Example Product Related Topics Specify the name of the source file. Specify the name of the destination file.
amnesiac (config) # configuration copy westcoast eastcoast
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration delete
Description Syntax Parameters Example Product Related Topics Deletes a configuration file. configuration delete <filename> <filename> Specify the name of the configuration file to delete.
amnesiac (config) # configuration delete westcoast
CMC appliance, Interceptor appliance, Steelhead appliance show connection
156
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
configuration factory
Description Syntax Parameters Example Product Related Topics Create a new configuration file. configuration factory <filename> <filename> Specify the name of the destination file.
amnesiac (config) # configuration factory eastcoast
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration fetch
Description Syntax Parameters Downloads a configuration file over the network. configuration fetch {<URL, scp://, or ftp://username:password@hostname/path/filename> [filename]} <URL, scp://, or ftp:// username:password@hostna me/path/filename> filename Usage Specify the location of the configuration file to download in URL, scp://, or ftp:// format. Create a new name for the configuration file.
To copy one configuration file to another appliance, run the following set of commands
configuration fetch <url-to-remote-config> <new-config-name> ;; this fetches the configuration from the remote configuration switch-to <new-config-name> ;; this activates the newly fetched configuration
Example Product Related Topics
amnesiac (config) # configuration fetch http://domain.com/westcoast newconfig amnesiac (config) #configuration switch-to newconfig
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration jump-start
Description Syntax Parameters Restarts the configuration wizard. configuration jump-start None
Riverbed Command-Line Interface Reference Manual
157
Configuration-Mode Commands
Example
amnesiac (config) # configuration jump-start gen-sh6 (config) # configuration jump-start Riverbed Steelhead configuration wizard. Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step 1: Hostname? [example] 2: Use DHCP on primary interface? [no] 3: Primary IP address? [10.11.6.6] 4: Netmask? [255.255.0.0] 5: Default gateway? [10.0.0.1] 6: Primary DNS server? [10.0.0.2] 7: Domain name? [example.com] 8: Admin password? 9: SMTP server? [exchange] 10: Notification email address? [examplem@riverbed.com] 11: Set the primary interface speed? [auto] 12: Set the primary interface duplex? [auto] 13: Would you like to activate the in-path configuration? [yes] 14: In-Path IP address? [10.11.6.6] 15: In-Path Netmask? [255.255.0.0] 16: In-Path Default gateway? 17: Set the in-path:LAN interface speed? [auto] 18: Set the in-path:LAN interface duplex? [auto] 19: Set the in-path:WAN interface speed? [auto] 20: Set the in-path:WAN interface duplex? [auto]
You have entered the following information: 1. Hostname: example 2. Use DHCP on primary interface: no 3. Primary IP address: 10.11.0.6 4. Netmask: 255.255.0.0 5. Default gateway: 10.0.0.1 6. Primary DNS server: 10.0.0.2 7. Domain name: example.com 8. Admin password: (unchanged) 9. SMTP server: exchange 10. Notification email address: example@riverbed.com 11. Set the primary interface speed: auto 12. Set the primary interface duplex: auto 13. Would you like to activate the in-path configuration: yes 14. In-Path IP address: 10.11.6.6 15. In-Path Netmask: 255.255.0.0 16. In-Path Default gateway: 17. Set the in-path:LAN interface speed: auto 18. Set the in-path:LAN interface duplex: auto 19. Set the in-path:WAN interface speed: auto 20. Set the in-path:WAN interface duplex: auto To change an answer, enter the step number to return to. Otherwise hit <enter> to save changes and exit. Choice:
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show connection
158
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
configuration merge
Description Syntax Parameters Merges common configuration settings from one appliance to another. configuration merge <filename> <new-config-name> <filename> <new-configname> Usage Name of file from which to merge settings. Specify the new configuration name.
Use the configuration merge command to deploy a network of appliances. Set up a template for your appliance and merge the template with each appliance in the network. The following configuration settings are not merged when you run the configuration merge command: failover settings, SNMP SysContact and SysLocation, log settings, and all network settings (for example, hostname, auxiliary interface, DNS settings, defined hosts, static routing, and in-path routing). The following configuration settings are merged when you run the configuration merge command: in-path, out-of-path, protocols, statistics, CLI, email, NTP and time, Web, SNMP, and alarm. To merge a configuration file, run the following set of commands:
configuration write to <new-config-name> ;; this saves the current config to the new name and activates ;; the new configuration configuration fetch <url-to-remote-config> <temp-config-name> ;; this fetches the configuration from the remote configuration merge <temp-config-name> ;; this merges the fetched config into the active configuration ;; which is the newly named/created one in step 1 above configuration delete <temp-config-name> ;; this deletes the fetched configuration as it is no longer ;; needed since you merged it into the active configuration
Example
amnesiac amnesiac amnesiac amnesiac
(config) (config) (config) (config)
# configuration write to newconfig #configuration fetch http://domain.com/remoteconfig tempconfig #configuration merge tempconfig #configuration delete tempconfig
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration move
Description Syntax Parameters Moves and renames a configuration file. configuration move <sourcename> <destname> <sourcename> <destname> Specify the name of the source configuration file. Specify the name of the new configuration file.
Riverbed Command-Line Interface Reference Manual
159
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # configuration move westcoast eastcoast
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration new
Description Syntax Parameters Creates a new, blank configuration file. configuration new <new-filename> <cr> [keep licenses] <newfilename> keep licenses Usage Example Product Related Topics Specify the name of the new configuration file. Create a new configuration file with default settings and active licenses.
Riverbed recommends that you use the keep licenses command option. If you do not keep licenses, your new configuration will not have a valid license key.
amnesiac (config) # configuration new westcoast keep licenses
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration flash restore
Description Syntax Parameters Example Product Related Topics Restore a saved configuration from flash memory. configuration flash restore None
amnesiac (config) # configuration flash restore
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration flash write
Description Syntax Parameters Writes the active configuration to flash disk memory in binary and text form. configuration flash write None
160
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # configuration flash write
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration revert keep-local
Description Syntax Parameters Example Product Related Topics Reverts to the initial configuration but maintains some appliance-specific settings. configuration revert keep-local None
amnesiac (config) # configuration revert keep-local
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration revert saved
Description Syntax Parameters Example Product Related Topics Reverts the active configuration to the last saved configuration. configuration revert saved None
amnesiac (config) # configuration revert saved
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration switch-to
Description Syntax Parameters Loads a new configuration file and makes it the active configuration. configuration switch-to <filename> <filename> Specify the filename: initial. Specify the initial configuration. initial.bak. Specify the initial backup configuration. cold. Specify the configuration file before SDR has occurred. working. Specify the current configuration.
Riverbed Command-Line Interface Reference Manual
161
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # configuration switch-to westcoast
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration upload
Description Syntax Parameters Uploads the configuration file. configuration upload <filename> <http, ftp, or scp URL (e.g. scp://username:password@host/path)> <cr> [active] <filename> <http, ftp, or scp URL (e.g. scp:// username:password@h ost/path)> active Example Product Related Topics Specify the configuration filename. Specify the HTTP, FTP, or scp URL.
Makes the uploaded file the active configuration file.
amnesiac (config) # configuration upload initial scp://test:MyPassword@example/tmp/
CMC appliance, Interceptor appliance, Steelhead appliance show connection
configuration write
Description Syntax Parameters Example Product Related Topics Writes the current, active configuration file to memory. configuration write <cr> [to <filename>] to <filename> Save the running configuration to a file.
amnesiac (config) # configuration write
CMC appliance, Interceptor appliance, Steelhead appliance show connection
write flash
Description Syntax Parameters Saves the current configuration settings to flash memory. write flash None
162
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # write flash
CMC appliance, Interceptor appliance, Steelhead appliance show connection
write memory
Description Syntax Parameters Example Product Related Topics Saves the current configuration settings to memory. write memory None
amnesiac (config) # write memory
CMC appliance, Interceptor appliance, Steelhead appliance show connection
write terminal
Description Syntax Parameters Example Product Related Topics Displays commands to recreate current running configuration. write terminal None
amnesiac (config) # write terminal
CMC appliance, Interceptor appliance, Steelhead appliance show connection
tcp connection send keep-alive
Description Syntax Parameters Configures TCP connection tools for debugging Steelhead appliances. tcp connection send keep-alive local-addr <local IP-addr> local-port <port> remote-addr <remote IP-addr> remote-port <port>]] local-addr <local IP-addr> local-port <port> remote-addr <remote IP-addr> remote-port <port>] Specify a local and remote Steelhead appliance for which you want to terminate a connection.
Usage
Enables a keep-alive timer between a local and remote Steelhead appliance so that you can determine if there is an active connection between the appliances. If the appliance is down, it terminates the connection. Use this command to debug connection problems in your network.
Riverbed Command-Line Interface Reference Manual
163
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # tcp connection send keep-alive local-addr 10.0.0.0 local-port 1240 remote-addr 10.0.0.1 local-port 1300
Steelhead appliance show tcp statistics
tcp connection send reset
Description Syntax Configures TCP connection tools for debugging Steelhead appliances. tcp connection send reset [both local-only local-addr <local IP-addr> local-port <port> remote-addr <remote IP-addr> remote-port <port> | local-only local-addr <local IP-addr> local-port <port> remote-addr <remote IP-addr> remote-port <port> | remote-only remote-addr <remote IP-addr> remote-port <port> local-addr <local IP-addr> local-port <port> both local-only local-addr <local IPaddr> local-port <port> remote-addr <remote IP-addr> remote-port <port> local-only local-addr <local IP-addr> local-port <port> remote-addr <remote IP-addr> remote-port <port> remote-only remote-addr <remote IPaddr> remote-port <port> local-addr <local IP-addr> local-port <port> Usage Example Product Related Topics Terminates the connection for the local and remote Steelhead appliances. Terminates the connection for the local Steelhead appliance. Terminates the connection for the remote Steelhead appliance.
Parameters
Terminates connections between Steelhead appliances so that you can debug connection problems in your network.
amnesiac (config) # tcp connection send reset both local-only local-addr 10.0.0.0 local-port 1240 remote-addr 10.0.0.1 remote-port 1300
Steelhead appliance show tcp statistics
Port Label Commands
This section describes the port label commands.
port-label
Description Configures port label settings. Port labels are names given to sets of ports. When you configure rules for feature implementation, you can specify port labels instead of port numbers to reduce the number of rules. [no] port-label <name> port <port> <name> Specify the name of the port label. Port labels are not case sensitive and can be any string consisting of letters, numbers, underscore ( _ ), or a hyphen ( - ).
Syntax Parameters
164
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
<port> Usage
Specify a comma-separated list of ports and ranges of ports. For example: 22,443,990-995,3077-3078
The Riverbed system includes the following default port labels: Secure. Contains ports that belong to the system label for secure ports. The Steelhead appliance automatically passes through traffic on commonly secure ports (for example, ssh, https, and smtps). For a list of secure ports, see Appendix A, Riverbed Ports. Interactive. Contains ports that belong to the system label for interactive ports. The Steelhead appliance automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell). For a list of interactive ports, see Appendix A, Riverbed Ports. RBT-Proto. Contains ports that belong to the label for system processes: 7744 (data store synchronization), 7800-7801 (in-path), 7810 (out-of-path), 7820 (failover), 7850 (connection forwarding), 7860 (Interceptor appliance). All. Contains all ports that have been discovered by the system. This label cannot be modified. Unknown. Contains ports that have been discovered by the system that do not belong to another port label (besides All). Riverbed appliances automatically discover active ports. Activity for the discovered port is included in the Traffic Summary report. If a port label contains the discovered port, the report reflects this. If a label does not exist, the port activity is labeled unknown. You can create an appropriately descriptive port label for activity on such ports. All statistics for this new port label are preserved from the time the port was discovered. You can use the port-label FOO port <port> command to add or modify ports in a port label. For example you define port label FOO by issuing following the command.
(config)# port-label FOO port 2-9,14
If you want to add ports to the FOO port label:
(config)# port-label FOO port 10-20
If you run the show port-label FOO command, you will see the new range of ports from 2 to 20. The no command option removes the port label for the specified port label. Example
amnesiac (config) # port-label foo port 22,443,990-995,3077-3078 amnesiac (config) # amnesiac (config) # show port-label foo Port Label: foo 22,443,990-995,3077-3078
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show prepop
Statistics Manipulation Command
This section describes the statistics manipulation command.
stats settings bandwidth
Description Syntax Parameters Configure sampled statistics. [no] stats settings bandwidth <port> desc <description> user-cap <max ports> <port> desc <description> Specify the port number. Specify a description of the port.
Riverbed Command-Line Interface Reference Manual
165
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option disables bandwidth statistics.
amnesiac (config) # stats settings bandwidth 2727
CMC appliance, Interceptor appliance, Steelhead appliance show stats bandwidth
Notification and SNMP Commands
This section describes the notification and SNMP commands.
email autosupport enable
Description Syntax Parameters Usage Example Product Related Topics Enables automatic email notification of significant alarms and events to Riverbed Technical Support. [no] email autosupport enable None The no command option disables automatic email notification.
amnesiac (config) # email autosupport enable
CMC appliance, Interceptor appliance, Steelhead appliance show email
email domain
Description Syntax Parameters Usage Specify the domain for email notifications. [no] email domain <hostname or IP-addr> <hostname or IP-addr> Specify the domain for email notifications (only if the email address does not contain it).
Use the email domain command only if the email address does not contain the domain. The no command option disables the email domain.
Example Product Related Topics
amnesiac (config) # email domain example.com
CMC appliance, Interceptor appliance, Steelhead appliance show domain
166
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
email mailhub
Description Syntax Parameters Usage Example Product Related Topics Specify the SMTP server for email notifications. [no] email mailhub <hostname or IP-addr> <hostname or IP-addr> Specify the SMTP server for email notifications.
The no command option disables the SMTP server.
amnesiac (config) # email mailhub mail-server.example.com
CMC appliance, Interceptor appliance, Steelhead appliance show email
email mailhub-port
Description Syntax Parameters Usage Example Product Related Topics Specify the mail port for email notifications. [no] email mailhub-port <port number> <port number> Specify the mail port for email notifications.
The no command option disables the SMTP server.
amnesiac (config) # email mailhub-port 135
CMC appliance, Interceptor appliance, Steelhead appliance show domain
email notify events enable
Description Syntax Parameters Usage Example Product Related Topics Enables email notification for events. [no] email notify events enable None The no command option disables email notification.
amnesiac (config) # email notify events enable
CMC appliance, Interceptor appliance, Steelhead appliance show email
Riverbed Command-Line Interface Reference Manual
167
Configuration-Mode Commands
email notify events recipient
Description Syntax Parameters Usage Example Product Related Topics Enables email notification for events. [no] email notify events recipient <email addr> <email addr> Specify the email address of users to receive notification of events.
The no command option disables email notification.
amnesiac (config) # email notify events recipient example@example.com
CMC appliance, Interceptor appliance, Steelhead appliance show email
email notify failures enable
Description Syntax Parameters Usage Example Product Related Topics Enables email notification of appliance failures, such as core dumps. [no] email notify failures enable None The no command option disables email notification.
amnesiac (config) # email notify failures enable
CMC appliance, Interceptor appliance, Steelhead appliance show email
email notify failures recipient
Description Syntax Parameters Usage Example Product Related Topics Enables email notification of appliance failures, such as core dumps. [no] email notify failures recipient <email addr> recipient <email-addr> Specify the email address of users to receive notification of failures.
The no command option disables email notification.
amnesiac (config) # email notify failures recipient example@example.com
CMC appliance, Interceptor appliance, Steelhead appliance show email
168
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
email send-test
Description Syntax Parameters Usage Example Product Related Topics Sends test email to all configured event and failure recipients. email send-test None You can also access this command from enable-mode.
amnesiac (config) # email send-test
CMC appliance, Interceptor appliance, Steelhead appliance show email
snmp-server community
Description Syntax Parameters Usage Example Product Related Topics Enables an SNMP server community. [no] snmp-server community <name> <name> Specify the name of the SNMP server community.
The no command option disables an SNMP server community.
amnesiac (config) # snmp-server community ReaDonLy
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
snmp-server contact
Description Syntax Parameters Usage Example Product Related Topics Sets the SNMP server contact. [no] snmp-server contact <name> <name> Specify the user name of the SNMP server community contact.
The no command option disables the SNMP server contact.
amnesiac (config) # snmp-server contact john doe
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
Riverbed Command-Line Interface Reference Manual
169
Configuration-Mode Commands
snmp-server enable
Description Syntax Parameters Usage Example Product Related Topics Enables an SNMP server. [no] snmp-server enable <cr> [traps] traps Enables sending of SNMP traps from this system.
The no command option disables the SNMP server or traps.
amnesiac (config) # snmp-server enable traps
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
snmp-server host
Description Syntax Parameters Sets the SNMP server host, traps, and version. [no] snmp-server host <hostname or IP-addr> traps <host> version <versionnumber> <hostname or IP-addr> traps <community string> version <trap version> Usage Specify the hostname or IP address for the SNMP server. Specify a community string to send traps to a specified host. Specify the SNMP version of traps to send to this host: 1 or 2c
The no command option disables the SNMP server host. You can change the SNMP port number for traps if you enclose the community string in doublequotes ( ). For example:
snmp-server host 10.0.0.0 traps version 1 public 99162
This changes the host to 10.0.0.0 and port to 99162 for SNMP traps. Example Product Related Topics
amnesiac (config) # snmp-server host 10.0.0.0 traps version 1 public 99162? <<changes port and host>>
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
snmp-server listen enable
Description Syntax Parameters Usage Enables SNMP server interface restrictions (that is, it enables access control and blocks requests on all the interfaces). [no] snmp-server listen enable None The no command option disables SNMP interface restrictions. SNMP interface restrictions are not available through the Management Console.
170
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # snmp-server listen enable
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
snmp-server listen interface
Description Syntax Parameters Usage Adds an interface to the SNMP server access restriction list. [no] snmp-server listen interface <interface> <interface> Specify the interface: primary, aux, inpath0_0, rios-lan0_0, rios_wan0_0
If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces. To add an interface to the list to listen on
snmp-server listen interface primary
To remove an interface from the list
no ssh server listen interface <interface>
SNMP interface restrictions are not available through the Management Console. Example Product Related Topics
amnesiac (config) # snmp-server listen interface primary, aux
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
snmp-server location
Description Syntax Parameters Usage Example Product Related Topics Sets the value for the system location.variable in the MIB. [no] snmp-server location <location of the system> <location of the system> Specify the location of the system.
The no command option disables the SNMP server location.
amnesiac (config) # snmp-server location 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
Riverbed Command-Line Interface Reference Manual
171
Configuration-Mode Commands
snmp-server trap-interface
Description Syntax Parameters Usage Example Product Related Topics Configure the interface used to send out SNMP traps [no] snmp-server trap-interface <interface name> <interface name> Specify the interface name.
The no command option disables the trap interface.
amnesiac (config) # snmp-server trap-interface aux
CMC appliance, Interceptor appliance, Steelhead appliance show snmp
Data Store Management Commands
This section describes the data store management commands.
datastore anchor-select
Description Syntax Parameters Usage Example Product Related Topics Sets the anchor selection. [no] datastore anchor-select <anchor selection> <anchor selection> Specify the anchor selection. The value must be a number between 0 and 42949 67295.
The no command option disables anchor selection.
amnesiac (config) # datastore anchor-select amnesiac (config) # restart clean
CMC appliance, Steelhead appliance show datastore
datastore disk read-pressure interval
Description Syntax Parameters Usage Configure data store disk read-pressure. [no] datastore disk read-pressure interval <number of seconds> <number of seconds> Specify the data store read-pressure interval
The no command option disables the read pressure interval.
172
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # datastore disk read-pressure interval 5
CMC appliance, Steelhead appliance show datastore
datastore disklayout fifo
Description Syntax Parameters Usage Specify a replacement algorithm that replaces data in the order that they are received (first in, first out). [no] datastore disklayout fifo <cr> None. The data store segment replacement policy selects the technique used to replace the data in the data store. While the default setting works best for most Steelhead appliances, occasionally Riverbed Technical Supportt recommends changing the policy to improve performance. The segment replacement policy must match on both the client-side and server-side Steelhead appliances. Note: Upgrading from RiOS v5.0.x to v5.5 changes the default data store segment replacement policy from FIFO to Riverbed LRU. The no command option disables anchor selection. Example Product Related Topics
amnesiac (config) # datastore disklayout fifo
CMC appliance, Steelhead appliance show datastore
datastore disklayout rvbdlru
Description Syntax Parameters Usage Specify a replacement algorithm that replaces the least recently used, evicting pages that have not been used on disk for the longest time. This is the default setting. [no] datastore disklayout rvbdlru <cr> None The data store segment replacement policy selects the technique used to replace the data in the data store. While the default setting works best for most Steelhead appliances, occasionally Riverbed Technical Supportt recommends changing the policy to improve performance. The segment replacement policy must match on both the client-side and server-side Steelhead appliances. Note: Upgrading from RiOS v5.0.x to v5.5 changes the default data store segment replacement policy from FIFO to Riverbed LRU. The no command option disables this option.
Riverbed Command-Line Interface Reference Manual
173
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # datastore disklayout rvbdlru
CMC appliance, Steelhead appliance show datastore
datastore encryption type
Description Enables or disables encryption of the data store and Specify the type of encryption to use. Encrypting the data store significantly limits the exposure of sensitive data in the event an appliance is compromised by loss, theft, or a security violation. The secure data is difficult for a third party to retrieve. Before you encrypt the data store, the secure vault must be unlocked. For detailed information see, secure-vault on page 317. Syntax Parameters [no] datastore encryption type {NONE |AES_128 | AES_192 | AES_256} [NONE | AES_128 | AES_192 | AES_256] Specify a data store encryption scheme: NONE. Do not encrypt the data store. AES_128. Use the Advanced Encryption Standard (AES) 128-bit cipher setting. AES_192. Use the AES 192-bit cipher setting. AES_256. Use the AES 256-bit cipher setting. This encryption scheme is the most secure. Note: Encryption types can be lower-case.
174
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Encrypting the data store significantly limits the exposure of sensitive data in the event an appliance is compromised by loss, theft, or a security violation. The secure data is difficult for a third party to retrieve. Before you encrypt the data store, the secure vault must be unlocked. The encryption key is stored in the secure vault. Encrypting the data store can have performance implications; generally, higher security means less performance. Several encryption strengths are available to provide the right amount of security while maintaining the desired performance level. When selecting an encryption type, you must evaluate the network structure, the type of data that travels over it, and how much of a performance trade-off is worth the extra security. Important: You must clear the data store and reboot the Steelhead service on the Steelhead appliance after turning on, changing, or turning off the encryption type. After you clear the data store, the data cannot be recovered. If you do not want to clear the data store, reselect your previous encryption type and reboot the service. The Steelhead appliance uses the previous encryption type and encrypted data store. To encrypt the data store 1. Make sure your secure vault is unlocked. The encryption key is stored in the secure vault.
secure-vault unlock
For detailed information see, secure-vault on page 317. 2. Turn on data store encryption;
datastore encryption type AES_256
3. Clean the data store and restart the Steelhead service:
restart clean
Encrypted Data Store Downgrade Limitations The Steelhead appliance cannot use an encrypted data store with an earlier RiOS software version, unless the release is an update (v4.x.x). For example, an encrypted data store created in v4.1.4 would work with v4.1.2, but not with v4.0.x. Before downgrading to an earlier software version, you must select none as the encryption type, clear the data store, and restart the service. After you clear the data store, the data are removed from persistent storage and cannot be recovered. To downgrade the data store 1. Turn off data store encryption.
datastore encryption type NONE
2. Clean the data store and restart the Steelhead service:
restart clean
If you return to a previous software version and there is a mismatch with the encrypted data store, the status bar indicates that the data store is corrupt. You can either: Use the backup software version after clearing the data store and rebooting the service. Or Return to the software version in use when the data store was encrypted, and continue using it. For detailed information, see the Steelhead Management Console Users Guide. Example Product Related Topics
amnesiac (config) # datastore encryption type AES_192 amnesiac (config) # restart clean
CMC appliance, Steelhead appliance show datastore
Riverbed Command-Line Interface Reference Manual
175
Configuration-Mode Commands
datastore notification enable
Description Syntax Enables email notification when the data in the data store is replaced with new data in less time than you specify. [no] datastore notification enable The no command option disables notification wrap-around. Parameters Usage Example Product Related Topics None Steelhead appliance only.
amnesiac (config) # datastore notification enable
Steelhead appliance show datastore
datastore notification wrap-around
Description Syntax Parameters Usage Sets the number of days to elapse before sending an email message notifying you that the data in the data store has been replaced. [no] datastore notification wrap-around <days> wrap-around <days> Specify the number of days to elapse before sending an email message notifying you that the data in the data store has been replaced.
Steelhead appliance only. The no command option disables notification wrap-around.
Example Product Related Topics
amnesiac (config) # datastore notification wrap-around 2
CMC appliance, Steelhead appliance show datastore
176
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
datastore sdr-policy
Description An adaptive data streamlining mode determines how the Steelhead appliance stores and maintains the data references. It also optimizes disk access for data replication, if needed. The data streamlining approaches range from less to more aggressive. Changing the default setting is optional; you should select another setting only when it becomes critical and only with guidance from Riverbed Technical Support. [no] datastore sdr-policy [default | sdr-a | sdr-m] default Specify the default setting and works for most implementations. The default setting: Provides the most data reduction. Reduces random disk seeks and improves disk throughput by discarding very small data margin segments that are no longer necessary. This Margin Segment Elimination (MSE) process provides network-based disk defragmentation. Writes large page clusters. Monitors the disk write I/O response time to provide more throughput. sdr-a Includes the default settings described above, and also: Balances writes and reads. Monitors both read and write disk I/O response time to provide more throughput. Important: Use caution with this setting, particularly when you are optimizing CIFS or NFS with prepopulation. Please contact Riverbed Technical Support for more information. sdr-m Performs data reduction entirely in memory, which prevents the Steelhead appliance from reading and writing to and from the disk. Enabling this option can yield high LAN-side throughput because it removes all disk latency. SDR-M is most efficient when used between two identical high-end Steelhead appliance models; for example, 6020 - 6020. When used between two different Steelhead appliance models, the smaller model limits the performance. Important: You cannot use peer data store synchronization with SDR-M. Usage Generally, the default setting provides the most data reduction. When choosing an adaptive streamlining mode for your network, you should contact Riverbed Technical Support to help you evaluate the setting based on: the amount of data replication your data store is processing, how often the replication occurs (for example, as soon as a write occurs, or in a nightly batch). how much data reduction you can sacrifice for higher throughput. The adaptive data streamlining mode on the client-side Steelhead appliance and the server-side Steelhead appliance must match. The no command option disables this option. Example Product Related Topics
amnesiac (config) # datastore sdr-policy sdr-a
Syntax Parameters
CMC appliance, Steelhead appliance show datastore
Riverbed Command-Line Interface Reference Manual
177
Configuration-Mode Commands
datastore sync enable
Description Enables pairs of Steelhead appliances on the same side of a WAN to automatically keep their data stores synchronized. This feature provides for failover and overflow capacity without performance loss. Although the two features are typically enabled together, you can enable this feature which, beginning with version 4.0, is also known as active-active synchronization independent of whether you have enabled failover. [no] datastore sync enable None For deployments requiring the highest levels of redundancy and performance, RiOS supports warm standby between designated master and backup devices. Using automated data store synchronization, the data segments and the references created via data streamlining are automatically copied from the master to the backup appliance. In the event of a failure in the master appliance, the backup appliance takes its place with a warm data store, and can begin delivering fully-optimized performance immediately. RiOS supports active-active configurations, in which each appliance is serving both as a master for some traffic and as a backup for the other appliance, with full data store synchronization. Automatic synchronization can include appliances in a serial or WCCP cluster, and appliances using connection forwarding. Note: Synchronization takes place over the primary or auxiliary port only. Failover is not required for data store synchronization. Although the failover and synchronization features are typically enabled together, you can enable data store synchronization independently of standard failover. Note: In most implementations in which both failover and synchronization are enabled, the same Steelhead appliance serves as the master for both failover and data store synchronization. However, if you enable failover and synchronization, the failover master and the synchronization master do not have to be the same Steelhead appliance. You configure two Steelhead appliances to enable synchronization, one as a server (the synchronization master) and the other as a backup. The synchronization master and its backup: must be on the same LAN. do not have to be in the same physical location. If they are in different physical locations, they must be connected via a fast, reliable LAN connection with minimal latency. must be running the same version of the RiOS software. must have the same hardware model. must be configured on the primary or auxiliary interface. When you have configured the master and backup appliances, you must restart the Steelhead service on the backup Steelhead appliance. The master restarts automatically. For detailed information about basic steps for configuring data store synchronization, see the Steelhead Management Console Users Guide. After you have enabled and configured synchronization, the data stores are actively kept synchronized. For information on how synchronized appliances replicate data, see the Steelhead Appliance Deployment Guide. Note: If one of the synchronized Steelhead appliances is under high load, some data might not be copied. For detailed information, see the Steelhead Appliance Deployment Guide. Note: If data store synchronization is interrupted for any reason (such as a network interruption or if one of the Steelhead appliances is taken out of service), the Steelhead appliances continue other operations without disruption. When the interruption is resolved, data store synchronization resumes without risk of data corruption. The no command option disables automatic synchronization.
Syntax Parameters Usage
178
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
amnesiac amnesiac amnesiac amnesiac amnesiac
(config) (config) (config) (config) (config)
# # # # #
datastore datastore datastore datastore datastore
sync sync sync sync sync
peer-ip 192.148.0.12 port 7744 reconnect 30 master enable
Product Related Topics
CMC appliance, Steelhead appliance show datastore
datastore sync master
Description Syntax Parameters Usage Example Product Related Topics Sets the local appliance as the master appliance to which the data stores for other appliances synchronize. [no] datastore sync master None The no command option removes the master status for the appliance data store.
amnesiac (config) # datastore sync master
CMC appliance, Steelhead appliance show datastore
datastore sync peer-ip
Description Sets the IP address for the peer appliance for which you want to push replicated data. This must be the primary IP address of a backup appliance. Syntax Parameters Example Product Related Topics datastore sync peer-ip <ip-addr> <ip-addr> Specify the primary IP address of the backup appliance.
amnesiac (config) # datastore sync peer-ip 10.0.0.3
CMC appliance, Steelhead appliance show datastore
datastore sync port
Description Syntax Parameters Usage Sets the port for the peer Steelhead appliance for which you want to push replicated data. [no] datastore sync port <port> <port> Specify the port of the peer Steelhead appliance. The default value is 7744.
The no command option disables the port.
Riverbed Command-Line Interface Reference Manual
179
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # datastore sync port 1234
CMC appliance, Steelhead appliance show datastore
datastore sync reconnect
Description Syntax Parameters Usage Example Product Related Topics Sets the reconnection interval for data store synchronization. [no] datastore sync reconnect <seconds> <seconds> Specify the number of seconds for the reconnection interval. The default value is 30.
The no command option resets the reconnection interval to the default.
amnesiac (config) # datastore sync reconnect 40
CMC appliance, Steelhead appliance show datastore
Logging Commands
This section describes the logging commands.
logging
Description Syntax Parameters Adds a remote system log (syslog) server to the system. [no] logging <ip-addr> <cr> [trap <log level>] <ip-addr> trap <log level> Specify the IP address for the syslog server. Specify the trap log level of the syslog server. If you have set different log levels for each remote syslog server, this option changes all remote syslog servers to have a single log level.
Usage Example Product Related Topics
The no command option removes a remote syslog server from the system.
amnesiac (config) # logging 10.0.0.2
CMC appliance, Interceptor appliance, Steelhead appliance show logging
180
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
logging files delete
Description Syntax Parameters Usage Example Product Related Topics Deletes the oldest log file or a specified number of the oldest log files. logging files delete [oldest <number>] oldest [<number>] Specify the number of old log files to delete. The range is 1-10.
You can also access this command from enable-mode.
amnesiac (config) # logging files delete oldest 10
CMC appliance, Interceptor appliance, Steelhead appliance show logging
logging files rotation force
Description Syntax Parameters Usage Example Product Related Topics Rotates logs immediately. logging files rotation force None You can also access this command from enable-mode.
amnesiac (config) # logging files rotation force
CMC appliance, Interceptor appliance, Steelhead appliance show logging
logging files rotation criteria frequency
Description Syntax Parameters Usage Example Product Related Topics Sets the frequency of log rotation. logging files rotation criteria frequency <rotation frequency> <rotation frequency> Specify how often log rotation occurs: monthly, weekly, daily.
The default value is weekly.
amnesiac (config) # logging files rotation criteria frequency weekly
CMC appliance, Interceptor appliance, Steelhead appliance show logging
Riverbed Command-Line Interface Reference Manual
181
Configuration-Mode Commands
logging files rotation criteria size
Description Syntax Parameters Usage Example Product Related Topics Sets the size, in MB, of the log file before rotation occurs. logging files rotation criteria size <size> <size> Specify the size of the log file to save in MB.
The default value is 0 (unlimited).
amnesiac (config) # logging files rotation criteria size 100
CMC appliance, Interceptor appliance, Steelhead appliance show logging
logging files rotation max-num
Description Syntax Parameters Usage Example Product Related Topics Sets the maximum number of log files to keep locally. logging files rotation max-num <number> <number> Specify the number of log files to keep locally. The range is 1-100.
The default value is 10.
amnesiac (config) # logging files rotation max-num 10
CMC appliance, Interceptor appliance, Steelhead appliance show logging
logging local
Description Syntax Parameters Sets the minimum severity of log messages saved on the local syslog servers. [no] logging local <loglevel> <loglevel> Specify the logging severity level. The follow severity levels are supported: emerg. Emergency, the system is unusable. alert. Action must be taken immediately. crit. Critical conditions. err. Error conditions. warning. Warning conditions. notice. Normal but significant condition. info. Informational messages. debug. Debug-level messages. Usage The default value is notice. The no command option sets the severity level for logging to none (no logs are sent).
182
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # logging local notice
CMC appliance, Interceptor appliance, Steelhead appliance show logging
logging trap
Description Syntax Parameters Sets the minimum severity for messages sent to the remote syslog servers. [no] logging trap <loglevel> <loglevel> Specify the logging severity level. The following levels are supported: emerg. Emergency, the system is unusable. alert. Action must be taken immediately. crit. Critical conditions. err. Error conditions. warning. Warning conditions. notice. Normal but significant condition. info. Informational messages. debug. Debug-level messages. Usage The default value is notice. The no command option sets the severity level for logging to none. Example Product Related Topics
amnesiac (config) # logging trap notice
CMC appliance, Interceptor appliance, Steelhead appliance show logging
License and Hardware Upgrade Commands
This section describes the license and hardware upgrade commands.
boot system
Description Syntax Parameters Example Product Related Topics Boots the specified partition the next time the appliance is rebooted. boot system <partition> <partition> Specify the partition to boot: 1 or 2.
amnesiac (config) # boot system 1
CMC appliance, Interceptor appliance, Steelhead appliance show images
Riverbed Command-Line Interface Reference Manual
183
Configuration-Mode Commands
hardware upgrade model
Description Syntax Parameters Usage Example Product Related Topics Upgrades hardware settings to reflect new hardware model. hardware upgrade model None This command is valid only after you have installed a hardware upgrade license.
amnesiac (config) # hardware upgrade model
Steelhead appliance show hardware spec
hardware spec activate
Description Syntax Parameters Usage Example Product Related Topics Activates hardware specification settings. hardware spec activate <spec> <spec> Specify the specification to activate.
This command is valid only after you have installed a hardware upgrade license.
amnesiac (config) # hardware spec activate 1520
Steelhead appliance show hardware spec
image boot
Description Syntax Parameters Example Product Related Topics Boots the specified system image by default. image boot <partition> <partition> Specify the partition to boot: 1 or 2.
amnesiac (config) # image boot 1
CMC appliance, Steelhead appliance, Interceptor appliance show version
184
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
image flash backup
Description Syntax Parameters Example Product Related Topics Backs up the current image to flash memory. image flash backup <image version> <image version> Specify the filename under which to store the image on the flash disk.
amnesiac (config) # image flash backup image 19
CMC appliance, Steelhead appliance, Interceptor appliance show hardware spec
image flash restore
Description Syntax Parameters Example Product Related Topics Restores the system to an image in flash memory. image flash restore <flash recovery image> <flash recovery image> The name of the image saved on the flash disk.
amnesiac (config) # image flash restore image 19
CMC appliance, Steelhead appliance, Interceptor appliance show hardware spec
license delete
Description Syntax Parameters Example Product Related Topics Deletes the specified license key. license delete <license number> <license number> Specify the license number.
amnesiac (config) # license delete 4
CMC appliance, Interceptor appliance, Steelhead appliance show licenses
Riverbed Command-Line Interface Reference Manual
185
Configuration-Mode Commands
license install
Description Syntax Parameters Usage Example Product Related Topics Installs a new software license key. [no] license install <license key> <license key> Specify the license key.
The no command option disables this command.
amnesiac (config) # license install SH10_B-0000-1-7F14-FC1F
CMC appliance, Interceptor appliance, Steelhead appliance show licenses
System Administration and Service Commands
This section describes the system administration and service commands.
hardware watchdog
Description Syntax Parameters Usage Example Product Related Topics Enables the hardware watchdog which monitors the system for hardware errors. [no] hardware watchdog enable None The no command option disables hardware watchdog.
amnesiac (config) # hardware watchdog enable
CMC appliance, Interceptor appliance, Steelhead appliance show hardware
service default-port
Description Syntax Parameters Usage Sets the default service port. service default-port <port> <port> Specify the new target port. The default service ports are 7800 and 7810.
Service ports are the ports used for inner connections between Steelhead appliances. You can configure multiple service ports on the server-side of the network for multiple QoS mappings. You define a new service port and then map destination ports to that port, so that QoS configuration settings on the router are applied to that service port.
186
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # service default-port 7810
Steelhead appliance show service ports
service map-port
Description Syntax Parameters Sets a target port for service port mapping. [no] service map-port <dest port> <service port> <dest port> <service port> Usage Specify the destination port to which you want to map. Specify the service port to which you want to map.
Setting multiple service ports on inner connections enables you to identify the type of traffic and apply QoS settings based on a port. For example, in an in-path deployment, CIFS and MAPI could be mapped to port 9800 and HTTP to port 9802. You can configure the WAN router to tag packets for port 9800 with the same priority as for port 9802, therefore CIFS and MAPI have the same priority as HTTP. Or you can create a hierarchical mapping where port 9800 receives a higher priority than 9802, and so forth. In the out-of-path deployment, you define which port to listen to on the server Steelhead appliance, and you define an in-path, fixed-target rule on the client Steelhead appliance to point to the service ports for the traffic to which you want to apply QoS. You cannot map the following ports: Port 22. Reserved for SSH. Port 80, 443, and 446. Reserved for the Management Console. Port 139, 445, and 977. Reserved for PFS. These ports are only excluded if you have enabled PFS. Port 7800-7899. Reserved by Riverbed (except 7800 and 7810). Port 8777. Reserved for CIFS transparent prepopulation. This port is excluded only if you have enabled CIFS prepopulation. The no command option disables the service map.
Example Product Related Topics
amnesiac (config) # service map-port 7018 8000
Steelhead appliance show service ports
service neural-framing
Description Syntax Dumps or enables neural-framing statistics. [no] service neural-framing [dump | iterations | stats enable]
Riverbed Command-Line Interface Reference Manual
187
Configuration-Mode Commands
Parameters
dump iterations stats enable
Dumps neural-framing debug files, which are used by sysdump. Resets Iterations before determining heuristic. Used only with the no option. For example: no service-neural framing iterations Enables collection of neural-framing statistics.
Usage
By default, neural-framing statistics are disabled. Neural framing enables the Steelhead appliance to select the optimal packet framing boundaries for SDR. SDR encoding provides the best optimization results when the largest buffer is available before a flush is performed. Neural framing creates a set of heuristics to intelligently determine the optimal moment to flush TCP buffers. The Steelhead appliance continuously evaluates these heuristics and uses the optimal heuristic to maximize the amount of buffered data transmitted in each flush, while minimizing the amount of idle time that the data sits in the buffer. You must set the neural framing mode (algorithm) for in-path rules for which you want to apply neural framing. The no command option disables neural-framing statistics.
Example Product Related Topics
amnesiac (config) # service neural-framing stats enable
Steelhead appliance show service neural-framing
service port
Description Syntax Parameters Usage Sets a new service port to add for multiple service ports. Service ports are the ports used for inner connections between Steelhead appliances. [no] service port <port> <port> Specify the new port to add. The default service ports are 7800 and 7810.
You can configure multiple service ports on the server side of the network for multiple QoS mappings. You define a new service port and then map CIFS ports to that port, so that QoS configuration settings on the router are applied to that service port. The no command option disables the service port.
Example Product Related Topics
amnesiac (config) # service port 7800
CMC appliance, Steelhead appliance show service ports
Host Setup Commands
This section describes the host setup commands.
188
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
arp
Description Syntax Parameters Creates static ARP entries in the ARP table. [no] arp <ip-addr> <MAC-addr> <ip-addr> <MAC-addr> Usage Example Product Related Topics Specify the IP address of the machine. Specify the MAC address.
The no command option disables ARP static entries.
amnesiac (config) # arp 10.0.0.0 00:07:E9:55:10:09
CMC appliance, Interceptor appliance, Steelhead appliance show admission
clock set
Description Syntax Parameters Sets the system time and date. clock set {<hh:mm:ss> | <yyyy/mm/dd>} <hh:mm:ss> <yyyy/mm/dd> Example Product Related Topics Specify the hour, minutes, and seconds. Specify the year, month, and day.
amnesiac (config) # clock set 12:34:55
CMC appliance, Interceptor appliance, Steelhead appliance show clock
clock timezone
Description Syntax Parameters Sets the current time zone. clock timezone <zone> <zone> Specify the time zone name: Africa, America, Antarctica, Arctic, Asia, Atlantic_Ocean, Australia, Europe, GMT-offset, Indian_Ocean, Pacific_Ocean, UTC.
Usage Example Product Related Topics
The default value is GMT-offset.
amnesiac (config) # clock timezone Africa
CMC appliance, Interceptor appliance, Steelhead appliance show clock
Riverbed Command-Line Interface Reference Manual
189
Configuration-Mode Commands
hardware ecc-mem-check enable
Description Syntax Parameters Usage Example Product Related Topics Enables ECC memory check. [no] hardware ecc-mem-check enable None The no command option disables ECC memory check.
amnesiac (config) # hardware ecc-mem-check enable
Steelhead appliance show hardware
hostname
Description Syntax Parameters Usage Example Product Related Topics Sets the hostname for this appliance. [no] hostname <hostname> <hostname> Specify the hostname. Do not include the domain name.
The no command option removes the hostname for this appliance.
amnesiac (config) # hostname park
CMC appliance, Steelhead appliance, Interceptor appliance show hosts
interface
Description Syntax Configures appliance interfaces. [no] interface <interfacename> <options>
190
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
<interfacename> <options>
Specify the interface name: aux, lan0_0, wan0_0, primary, in-path0_0. Each interface has the following configuration options: dhcp <cr> | renew. Enables DHCP on the interface or renews DHCP. Setting DHCP on the auxiliary interface only provides an IP lease, and does not update the gateway, routes, and DNS settings. dhcp renew. Renews DHCP for this interface. duplex <speed>. Specify the duplex speed: auto, full, half. The default value is auto. ip address <ip-addr>. Specify the IP address for the interface. mtu <speed>. Specify the MTU. The MTU is set once on the in-path interface; it propagates automatically to the LAN and the WAN. The no command option disables the MTU setting. The default value is 1500. shutdown. Shuts down the interface. speed <speed>. Specify the speed for the interface: auto, 10, 100, 1000. The default value is 100. fail-to-bypass enable. Disables fail-to-block (disconnect) mode. The no interface <interface> fail-to-bypass enable command enables fail-toblock mode. In fail-to-block mode, if the Steelhead appliance has an internal software failure or power loss, the Steelhead appliance LAN and WAN interfaces power down and stop bridging traffic. This feature is only useful if the network has a routing or switching infrastructure that can automatically divert traffic off of the link once the failed Steelhead appliance blocks it. Fail-to-block is supported on the following bypass cards: Two-Port Copper Gigabit-Ethernet Bypass Card-B, Four-Port SX Fiber GigabitEthernet Bypass Card, Six-Port Copper Gigabit-Ethernet Bypass Card, Four-Port Copper Gigabit-Ethernet PCI-E Bypass Card Series XX50, TwoPort SX Fiber Gigabit-Ethernet PCI-E Bypass Card Series XX50, Four-Port SX Fiber Gigabit-Ethernet PCI-E Bypass Card Series XX50 To enable fail-to-block mode
enable configure terminal no interface inpath0_0 fail-to-bypass enable write memory
To change from fail-to-block mode back to fail-to-wire mode
enable configure terminal interface inpath0_0 fail-to-bypass enable write memory
Fail-to-wire (or bypass) mode allows the Steelhead appliance WAN and LAN ports to serve as an Ethernet crossover cable. In fail-to-wire mode, Steelhead appliances cannot view or optimize traffic. Instead, all traffic is passed through the Steelhead appliance unoptimized. All Steelhead appliance in-path interfaces support fail-to-wire mode. Fail-to-wire mode is the default setting for Steelhead appliances. For detailed information about enabling and disabling fail-to-block, see the Steelhead Appliance Deployment Guide. Usage The no command option disables the interface settings.
Riverbed Command-Line Interface Reference Manual
191
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # no interface inpath0_0 fail-to-bypass enable
CMC appliance, Interceptor appliance, Steelhead appliance show ip
ip default-gateway
Description Syntax Parameters Usage Sets the default gateway for the appliance. [no] ip default-gateway <addr> <addr> Specify the IP address of the management interface.
This command is used to set the default gateway for the entire appliance. It is primarily used for the primary or auxiliary (aux) interfaces for management, but can also be used for out-of-path optimization configurations as well as PFS. The no command option disables the default gateway IP address.
Example Product Related Topics
amnesiac (config) # ip default-gateway 10.10.10.1
CMC appliance, Steelhead appliance, Interceptor Appliance show ip
ip domain-list
Description Syntax Parameters Usage Example Product Related Topics Adds a domain name to the domain list for resolving hostnames. [no] ip domain list <domain> <domain> Specify the domain name.
The no command option removes a domain from the domain list.
amnesiac (config) # ip domain-list example.com
CMC appliance, Steelhead appliance, Interceptor Appliance show domain
ip host
Description Syntax Parameters Adds an entry to the static host table. [no] ip host <hostname> <ip-addr> <hostname> <ip-addr> Specify the hostname. Specify the IP address.
192
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option removes an entry from the static host table.
amnesiac (config) # ip host park 10.10.10.1
CMC appliance, Steelhead appliance, Interceptor Appliance show hosts
ip name-server
Description Syntax Parameters Usage Example Product Related Topics Adds a DNS name server. [no] ip name-server <ip-addr> <ip-addr> Specify the name server IP address.
The no command option removes a DNS name server.
amnesiac (config) # ip name-server 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance show running-config
limit connection
Description Syntax Parameters Usage Example Product Related Topics Sets the connection Limit per source IP address. [no] limit connection <limit> <limit> Specify the connection limit.
The no command option disables the connection limit.
amnesiac (config) # limit connection 200
CMC appliance, Steelhead appliance show limit connection
ip route
Description Syntax Adds a static route. [no] ip route <network prefix> <netmask> <netmask length> <next-hop-IP-addr>
Riverbed Command-Line Interface Reference Manual
193
Configuration-Mode Commands
Parameters
<network prefix> <netmask> <mask length> <next-hop-IPaddr>
Specify the network prefix. Specify the netmask. For example: 255.255.255.0 Specify the netmask length. For example: /24 Specify the next hop IP address.
Usage Example Product Related Topics
The no command option disables the static route. If no ip route is run with only a network prefix and mask, it deletes all routes for that prefix.
amnesiac (config) # ip route /16 193.166.0/24 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance show ip
ntp disable
Description Syntax Parameters Usage Example Product Related Topics Disables NTP support. [no] ntp disable None The no command option enables NTP support.
amnesiac (config) # ntp disable
CMC appliance, Interceptor appliance, Steelhead appliance show ntp
ntp enable
Description Syntax Parameters Usage Example Product Related Topics Enables NTP support. [no] ntp enable None The no command option disables NTP support.
amnesiac (config) # ntp enable
CMC appliance, Interceptor appliance, Steelhead appliance show ntp
194
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
ntp peer
Description Syntax Parameters Enables an NTP peer. [no] ntp peer <ip-addr> <cr> [version <number>] <ip-addr> version <number> Usage Example Product Related Topics Specify the NTP peer IP address. Specify the NTP version number. You do not need to specify the version number for the no ntp peer command.
The no command option disables an NTP peer.
amnesiac (config) # ntp peer 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance show ntp
ntp server
Description Syntax Parameters Configures an NTP server. [no] ntp server <ip-addr> <cr> [version <number>] <ip-addr> version <number> Usage Example Product Related Topics Specify the NTP server to synchronize with. Specify the version number for NTP. You do not need to specify the version number for the no ntp server command.
The no command option removes an NTP server.
amnesiac (config) # ntp server 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance show ntp
ntp server enable
Description Syntax Parameters Usage Example Product Related Topics Enables an NTP server. [no] ntp server <hostname> enable <hostname> Specify the NTP server to synchronize with.
The no command option removes an NTP server.
amnesiac (config) # ntp server blah enable
CMC appliance, Interceptor appliance, Steelhead appliance show ntp
Riverbed Command-Line Interface Reference Manual
195
Configuration-Mode Commands
telnet-server enable
Description Syntax Usage Example Product Related Topics Enables you to access the CLI using telnet. This feature is disabled by default. [no] telnet-server enable You can use telnet to troubleshoot your system. It enables you to access the CLI from another system.
amnesiac (config) # telnet-server enable
CMC appliance, Steelhead appliance show terminal
Steelhead Appliance Feature Configuration Commands
This section describes commands you use to configure Steelhead appliance features. It includes the following sections:
AAA and Role-Based Management Commands, next Secure Shell Access Commands on page 144 CLI Terminal Configuration Commands on page 147 Management Console Configuration Commands on page 149 Configuration File Commands on page 155 Port Label Commands on page 164 Statistics Manipulation Command on page 165 Notification and SNMP Commands on page 166 Data Store Management Commands on page 172 Logging Commands on page 180 License and Hardware Upgrade Commands on page 183 System Administration and Service Commands on page 186 Host Setup Commands on page 188 In-Path and Virtual In-Path Support Commands on page 197 Out-of-Path Support on page 210 Peering Commands on page 210 Asymmetric Route Detection Commands on page 218 Connection Forwarding on page 224 Simplified Routing Support Commands on page 230 NetFlow Support Commands on page 231 PFS Support Commands on page 239
196
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
CIFS Prepopulation Support Commands on page 251 CIFS Support Commands on page 254 SMB Signing Commands on page 259 RiOS TCP Dump Commands on page 262 HS-TCP Support Commands on page 267 Oracle Forms Support Commands on page 269 MAPI Support Commands on page 271 MS-SQL Blade Support Commands on page 277 NFS Support Commands on page 284 HTTP Support Commands on page 289 Lotus Notes Commands on page 296 SSL Support Commands on page 297 QoS Support Commands on page 318 Connection Pooling Commands on page 329 WAN Visibility (Transparency) Commands on page 329 WCCP Support Commands on page 333 Failover Support Commands on page 337 Data Replication Commands on page 340 Riverbed Services Platform Commands on page 342 DNS Cache Commands on page 358 Domain and Workgroup Commands on page 365 Job Commands on page 370 Load-Balancing Commands on page 378 Interceptor Peering Support Commands on page 382 Central Management Console Feature Commands on page 390 Raid Commands on page 374 CMC Export Commands on page 398
In-Path and Virtual In-Path Support Commands
This section describes the in-path and virtual in-path support commands.
Riverbed Command-Line Interface Reference Manual
197
Configuration-Mode Commands
in-path enable
Description Syntax Parameters Usage Example Product Related Topics Enables in-path support. An in-path configuration is a configuration in which the appliance is in the direct path of the client and the server. [no] in-path enable None The no command option disables in-path support.
amnesiac (config) # in-path enable
CMC appliance, Steelhead appliance show in-path
in-path interface enable
Description Syntax Parameters Usage Enables the in-path interface for optimization. [no] in-path interface <interface> enable <interface> Specify the IP address of the in-path interface.
The in-path interface enable command is useful only when there are multiple bypass cards enabled (for example, with a Four-Port Copper Gigabit-Ethernet Bypass card). The no command option disables the in-path interface.
Example Product Related Topics
amnesiac (config) #in-path interface 10.0.0.1 enable
CMC appliance, Steelhead appliance, Interceptor appliance show ip
in-path interface vlan
Description Syntax Parameters Enables VLAN support for an in-path interface on a trunked link. [no] in-path interface <interface> vlan <id> <interface> <id> Usage Specify the in-path appliance for which the VLAN applies. Specify the VLAN identification number. The VLAN identification number is a value with a range from 0-4094 (-1 specifies all; 0 specifies no tagging).
The in-path interface vlan command enables you to set which VLAN to use for connections. It does not define which VLAN to optimize. To define which VLAN to optimize, you must define in-path rules and apply them to all VLANs or a specific VLAN. The no command option disables the VLAN support.
198
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config)# in-path interface inpath0_0 vlan 26
CMC appliance, Steelhead appliance, Interceptor appliance show ip
in-path kickoff
Description Syntax Parameters Usage Resets open connections upon start up. [no] in-path kickoff None When the Steelhead service restarts with kickoff enabled, it breaks existing connections and forces clients to open new connections. With kickoff disabled, open connections are not broken, but they are unoptimized. New connections are optimized. When the appliance is not powered on or the Steelhead service is not running, the failover appliance takes over so that connections continue to be made to the WAN. Generally, connections are short lived and kickoff is not necessary; kickoff is suitable for very challenging remote environments. For example, in an environment with 128 kbps and 1.5 seconds of latency, you might want to cancel an HTTP download so that your traffic is optimized; whereas in a remote branch-office with a T1 and 35 ms round-trip time, you would want connections to migrate to optimization gracefully, rather than risk interruption with kickoff. Note: Do not enable kickoff for in-path Steelhead appliances that use auto-discovery or if you do not have a Steelhead appliance on the remote side of the network. If you do not set any in-path rules, the default behavior is to auto-discover all connections. If kickoff is enabled, all connections that existed before the Steelhead appliance started are reset. The no command option disables the in-path kickoff feature. Example Product Related Topics
amnesiac (config) # in-path kickoff
CMC appliance, Steelhead appliance show in-path peering rules
in-path lsp enable
Description Syntax Parameters Usage Enables link-state propagation. For example, if the LAN interface drops the link then the WAN also drops the link. [no] in-path lsp enable None If you require a Steelhead appliance to fail-to-wire (bypass) when the LAN or WAN ports become disconnected, enable this feature. This feature is similar to what ISPs do in order to follow the state of a link. The no command option disables the in-path feature.
