Riverbed Command-Line Interface Reference Manual
Uploaded by
jascottnhRiverbed Command-Line Interface Reference Manual
Uploaded by
jascottnhRiverbed Command-Line Interface Reference Manual
Version 6.5 March 2011
2003-2011 Riverbed Technology, Incorporated. All rights reserved. Riverbed Technology, Riverbed, Steelhead, Virtual Steelhead, RiOS, Interceptor, Think Fast, the Riverbed logo, Mazu, Profiler, and Cascade are trademarks or registered trademarks of Riverbed Technology, Inc. All other trademarks used or mentioned herein belong to their respective owners. Apple and Mac are registered trademarks of Apple, Incorporated in the United States and in other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. Microsoft, Windows, Vista, Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation in the United States and in other countries. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation in the United States and in other countries. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/Open Company, Ltd. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated in the United States and in other countries. Cisco is a registered trademark of Cisco Systems, Inc. and its affiliates in the United States and in other countries. EMC, Symmetrix, and SRDF are registered trademarks of EMC Corporation and its affiliates in the United States and in other countries. IBM, iSeries, and AS/400 are registered trademarks of IBM Corporation and its affiliates in the United States and in other countries. Parts of this product are derived from the following software: Apache 2000-2003. The Apache Software Foundation. All rights reserved. Busybox 1999-2005 Eric Andersen ethtool 1994, 1995-8, 1999, 2001, 2002 Free Software Foundation, Inc Less 1984-2002 Mark Nudelman Libevent 2000-2002 Niels Provos. All rights reserved. LibGD, Version 2.0 licensed by Boutell.Com, Inc. Libtecla 2000, 2001 by Martin C. Shepherd. All rights reserved. Linux Kernel Linus Torvalds login 2.11 1993 The Regents of the University of California. All rights reserved. md5, md5.cc 1995 University of Southern California, 1991-2, RSA Data Security, Inc. my_getopt.{c,h} 1997, 2000, 2001, 2002, Benjamin Sittler. All rights reserved. NM SDK, v4.0P1, 2008 Netapp Inc. All rights reserved. NET-SNMP 1989, 1991, 1992 by Carnegie Mellon University. All rights reserved. Derivative Work - 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of the University of California. All rights reserved. OpenSSH 1983, 1990, 1992, 1993, 1995, 1993 The Regents of the University of California. All rights reserved. pam 2002-2004 Tall Maple Systems, Inc. All rights reserved. pam-radius 1989, 1991 Free Software Foundation, Inc. pam-tacplus 1997-2001 by Pawel Krawczyk sscep 2003 Jarkko Turkulainen. All rights reserved. ssmtp GNU General Public License syslogd 2002-2005 Tall Maple Systems, Inc. All rights reserved. Vixie-Cron 1988, 1990, 1993, 1994 by Paul Vixie. All rights reserved. Zile 1997-2001 Sandro Sigalam 2003 Reuben Thomas. All rights reserved. This product includes software developed by the University of California, Berkeley (and its contributors), EMC, and Comtech AHA Corporation. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. NetApp Manageability Software Development Kit (NM SDK), including any third party software available for review with such SDK which can be found at http://communities.netapp.com/docs/DOC-3777, and are included in a NOTICES file included within the downloaded files. For detailed copyright and license agreements or modified source code (where required), see the Riverbed Support site at https:/ /support.riverbed.com. Certain libraries were used in the development of this software, licensed under GNU Lesser General Public License, Version 2.1, February 1999. For a list of libraries, see the Riverbed Support at https://support.riverbed.com. You must log in to the support site to request modified source code. Other product names, brand names, marks, and symbols are registered trademarks or trademarks of their respective owners. The content of this manual is furnished on a RESTRICTED basis and is subject to change without notice and should not be construed as a commitment by Riverbed Technology, Incorporated. Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in Subparagraphs (c) (1) and (2) of the Commercial Computer Software Restricted Rights at 48 CFR 52.227-19, as applicable. Riverbed Technology, Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in this book.