Riverbed Command-Line Interface Reference Manual
199
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # in-path lsp enable
CMC appliance, Steelhead appliance, Interceptor appliance show in-path lsp
in-path move-rule rulenum
Description Syntax Parameters Example Product Related Topics Moves the order of the rule in the rule list to the specified position. in-path move-rule rulenum <rulenum> to <rulenum> <rulenum> Specify the rule number or start or end.
amnesiac (config) # in-path move-rule rulenum 25 to 10
CMC appliance, Steelhead appliance, Interceptor appliance show in-path rules
in-path oop enable
Description Syntax Parameters Usage Example Product Related Topics Enable in-path support for networks that utilize Layer-4 switches, PBR, and WCCP. [no] in-path oop enable None The no command option disables out-of-path support.
amnesiac (config) # in-path oop enable
CMC appliance, Steelhead appliance show out-of-path
in-path rule auto-discover
Description Adds an auto-discovery rule. Auto-discovery is the process by which the Steelhead appliance automatically intercepts and optimizes traffic on all IP addresses and ports. By default, auto-discovery is applied to all IP addresses and ports that are not secure, interactive, or default Riverbed ports. Syntax [no] in-path rule auto-discover [scraddr <network>] [dstaddr <network>] [dstport <port>] | [vlan <vlan tag ID>] | [optimization {normal | sdr-only |compr-only | none}] | [preoptimization {ssl | oracle-forms | oracle-forms+ssl | none}] | [latency-opt {normal | http | none}] [neural-mode {always | dynamic | never | tcphints}]| [wan-visibility {correct | port | full}] [rulenum <rulenum>] | [description <description>]
200
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
srcaddr <network> dstaddr <network> dstport <port>
Specify the source subnet. For example: 1.2.3.4/32 Specify the destination subnet and port. For the network address, use the following format: XXX.XXX.XXX.XXX/XX For the port, you can specify a single port (number), a port label, or all to specify all ports.
vlan <vlan tag ID> optimization {normal | sdr-only | compr-only | none}
Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged. Specify an optimization policy: compr-only. Specify this option to turn off SDR but perform LZ compression. normal. The normal optimization policy is the default. The normal process performs LZ compression and SDR. none. Specify this option to turn off LZ compression and SDR. sdr-only. Specify this option to turn off LZ compression. Setting an optimization policy allows you more flexibility in applying optimization techniques. For example, in some high bandwidth, low latency networks (that is, a short, fat pipe) there are times when disabling SDR (and performing LZ-only) makes sense because disk access could become a bottleneck. If you have questions regarding the best optimization policy for your network, consult with your Sales Engineer of with Riverbed Technical Support about your optimization policy options. To configure optimization policies for the FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. Setting QoS for port 20 on the client-side Steelhead appliance affects passive FTP, while setting the QoS for port 20 on the server-side Steelhead appliance affects active FTP. To configure optimization policies for the Messaging Application Protocol Interface (MAPI) data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
preoptimization {ssl |oracle-forms | oracle-forms+ssl | none}
Specify a preoptimization policy: none. Preoptimization processing is set to none by default. If SSL or Oracle Forms preoptimization processing is turned on and you want to turn it off for a port, specify none. ssl. Specify ssl to enable SSL preoptimization processing for traffic via SSL secure ports. oracle-forms. Specify oracle-forms to enable preoptimization processing for the Oracle Forms browser plug-in. oracle-forms+ssl. Specify to enable preoptimization processing for both the Oracle Forms browser plug-in and SSL encrypted traffic through SSL secure ports on the client-side Steelhead appliance. Important: Make sure you specify latency-opt to none to ensure that SSL connections are optimized.
Riverbed Command-Line Interface Reference Manual
201
Configuration-Mode Commands
latency-opt {http | normal |none}
Specify a latency-optimization policy: http. Perform HTTP optimization on connections matching this rule. normal. Perform HTTP optimization for ports 80 and 8080. This is the default setting. none. Do not perform HTTP optimization on connections matching this rule. Important: If you are configuring preoptimization for SSL connections, make sure you specify latency-opt to none to ensure that SSL connections are optimized.
neural-mode {always | dynamic | never | tcphints}
Enables neural framing in the Steelhead appliance. Enabling neural framing makes your WAN more efficient by gathering data to select the optimal packet framing boundaries for SDR. If you specify a neural mode, your network experiences a trade-off between the compression and SDR performance, and the latency added to the connection. For different types of traffic, one algorithm might be better than others. Specify one of the following modes: always. Always use the Nagle algorithm. This is the default setting (always wait 6 ms). All data is passed to the codec which attempts to coalesce consume calls (if needed) to achieve better fingerprinting. A timer (6 ms) backs it up and causes leftover data to be consumed. Neural heuristics are computed in this mode but are not used. dynamic. Dynamically adjust the Nagle parameters. The Steelhead appliance picks the best algorithm to use by learning what algorithm is best and adapting if the traffic characteristic changes. never. Never use the Nagle algorithm. All the data is immediately encoded without waiting for timers to fire or application buffers to fill past a specified threshold. Neural heuristics are computed in this mode but are not used. tcphints. Base setting on TCP hints. If data is received from a partial frame packet or a packet with the TCP PUSH flag set, the encoder encodes the data instead of immediately coalescing it. Neural heuristics are computed in this mode but are not used. To configure neural framing for an FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. To configure neural framing for a MAPI data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
202
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
wan-visibility {correct | port |full}
Enables WAN visibility in the Steelhead appliance. Specify one of the following modes: correct. Correct addressing uses Steelhead appliance IP addresses and port numbers in the TCP/IP packet header fields for optimized traffic in both directions across the WAN. port. Port transparency preserves your server port numbers in the TCP/IP header fields for optimized traffic in both directions across the WAN. Traffic is optimized while the server port number in the TCP/IP header field appears to be unchanged. Routers and network monitoring devices deployed in the WAN segment between the communicating Steelhead appliances can view these preserved fields. full. Full address transparency preserves your client and server IP addresses and port numbers in the TCP/IP header fields for optimized traffic in both directions across the WAN. Additionally, VLAN tags are also preserved. Traffic is optimized while these TCP/ IP header fields appear to be unchanged. Routers and network monitoring devices deployed in the WAN segment between the communicating Steelhead appliances can view these preserved fields. Note: For transparent addressing to function correctly, both of the Steelhead appliances must have RiOS v5.0.x or later installed. If one Steelhead appliance does not support transparent addressing (that is, it has RiOS v4.1 or earlier installed), the Steelhead appliance attempting to optimize a connection in one of the transparent addressing modes automatically reverts to correct addressing mode, and optimization continues. For detailed information about how to configure WAN visibility, see the Steelhead Appliance Deployment Guide.
rulenum <rulenum>
Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and so forth. The start value Specify that the rule become the first rule and end Specify that it become the last rule. If you do not specify a rule number, the rule is added to the end of the list.
description <description> Usage
Specify a description to facilitate communication about network administration.
The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>
Example Product Related Topics
amnesiac (config) # in-path rule auto-discover srcaddr 10.10.10.1/24 port 2121 dstaddr 10.24.24.24.1/24 rulenum 2
Steelhead appliance show in-path, show in-path rules
Riverbed Command-Line Interface Reference Manual
203
Configuration-Mode Commands
in-path rule deny
Description Syntax Parameters Adds a deny rule to reject connection requests. [no] in-path rule deny [scraddr <network>] [dstaddr <network>] [dstport <port>] | [vlan <vlan tag ID>] | [rulenum <rulenum>] | [description <description>] srcaddr <network> dstaddr <network> dstport <port> Specify the source subnet for this rule. For example: 1.2.3.4/32 Specify the destination subnet and port for this rule. For the network address, use the following format: XXX.XXX.XXX.XXX/XX. For the port, you can specify a single port (number), a port label, or all to specify all ports. vlan <vlan tag ID> rulenum <rulenum> Specify the VLAN tag ID (if any). The VLAN tag ID is a number with a range from 0-4094. Specify 0 to mark the link untagged. Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and so forth. The start value Specify that the rule become the first rule and end Specify that it become the last rule. If you do not specify a rule number, the rule is added to the end of the list. description <description> Usage Specify a description to facilitate network administration.
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify deny rules for traffic you want to reject and return a message to the client that the request has been denied. The no command option disables the rule. The no command option syntax is: no in-path rule <rulenum>
Example Product Related Topics
amnesiac (config) # in-path rule deny srcaddr 10.0.0.1/24 dstaddr 10.0.0.2/24 rulenum 4
Interceptor appliance, CMC appliance, Steelhead appliance show in-path, show in-path rules
in-path rule discard
Description Syntax Adds a discard rule to drop connections. [no] in-path rule discard [scraddr <network>] [dstaddr <network>] [dstport <port>] [vlan <vlan tag ID>] [rulenum <rulenum>] [description <description>]
204
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
srcaddr <network> dstaddr <network> dstport <port>
Specify the source subnet for this rule. For example: 1.2.3.4/32 Specify the destination subnet and port for this rule. For the network address, use the following format: XXX.XXX.XXX.XXX/XX. For the port, you can specify a single port (number), a port label, or all to specify all ports.
vlan <vlan tag ID> rulenum <rulenum>
Specify the VLAN tag ID (if any). The VLAN tag ID is a number with a range from 0-4094. Specify 0 to mark the link untagged. Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and so forth. The start value Specify that the rule become the first rule and end Specify that it become the last rule. If you do not specify a rule number, the rule is added to the end of the list.
description <description> Usage
Specify a description to facilitate communication about network administration.
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify discard rules for traffic that you want to drop silently instead of optimizing or passing through. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>.
Example Product Related Topics
amnesiac (config) # in-path rule discard srcaddr 10.0.0.2 dstaddr 10.0.0.1 port 1234 rulenum 2
Interceptor appliance, CMC appliance, Steelhead appliance show in-path, show in-path rules
in-path rule fixed-target
Description Adds a fixed-target rule. Fixed-target rules directly specify out-of-path Steelhead appliances near a target server. You determine which servers you want the appliance to optimize (and, optionally, which ports), and add fixed-target rules to specify the network of servers, ports, port labels, and out-of-path Steelhead appliances to use. Syntax [no] in-path rule fixed-target [scraddr <network>] [dstaddr <network>] [dstport <port>] [vlan <vlan tag ID>] [optimization {normal | sdr-only |compr-only | none}] [preoptimization {ssl |oracle-forms |none}] [latency-opt {normal | http | none}] [neural-mode {always | dynamic | never | tcphints}] [rulenum <rulenum>] [description <description>]
Riverbed Command-Line Interface Reference Manual
205
Configuration-Mode Commands
Parameters
srcaddr <network> dstaddr <network> dstport <port>
Specify the source subnet. For example: 1.2.3.4/32 Specify the destination subnet and port. For the network address, use the following format: XXX.XXX.XXX.XXX/XX For the port, you can specify a single port (number), a port label, or all to specify all ports.
target-addr <addr> target-port <port>
Specify the fixed target appliance address. For the network address, use the following format: XXX.XXX.XXX.XXX. For the port, you can specify a single port (number), a port label, or all to specify all ports.
backup-addr <addr> backup-port <port>
Specify a backup to the fixed target appliance (if any). For the network address, use the following format: XXX.XXX.XXX.XXX. For the port, you can specify a single port (number), a port label, or all to specify all ports.
vlan <vlan tag ID> optimization {normal | sdr-only | compronly | none}
Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged. Specify an optimization policy: compr-only. Specify this option to turn off SDR but perform LZ compression. normal. The normal optimization policy is the default. The normal process performs LZ compression and SDR. none. Specify this option to turn off LZ compression and SDR. sdr-only. Specify this option to turn off LZ compression. Setting an optimization policy allows you more flexibility in applying optimization techniques. For example, in some high bandwidth, low latency networks (that is, a short, fat pipe) there are times when disabling SDR (and performing LZ-only) makes sense because disk access could become a bottleneck. If you have questions regarding the best optimization policy for your network, consult with your Sales Engineer of with Riverbed Technical Support about your optimization policy options. To configure optimization policies for the FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. Setting QoS for port 20 on the client-side Steelhead appliance affects passive FTP, while setting the QoS for port 20 on the server-side Steelhead appliance affects active FTP. To configure optimization policies for the MAPI data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
preoptimization {ssl | oracle-forms | none}
Specify a preoptimization policy: none. Preoptimization processing is set to none by default. If SSL or Oracle Forms preoptimization processing is turned on and you want to turn it off for a port, specify none. ssl. Specify ssl to enable SSL preoptimization processing for traffic via SSL secure ports. oracle-forms. Specify oracle-forms to enable preoptimization processing for the Oracle Forms browser plug-in.
206
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
latency-opt {http | normal |none}
Specify a latency-optimization policy: http. Only perform HTTP optimizations. normal. Perform all latency optimizations. This is the default setting. none. Excludes HTTP optimizations.
neural-mode {always | dynamic | never | tcphints}
Enables neural framing in the Steelhead appliance. Enabling neural framing makes your WAN more efficient by gathering data to select the optimal packet framing boundaries for SDR. If you specify a neural mode, your network will experience a trade-off between the compression and SDR performance, and the latency added to the connection. For different types of traffic, one algorithm might be better than others. Specify one of the following modes: always. Always use the Nagle algorithm. This is the default setting (always wait 6 ms). All data is passed to the codec which attempts to coalesce consume calls (if needed) to achieve better fingerprinting. A timer (6 ms) backs it up and causes leftover data to be consumed. Neural heuristics are computed in this mode but are not used. dynamic. Dynamically adjust the Nagle parameters. The Steelhead appliance picks the best algorithm to use by learning what algorithm is best and adapting if the traffic characteristic changes. never. Never use the Nagle algorithm. All the data is immediately encoded without waiting for timers to fire or application buffers to fill past a specified threshold. Neural heuristics are computed in this mode but are not used. tcphints. Base setting on TCP hints. If data is received from a partial frame packet or a packet with the TCP PUSH flag set, the encoder encodes the data instead of immediately coalescing it. Neural heuristics are computed in this mode but are not used. To configure neural framing for an FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. To configure neural framing for a MAPI data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
rulenum <rulenum>
Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and so forth. The start value Specify that the rule become the first rule and end Specify that it become the last rule. If you do not specify a rule number, the rule is added to the end of the list.
description <description>
Specify a description to facilitate network administration.
Riverbed Command-Line Interface Reference Manual
207
Configuration-Mode Commands
Usage
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify fixed-target rules to set out-of-path Steelhead appliances near the target server that you want to optimize. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>. Note: In out-of-path deployments, to optimize MAPI Exchange 2003 by destination port, you must define fixed-target, in-path rules that specify the following ports on the client-side Steelhead appliance: the Microsoft end-point mapper port: 135; the Steelhead appliance port for Exchange traffic: 7830; the Steelhead appliance port for Exchange Directory NSPI traffic: 7840.
Example Product Related Topics
amnesiac (config) # in-path rule fixed-target srcaddr 10.0.0.0/24 optimization sdr-only rulenum 1
Interceptor appliance, CMC appliance, Steelhead appliance show in-path, show in-path rules
in-path rule pass-through
Description Adds a pass-through rule. Pass-through describes WAN traffic that traverses the network unoptimized. You define pass-through rules to exclude subnets or ports from optimization. Traffic is also passed through when the Steelhead appliance is in bypass mode. Syntax Parameters [no] in-path rule pass-through [scraddr <network>] [dstaddr <network>] [dstport <port>] [vlan <vlan tag ID>] [rulenum <rulenum>] [description <description>] srcaddr <network> dstaddr <network> dstport <port> Specify the source subnet for this rule. For example: 1.2.3.4/32 Specify the destination subnet and port. For the network address, use the following format: XXX.XXX.XXX.XXX/XX. For the port, you can specify a single port (number), a port label, or all to specify all ports. vlan <vlan tag ID> Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged. Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and so forth. The start value Specify that the rule become the first rule and end Specify that it become the last rule. If you do not specify a rule number, the rule is added to the end of the list. description <description> Specify a description to facilitate communication about network administration.
rulenum <rulenum>
208
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify pass-through rules for traffic that you want to pass through to its destination without optimization by the Riverbed system. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>.
Example Product Related Topics
amnesiac (config) # in-path rule pass-through addr 10.10.10.1 port 2121 rulenum 25
Interceptor appliance, CMC appliance, Steelhead appliance show in-path, show in-path rules
ip in-path-gateway
Description Syntax Parameters Configures the default gateway for the in-path interface. [no] ip in-path-gateway <interface> <destination addr> <interface> <destination addr> Usage Specify the interface name. For example, in-path0_0, in-path1_1 Specify the destination IP address of the in-path gateway.
This command is used to set the default gateway for a particular bypass pair, for in-path optimization configurations. Note: in-pathX_X represents the bypass pair. Examples are in-path0_0, in-path1_0, and in-path1_1. For the in-path interfaces, this command should be used to set the default gateway. The no command option disables the default gateway.
Example Product Related Topics
amnesiac (config) # ip in-path-gateway in-path0_0 10.0.0.0
Interceptor appliance, CMC appliance, Steelhead appliance show in-path
ip in-path route
Description Syntax Parameters Adds a static in-path route. [no] ip in-path route <interface> <network prefix> <network mask> <next hop IP address> <interface> <network prefix> <network mask> <next hop IP address or WAN gateway> Specify the interface name: aux, lan0_0, wan0_0, primary, in-path0_0. Specify the network prefix. Specify the netmask. Specify the next hop IP address in this route or WAN gateway.
Riverbed Command-Line Interface Reference Manual
209
Configuration-Mode Commands
Usage
In-path interfaces use routes from an in-path route table. To configure in-path routes, you set a new in-path route that points to your WAN gateway. You must also copy any static routes that you have added to the main table, if they apply to the in-path interface. The no command option removes an in-path route.
Example Product Related Topics
amnesiac (config) # ip in-path route 193.140.0.0 255.255.0.0 190.160.0.0
Interceptor appliance, CMC appliance, Steelhead appliance show in-path simplified routing
Out-of-Path Support
This section describes the out-of-path support command.
out-of-path enable
Description Syntax Parameters Usage Example Product Related Topics Enables an out-of-path configuration. [no] out-of-path enable None The no command option disables out-of-path configuration.
amnesiac (config) # out-of-path enable
CMC appliance, Steelhead appliance show out-of-path
Peering Commands
This section describes the peering commands. For detailed information about peering, see the Steelhead Appliance Deployment Guide.
in-path peering auto
Description Syntax Parameters Enables automatic peering for serial cascade and serial cluster deployments. [no] in-path peering auto None
210
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
With automatic peering the Steelhead appliance automatically finds the furthest Steelhead appliance in a network and optimization occurs there. Automatic peering is disabled by default. When automatic peering is disabled, the Steelhead appliance uses regular auto-discovery. With regular auto-discovery, the Steelhead appliance finds the next appliance in the group and optimization occurs there. In some deployments, automatic peering can simplify configuration and make your deployments more easily scalable. When automatic peering is enabled, the Steelhead appliance automatically finds the furthest Steelhead appliance in a network and optimization occurs there. For example, if you had a deployment with four Steelhead appliances (A, B, C, D), where D represents the appliance that is furthest from A, the Steelhead appliance automatically finds D. This simplifies configuration and makes your deployment more scalable. Cascade configurations enable optimal multi-site deployments where connections between the client and the server might pass through intermediate Steelhead appliances to reach their final destination. Note: For Steelhead appliances running versions prior to v4.0, in-path peering rules are used at the intermediate Steelhead appliances. You can deploy a cascade on either the client side or on the server side.
Example: C-----SH1-----SH2-----SH3-----WAN-----SH4-----SH5-----SH6-----S
The appliances are configured to auto-discover available peers across the WAN. Note: RiOS v5.5.x supports a large number of peers (up to 32,768) per Steelhead appliance. This feature is available only on Steelhead appliance models 5520, 6020, 6050, and 6120. After enabling extended peer table support, you must clear the data store and stop and restart the service. The no command option disables automatic peering. Example Product Related Topics
amnesiac (config) # in-path peering auto
CMC appliance, Steelhead appliance show in-path peering rules
in-path peering disc-outer-acpt
Description Syntax Parameters Usage Example Product Related Topics Discovers outer connection for accept rules. [no] in-path peering disc-outer-acpt None The no command option disables discovery of the outer connection.
amnesiac (config) # in-path peering disc-outer-acpt
CMC appliance, Steelhead appliance show in-path peering disc-outer-acpt
Riverbed Command-Line Interface Reference Manual
211
Configuration-Mode Commands
in-path peering edit-rule
Description Syntax Parameters Edit an in-path peering rule description. in-path peering edit-rule rulenum description <description> rulenum <num> description <description> Example Product Related Topics Specify the rule number. Specify a description to help you identify the rule.
amnesiac (config) # in-path peering edit-rule rulenum 5 description this is an example
CMC appliance, Steelhead appliance show in-path peering disc-outer-acpt
in-path peering ext-peer-tbl enable
Description Syntax Parameters Usage Enables extended peer table support. in-path peering ext-peer-tbl enable None Enables support for up to 20,000 peers on high-end server-side Steelhead appliances (models 5520, 5050, 6020, 6050, 6120 and 6050) to accommodate large Steelhead client deployments. The data store maintains the peers in groups of 1,024 in the global peer table. By default, this option is not enabled. After enabling this option you must clear the data store and stop and restart the service. Important: Before enabling this feature, you should have a thorough understanding of performance and scaling issues. When deciding whether to use extended peer table support, you need to compare it with using a serial cluster deployment. For more information on serial clusters, see the Steelhead Appliance Deployment Guide. Important: After enabling extended peer table support, you cannot install a RiOS software version earlier than v5.5.x without first clearing the data store. Example Product Related Topics
amnesiac (config) # in-path peering ext-peer-tbl enable
Steelhead appliance show in-path peering disc-outer-acpt
in-path peering move-rule
Description Syntax Parameters Moves the order of the rule to the specified position in the rule list. [no] in-path peering move-rule <rulenum> to <rulenum> <rulenum> Specify the rule number.
212
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Rules in the rule list are consulted from first to last. Use this command to reorder an in-path peering rule in the rule list. The no command option disables the rule.
Example Product Related Topics
amnesiac (config) # in-path peering move-rule 3 to 1
CMC appliance, Steelhead appliance show in-path peering auto
in-path peering rule
Description Syntax Configures in-path peering rules. [no] in-path peering rule {auto | pass | accept} peer <peerip> ssl-capability {cap | in-cap | nocheck] src <subnet> | dest <subnet> | dest-port <port> rulenum <rulenum> description <desc> auto | pass | accept Specify one of the following rules: auto. Automatically determines the response for peering requests (performs the best peering possible). pass. Allows pass-through peering requests that match the source and destination port pattern. accept. Accepts peering requests that match the source-destination-port pattern. peer <peerip> ssl-capability {cap | in-cap | no-check] Specify the peer IP address. Specify one of the following options to determine how to process attempts to create secure SSL connections: no-check. The peering rule does not determine whether the server Steelhead appliance is present for the particular destination IP address and port combination. cap (capable). The peering rule checks whether the server-side Steelhead appliance is present for the particular destination IP address and port combination. If the destination IP address and port are of an SSL server that is properly configured and enabled on the server-side Steelhead appliance, and if there is no temporary or short-lived error condition, the SSL-capable check is a success. The Steelhead appliance accepts the condition and, assuming all other proper configurations and that the peering rule is the best match for the incoming connection, optimizes SSL. incap (incapable). If the destination IP address and port are not an SSL server that is properly configured and enabled on the server-side Steelhead appliance, or if there is a temporary or short-lived error condition, the SSL-capable check fails. The Steelhead appliance passes the connection through unoptimized without affecting connection counts. src <subnet> dest <subnet> dest-port <port> Specify the source network for this rule. Specify the destination network for this rule. Specify the destination port for this rule. You can specify a port label, or all for all ports.
Parameters
Riverbed Command-Line Interface Reference Manual
213
Configuration-Mode Commands
rulenum <rulenum>
Specify the rule number. The system evaluates the rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied. If the conditions set in the rule do not match, then the rule is not applied and the system moves on to the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. The type of a matching rule determines which action the Steelhead appliancee takes on the connection.
description <desc> Usage
Specify a description to facilitate communication about network administration.
You can provide increased optimization by deploying two or more Steelhead appliances back-toback in an in-path configuration to create a serial cluster. Appliances in a serial cluster process the peering rules you specify in a spill-over fashion. When the maximum number of TCP connections for a Steelhead appliance is reached, that appliance stops intercepting new connections. This allows the next Steelhead appliance in the cluster the opportunity to intercept the new connection, if it has not reached its maximum number of connections. The in-path peering rules and in-path rules tell the Steelhead appliance in a cluster not to intercept connections between themselves. You configure peering rules that define what to do when a Steelhead appliance receives an autodiscovery probe from another Steelhead appliance. You can deploy serial clusters on the client or server-side of the network. Supported Models Two-appliance serial clusters are supported for all Steelhead appliance xx20 and xx50 models, except the 250 model. The Steelhead appliances must be the same model running RiOS v5.5.3 or later or RiOS v5.0.8 or later. The following Steelhead appliance models support serial clusters: 550 series, 1050 series, 2050, 5050, 6050, 1020, 2020, 3020, 3520, 5000, 5010, 5520, and 6020. These models can reach their specifications even while potentially passing through the LAN-side traffic for optimized connections for the other Steelhead appliance in the cluster. When running a RiOS software version prior to v5.5.1, models 5520, 6020, and 6120 are qualified by Riverbed for serial clusters. Important: For environments that want to optimize MAPI or FTP traffic which require all connections from a client to be optimized by one Steelhead appliance, Riverbed strongly recommends using the master and backup redundancy configuration instead of a serial cluster. For larger environments that require multi-appliance scalability and high availability, Riverbed recommends using the Interceptor to build multi-appliance clusters. For details, see the Steelhead Appliance Deployment Guide, and the Interceptor Appliance Users Guide. Notes: When you combine two Steelhead appliances that have a bandwidth limit of 20 Mbps each, the serial cluster still has a limit of 20 Mbps. If the active Steelhead appliance in the cluster enters a degraded state because the CPU load is too high, it continues to accept new connections.
214
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
Here is an example of how to configure a cluster of 3 in-path appliances in a data center.
WAN----SH1----SH2----SH3----LAN
SH1 ip address is 10.0.1.1 on a /16 SH2 ip address is 10.0.1.2 on a /16 SH3 ip address is 10.0.1.3 on a /16 Each appliance is configured with in-path peering rules to not peer with another appliance in the cluster, and with in-path rules to not optimize connections originating from those appliances. SH1 configuration:
SH1 > enable SH1 # configure terminal SH1 (config) # in-path peering rule pass peer 10.0.1.2 rulenum 1 SH1 (config) # in-path peering rule pass peer 10.0.1.3 rulenum 1 SH1 (config) # in-path rule pass-through srcaddr 10.0.1.2/32 rulenum 1 SH1 (config) # in-path rule pass-through srcaddr 10.0.1.3/32 rulenum 1 SH1 (config) # wr mem SH1 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- --------------1 pass * * * 10.0.1.3 2 pass * * * 10.0.1.2 def auto * * * * SH1 (config) # show in-path rules Rule Type Source Addr Dest Addr Port Target Addr Port ----- ---- ------------------ ------------------ ----- --------------- ----1 pass 10.0.1.3/32 * * --2 pass 10.0.1.2/32 * * --def auto * * * ---
Riverbed Command-Line Interface Reference Manual
215
Configuration-Mode Commands
SH2 configuration
SH2 > enable SH2 # configure terminal SH2 (config) # in-path peering rule pass peer 10.0.1.1 rulenum 1 SH2 (config) # in-path peering rule pass peer 10.0.1.3 rulenum 1 SH2 (config) # in-path rule pass-through srcaddr 10.0.1.1/32 rulenum 1 SH2 (config) # in-path rule pass-through srcaddr 10.0.1.3/32 rulenum 1 SH2 (config) # wr mem SH2 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- --------------1 pass * * * 10.0.1.3 2 pass * * * 10.0.1.1 def auto * * * * SH1 (config) # show in-path rules Rule Type Source Addr Dest Addr Port Target Addr Port ----- ---- ------------------ ------------------ ----- --------------- ----1 pass 10.0.1.3/32 * * --2 pass 10.0.1.1/32 * * --def auto * * * ---
SH3 configuration
SH3 > enable SH3 # configure terminal SH3 (config) # in-path peering rule pass peer 10.0.1.1 rulenum 1 SH3 (config) # in-path peering rule pass peer 10.0.1.2 rulenum 1 SH3 (config) # in-path rule pass-through srcaddr 10.0.1.1/32 rulenum 1 SH3 (config) # in-path rule pass-through srcaddr 10.0.1.2/32 rulenum 1 SH3 (config) # wr mem SH3 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- --------------SH1 (config) # show in-path rules Rule Type Source Addr Dest Addr Port Target Addr Port ----- ---- ------------------ ------------------ ----- --------------- ----1 pass 10.0.1.2/32 * * --2 pass 10.0.1.1/32 * * --def auto * * * ---
Product Related Topics
CMC appliance, Steelhead appliance show in-path peering auto
in-path probe direct
Description Syntax Parameters Usage Sets probing with the Steelhead appliance IP address. [no] in-path probe direct None The no command option disables the probe.
216
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # in-path probe direct
Steelhead appliance show in-path peering rules
in-path probe version
Description Syntax Parameters Usage Example Product Related Topics Sets probing with the Steelhead appliance IP address. [no] in-path probe version <1 or 2> <1 or 2> Specify the in-path probe version settings.
The no command option disables the version.
amnesiac (config) # in-path probe version 1
Steelhead appliance show in-path peering rules
peer
Description Syntax Parameters Use only to harmonize connection protocol versions in deployments with a mix of version 1.2 and version 2.x appliances. [no] peer <ip-addr> version [min <version> | max <version>] <ip-addr> min <version> max <version> Usage Specify the in-path or out-of-path (or both) Steelhead appliance. Specify the protocol version number: 5 or 8. Specify the protocol version number: 5 or 8.
For each v1.2 Steelhead appliance peer, enter the following commands:
sh> peer <addr> version min 5 sh> peer <addr> version max 5
After all the v1.2 Steelhead appliances in the network have been upgraded to v2.x Steelhead appliances, remove the version settings:
sh> no peer <addr> version min sh> no peer <addr> version max
If you are unable to discover all v1.2 Steelhead appliances in the network, configure all v2.1 Steelhead appliances to use v5 protocol by default with all peers by specifying 0.0.0.0 as the peer address:
sh> peer 0.0.0.0 version min 5 sh> peer 0.0.0.0 version max 5
Note: Version 5 does not support some optimization policy features. Ultimately, you need to upgrade all appliances to v2.1 or later. The no command option resets the protocol version to the default.
Riverbed Command-Line Interface Reference Manual
217
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # peer 10.0.0.1 version min 5 amnesiac (config) # peer 10.0.0.2 version max 5
CMC appliance, Steelhead appliance show in-path peering rules
Asymmetric Route Detection Commands
This section describes the asymmetric route detection commands.
in-path asym-route-tab flush
Description Syntax Parameters Usage Example Product Related Topics Clears a single route from the asymmetric routing table. Requires the specification of an address pair that exists in the table, for example 1.1.1.1-2.2.2.2. in-path asym-rout-tab flush None You can also access this command from enable-mode.
amnesiac (config) # in-path asym-route-tab flush
CMC appliance, Steelhead appliance show in-path asym-route-tab
in-path asym-route-tab remove
Description Syntax Parameters Usage Clears a specified single route from the asymmetric routing table. To specify an address pair that exists in the table, use the format X.X.X.X-X.X.X.X. For example 1.1.1.1-2.2.2.2 in-path asym-rout-tab remove <entry> <entry> Specify the IP address of the asymmetric routing table entry to remove.
Requires the specification of an address pair that exists in the table. For example 1.1.1.1-2.2.2.2 You can also access this command from enable-mode.
Example Product Related Topics
amnesiac (config) # in-path asym-route-tab remove 10.0.0.0-10.1.0.0
CMC appliance, Steelhead appliance show in-path asym-route-tab
218
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
in-path asymmetric routing detection enable
Description Enables asymmetric route detection. Asymmetric route detection automatically detects and reports asymmetric routing conditions and caches this information to avoid losing connectivity between a client and a server. Asymmetric routing occurs when a packet takes one path to the destination and another path when returning to the source. Asymmetric routing is common within most networks; the larger the network, the more likely there is asymmetric routing in the network. Asymmetric route auto-detection enables Steelhead appliances to detect the presence of asymmetry within the network. Asymmetry is detected by the client-side Steelhead appliances. Once detected, the Steelhead appliance passes asymmetric traffic through unoptimized, allowing the TCP connections to continue to work. The first TCP connection for a pair of addresses might be dropped because during the detection process, the Steelhead appliances have no way of knowing that the connection is asymmetric. Asymmetric routing is undesirable for many network devices including, firewalls, VPNs, and Steelhead appliances. To function properly, these devices all rely on seeing every packet. When Steelhead appliances are deployed in a network, all TCP traffic must flow through the same Steelhead appliances in the forward and reverse directions. Asymmetric route detection is enabled by default. If you disable asymmetric route detection, asymmetrically routed TCP connections break. No logging, alarms, or emails are created when this feature is disabled. Riverbed does not recommend disabling this feature. Syntax Parameters [no] in-path asymmetric routing detection {detection | pass-through} enable detection pass-through Product Enables asymmetric routing detection. Enables asymmetric routing pass through of traffic.
CMC appliance, Steelhead appliance
Riverbed Command-Line Interface Reference Manual
219
Configuration-Mode Commands
Usage
If asymmetric routing is detected, an entry is placed in the asymmetric routing table and any subsequent connections from that IP pair are passed through. Further connections between these hosts are not optimized until that particular asymmetric routing cache entry times out. To display the asymmetric routing table, use the following CLI command:
show in-path asym-route-tab
Types of asymmetry: Complete Asymmetry. Packets traverse both Steelhead appliances going from client to server but bypass both Steelhead appliances on the return path. Asymmetric routing table entry: bad RST Log: Sep 5 11:16:38 gen-sh102 kernel: [intercept.WARN] asymmetric routing
between 10.11.111.19 and 10.11.25.23 detected (bad RST)
Server-Side Asymmetry. Packets traverse both Steelhead appliances going from client to server but bypass the server-side Steelhead appliance on the return path. Asymmetric routing table entry: bad SYN/ACK Log: Sep 7 16:17:25 gen-sh102 kernel: [intercept.WARN] asymmetric routing
between 10.11.25.23:5001 and 10.11.111.19:33261 detected (bad SYN/ACK)
Client-Side Asymmetry. Packets traverse both Steelhead appliances going from client to server but bypass the client-side Steelhead appliance on the return path. Asymmetric routing table entry: no SYN/ACK Log: Sep 7 16:41:45 gen-sh102 kernel: [intercept.WARN] asymmetric routing
between 10.11.111.19:33262 and 10.11.25.23:5001 detected (no SYN/ACK)
Multi-SYN Retransmit- Probe-Filtered. Occurs when the client-side Steelhead appliance sends out multiple SYN+ frames and does not get a response. Asymmetric routing table entry: probe-filtered(not-AR) Log: Sep 13 20:59:16 gen-sh102 kernel: [intercept.WARN] it appears as though
probes from 10.11.111.19 to 10.11.25.23 are being filtered. Passing through connections between these two hosts.
Multi-SYN Retransmit- SYN-Rexmit. Occurs when the client-side Steelhead appliance receives multiple SYN retransmits from a client and does not see a SYN/ACK packet from the destination server. Asymmetric routing table entry: probe-filtered(not-AR) Log: Sep 13 20:59:16 gen-sh102 kernel: [intercept.WARN] it appears as though
probes from 10.11.111.19 to 10.11.25.23 are being filtered. Passing through connections between these two hosts.
220
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
You can use the following tools to detect and analyze asymmetric routes: TCP Dump. Run tcpdump on the client-side Steelhead appliance to verify the packet sequence that is causing the asymmetric route detection. You can take traces on the LAN and WAN ports of the Steelhead appliance and, based on the packet maps, look for the packet sequence that is expected for the type of warning message in the log. For example to obtain information on all packets on the WAN interface, sourced from or destined to 10.0.0.1, and with a source/ destination TCP port of 80:
tcpdump -i wan0_0 host 10.0.0.1 port 80
You can use the following command to filter SYN, SYN/ACK, and reset packets. This command does not display the ACK packets but it can be useful if the link is saturated with traffic and the traces are filling quickly. The following command uses the -i parameter to specify the interface and the -w parameter to write to a file:
tcpdump -i wan1_0 'tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) = 0' -w lookingforasymwan
Trace Route. Run the trace route tool to discover what path a packet is taking from client to server and from server to client. Access the client and run the traceroute command with the IP address of the server, and then run the traceroute command from the server with the IP address of the client. For example for a Cisco router:
#Clients Address: 10.1.0.2 .. #Servers Address: 10.0.0.4 client# traceroute 10.0.0.4 Type escape sequence to abort. Tracing the route to 10.0.0.4 1 10.1.0.1 4 msec 0 msec 4 msec 2 10.0.0.2 4 msec 4 msec 0 msec 3 10.0.0.3 4 msec 4 msec 0 msec 4 10.0.0.4 4 msec 4 msec 0 msec server# traceroute 10.1.0.2 Type escape sequence to abort. Tracing the route to 10.1.0.2 1 10.0.0.6 4 msec 0 msec 4 msec 2 10.0.0.5 4 msec 4 msec 0 msec 3 10.1.0.1 4 msec 4 msec 0 msec 4 10.1.0.2 4 msec 4 msec 0 msec
The no command option disables asymmetric route detection and caching. Example Product Related Topics
amnesiac (config) # in-path asymmetric routing detection enable
CMC appliance, Steelhead appliance show in-path asym-route-tab
in-path asymmetric routing pass-through enable
Description Enables and disables the pass-through feature for asymmetric routing. If disabled, asymmetrically routed TCP connections are still detected and a warning message is logged, but the connection is not passed-through and no alarm or email is sent. [no] in-path asymmetric routing pass-through enable None
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
221
Configuration-Mode Commands
Usage
Use this command to ensure connections are not passed-through the Steelhead appliances unoptimized but logging occurs when asymmetric routes are detected. If asymmetric routing is detected, the pair of IP addresses, defined by the client and server addresses of the connection, is cached in the asymmetric routing cache on the Steelhead appliance. Further connections between these hosts are not optimized until that particular asymmetric routing cache entry times out. The no command option disables asymmetric routing pass through.
Example Product Related Topics
amnesiac (config) # in-path asymmetric routing pass-through enable
CMC appliance, Steelhead appliance show in-path asym-route-tab
in-path cdp allow-failure enable
Description Syntax Parameters Usage In PBR deployments with multiple in-path interfaces, this command enables CDP packets to be sent to the other routers when one of the routers goes down. [no] in-path cdp allow-failure enable None With PBR, CDP is used by the Steelhead appliance to notify the router that the Steelhead appliance is still alive and that the router can still redirect packets to it. In some cases, the you might want to disable this command so that if one router goes down, the Steelhead appliance stops sending CDP packets to all the routers it is attached to and connections are redirected and optimized by another Steelhead appliance. This can be useful when the routers are configured to redirect to a Steelhead appliance when all routers are up but to another Steelhead appliance when one router goes down. For detailed information about how to configure a Steelhead appliance for PBR with CDP, see the Steelhead Appliance Deployment Guide. The no command option disables CDP. Example Product Related Topics
amnesiac (config) # in-path cdp allow-failure enable
CMC appliance, Steelhead appliance show in-path cdp
in-path cdp enable
Description Syntax Parameters Enables the asymmetric route caching and detection feature. [no] in-path asymmetric routing detection {caching | detection} enable None
222
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Enables CDP support in PBR deployments. Virtual in-path failover deployments require CDP on the Steelhead appliance to bypass the Steelhead appliance that is down. CDP is a proprietary protocol used by Cisco routers and switches to obtain neighbor IP addresses, model, IOS version, and so forth. The protocol runs at the OSI layer 2 using the 802.3 Ethernet frame. For detailed information about how to configure a Steelhead appliance for PBR with CDP, see the Steelhead Appliance Deployment Guide. The no command option disables CDP.
Example Product Related Topics
amnesiac (config) # in-path cdp enable
CMC appliance, Steelhead appliance show in-path cdp
in-path cdp holdtime
Description Syntax Parameters Usage Example Product Related Topics Configures the hold-time for CDP. The hold-time period allows for a quick recovery in failover deployments with PBR and CDP. [no] in-path cdp holdtime <holdtime> <holdtime> Specify the CDP hold-time in seconds. The default value is 5.
The no command option resets the CDP hold-time to the default (5).
amnesiac (config) # in-path cdp holdtime 10
CMC appliance, Steelhead appliance show in-path cdp
in-path cdp interval
Description Syntax Parameters Usage Example Product Related Topics Configures the refresh period for CDP. The refresh period allows for a quick recovery in failover deployments with PBR and CDP. [no] in-path cdp interval <interval> <interval> Specify the CDP refresh interval in seconds. The default value is 1.
The no command option resets the CDP refresh period to the default (1).
amnesiac (config) # in-path cdp holdtime 10
CMC appliance, Steelhead appliance show in-path cdp
Riverbed Command-Line Interface Reference Manual
223
Configuration-Mode Commands
Connection Forwarding
This section describes connection forwarding commands, typically used with the Interceptor appliance.
in-path neighbor ack-timer-cnt
Description Syntax Parameters Usage Example Product Related Topics Sets intervals to wait for an acknowledgement (ACK). [no] in-path neighbor ack-timer-cnt <integer> <integer> Specify the number of intervals
The no command option disables this feature.
amnesiac (config) # in-path neighbor ack-timer-cnt 5
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor ack-timer-intvl
Description Syntax Parameters Usage Example Product Related Topics Sets the length of interval of the timer to wait for an acknowledgement (ACK). [no] in-path neighbor ack-timer-intvl <milliseconds> <milliseconds> Specify the number of intervals in milliseconds.
The no command option disables this feature.
amnesiac (config) # in-path neighbor ack-timer-intvl 5
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor advertiseresync
Description Syntax Parameters Usage Resynchronizes NAT entries if neighbor appliances go down and are restarted.If in-path0_0 went down, other in-path interfaces intercept and optimize connections, and traffic is optimized. [no] in-path neighbor advertiseresync None The Steelhead appliance allows neighbor connections from all in-path to all in-paths. When there are multiple neighbor connections from one Steelhead appliance to another, if one goes down the traffic is re-routed through the remaining in-path Steelhead appliance, and traffic continues on normally. The no command option disables this feature.
224
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # in-path neighbor advertiseresync
CMC appliance, Steelhead appliance show in-path neighbor advertiseresync
in-path neighbor allow-failure
Description Syntax Parameters Usage Enables the Steelhead appliance to continue to optimize connections when one or more of the configured neighbors is unreachable. [no] in-path neighbor allow-failure None By default, if a Steelhead appliance loses connectivity to a connection forwarding neighbor, the Steelhead appliance stops attempting to optimize new connections. With the in-path neighbor allow-failure command enabled the Steelhead appliance continues to optimize new connections, regardless of the state of its neighbors. For virtual in-path deployments with multiple Steelhead appliances, including WCCP clusters, connection forwarding and the allow-failure feature must always be used. This is because certain events, such as network failures, and router or Steelhead appliance cluster changes, can cause routers to change the destination Steelhead appliance for TCP connection packets. When this happens, Steelhead appliances must be able to redirect traffic to each other to insure that optimization continues. For parallel physical in-path deployments, where multiple paths to the WAN are covered by different Steelhead appliances, connection forwarding is needed because packets for a TCP connection might be routed asymmetrically; that is, the packets for a connection might sometimes go through one path, and other times go through another path. The Steelhead appliances on these paths must use connection forwarding to ensure that the traffic for a TCP connection is always sent to the Steelhead appliance that is performing optimization for that connection. If the allow-failure feature is used in a parallel physical in-path deployment, Steelhead appliances only optimize those connections that are routed through the paths with operating Steelhead appliances. TCP connections that are routed across paths without Steelhead appliances (or with a failed Steelhead appliance) are detected by the asymmetric routing detection feature. For physical in-path deployments, the allow-failure feature is commonly used with the fail-toblock feature (on supported hardware). When fail-to-block is enabled, a failed Steelhead appliance blocks traffic along its path, forcing traffic to be re-routed onto other paths (where the remaining Steelhead appliances are deployed). For detailed information about configuring the allow-failure with the fail-to-block feature, see the Steelhead Appliance Deployment Guide. The no command option disables this feature. Example Product Related Topics
amnesiac (config) # in-path neighbor allow failure
CMC appliance, Steelhead appliance show in-path neighbor
Riverbed Command-Line Interface Reference Manual
225
Configuration-Mode Commands
in-path neighbor enable
Description Syntax Parameters Usage Enables connection forwarding. With connection forwarding, the LAN interface forwards and receives connection forwarding packets. [no] in-path neighbor enable None You enable connection forwarding only in asymmetric networks; that is, in networks in which a client request traverses a different network path than the server response. The default port for connection forwarding is 7850. To optimize connections in asymmetric networks, packets traveling in both directions must pass through the same client-side and server-side Steelhead appliance. If you have one path from the client to the server and a different path from the server to the client, you need to enable in-path connection forwarding and configure the Steelhead appliances to communicate with each other. These Steelhead appliances are called neighbors and exchange connection information to redirect packets to each other. Neighbors can be placed in the same physical site or in different sites, but the latency between them should be small because the packets travelling between them are not optimized. Important: When you define a neighbor, you specify the Steelhead appliance in-path IP address, not the primary IP address. If there are more than two possible paths, additional Steelhead appliances must be installed on each path and configured as neighbors. Neighbors are notified in parallel so that the delay introduced at the connection set up is equal to the time it takes to get an acknowledgement from the furthest neighbor. When you enable connection forwarding, multiple Steelhead appliances work together and share information about what connections are optimized by each Steelhead appliance. With connection forwarding, the LAN interface forwards and receives connection forwarding packets. Steelhead appliances that are configured to use connection forwarding with each other are known as connection forwarding neighbors. If a Steelhead appliance sees a packet belonging to a connection that is optimized by a different Steelhead appliance, it forwards it to the correct Steelhead appliance. When a neighbor Steelhead appliance reaches its optimization capacity limit, that Steelhead appliance stops optimizing new connections, but continues to forward packets for TCP connections being optimized by its neighbors. You can use connection forwarding both in physical in-path deployments and in virtual in-path deployments. In physical in-path deployments, it is used between Steelhead appliances that are deployed on separate parallel paths to the WAN. In virtual in-path deployments, it is used when the redirection mechanism does not guarantee that packets for a TCP connection are always sent to the same Steelhead appliance. This includes the WCCP protocol, a commonly used virtual inpath deployment method. Typically, you want to configure physical in-path deployments that do not require connection forwarding. For example, if you have multiple paths to the WAN, you can use a Steelhead appliance model that supports multiple in-path interfaces, instead of using multiple Steelhead appliances with single in-path interfaces. In general, serial deployments are preferred over parallel deployments. For detailed information about deployment best practices, see the Steelhead Appliance Deployment Guide. The no command option disables this feature. Example Product Related Topics
amnesiac (config) # in-path neighbor enable
CMC appliance, Steelhead appliance show in-path neighbor
226
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
in-path neighbor fwd-vlan-mac
Description Syntax Parameters Usage Example Product Related Topics Sets the VLAN and destination MAC address as forwarded by neighbor. [no] in-path neighbor fwd-vlan-mac None The no command option disables VLAN and destination MAC address forwarding.
amnesiac (config) # in-path neighbor fwd-vlan-mac
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor keepalive count
Description Syntax Parameters Usage Example Product Related Topics Sets the keep-alive messages before terminating connections with the neighbor Steelhead appliance for TCP connection forwarding. [no] in-path keepalive count <count> <count> Specify the number of keep-alive messages. The default value is 3.
The no command option resets the count to the default (3).
amnesiac (config) # in-path neighbor keepalive count 10
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor keepalive interval
Description Syntax Parameters Usage Example Product Related Topics Sets the time interval between keep-alive messages with the neighbor Steelhead appliance for connection forwarding. [no] in-path keepalive interval <seconds> <seconds> Specify the number of seconds between keep-alive messages. The default value is 10.
The no command option resets the interval to the default.
amnesiac (config) # in-path neighbor keepalive interval 15
CMC appliance, Steelhead appliance show in-path neighbor
Riverbed Command-Line Interface Reference Manual
227
Configuration-Mode Commands
in-path neighbor multi-interface enable
Description Syntax Parameters Usage Enables multiple interface support. Typically, this feature is used with the Interceptor appliance. [no] in-path neighbor multi-interface enable None Enables high availability on Steelhead appliances configured with multiple inpath interfaces and using connection forwarding with another multi-port Steelhead appliance. This option makes all neighbor in-path interface IP addresses visible to each peer to ensure proper neighbor communication if the in-path0_0 interface fails. Typically, this feature is used with the Interceptor appliances. Interceptor appliance are deployed in-path the same way as the Steelhead appliances, using bypass interface cards. They can be deployed using multiple in-path links, in series, or in parallel, employing the same highly available and redundant configurations as Steelhead appliances. Additionally, the Interceptor appliances can be connected through Etherchannel and trunked Ethernet connections. In large, redundant network environments, the Interceptor appliance employs connection forwarding to deliver optimized performance for asymmetrically-routed TCP connections. For detailed information about the Interceptor appliance, see the Interceptor Appliance Users Guide. The no command option disables this feature. Example Product Related Topics
amnesiac (config) # in-path neighbor multi-interface enable
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor multi-interface fallback
Description Syntax Parameters Usage Example Product Related Topics Enables negotiation back to the old protocol. Typically, this feature is used with the Interceptor appliance. [no] in-path neighbor multi-interface fallback None The no command option disables this feature.
amnesiac (config) # in-path neighbor multi-interface fallback
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor name
Description Syntax Configures connection forwarding neighbors (Steelhead appliances). [no] in-path neighbor name <name> {[additional-ip <ip-addr>] | [main-ip <ip-addr>] | [port <port>]}
228
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
<name> additional-ip <name> ip <ip-addr> main-ip <ipaddr> port <port>
Specify the hostname of the neighbor appliance. Specify an additional connection forwarding IP address for the neighbors. Specify the main connection forwarding IP address of the neighbor. Specify the main connection forwarding IP address of the neighbor. Specify the connection forwarding port of the neighbor.
Usage
For detailed information about configuring connection forwarding, see the Steelhead Appliance Deployment Guide. The no command option disables the neighbor.
Example Product Related Topics
amnesiac (config) # in-path neighbor name test
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor port
Description Syntax Parameters Usage Example Product Related Topics Sets the neighbor port for the Steelhead appliance in connection forwarding deployments. [no] in-path neighbor <port> <port> Specify the connection forwarding port for the neighbor. The default value is 7850.
The no command option resets the port to the default.
amnesiac (config) # in-path neighbor port 2380
CMC appliance, Steelhead appliance show in-path neighbor
in-path neighbor read-timeout
Description Syntax Parameters Usage Example Product Related Topics Sets the response wait time. [no] in-path neighbor read-timeout <milliseconds> Specify the length of the interval in milliseconds.
The no command option disables this option.
amnesiac (config) # in-path neighbor read-timeout
CMC appliance, Steelhead appliance show in-path neighbor
Riverbed Command-Line Interface Reference Manual
229
Configuration-Mode Commands
in-path neighbor recon-timeout
Description Syntax Parameters Usage Example Product Related Topics Sets the reconnect response wait-time. [no] in-path neighbor read-timeout <milliseconds> Specify the length of the interval in milliseconds.
The no command option disables this option.
amnesiac (config) # in-path neighbor recon-timeout
CMC appliance, Steelhead appliance show in-path neighbor
in-path send-storeid enable
Description Syntax Parameters Usage Creates a table of data store IDs. Typically used with the Interceptor appliance [no] in-path send-storeid enable None Each time the Interceptor appliance receives a connection it forwards it to the appropriate Steelhead appliance. The no command option disables this option. Example Product Related Topics
amnesiac (config) # in-path send-storeid enable
CMC appliance, Steelhead appliance show in-path neighbor
Simplified Routing Support Commands
This section describes the simplified routing support commands.
in-path simplified routing
Description Enables simplified routing. Simplified routing collects the IP address for the next hop MAC address from each packet it receives to use in addressing traffic. Enabling simplified routing eliminates the need to add static routes when the Steelhead appliance is in a different subnet from the client and server. [no] in-path simplified routing {[all | dest-only | dest-source | mac-def-gw-only | none]}
Syntax
230
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
all
Collects source and destination MAC data. Also collects data for connections that are un-natted (connections that are not translated using NAT). This option cannot be used in connection forwarding deployments. Collects destination MAC data. This option can be used in connection forwarding. Collects destination and source MAC data. This option can be used in connection forwarding. Simplified routing entries are only used when a packet is sent to the in-path default gateway. This option enables you to override any simplified routing learning by putting in static routes. Disables all options.
dest-only dest-source mac-def-gwonly none Usage
Without simplified routing, if a Steelhead appliance is installed in a different subnet from the client or server, you must define one router as the default gateway and static routes for the other routers so that traffic is not redirected back through the Steelhead appliance. However, in some cases, even with static routes defined, the ACL on the default gateway can still drop traffic that should have gone through the other router. Enabling simplified routing eliminates this issue. Simplified routing has the following constraints: Broadcast support in PFS configurations cannot be enabled. WCCP cannot be enabled. The default route must exist on each Steelhead appliance in your network. Simplified routing requires a client-side and server-side Steelhead appliance. Optionally, you can also enable automatic peering. When you enable simplified routing, Riverbed recommends that you also enable automatic peering because it gives the Steelhead appliance more information to associate IP addresses and MAC addresses (and potentially VLAN tags). For more information, see in-path peering auto on page 210. The no command option disables simplified routing.
Example Product Related Topics
amnesiac (config) # in-path simplified routing all
CMC appliance, Steelhead appliance show legacy-rsp
NetFlow Support Commands
This section describes the NetFlow support commands.
Riverbed Command-Line Interface Reference Manual
231
Configuration-Mode Commands
ip flow-export
Description Configures NetFlow support. NetFlow enables you to collect traffic flow data and gather it on NetFlow collectors. You can gather pre-optimization and post-optimization data on traffic flows for the Top Talker and custom reports. The Top Talkers are the hosts, applications, and host and application pairs that are either sending or receiving the most data on the network. NetFlow enables you to export network statistics that provide information about network data flows such as peak usage times, traffic accounting, security, and traffic routing. This data is sent to a NetFlow collector and analyzed by a NetFlow analyzer. Steelhead appliances support NetFlow v5 (the most common format). Syntax [no] ip flow-export {destination <collector ip> <collector port> [export-port {aux | primary} | [interface {primary |wan1_1 | lan1_1 | wan1_0 | lan1_0}] || [lan-addrs {off | on}] | [fakeindex {off | on}]} destination <collector ip> <collector port> export-port {aux | primary} interface {primary |wan1_1 | lan1_1 | wan1_0 | lan1_0} lan-addrs {off | on} Specify the export IP address and port the NetFlow collector is listening on. The default value is 2055. Specify the interface used to send NetFlow packets to the collector. Specify the interface used to capture packets. NetFlow records sent from the Steelhead appliance appear to be sent from the IP address of the selected interface. Specify whether the TCP IP addresses and ports reported for optimized flows should contain the original client and server IP addresses and not those of the Steelhead appliance: off displays the Steelhead appliance information; on displays the LAN address information. The default is to display the IP addresses of the original client and server without the IP address of the Steelhead appliances.
Parameters
232
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Before you enable NetFlow support in your network, you should consider the following: Generating NetFlow data can utilize large amounts of bandwidth, especially on low bandwidth links, thereby impacting Steelhead appliance performance. You can reduce the amount of data exported by NetFlow if you export only optimized traffic. NetFlow only tracks incoming packets (ingress). To troubleshoot your NetFlow settings: Make sure the port configuration on the Steelhead appliance and the listening port of the collector match. Ensure that you can reach the collectors from the Steelhead appliance (for example, ping X.X.X.X where X.X.X.X is the NetFlow collector). Verify that your capture settings are on the correct interface and that traffic is flowing through it:
amnesiac (config) amnesiac (config) capture optimized amnesiac (config) primary amnesiac (config) amnesiac (config) # ip flow-export enable # ip flow-export destination 10.2.2.2 2055 interface wan0_0 # ip flow-export destination 10.2.2.2 2055 export-port # ip flow-export destination 10.2.2.2 2055 lan-addrs on # show ip flow-export
For WCCP or PBR virtual in-path deployments, because the traffic is arriving and leaving from the same WAN interface, when the Steelhead appliance exports data to a NetFlow collector, all traffic has the WAN interface index. This is the correct behavior because the input interface is the same as the output interface. To troubleshoot your NetFlow settings: Make sure the port configuration matches on the Steelhead appliance and the listening port of the collector. Ensure that you can reach the collector from the Steelhead appliance (for example, ping 1.1.1.1 where 1.1.1.1 is the Netflow collector). Verify that your capture settings are on the correct interface and that traffic is flowing through it. Example
amnesiac (config) # ip flow-export destination 10.2.2.2 2055 interface lan0_0 capture all amnesiac (config) # ip flow-export destination 10.2.2.2 2055 export-port aux amnesiac (config) # ip flow-export destination 10.2.2.2 2055 lan-addrs off
Product Related Topics
CMC appliance, Steelhead appliance show ip
Riverbed Command-Line Interface Reference Manual
233
Configuration-Mode Commands
ip flow-export enable
Description Enables NetFlow support. NetFlow enables you to collect traffic flow data and gather it on NetFlow collectors. You can gather pre-optimization and post-optimization data on traffic flows for custom reports. NetFlow enables you to export network statistics that provide information about network data flows such as peak usage times, traffic accounting, security, and traffic routing. NetFlow records information for each incoming packet on the specified network interface (the ingress interface). This data is sent to a NetFlow collector and analyzed by a NetFlow analyzer. Steelhead appliances support NetFlow v5 (the most common format). Syntax Parameters Usage [no] ip flow-export enable None Before you enable NetFlow support in your network, you should consider the following: Generating NetFlow data can utilize large amounts of bandwidth, especially on low bandwidth links, thereby impacting Steelhead appliance performance. You can reduce the amount of data exported by NetFlow by exporting only optimized traffic. NetFlow only tracks incoming packets (ingress). To troubleshoot your NetFlow settings: Make sure the port configuration matches on the Steelhead appliance and the listening port of the collector. Ensure that you can reach the collectors from the Steelhead appliance (for example, ping X.X.X.X where X.X.X.X is the NetFlow collector). Verify that your capture settings are on the correct interface and that traffic is flowing through it:
amnesiac (config) amnesiac (config) capture optimized amnesiac (config) primary amnesiac (config) amnesiac (config) # ip flow-export enable # ip flow-export destination 10.2.2.2 2055 interface wan0_0 # ip flow-export destination 10.2.2.2 2055 export-port # ip flow-export destination 10.2.2.2 2055 lan-addrs on # show ip flow-export
For virtual in-path deployments (WCCP or PBR), because the traffic is arriving and leaving from the same WAN interface, when the Steelhead appliance exports data to a NetFlow collector, all traffic has the WAN interface index. This is the correct behavior because the input interface is the same as the output interface. To distinguish between LAN-to-WAN and WAN-to-LAN traffic in virtual in-path deployments, see the fakeindex parameter in ip flow-export on page 232 or the Steelhead Appliance Deployment Guidee. The no command option disables NetFlow support. Example Product Related Topics
amnesiac (config) # ip flow-export enable
CMC appliance, Steelhead appliance show ip
234
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
ip flow-setting active_to
Description Syntax Parameters Usage Sets length of life for active flows. [no] ip flow-setting active_to <interval> <interval> Specify the length of life for active flows.
Optionally, specify the amount of time, in seconds, the collector retains the list of active traffic flows. The default value is 1800 seconds. Enabling Top Talkers automatically sets the time-out period to 60 seconds and disables this option. The no command option disables the interval.
Example Product Related Topics
amnesiac (config) # ip flow-setting active_to 10
CMC appliance, Steelhead appliance show ip
ip flow-setting inactive_to
Description Syntax Parameters Usage Example Product Related Topics Sets length of life for active flows. [no] ip flow-setting inactive_to <interval> <interval> Optionally, specify the amount of time, in seconds, the collector retains the list of inactive traffic flows. The default value is 15 seconds.
The no command option disables the interval.
amnesiac (config) # ip flow-setting inactive_to 10
CMC appliance, Steelhead appliance show ip
ip flow-setting lan-subnets
Description Syntax Parameters Configure Netflow LAN subnets. [no] ip flow-setting lan-subnets {add subnets <network> | purge-subnets | remove-subnets add-subnets purgesubnets removesubnets <network> Specify the Netflow LAN subnet to add. Use the following format: XXX.XXX.XXX.XXX/XX Removes all Netflow LAN subnets. Specify the Netflow LAN subnet to remove. Use the following format: XXX.XXX.XXX.XXX/XX
Riverbed Command-Line Interface Reference Manual
235
Configuration-Mode Commands
Usage
In virtual in-path and out-of-path configurations, all traffic is flowing in and out of one physical interface. Specify which subnets are on the LAN side of the device. Use the following format: <IP address>/<subnet mask> The no command option disables the interval.
Example Product Related Topics
amnesiac (config) # ip flow-setting lan-subnets add-subnet 123.123.123.144/16
CMC appliance, Steelhead appliance show ip
IPSec Commands
This section describes the IPSec commands.
ip security authentication policy
Description Syntax Parameters Sets the authentication algorithms in order of priority. ip security authentication policy <policy> [<policy>] <policy> Specify the primary policy (method 1): hmac_md5. Message-Digest algorithm 5 (MD5) is a widely-used cryptographic hash function with a 128-bit hash value. This is the default value. hmac_sha1. Secure Hash Algorithm (SHA1) is a set of related cryptographic hash functions. SHA-1 is considered to be the successor to MD5. <policy> Usage Example Product Related Topics Specify the secondary policy (method 2): hmac_md5, hmac_sha1.
You must specify at least one algorithm. The algorithm is used to guarantee the authenticity of each packet.
amnesiac (config) # ip security authentication policy hmac_md5
Steelhead appliance show ip
ip security enable
Description Syntax Parameters Enables encryption and authentication support using IPSec. [no] ip security enable None
236
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Enabling IPSec support makes it difficult for a third party to view your data or pose as a machine you expect to receive data from. You must also specify a shared secret to enable IPSec support. To create a shared secret see, ip security shared secret. To enable IPSec authentication, you must have at least one encryption and authentication algorithm specified. You must set IPSec support on each Steelhead appliance with which you want to establish a secure connection. If you NAT traffic between Steelhead appliances, you cannot use the IPSec channel between the appliances because the NAT changes the packet headers, causing IPSec to reject them. The no command option disables encryption and authentication support.
Example Product Related Topics
amnesiac (config) # ip security enable
Steelhead appliance show ip
ip security encryption policy
Description Syntax Parameters Sets the encryption algorithms in order of priority. ip security encryption policy <algorithm> [<algorithm>] <algorithm> Specify the primary algorithm. If you do not have a valid SSL license key installed on your Steelhead appliance, you can specify one of the following encryption algorithms: des. The Data Encryption Standard. This is the default value. null_enc. The null encryption algorithm. If you have a valid SSL license key installed on your Steelhead appliance, you can specify any of the above encryption algorithms or any of the following more secure encryption algorithms: des. Triple DES encryption algorithm. aes. The AES 128-bit encryption algorithm. aes256. The AES 256-bit encryption algorithm. If you do not specify an encryption algorithm, the default value, des, is used. <algorithm> Specify the alternate algorithm. If you do not have a valid SSL license key installed on your Steelhead appliance, you can specify one of the following encryption algorithms: des. The Data Encryption Standard. This is the default value. null_enc. The null encryption algorithm. If you have a valid SSL license key installed on your Steelhead appliance, you can specify any of the above encryption algorithms or any of the following more secure encryption algorithms: des. Triple DES encryption algorithm. aes. The AES 128-bit encryption algorithm. aes256. The AES 256-bit encryption algorithm. If you do not specify an encryption algorithm, the default value, des, is used.
Riverbed Command-Line Interface Reference Manual
237
Configuration-Mode Commands
Usage
You must specify at least one algorithm. The algorithm is used to encrypt each packet sent using IPSec. For detailed information about SSL, see protocol ssl enable on page 305
Example Product Related Topics
amnesiac (config) # ip security encryption policy null_enc
Steelhead appliance show ip
ip security peer ip
Description Syntax Parameters Usage Sets the peer Steelhead appliance for which you want to make a secure connection. [no] ip security peer ip <ip-addr> <ip-addr> Specify the peer IP address.
If IPSec is enabled on this Steelhead appliance, then it must also be enabled on all Steelhead appliances in the IP security peers list; otherwise this Steelhead appliance will not be able to make optimized connections with those peers that are not running IPSec. If a connection has not been established between the Steelhead appliances that are configured to use IPSec security, the Peers list does not display the peer Steelhead appliance because a security association has not been established. Note: When you add a peer, there is a short service disruption (3-4 seconds) causing the state and time-stamp to change in the Current Connections report. The no command option disables the peer.
Example Product Related Topics
amnesiac (config) # ip security peer ip 10.0.0.2
Steelhead appliance show ip
ip security pfs enable
Description Enables Perfect Forward Secrecy. Perfect Forward Secrecy provides additional security by renegotiating keys at specified intervals. With Perfect Forward Secrecy, if one key is compromised, previous and subsequent keys are secure because they are not derived from previous keys. [no] ip security pfs enable None The no command option disables Perfect Forward Secrecy.
amnesiac (config) # ip security pfs enable
Syntax Parameters Usage Example Product Related Topics
Steelhead appliance show ip
238
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
ip security rekey interval
Description Sets the time between quick-mode renegotiation of keys by IKE. IKE is a method for establishing a SA that authenticates users, negotiates the encryption method, and exchanges a secret key. IKE uses public key cryptography to provide the secure transmission of a secret key to a recipient so that the encrypted data can be decrypted at the other end. [no] ip security rekey interval <minutes> <minutes> Specify the number of minutes between quick-mode renegotiation of keys. The value must be a number between 1 and 65535. The default value is 240.
Syntax Parameters Usage Example Product Related Topics
The no command options resets the interval to the default.
amnesiac (config) # ip security rekey interval 30
Steelhead appliance show ip
ip security shared secret
Description Syntax Parameters Usage Example Product Related Topics Sets the shared secret used to negotiate and renegotiate secret keys. ip security shared secret <secret> <secret> Specify the secret key to ensure Perfect Forward Secrecy security.
All Steelhead appliances that need to communicate to each other using IPSec must have the same key. The ip security shared secret option must be set before IPSec is enabled.
amnesiac (config) # ip security shared secret xxxx
Steelhead appliance show ip
PFS Support Commands
This section describes the PFS support commands.
Note: The PFS commands pfs domain and pfs workgroup have been replaced by domain join and workgroup join. For detailed information, see domain join on page 366 and workgroup join on page 370.
Riverbed Command-Line Interface Reference Manual
239
Configuration-Mode Commands
pfs enable
Description PFS is an integrated virtual file server that allows you to store copies of files on the Steelhead appliance with Windows file access, creating several options for transmitting data between remote offices and centralized locations with improved performance. Data is configured into file shares and the shares are periodically synchronized transparently in the background, over the optimized connection of the Steelhead appliance. PFS leverages the integrated disk capacity of the Steelhead appliance to store file-based data in a format that allows it to be retrieved by NAS clients. PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050. For detailed information about PFS, see the Steelhead Appliance Deployment Guide. Syntax Parameters Usage [no] pfs enable None In RiOS v3.x or higher, you do not need to install the RCU service on the server to synchronize shares. RCU functionality has been moved to the Steelhead appliance. When you upgrade from v2.x to v3.x, your existing shares will be running as v2.x shares. PFS is not appropriate for all network environments. For example, in a collaborative work environment when there are many users reading, writing, and updating a common set of files and records, you should consider not enabling PFS. For detailed information about whether PFS is appropriate for your network environment, see the Steelhead Appliance Deployment Guide. Before you enable PFS, configure the Steelhead appliance to use NTP to synchronize the time. To use PFS, the Steelhead appliance and DC clocks must be synchronized. The PFS Steelhead appliance must run the same version of the Steelhead appliance software as the server side Steelhead appliance. PFS traffic to and from the Steelhead appliance travels through the Primary interface. PFS requires that the Primary interface is connected to the same switch as the LAN interface. For detailed information, see the Steelhead Appliance Installation and Configuration Guide. The PFS share and origin-server share names cannot contain Unicode characters. Note: Using PFS can reduce the overall connection capacity for optimized TCP connections, as memory and CPU resources are diverted to support the PFS operation. The no command option disables PFS support. Example Product Related Topics
amnesiac (config) # pfs enable
Steelhead appliance. show pfs all-info shares
pfs settings
Description Syntax Configures settings for a PFS file share. pfs settings {[admin-password <password>] [log-level <0-10>] [conn-timeout <minutes>] [maxlog-size <size in KB>] [server-signing {enabled | disabled | required}]}
240
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
admin-password <password> log-level <0-10>
Specify the local administrator password. Specify the log level: 0-10. The no command option resets the log level to the default.
conn-timeout <minutes>
Specify the number of minutes after which to time-out idle connections. If there is no read or write activity on a mapped PFS share on a client machine, then the TCP connection times out according to the value set and the client has to re-map the share. The no command option resets the time-out to the default.
max-log-size <size> server signing {enabled | disabled | required}
Specify the maximum log size in KB. The no command option resets the size to the default. Specify the SMB server signing mode: enabled. Specify any type of security signature setting requested by the client machine. disabled. Specify the default value. In this setting, PFS does not support clients with security signatures set to required. required. Specify clients with security signatures set to enabled or required.
Usage
Requires at least one option. PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
Example Product Related Topics
amnesiac (config) # pfs settings server-signing enabled
Steelhead appliance. show pfs all-info shares
pfs share cancel-event
Description Syntax Parameters Usage Example Product Related Topics Cancels a PFS synchronization and verification. [no] pfs share cancel-event local-name <name> local-name <name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance.
PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
amnesiac (config) # pfs share cancel-event local-name test
Steelhead appliance. show pfs all-info shares
Riverbed Command-Line Interface Reference Manual
241
Configuration-Mode Commands
pfs share configure
Description Configures a PFS file share. This command applies to v3.x or higher shares. For information on Version 2.X shares, see pfs share configure (RiOS v2.0.x only) on page 244. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares. Riverbed recommends you upgrade your v2.x shares to v3.x (or higher) shares so that you do not have to run the RCU on a server. For detailed information, see the Steelhead Appliance Deployment Guide. Syntax [no] pfs share configure local-name <local name> version 3 mode {broadcast | local | standalone} remote-path <remote path> server-name <name> server-account <login> serverpassword <password> interval <seconds> [full-interval <seconds>] [comment <description>] [start-time <yyyy/mm/dd hh:mm:ss>] [full-start-time <yyyy/mm/dd hh:mm:ss>] local-name <local name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. The local share name cannot contain Unicode characters.
Parameters
242
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
mode [broadcast | local | standalone]
Specify the mode of file sharing: Broadcast. Use Broadcast mode for environments seeking to broadcast a set of read-only files to many users at different sites. Broadcast mode quickly transmits a read-only copy of the files from the origin server to your remote offices. The PFS share on the Steelhead appliance contains read-only copies of files on the origin server. The PFS share is synchronized from the origin server according to parameters you specify. However, files deleted on the origin server are not deleted on the Steelhead appliance until you perform a full synchronization. Additionally, if, on the origin server, you perform directory moves (for example, move .\dir1\dir2 .\dir3\dir2) regularly, incremental synchronization will not reflect these directory changes. You must perform a full synchronization frequently to keep the PFS shares in synchronization with the origin server. Local. Use Local mode for environments that need to efficiently and transparently copy data created at a remote site to a central data center, perhaps where tape archival resources are available to back up the data. Local mode enables read-write access at remote offices to update files on the origin file server. After the PFS share on the Steelhead appliance receives the initial copy from the origin server, the PFS share copy of the data becomes the master copy. New data generated by clients is synchronized from the Steelhead appliance copy to the origin server based on parameters you specify when you configure the share. The folder on the origin server essentially becomes a back-up folder of the share on the Steelhead appliance. If you use Local mode, users must not directly write to the corresponding folder on the origin server. Caution: In Local mode, the Steelhead appliance copy of the data is the master copy; do not make changes to the shared files from the origin server while in Local mode. Changes are propagated from the remote office hosting the share to the origin server. Important: Riverbed recommends that you do not use Windows file shortcuts if you use PFS. For detailed information, contact Riverbed Technical Support at https://support.riverbed.com. Stand-Alone. Use Stand-Alone mode for network environments where it is more effective to maintain a separate copy of files that are accessed locally by the clients at the remote site. The PFS share also creates additional storage space. The PFS share on the Steelhead appliance is a one-time, working copy of data mapped from the origin server. You can specify a remote path to a directory on the origin server, creating a copy at the branch office. Users at the branch office can read from or write to stand-alone shares but there is no synchronization back to the origin server since a stand-alone share is an initial and one-time only synchronization. Note: When you configure a v3.x Local mode share or any v2.x share (except a Stand-Alone share in which you do not specify a remote path to a directory on the origin server), a text file (._rbt_share_lock. txt) that keeps track of which Steelhead appliance owns the share is created on the origin server. Do not remove this file. If you remove the._rbt_share_lock. txt file on the origin file server, PFS will not function properly (v3.x or higher). Broadcast and Stand-Alone shares do not create this text file.
remote-path <remote path> server-account <login> server-password <password>
Specify, using UNC format, the path to the data on the origin server that you want to make available to PFS. Specify the login and password to be used to access the shares folder on the origin file server. The login must be a member of the Administrators group on the origin server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group).
Riverbed Command-Line Interface Reference Manual
243
Configuration-Mode Commands
interval <seconds>
Specify the interval that you want incremental synchronization to occur. The first synchronization, or the initial copy, retrieves data from origin file server and copies it to the local disk on the Steelhead appliance. Subsequent synchronizations are based on the synchronization interval. In incremental synchronization, only new and changed data are sent between the proxy file server and the origin file server. Specify the frequency of updates (full synchronization) in minutes. In full synchronization, a full directory comparison is performed and all changes since the last full synchronization are sent between the proxy file server and the origin file server. Use full synchronization if performance is not an issue. Specify the date and time to commence initial synchronization. Specify the start time for full synchronization.
full-interval <seconds>
start-time <yyyy/ mm/dd hh:mm:ss> full-start-time <yyyy/mm/dd hh:mm:ss> [comment <description>] Usage
Optionally, specify a description for the share.
For v3.x (or higher) PFS shares, you do not need to install the RCU service on a Windows server. Make sure the server-account you specify is a member of the Administrators group on the origin server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
Example
amnesiac (config) # pfs share configure local-name test version 2 mode local remotepath c:/data server-name test port 81 interval 5 full-interval 5 start-interval 2006/06/06 02:02:02 comment test amnesiac (config) # amnesiac (config)
Product Related Topics
Steelhead appliance. show pfs all-info shares
pfs share configure (RiOS v2.0.x only)
Description Configures a PFS file share for v2.x Steelhead appliance software. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares. For information about configuring v3.x (or higher) shares, see pfs share configure on page 242. Syntax [no] pfs share configure local-name <local name> version 2 mode {broadcast | local | standalone} server-name <name> port <port> remote-path <remote path> interval <seconds> [full-interval <seconds>] [comment <description>] [start-time <yyyy/mm/dd hh:mm:ss>] [fullstart-time <yyyy/mm/dd hh:mm:ss>]
244
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
local-name <local name>
Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. The local share name cannot contain Unicode characters.
mode [broadcast | local | standalone] server-name <name> port <port> remote-path <remote path>
Specify the mode of file sharing. For details, see pfs share configure on page 242. Specify the origin server and port located in the data center which hosts the origin data volumes (folders). The origin-server share name cannot contain Unicode characters. Specify the remote path for the share folder on the origin file server. For v2.x, you must have the RCU service running on a Windows server (this can be the origin file server or a separate server). If the origin server is not the RCU server, you specify the remote path using the UNC format for the mapped drive. If the origin server is the same as the RCU server then you must type its full path including the drive letter, for example C:\data. Specify the interval that you want incremental synchronization to occur. The first synchronization, or the initial copy, retrieves data from origin file server and copies it to the local disk on the Steelhead appliance. Subsequent synchronizations are based on the synchronization interval. In incremental synchronization, only new and changed data are sent between the proxy file server and the origin file server. Specify the frequency of full synchronization updates in minutes. In full synchronization, a full directory comparison is performed and all changes since the last full synchronization are sent between the proxy file server and the origin file server. Use full synchronization if performance is not an issue. Specify the date and time to commence initial synchronization. Specify the start time for full synchronization.
interval <seconds>
full-interval <seconds>
start-time <yyyy/ mm/dd hh:mm:ss> full-start-time <yyyy/mm/dd hh:mm:ss> [comment <description>]
Optionally, specify an administrative description for the share.
Riverbed Command-Line Interface Reference Manual
245
Configuration-Mode Commands
Usage
Riverbed strongly recommends that you upgrade your shares to v3.x shares. If you upgrade any v2.x shares, you must upgrade all of them. After you have upgraded shares to v3.x, you should only create v3.x shares. By default, when you configure PFS shares with Steelhead appliance software v3.x and higher, you create v3.x PFS shares. PFS shares configured with Steelhead appliance software v2.x are v2.x shares. Version 2.x shares are not upgraded when you upgrade Steelhead appliance software. If you do not upgrade your v.2.x shares: You should not create v3.x shares. You must install and start the RCU on the origin server or on a separate Windows host with write-access to the data PFS uses. The account that starts the RCU must have write permissions to the folder on the origin file server that contains the data PFS uses. You can download the RCU from the Riverbed Technical Support site at https://support.riverbed.com. For detailed information, see the Riverbed Copy Utility Reference Manual. Make sure the account that starts the RCU has permissions to the folder on the origin file server and is a member of the Administrators group on the remote share server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). In Steelhead appliance software version 3.x and higher, you do not need to install the RCU service on the server for synchronization purposes. All RCU functionality has been moved to the Steelhead appliance. You must configure domain, not workgroup, settings, using the domain join command. Domain mode supports v2.x PFS shares but Local Workgroup mode is supported only in v3.x (or higher). PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
Example
amnesiac (config) # pfs share configure local-name test version 2 mode local remote-path c:/data server-name test port 81 interval 5 full-interval 5 start-interval 2006/06/06 02:02:02 comment test
Product Related Topics
Steelhead appliance. show pfs all-info shares
pfs share manual-sync
Description Syntax Parameters Usage Example Product Related Topics Performs a manual synchronization of a PFS share. pfs share manual-sync local-name <local name> local-name <local name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance.
PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
amnesiac (config) # pfs share manual-sync local-name test
Steelhead appliance. show pfs all-info shares
246
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
pfs share modify
Description Modifies properties of a PFS file share. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares. Syntax [no] pfs share modify local-name <local name> [acl-group-ctrl {true | false}] [acl-inherit {true | false}] [syncing {true | false}] [port <port>] [sharing {true | false}] [mode broadcast | local | standalone <cr>] [remote-path <remote path>] [server-name <name>] [server-account <login>] [server-password <password>] [port <port>] [interval <seconds>] [full-interval <seconds>] [full-start-time <yyyy/mm/dd hh:mm:ss>] [start-time <yyyy/mm/dd hh:mm:ss>] comment <description>]
Riverbed Command-Line Interface Reference Manual
247
Configuration-Mode Commands
Parameters
local-name <local name>
Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. The local share name cannot contain Unicode characters.
acl-group-ctrl {true | false}
Specify true if you want accounts in the primary owners group to be able to assign permissions. Specify false if you want only the primary owner or local administrator to be able to assign permissions. The default value is false.
acl-inherit {true | false}
Specify true if you want shared folders to inherit permissions from parents. Specify false if you do not want to retain inherited permissions. The default value is false.
syncing {true | false}
Specify true to enable synchronization. Specify false to disable synchronization. The default value is false.
sharing {true | false}
Specify true to enable sharing. Specify false to disable sharing. The default value is false.
port <port> mode <mode> remote-path <remote path>
Specify the share port. Specify the mode of file sharing. For details, see pfs share configure on page 242. For version 3.x (or higher) shares, specify the remote path using UNC format to specify the server name and remote path. For version 2.x shares, specify the remote path for the share folder on the origin file server. For version 2.x shares, you must have the RCU service running on a Windows server (this can be the origin file server or a separate server). If the origin server is not the RCU server, you specify the remote path using the UNC format for the mapped drive. If the origin server is the same as the RCU server then you must type its full path including the drive letter, for example C:\data.
server-name <name> port <port> server-account <login> server-password <password> interval <seconds>
Version 2.x shares only. Specify the origin server and port located in the data center which hosts the origin data volumes (folders). The origin-server share name cannot contain Unicode characters. Version 3.x or higher shares only. Specify the login to be used to access the shares folder on the origin file server. The login must be a member of the Administrators group on the origin server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). Specify the interval that you want incremental synchronization updates to occur. The first synchronization, or the initial copy, retrieves data from origin file server and copies it to the local disk on the Steelhead appliance. Subsequent synchronizations are based on the synchronization interval. Specify the frequency of full synchronization updates, in minutes. Use full synchronization if performance is not an issue. Specify the date and time to commence initial synchronization.
full-interval <seconds> start-time <yyyy/ mm/dd hh:mm:ss>
248
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
full-start-time <yyyy/mm/dd hh:mm:ss> [comment <description>] Usage
Specify the start time for full synchronization.
Optionally, specify an administrative description for the share.
You must specify at least one option. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares; Riverbed strongly recommends you upgrade your v2.x shares to 3.x or higher shares. PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
Example Product Related Topics
amnesiac (config) # pfs share modify local-name test remote-path /tmp server-name mytest mode broadcast frequency 10
Steelhead appliance. show pfs all-info shares
pfs share upgrade
Description Syntax Parameters Upgrades shares from v2.x to v3.x software. pfs share upgrade local-name <local name> remote-path <remote path> server-account <login> server-password <server password> local-name <local name> remote-path <remote path> server-account <server login> server-account <server login> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. Specify the remote path to the share. Specify the server login. Specify the server password.
Riverbed Command-Line Interface Reference Manual
249
Configuration-Mode Commands
Usage
Riverbed strongly recommends that you upgrade your shares to v3.x shares. If you upgrade any v2.x shares, you must upgrade all of them. After you have upgraded shares to v3.x, you should only create v3.x shares. By default, when you configure PFS shares with Steelhead appliance software v3.x and higher, you create v3.x PFS shares. PFS shares configured with Steelhead appliance software v2.x are v2.x shares. Version 2.x shares are not upgraded when you upgrade Steelhead appliance software. If you do not upgrade your v.2.x shares: Do not create v3.x shares. You must install and start the RCU on the origin server or on a separate Windows host with write-access to the data PFS uses. The account that starts the RCU must have write permissions to the folder on the origin file server that contains the data PFS uses. You can download the RCU from the Riverbed Technical Support site at https://support.riverbed.com. For detailed information, see the Riverbed Copy Utility Reference Manual. Make sure the account that starts the RCU has permissions to the folder on the origin file server and is a member of the Administrators group on the remote share server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). In Steelhead appliance software version 3.x and higher, you do not need to install the RCU service on the server for synchronization purposes. All RCU functionality has been moved to the Steelhead appliance. You must configure domain, not workgroup, settings, using the domain join command. Domain mode supports v2.x PFS shares but Local Workgroup mode is supported only in v3.x (or higher). PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
Example Product Related Topics
amnesiac (config) # pfs share verify local-name test
Steelhead appliance. show pfs all-info shares
pfs share verify
Description Syntax Parameters Usage Example Product Related Topics Verifies a PFS share. pfs share verify local-name <local name> local-name <local name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance.
PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
amnesiac (config) # pfs share verify local-name test
Steelhead appliance. show pfs all-info shares
250
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
pfs start
Description Syntax Parameters Usage Example Product Related Topics Starts the PFS service. [no] pfs start None PFS is supported only on models 520, 550, 1010, 1020, 1050, 1520, 2020, 2050, 3010, 3020, 3520, 5010, 5050, and 6050.
amnesiac (config) # pfs start
Steelhead appliance. show pfs all-info shares
CIFS Prepopulation Support Commands
This section describes the CIFS prepopulation support commands.
prepop enable
Description Syntax Parameters Usage Enables the CIFS prepopulation feature. [no] prepop enable None The prepopulation operation effectively performs the first Steelhead read of the data on the prepopulation share. Subsequently, the Steelhead appliance handles read and write requests as effectively as with a warm data transfer. With warm transfers, only new or modified data is sent, dramatically increasing the rate of data transfer over the WAN. Note: Riverbed does not support prepopulation with Windows Domain Controller servers with SMB signing set to Required. If your network environment requires SMB signing, use the RCU to prepopulate your shares. You can obtain the RCU from the Riverbed Technical Support site at https://support.riverbed.com. The no command option disables the prepopulation feature. Example Product Related Topics
amnesiac (config) # prepop enable
Steelhead appliance show prepop
Riverbed Command-Line Interface Reference Manual
251
Configuration-Mode Commands
prepop share cancel-event
Description Syntax Parameters Usage Example Product Related Topics Cancels CIFS prepopulation synchronization and verification for a share. [no] prepop share cancel-event {remote-path <remote-path>} remote-path <remotepath> Cancels synchronization and verification processes for a remote share.
The no command option disables the prepopulation share.
amnesiac (config) # prepop share cancel-event remote-path \\\\example\\main\\users\\my-example
Steelhead appliance show prepop
prepop share configure
Description Syntax Configures CIFS prepopulation settings for a share. [no] prepop share configure {remote-path <path> server-account <login> server-password <password> interval <number of seconds> [comment <text comment> starttime <date and time>]} remote-path <remotepath> server-account <login> server-password <password> interval <number of seconds> comment <text comment> start-time <date and time> Usage Example Product Related Topics Specify the remote path of the share to be synchronized. Use the following format: \\\\example\\example\\example\\my_example Specify the login, if any, required to access the share. Specify the corresponding password, if any, to access the share. Specify the number of seconds for the synchronization interval. Type a string to describe the share for administrative purposes. Specify a start time for synchronization, in the following format: yyyy/mm/dd hh:mm:ss
Parameters
The no command option disables the prepopulation share.
amnesiac (config) # prepop share configure remote-path \\\\example\\main\\users\\my-example interval 68 start-time 2007/09/09 00:00:00
Steelhead appliance show prepop
252
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
prepop share manual-sync
Description Syntax Parameters Performs a manual synchronization and verification processes for a remote share. [no] prepop share manual-sync {remote-path <remote-path>} remote-path <remotepath> Specify the remote path of the share to be synchronized. Use the following format: \\\\example\\example\\example\\my_example
Usage Example Product Related Topics
The no command option disables the prepopulation share.
amnesiac (config) # prepop share manual-sync remote-path \\\\example\\main\\users\\my-example
Steelhead appliance show prepop
prepop share modify
Description Syntax Modifies prepopulation settings for a share. [no] prepop share modify {remote-path <path> server-account <login> server-password <password> interval <number of seconds> comment <text comment> starttime <date and time> | start-time <date and time> | syncing <true | false>} remote-path <remotepath> Specify the remote path of the share to be synchronized. Set up the prepopulation share on the remote box pointing to the actual share in the head-end data center server. Use the following format: \\\\example\\example\\example\\my_example Specify the login, if any, required to access the share. Specify the corresponding password, if any, to access the share. Specify the number of seconds for the synchronization interval. Type a string to describe the share for administrative purposes. Specify a start time for synchronization, in the following format: yyyy/mm/dd hh:mm:ss Disables or enables synchronization of a share.
Parameters
server-account <login> server-password <password> interval <number of seconds> comment <text comment> start-time <date and time> synching <true | false> Usage Example Product Related Topics
The no command option disables the prepopulation share.
amnesiac (config) # prepop share modify remote-path \\\\example\\main\\users\\myexample interval 68 start-time 2007/09/09 00:00:00
Steelhead appliance show prepop
Riverbed Command-Line Interface Reference Manual
253
Configuration-Mode Commands
protocol cifs prepop enable
Description Syntax Parameters Usage Example Product Related Topics Enables CIFS transparent prepopulation. [no] protocol cifs prepop enable None The no command option disables CIFS transparent prepopulation.
amnesiac (config) # protocol cifs prepop enable
Steelhead appliance show prepop
CIFS Support Commands
This section describes the CIFS support commands.
protocol cifs applock enable
Description Syntax Parameters Usage Enables CIFS application lock mechanism. RiOS v5.5.x optimizes Microsoft Office, Excel, and
CIFS traffic with SMB signing enabled.
[no] protocol cifs applock enable None Enables CIFS latency optimizations to improve read and write performance for Microsoft Office and Excel. By default, this setting is off. This feature enhances and overrides the enable overlapping opens feature by identifying and obtaining locks on read write access at the application level. The overlapping open optimization feature handles locks at the file level. Note: Enable the applock optimization feature on the client-side Steelhead appliance. The clientside Steelhead appliance must be running RiOS v5.5.x or later. Example Product Related Topics
amnesiac (config) # protocol cifs applock enable
Steelhead appliance show protocol cifs applock
protocol cifs dw-throttling enable
Description Syntax Parameters Enables CIFS dynamic throttling mechanism. [no] protocol cifs dw-throttling enable None
254
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Enables CIFS dynamic throttling mechanism which replaces the current static buffer scheme. If you enable CIFS dynamic throttling, it is activated only when there are sub-optimal conditions on the server-side causing a back-log of write messages; it does not have a negative effect under normal network conditions. The no command option disables the dynamic throttling mechanism.
Example Product Related Topics
amnesiac (config) # protocol cifs dw-throttling enable
Steelhead appliance show protocol cifs
protocol cifs disable write optimization
Description Syntax Parameters Usage Disables CIFS write optimization. [no] protocol cifs disable write optimization None Disable write optimization only if you have applications that assume and require write-through in the network. If you disable write optimization, the Steelhead appliance still provides optimization for CIFS reads and for other protocols, but you might experience a slight decrease in overall optimization. Most applications operate safely with write optimization because CIFS allows you to explicitly specify write-through on each write operation. However, if you have an application that does not support explicit write-through operations, you must disable it in the Steelhead appliance. If you do not disable write-through, the Steelhead appliance acknowledges writes before they are fully committed to disk, to speed up the write operation. The Steelhead appliance does not acknowledge the file close until the file is safely written. The no command option enables CIFS write optimization. Example Product Related Topics
amnesiac (config) # protocol cifs disable write optimization
Steelhead appliance show protocol cifs
protocol cifs enable
Description Syntax Parameters Usage Enables CIFS optimization. CIFS optimization is enabled by default. [no] protocol cifs enable None Typically, you disable latency optimization to troubleshoot problems with the system. Important: Latency optimization must be enabled (or disabled) on both Steelhead appliances. The no command option disables CIFS optimization for testing purposes.
Riverbed Command-Line Interface Reference Manual
255
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol cifs enable
Steelhead appliance show protocol cifs
protocol cifs nosupport
Description Syntax Parameters Sets a specified OS as unsupported for optimization. protocol cifs nosupport client | server {add | remove} <os name> client | server add | remove <os name> Example Product Related Topics Specify the location to disable OS support. Adds or removes a OS support from the specified location. Specify the OS type: longhorn, vista, win2k3, winxp, win2k, win98. wnt4, wnt3, winunk. emc. mac, linux, novell, samba, snap, unix, bsd
minna (config) # protocol cifs nosupport client add win2k minna (config) #
Steelhead appliance show protocol cifs
protocol cifs oopen enable
Description Syntax Parameters Usage Enables CIFS overlapping opens. [no] protocol cifs oopen enable None Enable overlapping opens to obtain better performance with applications that perform multiple opens on the same file (for example, CAD applications). By default, this setting is disabled. With overlapping opens enabled the Steelhead appliance optimizes data where exclusive access is available (in other words, when locks are granted). When an oplock is not available, the Steelhead appliance does not perform application-level latency optimizations but still performs SDR and compression on the data as well as TCP optimizations. Note: If a remote user opens a file that is optimized using the overlapping opens feature and a second user opens the same file, they might receive an error if the file fails to go through a v3.x.x or later Steelhead appliance or if it does not go through a Steelhead appliance (for example, certain applications that are sent over the LAN). If this occurs, you should disable overlapping opens for those applications. You can configure an include list or exclude list of file types subject to overlapping opens optimization with the protocol cifs oopen extension on page 257. The no command option disables CIFS overlapping opens.
256
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol cifs oopen enable
Steelhead appliance show protocol cifs oopen
protocol cifs oopen extension
Description Syntax Configures file extensions to include or exclude from overlapping open optimization. protocol cifs oopen extension { [add <ext> <cr> | setting-always <policy>] | [modify <ext> setting <policy> <cr>] | remove <ext> <cr>} add <ext> <cr> setting-always <policy> Specify a list of file extensions to include in overlapping opens optimization. Specify the policy to force on the specified file extension: allow. Allows overlapping opens to enable better performance. deny. Denies overlapping opens on the specified file extension. [modify <ext> setting <policy> <cr>] Modifies the policy setting for the specified file extension: allow. Allows overlapping opens to enable better performance. deny. Denies overlapping opens on the specified file extension. remove <ext> <cr> Usage Removes a file extension from the special case list (that is, do not optimize the specified file extension)
Parameters
Enable overlapping opens to obtain better performance with applications that perform multiple opens on the same file. With overlapping opens enabled, the Steelhead appliance optimizes data to which exclusive access is available (in other words, when locks are granted). When an oplock is not available, the Steelhead appliance does not perform application-level latency optimization but still performs SDR and compression on the data, as well as TCP optimizations. If you do not enable this feature, the Steelhead appliance still increases WAN performance, but not as effectively. Enabling this feature on applications that perform multiple opens on the same file to complete an operation (for example, CAD applications) results in a performance improvement. You specify a list of extensions you want to optimize using overlapping opens. You can also use this command to specify a list of extensions you do not want to optimize using overlapping opens. If a remote user opens a file which is optimized using the overlapping opens feature and a second user opens the same file, the second user might receive an error if the file fails to go through a v3.x Steelhead appliance or if it does not go through a Steelhead appliance at all (for example, certain applications that are sent over the LAN). If this occurs, you should disable overlapping opens for those applications.
Example Product Related Topics
amnesiac (config) # protocol cifs oopen extension modify pdf setting <policy>
Steelhead appliance show protocol cifs oopen
Riverbed Command-Line Interface Reference Manual
257
Configuration-Mode Commands
protocol cifs oopen policy
Description Syntax Parameters Usage Example Product Related Topics Changes the default CIFS overlapping open policy. [no] protocol cifs oopen policy allow | deny <default policy> Specify the policy: allow or deny
The default policy is to deny overlapping open optimization.
amnesiac (config) # protocol cifs oopen policy allow
Steelhead appliance show protocol cifs oopen
protocol cifs secure-sig-opt enable
Description Syntax Parameters Usage Enables Security Signature negotiations between Windows client and the server. [no] protocol cifs secure-sig-opt enable None The Secure-CIFS feature automatically stops Windows SMB signing. SMB signing prevents the appliance from applying full optimization on CIFS connections and significantly reduces the performance gain from a Steelhead deployment. Because many enterprises already take additional security precautions (such as firewalls, internal-only reachable servers, and so forth), SMB signing adds little additional security, at a significant performance cost (even without Steelhead appliances). Before you enable Secure-CIFS, you must consider the following factors: If the client-side machine has Required signing, enabling Secure-CIFS prevents the client from connecting to the server. If the server-side machine has Required signing, the client and the server connect but you cannot perform full latency optimization with the Steelhead appliance. Domain controllers default to Required. For detailed information about disabling Windows security signing, see the Steelhead Appliance Installation and Configuration Guide. If your deployment requires SMB signing, see the Steelhead Management Console Users Guide for detailed procedures, including procedures for Windows. The no command option enables Security Signature negotiations. Example Product Related Topics
amnesiac (config) # protocol cifs secure-sig-opt enable
Steelhead appliance show protocol cifs
258
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol cifs smbv1-mode enable
Description Syntax Parameters Usage Enables SMBv1 backward compatibility mode, which allows a Steelhead appliance to perform CIFS latency optimization and SDR on SMB traffic in Windows Vista environments. [no] protocol cifs smbv1-mode enable None Improves SMB optimization for Windows Vista users. Select to perform latency and SDR optimizations on SMB traffic on the client-side Steelhead appliance. Without this feature, Steelhead appliances perform only SDR optimization without improving CIFS latency. This feature enables SMBv1 for Vista-to-Vista CIFS connections instead of SMBv2 (similar to Vista to pre-Vista CIFS connections). While the Steelhead appliances are fully compatible with the SMBv2 included in Vista, they deliver the best performance using SMBv1. Important: You must restart the client Steelhead service after enabling the SMBv1 Backward Compatibility Mode. To enable SDR and CIFS latency optimization on SMB traffic in a Windows Vista environment, perform the following steps on the client-side Steelhead appliance: 1. Run the following command:
protocol cifs smbv1-mode enable
2. Restart the Steelhead service.
restart
The no command option disables this feature. Example Product Related Topics
amnesiac (config) # protocol cifs smbv1-mode enable
Steelhead appliance show protocol cifs
SMB Signing Commands
This section describes SMB signing commands. For detailed information about SMB signing, including steps for configuring Windows, see the Steelhead Management Console Users Guide.
smb signing sign-only enable
Description Syntax Parameters Usage Enables SMB Signing Sign-Only list entries. [no] smb signing sign-only enable None Whether or not to sign traffic to a given server is determined through entries in either the SignOnly or Sign-All-Except list. These lists are populated using the protocol cifs smb signing rule command.
Riverbed Command-Line Interface Reference Manual
259
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # smb signing sign-only enable
Steelhead appliance show smb signing status
protocol cifs smb signing delegation
Description Syntax Parameters Configures a delegate user for a specified domain. SMB signing trusted delegation settings. [no] protocol cifs smb signing delegation domain <domain> user <username> password <password> domain <domain> user <username> password <password> Example Product Related Topics Specify the SMB signing trusted delegation domain name. The domain must be the fully qualified domain name. Specify the delegate user name for the specified domain. The domain must be the fully qualified domain name for the domain in which the delegate user belongs. Specify the delegate user password for the specified domain.
amnesiac (config) # protocol cifs smb signing delegation domain example user myname password mypassword
Steelhead appliance show smb signing status
protocol cifs smb signing enable
Description Syntax Parameters Enables SMB signing. By default, RiOS SMB signing is disabled. [no] protocol cifs smb signing enable None
260
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
When sharing files, Windows provides the ability to sign CIFS messages to prevent man-in-themiddle attacks. Each CIFS message has a unique signature which prevents the message from being tampered. This security feature is called SMB signing. Prior to the v5.5 release, RiOS did not provide latency optimization for signed traffic. For detailed information about configuring SMB signing, including the necessary steps for Windows, see the Steelhead Management Console Users Guide. You can enable the RiOS SMB signing feature on a server-side Steelhead appliance to alleviate latency in file access with CIFS acceleration while maintaining message security signatures. With SMB signing on, the Steelhead appliance optimizes CIFS traffic by providing bandwidth optimizations (SDR and LZ), TCP optimizations, and CIFS latency optimizationseven when the CIFS messages are signed. By default, RiOS SMB signing is disabled. The RiOS v5.5 SMB signing feature works with Windows 2003 domain security and is fullycompliant with the Microsoft SMB-signing v1 protocol. The server-side Steelhead appliance in the path of the signed CIFS traffic becomes part of the Windows trust domain. The Windows domain is either the same as the domain of the user or has a trust relationship with the domain of the user. The trust relationship can be either a parent-child relationship or an unrelated trust relationship. Important: This feature works with Windows 2003 native mode domains only. The RiOS SMB-signing feature uses Kerberos between the server-side Steelhead appliance and any configured servers participating in the signed session. The client-side Steelhead appliance uses NTLM and will negotiate down to NTLM from Kerberos if supported. The client-side Steelhead appliance does not use Kerberos. Prerequisites With RiOS SMB-signing enabled, Steelhead appliances sign the traffic between the client and the client-side Steelhead appliance and between the server and the server-side Steelhead appliance. The traffic is not signed between the Steelhead appliances, but the Steelheads implement their own integrity mechanisms. For maximum security, Riverbed recommends that you use IPsec encryption to secure the traffic between the Steelhead appliances. RiOS SMB signing requires joining a Windows 2003 domain. Setting the correct time zone is vital for joining a domain. The most common reason for failing to join a domain is a significant difference in the system time on the Windows domain controller and the Steelhead appliance. Basic Steps 1. Verify that the Windows domain functionality is at the Windows 2003 level. For detailed information about configuring SMB signing, including the necessary steps for Windows, see the Steelhead Management Console Users Guide. 2. Identify the full domain name, which must be the same as DNS. You need to specify this name when you join the server-side Steelhead appliance to the domain. 3. Identify the short (NetBIOS) domain name (press Ctrl+Alt+Del on any member server). You need to specify the short name when the Steelhead appliance joins the domain if it does not match the left-most portion of the fully-qualified domain name. 4. Make sure that the primary or auxiliary interface for the server-side Steelhead appliance is routable to the DNS and the Domain Controller. 5. Verify the DNS settings: You must be able to ping the server-side Steelhead appliance, by name, from a CIFS server joined to the same domain that the server-side Steelhead appliance will join. If you cannot, create an entry in the DNS server for the server-side Steelhead appliance. You must be able to ping the Domain Controller, by name, whose domain the server-side Steelhead appliance will join. To verify your domain run the show domain, and show dns settings.
Riverbed Command-Line Interface Reference Manual
261
Configuration-Mode Commands
6. Join the Windows domain running in native mode. RiOS SMB-signing does not support Windows NT, Windows 2000, or Windows 2008 domains. For detailed information about joining domains, see domain join on page 366. 7. Set up the Domain Controller and SPN. For detailed information, see the Steelhead Management Console Users Guide. 8. Grant the user access to delegate CIFS service in Windows. You must perform the following procedure for every server on which you want to enable RiOS SMB signing. For detailed information, see the Steelhead Management Console Users Guide. 9. Add delegate users on the Steelhead appliance. 10.Enable SMB signing on the server-side Steelhead appliances. For detailed procedures, see the Steelhead Management Console Users Guide. Example Product Related Topics
amnesiac (config) # protocol cifs smb signing enable
Steelhead appliance show smb signing status
protocol cifs smb signing rule
Description Syntax Parameters Adds or removes IP addresses from the Sign-All-Except and Sign-Only list. [no] protocol cifs smb signing rule {select | sign-all-except <ip-addr> | sign-only <ip-addr>} select <ruleselection> sign-allexcept <ipaddr> sign-only <ip-addr> Usage Select SMB Signing rule list. Specify the IP address Sign-All-Except list for SMB signing rules.
Specify the IP address for the Sign-Only list for SMB signing rules.
Entries in the Sign-All-Except list specify servers for which the SMB signing blade is used. If SignAll-Except is specified, then only entries in this list will be signed. If Sign-Only is specified, then all addresses except those in the list are used. The list used is determined by the protocol cifs smb signing rule command. You can verify your rules using the show smb signing rules command.
amnesiac (config) # protocol cifs smb signing rule always-sign 10.0.0.0
Example Product Related Topics
Steelhead appliance show smb signing status
RiOS TCP Dump Commands
This section describes RiOS TCP dump commands. The system also runs the standard tcpdump utility. For detailed information, see tcpdump on page 111.
262
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
tcpdump-x all-interfaces
Description Syntax Configures a list of all interfaces for a TCP dump capture. [no] tcpdump-x all-interfaces capture-name <capture-name> continuous <cr> | duration <seconds> <cr> [schedule-time <HH:MM:SS> [schedule-date <YYYY/MM/DD>]] | [rotatecount <# files>] | [snaplength <snaplength>] | [sip <src-addr>] | [dip <dst-addr>] | [sport <src-port>] | [dport <dst-port>] | [dot1q <>] | [custom <custom-param>] | [file-size <megabytes>] capturename <capturename> Specify a capture name to help you identify the TCP Dump. The default filename uses the following format:
<hostname>_<interface>_<timestamp>.cap
Parameters
Where hostname is the hostname of the Steelhead appliance, interface is the name of the interface selected for the trace (for example, lan0_0, wan0_0), and timestamp is in the YYYY-MM-DD-HH-MM-SS format. Note: The .cap file extension is not included with the filename when it appears in the capture queue. continuous duration <seconds> scheduletime <HH:MM:S S> scheduledate <YYYY/ MM/DD> rotate-count <#files> snaplength <snaplength > sip <srcaddr> dip <dstaddr> sport <srcport> dport <dstport> dot1q custom <customparam> file-size <megabytes > Start a continuous capture. Specify the run time for the capture in seconds. Specify a time to initiate the trace dump in the following format: HH/MM/SS
Specify a date to initiate the trace dump in the following format: YYYY/MM/DD
Specify the number of files to rotate. Specify the snap length value for the trace dump. The default value is 300. Specify 0 for a full packet capture (that is, CIFS, MAPI, and SSL). Specify the source IP addresses. Separate multiple ports with a comma. The default setting is all IP addresses. Specify the destination IP addresses. Separate multiple ports with a comma. The default setting is all IP addresses. Specify the source port(s). Separate multiple ports with a comma. The default setting is all ports. Specify the destination ports. Separate multiple ports with a comma. The default setting is all ports. Filter dot1q packets. For detailed information about dot1q VLAN tunneling, see your Cisco router documentation. Specify custom parameters for packet capture.
Specify the file size of the capture in megabytes.
Riverbed Command-Line Interface Reference Manual
263
Configuration-Mode Commands
Usage
You can capture and retrieve multiple TCP trace dumps. You can generate trace dumps from multiple interfaces at the same time and you can schedule a specific date and time to generate a trace dump.
amnesiac (config) # tcpdump-x all-interfaces duration 200
Example Product Related Topics
Steelhead appliance show tcpdump
tcpdump-x capture-name stop
Description Syntax Parameters Example Product Related Topics Stops the specified TCP dump capture. [no] tcpdump-x capture-name <capture-name> stop <capturename> Specify the capture name to stop.
amnesiac (config) # tcpdump-x capture-name example stop
Steelhead appliance show tcpdump
264
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
tcpdump-x foreground
Description Syntax Parameters Displays packets on a network. [no] tcpdump-x foreground <cr> | <tcpdump options> <tcpdump options> The tcpdump command takes the standard Linux options: -a. Attempt to convert network and broadcast addresses to names. -c. Exit after receiving count packets. -d. Dump the compiled packet-matching code in a human readable form to standard output and stop. -dd. Dump packet-matching code as a C program fragment. -ddd. Dump packet-matching code as decimal numbers (preceded with a count). -e. Print the link-level header on each dump line. -E. Use algo:secret for decrypting IPsec ESP packets. -f. Print foreign internet addresses numerically rather than symbolically. -F. Use file as input for the filter expression. An additional expression given on the command line is ignored. -i. Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. -n. Do not convert addresses (such as host addresses, port numbers, and so forth) to names. -N. Do not print domain name qualification of hostnames. For example, if you specify this flag, then tcpdump will print nic instead of nic.ddn.mil. -m. Load SMI MIB module definitions from file module. This option can be used several times to load several MIB modules into tcpdump. -q. Quiet output. Print less protocol information so output lines are shorter. -r Read packets from file (which was created with the -w option). Standard input is used if file is -. -S. Print absolute, not relative, TCP sequence numbers. -v. (Slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. -w. Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is -. -x. Print each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. -X. When printing hex, print ascii too. Thus if -x is also set, the packet is printed in hex/ascii. This option enables you to analyze new protocols. For detailed information, see the Linux man page. Example Product Related Topics
amnesiac (config) # tcpdump-x foreground
Steelhead appliance show tcpdump
Riverbed Command-Line Interface Reference Manual
265
Configuration-Mode Commands
tcpdump-x interfaces
Description Syntax Configures a comma separated list of interfaces to capture in the background. [no] tcpdump-x interfaces <interface-name> continuous <cr> | duration <seconds> <cr> [schedule-time <HH:MM:SS> [schedule-date <YYYY/MM/DD>]] | [rotate-count <# files>] | [snaplength <snaplength>] | [sip <src-addr>] | [dip <dst-addr>] | [sport <src-port>] [dport <dst-port>] | [dot1q <>] | [custom <custom-param>] | [file-size <megabytes>] <interfaces> continuous duration <seconds> scheduletime <HH:MM:S S> scheduledate <YYYY/ MM/DD> rotate-count <#files> snaplength <snaplength > sip <srcaddr> dip <dstaddr> sport <srcport> dport <dstport> dot1q custom <customparam> file-size <megabytes > Example Product Related Topics Specify a comma separated list of interfaces: primary, aux, lan0_0, wan0_0 Start a continuous capture. Specify the run time for the capture in seconds. Specify a time to initiate the trace dump in the following format: HH/MM/SS
Parameters
Specify a date to initiate the trace dump in the following format: YYYY/MM/DD
Specify the number of files to rotate. Specify the snap length value for the trace dump. The default value is 300. Specify 0 for a full packet capture (that is, CIFS, MAPI, and SSL). Specify the source IP addresses. The default setting is all IP addresses. Specify the destination IP addresses. Separate multiple ports with a comma. The default setting is all IP addresses. Specify the source port(s). Separate multiple ports with a comma. The default setting is all ports. Specify the destination ports. Separate multiple ports with a comma. The default setting is all ports. Filter dot1q packets. For detailed information about dot1q VLAN tunneling, see your Cisco router documentation. Specify custom parameters for packet capture.
Specify the file size of the capture in megabytes.
amnesiac (config) # tcpdump-x interfaces capture-name blah snaplength 0 continuous
Steelhead appliance show tcpdump
266
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
HS-TCP Support Commands
This section describes the HS-TCP support commands.
protocol connection lan receive buf-size
Description Syntax Parameters Usage Sets the LAN receive buffer size for HS-TCP. [no] protocol connection lan receive buf-size <bytes> <bytes> Specify the LAN receive buffer size. The default value is 32768.
To support High-Speed TCP (HS-TCP), you must increase your LAN buffer size to 1 MB. The no command option resets the buffer size to the default.
Example Product Related Topics
amnesiac (config) # protocol connection lan receive buf-size 1000000
Steelhead appliance show tcp highspeed
protocol connection lan send buf-size
Description Syntax Parameters Usage Sets the LAN send buffer size for HS-TCP. [no] protocol connection lan send buf-size <bytes> <bytes> Specify the LAN send buffer size. The default value is 81920.
To support HS-TCP, you must increase your LAN buffer size to 1 MB. The no command option resets the buffer size to the default.
Example Product Related Topics
amnesiac (config) # protocol connection lan send buf-size 1000000
Steelhead appliance show tcp highspeed
protocol connection wan receive def-buf-size
Description Syntax Parameters Sets the WAN receive buffer size for HS-TCP. [no] protocol connection wan receive buf-size <bytes> <bytes> Specify the WAN receive buffer size. The default value is 262140.
Riverbed Command-Line Interface Reference Manual
267
Configuration-Mode Commands
Usage
To configure your WAN buffer you must increase the WAN buffers to 2 BDP or 10 MB. You can calculate the BDP WAN buffer size. For example: Bandwidth = 155000000 Mbps Delay = 100 ms For a link of 155 Mbps and 100 ms round-trip delay, set the WAN buffers to
2 * 155000000 * 0.1 / 8 = 3875000
To calculate the BDP for a link
bandwidth * delay / 8 / MTU = X
If X is greater than 100 then HS-TCP is useful in this instance. The no command option resets the buffer size to the default. Example Product Related Topics
amnesiac (config) # protocol connection wan receive def-buf-size 3875000
Steelhead appliance show tcp highspeed
protocol connection wan send def-buf-size
Description Syntax Parameters Usage Sets the WAN send buffer size for HS-TCP. [no] protocol connection wan send buf-size <bytes> <bytes> Specify the WAN send buffer size. The default value is 262140.