Riverbed Technology
199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Web: http://www.riverbed.com
Part Number 712-00002-14
Contents
Preface......................................................................................................................................................... 7 About This Guide ..........................................................................................................................................7 Audience ..................................................................................................................................................7 Document Conventions .........................................................................................................................7 Product Dependencies and Compatibility .................................................................................................8 Hardware and Software Dependencies...............................................................................................8 Riverbed Services Platform 32-Bit and 64-Bit Support .....................................................................9 Additional Resources ....................................................................................................................................9 Release Notes ..........................................................................................................................................9 Riverbed Documentation and Support Knowledge Base.................................................................9 Contacting Riverbed....................................................................................................................................10 Internet ...................................................................................................................................................10 Support...................................................................................................................................................10 Professional Services ............................................................................................................................10 Documentation......................................................................................................................................10 Chapter 1 - Using the Command-Line Interface .................................................................................... 11 Connecting to the CLI .................................................................................................................................11 Overview of the CLI ....................................................................................................................................12 CLI Cross-Product Support ........................................................................................................................13 Entering Commands ...................................................................................................................................13 Accessing Online Help................................................................................................................................13 Error Messages .............................................................................................................................................13 Command Negation ....................................................................................................................................14 Running the Configuration Wizard ..........................................................................................................14 Saving Configuration Changes..................................................................................................................14 Chapter 2 - User-Mode Commands.........................................................................................................15 System Administration Commands..........................................................................................................16
Riverbed Command-Line Interface Reference Manual
iii
Contents
Displaying System Data..............................................................................................................................21 Chapter 3 - Enable-Mode Commands................................................................................................... 115 System Administration Commands........................................................................................................115 Displaying System Data............................................................................................................................132 Chapter 4 - Configuration-Mode Commands .......................................................................................149 System Administration Commands........................................................................................................150 Displaying Role-Based Management Configuration Settings .....................................................150 AAA, Role-Based Management, Radius, and TACACS+ Commands .......................................151 ACL Management Commands.........................................................................................................162 Secure Shell Access Commands .......................................................................................................167 CLI Terminal Configuration Commands ........................................................................................170 Web Configuration Commands........................................................................................................172 Configuration File Commands .........................................................................................................178 Port Label Commands .......................................................................................................................188 Statistics Manipulation Commands.................................................................................................189 Notification Commands ....................................................................................................................190 Data Store Configuration Commands .............................................................................................193 Data Store Replication and Protection Commands .......................................................................199 SNMP Commands ..............................................................................................................................203 Logging Commands...........................................................................................................................212 License and Hardware Upgrade Commands.................................................................................217 System Administration and Service Commands ...........................................................................219 Host Setup Commands......................................................................................................................222 Steelhead Appliance Feature Configuration Commands ....................................................................230 In-Path and Virtual In-Path Support Commands ..........................................................................232 Out-of-Path Support...........................................................................................................................249 Peering Commands ............................................................................................................................250 Asymmetric Route Detection Commands ......................................................................................258 Connection Forwarding.....................................................................................................................263 Simplified Routing Support Commands ........................................................................................269 Subnet-Side Rule Commands ...........................................................................................................273 Data Flow Support Commands........................................................................................................275 IPSec Commands ................................................................................................................................279 PFS Support Commands ...................................................................................................................283 CIFS Prepopulation Support Commands .......................................................................................294 CIFS, SMB, and SMB2 Support Commands ...................................................................................297 RiOS TCP Dump Commands ...........................................................................................................309 High-Speed TCP Support Commands ............................................................................................312 Oracle Forms Support Commands ..................................................................................................317 MAPI Support Commands ...............................................................................................................319 MS-SQL Blade Support Commands ................................................................................................326 FTP Support Commands ...................................................................................................................334 NFS Support Commands ..................................................................................................................335 HTTP Support Commands ...............................................................................................................340 Lotus Notes Commands ....................................................................................................................346
iv
Riverbed Command-Line Interface Reference Manual
Contents
Citrix Support Commands ................................................................................................................348 FCIP Support Commands .................................................................................................................350 SRDF Support Commands ................................................................................................................353 SSL Support Commands ...................................................................................................................357 Secure Peering (Secure Inner Channel) Commands......................................................................382 QoS Support Commands...................................................................................................................395 Connection Pooling Commands ......................................................................................................420 WAN Visibility (Transparency) Commands ...................................................................................421 WCCP Support Commands ..............................................................................................................425 Failover Support Commands............................................................................................................432 RSP Commands ..................................................................................................................................435 DNS Cache Commands .....................................................................................................................465 Domain and Workgroup Commands ..............................................................................................472 Job Commands....................................................................................................................................476 Debugging Commands......................................................................................................................480 Raid Commands .................................................................................................................................482 Top Talkers Commands .....................................................................................................................484 Network Test Commands..................................................................................................................485 Remote Management Port Commands ...........................................................................................488 Windows Domain Authentication Delegation Commands .........................................................491 Management In-Path Interface Commands....................................................................................495 Hardware-Assist Rule Commands ..................................................................................................498 Interceptor Appliance Feature Commands............................................................................................501 Interceptor System Commands ........................................................................................................502 Load-Balancing Commands..............................................................................................................502 Interceptor Peering and Redirect Commands ................................................................................506 Configuring Load Balancing In-Path Pass-Through Rules ..........................................................511 Displaying Interceptor Settings ........................................................................................................514 Central Management Console Feature Commands..............................................................................518 CMC Configuration and Backup Commands ................................................................................519 CMC Email Commands.....................................................................................................................521 CMC Policy Commands ....................................................................................................................522 CMC Send CLI Commands...............................................................................................................523 CMC Upgrade Commands ...............................................................................................................525 CMC Export Commands ...................................................................................................................527 Displaying CMC Data........................................................................................................................528 Steelhead Mobile Controller Feature Commands.................................................................................530 Acceleration Policy Commands .......................................................................................................530 Endpoint Information Commands...................................................................................................534 Endpoint Policy Commands .............................................................................................................534 Package Commands ...........................................................................................................................537 Miscellaneous Steelhead Mobile Commands.................................................................................538 Displaying Steelhead Mobile Information......................................................................................538 Cloud Steelhead Feature Commands .....................................................................................................544 Displaying Cloud Steelhead Information .......................................................................................548
Riverbed Command-Line Interface Reference Manual
Contents
Chapter 5 - Troubleshooting..................................................................................................................553 Appendix A - Riverbed Ports .................................................................................................................555 Secure Ports Forwarded by the Steelhead Appliance ..........................................................................557 Appendix B - Steelhead Appliance MIB................................................................................................561 Retrieving Optimized Traffic Statistics By Port..............................................................................562 SNMP Traps................................................................................................................................................562 Acronyms and Abbreviations................................................................................................................575 Index ........................................................................................................................................................581
vi
Riverbed Command-Line Interface Reference Manual
Preface
Welcome to the Riverbed Command-Line Interface Reference Manual. The Management Console makes managing your Steelhead appliance simpler through a Web browser interface. Read this preface for an overview of the information provided in this guide and the documentation conventions used throughout, hardware and software dependencies, and contact information. It includes the following sections: About This Guide on page 7 Product Dependencies and Compatibility on page 8 Additional Resources on page 9 Contacting Riverbed on page 10
About This Guide
The Riverbed Command-Line Interface Reference Manual describes how to configure and monitor the Steelhead appliance using the Management Console.