To configure your WAN buffer you must increase the WAN buffers to 2 BDP or 10 MB. You can calculate the BDP WAN buffer size. For example: Bandwidth = 155000000 Mbps Delay = 100 ms For a link of 155 Mbps and 100 ms round-trip delay, set the WAN buffers to
2 * 155000000 * 0.1 / 8 = 3875000
To calculate the BDP for a link
bandwidth * delay / 8 / MTU = X
If X is greater than 100 then HS-TCP is useful in this instance. The no command option resets the buffer size to the default. Example Product Related Topics
amnesiac (config) # protocol connection wan send def-buf-size 3875000
Steelhead appliance show tcp highspeed
268
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
tcp highspeed enable
Description Syntax Parameters Usage Enables the HS-TCP feature, which provides acceleration and high throughput for high bandwidth networks where the WAN pipe is large but latency is high. [no] tcp highspeed enable None HS-TCP is activated for all connections that have a BDP larger than 100 packets. If you have a BDP of greater than 512 KB, and you are more interested in filling the WAN pipe than saving bandwidth, you should consider enabling HS-TCP. You need to carefully evaluate whether HS-TCP will benefit your network environment. To enable HS-TCP, you must disable LZ compression and SDR. If you have an Optical Carrier-3 line or faster, turning off SDR makes sense and allows HS-TCP to reach its full potential. To configure HS-TCP enable HS-TCP. disable LZ compression and SDR in the optimization policies if your WAN link capacity is 100 Mbps. enable in-path support. increase the WAN buffers to 2 BDP or 10 MB. You can calculate the BDP WAN buffer size. increase the LAN buffers to 1 MB. To calculate the BDP WAN buffer size.: Bandwidth = 155000000 Mbps Delay = 100 ms For a link of 155 Mbps and 100 ms round-trip delay, the WAN buffers should be set to
2 * 155000000 * 0.1 / 8 = 3875000
To calculate the BDP for a link:
bandwidth * delay / 8 / MTU = X
If X is greater than 100 then HS-TCP is useful in this instance. The no command option disables HS-TCP. Example
amnesiac (config) # in-path rule auto-discover srcaddr 0.0.0.0/0 dstaddr 0.0.0.0/ 0 dstport 0 optimization none vlan -1 neural-mode always rulenum 1 amnesiac (config) # in-path enable amnesiac (config) # protocol connection lan receive buf-size 1000000 amnesiac (config) # protocol connection lan send buf-size 1000000 amnesiac (config) # protocol connection wan receive def-buf-size 3875000 amnesiac (config) # protocol connection wan send def-buf-size 3875000
Product Related Topics
Steelhead appliance show tcp highspeed
Oracle Forms Support Commands
This section describes the Oracle Forms support commands.
Riverbed Command-Line Interface Reference Manual
269
Configuration-Mode Commands
protocol oracle-forms enable
Description Syntax Parameters Usage Enables Oracle Forms optimization. Oracle Forms is browser plug-in that accesses Oracle Forms and Oracle E-Business application suite content from within the browser. [no] protocol oracle-forms enable None Before enabling Oracle Forms optimization, you need to know the mode in which Oracle Forms is running at your organization. For detailed information, see the Steelhead Management Console Users Guide. The Steelhead appliance decrypts, optimizes, and then re-encrypts Oracle Forms native and HTTP mode traffic. Use Oracle Forms optimization to improve Oracle Forms traffic performance. Oracle Forms does not need a separate license and is enabled by default. However, you must also set an in-path rule to enable this feature. To optimize Oracle Forms traffic 1. Make sure Oracle Forms optimization is enabled. 2. Create an in-path rule (fixed-target or auto-discovery) that specifies: destination port: 9000 (native mode, using the default forms server) preoptimization policy: oracle-forms optimization policy: normal latency optimization policy: normal Neural framing: always The no command option disables Oracle Forms optimization. Example
amnesiac (config) # protocol oracle-forms enable amnesiac (config) # in-path rule auto-discover dstaddr 10.11.41.14/32 dstport 9000 preoptimization oracle-forms latency-opt normal neural-mode always rulenum 1
Product Related Topics
Steelhead appliance show protocol mapi, in-path rule auto-discover, in-path rule fixed-target, show protocol oracle-forms
protocol oracle-forms http-enable
Description Syntax Parameters Enables Oracle Forms HTTP mode optimization. Oracle Forms is browser plug-in that accesses Oracle forms and Oracle E-Business application suite content from within the browser. [no] protocol oracle-forms http-enable None
270
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Before enabling Oracle Forms optimization, you need to know the mode in which Oracle Forms is running at your organization. For detailed information, see the Steelhead Management Console Users Guide. Use this command to have the forms server listen for HTTP connections in addition to native mode optimization. All internal messaging between the forms server and the Java client is encapsulated in HTTP packets. Native mode Oracle Forms optimization must be enabled as well. To optimize Oracle Forms HTTP traffic 1. Make sure Oracle Forms HTTP optimization is enabled. 2. Create an in-path rule (fixed-target or auto-discovery) that specifies: destination subnet and port: 8000 (HTTP mode) preoptimization policy: oracle-forms optimization policy: normal latency optimization policy: normal Neural framing: always The no command option disables Oracle Forms HTTP optimization.
Example
amnesiac (config) # protocol oracle-forms http-enable amnesiac (config) # in-path rule auto-discover dstaddr 10.11.41.14/32 dstport 8000 preoptimization oracle-forms latency-opt normal neural-mode always rulenum 1
Product Related Topics
Steelhead appliance show protocol mapi, in-path rule auto-discover, in-path rule fixed-target, show protocol oracle-forms
MAPI Support Commands
This section describes the MAPI support commands.
protocol mapi enable
Description Syntax Parameters Usage Enables MAPI support. [no] protocol mapi enable None MAPI optimization is enabled by default. Typically, you disable MAPI optimization to troubleshoot problems with the system. For example, if you are experiencing problems with Outlook clients connecting with Exchange, you can disable MAPI latency acceleration (while continuing to optimize with SDR for MAPI). The no command option disables MAPI optimization for testing purposes. For example, if you are experiencing problems with Outlook clients connecting with Exchange, you can disable MAPI latency acceleration (while continuing to optimize with SDR for MAPI) by issuing the no protocol mapi enable command. Example Product Related Topics
amnesiac (config) # no protocol mapi enable amnesiac (config) #restart
Steelhead appliance show protocol mapi
Riverbed Command-Line Interface Reference Manual
271
Configuration-Mode Commands
protocol mapi encrypted ntlm-auth enable
Description Syntax Parameters Usage Example Product Related Topics Enables NTLM authorization for encrypted MAPI RPC traffic between Outlook and Exchange. This feature is enabled by default. [no] protocol mapi encrypted ntlm-auth enable None The no command option disables this option.
amnesiac (config) # no protocol mapi encrypted ntlm-auth enable amnesiac (config) #restart
Steelhead appliance show protocol mapi
protocol mapi encrypted enable
Description Syntax Parameters Usage Enables encrypted MAPI RPC traffic optimization between Outlook and Exchange. By default, this option is disabled. [no] protocol mapi encrypted enable None The basic steps to enable encrypted optimization are: The server-side Steelhead appliance must join the same Windows Domain that the Exchange server belongs to and operate as a member server. Verify that Outlook is encrypting traffic. Enable this option on the server-side and client-side Steelhead appliance. Restart the Steelhead appliance. Notes: When this option and MAPI Exchange 2007 acceleration are enabled on either Steelhead appliance, MAPI Exchange 2007 acceleration remains in effect for unencrypted connections. By default, this feature supports NTLM authentication. The Steelhead appliance passes through Kerberos encrypted traffic. The no command option disables this option. Example Product Related Topics
amnesiac (config) # protocol mapi encrypted enable amnesiac (config) #restart
Steelhead appliance show protocol mapi
272
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol mapi 2k3 enable
Description Syntax Parameters Usage Enables Exchange MAPI 2003 acceleration, which allows increased optimization of traffic between Exchange 2003 and Outlook 2003. [no] protocol mapi 2k3 enable None MAPI optimization is enabled by default. Note: For out-of-path deployments, to optimize MAPI Exchange 2003, you must define fixedtarget, in-path rules that specify the following ports on the client-side Steelhead appliance: the Microsoft end-point mapper port: 135; the Steelhead appliance port for Exchange traffic: 7830; the Steelhead appliance port for Exchange Directory NSPI traffic: 7840. The no command option disables MAPI 2003 acceleration. Example Product Related Topics
amnesiac (config) # no protocol mapi 2k3 enable amnesiac (config) #restart
Steelhead appliance show protocol mapi
protocol mapi 2k7 native enable
Description Syntax Parameters Enables optimization to occur if you have Outlook 2007 and Exchange Server 2003 or Exchange Server 2007. [no] protocol mapi 2k7 native enable None
Riverbed Command-Line Interface Reference Manual
273
Configuration-Mode Commands
Usage
Sharing calendars between Outlook 2007 and Exchange 2007 increases the number of connections (anywhere from 1 to 2 extra connections per each user sharing calendars). The connections are persistent and remain even when users are not actively checking other users calendars. Enabling this option helps keep connection counts at sustained, low levels, thereby increasing optimization. Important: In contrast to Outlook 2003, Outlook 2007 uses encrypted communication with the Exchange server by default, regardless of the Exchange Server Version (Exchange Server 2003 or Exchange Server 2007). Leaving encryption on will disable MAPI optimizations. You must disable encryption on the Exchange (Outlook) 2007 clients before enabling this option. Note: You can apply a group policy to disable encryption for the Outlook 2007 clients on a wider scale. If you have Outlook 2007, regardless of the Exchange Server version (Exchange Server 2003 or Exchange Server 2007), communication is encrypted by default. To enable optimization to take place, you must perform the following steps: 1. Make sure you are running v3.0.8 or higher of the Steelhead software. If you are not, you must upgrade your software. For details, see the Steelhead Management Console Users Guide. 2. Disable encryption on the Exchange (Outlook) 2007 clients. For information, refer to your Microsoft documentation. 3. At the Steelhead appliance CLI system prompt, enter the following command:
protocol mapi 2k7 native enable
For details on disabling encryption, see https://support.riverbed.com/kb/solution.htm?id=501700000008VT8AAM. The no command option disables fallback. Optimization does not occur if you specify the no command option. Example Product Related Topics
amnesiac (config) # protocol mapi 2k7 native enable amnesiac (config) #restart
Steelhead appliance show protocol mapi
protocol mapi nspi
Description Syntax Parameters Sets the NSPI port. [no] protocol mapi nspi port <port> <port> Specify the incoming NSPI port number. The default value is 7840.
274
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
In certain situations (for example, clients connecting through a firewall), you might want to force a server to listen on a single pre-defined port so that access to ports can be controlled or locked down on the firewall. In out-of-path deployments, if you want to optimize MAPI Exchange by destination port, you must define in-path rules that specify the following ports on the client-side Steelhead appliance: Port 135. The Microsoft end-point mapper port. Port 7830. The Steelhead appliance port used for Exchange traffic. Port 7840. The Steelhead appliance port used for Exchange Directory NSPI traffic. If you changed the Microsoft Exchange Information Store Interface port in your environment, change port 7830 to the static port number you have configured in your Exchange environment. For further information, see Microsoft Exchange Information Store Interface at http:// support.microsoft.com/default.aspx?scid=kb;en-us;270836. The no command option resets the NSPI port to the default value.
Example Product Related Topics
amnesiac (config) # protocol mapi nspi port 2125
Steelhead appliance show protocol mapi
protocol mapi nspi enable
Description Syntax Parameters Usage Example Product Related Topics Enables the MAPI NSPI feature. MAPI NSPI is enabled by default. [no] protocol mapi nspi enable None The no command option disables MAPI NSPI optimization for testing purposes.
amnesiac (config) # no protocol mapi nspi enable
Steelhead appliance show protocol mapi
protocol mapi port
Description Syntax Parameters Sets the incoming MAPI Exchange port. [no] protocol mapi port <port> <port> Specify the MAPI port number. The default value is 7830.
Riverbed Command-Line Interface Reference Manual
275
Configuration-Mode Commands
Usage
Specify the MAPI Exchange port for optimization. Typically, you do not need to modify the default value, 7830. If you have changed the MEISI port in your Exchange Server environment, change port 7830 to the static port number you have configured in your Exchange environment. For further information about changing (MEISI) ports, see the Microsoft Exchange Information Store Interface at: https://support.microsoft.com/kb/270836/en-us The no command option resets the MAPI port to the default value.
Example Product Related Topics
amnesiac (config) # protocol mapi port 2125
Steelhead appliance show protocol mapi
protocol mapi port-remap enable
Description Syntax Parameters Usage Example Product Related Topics Sets MAPI port remapping settings. [no] protocol mapi port-remap enable None The no command option resets the MAPI port to the default value.
amnesiac (config) # protocol mapi port-remap enable
Steelhead appliance show protocol mapi
protocol mapi prepop
Description Syntax Parameters Enables MAPI transparent prepopulation. [no] protocol mapi prepop [enable | max-connections <number> | poll-interval <minutes> | timeout <seconds>] maxconnections <number> Specify the maximum number of virtual MAPI connections to the Exchange server for Outlook clients that have shut down. Setting the maximum connections limits the aggregate load on all Exchange servers through the configured Steelhead appliance. The default value varies by model; for example, on a 5520 the default is 3750. You must configure the maximum connections on both the client and serverside of the network. The no option resets max-connections to the default. poll-interval <minutes> timeout <seconds> Specify the polling interval in minutes. The default value is 20. The no option resets max-connections to the default. Specify the time out period in seconds. The default value 96. The no option resets max-connections to the default.
276
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
This feature allows email data to be delivered between the Exchange server and the client-side appliance while the Outlook client is off-line. When a user logs into their MAPI client, the mail has already been seen by the client-side appliance and can be retrieved with LAN-like performance. This feature enables email to be optimized even though it has not been seen before by the client. The no command option disables MAPI prepopulation support. If you specify the no option and parameters, you do not disable MAPI prepopulation support; you reset the specified parameter to its default value.
Example Product Related Topics
amnesiac (config) # protocol mapi prepop enable
Steelhead appliance show protocol mapi,show prepop
MS-SQL Blade Support Commands
This section describes the MS-SQL blade support commands. The commands for MS-SQL support must be implemented by Riverbed professional services. Improper use can result in undesirable effects. The MS-SQL blade supports other database applications, but you must define SQL rules to obtain maximum optimization. If you are interested in enabling the MS-SQL blade for other database applications, contact Riverbed professional services. You must restart the Steelhead service after enabling this feature.
protocol ms-sql default-rule query-rule
Description Syntax Parameters Sets MS-SQL protocol default-query rule settings. [no] protocol ms-sql default-rule query-rule rule-id <rule-id> action-id <action-id> arg-offset enable rule-id <rule-id> action-id <action-id> arg-offset <arg-offset> Usage Example Product Related Topics Specify and MS-SQL protocol query-rule ID. Specify an MS-SQL protocol query-rule action-id. Specify a protocol query-rule argument off-set.
The no command option disables query rule settings.
amnesiac (config) # protocol ms-sql default-rule query-rule rule-id 10 action-id 1 enable
Steelhead appliance show protocol ms-sql
Riverbed Command-Line Interface Reference Manual
277
Configuration-Mode Commands
protocol ms-sql default-rule rpc-rule
Description Syntax Parameters Sets MS-SQL protocol default query rule settings. [no] protocol ms-sql default-rule query-rule rule-id <rule-id> action-id <action-id> [arg-offset | enable] rule-id <rule-id> action-id <action-id> arg-offset <arg-offset> Usage Example Product Related Topics Specify and MS-SQL protocol RPC-rule ID. Specify an ID that uniquely identifies a match. Specify a protocol RPC-rule argument off-set.
The no command option disables default query rule ID.
amnesiac (config) # protocol ms-sql default-rule rpc-rule 12 action-id 12 enable
Steelhead appliance show protocol ms-sql
protocol ms-sql enable
Description Syntax Parameters Usage Enables MS-SQL blade support. Enabling the MS-SQL blade supports MS Project optimization. [no] protocol ms-sql enable None The commands for MS-SQL support must be implemented by Riverbed professional services. Improper use can result in undesirable effects. The MS-SQL blade supports other database applications, but you must define SQL rules to obtain maximum optimization. If you are interested in enabling the MS-SQL blade for other database applications, contact Riverbed professional services. You must restart the Steelhead service after enabling this feature. The no command option disables SQL blade support. Example Product Related Topics
amnesiac (config) # protocol ms-sql enable
Steelhead appliance show protocol ms-sql
278
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol ms-sql fetch-next enable
Description Enables pre-fetching requests to request the next row in MS Project. The server-side Steelhead appliance pre-fetches sequential row results and the client-side Steelhead appliance caches them. You decide which cursors or queries are cacheable. [no] protocol ms-sql fetch-next enable None To determine which cursors or queries are cacheable, you configure rules. By default, all fetch next queries are cacheable The no command option removes pre-fetching requests. Example Product Related Topics
amnesiac (config) # protocol ms-sql fetch-next enable
Syntax Parameters Usage
Steelhead appliance show protocol ms-sql
protocol ms-sql num-preack
Description Syntax Parameters Usage Specify the maximum number of sp_execute (or save project) requests to pre-acknowledge before waiting for a server response to be returned. [no] protocol ms-sql num-preack <num-preack> <num-preack> Specify the maximum number of pre-acknowledgements. The default value is 5.
You can enable pre-acknowledgement if the client application does not need a result value from the server. For example, when you save a project in MS Project, server-side procedures are invoked many times to write or update database data. To maximize optimization, the protocol ms-sql num-preack command limits the number of pre-acknowledgements from the server. The no command option disables pre-acknowledgement.
Example Product Related Topics
amnesiac (config) # protocol ms-sql num-preack 6
Steelhead appliance show protocol ms-sql
protocol ms-sql port
Description Syntax Parameters Usage Specify the server port to listen on for SQL requests. [no] protocol ms-sql port <port> <port> Specify the SQL server port to listen on for requests. The default value is 1433.
The no command option resets the SQL server port to the default value.
Riverbed Command-Line Interface Reference Manual
279
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ms-sql port 2433
Steelhead appliance show protocol ms-sql
protocol ms-sql query-act rule-id action-id
Description Syntax Specify a query action when the corresponding query match occurs. [no] protocol ms-sql query-act rule-id <rule_id> action-id <action_id> [[num-reps <num_reps> | invalidate {flush-all | flush-rule}] [miss-policy <policy> | allow-preack {true | false} | scope {sfe | cfe}]] rule-id <rule_id> action-id <action_id> num-reps <num_reps> invalidate <invalidate_action> miss-policy <policy> allow-preack {true | false} scope {sfe | cfe} Usage Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify how many times the action is to be repeated. Invalidates the specified action: flush-all or flush-rule. Specify the MS-SQL cache miss policy. Specify whether to allow the MS-SQL pre-acknowledgment (true) or not (false). Specify MS-SQL scope: sfe or cfe.
Parameters
You can specify the following types of actions: prefetch requests as specified in query argument actions. invalidate prefetched cache entries. The no command option disables the query action.
Example Product Related Topics
amnesiac (config) # protocol ms-sql query-act rule-id 10 action-id 1 num-reps 1 miss-policy 1
Steelhead appliance show protocol ms-sql
protocol ms-sql query-arg-act rule-id action-id arg-offset expr
Description Syntax Specify how the query arguments should be modified when prefetching queries. [no] protocol ms-sql query-arg-action rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expression>
280
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expression>
Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify the SQL query argument to be modified. Specify the SQL query expression.
Usage Example Product Related Topics
The no command option disables the SQL query argument.
amnesiac (config) # protocol ms-sql query-arg-act rule-id 1 action-id 1 arg-offset blah expr "select *"
Steelhead appliance show protocol ms-sql
protocol ms-sql rpc-act rule-id action-id
Description Syntax Specify an RPC action when a match occurs. [no] protocol ms-sql rpc-act rule-id <rule_id> action-id <action_id> [[num-reps <num_reps> | invalidate {flush-all | flush-rule}] [miss-policy <policy> | allow-preack {true | false} | allow-prefetch {true | false} | scope {sfe | cfe}]] rule-id <rule_id> action-id <action_id> num-reps <num_reps> invalidate <invalidate_action> miss-policy <policy> allow-preack {true | false} allow-prefetch {true | false} scope {sfe | cfe} Usage Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify how many times the action is to be repeated Invalidates the specified action: flush-all or flush-rule. Specify the MS-SQL cache miss policy. Specify whether to allow the MS-SQL pre-acknowledgment (true) or not (false). Specify whether to allow MS-SQL pre-fetch (true) or not (false). Specify MS-SQL scope: sfe or cfe.
Parameters
You can specify the following types of actions: prefetch requests as specified in query argument actions. invalidation of prefetched cache entries. whether the fetch next requests can be prefetched. whether spe_execute requests can be pre-acknowledged. The no command option disables the RPC action.
Riverbed Command-Line Interface Reference Manual
281
Configuration-Mode Commands
Example
amnesiac (config) # protocol ms-sql rpc-arg-act rule-id 2 action-id 1 arg-offset 0 expr "replace select PROJ_READ_COUNT, PROJ_LOCKED, PROJ_READ_WRITE,PROJ_READ_ONLY, PROJ_ID, PROJ_MACHINE_ID, PROJ_DATA_SOURCE from MSP_PROJECTS where PROJ_NAME = '$1' "
Product Related Topics
Steelhead appliance show protocol ms-sql
protocol ms-sql rpc-arg-act rule-id arg-offset expr
Description Syntax Parameters Specify a RPC argument used to determine if the RPC request matches a rule. [no] protocol ms-sql rpc-arg-act rule-id <rule_id> arg-offset <arg_offset> expr <expr> rule-id <rule_id> arg-offset <arg_offset> expr <expr> Usage Example Specify the rule identification number that uniquely identifies the rule. Specify the RPC argument parameter. Specify the regular expression for the RPC value.
The no command option disables the RPC argument.
amnesiac (config) # protocol ms-sql rpc-arg-act rule-id 2 arg-offset 1 arg-offset 0 expr "replace select PROJ_READ_COUNT, PROJ_LOCKED, PROJ_READ_WRITE,PROJ_READ_ONLY, PROJ_ID, PROJ_MACHINE_ID, PROJ_DATA_SOURCE from MSP_PROJECTS where PROJ_NAME = '$1' "
Product Related Topics
Steelhead appliance show protocol ms-sql
protocol ms-sql rpc-arg rule-id arg-offset expr
Description Syntax Parameters Specify how the RPC argument should be modified when prefetching queries. [no] protocol ms-sql rpc-arg rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expr> rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expr> Usage Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify the RPC argument parameter. Specify the regular expression for the RPC value.
The no command option disables the RPC argument.
282
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
amnesiac (config) # protocol ms-sql rpc-arg rule-id 2 action-id 1 arg-offset 0 expr "replace select PROJ_READ_COUNT, PROJ_LOCKED, PROJ_READ_WRITE,PROJ_READ_ONLY, PROJ_ID, PROJ_MACHINE_ID, PROJ_DATA_SOURCE from MSP_PROJECTS where PROJ_NAME = '$1' "
Product Related Topics
Steelhead appliance show protocol ms-sql
protocol ms-sql rpc-rule rule-id app-name-regex
Description Syntax Specify the RPC rule. [no] protocol ms-sql rpc-rule <rule-id <rule_id> app-name-regex <app_name> {rpc-id <rpc_id> num-params <num_params> | [rpc-query-regex <regex_match_for_rpc_query_string>] | [cursor-type <cursor_type>]]} rule-id <rule_id> app-name-regex <app_name> rpc-id <rpc_id> num-params <num_params> rpc-name-regex <regex_match_for_rpc_string > cursor-type <cursor_type> Specify the rule identification number that uniquely identifies the rule. Specify the client application name (standard string expression). Specify the RPC identifier. Specify the expected number of parameters in the SQL query. Specify the RPC name (standard string expression).
Parameters
Specify the cursor type for the RPC query. Depending on cursor type, the client can read forward or backward, from beginning or end, or read an arbitrary position in the result set: forward-only. Only the next rows can be read. The row pointer cannot be moved back. dynamic. The rows must be read in forward or reverse relative to current row pointer. The row pointer cannot be moved to an arbitrary index except for first and last positions. static. The rows can be read forward or reverse or at an arbitrary position.
Usage Example Product Related Topics
The no command option disables the rule.
amnesiac (config) # protocol ms-sql rpc-rule rule-id 1 app-name-regex blah rpc-nameregex blah num-params 1 rpc-query-regex blah cursor-type static
Steelhead appliance show protocol ms-sql
Riverbed Command-Line Interface Reference Manual
283
Configuration-Mode Commands
protocol ms-sql support-app
Description Syntax Parameters Specify a regular expression (standard string) for an application name that can be optimized using the MS-SQL blade. [no] protocol ms-sql support-app <name> [collation <collation> | misc <misc> | unicode {-1, 0, 1}] support-app <name> collation <collation> misc <misc> unicode {-1, 0, 1} Usage Example Product Related Topics Specify the name of the application to be supported by the MS-SQL blade. Specify MS-SQL protocol collation mode settings. Specify MS-SQL protocol miscellaneous settings. Specify the unicode character set: -1, 0 or 1.
The no command option removes the application from MS-SQL blade support.
amnesiac (config) # protocol ms-sql support-app msproject
Steelhead appliance show protocol ms-sql
NFS Support Commands
This section describes the NFS support commands.
protocol ftp
Description Syntax Parameters Usage Example Product Related Topics Configures FTP port settings. [no] protocol ftp {port} port <port> Specify the ftp port.
The no command option disables the FTP port.
amnesiac (config) # protocol ftp port 2243
Steelhead appliance show protocol ftp
protocol nfs alarm v2-v4 clear
Description Syntax Parameters Resets the NFS v2 and v4 alarm. [no] protocol nfs alarm v2-v4 clear None
284
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
You can also access this command in enable-mode. The no command option sets the NFS v2 and v4 alarm.
Example Product Related Topics
amnesiac (config) # protocol nfs alarm v2-v4 clear
Steelhead appliance show protocol nfs
protocol nfs default server
Description Syntax Configures default settings for NFS servers. [no] protocol nfs default server {direntrymap <cr> | policy [custom | global_rw] | read-ahead [small-files <cr> | transfer-size <size>] | read-dir [optimize <cr> | read-size <size>] | threshold multiple <multiple> | write [optimize <cr> | max-data <max>]} direntrymap <cr> policy [custom | global_rw] Enables the directory entry map. Specify one of the following policies: Custom. Enables you to turn on or off the root squash feature for NFS volumes from this server. Root-squashing allows an NFS server to map any incoming user ID 0 or guest ID 0 to another number that does not have super user privileges, often -2 (the nobody user). Global Read-Write. Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. read-ahead [small-files <cr> |transfer-size <size>] read-dir [optimize <cr> | read-size <size>] threshold multiple <multiple> write [optimize <cr> | max-data <max> Usage Example Product Related Topics Enables read-ahead for small files; sets the transfer size in bytes.
Parameters
Enables read optimization for the directory; sets the read size in bytes. Specify the threshold multiple. Enables write optimization for the directory; sets the maximum write size in bytes.
The no command option resets the value of a given option. For example, no protocol nfs default server policy resets the policy to the default value.
amnesiac (config) # protocol nfs default server read-dir optimize
Steelhead appliance show protocol nfs
Riverbed Command-Line Interface Reference Manual
285
Configuration-Mode Commands
protocol nfs default volume
Description Syntax Parameters Configures default settings for the NFS volumes. [no] protocol nfs default volume {perm_cache | policy [custom | global_rw] |root-squash <cr>} perm_cache Enables a permission cache. Specify this option if the server uses ACLs or if your server is configured to map client user IDs. This option enables the Steelhead appliance to optimize traffic without violating the permissions model. Specify one of the following policies: Custom. Enables you to turn on or off the root squash feature for NFS volumes from this server. Global Read-Write. Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. root-squash <cr> Enables root squashing. Root-squashing allows an NFS server to map any incoming user ID 0 or guest ID 0 to another number that does not have super user privileges, often -2 (the nobody user).
policy [custom | global_rw]
Usage
NFS file system objects have owners and permissions and the NFS optimizer conforms to the file system permissions model by enforcing file server and volume policies. The no command option resets the value of a given option.
Example Product Related Topics
amnesiac (config) # protocol nfs default volume root-squash
Steelhead appliance show protocol nfs
protocol nfs enable
Description Enables the NFS optimizer. The NFS optimizer provides latency optimization improvements for NFS operations primarily by prefetching data, storing it on the client Steelhead appliance for a short amount of time, and using it to respond to client requests. [no] protocol nfs enable None The no command option disables the NFS optimizer.
amnesiac (config) # protocol nfs enable
Syntax Parameters Usage Example Product Related Topics
Steelhead appliance show protocol nfs
286
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol nfs max-directories
Description Syntax Parameters Usage Example Product Related Topics Sets the maximum size of NFS directories. [no] protocol nfs max-directories <bytes> <bytes> Specify a number of bytes between 0 and 4294967295.
The no command option resets the size to the default.
amnesiac (config) # protocol nfs max-directories 4294967295
Steelhead appliance show protocol nfs
protocol nfs max-symlinks
Description Syntax Parameters Usage Example Product Related Topics Specify, in bytes, the maximum size of NFS symbolic link directories. [no] protocol nfs max-symlinks <bytes> <bytes> Specify a number of bytes between 0 and 4294967295.
The no command option resets the size to the default.
amnesiac (config) # protocol nfs max-symlinks 4294967295
Steelhead appliance show protocol nfs
protocol nfs memory
Description Syntax Parameters Usage Example Product Related Topics Specify, in percent, the soft-limit size (warning threshold) and hard-limit size (error threshold) of memory usage. [no] protocol nfs memory [soft-limit <percent> | hard-limit <percent>] <percent> Specify a percent to establish the respective thresholds.
The no command option resets the limit to the default.
amnesiac (config) # protocol nfs memory soft-limit 65 hard-limit 95
Steelhead appliance show protocol nfs
Riverbed Command-Line Interface Reference Manual
287
Configuration-Mode Commands
protocol nfs server
Description Syntax Configures settings for the specified NFS server. [no] protocol nfs server <name> {default volume enable | default volume perm-cache | default volume policy [custom | global_rw | read_only] | default volume root-squash| direntrymap <cr> | ip <address> | policy [custom | global_rw | read_only] | read-ahead [small-files <cr> | transfer-size <size>] | read-dir [optimize <cr> | read-size <size>] | threshold multiple <multiple> | volume id <fsid> <cr> volume id <fsid> policy [custom | global_rw | home_dir] volume id <fsid> root-squash write [optimize <cr> | max-data <max>]} default volume enable default volume permcache default volume policy [custom | global_rw | read_only] Enables defaults to be used by all volumes on the server. Enables the permission cache. Specify the default volume policy to the type specified: Custom. Enables you to turn on or off the root squash feature for NFS volumes from this server. Global Read-Write. Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. Read-only. Any client can read the data on the NFS server or volume but cannot make changes. default volume root-squash Enables root-squashing by default on new volumes. Root-squashing allows an NFS server to map any incoming user ID 0 or guest ID 0 to another number that does not have super user privileges, often -2 (the nobody user). Enables the directory entry map. Specify the IP address of the NFS server. On the NFS server, sets one of the following policies: Custom. Enables you to turn on or off the root squash feature for NFS volumes from this server. Global Read-Write. Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. Read-only. Any client can read the data on the NFS server or volume but cannot make changes. read-ahead [smallfiles <cr> |transfersize <size>] read-dir [optimize <cr> | read-size <size>] threshold multiple <multiple> Enables read-ahead for small files; sets the transfer size in bytes.
Parameters
direntrymap <cr> ip <address> policy [custom | global_rw | read_only]
Enables read optimization for the directory and sets the read size in bytes. Specify the threshold multiple.
288
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
volume id <fsid> <cr> volume id <fsid> policy [custom | global_rw | read_only]
Specify the file system volume identification (ID). Specify the file system ID and policy. On the specified volume, sets one of the following policies: Custom. Enables you to turn on or off the root squash feature for NFS volumes from this server. Global Read-Write. Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. Read-only. Any client can read the data on the NFS server or volume but cannot make changes.
volume id <fsid> rootsquash write [optimize <cr> | max-data <max> Usage
Enables root-squashing on the specified volume. Enables write optimization for the directory; sets the maximum write size in bytes.
NFS objects have owners and permissions and the NFS optimizer conforms to the file system permissions model by enforcing file server and volume policies. The no command option disables the NFS server.
Example Product Related Topics
amnesiac (config) # protocol nfs server volume id 21
Steelhead appliance show protocol nfs
protocol nfs v2-v4-alarm
Description Syntax Parameters Usage Example Product Related Topics Enables the NFS v2 and v4 alarm. [no] protocol nfs v2-v4-alarm None The no command option disables the alarm.
amnesiac (config) # protocol nfs-v2-v4-alarm
Steelhead appliance show protocol nfs
HTTP Support Commands
This section describes the http support commands.
Riverbed Command-Line Interface Reference Manual
289
Configuration-Mode Commands
protocol http add-cookie
Description Syntax Parameters Usage Adds a cookie so that the Steelhead appliance can track requests from the same client. [no] protocol http add-cookie <extension> <extension> Specify the type of extension.
Use this command if your application does not have a cookie. HTTP applications frequently use cookies to keep track of sessions. The Steelhead appliance uses cookies to distinguish one user session from another. If an HTTP application does not use cookies, the client Steelhead appliance inserts one so that it can track requests from the same client. Your system must support cookies and persistent connections to benefit from URL Learning. If your system has cookies turned off and depends on URL rewriting for HTTP state management, or is using HTTP v1.0 (with no keep-alives), you can force the use of cookies using this command option and force the use of persistent connections using the keep-alive option. For details about the keep alive option, see protocol http insrt-keep-aliv on page 292. The no command option removes the extension type from the cache.
Example Product Related Topics
amnesiac (config) # no protocol http add-cookie css
Steelhead appliance show protocol http
protocol http default ntlm enable
Description Syntax Parameters Usage Configure default settings to be used when you add target HTTP servers. [no] protocol http default ntlm enable None Enables the Steelhead appliance to reuse a particular existing NTLM authenticated connections rather than re-authenticating each new connection requested by a browser for that user. By default, reuse NTLM authentication is turned off for all Web servers. Specify whether or not to reuse NTLM authentication values. The no command option disables reuse of NTLM authentication values. Example Product Related Topics
amnesiac (config) # protocol http default ntlm enable
Steelhead appliance show protocol http
290
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol http enable
Description Enables HTTP acceleration, which prefetches and caches objects embedded in Web pages to improve HTTP traffic performance. Enabling HTTP module support optimizes traffic to or from port 80. HTTP optimization works for all HTTP and HTTPS applications, including SAP, Customer Relationship Management, Enterprise Resource Planning, Financials, Document Management, and Intranet portals. Syntax Parameters Usage [no] protocol http enable None A typical Web page is not a single file that is downloaded all at once. Instead, Web pages are composed of dozens of separate objectsincluding .jpg and .gif images, JavaScript code, cascading style sheets, and moreeach of which must be requested and retrieved separately, one after the other. This behavior is highly detrimental to the performance of Web-based applications over the WAN given the presence of latency. The Steelhead appliance includes a specialized learning algorithm that allows it to learn which objects are typically requested for specific Web pages and perform object parsing and prefetching. HTTP optimization works with most Web servers that require NTLM authentication. NTLM is a Microsoft authentication protocol which employs a challenge-response mechanism for authentication, in which clients are required to prove their identities without sending a password to a server. NTLM requires the transmission of three messages between the client (wanting to authenticate) and the server (requesting authentication). The following situations might effect HTTP optimization: Fat Client. Not all applications accessed through a Web browser utilize the HTTP protocol. This is especially true for fat clients that run inside a Web browser which may use proprietary protocols to communicate with a server. HTTP optimization does not improve performance in such cases. Digest for Authentication. Some Web servers might require users to authenticate themselves before allowing them access to certain Web content. Digest authentication is one of the less popular authentication schemes, although it is still supported by most Web servers and browsers. Digest authentication requires the browser to include a secret value which only the browser and server know how to generate and decode. Because the Steelhead appliance cannot generate these secret values, it cannot prefetch objects protected by Digest Authentication and does not improve performance for applications using this authentication scheme. Referer Field. The HTTP protocol supports a Referer header field, which allows a browser to provide a hint to the Web server about the URL of the page that referred to the page or object being requested. The Steelhead appliance uses the information in this header to generate relationships between object requests and the base HTML page that referenced them. Object Authentication. It is uncommon for Web servers to require separate authentication for each object requested by the client, but occasionally Web servers are configured to use per object authentication. In such cases, the HTTP optimization does not improve HTTP performance. Note: HTTP optimization has been tested on the following browsers: Internet Explorer 5.5 or later, Firefox 1.0 or later, and Netscape Communicator 6.2. HTTP optimization has been tested on the following servers: Apache 1.3, Apache 2.2, Microsoft IIS 5.0, and Microsoft IIS 6.0. For detailed information about HTTP optimization features, see the Steelhead Management Console Users Guide. The no command option disables HTTP module support.
Riverbed Command-Line Interface Reference Manual
291
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol http enable
Steelhead appliance show protocol http
protocol http insrt-keep-aliv
Description Syntax Parameters Usage Enables the same TCP connection to send and receive multiple HTTP requests and responses, instead of opening a new one for every single request and response. [no] protocol http insrt-keep-aliv None Use this command if your application is HTTP v1.0 or HTTP v1.1 with Connection Close. The no command option disables TCP keep-alive. Example Product Related Topics
amnesiac (config) # protocol http insrt-keep-aliv
Steelhead appliance show protocol http
protocol http metadata-resp extension
Description Syntax Parameters Usage Specify the object extensions to add to the cache. By default the Steelhead appliance prefetches .jpg, .gif, .js, .png, and .css object extensions. [no] protocol http metadata-resp extension <extension> <extension> Specify the type of extension. The default value is 86,400 seconds.
Use only when the browser or application performs IMS checks and recognizes the control headers. The no command option removes the extension type from the cache.
Example Product Related Topics
amnesiac (config) # no protocol http metadata-resp extension css
Steelhead appliance show protocol http
protocol http metadata-resp max-time
Description Syntax Parameters Sets the maximum number of seconds the HTTP optimization cache stores the object information. [no] protocol http metadata-resp max-time <number of seconds> <number of minutes> Specify the maximum time for the cache to store objects.
292
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option resets the value.
amnesiac (config) # protocol http metadata-resp max-time 60000
Steelhead appliance show protocol http
protocol http metadata-resp min-time
Description Syntax Parameters Usage Example Product Related Topics Sets the minimum number of seconds the HTTP optimization cache stores the object information. [no] protocol http metadata-resp min-time <number of seconds> <number of seconds> Specify the seconds for the cache to store objects. The default value is 60 seconds.
The no command option resets the cache minimum time.
amnesiac (config) # protocol http metadata-resp min-time 10
Steelhead appliance show protocol http
protocol http prefetch
Description Syntax Parameters Specify file extensions or the tag you want to prefetch for HTTP optimization. [no] protocol http prefetch {extension <ext> | tag <tag> attribute <tag attribute>} extension <ext> tag <tag> attribute <attribute> Usage Specify a file extension to add to the list of file types to prefetch. Specify the tag and the attributes to add or modify.
Use this command if your application uses custom tags for an object. By default the Steelhead appliance prefetches .jpg, .gif, .js, .png, and .css object extensions. The no command option removes the extension.
Example Product Related Topics
amnesiac (config) # no protocol http prefetch extension css
Steelhead appliance show protocol http
Riverbed Command-Line Interface Reference Manual
293
Configuration-Mode Commands
protocol http server
Description Syntax Parameters Specify a target HTTP server. Currently, you can use these commands to create a list of HTTP servers to optimize. [no] protocol http server <ip-addr> ntlm enable <ip-addr> ntlm enable Specify the IP address of the target HTTP server. Enables NTLM reuse. If you have disabled NTLM reuse as the default with the no protocol http default ntlm command and want to enable NTLM reuse for this server, specify ntlm enable.
Usage
Create a list of HTTP servers to optimize. You add servers one at a time. Repeat the command for each server you want to optimize. Use the show protocol http command to display your list. The no command option removes the sever from the list to optimize.
Example Product Related Topics
amnesiac (config) # protocol http server 127.18.32.18
Steelhead appliance show protocol http
protocol http server-subnet
Description Syntax Parameters Specify an IP address/mask pattern for the server subnet on which to accelerate HTTP traffic. [no] protocol http server-subnet <network> <cr> [cache <yes | no> | parse-prefetch <yes | no> | url-learning <yes | no>] <network> <cr> cache <yes | no> parseprefetch <yes | no> Specify the HTTP server subnet. Use the following format: XXX.XXX.XXX.XXX/XX Specify whether to enable or disable the HTTP cache. The Steelhead appliance can maintain a cache of HTTP responses from HTTP GET requests for cascading style sheets, static images, and Java scripts. Specify to parse an HTML page received from the server and generate prefetched transactions on-the-fly, or revalidate the objects in the page. This option is useful for dynamically generated pages where the embedded objects change based on context. When the browser requests an embedded object, the Steelhead appliance serves the request from the prefetched results, eliminating the round-trip delay to the server. When enabled, the appliance prefetches the objects contained in the base HTML page. These objects could be images, style-sheets, or any JavaScript associated with the base page and located on the same host as the base URL. Parse and Prefetch requires cookies. If the application does not use cookies, you Specify URL learning to store information on which URLs have been requested and which URLs have generated a 200 OK response from the server. This option fetches the URLs embedded in style sheets or any JavaScript associated with the base page and located on the same host as the base URL. URL learning works best with non-dynamic content that does not contain session-specific information. URL learning is enabled by default. Your system must support cookies and persistent connections to benefit from URL Learning. If your system has cookies turned off and depends on URL rewriting for HTTP state management, or is using HTTP v1.0 (with no keepalives), you can force the use of cookies using the Add Cookie option and force the use of persistent connections using the Insert Keep Alive option.
url-learning <yes | no>
294
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Create a server subnet to optimize. Eliminates the need to add servers one at a time. Specify URL learning to store information on which URLs have been requested and which URLs have generated a 200 OK response from the server. This option fetches the URLs embedded in style sheets or any JavaScript associated with the base page and located on the same host as the base URL. URL learning works best with non-dynamic content that does not contain sessionspecific information. URL learning is enabled by default. The no command option removes the subnet from the list to optimize.
Example Product Related Topics
amnesiac (config) # protocol http server-subnet 10.10.10.10/24 cache yes amnesiac (config) #protocol http server-subnet 10.10.10.10/24 url-learning no
Steelhead appliance show protocol http
protocol http servers flush
Description Syntax Parameters Usage Flushes all server entries. [no] protocol http servers flush None Create a list of HTTP servers to optimize. You add servers one at a time. Repeat the command for each server you want to optimize. Use the show protocol http command to display your list. The no command option removes all server entries. Example Product Related Topics
amnesiac (config) # protocol http servers flush
Steelhead appliance show protocol http
protocol http strip-auth-hdr
Description Syntax Parameters Usage Example Product Related Topics Enables stripping authentication header. [no] protocol http strip-auth-hdr <ip-addr> enable None The no command option disables this feature
amnesiac (config) # protocol http strip-auth-hdr 10.0.0.0 enable
Steelhead appliance show protocol http
Riverbed Command-Line Interface Reference Manual
295
Configuration-Mode Commands
protocol http strip-compress enable
Description Syntax Parameters Usage Example Product Related Topics Removes the accept-encoding lines from the HTTP header that contain gzip or deflate. An acceptencoding directive compresses content rather than using raw HTML. [no] protocol http strip-compress enable None The no command option enables accept-encoding lines from HTTP headers.
amnesiac (config) # protocol http strip-compress enable
Steelhead appliance show protocol http
Lotus Notes Commands
This section describes the Lotus Notes support commands.
protocol notes enable
Description Syntax Parameters Enables Lotus Notes optimization. [no] protocol notes enable None
296
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Lotus Notes is a client-server collaborative application that provides email, instant messaging, calendar, resource, and file sharing. RiOS provides latency and bandwidth optimization for Lotus Notes v6.0 and later traffic across the WAN, accelerating email attachment transfers and server-toserver or client-to-server replications. RiOS saves bandwidth by automatically disabling socket compression (which makes SDR more effective), and by decompressing the Huffman-compressed attachments when they are sent or received and recompressing them on the other side. This allows SDR to recognize attachments which have previously been sent in other ways (that is, over CIFS or HTTP), and also allows SDR to optimize the sending and receiving of attachments that are slightly changed from previous sends and receives. This feature provides latency optimization regardless of the compression type (Huffman, LZ, or none), and provides additional bandwidth reductions with Huffman compression when sending and receiving attachments. To use this feature both the client-side and server-side Steelhead appliances must be running RiOS v5.5.x or later. Before enabling Lotus Notes optimization: Turn off port-level encryption: From the Lotus Notes client, select File - User Preferences - Ports - TCP/IP and clear the Encrypt Network Data check box. To change the server configuration, from the Lotus Notes administrative client, select Server Port - Setup, clear the Encrypt network data check box, and restart the server. Enabling this feature automatically turns off socket level compression for connections that go through the Steelhead appliances. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # protocol notes enable
Steelhead appliance show protocol notes,show stats bandwidth
protocol notes port
Description Syntax Parameters Usage Example Product Related Topics Configures the Lotus Notes port for optimization. Typically, you do not need to modify the port. [no] protocol notes port port Specify the port for optimization. The default value is 1352.
The no command option reverts to the default port.
amnesiac (config) # protocol notes port 1222
Steelhead appliance show protocol notes, show stats bandwidth
SSL Support Commands
This section describes the SSL support commands.
Riverbed Command-Line Interface Reference Manual
297
Configuration-Mode Commands
protocol ssl backend bypass-interval
Description Syntax Parameters Usage Sets the bypass interval after failed server handshake. [no] protocol ssl backend bypass-interval <seconds> <seconds> Specify an integer value in seconds to bypass-interval.
SSL connections to a particular backend server are bypassed for a period of time if the handshake to that server fails (for example, a certificate verification fails on Steelhead appliance or the backend server drops connection with an alert). To view current setting, use the command show protocol ssl backend.
Example Product Related Topics
amnesiac (config) # protocol ssl backend bypass-interval 60
Steelhead appliance show protocol ssl
protocol ssl backend client
Description Syntax Parameters Configures back-end SSL client settings. [no] protocol ssl backend client cipher-string <string> <cr> | cipher-num <num> client | server cipher-string <string> cipher-num <num> Usage Specify whether you are configuring the client or server list. Specify one of the following cipher-strings (case-sensitive) or a combination using the underscore character ( _ ). For a complete list, view the CLI online help. Specify a number to set the order of the list. The number must be an integer greater or equal to 1-N, or end.
Create a preference list of cipher strings used for client-handshakes, server-handshakes, or peering-handshakes. To view your list, use the command show protocol ssl backend {client | server} cipher-strings.
Example Product Related Topics
amnesiac (config) # protocol ssl backend client cipher-string LOW
Steelhead appliance show protocol ssl
protocol ssl backend server
Description Syntax Configures back-end SSL server settings. protocol ssl backend server {chain-cert cache enable | cipher-string <string> <cr> | cipher-num <num>}
298
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
chain-cert cache enable cipher-string <string> <cr> cipher-num <num>
Enables server certificate chain caching. Specify one of the following cipher-strings (case-sensitive) or a combination using the underscore character ( _ ). For a complete list, view the CLI online help. Specify a number to set the order of the list. The number must be an integer greater or equal to 1-N, or end.
Usage
Server certificates that are signed by intermediary certificate authorities that in turn may then require validation by higher-level certificate authorities require only the server certificate itself to be installed onto the server-side Steelhead appliance. The Steelhead appliance automatically discovers the entire chain and completes validation seamlessly before commencing optimization.
amnesiac (config) # protocol ssl backend server chain-cert cache enable
Example Product Related Topics
Steelhead appliance show protocol ssl
protocol ssl bulk-export
Description Syntax Parameters Export the current SSL configuration, keys, and certificates. protocol ssl bulk-export password <password> [include-servers] password <password> [includeservers] Specify a password used to encrypt exported data. Optionally, specify include-servers to include server certificates and keys. If you include this parameter, the data includes the peering certificate, key, all certificate authorities, and all peering trust entities. In addition, it contains all the back-end server configurations (certificates, keys, and so forth). Important: To protect your servers private keys, do not include this parameter when performing bulk exports of peers. Usage Use bulk-export to expedite backup and peer trust configurations: Backup. If you want to back up your SSL configurations, then specify Include Server Configurations (e.g., Certificates and Keys) and click Export. Peer Trust. If you use self-signed peering certificates and have multiple Steelhead appliances (including multiple server-side appliances), you can use the bulk export feature to avoid configuring each peering trust relationship between the pairs of Steelhead appliances. Important: To protect your server private keys, do not include server configurations (for example, Certificates and Keys) when performing bulk exports of trusted peers.
Riverbed Command-Line Interface Reference Manual
299
Configuration-Mode Commands
Example
amnesiac (config) # protocol ssl bulk-export password foo_pass include-servers U2FsdGVkX1/GM9EmJ0O9c1ZXh9N18PuxiAJdG1maPGtBzSrsU/CzgNaOrGsXPhor VEDokHUvuvzsfvKfC6VnkXHOdyAde+vbMildK/lxrqRsAD1n0ezFFuobYmQ7a7uu TmmSVDc9jL9tIVhd5sToRmeUhYhEHS369ubWMWBZ5rounu57JE6yktECqo7tKEVT DPXmF1BSbnbK+AHZc6NtyYP3OQ88vm9iNySOHGzJ17HvhojzWth5dwNNx28I8GDS zCmkqlaNX6vI3R/9KmtIR/Pk6QCfQ0sMvXLeThnSPnQ6wLGctPxYuoLJe0cTNlVh r3HjRHSKXC7ki6Qaw91VDdTobtQFuJUTvSbpKME9bfskWlFh9NMWqKEuTJiKC7GN [partial example] amnesiac (config) #
Product Related Topics
Steelhead appliance show protocol ssl
protocol ssl bulk-import
Description Syntax Parameters Import SSL configuration, keys, and certificates. protocol ssl bulk-import password <password> data <data> password <password> data <data> Usage Specify a password required to decrypt data. Specify a file that contains previously exported data.
Use the bulk export and import feature to expedite configuring backup and peer trust relationships: The bulk data that you import contains the serial number of the exporting Steelhead appliance. The Steelhead appliance importing the data compares its own serial number with the serial number contained in the bulk data. The following rules apply to bulk data when importing and exporting the data: Peering Certificate and Key Data. If the serial numbers match, the Steelhead appliance importing the bulk data overwrites its existing peering certificates and keys with that bulk data. If the serial numbers do not match, the Steelhead appliance importing the bulk data does not overwrite its peering certificate and key. Certificate Authority, Peering Trust, and SSL Server Configuration Data. For all other configuration data such as certificate authorities, peering trusts, and server configurations (if included), if there is a conflict, the imported configuration data take precedence, (that is, the imported configuration data will overwrite any existing configurations). Note: Bulk importing of data cannot delete configurations; it only adds or overwrites them. For example, if you have two servers: 1.1.1.1:443 (enabled) and 2.2.2.2:443 (disabled), the bulk data contains three servers: 1.1.1.1:443 (disabled), 2.2.2.2:443 (disabled), and 3.3.3.3:443 (enabled). After performing a bulk import of the data, there are now three servers: 1.1.1.1:443 (disabled), 2.2.2.2:443 (disabled), and 3.3.3.3:443 (enabled). The certificates and keys of servers 1.1.1.1:443 and 2.2.2.2:443 have been overwritten with those contained in the bulk data.
Example Product Related Topics
amnesiac (config) # protocol ssl bulk-import password temp data temp
Steelhead appliance show protocol ssl
300
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol ssl crl ca
Description Syntax Parameters Configures CRL for an automatically discovered CAs. You can update automatically discovered CRLs using this command. [no] protocol ssl crl ca <ca name> cdp <integer> ldap server <IP addr or hostname> | crl-attrname <attr-name> | port <port> <ca name> cdp <integer> Specify the name of a SSL CA certificate. Specify an integer index. Index of a Cisco Discovery Protocol (CDP) in a CA certificate. The no protocol ssl crl ca * cdp *command option removes the update. ldap server <IP addr or hostname> crl-attr-name <attr-name> port <port> Usage Specify the LDAP server IP address or hostname to modify a CDP URI.
Optionally, specify the attribute name of CRL in a LDAP entry. Optionally, specify the LDAP service port.
Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs. To clear the CRL alarm, execute the no stats alarm crl_error enable command.
Example Product Related Topics
amnesiac (config) # protocol ssl ca mycert cdp 512
Steelhead appliance show protocol ssl crl
protocol ssl crl cas enable
Description Enables CRL polling and use of CRL in handshake verifications of CAs certificates. Currently, the Steelhead appliance only supports downloading CRLs from Lightweight Directory Access Protocol (LDAP) servers. [no] protocol ssl crl cas enable None. Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs.
Syntax Parameters Usage
Riverbed Command-Line Interface Reference Manual
301
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ssl crl cas enable
Steelhead appliance show protocol ssl crl
protocol ssl crl handshake
Description Syntax Parameters Example Product Related Topics Configures handshake behavior for a CRL. [no] protocol ssl crl handshake fail-if-missing fail-if-missing If a relevant CRL cannot be found the handshake fails.
amnesiac (config) # protocol ssl crl handshake fail-if-missing
Steelhead appliance show protocol ssl crl
protocol ssl crl manual
Description Syntax Parameters Manually configures a CDP for CRL management. [no] protocol ssl crl manual ca uri <uri>| peering ca uri <uri> ca uri <uri> peering ca uri <uri> Usage Example Product Related Topics Specify the CA name to manually configure the CDP. The no protocol ssl crl manual command removes manually configured CDPs. Specify the CDP URI to manually configure the CDP for the CRL. Specify the peering CA name to manually configure the CDP URI.
The Steelhead appliance automatically discovers CDPs for all certificates on the appliance. You can manually configure a CA using this command.
amnesiac (config) # protocol ssl crl manual ca Camerfirma_Chambers_of_Commerce uri URI: http://crl.chambersign.org/chambersroot.crl
Steelhead appliance show protocol ssl crl
protocol ssl crl peering
Description Syntax Configures a CRL for an automatically discovered peering CA. [no] protocol ssl crl peering {ca <ca name> cdp <integer> ldap server <ip-addr or hostname> <cr> [crl-attr-name <string> | port <port num>]}| cas enable
302
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
ca <ca name> cdp <integer> ldap server <ip-addr or hostname> <cr> crl-attr-name <string> port <port num> cas enable
Configures CRL for an automatically discovered peering CA. Specify an integer index of a CDP in a peering CA certificate. The no protocol ssl crl peering ca * cdp * removes the update. Specify the IP address or hostname of a LDAP server.
Optionally, specify an attribute name of CRL in a LDAP entry. Optionally, specify the LDAP service port. Enables CRL polling and use of CRL in handshake verification.
Usage
To enable CRL polling and handshakes, at the system prompt enter the following set commands:
protocol ssl crl cas enable protocol ssl crl peering cas enable
To view the CRL polling status of all CAs, at the system prompt enter the following command:
show protocol ssl crl ca cas <<this example lists two CDPs: one complete CDP and one incomplete CDP>> CA: Comodo_Trusted_Services CDP Index: 1 DP Name 1: URI:http://crl.comodoca.com/TrustedCertificateServices.crl Last Query Status: unavailable CDP Index: 2 DP Name 1: URI:http://crl.comodo.net/TrustedCertificateServices.crl Last Query Status: unavailable <<an incomplete CDP is indicated by the DirName format>> CA: Entrust_Client CDP Index: 1 DP Name 1: DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/ CPS incorp. by ref.limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority CN=CRL1 Last Query Status: unavailable CDP Index: 2 DP Name 1: URI:http://www.entrust.net/CRL/Client1.crl Last Query Status: unavailable
In this case, the Entrust Client is an incomplete CDP as indicated by DirName format. Currently, the Steelhead appliance only supports updates in the DirName format. To update the incomplete CDP URI, at the system prompt enter the following set of commands:
protocol ssl crl ca Entrust_Client cdp 1 ldap-server 192.168.172.1 protocol ssl crl peering ca Entrust_Client cdp 1 ldap-server 192.168.172.1
Example Product Related Topics
amnesiac (config) # protocol ssl crl peering cas enable
Steelhead appliance show protocol ssl crl
Riverbed Command-Line Interface Reference Manual
303
Configuration-Mode Commands
protocol ssl crl query-now
Description Syntax Parameters Downloads CRL now. [no] protocol ssl crl query-now ca <string> cdp <integer> <cr>| peering ca <string> cdp <integer> <cr> ca <string> cdp <integer> peering ca <string> cdp <integer> Example Product Related Topics Download CRL issued by SSL CA. Specify the CA name and CDP integer. Download CRL issued by SSL peering CA. Specify the CA name and CDP integer.
amnesiac (config) # protocol ssl crl query-now ca myca cdp 12
Steelhead appliance show protocol ssl crl
protocol ssl ca
Description Syntax Parameters Adds a Certificate Authority (CA) to the local collection. [no] protocol ssl ca cert <certificate> local-name <local-name> cert <certificate> local-name <local-name> Usage Paste the text of a CA certificate in PEM format. Specify a name to identify the certificate in the local collection.
A CA is a third-party entity in a network which issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate which states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials, so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, then you can also verify that a certain public key does indeed belong to whomever is identified in the certificate. You might need to add a new CA in the following situations: Your organization has an internal CA that signs the certificates or peering certificates for the backend server. The server certificates are signed by an intermediate or root CA unknown to the Steelhead appliance (perhaps external to the organization). The CA certificate included in the trusted list of the Steelhead appliance has expired or has been revoked and needs replacing.
304
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
amnesiac (config) # protocol ssl ca cert "-----BEGIN CERTIFICATE---MIICoDCCAgmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExC zAJBgNVBAcTAlNGMQ0wCwYDVQQKEwRSVkJEMQ0wCwYDVQQDEwR0ZXN0MB4XDTA2MDMxMDIzMTUwMFoXDT A3MDMxMDIzMTUwMFowRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQHEwJTRjENMAsGA1U EChMEUlZCRDENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmWIDqu+qI8b8 xM6W/oVsKZ2ZmJXVYINEN+0mFnYsfE0QfDbR8Cwv7YwvZNYu3RsOHTjqwN6Y/ 5SaSxauqtrbLWlFBnI9ZR7AdvsZKWRyuhZixMEofmypzpFhFnfH+U74JzDZGGObKTNdMQJ/ KDWUYAhRnXSP8tEc6V222aEQ7iECAwEAAaOBnzCBnDAdBgNVHQ4EFgQUsPTKQDXaNaGY3Y8cUBuvQM9FC QcwbQYDVR0jBGYwZIAUsPTKQDXaNaGY3Y8cUBuvQM9FCQehSaRHMEUxCzAJBgNVBAYTAlVTMQswCQYDVQ QIEwJDQTELMAkGA1UEBxMCU0YxDTALBgNVBAoTBFJWQkQxDTALBgNVBAMTBHRlc3SCAQAwDAYDVR0TBAU wAwEBzANBgkqhkiG9w0BAQUFAAOBgQBEp+HHgdb4sBSRfhNxn5TqrGLzOevoGzptDWcozEM0p9OoYRZhv nGJ1hG/O05xOOBb41LgCYNfy9irRta0/lHd9aP1PoYmO7QWCb6tE9F7m9zxG/ chw5N8Fbw3erAZ3JKdnUV3goLJJ+kGF9v9WbvsvxogXjEDc1qXRkY3fcIPdw==-----END CERTIFICATE-----" local-name Some_CA_Cert
Product Related Topics
Steelhead appliance show protocol ssl
protocol ssl enable
Description Syntax Parameters Usage Enables SSL optimization, which accelerates encrypted traffic on secure ports (https). This command can only be used after you have generated or imported a server. [no] protocol ssl enable None To configure SSL support, you do not make configuration changes on the client and the server clients continue connecting to the same server name or IP address. The Steelhead appliances are configured to have a trust relationship, so they can exchange information securely over an SSL connection. (Each client uses unchanged server addresses and each server uses unchanged client addresses; no application changes or explicit proxy configuration is required.) The server-side Steelhead appliance handles SSL handshakes on behalf of the server, yet makes itself appear to the client as if it were the actual server. The server-side Steelhead appliance is configured with a legitimate certificate and private key just as the one (not necessarily the same one) used by the back-end Web server. Intercepting a new SSL connection from a client (for example, the browser), the server-side Steelhead appliance simultaneously acts as an SSL server to the original client and an SSL client to the back-end server. The temporary session key (used for encryption and decryption) is securely transported from the server-side Steelhead appliance to the client-side Steelhead appliance so that RiOS optimization and acceleration occurs on all data transfers over the WAN. All data transfers between the client-side and the server-side Steelhead appliance are over a secure channel between the Steelhead appliances. The two peer Steelhead appliances must be configured as SSL peers so that they are trusted entities. The Steelhead appliance contains an encrypted file system, called the secure vault, which stores all SSL server settings, other certificates (the CA, peering trusts, and peering certificates) and the peering private key. For detailed information, see secure-vault on page 317. The Steelhead appliance ships with a default peer certificate. Riverbed recommends you replace the default peer certificate with a certificate with a matching common name and security parameters (key length). For detailed information about the basic steps for configuring SSL, see the Steelhead Management Console Users Guide. The no command option disables SSL module support.
Riverbed Command-Line Interface Reference Manual
305
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ssl enable
Steelhead appliance show protocol ssl
protocol ssl peering
Description Syntax Configures SSL peering trust by synchronizing cipher strings, generated keys and certificates, or imported keys and certificates to be used for SSL handshakes. [no] protocol ssl peering { {black-lst-peer <ip-addr> trust} | {cipher-string <string> cipher-num <num>} | {generate-cert [rsa] | common-name <string> country <string> email <email address> key size <512|1024|2048> locality <string> org <string> org-unit <string> state <string> valid days <int>} {generate-csr common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string>} | {gray-lst-peer <ip-addr> trust} {import-cert <string> [import-key <string>] password <string>} | {import-cert-key <string> password <string>} | {trust {ca <string> | cert <string> local-name <name>} } {black-lst-peer <ip-addr> trust} <ip-addr> trust Specify the IP address for the self-signed black list peer Enable a trust relationship for the specified peer.
Parameters
{cipher-string <string> cipher-num <num>} <string> cipher-num <num> Specify the cipher-strings (case-sensitive). For a complete list of ciphers, display the CLI online help. Specify a number to set the order of the list. The cipher number must be an integer from 1-N or the string start, or the string end.
generate-cert [rsa] | common-name <string> country <string> email <email address> key-size <512|1024|2048> locality <string> org <string> org-unit <string> state <string> valid-days <int>
306
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
[rsa] commonname <string> country <string> <email address> key-size <512|1024| 2048> locality <string> org-unit <string> org-unit <string> state <string> valid-days <int>
Specify RSA encryption. Specify a hostname of the peer.
Specify the country (2-letter code only). Specify an email address of the contact person. Specify the key size.
Specify the city. Specify the organization name (for example, the company). Specify the organizational unit (for example, the department). Specify the state. No abbreviations. Specify an integer value to set the parameter. If you omit valid-days, the default is 2 years.
generate-csr common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> commonname <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> Specify the hostname of the peer.
Specify the country (2-letter code only). Specify an email address of the contact person.
Specify the city. Specify the organization name (for example, the company). Specify the organizational unit (for example, the department). Specify the state. No abbreviations.
{gray-lst-peer <ip-addr> trust} <ip-addr> trust Specify the IP address for the self-signed gray list peer Enable a trust relationship for the specified peer.
Riverbed Command-Line Interface Reference Manual
307
Configuration-Mode Commands
import-cert <certificate> [import-key <private-key>] password <string> <certificate> Specify the existing string to import the certificate. (These are X509 PEM-format field names.)
import-key <privatekey>
Specify the private key in PEM format.
import-cert-key <string> password <string> <certkey> Specify the existing certificate key in PEM format to import the key. (These are X509 PEM-format field names.) Note: The private key is required regardless of whether you are adding or updating. <string> Specify the decryption password.
trust {ca <cert> | cert <certificate> local-name <name>} ca <cert> cert <certificate> local-name <name> Specify the CA name for the certificate provided by the peer. (These are X509 PEM-format field names.) Paste the text of a CA certificate (PEM format) for the peer and give the certificate a local name. (These are X509 PEM-format field names.) Specify a local name for the certificate.
{white-lst-peer <ip-addr> trust} <ip-addr> trust Usage Specify the IP address for the self-signed white list peer Enable a trust relationship for the specified peer.
All data between client-side and server-side Steelhead appliances are sent over a secure channel between the Steelhead appliances. The peer Steelhead appliances must be configured as SSL peers so that they are trusted entities. In SSL, peer authentication allows you to confirm the identity of the peer. The Steelhead appliance checks the certificates to make sure they are valid and that they have been issued by a valid CA which is listed in the trusted entity list. The no command option removes SSL peering settings.
Example Product Related Topics
amnesiac (config) # protocol ssl peering cipher-string DEFAULT cipher-num 1
Steelhead appliance show protocol ssl
protocol ssl protocol-vers
Description Syntax Parameters Specify the SSL versions supported in your deployment. The default setting is SSLv3_or_TLSv1. [no] protocol ssl protocol-vers <version> <version> Specify one of the following values to specify the SSL versions supported in your deployment:
308
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
SSLv3_or_TLSv1 SSLv3_only TLSv1_only Usage Example Product Related Topics
Use both SSLv3 and TLSv1. Use only SSLv3. Use only TLSv1.
The no protocol ssl protocol-vers option clears the setting.
amnesiac (config) # protocol ssl protocol-vers SSLv3_or_TLSv1
Steelhead appliance show protocol ssl
protocol ssl scep peering auto-reenroll
Description Syntax Parameters Configures automatic re-enrollment settings. The Steelhead appliance uses SCEP to automatically re-enroll certificates. [no] protocol ssl scep peering auto-reeroll enable | exp-threshold <num-of-days> | last-result clear-alarm enable expthreshold <num-ofdays> last-result clear-alarm Usage Enables automatic re-enrollment of a certificate to be signed by a CA. Specify the amount of time (in days) to schedule re-enrollment before the certificate expires.
Clears the automatic re-enrollment last-result alarm. The last result is the last completed enrollment attempt.
The Steelhead appliance uses SSCEP to dynamically re-enroll a peering certificate to be signed by a certificate authority. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # protocol ssl scep peering auto-reenroll enable
Steelhead appliance show protocol ssl scep peering
protocol ssl scep peering max-num-polls
Description Configure the maximum number of polls. A poll is as request to the server for an enrolled certificate by the Steelhead appliance. The Steelhead appliance polls only if the server responds with pending. If the server responds with fail then the Steelhead appliance does not poll. protocol ssl scep peering max-num-polls <max number polls> <max number polls> Specify the maximum number of polls before the Steelhead appliance cancels the enrollment. The peering certificate is not modified. The default value is 5.
Syntax Parameters
Usage
The no command option disables this feature.
Riverbed Command-Line Interface Reference Manual
309
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ssl scep peering max-num-polls 12
Steelhead appliance show protocol ssl scep peering
protocol ssl scep peering on-demand cancel
Description Syntax Parameters Usage Example Product Related Topics Cancels any active on-demand enrollment. [no] protocol ssl scep peering on-demand cancel None The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering on-demand cancel
Steelhead appliance show protocol ssl scep peering
protocol ssl scep peering on-demand gen-key-and-csr
Description Syntax Generate new private key and CSR for on-demand enrollment using the Rivest-Shamir-Adleman algorithm. [no] protocol ssl scep peering on-demand gen-key-and-csr rsa state <string> | org-unit <string> | org <string> | locality <string> | email <email-addr> | country <string> | common-name <string> | key-size <512 | 1024 | 2048>
310
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
rsa state <string> org-unit <string> org <string> locality <string> email <emailaddr> country <string> commonname <string> key-size <512|1024|2 048>
Configures the RSA algorithm. Specify the state. No abbreviations. Specify the organizational unit (for example, the department). Specify the organization name (for example, the company). Specify the city. Specify an email address of the contact person.
Specify the country (2-letter code only). Specify the hostname of the peer.
Specify the key size in bits (for example, 512|1024|2048).
Usage Example Product Related Topics
The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering on-demand gen-key-and-csr rsa stat california
Steelhead appliance show protocol ssl scep peering
protocol ssl scep peering on-demand start
Description Syntax Parameters Usage Example Product Related Topics Starts an on-demand enrollment in the background. [no] protocol ssl scep peering on-demand start <cr> | foreground foreground Specify to start an on-demand enrollment in the foreground
The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering on-demand start
Steelhead appliance show protocol ssl scep peering
Riverbed Command-Line Interface Reference Manual
311
Configuration-Mode Commands
protocol ssl scep peering passphrase
Description Syntax Parameters Usage Example Product Related Topics Configure the challenge password phrase. protocol ssl scep peering passphrase <passphrase> Specify the challenge password phrase.
The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering passphrase myphrase
Steelhead appliance show protocol ssl scep peering
protocol ssl scep peering poll-frequency
Description Syntax Parameters Usage Example Product Related Topics Configure the poll frequency. protocol ssl scep peering poll-frequency <minutes> <minutes> Specify the poll frequency in minutes. The default value is 5.
The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering poll-frequency 5
Steelhead appliance show protocol ssl scep peering
protocol ssl scep peering trust
Description Syntax Parameters Usage Example Product Related Topics Adds a peering trust for SCEP. [no] protocol ssl scep peering trust peering-ca <name> peering-ca <name> Specify the name of the existing peering CA.
The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering trust peering-ca Wells_Fargo
Steelhead appliance show protocol ssl scep peering
312
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
protocol ssl scep peering url
Description Syntax Parameters Usage Example Product Related Topics Configures the SCEP responder URL. protocol ssl scep peering url <url> <url> Specify the URL of the SCEP responder. Use the following format: http://host[:port/path/to/service
The no command option disables this feature.
amnesiac (config) # protocol ssl scep peering url http:examplehost:1212/ pathtoservice
Steelhead appliance show protocol ssl scep peering
protocol ssl protocol-vers
Description Syntax Parameters Specify the SSL versions supported in your deployment. The default setting is SSLv3_or_TLSv1. [no] protocol ssl protocol-vers <version> <version> Specify one of the following values to specify the SSL versions supported in your deployment: SSLv3_or_TLSv1 SSLv3_only TLSv1_only Usage Example Product Related Topics Use both SSLv3 and TLSv1. Use only SSLv3. Use only TLSv1.
The no protocol ssl protocol-vers option clears the setting.
amnesiac (config) # protocol ssl protocol-vers SSLv3_or_TLSv1
Steelhead appliance show protocol ssl
protocol ssl scep peering url
Description Syntax Parameters Usage Configures the SSCEP responder URL. [no] protocol ssl scep peering url <url> <url> Specify the URL of the SSCEP responder. Use the following format: http://host[:port/path/to/service
The no command option disables this feature.
Riverbed Command-Line Interface Reference Manual
313
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ssl scep peering url http:examplehost:1212/ pathtoservice
Steelhead appliance show protocol ssl scep peering
protocol ssl sfe-mode
Description Syntax Parameters Configures safe SSL mode. [no] protocol ssl sfe-mode Advanced_Only | Mixed Advanced_ Only Mixed Usage Example Product Related Topics Specify to allow clients capable of Advanced mode SSL. Specify to allow both advanced and legacy clients.
The no command option disables this feature.
amnesiac (config) # protocol ssl sfe-mode Advanced_Only
Steelhead appliance show protocol ssl
protocol ssl server
Description Syntax Enables optimization for a specified SSL server and manages SSL certificates. [no] protocol ssl server ip <ip address> port <port> enable | change { chain-cert ca <ca name> | cert <certificates>} {export <cr> | include-key password <string> {generate-cert [rsa] | key-size <512|1024|2048> common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> validdays <int>} | {generate-csr common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string>} | {import-cert <certificate> [import-key <string>] password <string>} {import-cert-key <certkey> password <string>} } ip <ip address> port <port> enable Specify the IP address and port for an SSL server. Enable or change optimization on the specified SSL server. no protocol ssl server ip <ip address> port <port> enable disables optimization on the specified server. Enter the carriage return to enable the server and configure certificates later. Otherwise, include a generate-cert and generate-csr or import-cert and import-cert-key command to configure SSL certificates.
Parameters
314
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
{chain-cert ca <ca name> | cert <certificates>}
Configures and imports CA chain certificates. Configure chain CA certificates if the clients (for example, the browsers) do not have the complete or up-to-date chain of CA certificates to verify the server's proxy certificate or if your organization requires recursive authentication using intermediate Certificate Authorities. Change optimization settings on the specified SSL server. Export server certificate in PEM format. Specify the password to include the private key.
change export <cr> | include-key password <string>
generate-cert [rsa] | common-name <string> country <string> email <email address> key-size <512|1024|2048> locality <string> org <string> org-unit <string> state <string> valid-days <int> [rsa] common-name <string> country <string> email <email address> key-size <512|1024|2048> locality <string> org-unit <string> state <string> valid-days <int> Specify RSA encryption. Specify the certificate common name. Specify the certificate 2-letter country code. Specify the email address of the contact person. Specify the key size. Specify the city. Specify the organization name (for example, the company). Specify the state. You cannot use abbreviations. Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years.
generate-csr common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> Default to that in existing certificate. Default to that in existing certificate. Default to that in existing certificate. Default to that in existing certificate. Default to that in existing certificate. Default to that in existing certificate. Default to that in existing certificate.
import-cert <certificate> [import-key <string>] password <string>
Riverbed Command-Line Interface Reference Manual
315
Configuration-Mode Commands
<certificate> import-key <private-key> > password <string>
Specify the certificate string. (X509 PEM-format field names.) Specify the private key string in PEM format. Specify a decryption password.
import-cert-key <certkey> <cr> password <string> <certkey> Specify the existing private key in PEM format to import the key. (These are X509 PEM-format field names.) Note: You must specify the private key regardless of whether you are adding or updating. password <password> Usage Specify a decryption password.
Add or change SSL servers to your deployment. You must generate or import certificates and private keys for the server. You must configure each distinct server IP address and port combination that the client may connect to. For example, if https://intranet resolves to one of three different server P addresses, you must configure an SSL server for each of the IP addresses. The same certificate and private key can be used for each, but three separate server configurations must be created. Note: Optimization does not occur for a particular server IP address and port unless that server is configured on the server-side Steelhead appliance. The client-side in-path rules must also be defined. When you configure the back-end server proxy certificate and key on the server-side Steelhead appliance, if you choose not to use the back-end server's actual certificate and key, you can use a self-signed certificate and key or another CA-signed certificate and key. If you have a CA-signed certificate and key, import it. If you do not have a CA-signed certificate and key, you can add the proxy server configuration with a self-sign certificate and key, back up the private key, generate CSR, have it signed by a CA, and import the newly CA-signed certificate and the backed up private key. Tip: To back up a single certificate and key pair (that is, the peering certificate and key pair and a single server's certificate and key) use the export option. Make sure you include the private key and enter the encryption password. Save the exported file that contains the certificate and the encrypted private key. Alternatively, you can use the generated self-signed certificate and key, but doing so might be undesirable because, by default, the clients will not trust it, and end-user action would be required. You might need to add a new CA in the following situations: Your organization has an internal CA that signs the certificates or peering certificates for the backend server. The server certificates are signed by an intermediate or root CA unknown to the Steelhead appliance (perhaps external to the organization). The CA certificate included in the trusted list of the Steelhead appliance has expired or has been revoked and needs replacing.
316
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
amnesiac (config) # protocol ssl server ip 10.1.1.1 port 443 enable amnesiac (config) # protocol ssl server ip 10.1.1.1 port 443 generate-cert rsa common-name Company-Wide country US email root@company.com key-size 2048 locality en valid-days 360 generate-csr common-name Company-Wide country USA email root@company.com locality en org Company org-unit all state California
Product Related Topics
Steelhead appliance show protocol ssl
secure-vault
Description Syntax Parameters Manages the secure vault password and unlocks the secure vault. secure vault {new-password <password> | reset-password <old password> | unlock <password>} newpassword <password> resetpassword <old password> unlock <password> Usage Specify an initial or new password for the secure vault.
Specify the old secure vault password to reset it.
Specify the current password to unlock the secure vault.
The secure vault is an encrypted file system on the Steelhead appliance where all Steelhead appliance SSL server settings, other certificates (the CA, peering trusts, and peering certificates) and the peering private key are stored. The secure vault protects your SSL private keys and certificates when the Steelhead appliance is not powered on. You can set a password for the secure vault. The password is used to unlock the secure vault when the Steelhead appliance is powered on. After rebooting the Steelhead appliance, SSL traffic is not optimized until the secure vault is unlocked with the unlock <password> parameter. Data in the secure vault is always encrypted, whether or not you choose to set a password. The password is used only to unlock the secure vault. To change the secure vault password 1. Reset the password with the reset-password <password> parameter. 2. Specify a new password with the new-password <password> parameter.
Example Product Related Topics
amnesiac (config) # secure-vault unlock mypassword
Steelhead appliance show protocol ssl
web ssl cert generate
Description Syntax Generates a new SSL key and self-signed certificate. [no] web ssl cert generate
Riverbed Command-Line Interface Reference Manual
317
Configuration-Mode Commands
Parameters Usage Example Product Related Topics
None The no command option disables this setting.
amnesiac (config) # web ssl cert generate
CMC appliance, Steelhead appliance show protocol ssl
web ssl cert import pem
Description Syntax Parameters Usage Example Product Related Topics Imports a SSL certificate and key. [no] web ssl cert import pem <PEM text> <PEM text> Specify the combination of certificate and/or key in PEM format
The no command option disables this setting.
amnesiac (config) # web ssl cert import pem -----BEGIN CERTIFICATE-----<<this is an abbreviated example>>-----END CERTIFICATE-----
CMC appliance, Steelhead appliance show protocol ssl
web ssl cert update
Description Syntax Parameters Example Product Related Topics Generates a new SSL self-signed certificate. [no] web ssl cert update <PEM text> Specify the combination of certificate and/or key in PEM format
amnesiac (config) # web ssl cert update
CMC appliance, Steelhead appliance show protocol ssl
QoS Support Commands
This section describes the QoS support commands. RiOS supports flat and hierarchical QoS. For detailed information about these QoS features, see the Steelhead Management Console Users Guide and the Steelhead Appliance Deployment Guide.
318
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
qos classification class
Description Syntax Creates or modifies a QoS class. [no] qos classification class {add | modify class-name <classname> priority {realtime |interactive | business | normal | low} min-pct <min bw percent> parent <parent class name> {queue-length <length> | queue-type {fifo | sfq | mxtcp} | conn-limit <num> | upper-limitpct <pct> | link-share <weight>} [add | modify] class-name <classname> priority {realtime | interactive | business | normal | low} Specify whether to add or modify a new class. Specify a name for the QoS class. Specify a minimum guaranteed QoS priority level. The latency priority indicates how delay-sensitive a traffic class is to the QoS scheduler. Select the latency priority for the class: Real-Time. Specifies a real-time traffic class. Traffic that is your highest priority should be given this value, for example, VoIP, video conferencing. Interactive. Specifies an interactive traffic class. For example, Citrix, RDP, telnet and ssh. Business Critical. Specifies the business critical traffic class. For example, Thick Client Applications, ERPs, and CRMs Normal Priority. Specifies a normal priority traffic class. For example, Internet browsing, file sharing, and email. Low Priority. Specifies a low priority traffic class. For example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. These are minimum priority guarantees; if better service is available, it is provided. For example, if a class is specified as low priority and the higher priority classes are not active, then the low priority class receives the highest possible available priority for the current traffic conditions. This parameter controls the priority of the class relative to the other classes. Important: The latency priority describes only the delay sensitivity of a class, not how much bandwidth it is allocated, nor how important the traffic is compared to other classes. Therefore, it is common to configure low latency priority for high-throughput, non-packet delay sensitive applications like FTP, backup, and replication. min-pct <min bw percent> Specify the minimum amount of bandwidth given to a flow when there is bandwidth contention. Flows that do not use all of their allocated minimum bandwidth will share this excess bandwidth with other flows that exceed their minimum bandwidth allocation. All the classes combined cannot exceed 100%. During contention for bandwidth, the class is guaranteed at least the amount specified. It will receive more if there is unused bandwidth remaining. The value must be a whole number between 1-100; the minimum bandwidth guarantee value for a class must be 0.1%. Important: If your link share is not proportianate to the minimum bandwidth guarantee for hierarchical QoS, delete all your classes and re-enter them with a miniumum guaranteed bandwidth of 0.1%. {parent <parent class name>} Specify the parent for a child class to enable QoS hierarchy. The class will inherit the parents definitions. For example, if the parent class has a business critical priority, and its child has a real-time priority, the child will inherit the business critical priority from its parent, and will use a real-time priority only with respect to its siblings. For detailed information
Parameters
Riverbed Command-Line Interface Reference Manual
319
Configuration-Mode Commands
queue-length <length>
Configure QoS class queue length. By default, each class has a queue length of 100. Riverbed recommends that you consult with Riverbed Technical Support or your sales engineer before you set this parameter. Optionally, specify one of the following queue methods for the class: SFQ. Shared Fair Queueing (SFQ) is the default queue for all classes. Determines Steelhead appliance behavior when the number of packets in a QoS class outbound queue exceeds the configured queue length. When SFQ is used, packets are dropped from within the queue in a round-robin fashion, among the present traffic flows. SFQ ensures that each flow within the QoS class receives a fair share of output bandwidth relative to each other, preventing bursty flows from starving other flows within the QoS class. FIFO. Transmits all flows in the order that they are received (first in, first out). Bursty sources can cause long delays in delivering timesensitive application traffic and potentially to network control and signaling messages. MXTCP. Has very different use cases than the other queue parameters. MX-TCP also has secondary effects that you need to understand before configuring: When optimized traffic is mapped into a QoS class with the MXTCP queuing parameter, the TCP congestion control mechanism for that traffic is altered on the Steelhead appliance. The normal TCP behavior of reducing the outbound sending rate when detecting congestion or packet loss is disabled, and the outbound rate is made to match the minimum guaranteed bandwidth configured on the QoS class. You can use MX-TCP to achieve high-throughput rates even when the physical medium carrying the traffic has high loss rates. For example, MX-TCP is commonly used for ensuring high throughput on satellite connections where a lower-layer-loss recovery technique is not in use. Another usage of MX-TCP is to achieve high throughput over high-bandwidth, high-latency links, especially when intermediate routers do not have properly tuned interface buffers. Improperly tuned router buffers cause TCP to perceive congestion in the network, resulting in unnecessarily dropped packets, even when the network can support high throughput rates. Important: Use caution when specifying MX-TCP. The outbound rate for the optimized traffic in the configured QoS class immediately increases to the specified bandwidth, and does not decrease in the presence of network congestion. The Steelhead appliance always tries to transmit traffic at the specified rate. If no QoS mechanism (either parent classes on the Steelhead appliance, or another QoS mechanism in the WAN or WAN infrastructure) is in use to protect other traffic, that other traffic might be impacted by MX-TCP not backing off to fairly share bandwidth. When MX-TCP is configured as the queue parameter for a QoS class, the following parameters for that class are also affected: Link share weight. The link share weight parameter has no effect on a QoS class configured with MX-TCP. Upper limit. The upper limit parameter has no effect on a QoS class configured with MX-TCP.
queue-type [fifo | mxtcp | sfq]
320
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
upper-limit-pct <pct>
Specify the maximum allowed bandwidth (as a percentage) a class receives as a percentage of the parent class guaranteed bandwidth. The limit is applied even if there is excess bandwidth available. Upper Bandwidth does not apply to MX-TCP queues.
conn-limit <num>
Optionally, specify the maximum number of optimized connections for the class. When the limit is reached, all new connections are passed through unoptimized. In hierarchical mode, a parent class connection limit does not affect its child. Each child class optimized connection is limited by the connection limit specified for their class. For example, if B is a child of A, and the connection limit for A is set to 5, while the connection limit for B is set to 10, the connection limit for B is 10. Connection limit is supported only in in-path configurations. It is not supported in out-ofpath or virtual-in-path configurations. Connection Limit is supported only in in-path configurations. It is not supported in out-of-path or virtual-in-path configurations.
link-share <weight>
Applies to flat mode only. Specify the weight for the class. The link share weight determines how the excess bandwidth is allocated among sibling classes. Link share does not depend on the minimum guaranteed bandwidth. By default, all the link shares are equal. Classes with a larger weight are allocated more of the excess bandwidth than classes with a lower link share weight. You cannot specify a Link Share Weight in H-QoS. In H-QoS, the link share weight is the same proportion as the guaranteed bandwidth of the class. The Link Share Weight does not apply to MX-TCP queues.
Usage
QoS classes represent applications, traffic to remote sites, or any other particular aggregation. The QoS classes that are always present on the Steelhead appliance are: Root Class. The root class is used to constrain the total outbound rate of traffic leaving the Steelhead appliance to the configured, per-link WAN bandwidth. This class is not configured directly, but is created when you enable QoS classification and enforcement on the Steelhead appliance. Built-in Default Class. The QoS scheduler applies the built-in default class constraints and parameters on traffic not otherwise placed in a class by the configured QoS rules. QoS classes are configured in one of two different modes: flat or hierarchical. The difference between the two modes primarily consists of how QoS classes are created. The no command options deletes the QoS class.
Example Product Related Topics
amnesiac (config) # qos classification class add class-name example priority realtime min-pct 20 parent myparent
Steelhead appliance show qos classification
Riverbed Command-Line Interface Reference Manual
321
Configuration-Mode Commands
qos classification enable
Description Syntax Parameters Usage Enables the QoS classification feature. The QoS classification feature allows you to prioritize optimized and pass-through traffic going through this appliance. [no] qos classification enable None QoS is a reservation system for network traffic in which you create QoS classes to distribute network resources. The classes are based on traffic importance, bandwidth needs, and delaysensitivity. You allocate network resources to each of the classes. Traffic flows according to the network resources allocated to its class. For detailed information about QoS, see the Steelhead Management Console Users Guide and the Steelhead Appliance Deployment Guide. To configure QoS classification 1. Enable QoS Classification and Enforcement. 2. Enable either Flat or Hierarchical mode. Note: Specifying a mode does not enable QoS traffic classification. 3. Select each WAN interface and define the bandwidth link rate for each interface. 4. Define a class for each traffic flow. 5. Define rules for each class or subclass. 6. Optionally, mark pass-through or optimized rules within a class. Important: If you delete or add new rules, the existing optimized connections are not affected; the changes only The no command option disables QoS. Example Product Related Topics
amnesiac (config) # qos classification enable
Steelhead appliance show qos classification
qos classification interface
Description Syntax Parameters Set the bandwidth link-rate for the specified WAN interface. [no] qos classification interface <interface> [enable | curve-burst <kbits> | rate <kbps> <interface> enable curve-burst <kbits> rate <kbps> Specify the interface for which to set the link rate. For example, wan0_0 Enable QoS classification on interface. Specify the QoS curve burst size. Sets bandwidth for traffic bursts greater than the upper bandwidth limit. Available in the CLI only. Specify the link rate in kbps.
322
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
This is the bottleneck WAN bandwidth not the interface speed out of the WAN interface into the router or switch. For example, if your Steelhead appliance connects to a router with a 100 Mbps link, do not specify this valuespecify the actual WAN bandwidth (for example, T1, T3). Different WAN interfaces can have different WAN bandwidths; this value must be correctly entered for QoS to function correctly. The percentage of excess bandwidth given to a class is relative to the percentage of minimum bandwidth allocated to the class. The curve-burst option sets the amount of burst allowed for real-time QoS classes at the link rate. During this burst, all other traffic is suppressed. The formula for the burst rate is:
burst = 25% of (link-rate kb/sec * 1 sec)
Therefore, the burst rate changes as the link rate changes. The no command option disables the specified command option. Example Product Related Topics
amnesiac (config) # qos classification interface wan0_0 rate 1200
Steelhead appliance show qos classification
qos classification mode hierarchy enable
Description Syntax Parameters Enable QoS classification hierarchy mode. [no] qos classification mode hierarchy enable None
Riverbed Command-Line Interface Reference Manual
323
Configuration-Mode Commands
Usage
For detailed information about configuring QoS, see the Steelhead Appliance Deployment Guide and the Steelhead Management Console Users Guide. In hierarchical mode, you create QoS classes as children of QoS classes other than the root class. This allows you to create overall parameters for a certain traffic type, and specify parameters for subtypes of that traffic. There is no enforced limit to the number of QoS class levels you can create. In hierarchical mode, the following relationships exist between QoS classes: Sibling classes. Classes that share the same parent class. Leaf classes. Classes at the bottom of the class hierarchy. Inner classes. Classes that are neither the root class nor leaf classes. In hierarchical mode, QoS rules can only specify leaf classes as targets for traffic. Riverbed QoS controls the traffic of hierarchical QoS classes in the following manner: QoS rules assign active traffic to leaf classes. The QoS scheduler: applies active leaf class parameters to the traffic. applies parameters to inner classes that have active leaf class children. Flat Mode In flat mode, all of the QoS classes you create must have the root class as their parent. Thus all of the QoS classes you create are siblings. The appropriate QoS enforcement system to use depends on the location of WAN bottlenecks for traffic leaving the site. Use the following guidelines when implementing QoS: A site that acts as a data server for other locations, such as a data center or regional hub, typically uses hierarchical mode. The first level of classes represents remote sites, and those remote site classes have child classes that either represent application types, or are indirectly connected remote sites. A site that typically receives data from other locations, such as a branch site, typically uses flat mode. The classes represent different application types. For example, suppose you have a network with ten locations, and you want to choose the correct mode for site 1. Traffic from site 1 normally goes to two other sites: sites 9 and 10. If the WAN links at sites 9 and 10 are at a higher bandwidth than the link at site 1, the WAN bottleneck rate for site 1 is always the link speed for site 1. In this case, you can use flat mode to enforce QoS at site 1, because the bottleneck that needs to be managed is the link at site 1. In flat mode, the parent class for all created classes is the root class that represents the WAN link at site 1. In the same network, site 10 sends traffic to sites 1 8. Sites 1 8 have slower bandwidth links than site 10. Because the traffic from site 10 faces multiple WAN bottlenecks (one at each remote site), you configure hierarchical mode for site 10. When configuring QoS classification for FTP, the QoS rules differ depending on whether the FTP data channel is using active or passive FTP. Active versus passive FTP determines whether the FTP client or the FTP server select the port connection for use with the data channel, which has implications for QoS classification. For detailed information, see the Steelhead Central Management Console Users Guide You can use the Steelhead Central Management Console (CMC) to enable QoS and to configure and apply QoS policies centrally to Steelhead appliances. For detailed information, see the Steelhead Central Management Console Users Guide. You must enable QoS classification and set the bandwidth link rate for the WAN interface before you create a QoS class.
324
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # qos classification mode hierarchy enable
Steelhead appliance show qos classification
qos classification rule add
Description Syntax Adds a QoS classification rule. [no] qos classification rule add {rulenum <priority> class-name <class> source {subnet <subnet/ mask> | port <port>} destination {subnet <subnet/mask> | port <port>} traffic-type [all |optimized | passthrough] [vlan <vlan>] [protocol {all | UDP | TCP} [dscp <dscp>] | [dscp <dscp level> rulenum <priority> Specify the order in which the rule is processed in the rules list. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. class-name <class> traffic-type [optimized | passthrough] source {subnet <subnet/mask> | port} destination {subnet <subnet/mask> | port} protocol {all | UDP | TCP} dscp <dscp level> vlan <vlan> Usage Specify the class to which the rule applies. If the rule matches, the specified rule sends the packet to this class. Specify the type of traffic: optimized or passthrough. QoS rules are applied to optimized and pass-through (egress only) traffic. Specify the subnet and mask or the port. Use the following format for subnet and mask: 1.2.3.4/123. The default value for port is all. Specify the subnet and mask or the port. Use the following format for subnet and mask: 1.2.3.4/123. The default value for port is all. Specify the routing protocol for the rule: all, UDP, TCP. The default value is all. Optionally, specify a DSCP level (0-63). Optionally, specify the VLAN tag ID.
Parameters
Each rule maps a type of network traffic to a QoS class. You can create more than one QoS rule for a class. When more than one QoS rule is created for a class, the rules are followed in the order in which they are shown on the QoS Classification page and only the first matching rule is applied to the class. Any Steelhead appliance supports up to 2000 rules. In H-QoS, only child classes can have rules. Important: If you delete or add new rules, existing optimized connections are not affected. The changes only affect new optimized connections. The no command option disables the rule.
Riverbed Command-Line Interface Reference Manual
325
Configuration-Mode Commands
Example
amnesiac (config) # qos classification rule add rulenum 1 class-name WorldWide traffic-type passthrough source subnet 192.12.12.1 port 80 destination subnet 192.12.12.1 port 80
Product Related Topics
Steelhead appliance show qos classification
qos classification rule move
Description Syntax Parameters Example Product Related Topics Moves the rule in the rule list to the specified number. qos classification rule move rulenum <rule> to <rule> <rule> Specify the order in which rules are evaluated.
amnesiac (config) # qos classification rule move rulenum 2 to 1
Steelhead appliance show qos classification
qos dscp edit-rule
Description Syntax Parameters Modifies the description of the rule. DSCP markings are applied to optimized and pass-through (egress only) traffic. The rules appear in separate lists according to the traffic type. [no] qos dscp edit-rule {traffic-type [optimized | passthrough] rulenum <rule-num> description <description>} traffic-type [optimized | passthrough] rulenum <rule-num> description <description> Usage Specify the type of traffic: optimized or passthrough. DSCP marking is applied to optimized and pass-through (egress only) traffic. Specify the rule number. Type a string to describe the rule.
After you map a destination port and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. On the WAN side of the Steelhead appliance, you configure a network router or a traffic shaper to prioritize packets according to the value in the DSCP field before they are sent across the WAN. Note: Optimized traffic is marked in both directions, but pass-through traffic is marked only on the egress traffic. The no command option removes the description.
Example Product Related Topics
amnesiac (config) # qos dscp edit-rule rulenum 1 description PassThroughSecure
Steelhead appliance show qos classification
326
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
qos dscp move-rule
Description Syntax Parameters Usage Moves the order of the DSCP mapping rule in the rule list to the specified number. qos dscp {move-rule traffic type [optimized | passthrough] rulenum <rule> to <rule>} <rule> Specify the order in which rules are evaluated.
You specify an ordered list of rules where each rule is the DSCP level used on the inner connection for connections matching the source IP subnet, the destination IP subnet and, optionally, the destination port fields. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
Example Product Related Topics
amnesiac (config) # qos dscp move-rule rulenum 2 to 1
Steelhead appliance show qos classification
qos dscp rule
Description Maps a service port to a QoS DSCP level based on the source IP subnet, the destination IP subnet, destination port, and rule number. The DSCP level corresponds to the DiffServ DSCP field in the IP packets header. After you map a source-destination-port pattern and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. Note: Optimized traffic is marked in both directions, but pass-through traffic is marked only on the egress traffic. Syntax Parameters [no] qos dscp rule traffic-type [optimized | passthrough] src <source IP> src-port <port> dest <destination IP> [src-port <port>] [dest-port <port>] dscp <level> rulenum <rulenum> traffic-type [optimized | passthrough] src <source IP> src-port <port> <destination IP> Specify the type of traffic: optimized or passthrough.
Specify the source IP subnet. Use the following format: XXX.XXX.XXX.XXX/XX Specify the source port. Port labels and port ranges are also supported on v4.x or later. Specify the destination IP subnet. Use the following format: XXX.XXX.XXX.XXX/XX
Riverbed Command-Line Interface Reference Manual
327
Configuration-Mode Commands
dest-port <port>
Specify the port on which to monitor. Port labels and port ranges are also supported on v4.x or later. For active FTP, configure a QoS rule on the server-side Steelhead appliance to match the destination port 20. On the client-side Steelhead appliance, configure a QoS rule with a destination port of 20. This might seem counter-intuitive as active FTP uses source port 20 and not destination port 20. This is because QoS marking does not support the creation of QoS rules based on the source port for optimized traffic. It is not necessary to create a QoS rule on the client-side Steelhead appliance because the default behavior is to automatically reflect the DSCP value. For passive FTP, configure a QoS rule on the client-side Steelhead appliance to match the destination port 20. This might seem counter-intuitive as passive FTP does not use destination port 20, but rather some random port number. However, the Steelhead appliance has specific intelligence built-in so that it knows what port number passive FTP is using as its destination port number. Therefore, for QoS marking with passive FTP, destination port 20 on the clientside Steelhead appliance simply means the port number being used by the data channel for passive FTP, as opposed to the literal meaning of destination port 20. It is not necessary to create a rule on the server-side Steelhead appliance because the default behavior is to automatically reflect the DSCP value.
<level>
Specify the DSCP level (0-63) or reflect. If you want the DSCP level or IP ToS value found on pass-through traffic to remain unchanged when it passes through the Steelhead appliance, specify reflect. Important: If your connections already have a DSCP level and you do not define one in the Management Console, the Steelhead appliance uses the existing DSCP level for the connection between the Steelhead appliances. If you define a DSCP level in the Management Console, the client-side Steelhead appliance overrides the existing DSCP level and the value that you defined is applied to both the client-side and server-side appliances. Note: Optimized traffic is marked in both directions, but pass-through traffic is marked only on the egress traffic.
<rulenum> Usage
Specify the rule number to insert before.
You specify an ordered list of rules where each rule is the DSCP level to use on the inner connection for connections matching the source IP subnet, the destination IP subnet and, optionally, the destination port fields. Steelhead appliances can retain or alter the DSCP or IP ToS value of both pass-through traffic and optimized traffic. To alter the DSCP or IP ToS value of optimized or pass-through traffic, you create a list that maps which traffic receives a certain DSCP value. The first matching mapping is applied. After you map a source-destination-port pattern and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. On the WAN side of the Steelhead appliance, you configure a network router or a traffic shaper to prioritize packets according to the value in the DSCP field before they are sent across the WAN. If you have already defined a DSCP level and you do not define one in the CLI, the Steelhead appliance uses the existing DSCP level for the connection between the Steelhead appliances. If you define a DSCP level in the CLI, the Steelhead appliance overrides the existing DSCP level and the value that you defined is applied. The no qos rule rulenum <rulenum> command disables the QoS rule.
328
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # qos dscp rule src 10.0.0.4 dest 10.0.0.1 dscp 12 rulenum 3
Steelhead appliance show qos classification
Connection Pooling Commands
This section describes the connection pooling commands.
service connection pooling
Description Enables a pool of connections to a peer Steelhead appliance. Connection pooling enables you to save an extra round-trip for the initial connection setup. Connection pooling is useful for protocols that open a number of short lived connections, such as HTTP. [no] service connection pooling <addr> <value> <addr> <value> Usage Specify the IP address of the peer Steelhead appliance. The IP address of 0.0.0.0 identifies the group of all Steelhead appliance peers. Specify the connection pooling value for the Steelhead appliance peer. The default value is 20.
Syntax Parameters
Any change in the connection pooling parameter requires you to restart the Steelhead service. The no command option disables connection pooling.
Example Product Related Topics
amnesiac (config) # service connection pooling 10.0.0.1 10
Steelhead appliance show service connection pooling
WAN Visibility (Transparency) Commands
This section describes WAN Visibility commands. For detailed information, see the Steelhead Appliance Deployment Guide. To configure transparency, you must configure an auto-discover in-path rule. For details, see in-path rule
auto-discover on page 200.
in-path mac-match-vlan
Description Syntax Parameters Usage Enables VLAN IDs to be used in simplified routing table lookups for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. [no] in-path mac-match-vlan None The no command option disables.
Riverbed Command-Line Interface Reference Manual
329
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # in-path mac-match-vlan
Steelhead appliance show in-path probe-caching, in-path rule auto-discover, show in-path peering oobtransparency
in-path multi-path maintain
Description Syntax Parameters Example Product Related Topics Maintains the multi-path properties of the connection in transparency deployments. [no] in-path multi-path maintain None
amnesiac (config) # in-path multi-path maintain
Steelhead appliance show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path peering oobtransparency mode
Description Enables out-of-band (OOB) connection destination transparency. The OOB connection is a single, unique TCP connection that is established by a pair of Steelhead appliances that are optimizing traffic. The pair of Steelhead appliances use this connection strictly to communicate internal information required by them to optimize traffic. For detailed information about WAN visibility, see in-path rule auto-discover on page 200 and the Steelhead Appliance Deployment Guide. Syntax Parameters [no] in-path peering oobtransparency mode [none | destination | full] | port <port>]] [none | destination | full] Enables OOB mode. Specify one of the following options: none. Specify correct addressing. The OOB connection is established between the two Steelhead appliances, without any TCP/IP header manipulation. This is the default setting. destination. Specify destination mode. In this mode, the OOB connection has the form C-SHip:C-SHport<->Sip:Sport, where C-SHip is the client-side Steelhead appliance IP address, C-SHport is an ephemeral port chosen by CSH, Sip is the server IP address, and Sport is the server port number. The Sip and Sport parameters are taken from the first connection optimized by the pair of Steelhead appliances. full. Specify full mode. In this mode, the OOB connection has the form Cip:CSHfixed<->Sip:Sport, where Cip is the client IP address, C-SHfixed is a predetermined port chosen by the client-side Steelhead appliance, Sip is the server IP address, and Sport is the server port number. The Cip, Sip, and Sport parameters are taken from the first connection optimized by the pair of Steelhead appliances. port <port> Changes the pre-determined port in full mode (C-SHfixed). The default value is 708.
330
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
With RiOS v5.0.x or later, and if you use WAN visibility full address transparency, you have the following transparency options for the OOB connection: OOB connection destination transparency and OOB connection full transparency. You configure OOB transparent addressing on the client-side Steelhead appliance (where the connection is initiated). By default, the OOB connection uses correct addressing. Correct addressing uses the client-side Steelhead appliance IP address, port number, and VLAN ID, and the server-side Steelhead appliance IP address, port number, and VLAN ID. If you are using OOB connection correct addressing and the client-side Steelhead appliance cannot establish the OOB connection to the server-side Steelhead appliance, OOB connection transparency can resolve this issue. For example, if you have a server on a private network that is located behind a NAT device. You configure OOB connection transparency so that the client-side Steelhead appliance uses the server IP address and port number as the remote IP address and port number. Steelhead appliances route packets on the OOB connection to the NAT device. The NAT device then translates the packet address to that of the server-side Steelhead appliance. If both of the OOB connection transparency options are acceptable solutions, OOB connection destination transparency is preferable. OOB connection destination transparency mitigates the slight possibility of port number collisions which can occur with OOB connection full transparency. When OOB connection transparency is enabled and the OOB connection is lost, the Steelhead appliances re-establish the connection using the server IP address and port number from the next optimized connection. OOB connection destination transparency uses the client-side Steelhead appliance IP address and an ephemeral port number chosen by the client-side Steelhead appliance, plus the server IP address and port number in the TCP/IP packet headers in both directions across the WAN Steelhead appliances use the server IP address and port number from the first optimized connection. Use OOB connection destination transparency if the client-side Steelhead appliance cannot establish the OOB connection to the server-side Steelhead appliance. For detailed information about configuring in-path IP addresses and OOB connections for WAN visibility, see the Steelhead Appliance Deployment Guide.
Example Product Related Topics
amnesiac (config) # in-path peering oobtransparency mode none
Steelhead appliance show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path probe-caching enable
Description Syntax Parameters Usage Example Product Related Topics Enable probe caching for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. [no] in-path probe-caching enable None The no command option disables probe caching.
amnesiac (config) # in-path probe-caching enable
Steelhead appliance show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
Riverbed Command-Line Interface Reference Manual
331
Configuration-Mode Commands
in-path probe-ftp-data
Description Syntax Parameters Usage Example Product Related Topics Enables full address transparency for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. [no] in-path probe-ftp-data None The no command option disables this command.
amnesiac (config) # in-path probe-ftp-data
Steelhead appliance show in-path probe-caching, in-path rule auto-discover,show in-path peering oobtransparency
in-path probe-mapi-data
Description Syntax Parameters Usage Example Enables full address transparency for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. [no] in-path probe-mapi-data None The no command option disables this command. The following example configures full-address transparency for a VLAN.
amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac (config) (config) (config) (config) (config) (config) (config) (config) (config) #in-path peering auto #in-path simplified routing all #in-path vlan-conn-based #in-path mac-match-vlan #no in-path probe-caching enable #in-path probe-ftp-data #in-path probe-mapi-data #write memory #service restart
Product Related Topics
Steelhead appliance show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path vlan-conn-based
Description Syntax Parameters Usage Enables VLAN connection based mapping for WAN visibility. For detailed information, see the Steelhead Appliance Deployment Guide. [no] in-path vlan-conn-based None The no command option disables VLAN connection based mapping.
332
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) #in-path vlan-conn-based
Steelhead appliance show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
WCCP Support Commands
This section describes the WCCP support commands.
wccp enable
Description Syntax Parameters Usage Enables WCCP support. [no] wccp enable None You configure WCCP to redirect traffic to a Steelhead appliance or group of Steelhead appliances: so that the Steelhead appliances do not have to be physically in-path but can be virtually in-path. That is, the Steelhead appliances are configured to be physically out-of-path devices while optimizing traffic as if they were in-path devices. to redirect traffic to a Steelhead appliance or group of Steelhead appliances to provide load balancing and failover support. For detailed information about configuring WCCP, see the Steelhead Appliance Deployment Guide. The no command option disables WCCP support. Example Product Related Topics
amnesiac (config) # wccp enable
Steelhead appliance show wccp
wccp mcast-ttl
Description Syntax Parameters Usage Sets the multicast TTL parameter for WCCP. The TTL determines the range over which a multicast packet is propagated in your intranet. [no] wccp mcast-ttl <value> <value> Specify the multicast-TTL value.
For detailed information about configuring WCCP, see the Steelhead Appliance Deployment Guide. The no command option disables WCCP support.
Example Product Related Topics
amnesiac (config) # wccp mcast-ttl 10
Steelhead appliance show wccp
Riverbed Command-Line Interface Reference Manual
333
Configuration-Mode Commands
wccp override-return route-no-gre
Description Enables the Steelhead appliance to accept whatever return direction is negotiated, but it returns traffic by using the in-path routing table, and will not use GRE encapsulation. Typically, you use this where you have an in-path gateway, which means traffic is returned to the in-path gateway. [no] wccp override-return route-no-gre None Typically, you configure the WCCP service group to specify either. By choosing either, the router and Steelhead appliance negotiate whether to use L2 or GRE for redirects, and separately, for returns as well. Certain platforms and IOS's support L2 redirects to the Steelhead appliance (usually the 6500s or 7600s depending on their supervisor engine), and even fewer combinations support L2 return. (The 12.2(SXH) does support L2 return.) This command should only be used if there is an L2 hop between the Steelhead appliance and the next hop according to the routing table. For details, see the Steelhead Appliance Deployment Guide, The no command option disables WCCP support. Example Product Related Topics
amnesiac (config) # wccp override-return route-no-gre
Syntax Parameters Usage
Steelhead appliance show wccp
wccp service-group
Description Enables a WCCP service group. A service group is a group of routers and Steelhead appliances which define the traffic to redirect, and the routers and Steelhead appliances the traffic goes through. [no] wccp service-group <service-id> {routers <routers> | assign-scheme [either | hash | mask] | src-ip-mask <mask> | dst-ip-mask <mask> | src-port-mask <mask> | dst-port-mask <mask>} protocol [tcp | icmp] | encap-scheme [either | gre | l2] | dst-ip-mask <mask> flags <flags> | password <password> | ports <ports> | priority <priority> | weight <weight>} service group <service-id> Specify the service group identification number (ID) (from 0 to 255). The service group ID is the number that is set on the router. A value of 0 Specify the standard http service group. You can add multiple Steelhead appliances to the same service group to support load balancing in mask assignments. routers <routers> A comma-separated list of router IPs (maximum of 32). The routers field is optional for mask assignments, but at least one router must be configured when a service group is created.
Syntax
Parameters
334
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
assignscheme [either | hash | mask]
Specify the redirection scheme to use: either. Specify either hash or mask. This is the default setting (hash first, then mask). hash. Specify a hash redirection scheme. Enabling hash allows you to load balance. A hash assignment requires the first packet of each connection to be processed by the CPU resulting in slightly lower performance. mask. Specify a mask redirection scheme. RiOS supports mask assignment for the WCCP. This assignment mode performs load balancing redirection operations in the appliance, significantly reducing the load on the redirecting router. With a mask assignment the first packet is processed in the hardware so there is less CPU utilization resulting in better performance. With a mask assignment you can have high availability. You can have multiple Steelhead appliances in a service group but only the Steelhead appliance with the lowest IP will receive all the traffic. Should the Steelhead appliance with the lowest IP fail the Steelhead appliance with the next IP receives all the traffic. When the Steelhead appliance with the lowest IP recovers it again receive all the traffic. The assignment scheme is always set on the Steelhead appliance, not the router. When determining bucket allocations, the mask assignment takes into account the WCCP weight parameter. The higher the weight, the more buckets will be allocated to that Steelhead appliance. However, even if the Steelhead appliances in the cluster all share the same weight, the distribution amongst the Steelhead appliances might not be perfectly equal if the number of buckets is not divisible by the number of Steelhead appliances in the cluster. When the number of buckets is not divisible by the number of Steelhead appliances in the cluster, the remainder buckets are assigned to the Steelhead appliance with the highest IP address.
dst-ip-mask <mask>
Specify the service group destination IP mask. For example to set the source and destination IP mask:
wccp assgn_scheme mask src-ip-mask 0x0170 dst-ip-mask 0x0041
src-ip-mask <mask>
Specify the service group source IP mask. The default value is 0x1741. For example:
wccp assgn_scheme mask src-ip-mask 0x0170 dst-ip-mask 0x0
dst-port-mask src-port-mask protocol [tcp | icmp] encap-scheme [either|gre|1 2]
Specify the service group destination port mask. Specify the service group source port mask. Specify the protocol: TCP or ICMP. Specify the traffic forwarding and redirection scheme: gre. Generic Routing Encapsulation (gre) l2. Layer-2 redirection. either. Layer-2 first; if Layer-2 is not supported, then gre. This is the default value.
Riverbed Command-Line Interface Reference Manual
335
Configuration-Mode Commands
flags <flags>
Specify the fields the router hash on and if certain ports should be redirected. Specify a combination of src-ip-hash, dst-ip-hash, src-port-hash, dst-port-hash, ports-dest, ports-source. The default setting is src-ip-hash, dst-ip-hash, which ensures that all of the packets for a particular TCP connection are redirected to the same Steelhead appliance. If you use a different setting, you might need to enable connection forwarding among the Steelhead appliances in the WCCP service group. The following hashing options are available: src-ip-hash. Source IP hash. Specify that the router hash the source IP address to determine traffic to redirect. dst-ip-hash. Destination IP hash. Specify that the router hash the destination IP address to determine traffic to redirect. src-port-hash. Source port hash. Specify that the router hash the source port to determine traffic to redirect. dst-port-hash. Destination port hash. Specify that the router hash the destination port to determine traffic to redirect. Other options: ports-dest. Destination ports. Specify that the router determines traffic to redirect based on destination ports. ports-source. Source ports. Specify Note: Flags cannot set destination ports and source ports simultaneously.
password <password> ports <ports> priority <priority> password <password> weight <weight 065535>>
Specify the WCCP password. This password must be the same as the password on the router. (WCCP requires that all routers in a service group have the same password.) Passwords are limited to eight characters. Specify a comma-separated list of up to seven ports that the router will redirect. Use only if ports-dest or ports-source service flag is set. Specify the WCCP priority for traffic redirection. If a connection matches multiple service groups on a router, the router chooses the service group with the highest priority. The range is 0-255. The default value is 200. Specify the WCCP password. This password must be the same as the password on the router. (WCCP requires that all routers in a service group have the same password.) Passwords are limited to eight characters. Specify how often the traffic is redirected to a particular Steelhead appliance. A higher weight redirects more traffic to that Steelhead appliance. The ratio of traffic redirected to a Steelhead appliance is equal to its weight divided by the sum of the weights of all the Steelhead appliances in the same service group. For example, if there are two Steelhead appliances in a service group and one has a weight of 100 and the other has a weight of 200, the one with the weight 100 receives 1/3 of the traffic and the other receives 2/3 of the traffic. The range is 065535. The default value corresponds to the number of TCP connections your appliance supports.
336
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
To enable WCCP, the Steelhead appliance must join a service group at the router. A service group is a group of routers and Steelhead appliances which define the traffic to redirect, and the routers and Steelhead appliances the traffic goes through. To enable failover support with WCCP groups, define the service group weight to be 0 on the backup Steelhead appliance. If one Steelhead appliance has a weight 0, but another one has a nonzero weight, the Steelhead appliance with weight 0 does not receive any redirected traffic. If all the Steelhead appliances have a weight 0, the traffic is redirected equally among them. If the source or destination flags are set, the router redirects only the TCP traffic that matches the source or destination ports specified. For detailed information about configuring WCCP in Riverbed deployments, see the Steelhead Appliance Deployment Guide. For detailed information about WCCP, see the Cisco documentation Web site at http://www.cisco.com/univercd/home/home.htm. Mask Assignment Support In v5.0.2 RiOS supports mask assignment for the WCCP protocol. This assignment mode performs redirection operations in hardware, significantly reducing the load on the redirecting router. The no command option disables WCCP support.