Audience
This guide is written for storage and network administrators familiar with administering and managing WANs using common network protocols such as TCP, CIFS, HTTP, FTP, and NFS.
Document Conventions
This manual uses the following standard set of typographical conventions.
o
Convention italics boldface
Meaning Within text, new terms and emphasized words appear in italic typeface. Within text, CLI commands and GUI controls appear in bold typeface.
Riverbed Command-Line Interface Reference Manual
Preface
Product Dependencies and Compatibility
Convention Courier
Meaning Code examples appears in Courier font. For example:
login as: admin Riverbed Steelhead Last login: Wed Jan 20 13:02:09 2010 from 10.0.1.1 amnesiac > enable amnesiac # configure terminal
<>
Values that you specify appear in angle brackets. For example: interface <ipaddress>
[]
Optional keywords or variables appear in brackets. For example: ntp peer <addr> [version <number>]
{}
Required keywords or variables appear in braces. For example: {delete <filename> | upload <filename>}
The pipe symbol represents a choice to select one keyword or variable to the left or right of the symbol. (The keyword or variable can be either optional or required.) For example: {delete <filename> | upload <filename>}
Product Dependencies and Compatibility
This section provides information about product dependencies and compatibility. It includes the following sections: Hardware and Software Dependencies on page 8 Riverbed Services Platform 32-Bit and 64-Bit Support on page 9
Hardware and Software Dependencies
The following table summarizes the hardware and software requirements for the Steelhead appliance.
Riverbed CLI Hardware Requirements One of the following: An ASCII terminal or emulator that can connect to the serial console (9600 baud, 8 bits, no parity, 1 stop bit, and no flow control). A computer with an SSH client that is connected by an IP network to the appliance primary interface. Software/Operating System Requirements Secure Shell. Free SSH clients include PuTTY for Windows computers, OpenSSH for many Unix and Unix-like operating systems, and Cygwin.
Riverbed Command-Line Interface Reference Manual
Additional Resources
Preface
Riverbed Services Platform 32-Bit and 64-Bit Support
The following table describes the models that support 32-bit and 64-bit Virtual Machines (VMs). The 64-bit guest VMs (such as Windows Server 2008 R2) are not supported on the Models 250, 550, and the 1U xx20s because these models do not incorporate Virtual Technology (VT) support.
Steelhead Model 250/550 520/1020/1520/2020 1050/2050 3020/3520 5050/6050/7050
:
RiOS 32-bit 64-bit 64-bit 64-bit 64-bit
RSP Image 32-bit 64-bit 64-bit 64-bit 64-bit
32-bit Guest VMs Yes Yes Yes Yes Yes
64-bit Guest VMs No No Yes (starting v5.5.3a) Yes (starting v5.5.1) Yes
Additional Resources
This section describes resources that supplement the information in this guide. It includes the following sections: Release Notes on page 9 Riverbed Documentation and Support Knowledge Base on page 9
Release Notes
The following online file supplements the information in this manual. It is available on the Riverbed Support site at https://support.riverbed.com.
Online File <product>_<version_number> <build_number>.pdf Purpose Describes the product release and identifies fixed problems, known problems, and workarounds. This file also provides documentation information not covered in the manuals or that has been modified since publication.
Please examine this file before you begin the installation and configuration process. It contains important information about this release of the Steelhead appliance.
Riverbed Documentation and Support Knowledge Base
For a complete list and the most current version of Riverbed documentation log in to the Riverbed Support Web site located at https://support.riverbed.com. The Riverbed Knowledge Base is a database of known issues, how-to documents, system requirements, and common error messages. You can browse titles or search for key words and strings. To access the Riverbed Knowledge Base, log in to the Riverbed Support site located at https://support.riverbed.com.
Riverbed Command-Line Interface Reference Manual
Preface
Contacting Riverbed
Contacting Riverbed
This section describes how to contact departments within Riverbed.
Internet
You can find out about Riverbed products through our Web site at http://www.riverbed.com.
Support
If you have problems installing, using, or replacing Riverbed products contact Riverbed Support or your channel partner who provides support. To contact Riverbed Support, please open a trouble ticket at https://support.riverbed.com or call 1-888-RVBD-TAC (1-888-782-3822) in the United States and Canada or +1 415 247 7381 outside the United States.
Professional Services
Riverbed has a staff of professionals who can help you with installation assistance, provisioning, network redesign, project management, custom designs, consolidation project design, and custom coded solutions. To contact Riverbed Professional Services go to http://www.riverbed.com or email [email protected].
Documentation
We continually strive to improve the quality and usability of our documentation. We appreciate any suggestions you may have about our online documentation or printed materials. Send documentation comments to [email protected].
10
Riverbed Command-Line Interface Reference Manual
CHAPTER 1
Using the Command-Line Interface
This chapter describes how to access and use the CLI. This chapter includes the following sections: Connecting to the CLI on page 11 Overview of the CLI on page 12 CLI Cross-Product Support on page 13 Entering Commands on page 13 Accessing Online Help on page 13 Error Messages on page 13 Command Negation on page 14 Running the Configuration Wizard on page 14 Saving Configuration Changes on page 14
Connecting to the CLI
This section assumes you have already performed the initial setup of the appliance using the configuration wizard. For detailed information, see the installation guide for the system. To connect the CLI 1. You can connect to the CLI using one of the following options: An ASCII terminal or emulator that can connect to the serial console. It must have the following settings: 9600 baud, 8 bits, no parity, 1 stop bit, and no flow control. A computer with an SSH client that is connected to the appliance Primary port (in rare cases, you might connect through the Auxiliary port). 2. At the system prompt enter the following command if the appliance resolves to your local DNS:
ssh [email protected]
otherwise at the system prompt enter the following command:
ssh admin@ipaddress
Riverbed Command-Line Interface Reference Manual
11
Using the Command-Line Interface
Overview of the CLI
3. When prompted, enter the administrator password. This is the password you set during the initial configuration process. The default password is password. For example:
login as: admin Riverbed Steelhead Last login: Wed Jan 20 13:02:09 2010 from 10.0.1.1 amnesiac >
You can also log in as a monitor user (monitor). Monitor users cannot make configuration changes to the system. Monitor users can view statistics and system logs.
Overview of the CLI
The CLI has the following modes: User - When you start a CLI session, you begin in the default, user-mode. From user-mode you can run common network tests such as ping and view network configuration settings and statistics. You do not enter a command to enter user-mode. To exit this mode, enter exit at the command line. Enable - To access system monitoring commands, you must enter enable-mode. From enable-mode, you can enter any enable-mode command or enter configuration-mode. You must be an administrator user to enter enable-mode. In enable-mode you can perform basic system administration tasks, such as restarting and rebooting the system. To exit this mode, enter disable at the command line. You cannot enter enable-mode if you are a monitor user. Configuration - To make changes to the running configuration, you must enter configuration-mode. To save configuration changes to memory, you must enter the write memory command. To enter configuration-mode, you must first be in enable-mode. To exit this mode, enter exit at the command line. The commands available to you depend on which mode you are in. Entering a question mark (?) at the system prompt provides a list of commands for each command mode.
Mode user Access Method Each CLI session begins in user-mode. System Prompt host > Exit Method exit Description Perform common network tests, such as ping. Display system settings and statistics. enable Enter the enable command at the system prompt while in user-mode. host # disable Perform basic system administration tasks, such as restarting and rebooting the system. Display system data and statistics. Perform all user-mode commands. configuration Enter the configure terminal command at the system prompt while in enable-mode. host (config) # exit Configure system parameters. Perform all user and enable-mode commands.
12
Riverbed Command-Line Interface Reference Manual
CLI Cross-Product Support
Using the Command-Line Interface
CLI Cross-Product Support
Many of the CLI commands are applicable to multiple Riverbed products. For example the following Riverbed products use the enable command: Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile, and Whitewater. Each CLI command includes the list of products that support it in the Product row. Note: Many CLI commands that are common across product lines might contain information that is applicable only to the Steelhead appliance. If you have questions about the usage of a command, contact Riverbed Support.
Entering Commands
The CLI accepts abbreviations for commands. The following example is the abbreviation for the configure terminal command:
amnesiac # configure t
You can press the tab key to complete a CLI command automatically.
Accessing Online Help
At the system prompt, type the full or partial command string followed by a question mark (?). The CLI displays the command keywords or parameters for the command and a short description. You can display help information for each parameter by typing the command, followed by the parameter, followed by a question mark. To access online help At the system prompt enter the following command:
amnesiac (config) # show ?