Example Product Related Topics
amnesiac (config) # wccp service-groups 999 routers 10.0.0.0 assign-scheme mask
Steelhead appliance show wccp
Failover Support Commands
This section describes the failover support commands.
failover buddy addr
Description Syntax Parameters Sets the IP address for a failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover buddy addr <addr> <addr> Specify the IP address for the failover, backup machine. The default value is 0.0.0.0. If you have installed multiple bypass cards, you must specify the IP address for the inpath0_0 slot. Usage The default value is 0.0.0.0. The no command option resets the failover IP address to the default value. Example Product Related Topics
amnesiac (config) # failover buddy addr 10.10.10.1
Interceptor appliance, Steelhead appliance show failover
Riverbed Command-Line Interface Reference Manual
337
Configuration-Mode Commands
failover buddy port
Description Syntax Parameters Usage Sets the port for a failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover buddy port <port> <port> Specify the port number.
The default value is 7820. You cannot specify the failover buddy port for the Interceptor appliance. The no command option resets the port to the default value.
Example Product Related Topics
amnesiac (config) # failover buddy port 2515
Steelhead appliance show failover
failover enable
Description Syntax Parameters Enables a failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover enable None
338
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
For a physical in-path failover deployment, you configure a pair of Steelhead appliances: one as a master and the other as a backup. The master Steelhead appliance in the pair (usually the Steelhead appliance closest to the LAN) is active and the backup Steelhead appliance is passive. The master Steelhead appliance is active unless it fails for some reason. The backup is passive while the master is active and becomes active if either the master fails or the master reaches its connection limit and enters admission control status. A backup Steelhead appliance does not intercept traffic while the master appliance is active. It pings the master Steelhead appliance to make sure that it is alive and processing data. If the master Steelhead appliance fails, the backup takes over and starts processing all of the connections. When the master Steelhead appliance comes back up, it sends a message to the backup that it has recovered. The backup Steelhead appliance stops processing new connections (but continues to serve old ones until they end). For an out-of-path failover deployment, you deploy two server-side Steelhead appliances and add a fixed-target rule to the client-side Steelhead appliance to define the master and backup target appliances. When both the master and backup Steelhead appliances are functioning properly, the connections traverse the master appliance. If the master Steelhead appliance fails, subsequent connections traverse the backup Steelhead appliance. The master Steelhead appliance uses an Out-of-Band (OOB) connection. The OOB connection is a single, unique TCP connection that communicates internal information only; it does not participate in the Steelhead appliance optimization. If the master Steelhead appliance becomes unavailable, it loses this OOB connection and the OOB connection times out in approximately 4045 seconds. Once the OOB connection times out, the client-side Steelhead appliance declares the master Steelhead appliance unavailable and connects to the backup Steelhead appliance. During the 40-45 second delay before the client-side Steelhead appliance declares a peer unavailable, it passes through any incoming new connections; they are not blackholed. While the client-side Steelhead appliance is using the backup Steelhead appliance for optimization, it attempts to connect to the master Steelhead appliance every 30 seconds. If the connection succeeds, the client-side Steelhead appliance reconnects to the master Steelhead appliance for any new connections. Existing connections remain on the backup Steelhead for their duration. This is the only time, immediately after a recovery from a master failure, that connections are optimized by both the master Steelhead appliance and the backup. If both the master and backup Steelhead appliances become unreachable, the client-side Steelhead tries to connect to both appliances every 30 seconds. Any new connections are passed through the network unoptimized. In addition to enabling failover and configuring buddy peering, you must synchronize the data stores for the master-backup pairs to ensure optimal use of SDR for warm data transfer. With warm transfers, only new or modified data is sent, dramatically increasing the rate of data transfer over the WAN. For detailed information, see datastore sync enable on page 178. The no command option disables failover.
Example Product Related Topics
amnesiac (config) # failover enable
Interceptor appliance, Steelhead appliance show failover
failover master
Description Syntax Parameters Sets the appliance as the master appliance of a failover pair. If the master fails, traffic is routed automatically through the failover buddy. [no] failover master None
Riverbed Command-Line Interface Reference Manual
339
Configuration-Mode Commands
Usage
You must specify valid values for the buddy IP address and buddy port. The no command option sets the appliance as the failover buddy.
Example Product Related Topics
amnesiac (config) # failover master
Interceptor appliance, Steelhead appliance show failover
failover port
Description Syntax Parameters Usage Sets the port on the master appliance with which to communicate with the failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover port <port> <port> Specify the port number.
The default value is 7820. The no command option resets the port to the default value.
Example Product Related Topics
amnesiac (config) # failover port 2515
Interceptor appliance, Steelhead appliance show failover
Data Replication Commands
This section describes the data replication commands.
datastore anchor-select
Description Enables an anchor selection algorithm that discards margin segments without writing them to disk. Enabling anchor selection based on contiguous segments decreases pressure on the disk and improves performance. Before you enable the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. Syntax Parameters Usage [no] datastore anchor-select 1 | 0 1|0 Specify 1 to turn on anchor selection; specify 0 to turn off anchor selection.
Use this command if you are experiencing a gradual decline in optimization over time when using DR applications. For detailed information about the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. The no command option disables anchor selection.
340
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # datastore anchor select 1
Steelhead appliance show datastore
datastore disklayout
Description Selects data store replacement policy. Before you enable the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. Syntax Parameters [no] datastore disklayout <fifo | rvbdlru> <fifo | rvbdlru> Specify one of the following replacement policies: fifo. Specify a replacement algorithm that replaces data in the order that they are received (first in, first out). This is the default method. rvbdlru. Specify a replacement algorithm that replaces the least recently used data in the data store, which improves hit rates when the data in the data store are not equally used. Usage The data store segment replacement policy selects the technique used to replace the data in the data store. While the default setting works best for most Steelhead appliances, occasionally Riverbed Technical Support recommends changing the policy to improve performance. If, gradually over time, you experience sharp throughput degradation even though the data reduction numbers continue to be good, use this command Important: Enabling the LRU disk layout method may cause the data store wrap warning to occur earlier than expected when using the FIFO replacement policy. This is expected behavior. The no command option disables LRU data replacement. Example Product Related Topics
amnesiac (config) # datastore disklayout rvbdlru
Steelhead appliance show datastore disklayout
datastore disk read-pressure
Description Sets the disk read pressure values. Before you enable the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. Syntax Parameters [no] datastore disk read-pressure interval <seconds> interval <seconds> Specify the read pressure value in seconds.
Riverbed Command-Line Interface Reference Manual
341
Configuration-Mode Commands
Usage
Use this command if you are experiencing a gradual decline in optimization over time when using DR applications. For detailed information about the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. The no command option disables read pressure.
Example Product Related Topics
amnesiac (config) # datastore disk read-pressure interval 90
Steelhead appliance show datastore disk
datastore write-q-prior
Description Enables priority for deferred writes Before you enable the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. Syntax Parameters Usage [no] datastore write-q-prior None Use this command if you are experiencing a gradual decline in optimization over time when using DR applications. For detailed information about the set of data replication commands, please contact Riverbed Technical Support at https://support.riverbed.com. The no command option disables deferred writes. Example Product Related Topics
amnesiac (config) # datastore write-q-prior
Steelhead appliance show datastore write-q-prior
Riverbed Services Platform Commands
This section describes the Riverbed Services Platform (RSP) commands. To run RSP packages you must first install the RSP image, then install the RSP package, and finally, configure dataflow rules.
Note: RSP is supported on Steelhead appliance models 250, 520, 550, 1020, 1050, 1520, 2020, 2050, 3020, 3520, 5050, and 6050. You must be running RiOS v5.5.x.
For detailed information about installing and configuring RSP, see the Riverbed Services Platform Installation and Configuration Guide.
342
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
rsp backup delete
Description Syntax Parameters Example Product Related Topics Deletes the RSP backup file from the Steelhead appliance. rsp backup delete <backup filename> <backup filename> Specify the backup name. The default backup filename is <Steelhead appliance name>-<slotname>-<date>.bkup
amnesiac (config) # rsp backup delete gen-sh1-1-2009/01/01.bkup
Steelhead appliance show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp backup fetch
Description Syntax Parameters Downloads the RSP backup file. rsp backup fetch <backup URL> [as <backup-filename>] <backup URL> Specify the backup file URL or pathname. You can use HTTP, FTP, or SCP to transfer the backup file.For example, type: scp://username:password@host/ path. Optionally, specify a different filename for the backup file that you download.
[as <backupfilename>] Example Product Related Topics
amnesiac (config) # rsp backup fetch scp://admin:password@gen-sh1-1-2009/01/01.bkup
Steelhead appliance show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp backup upload
Description Syntax Parameters Uploads the RSP backup file onto a remote server or another Steelhead appliance. rsp backup upload <backup filename> remote <backup URL> <backup filename> <backup URL> Example Product Related Topics Specify the backup filename. The default backup filename is <Steelhead appliance name>-<slotname>-<date>.bkup. Specify the backup file URL or pathname. You can use HTTP, FTP, or SCP to transfer the backup file.
amnesiac (config) # rsp backup upload gen-sh1-1-2009/01/01.bkup remote scp:// admin:mypassword@sh/rsp
Steelhead appliance show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
343
Configuration-Mode Commands
rsp dataflow
Description Syntax Parameters Configures RSP data flow. [no] rsp dataflow <dataflow name> {add opt-vni <VNI name> vni-num <vni-num> | move vninum <vni-num> to <vni-num>} <inpath0_0> Specify the dataflow name. For example: inpath0_0 For example, inpath0_0 represents and controls the flow of data through the lan0_0, inpath0_0, and wan0_0 interfaces. add opt-vni Adds an optimization VNI to the dataflow. Specify the Virtual Network Interface (VNI) name. The optimization VNI name is a combination of the slot name and the VNI name. For example: 1:lan0 VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. vni-num Specify the order number of the VNI in the rule list. The order number in the rule list determines which VNI a packet goes to first, second, third, fourth, and last.: 1-n. Specifies the order number of the VNI in the rule list. Lower numbers locate the VNI closer to the LAN. Higher numbers locate the VNI closer to the WAN. start. Locates the VNI next to the LAN. A packet coming from the Steelhead appliance LAN interface goes to this VNI first. end. Locates the VNI next to the WAN. A packet coming from the Steelhead appliance WAN interface goes to this VNI first. move <vninum> to <vninum> Specify VNI numbers to move a VNI in the dataflow.
344
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Each RSP package uses its own RSP network interfaces, equivalent to VMware network interfaces, to communicate with the outside world. These network interfaces are matched up with the physical intercept points that create VNIs. VNIs are network taps that enable data flow in and out of the RSP packages. VNIs are available on the LAN, WAN, primary, and auxiliary interfaces of the Steelhead appliance. Each package is capable of having ten RSP network interfaces which means it can support ten VNIs. The VNIs provide a great deal of configuration flexibility, providing the basis of how packages are chained together and how data flows through the various packages in a multiple package scenario. VNIs fall into two categories: Optimization VNIs Optimization VNIs are used with in-band packages. Optimization VNIs are part of the optimized data flow on either the LAN- or WAN-side of RiOS. There are several types of optimization VNIs: In-path. In-path VNIs are used for packages such as security packages. The following types of in-path optimization VNIs are available: LAN. LAN VNIs forward packets from the LAN-side to the virtual machine, to the WANside, or both. LAN VNIs unconditionally forward packets from the virtual machine to the LAN-side. LAN VNIs cannot receive packets from the WAN-side. WAN. WAN VNIs forward packets from the WAN-side to the virtual machine, to the LANside, or both. WAN VNIs unconditionally forward packets from the virtual machine to the WAN-side. WAN VNIs cannot receive packets from the LAN-side. Virtual In-Path: These optimization VNIs belong to in-band packages that need some form of redirection to intercept traffic. The types of virtual in-path VNIs are: DNAT. Use with proxy-based solutions; for example, video proxies. Mirror. Use with network monitoring-based solutions; acts like a SPAN port to copy traffic for monitoring. For details about adding optimization VNI rules, see rsp opt-vni rule on page 349. Management VNIs. Management VNIs reside on the Steelhead appliance primary or auxiliary port. Management VNIs are used as a management interface for in-band packages. Management VNIs are the primary communication path for out-of-band packages. Note: For detailed information on RSP, see the Riverbed Services Platform Installation and Configuration Guide. For details about adding optimization VNI rules, see rsp mgmt-vni on page 349. The no command option disables dataflow on the specified VNI.
Example Product Related Topics
amnesiac (config) # rsp dataflow inpath0_0 add opt-vni 1:testVNI vni-num 1
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp enable
Description Syntax Parameters Enables the RSP service. [no] rsp enable None
Riverbed Command-Line Interface Reference Manual
345
Configuration-Mode Commands
Usage
In RiOS 5.5 the Riverbed Services Platform (RSP), offers branch-office-in-a-box services. Important: Riverbed recommends you install and configure RSP using the Management Console. For detailed information, see the Steelhead Management Console Users Guide. Note: RSP is supported on Models 250, 520, 550, 1020, 1050, 1520, 2020, 2050, 5050, and 6050. RSP in RiOS v5.5.x uses VMware Server 2.0 as the virtualization platform. Both 32 and 64-bit versions of the RSP image are available. VM Server does not need a separate license. After installing the RSP installation image, you can add packages to run additional services and applications. RSP includes configuration options that enable you to determine the data flow to and from a package, and the ability to chain packages together. After installing the RSP image, you can install the RSP packages that run additional services and applications. RSP packages are available as a separate release from a third-party vendor or from Riverbed. For example, you can run out-of-band packages such as Internet Protocol Address Management (IPAM) and in-band packages such as security solutions that provide firewall, VPN, and content filtering. You can also run proxy solutions such as video streaming packages. You can run up to five packages simultaneously, depending on the package and the Steelhead appliance model. The configuration options include rules to determine the data flow to and from a package, and the ability to chain packages together. For detailed information about installing RSP, see Riverbed Services Platform Installation and Configuration Guide. Prerequisites and Tips The Steelhead appliance RiOS image does not include the RSP image. You must install the RSP image separately. You must have role-based permission for RSP before you can install RSP and add a package. Before installing a new RSP image, you must stop the RSP service currently running on the Steelhead appliance. For details about Steelhead appliance RSP support for guest operating systems, see the product specification sheets at http://www.riverbed.com/products/appliances/ If you have previously installed RSP for RiOS v5.0.x, you must reinstall the RSP image for RiOS v5.5.x and later. RSP for RiOS v5.0.x is not compatible with RSP for RiOS v5.5.x. Installing a new RSP image replaces the previously installed image (the VM packages are left untouched). Basic Steps 7. Download and install the RSP image, which contains the VMware binary programs and the RSP service. The Steelhead appliance RiOS image does not include the RSP image. You must install the RSP image separately. 1. RSP is pre-installed on newly manufactured Steelhead appliances if you ordered RSP.To download the image, go to the Riverbed Technical Support site at https://support.riverbed.com. 2. Start RSP on the Steelhead appliance. 3. Obtain an RSP package by using an existing package from Riverbed, a third-party vendor, or from within your organization or create your own package. For detailed information about creating your own package, see the Riverbed Partner Website. 4. Assign a package to the slot. 5. Enable the slot. 6. Configure the package. For example, to install a Windows package you would need to configure an IP address for the interface. 7. Disable the slot as a safety precaution while you configure the traffic data flow. This step is not required for out-of-band packages.
346
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
8. Place the slotted package optimization VNI into the data flow. This step is not required for outof-band packages. 9. Add data flow rules to the VNI. This step is not required if you use the default rules for the package. 10.Enable the slot. 11. Verify your configuration. For detailed information about installing and configuring RSP, see the Riverbed Services Platform Installation Guide. The no command option disables RSP. Example
amnesiac (config) # rsp enable amnesiac (config) # show rsp Supported: Yes Installed: Yes Release: 6.0.0 Enabled: Yes State: Running Disk Space: 11.26 GB used / 195.44 GB free / 206.70 GB total Memory: 0 MB used / 128 MB free / 128 MB total
Product Related Topics
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image delete
Description Syntax Parameters Usage Example Product Related Topics Deletes an RSP installation image from disk rsp image delete <RSP image> <RSP image> Specify the RSP image to delete.
This command does not uninstall RSP. It simply removes one of the previous downloaded RSP installation images from the disk.
amnesiac (config) # rsp image delete example-1.0.tar.bz
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image fetch
Description Syntax Parameters Downloads an RSP installation image. rsp image fetch <http, ftp, or scp URL (for example, scp://username:password@host/path)> <http, ftp, or scp URL> Specify the HTTP, FTP, or scp URL of the image to download. For secure copy, use the following path: /rsp/images
Riverbed Command-Line Interface Reference Manual
347
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # rsp image fetch http://eng/test/latest/rsp-image.img
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image install
Description Syntax Parameters Usage Installs an RSP installation image. rsp image install <rsp image> Specify the image name.
RSP requires 2 GB of additional memory on the Steelhead appliance. You must have role-based permission for RSP to install RSP. For information on permissions, see the Riverbed Services Platform Installation Guide. Before installing a new RSP image, you must stop the RSP service currently running on the Steelhead appliance. If you have previously installed RSP for RiOS v5.0.x, you must reinstall the RSP image for RiOS v5.5 and later. RSP for RiOS v5.0.x is not compatible with RSP for RiOS v5.5. Installing a new RSP image replaces the previously installed image (the virtual machine packages are unmodified). For details on Steelhead appliance RSP support for guest operating systems, see the product specification sheets at: http://www.riverbed.com/products/appliances/
Example
amnesiac (config) # rsp image fetch http://releng.nbttech.com/midway-x86_64 flamebox-latest/rsp-image.img amnesiac (config) # rsp image install rsp-image.img Installing RSP image . . . . . . . . . . .done. % RSP must be disabled before installation can proceed.
Product Related Topics
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image move
Description Syntax Parameters Rename or move an RSP installation image on the disk. rsp image move <old filename> to <new filename> <old filename> <new filename> Example Product Related Topics Specify the source RSP image that you want to change. Specify the new RSP image name.
amnesiac (config) # rsp image move examp1-rsp-image.img to newexamp1-rsp-image.img
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
348
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
rsp mgmt-vni
Description Syntax Parameters Assigns a management Virtual Network Interface (VNI) to either the auxiliary or primary interface. rsp mgmt-vni <mgmt-vni> interface [aux | primary] <mgmt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. interface [aux | primary] Usage Specify the physical interface to bind to: aux or primary.
Management VNIs reside on the Steelhead appliance primary or auxiliary port. Management VNIs are used as a management interface for in-band packages. Management VNIs are the primary communication path for out-of-band packages. You bridge a management VNI to either the primary or auxiliary interface to connect the management VNI to the respective physical Ethernet adapter on the Steelhead appliance. The management VNI becomes part of the network connected to the physical primary or auxiliary port of the Steelhead appliance. If you want to use an RSP watchdog you must bridge a management VNI on the Steelhead appliance to a virtual machine interface. For detailed information, see the Riverbed Services Platform Installation Guide.
Example Product Related Topics
amnesiac (config) # rsp mgmt-vni 1:testmgmtF interface aux
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni rule
Description Configures optimization VNI data flow rules. This type of VNI rule is used with in-band packages and is part of the optimized data flow either on the LAN or WAN side of RiOS. Riverbed recommends you use the Management Console to configure VNI data flow rules. F or detailed information, see the Riverbed Services Platform Installation Guide. Syntax rsp opt-vni <VNI name> rule {{ dnat targettip <address> <cr> | targetport <port> <cr>] | move rulenum <rulenum> to <dstnum> | lan-to-wan rulenum <rulenum> action [redirect | pass | copy] [dstaddr <dstaddr> dstport <dstport>] [srcaddr <srcaddr> srcport <srcport>] protocol [tcp | udp| <protocol-num>] | [move rulenum <rulenum> to <dst-num>] [vlan <vlan-id>]| wan-to-lan rulenum <rulenum> action [redirect | pass | copy] [dstaddr <dstaddr> dstport <dstport>] [srcaddr <srcaddr> srcport <srcport>] protocol [tcp | udp| <protocol-num>] | move rulenum <rulenum> to <dst-num>] [vlan <vlan-id>]}
Riverbed Command-Line Interface Reference Manual
349
Configuration-Mode Commands
Parameter
<VNI name>
Specify the VNI name. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In
dnat
Passes traffic to the target IP or redirect it to a target IP. Destination Network Address Translation (DNAT) rules are used for in-path proxy solutions. By default, DNAT is disabled. move rulenum <rulenum> to <dst-num> targettip <address> targetport <port> Moves a rule. Specify the original rule number and the rule number to move to. Optionally, type a descriptive name for the rule to replace the default rule number. Specify a single target IP address
lan-to-wan wan-to-lan action [redirect | pass | copy]
Passes traffic around a VM or redirects it to the next VM. Passes traffic around a VM or redirects it to the next VM. Specify the action to perform on the rule: redirect. Redirect the packet to a VM. pass. Pass the packet along the data flow, bypassing the VM. copy. Copy the packet to the VM and also pass it along the data flow. [dstaddr <dstaddr> dstport <dstport>] [srcaddr <srcaddr> srcport <srcport>] protocol [all | tcp | udp| <protocolnum>] [move rulenum <rulenum> to <dstnum>] vlan <vlanid>} Optionally, specify the destination network and the destination port of the packet, either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify the source subnet and port of the packet. For example, 1.2.3.0/24, or leave blank to specify all. For the destination port of the packet, either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, select All, TCP, UDP, or a protocol number (1-254) from the drop-down list. The default setting is All.
Moves a specified rule. Specify the original rule number and the rule number to move to.
Optionally, specify a VLAN identification number.
350
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
VNI rules determine what the VNI does with the traffic it receives. The redirection can be controlled by rules based on IP or port. VNI rules can perform one of the following actions: Redirect the packets to the VM. Pass the packets along the data flow to the next VNI. Pass the packets along the data flow and send a copy of the packets to the VM. RSP provides two default rules to direct traffic that does not match any other rules: LAN-to-WAN rule WAN-to-LAN rule Using VNI Rules to Chain Packages Together For example, if you installed a video streaming package, a security package, and a VPN package on the Steelhead appliance. You can define rules to invoke the following data path: 1. Flash video traffic coming from the LAN Steelhead appliance is redirected to a video proxy solution. 2. All other traffic goes directly to RiOS and is optimized. 3. After RiOS optimizes the traffic, it is redirected to the security package on the WAN-side of the Steelhead appliance that checks the data (or, if it is a VPN solution, encrypts it), and sends it back out of the WAN. You can control the data redirection using rules based on IP or port. After RiOS is finished, the traffic is intercepted and redirected on the WAN side to a security package that checks the data (or, if it is a VPN solution, encrypts it), and sends it back out the WAN. You can control the data redirection using rules based on IP address or port number. DNAT Rules Destination Network Address Translation (DNAT) rules are used for in-path proxy-based solutions. You can only add DNAT rules for a virtual in-path optimization VNIs. By default, DNAT is disabled. When DNAT is enabled, it translates the network address of packets that match the source and destination IP and the port (or port range) to the target IP and, optionally, the target port. It then routes them to the correct device, host, or network. For example, you can install an RSP package for live video streaming and add a DNAT rule (using the IP address, port number, or both) that transparently proxies all traffic redirected to the local RSP video instance. Consequently, the local RSP video instance responds to the local clients on behalf of the original server, simultaneously communicating with the original server in the background over the WAN. This process streamlines the number of requests over the WAN, resulting in time and bandwidth savings. The RSP rule that determines which traffic is network address translated is provided in the data flow rules for the virtual in-path VNI.When you configure data flow and DNAT rules, use the following guidelines: Data flow rules are per VNI. Data flow rules are unidirectional. For example, typically you have a LAN-to-WAN rule for the LAN VNI, and a reverse WAN-to-LAN rule for the WAN VNI. WAN VNIs do not see data coming from the LAN, and LAN VNIs do not see packets coming from the WAN. For a WAN VNI, only WAN-to-LAN rules are applicable. For a LAN VNI, only LAN-to-WAN rules are applicable. You must create WAN-to-LAN rules and LAN-to-WAN rules separately. You can only add DNAT rules for a virtual in-path VNI. You can specify a target port range with DNAT rules. For detailed information about default rules and how to edit them, see the Riverbed Services Platform Installation Guide.
Riverbed Command-Line Interface Reference Manual
351
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # rsp opt-vni 1:Rsp0VinPath rule lan-to-wan action redirect dstaddr 10.12.0.0./16 rulenum 3
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni vlan
Description Syntax Parameter Sets the VLAN for the optimization VNI. rsp opt-vni <VNI name> vlan <vlan> <VNI name> Specify the VNI name. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf, firewall:eth0 VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. <vlan> Example Product Related Topics Specify the VLAN: trunk, none, or 0-4094
amnesiac (config) # rsp opt-vni 2:QAWan vlan trunk
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp package delete
Description Syntax Parameters Usage Delete a package from the disk. rsp package delete <package> <package> Specify the package name.
You can delete an RSP package installation file to release disk space. Deleting the RSP package installation file removes the file used to install the package into a slot. It does not uninstall the package from the system. To install the package again, you must download the package and then install it into a slot.
amnesiac (config) # rsp package delete http://rsp/SCPS/v4/rsp_SCPS_factory1.pkg
Example Product Related Topics
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
352
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
rsp package fetch
Description Syntax Parameters Usage Download a package. rsp package fetch <http, ftp, or scp URL (e.g. scp://username:password@host/path)> <http, ftp, scp URL> Specify the HTTP, FTP, or scp URL path. For secure copy, use the following path: /rsp/packages
Before installing a package, you must install RSP. After installing the RSP image, you can download and install packages. A package can be a virtual machine (VM) created: by a third-party vendor that also contains configuration files specific to the Riverbed RSP implementation. by Riverbed. internally within your organization. You can download any number of packages to the Steelhead appliance, but you can only run up to five packages at a time. The exact number depends on the package size, the amount of resources available, and your Steelhead appliance model. RSP packages contain the service or applications in the virtual machine. RSP packages also contain Riverbed configuration files including the package VNIs. RSP packages include a .vmx file and one ore more .vmdk files. You need not open or modify any of the files in the package. The package files can be quite large and can take up several GBs of disk space. RSP provides the following packages: In-band packages. In-band packages work in conjunction with the Steelhead appliance optimization services. You can use the following in-band packages: In-band LAN packages. In-band LAN packages intercept data on the Steelhead appliance LAN interface before or after the data flows through RiOS, depending on the traffic direction. Examples of this type of package include Intrusion Detection System or Intrusion Prevention System packages. In-band WAN packages. In-band WAN packages intercept data on the Steelhead appliance WAN interface before or after the data flows through RiOS, depending on the traffic direction. Examples of this type of package include firewall, content filtering, and VPN packages. In-band hybrid packages. In-band hybrid packages intercept data on both the LAN interface and the WAN interface of the Steelhead appliance. Typically, in-band hybrid packages are network monitoring packages. Out-of-band packages. Out-of-band packages are not required to work in conjunction with the Steelhead appliance optimization service. Typically, out-of-band packages are located on the Steelhead appliance primary interface. Examples of this type of package include IPAM, print, DNS, and DHCP. When you install an RSP package you must select an RSP slot. A slot is a directory on disk. When you install a package into a slot, the system unpacks the VM into the directory. When you remove a package, the system deletes the files from the slot. After you install a package into a slot, you configure data flow rules for the RSP package. Data flow rules are similar to in-path rules, except they are unidirectional. Riverbed recommends you use the Management Console to define your data flow rules for your packages. For detailed information on RSP, including the RSP packages included with RiOS v5.5 and their system requirements, see the Riverbed Services Platform Installation and Configuration Guide.
Example Product Related Topics
amnesiac (config) # rsp package fetch http://example.com/newcentospkg.pkg
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
353
Configuration-Mode Commands
rsp package move
Description Syntax Parameters Rename a package. rsp package move < old-filename> to <new-filename> <old filename> <new filename> Usage Example Product Related Topics Specify the package filename. Specify the new package filename.
After you load an RSP package on the Steelhead appliance, you can rename the package.
amnesiac (config) # rsp package move centospkg.pkg to newcentospkg.pkg
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp shell
Description Syntax Parameters Example Product Related Topics Provides console access to RSP. rsp shell <slot-name> <slot-name> Specify the slot name or number: 1, 2, 3, 4, 5
amnesiac (config) # rsp shell 1
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot backup create
Description Syntax Parameters Creates an RSP backup file. rsp slot <slot name> backup create <slot name> nocompress Usage Specify the slot name. Creates an uncompressed backup file.
This feature enables you to create a snapshot (a VMware feature that freezes a copy of the memory and disk contents), compress the snapshot, delete the snapshot, and move the compressed snapshot file. The backup command generates a .zip file with a .bkup file extension. The default backup filename is <Steelhead appliance name>-<slotname>-<date>.bkup You can use the nocompress option to create an uncompressed backup file. The nocompress option enables you to transfer the backup file efficiently using the Steelhead deduplication feature.
354
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # rsp slot 1 backup create nocompress
Steelhead appliance show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot backup restore
Description Syntax Parameters Restores RSP data. rsp slot <slot name> backup restore <backup filename> <slot name> <backup filename> Usage Example Product Related Topics Specify the slot name. Specify the backup filename.
Use the RSP backup feature to restore the RSP data in case the Steelhead appliance fails.
amnesiac (config) # rsp slot 1 backup restore gen-sh1-1-2009/02/11.bkup
Steelhead appliance show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot enable
Description Syntax Parameters Usage Enables a slot (disk space) and starts the virtual machine. rsp slot <slot name> enable <slot name> Specify the slot name. The default names for the slots are 1, 2, 3, 4, 5.
When you install an RSP package you must select an RSP slot. A slot is a directory on disk. When you install a package into a slot, the system unpacks the VM into the directory. When you remove a package, the system deletes the files from the slot. You can install one package per slot. By default, the RSP slots are numbered 1 to 5. You can change a slot name to more make it more descriptive. Verify that enough free memory is still available to run the virtual machine in the slot. If there is not enough free memory available you receive an insufficient memory error message, and the slot is not enabled. You can try reducing the memory footprint for the virtual machine, or reducing it for a virtual machine in another slot. Note: RSP requires 2 GB additional memory on the Steelhead appliance. If the amount of available memory is less than the memory footprint for the virtual machine you are installing, you receive an insufficient memory error message.
Example Product Related Topics
amnesiac (config) # rsp slot 1 enable
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
355
Configuration-Mode Commands
rsp slot install package
Description Syntax Parameters Installs an RSP package into a slot. rsp slot <slot name> install package <package> <slot name> <package> Usage Specify the slot name. The default names for the slots are 1, 2, 3, 4, 5. Specify the package name.
When you install an RSP package you must select an RSP slot. A slot is a directory on disk. When you install a package into a slot, the system unpacks the VM into the directory of the slot. When you uninstall a package, the system deletes the files in that slot. You can install one package per slot. By default, the five RSP slots are numbered 1 to 5, although you can change a slot name to more make it more descriptive. Note: Available slots are listed as null. To install an RSP package in an occupied slot, you must first uninstall the package for that slot. Installing a package into a slot and uninstalling that particular slot affects only the slot directory, not the package itself.
Example Product Related Topics
amnesiac (config) # rsp slot 1 install package rsp_SCPS_factory1.pkg Slot "1" is successfully installed.
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot priority
Description Syntax Parameters Set the CPU priority for the slot if there is contention for resources. rsp slot <slot name> priority {high | normal | low} <slot name> high normal Specify the slot name or number. The default names for the slots are 1, 2, 3, 4, 5. Sets a higher priority relative to other slots. Sets normal priority relative to other slots. The default priority setting is normal. In the event of CPU contention, CPU resources are allocated to the slots according to the priority specified. Slots with the same priority level receive equal access to the CPU. low Usage Sets low priority relative to other slots.
The CPU uses the slot priority to allocate resources in the event of contention. By default all slots are set at normal priority. Because there is only three priority levels, but five slots, it is always the case that more than one slot has the same priority. In that case, slots with the same priority are given equal access to the CPU.
Example Product Related Topics
amnesiac (config) # rsp slot 1 priority high
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
356
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
rsp slot rename
Description Syntax Parameters Renames a slot. rsp slot <slot-name> rename <new-name> <slot-name> <new-name> Usage Example Product Related Topics Specify a slot name. Specify a new name for the slot.
Before you rename an RSP slot, ensure that it is empty.
amnesiac (config) # rsp slot 1 rename myslot
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot uninstall
Description Syntax Parameters Usage Example Product Related Topics Uninstall a slot. rsp slot uninstall None Before you uninstall an RSP package from a slot, disable the slot in which the RSP package resides.
amnesiac (config) # rsp slot 3 uninstall
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm memory-size
Description Syntax Parameters Usage Example Product Related Topics Sets the slot memory size. rsp slot vm memory-size <size> <size> Specify the new memory size.
Specify how many megabytes of memory, in multiples of 4, to allocate to the virtual machine.
amnesiac (config) # rsp slot vm memory-size 256
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
357
Configuration-Mode Commands
rsp slot watchdog
Description Syntax Parameters Configures watchdog on the specified package. Riverbed recommends you configure an RSP watchdog that blocks traffic in the event an in-path security package such as a firewall, fails. rsp slot <slot-name> watchdog {block | enable | frequency <secs> | ip <ip-addr> | timeout <secs>} <slot-name> block enable frequency <secs> ip <ip-addr> timeout <secs> Usage Specify the slot name. Enables watchdog blocking on this package. Enable watchdog on this package. Sets the frequency at which the watchdog should ping. Sets the IP that the watchdog should ping. Sets the time-out for watchdog.
An RSP watchdog determines what to do with traffic in the event of a package failure. By default, the watchdog sends an email alert and bypasses traffic destined for failed packages. Traffic that normally flows through an optimization VNI on the RSP package now skips the optimization VNI, and is allowed through. You can configure a watchdog to block traffic destined for failed packages. The RSP package must have the management interface configured before you can configure a watchdog on it. You can also disable fail-to-bypass mode on the package interface. This is useful in the event of a firewall package failure. Otherwise, if the Steelhead appliance loses power or otherwise fails, traffic is allowed through the interface. For details about enabling fail-to-bypass, see the Riverbed Services Platform Installation and Configuration Guide. For details about which interfaces support disabling fail-to-bypass, see the Bypass Card Installation Guide. To verify that the virtual machine is running, the RSP watchdog pings an IP address. You configure the IP address on the virtual machine guest operating system Ethernet interface and then bridge it to one of the management VNIs on the Steelhead appliance.
Example Product Related Topics
amnesiac (config) # rsp slot watchdog block
Steelhead appliance show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
DNS Cache Commands
This section describes the DNS cache commands.
dns cache clear
Description Syntax Parameters Clear contents of DNS cache. dns cache clear None
358
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # dns cache clear
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache freeze enable
Description Syntax Parameters Usage Example Product Related Topics Sets whether DNS cache entries should expire. [no] dns cache freeze enable None The no command option disables cache entries expiration.
amnesiac (config) # dns cache freeze enable
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache frozen-min-ttl
Description Syntax Parameters Set minimum time-to-live value on an expired entry in a frozen cache. The minimum time-to-live value applies to all entries when the cache is frozen, whether they are expired or not. [no] dns cache frozen-min-ttl <seconds> <seconds> Specify the smallest time-to-live in seconds that a response from the server can have. This setting affects the contents of the response, not how long the entry is actually cached (which is forever), and this is not specific to negative responses. The range is 0-604800. The default value is 10.
Usage Example Product Related Topics
The no command option resets the frozen minimum time-to-live value to the default.
amnesiac (config) # dns cache frozen-min-ttl 604800
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache fwd enable
Description Syntax Parameters Usage Enables or disables caching of DNS entries. [no] dns cache fwd enable None The no command option disables forwarding of name servers.
Riverbed Command-Line Interface Reference Manual
359
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # dns cache fwd enable
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache max-ncache-ttl
Description Syntax Parameters Usage Example Product Related Topics Sets maximum time a negative response may be cached. [no] dns cache max-ncache-ttl <seconds> <seconds> Specify the number of seconds a negative response caches. The range is 22592000. The default value is 10800.
The no command option resets the value to the default.
amnesiac (config) # dns cache max-ncache-ttl 12
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache max-ttl
Description Syntax Parameters Usage Example Product Related Topics Sets the maximum time a response can be cached. [no] dns cache max-ttl <seconds> <seconds> Specify the number of seconds a response caches. The range is 2-2592000. The default value is 604800.
The no command option resets the value to the default.
amnesiac (config) # dns cache max-ttl 12
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache min-ncache-ttl
Description Syntax Parameters Usage Sets minimum time that a negative response may be cached. [no] dns cache min-ncache-ttl <seconds> <seconds> Specify the number of seconds a negative response to be cached. The range is 0604800. The default value is 0.
The no command option resets the value to the default.
360
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # dns cache min-ncache-ttl 2
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache min-ttl
Description Syntax Parameters Usage Example Product Related Topics Sets the minimum time that a response can be cached. [no] dns cache min-ttl <seconds> <seconds> Specify the minimum number of seconds that a response can be cached. The default value is 0.
The no command option resets the value to the default.
amnesiac (config) # dns cache min-ttl 2
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache size
Description Syntax Parameters Usage Example Product Related Topics Sets size of DNS cache in bytes. [no] dns cache size <bytes> <bytes> Specify the size of the DNS cache in bytes. The bounds are 524288 and 2097152.
The no command option resets the value to the default.
amnesiac (config) # dns cache size 2097152
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns enable
Description Enables a DNS server. Forwards name resolution requests to a DNS name server, then stores the address information locally in the Steelhead appliance. By default, the requests go to the root name servers, unless you specify another name server. [no] dns enable None
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
361
Configuration-Mode Commands
Usage
A DNS name server resolves hostnames to IP addresses and stores them locally in a single Steelhead appliance. Any time your browser requests a URL, it first looks in the local cache to see if it is there before querying the external name server. If it finds the resolved URL locally, it uses that IP. Hosting the DNS name server function provides: Improved performance for web applications by saving the round trips previously needed to resolve names. Whenever the name server receives address information for another host or domain, it stores that information for a specified period of time. That way, if it receives another name resolution request for that host or domain, the name server has the address information ready, and does not need to send another request across the WAN. Improved performance for services by saving round trips previously required for updates. Continuous DNS service locally when the WAN is disconnected, with no local administration needed, eliminating the need for DNS servers at branch offices. The no command option disables a DNS server.
Example Product Related Topics
amnesiac (config) # dns enable
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns forwarder
Description Syntax Parameters Sets DNS forwarding name servers. dns forwarder add <IP address> [idx <index>] | move <integer> to <integer> | remove <integer> to <integer> add <IP address> [idx <index>] Specify the IP address of the forwarder. A forwarder is a DNS server to which the Steelhead appliance caching-name server will forward requests. To set the idx index: Specify the order that the Steelhead appliance contacts forwarders. The Steelhead appliance first sends a request to the forwarder with index 0, next to the forwarder with index 1, and so forth. move <integer> to <integer> remove <integer> to <integer> Usage Example Product Related Topics Specify the ID in the form of an integer. The integer indicates the positions on the list. Specify the ID in the form of an integer. The integer indicates the positions on the list.
You can also access this command from enable-mode.
amnesiac (config) # dns forwarder add 10.0.0.0
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
362
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
dns forwarder enable
Description Syntax Parameters Usage Example Product Related Topics Sets the ID of forwarder IP address to enable. [no] dns forwarder enable <integer> <integer> Specify the ID in the form of an integer. The integer indicates the positions on the list.
The no command option disables use of the forwarder with the specified index.
amnesiac (config) # dns forwarder enable 2
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-fail-count
Description Syntax Parameters Sets the number of consecutive dropped requests until a forwarder is considered down. [no] dns fwd-fail-count <requests> <requests> Specify the number of dropped requests before a forwarder is considered down. When both the specified number of requests to the forwarder have been dropped and all requests have been dropped for the amount of time specified by dns fwd-fail-time, a forwarder is considered down.
Usage Example Product Related Topics
The no command option resets the value to the default.
amnesiac (config) # dns fwd-fail-count 12
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-fail-dtxn enable
Description Syntax Parameters Usage Example Product Related Topics Enable this option to detect unresponsive forwarders and request responses from them only after trying responsive forwarders. [no] dns fwd-fail-dtxn enable None The no command option resets the value to the default.
amnesiac (config) # dns fwd-fail-dtxn enable
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
Riverbed Command-Line Interface Reference Manual
363
Configuration-Mode Commands
dns fwd-fail-time
Description Syntax Parameters Usage Example Product Related Topics Sets the number of consecutive seconds of no response from a forwarder until it is considered down. [no] dns fwd-fail-time <seconds> <seconds> Specify the number of seconds for non-response from a forwarder.
The no command option resets the value to the default.
amnesiac (config) # dns fwd-fail-time 12
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-tm-staydown
Description Syntax Parameters Usage Example Product Related Topics Sets the number of seconds that a forwarder is considered down before it is considered up again. [no] dns fwd-tm-staydown <seconds> <seconds> Specify the number of seconds of down time for the forwarder.
The no command option resets the value to the default.
amnesiac (config) # dns fwd-tm-staydown 12
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns interface
Description Syntax Parameters Sets the interfaces on which DNS is enabled. dns interface {add <interface> | remove <interface>} add <interface> remove <interface> Example Product Related Topics Specify the name of the interface. Specify the name of the interface.
amnesiac (config) # dns interface add aux
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
364
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
dns root-fallback enable
Description Syntax Parameters Usage Example Product Related Topics Sets the use of root of name servers. [no] dns root-fallback enable None The no command option disables the use of root of name servers.
amnesiac (config) # dns root-fallback enable
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
Domain and Workgroup Commands
This section describes the Domain and Workgroup commands. The domain commands apply to the following features:
SMB signing delegation trust for CIFS optimizations. For SMB signing commands, see SMB Signing Commands on page 259. MAPI 2007 encrypted traffic optimization authentication. For detailed information, see MAPI Support Commands on page 271. PFS. For detailed information, see PFS Support Commands on page 239 or the Steelhead Central Management Console Users Guide.
domain cancel-event
Description Syntax Parameters Example Product Related Topics Cancels domain action domain cancel-event None
amnesiac (config) # domain cancel-event
Steelhead appliance show domain
domain check
Description Syntax Parameters Require domain check on start up. [no] domain check None
Riverbed Command-Line Interface Reference Manual
365
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # domain check
Steelhead appliance show domain
domain join
Description Syntax Parameters Configure a Windows domain. domain join {domain-name <name> login <login> password <password> [short-name <name> | dc-list <dc-list> [short-name <name>]]} domain-name <name> Specify the domain in which to make the Steelhead appliance a member. Typically, this is your company domain name. RiOS v5.5 supports Windows 2000 or later domains. Note: RiOS does not support non-domain accounts other than administrator accounts. If you create Local mode shares on a non-administrator account, your security permissions for the share are not preserved on the origin-file server. login <login> password <password> short-name <name> dc-list <dclist> Specify the Administrator login for the domain. Specify the Administrator password for the domain. Specify a short domain name. Typically, the short domain name is a sub-string of the realm. In rare situations, this is not the case, and you must explicitly specify it. Optionally, specify the Domain Controllers (hosts) that provides user login service in the domain. (Typically, with Windows 2000 Active Directory Service domains, given a domain name, the system automatically retrieves the DC name.) Note: If you specify the domain controller name in high latency situations, it reduces the time to join domain significantly.
366
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
A server-side Steelhead appliance can join a Windows domain or Local Workgroup. You configure the Steelhead appliance to join a Windows domain (typically, the domain of your company) for PFS, SMB signing, and MAPI 2007 encrypted traffic optimization authentication. When you configure the Steelhead appliance to join a Windows domain, you do not have to manage local accounts in the branch office, as you do in Local Workgroup mode. Domain mode allows a Domain Controller (DC) to authenticate users. TheSteelhead appliance must be configured as a Member Server in the Windows 2000, or later, Active Directory Services (ADS) domain. Domain users are allowed to access the PFS shares, use the Kerberos delegation trust facility and/or NTLM environments for MAPI 2007 encryption or SMB Signing, based on the access permission settings provided for each user. Data volumes at the data center are configured explicitly on the proxy-file server and are served locally by the Steelhead appliance. As part of the configuration, the data volume and ACLs from the origin-file server are copied to the Steelhead appliance. RiOS allocates a portion of the Steelhead appliance data store for users to access as a network file system. Before enabling Domain mode make sure you: configure the DNS server correctly. The configured DNS server must be the same DNS server to which all the Windows client computers point. To use SMB signing, the server-side Steelhead appliance must be in DNS. have a fully-qualified domain name. This domain name must be the domain name for which all the Windows desktop computers are configured. set the owner of all files and folders in all remote paths to a domain account and not a local account. Note: PFS only supports domain accounts on the origin-file server; PFS does not support local accounts on the origin-file server. During an initial copy from the origin-file server to the PFS Steelhead appliance, if PFS encounters a file or folder with permissions for both domain and local accounts, only the domain account permissions are preserved on the Steelhead appliance. For detailed information about domains and PFS, see the Steelhead Management Console Users Guide.
Example Product Related Topics
amnesiac (config) # domain join domain-name mydomain login myname password mypassword
Steelhead appliance show domain
domain leave
Description Syntax Parameters Example Product Related Topics Leave a domain. domain leave None
amnesiac (config) # domain leave
Steelhead appliance show domain
Riverbed Command-Line Interface Reference Manual
367
Configuration-Mode Commands
domain rejoin
Description Syntax Parameters Configure a domain. domain rejoin {login <login> password <password> [short-name <name>] | dc-list <dc-list> [short-name <name>]} login <login> Specify the domain login.
password <password> short-name <name> dc-list <dclist> Example Product Related Topics
Specify the domain password.
Specify a short domain name. Typically, the short domain name is a sub-string of the realm. In rare situations, this is not the case, and you must explicitly specify it. Specify a Domain Controller list separated by commas.
amnesiac (config) # domain join domain-name mydomain login myname password mypassword
Steelhead appliance show domain
domain require
Description Syntax Parameters Example Product Related Topics Require a domain. [no] domain require None
amnesiac (config) # domain require
Steelhead appliance show domain
workgroup account add
Description Syntax Parameters Add a local user to the Local Workgroup. workgroup account add username <local user> password <password> username <local user> password <password> Specify a local user name for the Local Workgroup. Specify a local password for the Local Workgroup.
368
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # workgroup account add username myuser password mypass
Steelhead appliance show workgroup account, show workgroup configuration, show workgroup status
workgroup account modify
Description Syntax Parameters Modify local user settings for the Local Workgroup. workgroup account modify username <local user> password <password> username <local user> password <password> Example Product Related Topics Specify a local user name for the Local Workgroup. Specify a local password for the Local Workgroup.
amnesiac (config) # workgroup account modify username myuser password userpass
Steelhead appliance show workgroup account, show workgroup configuration, show workgroup status
workgroup account remove
Description Syntax Parameters Remove local user for the Local Workgroup. workgroup account remove username <local user> password <password> username <local user> password <password> Example Product Related Topics Specify a local user name for the domain. Specify a local password for the domain.
amnesiac (config) # workgroup account remove username myuser password userpass
Steelhead appliance show workgroup account, show workgroup configuration, show workgroup status
Riverbed Command-Line Interface Reference Manual
369
Configuration-Mode Commands
workgroup join
Description Syntax Parameters Join a Windows Local Workgroup. workgroup join <workgroup> <workgroup> Specify the name of the Local Workgroup you want to join. If you configure in Local Workgroup mode the Steelhead appliance does not need to join a domain. Local Workgroup accounts are used by clients when they connect to the Steelhead appliance. Note: PFS, MAPI 2007, or SMB signing must be enabled and Local Workgroup Settings must be selected before you can set the Workgroup Name. After you have set a Workgroup Name, click Join. Usage In Local Workgroup mode, you define a workgroup and add individual users that have access to the Steelhead appliance. The Steelhead appliance does not join a Windows domain. Use Local Workgroup mode in environments where you do not want the Steelhead appliance to be a part of a Windows domain. Creating a workgroup eliminates the need to join a Windows domain and simplifies the configuration process. Note: If you use Local Workgroup mode you must manage the accounts and permissions for the branch office on the Steelhead appliance. The Local Workgroup account permissions might not match the permissions on the origin-file server. Example Product Related Topics
amnesiac (config) # workgroup join myworkgroup
Steelhead appliance show workgroup account, show workgroup configuration, show workgroup status
workgroup leave
Description Syntax Parameters Example Product Related Topics Leave a Windows Workgroup. workgroup leave None
amnesiac (config) # workgroup leave
Steelhead appliance show workgroup account, show workgroup configuration, show workgroup status
Job Commands
This section describes commands for running jobs in the system.
370
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
job
Description Syntax Parameters Schedules CLI command execution for a specified time in the future. [no] job <job-id> command <sequence #> <cli-command> <job-id> <sequence #> Specify the job identification number. Specify the sequence number for job execution. The sequence number is an integer that controls the order in which a CLI command is executed. CLI commands are executed from the smallest to the largest sequence number. Specify the CLI command. For more than one command, enclose in doublequotes. If a single command, double-quotes are not necessary.
<cli-command> Usage
A job includes a set of CLI commands and a time when the job runs. Jobs are run one time only, but they can be reused. Any number of CLI commands can be specified with a job and are executed in an order specified by sequence numbers. If a CLI command in the sequence fails, no further commands in the job are executed. A job can have an empty set of CLI commands. The output of all commands executed are saved to a file in a specified directory. The output of each command is simply appended to the file. The job output and any error messages are saved. Jobs can be canceled and rescheduled. The no job <job-id> command <sequence #> command option deletes the CLI command from the job. The no job <job-id> command option removes all statistics associated with the specified job. If the job has not executed, the timer event is canceled. If the job was executed, the results are deleted along with the job statistics.
Example
amnesiac (config) #job 10 command 1 show info amnesiac (config) #job 10 command 2 show connections amnesiac (config) #job 10 command 3 show version
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance show legacy-rsp
job comment
Description Syntax Parameters Adds a comment to the job for display when show jobs is run. [no] job <job-id> comment <job-id> <comment> Usage Example Product Related Topics Specify the job identification number. Specify the comment for the job.
The no command option deletes the comment.
amnesiac (config) # job 10 comment this is a test
CMC appliance, Interceptor appliance, Steelhead appliance show legacy-rsp
Riverbed Command-Line Interface Reference Manual
371
Configuration-Mode Commands
job date-time
Description Syntax Parameters Sets the date and time for the job to execute. [no] job <job-id> date-time-pairs <hh>: <mm> [<ss>] | [<date>] <job-id> <hh>: <mm> [<ss>] [<date>] Specify the job identification number. Specify the date and time for the job to execute. An hour and minute must be specified; optionally, you can specify seconds or the date.
Usage
If the time specified is in the past, the job does not execute and is in the inactive state. An hour and minute must be specified; optionally, you can specify seconds or the date. The no command option disables the date and time settings.
Example Product Related Topics
amnesiac (config) # job 10 date-time-pairs 04:30:23
CMC appliance, Interceptor appliance, Steelhead appliance show legacy-rsp
job enable
Description Syntax Parameters Usage Example Product Related Topics Enables a CLI command job to execute at the date and time specified in the job. [no] job <job-id> enable <job-id> Specify the job identification number.
The no command option disables jobs.
amnesiac (config) # job 10 enable
CMC appliance, Interceptor appliance, Steelhead appliance show legacy-rsp
job execute
Description Syntax Parameters Usage Forces an immediate execution of a job. The timer (if set) is canceled, and the job is moved to the completed state. job <job-id> execute <job-id> Specify the job identification number.
You can also access this command from enable-mode.
372
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # job 10 execute
CMC appliance, Interceptor appliance, Steelhead appliance show legacy-rsp
job fail-continue
Description Syntax Parameters Usage Example Related Topics Execute all commands in a job even if a command in the sequence fails. [no] job <job-id> fail-continue <job-id> Specify the job identification number.
The no command option disables this command.
amnesiac (config) # job 10 fail-continue
show legacy-rsp
job name
Description Syntax Parameters Specify a name for the job. [no] job <job-id> name <friendly-name> <job-id> <friendly-name> Usage Example Related Topics Specify the job identification number. Specify a name for the job.
The no command option deletes the job name.
amnesiac (config) # job 10 name myjob
show legacy-rsp
job recurring
Description Syntax Parameters Specify the frequency with which to recurrently execute this job. [no] job <job-id> recurring <seconds> <job-id> <seconds> Example Related Topics Specify the job identification number. Specify how frequently the recurring job should execute.
amnesiac (config) # job 10 recurring 36000
show legacy-rsp
Riverbed Command-Line Interface Reference Manual
373
Configuration-Mode Commands
Generating Debugging Reports
This section describes how to generate reports to debug the system.
debug generate dump
Description Syntax Parameters Generates a report you can use to diagnose misconfiguration in deployments. debug generate dump [full | brief | stats] full brief stats Example Product Related Topics Generates a full system dump. Generates a brief system dump. Generates a full system dump including .dat files.
amnesiac (config) # debug generate dump brief
Steelhead appliance CMC appliance Interceptor appliance
RiOS TCP Dump Commands
Raid Commands
This section describes the RAID commands.
raid alarm silence
Description Syntax Parameters Example Product Related Topics Silence RAID alarm. raid alarm silence None
amnesiac (config) # raid alarm silence
Steelhead appliance show raid info
raid swraid add-disk
Description Syntax Parameters Adds a failed disk back into the system of RAID arrays. raid swraid add-disk None
374
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # raid swraid add-disk
Steelhead appliance show raid info
raid swraid fail-disk
Description Syntax Parameters Example Product Related Topics Configures fail setting on a RAID disk. raid swraid fail-disk <disk> <disk> Specify the RAID disk as failed.
amnesiac (config) # raid swraid fail-disk 1
Steelhead appliance show raid info
raid swraid get-rate
Description Syntax Parameters Example Product Related Topics Display RAID rebuild rate. raid swraid get-rate None
amnesiac (config) # raid swraid get-rate 40000
Steelhead appliance show raid info
raid swraid mdadm
Description Syntax Parameters Example Product Related Topics Display the output from /proc/mdstat. raid swraid mdadm None
amnesiac (config) # raid swraid mdadm 40000
Steelhead appliance show raid info
Riverbed Command-Line Interface Reference Manual
375
Configuration-Mode Commands
raid swraid mstat
Description Syntax Parameters Example Product Related Topics Display the output from /proc/mdstat. raid swraid mstat None
amnesiac (config) # raid swraid mstat 40000
Steelhead appliance show raid info
raid swraid set-rate
Description Syntax Parameters Example Product Related Topics Set RAID rebuild rate. raid swraid set-rate <rate> <rate> Specify rebuild rate as # of MBs or: fast_rebuild, slow_rebuild, or normal.
amnesiac (config) # raid swraid set-rate fast_rebuild 40000
Steelhead appliance show raid info
Top Talkers Commands
This sections describes Top Talkers commands.
stats settings top-talkers enable
Description Enables Top Talkers statistics for most active traffic flows. A traffic flow consists of data sent and received from a single source IP address and port number to a single destination IP address and port number over the same protocol. stats settings top-talkers enable None
Syntax Parameters
376
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
The most active, heaviest users of WAN bandwidth are called the Top Talkers. A Netflow collector identifies the top consumers of the available WAN capacity (the top 50 by default) and displays them in the Top Talkers report. Collecting statistics on the Top Talkers provides visibility into WAN traffic without applying an in-path rule to enable a WAN visibility mode. You can analyze the Top Talkers for accounting, security, troubleshooting, and capacity planning purposes. The collector gathers statistics on the top talkers based on the proportion of WAN bandwidth consumed by the top hosts, applications, and host and application pair conversations. The statistics track pass-through or optimized traffic, or both. Data includes TCP or UDP traffic, or both (configurable on the Top Talkers report page). You must enable Netflow Export (ip flow-export enable) before you enable Top Talkers. Enabling Top Talkers automatically sets the Active Flow Timeout (ip flow-setting active_to) to 60 seconds. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # stats settings top-talkers enable
Steelhead appliance show stats top-talkers
stats settings top-talkers interval
Description Syntax Parameters Example Product Related Topics Enables Top Talkers collection period. stats settings top-talkers interval <interval> interval <hours> Specify the interval: 24 or 48 hours.
amnesiac (config) # stats settings top-talkers interval 24
Steelhead appliance show stats top-talkers
Interceptor Appliance Feature Commands
This section describes commands you use to configure Interceptor appliance features.