To display help for additional parameters, enter the command and parameter:
amnesiac (config) # access ? enable Enable secure network access inbound Secure access inbound configuration amnesiac (config) # access inbound ? rule Secure access inbound rule configuration amnesiac (config) # access inbound rule ? add Add a secure network access rule edit Edit a secure network access rule move Move a secure network access rule
Error Messages
If at any time the system does not recognize the command or parameter, it displays the following message:
Riverbed Command-Line Interface Reference Manual
13
Using the Command-Line Interface
Command Negation
amnesiac (config) # logging files enable % Unrecognized command "enable". Type "logging files?" for help.
If a command is incomplete, the following message is displayed:
amnesiac (config) # logging % Incomplete command. Type "logging ?" for help.
Command Negation
You can type no before many of the commands to negate the syntax. Depending on the command or the parameters, command negation disables the feature or returns the parameter to the default value.
Running the Configuration Wizard
You can restart the configuration wizard so that you can change your initial configuration parameters. To restart the configuration wizard Enter the following set of commands at the system prompt:
enable configure terminal configuration jump-start
Saving Configuration Changes
The show configuration running command displays the current configuration of the system. When you make a configuration change to the system, the change becomes part of the running configuration. The change does not automatically become part of the configuration file in memory until you write the file to memory. If you do not save your changes to memory, they are lost when the system restarts. To save all configuration changes to memory, you must enter the write memory command while in configuration-mode.
14
Riverbed Command-Line Interface Reference Manual
CHAPTER 2
User-Mode Commands
This chapter is a reference for user-mode commands. It includes the following sections: System Administration Commands on page 16 Displaying System Data on page 21 User-mode commands allow you to enter enable-mode, display system data, and perform standard networking tasks. Monitor users can perform user-mode commands. All commands available in user-mode are also available to administrator users. For detailed information about monitor and administrator users, see the Steelhead Management Console Users Guide. To enter user-mode Connect to the CLI and enter the following command:
login as: admin Riverbed Steelhead Last login: Wed Jan 20 13:02:09 2010 from 10.0.1.1 amnesiac >
Riverbed Command-Line Interface Reference Manual
15
User-Mode Commands
System Administration Commands
System Administration Commands
This section describes the system administration commands that are available in user-mode.
enable
Description Syntax Parameters Usage Example Product Enters enable-mode. enable None You must enter enable-mode before you can perform standard network monitoring tasks.
amnesiac > enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller
exit
Description Syntax Parameters Example Product Exits the CLI when in user-mode; exits configuration-mode when in configuration-mode. exit None
amnesiac > exit
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller
ping
Description Syntax Parameters Usage Executes the ping utility to send ICMP ECHO_REQUEST packets to network hosts using IPv4 addresses, for troubleshooting. ping [<options>] <options> The ping command takes the standard Linux options. For detailed information, see the Linux manual (man) page.
The ping command without any options pings from the primary or the auxiliary (aux) interface and not the in-path interfaces. If the primary and auxiliary interfaces are not on the same network as the in-path interfaces, you will not be able to ping an IP address on the in-path interface network unless you have a gateway between the two networks. To ping from an in-path interface, use the following syntax:
ping -I <in-path interface IP address> <destination IP address>
16
Riverbed Command-Line Interface Reference Manual
ping6
User-Mode Commands
Example
amnesiac > ping -I 10.1.1.1 10.11.22.15 PING 10.11.22.15 (10.11.22.15) from 10.1.1.1: 56(84) bytes of data. 64 bytes from 10.11.22.15: icmp_seq=0 ttl=64 time=0.044 ms 64 bytes from 10.11.22.15: icmp_seq=1 ttl=64 time=0.038 ms 64 bytes from 10.11.22.15: icmp_seq=2 ttl=64 time=0.040 ms
Product
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller
ping6
Description Syntax Parameters Usage Example Sends ICMP6_ECHO_REQUEST packets to a network host or gateway using IPv6 addresses, for troubleshooting. ping6 [<options>] <options> The ping6 command takes the standard Linux options. For detailed information, see the Linux manual (man) page.
The ping6 command without any options pings from the primary or the auxiliary (aux) interface.
amnesiac > ping6 fe80::20e:b6ff:fe04:2788 fe80::20e:b6ff:fe02:b5b0 PING fe80::20e:b6ff:fe04:2788(fe80::20e:b6ff:fe04:2788) from fe80::20e:b6ff:fe02:b5b0 primary: 56 data bytes 64 bytes from fe80::20e:b6ff:fe04:2788: icmp_seq=0 ttl=64 time=1.14 ms 64 bytes from fe80::20e:b6ff:fe04:2788: icmp_seq=1 ttl=64 time=0.186 ms --- fe80::20e:b6ff:fe04:2788 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.186/0.667/1.148/0.481 ms, pipe 2::0101:B3FF:FE1E:8937 2001:38dc:52::e9a4:c5:1001
Product Related Topics
Steelhead appliance, Cloud Steelhead, Whitewater ipv6 enable
slogin
Description Syntax Parameters Example Product Related Topics Enables log in to another system securely using SSH. slogin [<options>] <options> Specify slogin options. To view options, enter slogin at the system prompt.