Important: You must also set up the host and networking configuration, configure in-path interfaces, and configure inpath rules for deployments that use the Interceptor appliance for load-balancing. These commands are common to the Steelhead appliance and Interceptor appliance. For detailed information, see the previous sections of this chapter.
Riverbed Command-Line Interface Reference Manual
377
Configuration-Mode Commands
Load-Balancing Commands
This section describes the load-balancing commands.
load balance move-rule
Description Syntax Parameters Example Product Related Topics Moves the order of the rule in the rule list to the specified number. load balance move-rule rulenum <rulenum> to <rulenum> rulenum <rulenum> to <rulenum> Specify the rule number to be moved and where to move it.
amnesiac (config) # load balance move-rule rulenum 9 to 5
Interceptor appliance show load balance rules
load balance rule pass
Description Creates load balancing pass-through rule. Configure rules of this type as a second-preference rule for cases where you would like to optimize when connections are available on specified targets, but, in the event targets have reached Admission Control capacity, you would rather pass-through than tax the auto-balance pool. For example, you might use pass-through rules to handle HTTP traffic on port 80. load balance rule pass [dest <subnet>/<mask> dest-port <port>] | [description <string>] | [peer <ip-addr> [any | probe-only| non-probe]] | [rulenum <rulenum>] | [src <subnet>/ <mask>] | [vlan <vlan number>] [dest <subnet>/<mask>] [dest-port <port>] [description <string>] [peer <ip-addr> [any | probe-only | non-probe]] Specify the IP address for the destination subnet. Use the following format: XXX.XXX.XXX.XXX/XX Specify the destination port number or port label. Specify a description of the rule. Specify the peer IP address to apply pass-through loadbalancing rules to this IP address only. Optionally, specify one of the following pass-through load-balancing peer options: any. Applies the pass-through rule to any SYN packet and probe. probe-only. Applies the pass-through rule to any probes from any router. non-probe. Applies the pass-through rule to any SYN packet without a probe. [rulenum <rulenum>] [src <subnet>/<mask>] [vlan <vlan-number>] Specify the rule number to insert the pass-through loadbalancing rule before. Specify the IP address for the source network. Use the following format: XXX.XXX.XXX.XXX/XX Specify the VLAN tag Identification Number (ID).
Syntax
Parameter
378
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Load-balancing rules define the characteristics by which traffic is selected for load balancing and the availability of LAN-side Steelhead appliance for such traffic. Typically, your rules list should: Account for traffic over all subnets and ports that have been selected for redirection. Account for all Steelhead appliances you have configured as neighbor peers to be targets of redirect rules or reserved for the automatic load-balancing rule. If a neighbor Steelhead appliance is specified as a target for a rule, it is reserved for traffic that matches that rule and is not available to the pool used for automatic load-balancing. If a neighbor Steelhead appliance is not specified as a target for a rule, it is available for automatic load balancing. Account for second-preference cases where you would rather pass-through traffic than tax the autoload-balancing pool. The Interceptor appliance processes load-balancing rules as follows: 1. Redirect rule matches and target Steelhead appliance available: Redirect to a target appliance according to the load balancing algorithm. 2. Redirect rule matches but none of the target Steelhead appliances for the rules are available: Consults the next rule in list. 3. Pass-through rule matches: Pass-through, traversing Riverbed routes but unoptimized. 4. Redirect rule matches but no capacity and does not match a pass-through rule: Automatically balances load among neighbor Steelhead appliances not reserved by other rules. 5. No rules match or no rules specified, target Steelhead appliances are chosen based on the following rules: Peer Affinity. Prefers a target Steelhead appliance that has had a previous connection with the source Steelhead appliance. Least Connections. If more than one target Steelhead appliance has peer affinity, the connection is redirected to one that has the least current connections. No Peer Affinity. If no Steelhead appliance has peer affinity, the connection is redirected to the Steelhead appliance with the least current connections.
Example Product Related Topics
amnesiac (config) # load balance rule pass src 10.0.0.0/16 dest 10.0.0.1/16 destport 1240 rulenum 3 description test vlan 12
Interceptor appliance show load balance rules
Riverbed Command-Line Interface Reference Manual
379
Configuration-Mode Commands
load balance rule redirect
Description Syntax Creates load balancing redirect rules. load balance rule redirect [addrs <ip>] | [src <subnet>/<mask>] | [dest <subnet>/<mask> destport <port>] | [peer <ip-addr> [any | probe-only | non-probe]] | [[rulenum <rulenum>] | [description <string>] | [vlan <vlan number>] [addrs <ip>] Specify a comma-separated list of Steelhead appliance IP addresses to which traffic may be redirected. (Specify the IP address for the Steelhead inpath0_0 interface.) If a rule matches, connections are redirected to a Steelhead appliance in the list according to the load balancing algorithm. Note: This parameter is not required for rules of type pass. Note: You must also configure Interceptor-to-Steelhead appliance communication and Steelhead appliance-toInterceptor communication for peering between appliances. For detailed information, see in-path neighbor interface on page 382. [src <subnet>/<mask>] [dest <subnet>/<mask>] [dest-port <port>] [peer <ip-addr> [any | probe-only | non-probe]] Specify the IP address for the source network. Use the following format: XXX.XXX.XXX.XXX/XX. Specify the IP address for the destination network. Use the following format: XXX.XXX.XXX.XXX/XX. Specify a port number or port label. Specify the peer IP address to apply pass-through loadbalancing rules to this IP address only. Optionally, specify one of the following pass-through load-balancing peer options: any. Applies the pass-through rule to any SYN packet and probe. probe-only. Applies the pass-through rule to any probes from any router. non-probe. Applies the pass-through rule to any SYN packet without a probe. [rulenum <rulenum>] [description <string>] [vlan <vlan-number>] Specify the rule number to insert the pass-through loadbalancing rule before. Specify a description of the rule. Specify the VLAN tag Identification Number (ID).
Parameters
380
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Usage
Load-balancing rules define the characteristics by which traffic is selected for load balancing and the availability of LAN-side Steelhead appliance for such traffic. Typically, your rules list should: Account for traffic over all subnets and ports that have been selected for redirection. Account for all Steelhead appliances you have configured as neighbor peers to be targets of redirect rules or reserved for the automatic load-balancing rule. If a neighbor Steelhead appliance is specified as a target for a rule, it is reserved for traffic that matches that rule and is not available to the pool used for automatic load-balancing. If a neighbor Steelhead appliance is not specified as a target for a rule, it is available for automatic load balancing. Account for second-preference cases where you would rather pass-through traffic than tax the autoload-balancing pool. The Interceptor appliance processes load-balancing rules as follows: 1. Redirect rule matches and target Steelhead appliance available: Redirect to a target appliance according to the load balancing algorithm. 2. Redirect rule matches but none of the target Steelhead appliances for the rules are available: Consults the next rule in list. 3. Pass-through rule matches: Pass-through, traversing Riverbed routes but unoptimized. 4. Redirect rule matches but no capacity and does not match a pass-through rule: Automatically balances load among neighbor Steelhead appliances not reserved by other rules. 5. No rules match or no rules specified, target Steelhead appliances are chosen based on the following rules: Peer Affinity. Prefers a target Steelhead appliance that has had a previous connection with the source Steelhead appliance. If no Steelhead appliance has peer affinity, the connection is redirected to the Steelhead appliance with the least current connections. Least Connections. If more than one target Steelhead appliance has peer affinity, the connection is redirected to one that has the least current connections. No Peer Affinity. If no Steelhead appliance has peer affinity, the connection is redirected to the Steelhead appliance with the least current connections.
Example Product Related Topics
amnesiac (config) # load balance rule redirect src 10.0.0.0/16 dest 10.0.0.1/16 dest-port 1240 description test vlan 12 addrs 10.0.0.3,10.0.0.4,10.0.0.5
Interceptor appliance show peers
load balance rule edit rulenum
Description Syntax Parameters Edit the description of a rule previously created. load balance rule edit rulenum <num> description <desc> <num> <desc> Specify the rule number for which to edit the description. Specify the new description.
Riverbed Command-Line Interface Reference Manual
381
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # load balance rule edit rulenum 1 description Cluster1
Interceptor appliance show load balance rules
Interceptor Peering Support Commands
This section describes the Interceptor peering support commands.
in-path neighbor interface
Description Syntax Parameters Usage Specify the interface to use for Interceptor-to-Steelhead communication. in-path neighbor interface <iface> interface <iface> Specify the interface name.
Make sure you configure the Steelhead appliance to communicate with this Interceptor appliance on this interface when you configure Steelhead-to-Interceptor communication. Assume you want to configure peering between Interceptor A (with primary interface 10.10.10.1. inpath0_0 interface 10.10.10.2, inpath0_1 interface 10.10.10.3) and Steelhead Z (with primary interface 10.10.10.21, inpath0_0 10.10.10.22, inpath0_1 interface 10.10.10.23). 1. Log into the CLI for Interceptor A. 2. Specify which in-path interface on Interceptor A to use for Interceptor-to-Steelhead peering.
in-path neighbor interface inpath0_0
3. Add Steelhead Z as a peer by specifying the name and IP address for the Steelhead Z inpath0_0 interface.
in-path neighbor peer name shaZ main-ip 10.10.10.22
4. Log in to the CLI for Steelhead Z. 5. Enable the in-path interface, as shown in the following example:
in-path enable
6. Enable the out-of-path interface, as shown in the following example:
in-path oop enable
7. Enable peering, as shown in the following example:
in-path neighbor enable
8. Specify the neighbor name and main IP address, as shown in the following example:
in-path neighbor name interceptA main-ip 10.10.10.2
The no command option disables the interface. Example Product Related Topics
amnesiac (config) # in-path neighbor interface inpath0_0
Interceptor appliance show in-path neighbor
382
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
in-path neighbor peer name
Description Syntax Parameters Configures Interceptor-to-Steelhead peering communication. in-path neighbor peer name <name or ip> main-ip <ip-addr> [port <port>] [paused] <name> main-ip <ip-addr> port <port> paused Usage Example Product Related Topics Specify the hostname or IP address of the neighbor peer. Specify the main IP address of the redirect peer. Specify the corresponding port for the neighbor peer. The default value is 7850. Pauses communication with the peer neighbor.
The no command option disables the connection.
amnesiac (config) # in-path neighbor peer name 10.10.10.1 main-ip 10.10.10.1
Interceptor appliance show peers
in-path rule redirect
Description Adds a redirect rule to the in-path rules table. A redirect rule Specify the subnets and ports for traffic to be optimized by the Riverbed system. Syntax Parameters [no] in-path rule redirect src <subnet> dest <subnet> dest-port <port> [rulenum <num>] [vlan <vlan tag ID>] [description <description>] src <subnet> dest <subnet> destport <port> Specify the source subnet. For example: 1.2.3.4/32 Specify the destination subnet and port. For the network address, use the following format: XXX.XXX.XXX.XXX/XX For the port, you can specify a single port (number), a port label, or all to specify all ports. rulenum <rulenum> Specify the order in which the rule is consulted: 1-n or start or end. The list is reordered after you execute this command. For example, if your command Specify rulenum 3, then the new rule will be #3, the former #3 rule will be #4, and so forth. The start value Specify the rule to be the first rule and end Specify it to be the last rule. If you do not specify a rule number, the rule is added to the end of the list. vlan <vlan tag ID> description <description> Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged. Specify a description to facilitate communication about network administration.
Riverbed Command-Line Interface Reference Manual
383
Configuration-Mode Commands
Usage
The in-path rules table is a list of rules for determining how the Riverbed system handles network connection requests. The system either optimizes the traffic, passes it through unoptimized, discards the connection, or denies the connection. An in-path rule redirect command selects traffic to be optimized when your deployment includes Interceptor load balancing. The connections selected by the in-path rule redirect command are load-balanced according to rules you specify in the load-balance rules table. The Interceptor appliance evaluates rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. In general, filter traffic that is to be unoptimized, discarded, or denied before processing rules for traffic that is to be optimized. For example, order rules as follows: 1. Pass-through. 2. Discard. 3. Deny. 4. Redirect. The default rule, Redirect All (all remaining traffic), is listed automatically and should be ordered last. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>
Example Product Related Topics
amnesiac (config) # in-path rule redirect src 10.10.10.1/32 port 2121 dest 10.24.24.24.1/32 dest-port rulenum 5
Interceptor appliance show in-path neighbor peers
redirect allow-failure
Description Syntax Parameters Usage Allows failure in active-passive Interceptor appliance deployments. [no] redirect allow-failure None Run this command on all Interceptor appliances on the active and passive links. You must also run the command in-path neighbor allow-failure on all Steelhead appliances that point to the Interceptor appliances on which you ran this command. The no command option disables the command. Example Product Related Topics
amnesiac (config) # redirect allow-failure
Interceptor appliance show redirect
384
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
redirect interface
Description Syntax Parameters Configures the redirect interface. redirect interface <iface> <iface> Specify the name of the interface the appliance uses to communicate with peer Interceptor appliances. Your selection must be implemented system-wide. For example, if you decide for Interceptor A to use inpath0_0, you must specify inpath0_0 when you run this command on Interceptor B and any other Interceptor appliance in your deployment.
Example Product Related Topics
amnesiac (config) # redirect interface inpath0_0 You must restart the service for your changes to take effect.
Interceptor appliance show redirect
redirect peer name
Description Syntax Parameters Configures a redirect peer. redirect peer name addr <ip> port <port> name <host or ip> Specify the hostname or IP address for a redirect-peer Interceptor appliance in-path interface. This is the interface you set when you run the redirect interface command on the peer Interceptor appliance. Use the following format: 0.0.0.0. Specify an additional IP address for this redirect peer. Specify the main IP address of the redirect peer. Specify the corresponding port for the redirect peer. The default is 7860.
additional-ip <ip-addr> main-ip <ip-addr> port <port> Usage
The no command option disables the connection to the peer Interceptor appliance. Assume you want to configure peering between Interceptor A (with primary interface 10.10.10.1. inpath0_0 interface 10.10.10.2, inpath0_1 interface 10.10.10.3) and Interceptor B (with primary interface 10.10.10.11, inpath0_0 10.10.10.12, inpath0_1 interface 10.10.10.13). 1. Log into the CLI for Interceptor A. 2. Specify which in-path interface on Interceptor A to use for Interceptor-to-Interceptor peering.
redirect interface inpath0_0
3. Add Interceptor B as a peer by specifying the IP address for the Interceptor B inpath0_0 interface.
redirect peer name interceptB main-ip 10.10.10.12
4. Next, log into the CLI for Interceptor B. 5. Specify the Interceptor B interface to use for Interceptor-to-Interceptor peering:
redirect interface inpath0_0
6. Add Interceptor A as a peer by specify the IP address for the Interceptor A inpath0_0 interface:
redirect peer name interceptA main-ip 10.10.10.2
Riverbed Command-Line Interface Reference Manual
385
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # redirect peer name blah main-ip 10.10.10.1
Interceptor appliance show in-path neighbor peers
Displaying Interceptor Settings
This section describes the commands for displaying Interceptor appliance settings. Most of the Steelhead appliance show commands are also available in the Interceptor appliance. For detailed information, see Chapter 2, User-Mode Commands.
show conn-trace
Description Syntax Parameters Displays connection tracing status. show conn-trace {[condition srcaddr <ip-addr> srcport <port> dstaddr <ip-addr> dstaddr <ipaddr> vlan <vlanid>] | rule | summary} condition srcaddr <ipaddr> srcport <port> dstaddr <ipaddr> dstaddr <ipaddr> vlan <vlanid> rule summary Example Displays tracing details of one connection. Specify the source IP address, and optionally, source port, for this connection.
Specify the destination IP address, and optionally, destination port, for this connection.
Specify the VLAN ID for this connection. Displays connection tracing rules. Displays connection tracing summary.
amnesiac > show conn-trace summary Abbreviations: r#: rule matched, O: owner, R: remote, L: local time created r# source ip:port destination ip:port
vlan
O state
Product Related Topics
Interceptor appliance Interceptor Peering Support Commands
show in-path interfaces
Description Syntax Parameters Displays a list of appliance interfaces, indicates whether or not they are currently enabled, and displays the VLAN tag (displays 0 if VLAN is disabled). show in-path interfaces None
386
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
amnesiac > show in-path interfaces In-Path Interface(s): inpath0_0: enabled vlan: 0 inpath0_1: disabled vlan: 0 inpath1_0: disabled vlan: 0 inpath1_1: disabled vlan: 0 inpath2_0: disabled vlan: 0 inpath2_1: disabled vlan: 0
Product Related Topics
Interceptor appliance Interceptor Peering Support Commands
show in-path neighbor peers
Description Syntax Parameters Displays in-path neighbor peers. show in-path neighbor peers {brief | configured] brief configured Displays in-path neighbor peers. Displays configured in-path neighbor peers.
Riverbed Command-Line Interface Reference Manual
387
Configuration-Mode Commands
Example
amnesiac > show in-path neighbor peers brief Neighbor 1: IP Address: 172.0.234.2 Version: 5.0.7 Last Reconnect: 2009/01/20 12:54:20 IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: Neighbor 2: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20
172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11
Product Related Topics
Interceptor appliance Interceptor Peering Support Commands
show load balance rules
Description Syntax Parameters Displays load balancing settings. show load balance rules None
388
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example
amnesiac > show # Type --- ----------1 redirect
load balance rules Source Destination VLAN Target(s) ----------------- ----------------- ---- --------------all all all 172.0.245.3 172.0.245.2 Port: all Peer: Any all Port: all Peer: Any all all 172.0.245.2
redirect
def auto
all all all auto Port: all Peer: Any -----------------------------------------------------------------------------2 user added rule(s) amnesiac >
Product Related Topics
Interceptor appliance Load-Balancing Commands
show redirect
Description Syntax Parameters Example Displays the interface the appliance uses to communicate with peers. show redirect None
amnesiac Redirect Multiple Optimize amnesiac > show redirect Interface: inpath0_0 Interface Support: yes Connections When Peer Interceptor Not Connected: no >
Product Related Topics
Interceptor appliance Load-Balancing Commands
show redirect peers
Description Displays status of redirect peers. Redirect Peers include Interceptor appliances deployed in parallel to cover asymmetric routing, as well as an Interceptor appliance that functions as a failover buddy. show redirect peers [configured] [brief] configured brief Specify this option to display only a list of configured peers. Specify this option to display only brief status of peer connections.
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
389
Configuration-Mode Commands
Example
amnesiac > show redirect Peer -----------------------gen1-sh124
peers Version ------------2.0.0-rc Interface(s): Interface(s):
perf1-int8
Backup --------------------255.255.255.255:0 172.0.188.3:7860 172.0.187.3:32775 172.0.188.3:32778 2.0.0-rc 255.255.255.255:0 Interface(s): 172.0.189.2:7860 Interface(s): 172.0.229.2:32777
Last Reconnect ------------------2009/01/15 10:35:01 Active Connected Connected 2009/01/15 10:34:59 Active Connected
amnesiac >
Product Related Topics
Interceptor appliance Load-Balancing Commands
Central Management Console Feature Commands
This section describes the Central Management Console (CMC) commands that are unique to the CMC appliance. The majority of the Steelhead appliance CLI commands are also available in the CMC appliance, however Riverbed strongly recommends that you use the CMC GUI to configure the CMC appliance, CMC features, and remote Steelhead appliances that you are monitoring and configuring using the CMC.
cmc backup-config
Description Syntax Parameters Example Product Related Topics Back up the CMC configuration to the configured backup server. cmc backup-config <cr> | name <snapshot name> name <snapshot name> Specify the name of configuration snapshot.
amnesiac (config) # cmc backup-config
CMC appliance show cmc appliances, show cmc groups
cmc backup-stats
Description Syntax Parameters Example Back up statistics to the configured backup server. cmc backup-stats None
amnesiac (config) # cmc backup-stats
390
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Product Related Topics
CMC appliance show cmc appliances, show cmc groups
cmc reboot
Description Syntax Parameters Reboots an appliance or group cmc reboot [appliance <appliance>] | [group <group>] | [switch <no | yes>] appliance <appliance> group <group> switch <no | yes> Example Product Related Topics Specify the appliance name to reboot. Specify the group name to reboot. Specify yes to switch the boot partition before rebooting; specify no to note switch the boot partition before rebooting.
amnesiac (config) # cmc reboot gen-sh
CMC appliance show cmc appliances, show cmc groups
cmc restore-config name
Description Syntax Parameters Restore a backup configuration from the backup server. cmc restore-config name <name> <cr> | vault-pw <password> | omit-vault <name> vault-pw <password> omit-vault Example Product Related Topics Specify the name of configuration snapshot. Specify the password for backed up secure vault. Specify to omit restoration the secure vault.
amnesiac (config) # cmc restore-config name backup omit-vault
CMC appliance show cmc appliances, show cmc groups
cmc restore-stats
Description Syntax Parameters Example Restores statistics from the configured backup server. cmc restore-stats None
amnesiac (config) # cmc restore-config name backup omit-vault
Riverbed Command-Line Interface Reference Manual
391
Configuration-Mode Commands
Product Related Topics
CMC appliance show cmc appliances, show cmc groups
CMC Email Commands
This section describes the email commands for the CMC appliance.
cmc email notify appliance aggregate duration
Description Syntax Parameters Example Product Related Topics Configure settings for aggregating notifications into periodic emails. cmc email notify appliance aggregate duration <minutes> <minutes> Specify the number of minutes of aggregate appliance state notifications.
amnesiac (config) # cmc email notify appliance aggregate duration 5
CMC appliance show cmc appliances, show cmc groups
cmc email notify appliance aggregate enable
Description Syntax Parameters Example Product Related Topics Enable aggregating notifications into periodic emails. cmc email notify appliance aggregate enable None
amnesiac (config) # cmc email notify appliance aggregate enable
CMC appliance show cmc appliances, show cmc groups,
cmc email notify appliance enable
Description Syntax Parameters Example Enables appliance state notifications. cmc email notify appliance enable None
amnesiac (config) # cmc email notify appliance enable
392
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Product Related Topics
CMC appliance show cmc appliances, show cmc groups,
CMC Policy Commands
This section describes the policy commands for managing CMC policies.
cmc policy push appliance
Description Syntax Parameters Push a policy to an appliance or group. cmc policy push appliance <name> | [group <group>] | [restart-service] <name> group <group> restart-service Example Product Related Topics Specify the name of target appliance. Specify the group name. Specify to restart the optimization service, if needed.
amnesiac (config) # cmc policy push appliance gen-sh restart-service
CMC appliance show cmc appliances, show cmc groups
cmc policy push appliance
Description Syntax Parameters Push a policy to an appliance or group. cmc policy push appliance <name> | [group <group>] | [restart-service] <name> group <group> restart-service Example Product Related Topics Specify the name of target appliance. Specify the group name. Specify to restart the optimization service, if needed.
amnesiac (config) # cmc policy push appliance gen-sh restart-service
CMC appliance show cmc appliances, show cmc groups
cmc policy push group
Description Syntax Push a policy to an appliance or group. cmc policy push group <group> | [appliance <name>] | [restart-service]
Riverbed Command-Line Interface Reference Manual
393
Configuration-Mode Commands
Parameters
<group> appliance <name> restart-service
Specify the name of target group. Specify the appliance name. Specify to restart the optimization service, if needed.
Example Product Related Topics
amnesiac (config) # cmc policy push group mygroup restart-service
CMC appliance show cmc appliances, show cmc groups
CMC Send CLI Commands
This section describes the commands for sending CLI commands and operations to the Steelhead appliances in your network.
cmc send-cmd appliance
Description Syntax Parameters Push CLI commands to Steelhead appliances. cmc send-cmd appliance <name> | [group <group>] commands <CLI commands> <name> group <group> commands <CLI commands> Example Product Related Topics Specify the name of target appliance. Specify the group name. Specify the CLI commands to send. Use a semicolon ( ; ) to separate commands.
amnesiac (config) # cmc send-cmd appliance gen-sh job 12
CMC appliance show cmc appliances, show cmc groups
cmc send-cmd group
Description Syntax Parameters Push an operation to a Steelhead appliance. cmc send-cmd group <group> | [appliance <name> ] commands <CLI commands> <group> appliance <name> commands <CLI commands> Example Product Related Topics Specify the name of target group. Specify the appliance name. Specify the CLI commands to send. Use a semicolon ( ; ) to separate commands.
amnesiac (config) # cmc send-cmd group mygroup job 12
CMC appliance show cmc appliances, show cmc groups
394
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
cmc send-op appliance
Description Syntax Parameters Push an operation to a Steelhead appliance. cmc send-op appliance <name> | [group <group>] operation <operation> clean <group> appliance <name> operation <operation> clean Example Product Related Topics Specify the name of target group. Specify the appliance name. Specify the operation: reload, shutdown, start, stop, or restart Specify to perform a clean operation.
amnesiac (config) # cmc send-op appliance gen-sh operation restart
CMC appliance show cmc appliances, show cmc groups
cmc send-op group
Description Syntax Parameters Push an operation to a group of Steelhead appliances. cmc send-cmd group <group> | [appliance <name>] operation <operation> clean <group> appliance <name> operation <operation> clean Example Product Related Topics Specify the name of target group. Specify the appliance name. Specify the operation: reload, shutdown, start, stop, or restart Specify to perform a clean operation.
amnesiac (config) # cmc send-op group mygroup operation restart
CMC appliance show cmc appliances, show cmc groups
CMC Upgrade Commands
This section describes the commands for upgrading the CMC appliance and the Steelhead appliances in your network.
cmc upgrade abort
Description Syntax Aborts appliance upgrades; reboots operations in progress. cmc upgrade abort <cr> | [all active [appliance <ip-addr>| group <group name>]] | appliance <ip-addr> | group <group name>]
Riverbed Command-Line Interface Reference Manual
395
Configuration-Mode Commands
Parameters
[all active [appliance <ipaddr>| group <group name>]] appliance <serial number> group <group name>
Aborts all appliances or specified appliances and groups Specify the CMC appliance serial number. Specify the CMC appliance group name.
Example Product Related Topics
amnesiac (config) # cmc upgrade abort all active
CMC appliance show cmc appliances, show cmc groups
cmc upgrade appliance
Description Syntax Upgrades target appliances with new software. cmc upgrade appliance <serial number> <cr> [group <group name> <cr>] | image <image name>| image_url <image url> | stop_after [install | reboot]| transition <image name>| transitions_url <image url> appliance <serial number> <cr> | [group <group name> <cr>] image <image name> image_url stop_after [install | reboot] transition <image name> transition_url <image url> Example Product Related Topics Upgrades the specified appliance and group.
Parameters
Specify the image name. Specify the image URL Specify when (install or reboot) the upgrade should stop. Specify the 32-bit transition image. Specify the remote image to use as transition image.
amnesiac (config) # cmc upgrade appliance X67XR00007DC1 image rbt_sh 5.5.1h #58_18
CMC appliance show cmc appliances, show cmc groups
cmc upgrade auto
Description Syntax Parameters Enables automatic upgrades. [no] cmc upgrade auto i386 <image name> x86_64 <image name> image transition <image name> i386 <image name> x86_64 <image name> image transition <image name> Example Specify the image name to use for 32-bit appliances. Use double-quotes ( '' ) to unset. Specify the image name to use for 64-bit appliances. Use double-quotes ( '' ) to unset. Specify the 32-bit transition image.
amnesiac (config) # cmc upgrade auto 1386 rbt_sh 5.5.1h #58_18
396
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Product Related Topics
CMC appliance show cmc appliances, show cmc groups
cmc upgrade concurrent limit
Description Syntax Parameters Product Example Related Topics Configure concurrent upgrades. cmc upgrade concurrent limit <# of upgrades> <# of upgrades> CMC appliance
amnesiac (config) # cmc upgrade concurrent limit 10
Specify the maximum number of upgrades to process concurrently.
show cmc appliances, show cmc groups
cmc upgrade delete
Description Syntax Parameters Product Example Related Topics Delete an appliance image from the image library. cmc upgrade delete <image name> <image name> CMC appliance
amnesiac (config) # cmc upgrade delete rbt_sh 5.5.1h #58_18
Specify the software image name to delete.
show cmc appliances, show cmc groups
cmc upgrade fetch
Description Syntax Parameters Downloads an appliance image to the local image library. cmc upgrade fetch <http, ftp, or scp URL (e.g. scp://username:password@host/path)> <<http, ftp, or scp URL (e.g. scp:// username:pass word@host/ path)> CMC appliance
amnesiac (config) # cmc upgrade fetch scp://user:pass@server/path/to/image
Specify the HTTP, FTP or scp URL. For example, scp://user:pass@host/pathtoimage
Product Example Related Topics
show cmc appliances, show cmc groups
Riverbed Command-Line Interface Reference Manual
397
Configuration-Mode Commands
cmc upgrade timeout
Description Syntax Parameters Product Example Related Topics Configure a time-out period for upgrades. cmc upgrade timeout <minutes> <minutes> CMC appliance
amnesiac (config) # cmc upgrade timeout scp://user:pass@server/path/to/image
Specify to automatically stop upgrades that take longer than the time-out period.
show cmc appliances, show cmc groups
CMC Export Commands
This section describes the export commands for the CMC appliance.
export appliance
Description Syntax Parameters Exports appliance information for CMC managed appliances to a remote email address or SCP/ FTP location. export appliance to-email <email addr> html | csv | to-file <URL or scp://username:password@hostname/path/filename> html | csv to-email <email addr> html | csv to-file <URL or scp://username:password@hostname/path/ filename html | csv Example Product Related Topics Specify an email address, file format, and type of report to export. Specify a URL or SCP, file format, and type of report to export.
amnesiac (config) # export appliance to-email foo@bar html
CMC appliance export stats
export stats
Description Syntax Exports statistics information for CMC managed appliances to a remote email address or SCP/ FTP location. export stats <quoted list of groups separated by /> <period over which to export, in seconds> <granularity of the exported stat, in seconds> to-email <email addr> html | csv <bandwidth | throughput | data-reduction | conn-history | traffic-summary> | to-file <URL or scp:// username:password@hostname/path/filename> html | csv <bandwidth | throughput | datareduction | conn-history | traffic-summary> to-email <email addr> html | csv <bandwidth | throughput | data-reduction | conn-history | traffic-summary> Specify an email address, file format, and type of report to export.
Parameters
398
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
to-file <URL or scp html | csv <bandwidth | throughput | data-reduction | conn-history | traffic-summary Example Product Related Topics
Specify a URL or SCP, file format, and type of report to export.
amnesiac (config) # export stats "remoteappliance" 3600 60 to-email foo@bar html bandwidth
CMC appliance export appliance
Displaying CMC Data
This section describes the show commands that are unique the CMC appliance.
show cmc appliance
Description Syntax Parameters Example Displays settings for the specified CMC appliance. show cmc appliance <serial number> <serial number> Specify the serial number for the appliance.
amnesiac # show cmc appliance D22YM00XXXXXX CMC auto-registration enabled: yes CMC auto-registration hostname: riverbedcmc.nbttech.com Managed by CMC: yes CMC hostname: tsfe7 (10.0.2.1) Auto configuration status: Inactive Last message sent to cmc: Auto-registration Time that message was sent: Thu Nov 13 12:02:25 2008
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
show cmc appliances
Description Syntax Parameters Displays settings for all CMC appliances. show cmc appliances <cr> | detail detail Displays detailed information for all appliances.
Riverbed Command-Line Interface Reference Manual
399
Configuration-Mode Commands
Example
amnesiac # show cmc appliance D22YM00XXXXX Appliance T24GK00XXXXXX (10.1.11.1) Connected: Version: Model: Parent Group: Comment: Optimization Policy: Networking Policy: Security Policy: System Policy: Auto-configuration: Branch Managed: User-specified Address: Auto-registration Address: false false 10.1.11.1 10.1.11.1 false 3.0.11 Unknown Global
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
show cmc group
Description Syntax Parameters Example Displays the specified CMC appliance group settings. show cmc group <group name> <group name> Specify the group name.
amnesiac # show cmc group Global Group Global Parent Group: Comment: Optimization Policy: Networking Policy: Security Policy: System Policy: Appliances: T24GK00009C46
10.1.11.1
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
show cmc groups
Description Syntax Displays the specified CMC appliance group settings. show cmc groups <cr> | detail
400
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters Example
detail
Displays detailed information for CMC appliance groups.
amnesiac # show cmc groups Group Global Parent Group: Comment: Appliances:
T24GK000XXXXX
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
Steelhead Mobile Controller Feature Commands
This section describes the Steelhead Mobile Controller (Mobile Controller) commands that are unique to the Mobile Controller appliance. Riverbed strongly recommends that you use the Mobile Controller GUI to configure the Mobile Controller appliance and Mobile Controller features.
Acceleration Policy Commands
This section describes the acceleration policy commands that are available in configuration mode.
policy acceleration assignment adpath
Description Syntax Parameters Configures policy acceleration assignment by Active Directory path. [no] policy acceleration assignment adpath <ad path> policy_id <policy id> <ad path> policy_id <policy id> Usage Example Product Related Topics Specify the Active Directory Path. Specify the policy assignment for Deployment ID/
Use the no option of this command to remove the policy acceleration assignment by Active Directory Path.
amnesiac # no policy acceleration assignment adpath //path policy_id 1
Mobile Controller show policy acceleration assignments adpath
policy acceleration assignment adpath remove-all
Description Syntax Removes all the Active Directory path assignments. policy acceleration assignment adpath remove-all policy_id <policy id>
Riverbed Command-Line Interface Reference Manual
401
Configuration-Mode Commands
Parameters Example Product Related Topics
policy_id <policy id>
Specify the policy assignment for Deployment ID.
amnesiac # policy acceleration assignment adpath remove-all policy_id 1
Mobile Controller show policy acceleration assignments adpath
policy acceleration assignment depid
Description Syntax Parameters Configures policy acceleration assignment by Deployment ID. [no] policy acceleration assignment depid <deploy id> policy_id <policy id> depid <depid> policy_id <policy id> Usage Example Product Related Topics Specify the Deployment ID. Specify the policy assignment for Deployment ID/
Use the no option of this command to remove the policy acceleration assignment by Deployment ID.
amnesiac # no policy acceleration assignment depid 2566 policy_id 1
Mobile Controller show policy acceleration assignments depid
policy acceleration assignment depid remove-all
Description Syntax Parameters Example Product Related Topics Removes all the Deployment ID assignments policy acceleration assignment depid remove-all policy_id <policy id> policy_id <policy id> Specify the policy assignment for Deployment ID.
amnesiac # policy acceleration assignment depid remove-all policy_id 1
Mobile Controller show policy acceleration assignments depid
policy acceleration id <id> cifs
Description Syntax Configures CIFS settings. [no] policy acceleration id <id> | <number> cifs [dw-throttling enable | smb1-bckwd-comp enable]
402
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Parameters
<id> dwthrottling enable smb1bckwdcomp enable
Specify the policy name or number. Enables CIFS dynamic-write throttling.
Enables CIFS SMBv1 backward compatibility mode.
Usage Example Product Related Topics
Use the no option of this command to disable the find-first or hold-back option
amnesiac # no policy acceleration id 1 cifs findfirst-opt enable
Mobile Controller show policy acceleration id <id> cifs findfirst-opt, show policy acceleration id <id> cifs holdback-oopen,
policy acceleration id <id> mapi
Description Syntax Parameters Configures MAPI port remapping. [no] policy acceleration id <id> | <number> mapi port-remap enable <id> port-remap enable Usage Example Product Related Topics Specify the policy name or number. Enables MAPI port remapping.
Use the no option of this command to disable MAPI port remapping.
amnesiac # no policy acceleration id 1 mapi port-remap enable
Mobile Controller show policy acceleration id <id> mapi port-remap
policy acceleration id <id> notes
Description Syntax Parameters Configures Lotus Notes settings. [no] policy acceleration id <id> | <number> notes enable | port <lotus notes port number? <id> enable <lotus notes port number> Usage Example Specify the policy name or number. Enables Lotus Notes blade. Sets the Lotus Notes port number.+
Use the no option of this command to disables the Lotus Notes blade.
amnesiac # no policy acceleration id 1 notes enable
Riverbed Command-Line Interface Reference Manual
403
Configuration-Mode Commands
Product Related Topics
Mobile Controller show policy acceleration id <id> probe-tcp-opt
policy acceleration id <id> probe-tcp-opt
Description Syntax Parameters Sets the probe TCP option value. [no] policy acceleration id <id> | <number> probe-tcp-opt <probe tcp value> <id> <probe tcp value> Usage Example Product Related Topics Specify the policy name or number. Specify the probe TCP value.
Use the no option of this command to disable the probe TCP option.
amnesiac # no policy acceleration id 1 probe-tcp-opt 2
Mobile Controller show policy acceleration assignments adpath
Endpoint Information Commands
This section describes the endpoint information commands for the Mobile Controller.
adaptor info clear-all
Description Syntax Parameters Example Product Related Topics
Clears all adapter list information. adaptor info clear-all
None
amnesiac # adpator info clear-all
Mobile Controller show info
endpoint info clear-all
Description Syntax Parameters
Clears all endpoint list information. endpoint info clear-all
None
404
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
Example Product Related Topics
amnesiac # endpoint info clear-all
Mobile Controller show info
Endpoint Policy Commands
This section describes the endpoint policy commands for the Mobile Controller.
policy endpoint assignment adpath
Description Syntax Parameters Configures policy endpoint assignment by Active Directory path. [no] policy endpoint assignment adpath <ad path> policy_id <policy id> <ad path> policy_id <policy id> Usage Example Product Related Topics Specify the Active Directory path. Specify the policy name or number.
Use the no option of this command to remove the policy endpoint assignment by Active Directory Path.
amnesiac # no policy endpoint assignment adpath //path policy_id 1
Mobile Controller Package Commands
policy endpoint assignment adpath remove-all
Description Syntax Parameters Example Product Related Topics Removes all the Active Directory path assignments. policy endpoint assignment adpath remove-all policy_id <policy id> policy_id <policy id> Specify the policy ID.
amnesiac # policy endpoint assignment adpath remove-all policy_id 1
Mobile Controller Package Commands
policy endpoint assignment depid
Description Syntax Configures policy endpoint assignment by Deployment ID. [no] policy endpoint assignment depid <deploy id> policy_id <policy id>
Riverbed Command-Line Interface Reference Manual
405
Configuration-Mode Commands
Parameters
depid <depid> policy_id <policy id>
Specify the Deployment ID. Specify the policy assignment for Deployment ID/
Usage Example Product Related Topics
Use the no option of this command to remove the policy endpoint assignment by Deployment ID.
amnesiac # no policy endpoint assignment depid 2566 policy_id 1
Mobile Controller show policy endpoint assignments depid
policy endpoint assignment depid remove-all
Description Syntax Parameters Example Product Related Topics Removes all the Deployment ID assignments. policy endpoint assignment depid remove-all policy_id <policy id> policy_id <policy id> Specify the policy assignment for Deployment ID.
amnesiac # policy endpoint assignment depid remove-all policy_id 1
Mobile Controller show policy endpoint assignments depid
policy endpoint id <id> kickoff
Description Syntax Parameters Configures the kickoff process. [no] policy endpoint id <id> | <number> kickoff <process name> <id> <process name> Usage Example Product Related Topics Specify the policy name or number. Specify the kickoff process.
Use the no option of this command to disable the kickoff process.
amnesiac # no policy endpoint id 1 kickoff blah
Mobile Controller show policy endpoint id <id> kickoff processes
Package Commands
This section describes the package commands for the Mobile Controller.
406
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
package assignment adpath
Description Syntax Parameters Configures policy endpoint assignment by Active Directory path.
[no] package assignment adpath <ad path> policy_id <policy id>
<ad path> policy_id <policy id> Specify the Active Directory path. Specify the package assignment for Deployment ID/
Usage Example Product Related Topics
Use the no option of this command to remove the package assignment by Active Directory Path.
amnesiac # no package assignment adpath //path policy_id 1
Mobile Controller Displaying Steelhead Mobile System Information
package assignment adpath remove-all
Description Syntax Parameters Example Product Related Topics Removes all the Active Directory path assignments. package assignment adpath remove-all policy_id <policy id> policy_id <policy id> Specify the package assignment for Active Directory.
amnesiac # package assignment adpath remove-all policy_id 1
Mobile Controller Displaying Steelhead Mobile System Information
package assignment depid
Description Syntax Parameters Configures package assignment by Deployment ID. [no] package assignment depid <deploy id> package_id <package id> depid <depid> package_id <package id> Usage Example Product Related Topics Specify the Deployment ID. Specify the package assignment for Deployment ID/
Use the no option of this command to remove the package assignment by Deployment ID.
amnesiac # no package assignment depid 2566 package_id 1
Mobile Controller show package assignments depid
Riverbed Command-Line Interface Reference Manual
407
Configuration-Mode Commands
package assignment depid remove-all
Description Syntax Parameters Removes all the Deployment ID assignments. package assignment depid remove-all package_id <package id> package_id <package id> Specify the package assignment for Deployment ID.
Example Product Related Topics
amnesiac # package assignment depid remove-all package_id 1
Mobile Controller show package assignments depid
Displaying Steelhead Mobile System Information
This section describes the show commands to display system information.
show package assignments adpath
Description Syntax Parameters Example Displays package Active Directory path assignments. show package assignments adpath None
amnesiac # show package assignments adpath #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller package assignment adpath
show package assignments depid
Description Syntax Parameters Example Displays package Deployment ID assignments. show package assignments depid None
amnesiac # show package assignments depid #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller package assignment depid
408
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
show package list
Description Syntax Parameters Example Displays current package list. show package list None
amnesiac # show package list Package Name Version Package ID -----------Default -------2.1.0.27 ---------------1784341108700150
Product Related Topics
Mobile Controller package assignment adpath, package assignment depid
show policy acceleration assignments adpath
Description Syntax Parameters Example Displays policy acceleration Active Directory path assignments. show policy acceleration assignments adpath None
amnesiac # show policy acceleration assignments adpath #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy acceleration assignment adpath
show policy acceleration assignments depid
Description Syntax Parameters Example Displays policy acceleration Deployment ID assignments. show policy acceleration assignments depid None
amnesiac # show policy acceleration assignments depid #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy acceleration assignment depid
Riverbed Command-Line Interface Reference Manual
409
Configuration-Mode Commands
show policy acceleration id <id> cifs findfirst-opt
Description Syntax Parameters Example Displays CIFS settings for find-first option. show policy acceleration id <id> cifs findfirst-opt None
amnesiac # show policy acceleration id 1 cifs findfirst-opt CIFS Find First Option: Enabled
Product Related Topics
Mobile Controller policy acceleration id <id> cifs
show policy acceleration id <id> cifs holdback-oopen
Description Syntax Parameters Example Displays CIFS settings for hold-back overlapping opens option. show policy acceleration id <id> cifs holdback-oopen None
amnesiac # show policy acceleration id 1 cifs holdback-oopen CIFS Holdback Overlapped Open: Enabled
Product Related Topics
Mobile Controller policy acceleration id <id> cifs
show policy acceleration id <id> mapi port-remap
Description Syntax Parameters Example Displays MAPI settings for port remapping. show policy acceleration id <id> mapi port-remap None
amnesiac # show policy acceleration id 1 mapi port-remap MAPI Port Remap: Disabled
Product Related Topics
Mobile Controller policy acceleration id <id> mapi
410
Riverbed Command-Line Interface Reference Manual
Configuration-Mode Commands
show policy acceleration id <id> probe-tcp-opt
Description Syntax Parameters Example Displays MAPI settings the probe TCP option. show policy acceleration id <id> probe-tcp-opt None
amnesiac # show policy acceleration id 1 probe-tcp-opt Probe TCP Option: Probe TCP Option Value: Disabled 76
Product Related Topics
Mobile Controller policy acceleration id <id> probe-tcp-opt
show policy endpoint assignments adpath
Description Syntax Parameters Example Displays policy endpoint Active Directory path assignments. show policy endpoint assignments adpath None
amnesiac # show policy endpoint assignments adpath #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy endpoint assignment adpath
show policy endpoint assignments depid
Description Syntax Parameters Example Displays policy endpoint Deployment ID assignments. show policy endpoint assignments depid None
amnesiac # show policy endpoint assignments depid #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy endpoint assignment depid
Riverbed Command-Line Interface Reference Manual
411
Configuration-Mode Commands
show policy endpoint id <id> kickoff processes
Description Syntax Parameters Example Product Related Topics Displays kickoff processes. show policy endpoint assignments depid None
amnesiac # show policy endpoint id 1 kickoff processes
Mobile Controller policy endpoint id <id> kickoff
412
Riverbed Command-Line Interface Reference Manual
CHAPTER 5
Troubleshooting
This chapter contains a table of commands to provide a quick reference for troubleshooting.
Problem General Commands show stats alarm show logging logging local show info show version Start, Stop, and Reboot service map-port service map-port Connectivity Issue ping traceroute show bootvar Data Store Optimization Service show datastore show in-path show in-path cdp show out-of-path show in-path rules show peers show service show wccp show licenses
Riverbed Command-Line Interface Reference Manual
413
Troubleshooting
Problem Hardware
Commands show stats cpu show stats memory show stats ecc-ram show stats fan show hardware error-log show hardware
Protocol Specific
show protocol cifs show protocol nfs show protocol mapi show protocol ftp show protocol http show protocol ms-sql show protocol notes show protocol oracle-forms show protocol ssl
PFS and Prepopulation
show pfs configuration show pfs configuration show prepop pfs settings
Asymmetric Routing and Failover
show failover show in-path asym-route-tab show in-path neighbor show in-path neighbor advertiseresync show hardware
RAID
show raid configuration show raid diagram show raid error-msg show raid info show raid physical
Upgrade and Boot
show images show bootvar
Collecting System Data for Riverbed Technical Support
RiOS TCP Dump Commands debug generate dump
414
Riverbed Command-Line Interface Reference Manual
APPENDIX A
Riverbed Ports
This appendix describes the Steelhead appliance default and supported secure ports. It includes the following sections:
Default Ports, next Commonly Excluded Ports on page 416 Interactive Ports Forwarded by the Steelhead Appliance on page 416 Secure Ports Forwarded by the Steelhead Appliance on page 417
Default Ports
The following table summarizes Steelhead appliance default ports with the port label: RBT-Proto.
Default Ports 7744 7800 7801 7810 7820 7850 7860 7870 Description Data store synchronization port. In-path port for appliance-to-appliance connections. NAT port. Out-of-path server port. Failover port for redundant appliances. Connection forwarding (neighbor) port. Interceptor appliance Steelhead Mobile Controller to Steelhead Mobile Client communication
Note: Because optimization between Steelhead appliances typically takes place over a secure WAN, it is not necessary to configure company firewalls to support Steelhead specific ports. If there are one or more firewalls between two Steelhead appliances, ports 7800 and 7810, must be passed through firewall devices located between the pair of Steelhead appliances. Also, SYN and SYN/ACK packets with the TCP option 76 must be passed through firewalls for auto-discovery to function properly. For the CMC port 22 must be passed through for the firewall to function properly.
Riverbed Command-Line Interface Reference Manual
415
Riverbed Ports
Commonly Excluded Ports
This section summarizes the ports that are commonly excluded from optimization in the Steelhead appliance. If you have multiple ports that you want to exclude, create a port label and list the ports.
Application PolyComm (video conferencing) Cisco IPTel Ports 1503, 1720-1727, 3230-3253, 5060 2000
Interactive Ports Forwarded by the Steelhead Appliance
A default in-path rule with the port label Interactive is automatically created in your system. This in-path rule automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell).
Tip: If you do not want to automatically forward these ports, simply delete the Interactive rule in the Management Console.
The following table lists the interactive ports that are automatically forwarded by the Steelhead appliance.
Port 7 23 37 107 179 513 514 1494 1718-1720 2000-2003 2427 2598 2727 3389 5060 Description TCP ECHO Telnet UDP/Time Remote Telnet Service Border Gateway Protocol Remote Login Shell Citrix h323gatedisc Cisco SCCp Media Gateway Control Protocol Gateway Citrix Media Gateway Control Protocol Call Agent MS WBT Server, TS/Remote Desktop SIP
416
Riverbed Command-Line Interface Reference Manual
Riverbed Ports
Port 5631 5900-5903 6000
Description PC Anywhere VNC X11
Secure Ports Forwarded by the Steelhead Appliance
A default in-path rule with the port label Secure is automatically created in your system. This in-path rule automatically passes through traffic on commonly secure ports (for example, ssh, https, and smtps).
Tip: If you do not want to automatically forward these ports, simply delete the Secure rule in the Management Console.
The following table lists the common secure ports that are automatically forwarded by the Steelhead appliance.
Type ssh tacacs https Port 22/tcp 49/tcp 443/tcp Description SSH Remote Login Protocol TACACS+ http protocol over TLS/SSL. If you are running v5.0 or later, you can remove the port by using the following command: no port-label secure port 443. # SMTP over SSL (TLS) nntp protocol over TLS/SSL (was snntp) IMAP4+SSL (use 993 instead) SSLshell ldap protocol over TLS/SSL (was sldap) ftp protocol, data, over TLS/SSL ftp protocol, control, over TLS/SSL telnet protocol over TLS/SSL imap4 protocol over TLS/SSL pop3 protocol over TLS/SSL (was spop3) l2tp pptp TFTP over TLS
smtps nntps imap4-ssl sshell ldaps ftps-data ftps telnets imaps pop3s l2tp pptp tftps
465/tcp 563/tcp 585/tcp 614/tcp 636/tcp 989/tcp 990/tcp 992/tcp 993/tcp 995/tcp 1701/tcp 1723/tcp 3713/tcp
Riverbed Command-Line Interface Reference Manual
417
Riverbed Ports
The following table contains the uncommon ports automatically forwarded by the Steelhead appliance.
Type nsiiops ddm-ssl corba-iiop-ssl ieee-mms-ssl ircs njenet-ssl ssm-cssps ssm-els giop-ssl ttc-ssl syncserverssl dicom-tls realsecure orbix-loc-ssl orbix-cfg-ssl cops-tls csvr-sslproxy xnm-ssl msft-gc-ssl networklenss xtrms jt400-ssl seclayer-tls vt-ssl jboss-iiop-ssl ibm-diradm-ssl can-nds-ssl can-ferret-ssl linktest-s asap-tcp-tls topflow-ssl sdo-tls sdo-ssh Port 261/tcp 448/tcp 684/tcp 695/tcp 994/tcp 2252/tcp 2478/tcp 2479/tcp 2482/tcp 2484/tcp 2679/tcp 2762/tcp 2998/tcp 3077/tcp 3078/tcp 3183/tcp 3191/tcp 3220/tcp 3269/tcp 3410/tcp 3424/tcp 3471/tcp 3496/tcp 3509/tcp 3529/tcp 3539/tcp 3660/tcp 3661/tcp 3747/tcp 3864/tcp 3885/tcp 3896/tcp 3897/tcp Description IIOP Name Service over TLS/SSL DDM-Remote DB Access Using Secure Sockets CORBA IIOP SSL IEEE-MMS-SSL irc protocol over TLS/SSL NJENET using SSL SecurSight Authentication Server (SSL) SecurSight Event Logging Server (SSL) Oracle GIOP SSL Oracle TTC SSL Sync Server SSL DICOM TLS Real Secure Orbix 2000 Locator SSL Orbix 2000 Locator SSL COPS/TLS ConServR SSL Proxy XML NM over SSL Microsoft Global Catalog with LDAP/SSL NetworkLens SSL Event xTrade over TLS/SSL jt400-ssl securitylayer over tls Virtual Token SSL Port JBoss IIOP/SSL IBM Directory Server SSL Candle Directory Services using SSL Candle Directory Services using SSL LXPRO.COM LinkTest SSL asap/tls tcp port TopFlow SSL Simple Distributed Objects over TLS Simple Distributed Objects over SSH
418
Riverbed Command-Line Interface Reference Manual
Riverbed Ports
Type iss-mgmt-ssl suucp wsm-server-ssl sip-tls imqtunnels davsrcs intrepid-ssl rets-ssl
Port 3995/tcp 4031/tcp 5007/tcp 5061/tcp 7674/tcp 9802/tcp 11751/tcp 12109/tcp
Description ISS Management Svcs SSL UUCP over SSL wsm server ssl SIP-TLS iMQ SSL tunnel WebDAV Source TLS/SSL Intrepid SSL RETS over SSL
Riverbed Command-Line Interface Reference Manual
419
Riverbed Ports
420
Riverbed Command-Line Interface Reference Manual
APPENDIX B
Riverbed MIB
This appendix describes the Riverbed Enterprise SNMP MIB. It contains the following sections:
Accessing the Steelhead Enterprise MIB, next SNMP Traps on page 422
Accessing the Steelhead Enterprise MIB
The Steelhead Enterprise MIB monitors device status, peers, and provides network statistics for seamless integration into network management systems such as Hewlett Packard OpenView Network Node Manager, PRTG, and other SNMP browser tools. For detailed information about configuring and using these network monitoring tools, consult their individual Web sites. The following guidelines describe how to download and access the Steelhead Enterprise MIB using common MIB browsing utilities.
You can download the Steelhead Enterprise MIB (STEELHEAD-MIB.txt) from the help page of the Management Console or from the Riverbed Technical Support site at https://support.riverbed.com and load it into any MIB browser utility. Some utilities might expect a file type other than a text file. If this occurs, change the file type to the one expected. Some utilities assume that the root is mib-2 by default. If the utility sees a new node, such as enterprises, it might look under mib-2.enterprises. If this occurs, use .iso.org.dod.internet.private.enterprises.rbt as the root. Some command-line browsers might not load all MIB files by default. If this occurs, find the appropriate command option to load the STEELHEAD-MIB.txt file. For example, for NET-SNMP browsers: snmpwalk -m all
Riverbed Command-Line Interface Reference Manual
421
Riverbed MIB
SNMP Traps
Alarms fire for their event only. If a service alarm is fired indicating that the service has halted, no alarm is fired when the service returns to normal operation. The following table summarizes the SNMP traps sent out from the system to configured trap receivers.
Trap procCrash (enterprises.17163.1.1.4.0.1) Text A procCrash trap signifies that a process managed by PM has crashed and left a core file. The variable sent with the notification indicates which process crashed. Description A process has crashed and subsequently been restarted by the system. The trap contains the name of the process that crashed. A system snapshot associated with this crash has been created on the appliance and is accessible via the CLI or the Management Console. Riverbed Technical Support may need this information to determine the cause of the crash. No other action is required on the appliance as the crashed process is automatically restarted. A process has unexpectedly exited and been restarted by the system. The trap contains the name of the process. The process may have exited on its own or due to other process failures on the appliance. Please review the release notes for known issues related to this process exit. If none exist, please contact Riverbed Technical Support to determine the cause of this event. No other action is required on the appliance as the crashed process is automatically restarted. Average CPU utilization has exceeded an acceptable threshold. If CPU utilization spikes are frequent, it may be because the system is undersized. Sustained CPU load can be symptomatic of more serious issues. Consult the CPU Utilization report to gauge how long the system has been loaded and also monitor the amount of traffic currently going through the appliance. A one-time spike in CPU is normal but extended high CPU utilization should be reported to Riverbed Technical Support. No other action is necessary as the alarm clears on its own. The system is running low on memory and has begun swapping memory pages to disk. This event can be triggered during a software upgrade while the optimization service is still running but there may be other causes which should be monitored or diagnosed. Should this event be triggered at any other time, please generate a debug sysdump and send it to Riverbed Technical Support. No other action is required as the alarm clears on its own. A disk is about to fail. Contact Riverbed Technical Support immediately. Note: Applicable to models 100, 200, 510, 520, 1010, 1020, 2010, 2510, 2511 only.
procExit (enterprises.17163.1.1.4.0.2)
A procExit trap signifies that a process managed by PM has exited unexpectedly, but not left a core file. The variable sent with the notification indicates which process exited. The average CPU utilization in the past minute has gone above the acceptable threshold.
cpuUtil (enterprises.17163.1.1.4.0.3)
pagingActivity (enterprises.17163.1.1.4.0.4)
The system has been paging excessively (thrashing).
smartError (enterprises.17163.1.1.4.0.5)
SMART has sent an event about a possible disk error.