amnesiac > slogin -l usertest
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show ssh client, show ssh server
Riverbed Command-Line Interface Reference Manual
17
User-Mode Commands
ssh slogin
ssh slogin
Description Syntax Parameters Example Product Related Topics Enables log in to another system using ssh. ssh slogin <cr> <slogin options> <slogin options> Specify slogin options. To view options, enter slogin at the system prompt.
amnesiac > ssh slogin
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show ssh client, show ssh server
stats export
Description Syntax Enables export of statistics ssh export <csv> <report name> after <yyyy>/<mm>/<dd> before <yyyy>/<mm>/<dd> email <email-addr> filename <filename>
18
Riverbed Command-Line Interface Reference Manual
stats export
User-Mode Commands
Parameters
<csv> <report name>
Specify the file format for export: csv Specify one of the following reports: cpu_util - CPU utilization. memory - Memory utilization. paging - Paging I/O. bw - Aggregate Bandwidth. th_peak - Peak Throughput. th_p95 - P95 Throughput. pass - Aggregate Pass-through Traffic. cpool - Aggregate Connection Pooling. nfs - Aggregate NFS Report. pfs - Aggregate PFS Report. conn_history - Connection History. dstore - Data Store Hit. ssl - SSL statistics. ssl_peak - SSL peak statistics. http - HTTP statistics. qos - QOS statistics. top-conversations - Top Conversations Report. top-senders - Top Senders Report. top-receivers - Top Receivers Report. top-applications - Top Applications Report.
after <yyyy>/ <mm>/<dd> before <yyyy>/ <mm>/<dd> email <emailaddr> filename <filename> Example Product Related Topics
Includes statistics collected after a specific time.
Includes statistics collected before a specific time.
Specify the address where the report is to be emailed.
Specify a filename for the new report.
amnesiac > stats export csv ssl after 2008/09/01 filename ssltest
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show stats alarm
Riverbed Command-Line Interface Reference Manual
19
User-Mode Commands
telnet
telnet
Description Syntax Parameters Enables log in to another system using telnet. telnet <cr> <telnet options> <telnet options> Specify telnet command options: close - Close current connection. logout - Forcibly logout remote user and close the connection. display - Display operating parameters. mode - Try to enter line or character mode ('mode ?' for more). open - Connect to a site. quit - Exit telnet. send - Transmit special characters ('send ?' for more). set - Set operating parameters ('set ?' for more). unset - Unset operating parameters ('unset ?' for more). status - Print status information. toggle - Toggle operating parameters ('toggle ?' for more). slc - Change state of special characters ('slc ?' for more). z - Suspend telnet. ! - Invoke a subshell. environ - Change environment variables ('environ ?' for more). ? - Print help information. Example Product Related Topics
amnesiac > telnet telnet >
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show terminal
terminal
Description Syntax Parameters Sets terminal settings. terminal length <lines> | type <terminal_type> | terminal width <number of characters>} terminal length <lines> [no] terminal type <terminal_type> terminal width <number of characters> Usage Sets the number of lines 0-1024; 0 to disable paging. The no command option disables the terminal length. Sets the terminal type. The no command option disables the terminal type. Sets the width number of characters. The no command option disables the terminal width.
The no command option disables terminal settings.
20
Riverbed Command-Line Interface Reference Manual
traceroute
User-Mode Commands
Example Product Related Topics
amnesiac > terminal width 1024
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show cli, show clock, show terminal
traceroute
Description Syntax Parameters Example Executes the traceroute utility for IPv4 addresses. The traceroute command takes the standard Linux options. traceroute [<options>] <options> The traceroute command takes the standard Linux options. For detailed information, see the Linux manual (man) page.
amnesiac > traceroute amnesiac traceroute to amnesiac.domain.com (10.0.0.3), 30 hops max, 38 byte packets 1 amnesiac (10.0.0.3) 0.035 ms 0.021 ms 0.013 ms
Product
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller
traceroute6
Description Syntax Parameters Example Executes the traceroute utility for IPv6 addresses. The traceroute6 command takes the standard Linux options. traceroute6 [<options>] <options> The traceroute6 command takes the standard Linux options. For detailed information, see the Linux manual (man) page.
amnesiac > traceroute6 amnesiac traceroute6 to amnesiac.domain.com (2001:38dc:52::e9a4:c5:6282/64), 30 hops max, 38 byte packets 1 amnesiac (2001:38dc:52::e9a4:c5:6282/64) 0.035 ms 0.021 ms 0.013 ms
Product Related Topics
Steelhead appliance ipv6 enable
Displaying System Data
This section describes the commands to display system data. Monitor users can display non-sensitive system data (for example, data that does not include passwords or user information).
show access inbound rules
Description Syntax Displays secure network access inbound configuration. show access inbound rules
Riverbed Command-Line Interface Reference Manual
21
User-Mode Commands
show access status
Example
amnesiac > show access inbound rules Secure network access enabled: no Rule A Prot Service/ports ----- - ---- ------------A tcp 7800 A tcp 7801 A tcp 7810 A tcp 7820 A tcp 7850 A tcp ssh 1 A udp all 2 A udp 53 amnesiac-sh75 (config) # Src network iface ------------------ --------0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 10.0.24.7/32 0.0.0.0/0 0.0.0.0/0 Description -----------------------
Allow DNS lookups DNS Caching
Product Related Topics
CMC appliance, Steelhead appliance, Steelhead Mobile Controller ACL Management Commands
show access status
Description Syntax Example Product Related Topics Displays secure network access status. show access status
amnesiac > show access status
CMC appliance, Steelhead appliance, Steelhead Mobile Controller ACL Management Commands
show admission
Description Syntax Parameters Usage Displays admission control settings, including actual values of current connections and memory usage are displayed. show admission <cr> | control control Displays admission control settings.
After performing a model upgrade (for example, upgrading from a 1020 to a 1520), you must reapply admission control overrides relative to the default admission control values of the new model. For assistance with setting admission control overrides, please contact Riverbed Support.
22
Riverbed Command-Line Interface Reference Manual
show bootvar
User-Mode Commands
Example
amnesiac > show admission control Enable Admission Control Override Settings: no Override Settings: Connection Enable: Connection Cutoff: Memory Enable: Memory Cutoff: Low Memory Ratio: Current Settings: Connection Enable: Connection Cutoff: Memory Enable: Memory Cutoff: Low Memory Ratio: Current State: Connections: Memory:
6000 6100 5100 MB 5200 MB 96%
6000 6100 5100 MB 5200 MB 96%
0 4042 MB
Product Related Topics
Steelhead appliance Configuration File Commands
show bootvar
Description Syntax Parameters Example Displays the software image that is booted upon the next reboot. show bootvar None
amnesiac > show bootvar Installed images: Partition 1: rbtsh/linux columbia #1 2004-02-07 19:24:24 root@test:repository Partition 2: rbtsh/linux Columbia #2 2004-02-13 17:30:17 root@test:repository Last boot partition: 1 Next boot partition: 1
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller hardware watchdog enable, image boot
show cli
Description Syntax Parameters Displays current CLI settings. show cli None
Riverbed Command-Line Interface Reference Manual
23
User-Mode Commands
show clock
Example
amnesiac > show cli CLI current session settings Maximum line size: 8192 Terminal width: 157 columns Terminal length: 15 rows Terminal type: xterm Auto-logout: 30 minutes Paging: enabled CLI defaults for future sessions Auto-logout: 30 minutes Paging: enabled
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller CLI Terminal Configuration Commands
show clock
Description Syntax Parameters Example Displays current date and time. show clock None
amnesiac > show clock Time: 15:11:13 Date: 2008/10/18 Zone: America North United_States Pacific
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Host Setup Commands
show cmc
Description Syntax Parameters Example Displays CMC related settings. show cmc None
amnesiac > show cmc CMC auto-registration enabled: CMC auto-registration hostname: Managed by CMC: CMC hostname: Auto configuration status: Last message sent to cmc: Time that message was sent: yes riverbedcmc.nbttech.com yes tsfe7 (10.02.20.7) Inactive Auto-registration Fri Oct 17 09:37:57 2008
Product Related Topics
Steelhead appliance Central Management Console Feature Commands
24
Riverbed Command-Line Interface Reference Manual
show connection
User-Mode Commands
show connection
Description Syntax Parameters Displays information about a single connection. show connection srcip <source ip-addr> srcport <source port> dstip <destination ip-addr> dstport <destination port> srcip <source ip-addr> srcport <source port> dstip <destination ip-addr> dstport <destination port> Example Specify the source IP address. Specify the source port. Specify the destination IP address. Specify the destination port.