422
Riverbed Command-Line Interface Reference Manual
Riverbed MIB
Trap peerVersionMismatch (enterprises.17163.1.1.4.0.6)
Text Detected a peer with a mismatched software version.
Description The appliance has encountered another appliance which is running an incompatible version of system software. The CLI, Management Console, or the SNMP peer table can be referenced to determine which appliance is causing the conflict. To resolve the problem upgrade your system software. No other action is required as the alarm clears on its own. The appliance has entered bypass mode and is now passing through all traffic unoptimized. This error is generated if the optimization service locks up or crashes. It can also be generated when the system is first turned on or turned off. If this trap is generated on a system that was previously optimizing and is still running, you should contact Riverbed Technical Support. A drive has failed in a RAID array. Consult the CLI or Management Console to determine the location of the failed drive. Please contact Riverbed Technical Support for assistance with installing the spare drive. The appliance continues to optimize during this event. After the error is corrected, the alarm clears on its own. Note: Applicable to models 3010, 3510, 3020, 3520, 5010, 5520, 6020, and 6120 only.
bypassMode (enterprises.17163.1.1.4.0.7)
The appliance has entered bypass (failthru) mode.
raidError (enterprises.17163.1.1.4.0.8)
An error has been generated by the RAID array.
storeCorruption (enterprises.17163.1.1.4.0.9) admissionMemError (enterprises.17163.1.1.4.0.10)
The data store is corrupted. Admission control memory alarm has been triggered.
Corruption has been detected in the data store. Please contact Riverbed Technical Support immediately. The appliance has entered admission control due to memory consumption. The appliance is optimizing traffic beyond its rated capability and is unable to handle the amount of traffic passing through the WAN link. During this event, the appliance will continue to optimize existing connections, but new connections are passed through without optimization. No other action is necessary as the alarm clears on its own when the traffic has decreased. The appliance has entered admission control due to the number of connections and is unable to handle the amount of connections going over the WAN link. During this event, the appliance continues to optimize existing connections, but new connections are passed through without optimization. No other action is necessary as the alarm clears on its own when the traffic has decreased. The optimization service has halted due to a serious software error. Please contact Riverbed Technical Support immediately. The optimization service has encountered a condition which may degrade optimization performance. Please consult the system log for more information. No other action is necessary.
admissionConnError (enterprises.17163.1.1.4.0.11)
Admission control connections alarm has been triggered.
haltError (enterprises.17163.1.1.4.0.12) serviceError (enterprises.17163.1.1.4.0.13)
The service is halted due to a software error. There has been a service error. Please consult the log file.
Riverbed Command-Line Interface Reference Manual
423
Riverbed MIB
Trap scheduledJobError (enterprises.17163.1.1.4.0.14)
Text A scheduled job has failed during execution.
Description A scheduled job on the system (for example, a software upgrade) has failed. Please use the CLI or the Management Console to determine which job failed. A user on the system has entered a configuration mode from either the CLI or Management Console. A log in to the Management Console by user admin sends this trap as well. This is for notification purposes only; no other action is necessary. A user on the system has exited configuration mode from either the CLI or Management Console. A log out of the Management Console by user admin sends this trap as well. This is for notification purposes only; no other action is necessary. The system has lost one of its Ethernet links due to a network event. Check the physical connectivity between the Steelhead appliance and its neighbor device. This should be investigated as soon as possible as depending on what link is down, the system might no longer be optimizing and a network outage could occur. The Steelhead appliance has detected that either NFSv2 or NFSv4 is in use. The Steelhead appliance only supports NFSv3 and will pass through all other versions. Check that the clients and servers are using NFSv3 and reconfigure if necessary. A redundant power supply on the appliance has failed on the appliance and needs to be replaced. Please contact Riverbed Technical Support for an RMA replacement as soon as practically possible. Asymmetric routing has been detected on the network. This is very likely due to a failover event of an inner router or VPN. If so, no action needs to be taken. If not, please contact Riverbed Technical Support for further troubleshooting assistance. A fan is failing or has failed and needs to be replaced. Please contact Riverbed Technical Support for an RMA replacement as soon practically possible. A memory error has been detected. A system memory stick might be failing. Try reseating the memory first. If the problem persists, please contact Riverbed Technical Support for an RMA replacement as soon as practically possible. An Intelligent Platform Management Interface (IPMI) event has been detected. Check the Alarm Status page for more detail.
confModeEnter (enterprises.17163.1.1.4.0.15)
A user has entered configuration mode.
confModeExit (enterprises.17163.1.1.4.0.16)
A user has exited configuration mode.
linkError (enterprises.17163.1.1.4.0.17)
An interface on the appliance has lost its link.
nfsV2V4 (enterprises.17163.1.1.4.0.18)
NFS v2/v4 alarm notification.
powerSupplyError (enterprises.17163.1.1.4.0.19)
A power supply on the appliance has failed (not supported on all models). Asymmetric routes have been detected, certain connections might not have been optimized because of this. A fan has failed on this appliance (not supported on all models). A memory error has been detected on the appliance (not supported on all models). An IPMI event has been detected on the appliance. Please check the details in the alarm report on the Web UI (not supported on all models). A change has been made to the systems configuration.
asymRouteError (enterprises.17163.1.1.4.0.20)
fanError (enterprises.17163.1.1.4.0.21) memoryError (enterprises.17163.1.1.4.0.22)
ipmi (enterprises.17163.1.1.4.0.23)
configChange (enterprises.17163.1.1.4.0.24)
A configuration change has been detected. Check the log files around the time of this trap to determine what changes were made and whether they were authorized.
424
Riverbed Command-Line Interface Reference Manual
Riverbed MIB
Trap datastoreWrapped (enterprises.17163.1.1.4.0.25)
Text The datastore has wrapped around.
Description The data store on the Steelhead appliance went through an entire cycle and is removing data to make space for new data. This is normal behavior unless it wraps too quickly, which might indicate the data store is undersized. The appliance temperature is a configurable notification. By default, this notification is set to trigger when the appliance reached 70 degrees Celsius. Raise the alarm trigger temperature if it is normal for the Steelhead appliance to get that hot, or reduce the temperature of the Steelhead appliance. This trap/alarm triggers a critical state on the appliance. This alarm occurs when the appliance temperature reaches 80 degrees Celsius. The temperature value is not user-configurable. Reduce the appliance temperature.
temperatureWarning
The system temperature has exceeded the threshold.
temperatureCritical
The system temperature has reached a critical stage.
Riverbed Command-Line Interface Reference Manual
425
Riverbed MIB
426
Riverbed Command-Line Interface Reference Manual
Acronyms and Abbreviations
AAA. Authentication, Authorization, and Accounting. ACL. Access Control List. ACK. Acknowledgment Code. ACS. (Cisco) Access Control Server. AD. Active Directory. ADS. Active Directory Services. AES. Advanced Encryption Standard. APT. Advanced Packaging Tool. AR. Asymmetric Routing. ARP. Address Resolution Protocol. BDP. Bandwidth-Delay Product. BW. Bandwidth. CA. Certificate Authority. CAD. Computer Aided Design. CDP. Cisco Discovery Protocol. CHD. Computed Historical Data. CIFS. Common Internet File System. CLI. Command-Line Interface. CMC. Central Management Console. CPU. Central Processing Unit.
Riverbed Command-Line Interface Reference Manual
427
Acronyms and Abbreviations
CRM. Customer Relationship Management. CSR. Certificate Signing Request. CSV. Comma-Separated Value. DC. Domain Controller. DES. Data Encryption Standard. DID. Deployment ID. DMZ. Demilitarized Zone. DER. Distinguished Encoding Rules. DES. Data Encryption Standard. DHCP. Dynamic Host Configuration Protocol. DNS. Domain Name Service. DR. Data Replication. DSA. Digital Signature Algorithm. DSCP. Differentiated Services Code Point. ECC. Error-Correcting Code. ERP. Enterprise Resource Planning. ESD. Electrostatic Discharge. FDDI. Fiber Distributed Data Interface. FIFO. First in First Out. FIPS. Federal Information Processing Standards. FSID. File System ID. FTP. File Transfer Protocol. GB. Gigabytes. GMT. Greenwich Mean Time. GRE. Generic Routing Encapsulation. GUI. Graphical User Interface. HFSC. Hierarchical Fair Service Curve.
428
Riverbed Command-Line Interface Reference Manual
Acronyms and Abbreviations
HSRP. Hot Standby Routing Protocol. HSTCP. High-Speed Transmission Control Protocol. HTTP. HyperText Transport Protocol. HTTPS. HyperText Transport Protocol Secure. ICA. Independent Computing Architecture. ICMP. Internet Control Message Protocol. ID. Identification Number. IETF. Internet Engineering Task Force. IGP. Interior Gateway Protocol. IOS. (Cisco) Internetwork Operating System. IKE. Internet Key Exchange. IP. Internet Protocol. IPMI. Intelligent Platform Management Interface. IPSec. Internet Protocol Security Protocol. ISL. InterSwitch Link. Also known as Cisco InterSwitch Link Protocol. L2. Layer-2. L4. Layer-4. LAN. Local Area Network. LED. Light-Emitting Diode. LRU. Least Recently Used. LZ. Lempel-Ziv. MAC. Media Access Control. MAPI. Messaging Application Protocol Interface. MDI, MDI-X. Medium Dependent Interface-Crossover. MEISI. Microsoft Exchange Information Store Interface. MIB. Management Information Base. MOTD. Message of the Day.
Riverbed Command-Line Interface Reference Manual
429
Acronyms and Abbreviations
MS GPO. Microsoft Group Policy Object. MS SMS. Microsoft Systems Management Server. MS-SQL. Microsoft Structured Query Language. MSFC. Multilayer Switch Feature Card. MSI Package. Microsoft Installer Package. MTU. Maximum Transmission Unit. MX-TCP. Max-Speed TCP. NAS. Network Attached Storage. NAT. Network Address Translate. NFS. Network File System. NIS. Network Information Services. NSPI. Name Service Provider Interface. NTLM. Windows NT LAN Manager. NTP. Network Time Protocol. OSI. Open System Interconnection. OSPF. Open Shortest Path First. PAP. Password Authentication Protocol. PBR. Policy-Based Routing. PCI. Peripheral Component Interconnect. PEM. Privacy Enhanced Mail. PFS. Proxy File Service. PKCS12. Public Key Cryptography Standard #12. PRTG. Paessler Router Traffic Grapher. PSU. Power Supply Unit. QoS. Quality of Service. RADIUS. Remote Authentication Dial-In User Service. RAID. Redundant Array of Independent Disks.
430
Riverbed Command-Line Interface Reference Manual
Acronyms and Abbreviations
RCU. Riverbed Copy Utility. ROFS. Read-Only File System. RPC. Remote Procedure Call. RSA. Rivest-Shamir-Adleman Encryption Method by RSA Security. RSP. Riverbed Services Platform. SA. Security Association. SAP. System Application Program. SCP. Secure Copy Program. SCPS. Space Communications Protocol Standards. SDR. Scalable Data Referencing. SEL. System Event Log. SFQ. Stochastic Fairness Queuing. SMB. Server Message Block. SMI. Structure of Management Information. SMTP. Simple Mail Transfer Protocol. SNMP. Simple Network Management Protocol. SPAN. Switched Port Analyzer. SQL. Structured Query Language. SSH. Secure Shell. SSL. Secure Sockets Layer. SYN. Synchronize. SYN/ACK. Synchronize/Acknowledgement. TA. Transaction Acceleration. TACACS+. Terminal Access Controller Access Control System. TCP. Transmission Control Protocol. TCP/IP. Transmission Control Protocol/Internet Protocol. TP. Transaction Prediction.
Riverbed Command-Line Interface Reference Manual
431
Acronyms and Abbreviations
TTL. Time to Live. ToS. Type of Service. U. Unit. UDP. User Diagram Protocol. UNC. Universal Naming Convention. URL. Uniform Resource Locator. UTC. Universal Time Code. VGA. Video Graphics Array. VLAN. Virtual Local Area Network. VoIP. Voice over IP. VWE. Virtual Window Expansion. WAN. Wide Area Network. WCCP. Web Cache Communication Protocol. XOR. Exclusive OR logic.
432
Riverbed Command-Line Interface Reference Manual
Glossary
Acceleration Policy. An acceleration policy contains optimization rules for accelerating the WAN traffic for endpoint clients. An acceleration policy is required for optimization to occur. ACK. A packet message used in the TCP to acknowledge receipt of a packet. ARP. Address Resolution Protocol. An IP protocol used to obtain a node's physical address. Assignment. An assignment occurs when an endpoint or an acceleration policy is matched to a deployment ID (DID). Bandwidth. The upper limit on the amount of data, typically in kilobits per second (kbps), that can pass through a network connection. Greater bandwidth indicates faster data transfer capability. Bit. A Binary digit. The smallest unit of information handled by a computer; either 1 or 0 in the binary number system. Blade. One component in a system designed to accept some number of components (blades). Bridge. Device that connects and passes packets between two network segments that use the same communications protocol. Bridges operate at the data link layer (Layer 2) of the OSI reference model. In general, a bridge filters, forwards, or floods an incoming frame based on the MAC address of that frame. Cache. A temporary storage area for frequently or recently accessed data. CIFS. Common Internet File System. CIFS is the remote file system access protocol used by Windows servers and clients to share files across the network. Correct Addressing. A packet addressing method in which the source IP addresses and port numbers are used in the header fields. Database Cursor. A record pointer in a database. When a database file is selected and the cursor is opened, the cursor points to the first record in the file. Using various commands, the cursor can be moved forward, backward, to top of file, bottom of file, and so forth. De-Duplication. A method of reducing storage space by eliminating redundant data. It stores only one unique instance of the data. It replaces redundant data with a pointer to the unique data copy. Default Gateway. The default address of a network or Web site. It provides a single domain name and point of entry to the network or site.
Riverbed Command-Line Interface Reference Manual
433
Glossary
Deployment ID. The deployment ID (DID) is used to apply policies and policy updates to groups of endpoint clients. The DID is associated with the endpoint client upon installation of a MSI package. The Steelhead Mobile Controller uses the DID to identify the client and provide their assigned policies and policy updates. DHCP. Dynamic Host Configuration Protocol. Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network. DMZ. Demilitarized Zone. A computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (email) servers, and DNS servers. DNS. Domain Name Service. A system used in the Internet for translating names of network nodes into IP addresses. A Domain Name Server notifies hosts of other host IP addresses, associating host names with IP addresses. Domain. In the Internet, a portion of the Domain Name Service (DNS) that refers to groupings of networks based on the type of organization or geography. Endpoint. An endpoint is a client computer. For example, a PC or laptop. Endpoint Policy. An endpoint policy specifies machine-specific software settings for endpoint clients, such as the data store size. An endpoint policy is required for optimization to occur. Ethernet. The most widely used Local Area Network (LAN) access method. Fat Client. A client computer which provides large size applications independently of the central server. FDDI. Fiber Distributed Data Interface. A set of American National Standards Institute (ANSI) protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as backbones for Wide Area Networks (WANs). File Cluster. Two or more filers that provide high availability and load balancing. Filer. An appliance that attaches to a computer network and is used for data storage. Full Address Transparency. A packet addressing method in which the client and server IP addresses and port numbers are used in the header fields. Gateway. A computer that acts as an intermediate device for two or more networks that use the same protocols. The gateway functions as an entry and exit point to the network. Transport protocol conversion might not be required, but some form of processing is typically performed. Gigabit Ethernet. An Ethernet technology that raises transmission speed to 1 Gbps (1000 Mbps). Hashing. Producing hash values for accessing data or for security. A hash value is a number generated from a string of text. The hash is substantially smaller than the text itself and is generated by a formula in such a way that it is extremely unlikely that some other text produces the same hash value. Heartbeat. A repeating signal transmitted from one appliance to another to indicate that the appliance is operating.
434
Riverbed Command-Line Interface Reference Manual
Glossary
Heuristic. A method of problem solving using exploration and trial and error methods. Heuristic program design provides a framework for solving the problem in contrast with a fixed set of algorithmic rules that cannot vary. Host. A computer or other computing device that resides on a network. Host address. The IP address assigned to each computer attached to the network. Host name. Name given to a computer, usually by DNS. HSRP. Hot Standby Routing Protocol. HSRP is a routing protocol from Cisco that provides backup to a router in the event of failure. Using HSRP, several routers are connected to the same segment of an Ethernet, FDDIs or token-ring network and work together to present the appearance of a single virtual router on the LAN. The routers share the same IP and MAC addresses, therefore in the event of failure of one router, the hosts on the LAN are able to continue forwarding packets to a consistent IP and MAC address. The process of transferring the routing responsibilities from one device to another is transparent to the user. HTTP. Hypertext Transport Protocol. The protocol used by Web browsers to communicate with Web servers. HTTPS. Hypertext Transport Protocol Secure. The protocol for accessing a secure Web server. Using HTTPS directs the message to a secure port number to be managed by a security protocol. Interface. The point at which a connection is made between two elements, systems, or devices so that they can communicate with one another. Internet. The collection of networks tied together to provide a global network that use the TCP/IP suite of protocols. IP. Internet Protocol. Network layer protocol in the TCP/IP stack that enables a connectionless internetwork service. IP address. In IP version 4 (IPv4), a 32-bit address assigned to hosts using the IP protocol. Also called an Internet address. IPsec. Internet Protocol Security protocol. A set of protocols to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs). IPsec supports two encryption modes: Transport and Tunnel. For IPsec to work, the sending and receiving devices must share a public key. Latency. Delay between a request being issued and its response being received. Layer 2. The communications protocol (called the data link layer or MAC layer) that contains the physical address of a client or server inspected by a bridge or switch. Layer 2 processing is faster than layer 3 processing, because less analysis of the packet is required. Layer 3. The communications protocol (called the network layer) that contains the logical address of a client or server station that is inspected by a router which in turn forwards it through the network. Layer 3 contains a type field so that traffic can be prioritized and forwarded based on message type as well as network destination. The IP network layer (Layer 3) accepts packets from the TCP or UDP transport layer (Layer 4), adds its own header and delivers a datagram to the data link layer protocol (Layer 2).
Riverbed Command-Line Interface Reference Manual
435
Glossary
Layer-4. A communications protocol (called the transport layer) responsible for establishing a connection and ensuring that all data has arrived safely. The application delivers its data to the communications system by passing a stream of data bytes to the transport layer along with the socket (the IP address of the station and a port number) of the destination machine. MAC address. Unique serial number or physical station address burned into Ethernet and Token Ring adapters to identify that network card from all others. MAPI. Messaging API. A programming interface from Microsoft that enables a client application to send and receive mail from Exchange Server or a Microsoft Mail (MS Mail) messaging system. Microsoft applications such as Outlook, the Exchange client, and Microsoft Schedule use MAPI. Microsoft Exchange. Messaging and groupware software for Windows from Microsoft. The Exchange server is an Internet-compliant messaging system that runs under Windows systems and can be accessed by Web browsers, the Windows In-box, Exchange client, or Outlook. The Exchange server is also a storage system that can hold anything that needs to be shared. MSI Package. An MSI package is the Microsoft Software Installer (MSI) used to install Mobile Client software onto endpoint clients. Multiprotocol Filer. Filer that supports both the NFS and CIFS protocols. Netmask. A 32-bit mask which shows how an Internet address is divided into network, subnet, and host parts. The netmask has ones in the bit positions in the 32-bit address which are used for the network and subnet parts, and zeros for the host part. The mask must contain at least the standard network portion (as determined by the class of the address), and the subnet field should be contiguous with the network portion. Neural Network. A modeling technique based on the observed behavior of biological neurons and used to mimic the performance of a system. It consists of a set of elements that start out connected in a random pattern, and, based upon operational feedback, are molded into the pattern required to generate the required results. It is used in applications such as robotics, diagnosing, forecasting, image processing, and pattern recognition. NFS. Network File System. The file sharing protocol in a UNIX network. NIS. Network Information Services. A naming service that allows resources to be easily added, deleted, or relocated. Opportunistic Lock. Also known as oplock. A lock requested by a client on a file that resides on a remote server. To prevent any compromise to data integrity, the Steelhead appliance only optimizes data where exclusive access is available (in other words, when locks are granted). When an oplock is not available, the Steelhead appliance does not perform application-level latency optimizations but still performs Scalable Data Referencing and compression on the data as well as TCP optimizations. Therefore, even without the benefits of latency optimization, Steelhead appliances still increase WAN performance, but not as effectively as when application optimizations are available. OSPF. Open Shortest Path First. An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node. Each router sends that portion of the routing table (which keeps track of routes to particular network destinations) that describes the state of its own links. It also sends the complete routing structure (topography).
436
Riverbed Command-Line Interface Reference Manual
Glossary
Packet. A unit of information transmitted, as a whole, from one device to another on a network. Policy. Routing and Quality of Service (QoS) scheme that forwards data packets to network interfaces based on user-configured parameters. Port. A pathway into and out of the computer or a network device such as a hub, switch, or router. On network devices, the ports are for communications, typically connecting Ethernet cables or other network devices. Port Transparency. A packet addressing method in which the server port number is used in the header fields. Probe. A small utility program that is used to investigate, or test, the status of a system, network, or Web site. Proxy. An entity that acts on behalf of a network client. In a network, a client is an entity that makes a network request and a server is an entity that responds to the request. For example, your Web browser is a client which requests Web content from a Web server. A proxy can take the place of the client, meaning the client never communicates directly with the server. Instead, the client makes a connection to the proxy and the proxy makes the connection to the server, receives any responses from the server, and relays them back to the client. Router. A device that forwards data packets from one LAN or WAN to another. Based on routing tables and routing protocols, routers read the network address in each transmitted frame and make a decision on how to send it based on the most expedient route (traffic load, line costs, speed, bad lines, etc.). Routers work at Layer-3 in the protocol stack, whereas bridges and switches work at Layer-2. SDR. Scalable Data Referencing. Process that uses a proprietary algorithm to divide data into small chunks, then references and stores the data chunks on the Steelhead appliance. Server Virtualization. Process that uses multiple virtual filers on a single filer hardware. Share. Mechanism of making a directory on a volume an IP network entity. Clients connect to shares. A share can point to any directory, even the root directory. A volume can have many shares. A share can point only to one directory in a volume. A share is not a storage management entity. SMB. Server Message Block. A message format used by DOS and Windows to share files, directories, and devices. There are also a number of products that use SMB to enable file sharing among different operating system platforms. A product called Samba, for example, enables UNIX and Windows machines to share directories and files. SNMP. Simple Network Management Protocol. A network protocol that provides a way to monitor network devices, performance, security, and manages configurations and collects statistics. Socket. The method of directing data to the appropriate application in a TCP/IP network. A socket is made up of the IP address of the station and a port number. Spanning Tree Protocol. An OSI layer-2 protocol that ensures a loop-free topology for a bridged LAN. Switch. A network device that filters and forwards frames based on the destination address of each frame. The switch operates at Layer-2 (data link layer) of the Open System Interconnection (OSI) model. SYN. A synchronize packet in TCP.
Riverbed Command-Line Interface Reference Manual
437
Glossary
SYN-ACK. To establish a connection TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it for connections (a passive open). After the passive open is established, a client can initiate an active open. To establish a connection, the three-way handshake occurs: 1) the active open is performed by the client sending a SYN to the server, 2) in response, the server replies with a SYN-ACK, 3) finally, the client sends an ACK back to the server. TCP. Transmission Control Protocol. The error correcting Transport layer (Layer-4) in the TCP/IP protocol suite. TCP/IP. Transmission Control Protocol/Internet Protocol. The protocol suite used in the Internet, intranets, and extranets. TCP provides transport functions, which ensures that the total amount of bytes sent is received correctly at the other end. TCP/IP is a routable protocol, and the IP part of TCP/IP provides this capability. Throttle. To adjust the CPU speed. VIF. Virtual Interface. A logical interface created for the physical interface. Like a physical Ethernet interface, each VIF can have multiple addresses assigned to it. VLAN. Virtual Local Area Network. A VLAN is an administratively configured LAN or broadcast domain. Instead of going to the wiring closet to move a cable to a different LAN, network administrators can remotely configure a port on an 802.1Q-compliant switch to belong to a different VLAN. A 802.1Q VLAN enables network administrators to move end stations to different broadcast domains by setting membership profiles for each port on centrally managed switches. Virtual Filer. Independent network entity that has its own set of IP addresses and routing tables, DNS names, and domain membership. Virtual Server. Network entity that uses its own name and IP address to serve data just like a physical server. It mounts volumes from external filers and exports shares that you can mount and access. Multiple virtual servers can share physical resources and run concurrently on the same appliance. Volume. A partition on the filer disk. A volume is not an IP network entity; you cannot ping or connect to a volume. Volumes belong to virtual servers. The volume administrator can create shares for various directories on the volume. Volumes contain shares you can export and access. When a virtual server fails over to another filer, volumes follow the virtual server. WAN Visibility Mode. Pertains to how packets traversing the WAN are addressed. XOR. Exclusive OR logic or exclusive disjunction logic. It yields true if exactly one (but not both) of two conditions is true. XOR hardware logic is used in RAID engines designed to perform complex parity calculations.
438
Riverbed Command-Line Interface Reference Manual
Index
A aaa authentication cond-fallback 134 aaa authentication cond-fallback default 134 aaa authentication login default 134 aaa authorization map default-user 30, 31, 135 aaa authorization map order 135 Accounts Domain 367 for Local Workgroup 370 adaptor info clear-all 404 arp 189 B Backup Steelhead appliance 339 banner login 147 banner motd 147 boot system 183 C CIFS disabling write optimization 255 dynamic throttling 255 CIFS optimizations 254 clear arp-cache 94 clear hardware error-log 95 clear interface 95 CLI command negation 13 connecting 11 online help 13 overview of 12 saving configurations 13 cli clear-history 148 cli default auto-logout 148 cli default paging enable 148 cli session options 19, 149 clock set 95, 189 clock timezone 189 cmc backup-config 390 cmc backup-stats 390 cmc email notify appliance aggregate duration 392
cmc email notify appliance aggregate enable 392 cmc email notify appliance enable 392 cmc enable 155 cmc policy push appliance 393 cmc reboot 391 cmc restore-config name 391 cmc restore-stats 391 cmc send-cmd appliance 394 cmc send-cmd group 394 cmc send-op appliance 395 cmc send-op group 395 cmc upgrade abort 395 cmc upgrade appliance 396 cmc upgrade auto 396 cmc upgrade concurrent limit 397 cmc upgrade delete 397 cmc upgrade fetch 397 cmc upgrade timeout 398 configuration copy 156 configuration delete 156 configuration factory 157 configuration fetch 157 configuration flash restore 160 configuration flash write 160 configuration jump-start 157 configuration merge 159 configuration move 159 configuration new 160 configuration revert keep-local 161 configuration revert saved 161 configuration switch-to 161 configuration upload 162 configuration write 162 configure terminal 96 D Data replication commands 340 Data store corrupt 175 data reduction 177 data throughput settings 177
Riverbed Command-Line Interface Reference Manual
439
Index
Margin Segment Elimination 177 securing 175 datastore disk read-pressure 341 datastore disk read-pressure interval 172 datastore disklayout 341 datastore disklayout fifo 173 datastore disklayout rvbdlru 173 datastore encryption type 172, 174 datastore notification enable 176 datastore notification wrap-around 176 datastore sdr-policy 177 datastore sync enable 178 datastore sync master 179 datastore sync peer-ip 179 datastore sync port 179 datastore sync reconnect 180 datastore write-q-prior 342 debug generate dump 96, 374 disable 96 DNAT optimization VNI 345 dns cache clear 358 dns cache freeze enable 359 dns cache frozen-min-ttl 359 dns cache max-ncache-ttl 360 dns cache max-ttl 360 dns cache min-ncache-ttl 360 dns cache min-ttl 361 dns cache size 361 dns enable 361 dns forwarder 362 dns forwarder add 363 dns fwd-fail-count 363 dns fwd-fail-dtxn enable 363 dns fwd-fail-time 364 dns fwd-tm-staydown 364 dns interface 364 dns root-fallback enable 365 Documentation, contacting 10 domain cancel-event 365 domain check 365 domain join 366 domain leave 367 domain rejoin 368 domain require 368 E email autosupport enable 166 email domain 166 email mailhub 167 email mailhub-port 167 email notify events enable 167 email notify events recipient 168 email notify failures enable 168 email notify failures recipient 168
email send-test 169 enable 16 Enabling optimization for Outlook 2007 274 Encrypted MAPI traffic 272 endpoint info clear-all 404 Enterprise MIB accessing 421 Ethernet network compatibility 9 Excel 254 Exchange Server 274 exit 16 F failover buddy addr 337 failover buddy port 338 failover enable 338 failover master 339 failover port 340 Fail-to-block mode allow-failure and 225 enabling 191 Fail-to-block mode, enabling 191 FIFO queue in QoS 320 file debug-dump delete 97 file debug-dump email 97 file debug-dump upload 97 file process-dump delete 98 file process-dump upload 98 file sa delete 98 file sa generate 99 file sa upload 99 file stats move 100 file tcpdump 100 file tcpdump delete 101 FTP QoS classification 324 H hardware ecc-mem-check enable 190 hardware spec activate 184 hardware upgrade model 184 hardware watchdog 186 hostname 190 I image boot 184 image delete 101 image fetch 101 image flash backup 185 image flash restore 185 image install 101 image move 102 In-band hybrid packages, overview of 353 In-band LAN packages, overview of 353 In-band packages, overview of 353
440
Index
Index
In-band WAN packages, overview of 353 in-path asymmetric routing detection enable 219 in-path asymmetric routing pass-through enable 221 in-path asym-route-tab flush 218 in-path asym-route-tab remove 218 in-path cdp allow-failure 222 in-path cdp enable 222 in-path cdp holdtime 223 in-path cdp interval 223 in-path enable 198 in-path interface enable 198 in-path interface vlan 198 in-path kickoff 199 in-path lsp enable 199 in-path mac-match-vlan 329 in-path move-rule rulenum 200 in-path multi-path maintain 329 in-path neighbor ack-timer-cnt 224 in-path neighbor ack-timer-intvl 224 in-path neighbor advertiseresync 224 in-path neighbor allow failure 225 in-path neighbor enable 226 in-path neighbor fwd-vlan-mac 227 in-path neighbor interface 382 in-path neighbor keepalive count 227 in-path neighbor keepalive interval 227 in-path neighbor multi-interface enable 228 in-path neighbor multi-interface fallback 228 in-path neighbor name 228 in-path neighbor peer name 383 in-path neighbor port 229 in-path neighbor read-timeout 229 in-path neighbor recon-timeout 230 in-path oop enable 200 in-path peering auto 210, 211, 212 in-path peering edit-rule 212 in-path peering ext-peer-tbl 212 in-path peering move-rule 212 in-path peering oobtransparency mode 330 in-path peering rule 213 in-path probe direct 216 in-path probe version 217 in-path probe-caching enable 200 in-path probe-ftp-data 332 in-path probe-mapi-data 332 in-path rule auto-discover 200 in-path rule deny 204 in-path rule discard 204 in-path rule fixed-target 205 in-path rule pass-through 208 in-path rule redirect 383 in-path send-storeid enable 230 in-path simplified routing 230 in-path turbo enable 209
in-path vlan-conn-based 209, 332 Interactive ports 416 interface 190 ip default-gateway 192 ip domain-list 192 ip flow-export 232 ip flow-export enable 234 ip flow-setting active_to 235 ip flow-setting inactive_to 235 ip flow-setting lan-subnets 235 ip host 192 ip in-path route 209 ip in-path-gateway 209 ip name-server 193 ip route 193 ip security authentication policy 236 ip security enable 236 ip security encryption policy 237 ip security peer ip 238 ip security pfs enable 238 ip security rekey interval 239 ip security shared secret 239 J job 371 job comment 371 job date-time 372 job enable 372 job execute 372 job fail-continue 373 job name 373 job recurring 373 L license delete 185 license install 186 limit connection 193 load balance edit rulenum 381 load balance move-rule 378 load balance rule pass 378 load balance rule redirect 380 load balance rule src 137 logging 180 logging files delete 181 logging files rotation criteria frequency 181 logging files rotation criteria size 182 logging files rotation force 181 logging files rotation max-num 182 logging local 182 logging trap 183 M MAC address, displaying 121 Management VNIs, overview of 345 Master steelhead appliance 339
Riverbed Command-Line Interface Reference Manual
441
Index
MIB file accessing 421 SNMP traps sent 422 Microsoft Office 254 MX-TCP queue in QoS 320 N NetFlow troubleshooting 233 NetFlow support commands 231 Network statistics, gathering 232 ntp disable 194 ntp enable 194 ntp peer 195 ntp server 195 ntp server enable 195 ntpdate 102 O Online documentation 9 Online notes 9 Optimization CIFS 254 Encrypted MAPI traffic 272 transparent prepopulation, enabling 251 Outlook 2007, enabling optimization for 274 out-of-path enable 210 P package assignment adpath 407 package assignment adpath remove-all 407 package assignment depid 407 package assignment depid remove-all 408 peer 217 peer addr 340, 384, 385 pfs enable 240 pfs settings 240 pfs share cancel-event 241 pfs share configure 242 pfs share configure, (version 2.0) 244 pfs share manual-sync 246 pfs share modify 247 pfs share upgrade 249 pfs share verify 250 pfs start 251 ping 16 policy acceleration assignment adpath 401, 402, 405 policy acceleration assignment adpath remove-all 401 policy acceleration assignment depid 402 policy acceleration assignment depid remove-all 402 policy acceleration id 402 policy acceleration id cifs 402 policy acceleration id kickoff 406 policy acceleration id mapi 403 policy acceleration id notes 403
policy acceleration id probe-tcp-opt 404 policy endpoint assignment adpath 405 policy endpoint assignment adpath remove-all 405 policy endpoint assignment depid 405 policy endpoint assignment depid remove-all 406 port-label 164 Ports commonly excluded 416 default listening 415 interactive ports forwarded 416 secure automatically forwarded 417 prepop enable 251 prepop share cancel-event 252 prepop share configure 252, 253 prepop share manual-sync 253 Prepopulation overview of 251 Professional services, contacting 10 protocol cifs applock enable 254 protocol cifs disable write optimization 255 protocol cifs dw-throttling enable 254 protocol cifs enable 255 protocol cifs nosupport 256 protocol cifs oopen enable 256 protocol cifs oopen extension 257 protocol cifs oopen policy 258 protocol cifs prepop enable 254 protocol cifs secure-sig-opt enable 258, 259, 260, 262 protocol cifs smb signing delegation 260 protocol cifs smb signing enable 260 protocol cifs smb signing rule 262 protocol cifs smbv1-mode enable 259 protocol connection lan receive buf-size 267 protocol connection lan send buf-size 267 protocol connection wan receive def-buf-size 267 protocol connection wan send def-buf-size 268 protocol ftp 284 protocol http add-cookie 290 protocol http default ntlm enable 290 protocol http enable 291 protocol http insrt-keep-aliv 292 protocol http metadata-resp extension 292 protocol http metadata-resp max-time 292 protocol http metadata-resp min-time 293 protocol http prefetch 293 protocol http server 294 protocol http servers flush 295 protocol http server-subnet 294 protocol http strip-auth-hdr 295 protocol http strip-compress enable 296 protocol mapi 2k3 enable 273 protocol mapi 2k7 native enable 273 protocol mapi enable 271 protocol mapi encrypted enable 272
442
Index
Index
protocol mapi encrypted ntlm-auth enable 272 protocol mapi nspi 274 protocol mapi nspi enable 275 protocol mapi port 275 protocol mapi port-remap enable 276 protocol mapi prepop 276 protocol ms-sql default-rule query-rule 277 protocol ms-sql default-rule rpc-rule 278 protocol ms-sql enable 278 protocol ms-sql fetch-next enable 279 protocol ms-sql num-preack 279 protocol ms-sql port 279 protocol ms-sql query-act rule-id action-id 280 protocol ms-sql query-arg-act rule-id action-id arg-offset expr 280 protocol ms-sql rpc-act rule-id action-id 281 protocol ms-sql rpc-arg rule-id arg-offset expr 282 protocol ms-sql rpc-arg-act rule-id arg-offset expr 282 protocol ms-sql rpc-rule rule-id app-name-regex 283 protocol ms-sql support-app 284 protocol nfs alarm v2-v4 clear 284 protocol nfs default server 285 protocol nfs default volume 286 protocol nfs enable 286 protocol nfs max-directories 287 protocol nfs max-symlinks 287 protocol nfs memory 287 protocol nfs server 288 protocol nfs v2-v4-alarm 289 protocol notes enable 296 protocol notes port 297 protocol oracle-forms enable 270 protocol oracle-forms http-enable 270 protocol ssl backend bypass-interval 298 protocol ssl backend client 298 protocol ssl backend server 298 protocol ssl bulk-export 299 protocol ssl bulk-import 300 protocol ssl ca 304 protocol ssl crl ca 301 protocol ssl crl cas enable 301 protocol ssl crl handshake 302 protocol ssl crl manual 302 protocol ssl crl peering 302 protocol ssl crl query-now 304 protocol ssl enable 305 protocol ssl peering 306 protocol ssl protocol-vers 308, 313 protocol ssl scep peering auto-reenroll 309 protocol ssl scep peering max-num-polls 309 protocol ssl scep peering on-demand cancel 310 protocol ssl scep peering on-demand gen-key-and-csr 310 protocol ssl scep peering on-demand start 311 protocol ssl scep peering passphrase 312
protocol ssl scep peering poll-frequency 312 protocol ssl scep peering trust 312 protocol ssl scep peering url 313 protocol ssl server 314 protocol ssl sfe-mode 314 Q QoS FIFO queue 320 MX-TCP queue 320 SFQ queue 320 qos classification class 319 qos classification enable 322 qos classification interface 322 qos classification mode hierarchy enable 323 qos classification rule add 325 qos classification rule move 326 qos dscp edit-rule 326 qos dscp move-rule 327 qos dscp rule 327 R radius-server host 137 radius-server key 196 radius-server retransmit 138 radius-server timeout 138 raid alarm silence 374 raid swraid add-disk 374 raid swraid fail-disk 375 raid swraid get-rate 375 raid swraid mdadm 375, 376 raid swraid set-rate 376 rbm role 139 rbm role primitive 141 rbm user 140 RBT-Proto, common ports used by the system 415 redirect allow-failure 384 redirect interface 340, 384, 385 redirect peer addr 340 redirect peer name 385 Related reading 9 Release notes 9 reload 102 restart 103 RSP image versions 346 slot, overview of 353, 355 VNI rules, overview of 351 rsp backup delete 343 rsp backup fetch 343 rsp backup upload 343 rsp dataflow 344 rsp enable 345 rsp image delete 347 rsp image fetch 347
Riverbed Command-Line Interface Reference Manual
443
Index
rsp image install 347, 348 rsp image move 348 rsp mgmt-vni 349 rsp opt-vni rule 349 rsp opt-vni vlan 352 rsp package delete 352 rsp package fetch 353 rsp package move 354 rsp shell 354 rsp slot 355 rsp slot backup create 354 rsp slot backup restore 355 rsp slot install package 356, 357 rsp slot priority 356 rsp slot uninstall 357 rsp slot vm memory-size 357 rsp slot watchdog 358 S SDR 339 Secure ports, automatically forwarded 417 Secure vault data store encryption 175 secure vault 317 secure-vault 317 Serial cluster deployment 214 Server Message Block (SMB) optimization 259 service connection pooling 329 service default-port 329 service enable 103, 196 service error reset 103 service map-port 187 service neural-framing 187 service port 188 service restart 104 SFQ queue in QoS 320 show aaa 114 show admission 20 show arp 115 show banner 115 show bootvar 21 show cli 21 show clock 21 show cmc 22, 116, 399 show cmc appliances 399 show cmc group 400 show cmc groups 400 show configuration 116 show configuration files 117 show configuration running 118 show connection 22 show connections 23 show conn-trace 386 show datastore 25
show datastore disk 26 show datastore disklayout 26 show datastore optimization 26 show datastore sync 26 show datastore write-q-prior 27 show email 29 show failover 29 show files debug-dump 119 show files process-dump 119 show files sa 120 show files stats 120 show files tcpdump 120 show hardware 30 show hardware error-log 30 show hardware spec 31 show hardware watchdog 30, 31 show hosts 31 show images 32 show info 32 show in-path 33 show in-path ar-circbuf 33, 41 show in-path asym-route-tab 33, 42 show in-path cdp 34, 35 show in-path cf-timer 34 show in-path drop-when-flap 35 show in-path lsp 35 show in-path macmap-tables 36 show in-path mac-match-vlan 35 show in-path neighbor 36, 386 show in-path neighbor (Steelhead) 36 show in-path neighbor advertiseresync 37, 38 show in-path neighbor peers 387 show in-path neighbor-detail 37 show in-path peering auto 38 show in-path peering disc-outer-acpt 38 show in-path peering rules 38, 39 show in-path probe-caching 39 show in-path rules 40 show in-path send-storeid 40, 41 show in-path simplified routing 41 show in-path vlan-conn-based 41 show interfaces 121 show ip 42 show ip default-gateway 122 show ip route 122 show job 122 show legacy-rsp 43 show licenses 123 show limit bandwidth 43 show limit connection 43 show load balance rules 388 show log 123 show logging 44 show ntp 44
444
Index
Index
show out-of-path 44 show package assignments adpath 408 show package assignments depid 408 show package list 409 show peer version 45 show peers 45 show pfs all-info shares 45, 46 show pfs configuration 46 show pfs settings 46 show pfs stats shares 46, 47 show pfs status 46 show policy acceleration assignments adpath 409 show policy acceleration assignments depid 409, 411 show policy acceleration id cifs findfirst-opt 410 show policy acceleration id cifs holdback-oopen 410 show policy acceleration id mapi port-remap 410 show policy acceleration id probe-tcp-opt 411 show policy endpoint assignments adpath 411 show policy endpoint id kickoff processes 412 show port-label 124 show prepop 47 show protocol cifs 48 show protocol cifs applock 48 show protocol cifs oopen 48 show protocol connection 49 show protocol ftp 49 show protocol http 49 show protocol mapi 50 show protocol ms-sql 50 show protocol ms-sql rules 51 show protocol nfs 51 show protocol notes 52 show protocol oracle-forms 50, 52 show protocol ssl 53 show protocol ssl backend 53 show protocol ssl ca 54 show protocol ssl crl 54 show protocol ssl expiring-certs 55 show protocol ssl peering 56 show protocol ssl scep peering auto-reenroll 56, 59 show protocol ssl scep peering ca 57, 60 show protocol ssl scep peering enrollment status 57, 60 show protocol ssl scep peering on-demand 57, 60 show protocol ssl server 58, 61 show qos classification 61 show qos dscp rules 62 show radius 125 show raid configuration 62 show raid diagram 62 show raid error-msg 63 show raid info 63 show raid physical 64 show rbm primitives 130 show rbm role 130
show rbm roles 132 show rbm user 132, 133 show redirect 389 show redirect peers 389 show rsp 64 show rsp backups 65 show rsp images 65 show rsp opt-vni 66 show rsp package 66 show rsp packages 67 show rsp slot 67 show rsp slots 68 show rsp vmware 68 show rsp vnis 69 show running-config 70 show service 70 show service connection pooling 70 show service neural-framing 70 show service ports 71 show smb signing delegation domains 71 show smb signing rules 71 show smb signing status 72 show snmp 72 show ssh client 72 show ssh server 73 show stats alarm 73 show stats bandwidth 74 show stats connections 75 show stats conn-pool 76 show stats cpu 76 show stats datastore 76 show stats dns 77 show stats ecc-ram 77 show stats fan 77 show stats http 78 show stats memory 78 show stats neighbor-fwd 79 show stats pfs 79 show stats qos 80 show stats settings 81 show stats ssl 81 show stats throughput 82 show stats top-talkers 82 show stats top-talkers protocol 83 show stats top-talkers report 83 show stats top-talkers top-n 84 show stats top-talkers traffic 85 show tacacs 125 show tcp highspeed 86 show tcp max-time-out 86 show tcp reordering 87 show tcp statistics 87 show tcpdump 87 show telnet-server 125
Riverbed Command-Line Interface Reference Manual
445
Index
show terminal 88 show userlog 126 show usernames 126 show version 88 show wccp 88 show wccp service-group 89 show web 91 show web prefs 91 show workgroup account 91 show workgroup configuration 92 show workgroup status 92 slogin 17 smb signing always-sign enable 259 smb signing sign-only enable 259 SNMP traps, summary of sent 422 SNMP MIB, accessing 421 snmp-server community 169 snmp-server contact 169 snmp-server enable 170 snmp-server host 170 snmp-server listen enable 170 snmp-server listen interface 171 snmp-server location 171 snmp-server trap-interface 172 sport codec addr 188 ssh client generate identity user 144 ssh client user authorized-key rsakey sshv2 145 ssh server enable 145 ssh server listen enable 145 ssh server listen interface 146 ssh server v2-only enable 146 ssh slogin 17 stats alarm 105 stats clear-all 109 stats convert 109 stats export 17, 109 stats settings 111 stats settings bandwidth 165 stats settings top-talkers enable 376 stats settings top-talkers interval 377 T tacacs-server first-hit 140 tacacs-server host 141 tacacs-server key 141 tacacs-server retransmit 142 tacacs-server timeout 142 tcp connection send keep-alive 163 tcp highspeed enable 269 tcpdump 111, 114 tcpdump-x all-interfaces 263 tcpdump-x capture-name stop 264 tcpdump-x foreground 265
tcpdump-x interfaces 266 Technical support, contacting 10 telnet-server enable 19, 196 terminal 333 Time zone setting for SMB signing 261 traceroute 20 Traffic flow data, collecting 232 Transparent prepopulation overview of 251 Traps, summary of SNMP traps sent 422 Trust Windows domain 261 U username disable 142 username nopassword 143 username password 143 username password 0 143 username password 7 144 V Vista SMB support 259 VMware Server 346 VNI rules example of 351 VNIs in-path rules for 345 management, overview of 345 W WAN top bandwidth consumers 377 wccp enable 333 wccp mcast-ttl 333 wccp override-return route-no-gre 334 wccp service-group 334 web auto-logout 149 web auto-refresh timeout 150 web enable 150 web http enable 150 web http port 151 web httpd listen enable 151 web httpd listen interface 151 web https enable 152 web https port 152 web prefs log lines 152 web proxy host 153 web session renewal 153 web session timeout 153 web snmp-trap conf-mode enable 154 web ssl cert generate 317 web ssl cert import pem 318 web ssl cert update 318 web ssl protocol sslv2 154
446
Index
Index
web ssl protocol sslv3 154, 155 Windows Vista SMB support 259 workgroup account add 368 workgroup account modify 369 workgroup account remove 369 workgroup join 370 workgroup leave 370 write flash 162 write memory 163 write terminal 163
Riverbed Command-Line Interface Reference Manual
447
You might also like
- Clean Code: A Handbook of Agile Software CraftsmanshipNo ratings yetClean Code: A Handbook of Agile Software Craftsmanship8 pages
- Building A Powerful FreeBSD Firewall Based On PF and IPFW100% (17)Building A Powerful FreeBSD Firewall Based On PF and IPFW13 pages
- Mastering The XMPP Framework: Develop XMPP Chat Applications for iOSFrom EverandMastering The XMPP Framework: Develop XMPP Chat Applications for iOS4.5/5 (2)
- Configuring IPCop Firewalls: Closing Borders with Open SourceFrom EverandConfiguring IPCop Firewalls: Closing Borders with Open SourceNo ratings yet
- Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filterFrom EverandDesigning and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filterNo ratings yet
- Top 35 Network Commands in Linux - Arp - Route - Ip - Netstat - Dig IpCisco PDFNo ratings yetTop 35 Network Commands in Linux - Arp - Route - Ip - Netstat - Dig IpCisco PDF15 pages
- How To - Configure Port Forwarding Using Virtual Host To Access Devices On Internal NetworkNo ratings yetHow To - Configure Port Forwarding Using Virtual Host To Access Devices On Internal Network5 pages
- ICMP CheatSheet Part2 - (Networkwalks - Com) v1No ratings yetICMP CheatSheet Part2 - (Networkwalks - Com) v11 page
- Active Directory Interview Question and AnswersNo ratings yetActive Directory Interview Question and Answers15 pages
- X-SHELL - A Guide Towards Windows Prompt Accesses PDF100% (1)X-SHELL - A Guide Towards Windows Prompt Accesses PDF81 pages
- Hardware and Networking Notes by Jafar Shaikh COCSIT100% (2)Hardware and Networking Notes by Jafar Shaikh COCSIT101 pages
- Linux Iptables Firewall Configuration: Prince - KenshiNo ratings yetLinux Iptables Firewall Configuration: Prince - Kenshi8 pages
- Link Aggregation Control Protocol (LACP)No ratings yetLink Aggregation Control Protocol (LACP)18 pages
- Howto Configure A Mikrotik As Central DHCP Server With Switches As DHCP Relays - Robert Penz BlogNo ratings yetHowto Configure A Mikrotik As Central DHCP Server With Switches As DHCP Relays - Robert Penz Blog15 pages
- B Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Release 6.xNo ratings yetB Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Release 6.x144 pages
- PrplMesh An Open Source Implementation of The Wi Fi Alliance® Multi AP Specification Arnout Vandecappelle EssensiumMind PDFNo ratings yetPrplMesh An Open Source Implementation of The Wi Fi Alliance® Multi AP Specification Arnout Vandecappelle EssensiumMind PDF37 pages
- CCNA Interview Questions and Answers Guide.: Global GuidelineNo ratings yetCCNA Interview Questions and Answers Guide.: Global Guideline27 pages
- Scapy Cheat Sheet: Sending Packets Receiving and Analyzing PacketsNo ratings yetScapy Cheat Sheet: Sending Packets Receiving and Analyzing Packets2 pages
- Cisco Certifications and Training by PyNetNo ratings yetCisco Certifications and Training by PyNet2 pages
- Comptia Network+ N10-006 Authorized Cert GuideNo ratings yetComptia Network+ N10-006 Authorized Cert Guide61 pages
- Theft Alert System and Auto Arresting Sy PDFNo ratings yetTheft Alert System and Auto Arresting Sy PDF7 pages
- ARP Mapping: in A Frame With The MAC Address of The Local Host, or Next-Hop RouterNo ratings yetARP Mapping: in A Frame With The MAC Address of The Local Host, or Next-Hop Router17 pages
- CentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 SystemsFrom EverandCentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 SystemsNo ratings yet
- MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417From EverandMCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417No ratings yet
- Asking For Help - How Do You Protect Python Source Code - Python WikiNo ratings yetAsking For Help - How Do You Protect Python Source Code - Python Wiki3 pages
- Chapter 2 Lab Java Fundamentals Lab ObjectivesNo ratings yetChapter 2 Lab Java Fundamentals Lab Objectives6 pages
- Manual Testing Interview Questions and AnswersNo ratings yetManual Testing Interview Questions and Answers8 pages
- Development Tools For Embedded Software: 1. Compile: Translates Source Code (C) Into Object CodeNo ratings yetDevelopment Tools For Embedded Software: 1. Compile: Translates Source Code (C) Into Object Code6 pages
- Avaya Aura 7 - 0 - 1 - 2 Release Notes I2No ratings yetAvaya Aura 7 - 0 - 1 - 2 Release Notes I2254 pages
- Advanced Visual Basic 6 Techniques - Wiley100% (1)Advanced Visual Basic 6 Techniques - Wiley520 pages
- Configuration Management Models in Commercial Environments: Technical Report CMU/SEI-91-TR-7 ESD-9-TR-7No ratings yetConfiguration Management Models in Commercial Environments: Technical Report CMU/SEI-91-TR-7 ESD-9-TR-759 pages
- IPR Casestudy - Google LLC v. Oracle America, Inc.No ratings yetIPR Casestudy - Google LLC v. Oracle America, Inc.10 pages
- Release Notes: Autodesk Stitcher™ Unlimited 2009 Service Pack 1No ratings yetRelease Notes: Autodesk Stitcher™ Unlimited 2009 Service Pack 110 pages
- 3.1 Feature Extraction 3.1.1 Delivery Updates: 3. MethodologyNo ratings yet3.1 Feature Extraction 3.1.1 Delivery Updates: 3. Methodology2 pages
- Clean Code: A Handbook of Agile Software CraftsmanshipClean Code: A Handbook of Agile Software Craftsmanship
- Building A Powerful FreeBSD Firewall Based On PF and IPFWBuilding A Powerful FreeBSD Firewall Based On PF and IPFW
- Mastering The XMPP Framework: Develop XMPP Chat Applications for iOSFrom EverandMastering The XMPP Framework: Develop XMPP Chat Applications for iOS
- Configuring IPCop Firewalls: Closing Borders with Open SourceFrom EverandConfiguring IPCop Firewalls: Closing Borders with Open Source
- Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filterFrom EverandDesigning and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter
- Top 35 Network Commands in Linux - Arp - Route - Ip - Netstat - Dig IpCisco PDFTop 35 Network Commands in Linux - Arp - Route - Ip - Netstat - Dig IpCisco PDF
- How To - Configure Port Forwarding Using Virtual Host To Access Devices On Internal NetworkHow To - Configure Port Forwarding Using Virtual Host To Access Devices On Internal Network
- X-SHELL - A Guide Towards Windows Prompt Accesses PDFX-SHELL - A Guide Towards Windows Prompt Accesses PDF
- Hardware and Networking Notes by Jafar Shaikh COCSITHardware and Networking Notes by Jafar Shaikh COCSIT
- Linux Iptables Firewall Configuration: Prince - KenshiLinux Iptables Firewall Configuration: Prince - Kenshi
- Howto Configure A Mikrotik As Central DHCP Server With Switches As DHCP Relays - Robert Penz BlogHowto Configure A Mikrotik As Central DHCP Server With Switches As DHCP Relays - Robert Penz Blog
- B Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Release 6.xB Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Release 6.x
- PrplMesh An Open Source Implementation of The Wi Fi Alliance® Multi AP Specification Arnout Vandecappelle EssensiumMind PDFPrplMesh An Open Source Implementation of The Wi Fi Alliance® Multi AP Specification Arnout Vandecappelle EssensiumMind PDF
- CCNA Interview Questions and Answers Guide.: Global GuidelineCCNA Interview Questions and Answers Guide.: Global Guideline
- Scapy Cheat Sheet: Sending Packets Receiving and Analyzing PacketsScapy Cheat Sheet: Sending Packets Receiving and Analyzing Packets
- ARP Mapping: in A Frame With The MAC Address of The Local Host, or Next-Hop RouterARP Mapping: in A Frame With The MAC Address of The Local Host, or Next-Hop Router
- Unix / Linux FAQ: with Tips to Face InterviewsFrom EverandUnix / Linux FAQ: with Tips to Face Interviews
- CentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 SystemsFrom EverandCentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 Systems
- MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417From EverandMCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417
- Asking For Help - How Do You Protect Python Source Code - Python WikiAsking For Help - How Do You Protect Python Source Code - Python Wiki
- Development Tools For Embedded Software: 1. Compile: Translates Source Code (C) Into Object CodeDevelopment Tools For Embedded Software: 1. Compile: Translates Source Code (C) Into Object Code
- Configuration Management Models in Commercial Environments: Technical Report CMU/SEI-91-TR-7 ESD-9-TR-7Configuration Management Models in Commercial Environments: Technical Report CMU/SEI-91-TR-7 ESD-9-TR-7
- IPR Casestudy - Google LLC v. Oracle America, Inc.IPR Casestudy - Google LLC v. Oracle America, Inc.
- Release Notes: Autodesk Stitcher™ Unlimited 2009 Service Pack 1Release Notes: Autodesk Stitcher™ Unlimited 2009 Service Pack 1
- 3.1 Feature Extraction 3.1.1 Delivery Updates: 3. Methodology3.1 Feature Extraction 3.1.1 Delivery Updates: 3. Methodology