amnesiac > show connection srcip 10.11.62.56 srcport 36433 dstip 10.11.60.9 dstport 7810 Type: Passthrough Source: 10.11.62.56:36433 Destination: 10.11.60.9:7810 Application: Reduction: 0% Client Side: no Since: 2006/02/21 17:24:00 Peer Appliance: 0.0.0.0:0 Inner Local Port: 0 Outer Local: 0.0.0.0:0 Outer Remote: 0.0.0.0:0 LAN Side Statistics: Bytes: 0 Packets: 0 Retransmitted: 0 Fast Retransmitted: 0 Timeouts: 0 Congestion Window: 0 WAN Side Statistics: Bytes: 0 Packets: 0 Retransmitted: 0 Fast Retransmitted: 0 Timeouts: 0 Congestion Window: 0
Product Related Topics
Steelhead appliance System Administration and Service Commands
show connections
Description Syntax Displays the connections running through the appliance. show connections <cr> | <type> brief | full | filter <filter-string> | sort-by <state>
Riverbed Command-Line Interface Reference Manual
25
User-Mode Commands
show connections
Parameters
<type>
all optimized passthrough
Displays all connection types. Displays the total active connections optimized. A U appears next to the appliance name if the connection is in an unknown state. Displays the total connections passed through, unoptimized. A U appears next to the appliance name if the connection is in an unknown state. Displays the total number of connections that were forwarded when you have configured a connection forwarding neighbor to manage the connection. Displays the total half-opened active connections. A half-opened connection is a TCP connection in which the connection has not been fully established. Half-opened connections count toward the connection count-limit on the appliance because at any time they might become fully opened connections. If you are experiencing a large number of half-opened connections, consider deploying an appropriately sized appliance. A U appears next to the appliance name if the connection is in an unknown state. Displays the total half-closed active connections. A half-closed connection is a TCP connection that closed on one side. The other side of the connection can still send data. These connections count toward the appliance connection count-limit. If you experience a large number of half-closed connections, consider deploying an appropriately sized appliance. A U appears next to the appliance name if the connection is in an unknown state. Displays discarded connections only. Displays denied connections only.
forwarded
opening
closing
discarded denied brief | full filter <string> sort-by <state>
Specify a brief or full report. Filters the list according to string. For example, to filter by IP address (such as srcip or destip); the filter string is the IP address. Sort results by the following states: state - Sort connections by state. srcip - Sort connections by source IP address. srcport - Sort connections by source port. destip - Sort connections by destination IP address. destport - Sort connections by destination port. peerip - Sort connections by peer IP address. peerport - Sort connections by peer port. app - Sort connections by application, such as HTTP. reduction - Sort connections by percent of reduction in bandwidth. bytes_in - Sort connections by total number of bytes in. bytes_out - Sort connections by total number of bytes out. starttime - Sort connections by start time.
26
Riverbed Command-Line Interface Reference Manual
show datastore
User-Mode Commands
Example
amnesiac > show connections T Source Destination App Rdxn Since -------------------------------------------------------------------------------O 10.11.141.1 2842 10.11.141.2 135 EPM 45% 2007/05/02 14:21:59 O 10.11.141.1 2843 10.11.141.2 1025 TCP 16% 2007/05/02 14:22:00 O 10.11.141.3 4765 10.11.141.4 445 CIFS 23% 2007/05/02 14:21:14 O 10.11.141.4 4667 10.11.141.2 445 CIFS 1% 2007/05/02 14:04:40 -------------------------------------------------------------------------------Established Optimized (O): 4 Half-Opened Optimized (H): 0 Half-Closed Optimized (C): 0 Pass Through (P): 0 Forwarded (F): 0 Discarded (not shown): 0 Denied (not shown): 0 -------------------------------Total: 4
Product Related Topics
Steelhead appliance System Administration and Service Commands
show datastore
Description Syntax Parameters Example Displays current data store settings. show datastore None
amnesiac > show datastore Datastore Wrap-Around Notification: no Expected Period (days) Before Datastore Wrap-Around: 1 Priority for Deferred Writes: Anchor Selection: Encryption Type: Automated Online Datastore Synchronization: Master: Peer IP Address: Port: Reconnect Seconds: Connection Status: Catch-Up Synchronization Status: Catch-Up Percent Completed: Keep-Up Synchronization Status: Disk Load: SDR_A Traffic: Hit Rate: In-memory-only Hit Rate: Hit Count: Miss Count: yes 1 NONE no no 0.0.0.0 7744 30
Product Related Topics
Steelhead appliance Data Store Replication and Protection Commands
Riverbed Command-Line Interface Reference Manual
27
User-Mode Commands
show datastore branchwarming
show datastore branchwarming
Description Syntax Parameters Example Product Related Topics Displays current data store settings. show datastore branchwarming None
amnesiac > show datastore branchwarming Branchwarming enabled: yes
Steelhead appliance Data Store Replication and Protection Commands
show datastore disk
Description Syntax Parameters Example Product Related Topics Displays current data store disk configuration. show datastore disk None
amnesiac > show datastore disk Read Pressure Check Interval: 90
Steelhead appliance Data Store Replication and Protection Commands
show datastore disklayout
Description Syntax Parameters Example Product Related Topics Displays current data store disk layout status. show datastore disklayout None
amnesiac > show datastore disklayout Datastore disk layout: fifo
Steelhead appliance Data Store Replication and Protection Commands
show datastore sdr-policy
Description Syntax Parameters Displays data store SDR policy. show datastore sdr-policy None
28
Riverbed Command-Line Interface Reference Manual
show datastore sync
User-Mode Commands
Example Product Related Topics
amnesiac > show datastore sdr-policy datastore sdr policy: default
Steelhead appliance Data Store Replication and Protection Commands
show datastore sync
Description Syntax Parameters Example Displays data store disk synchronization status. show datastore sync None
amnesiac > show datastore sync Keepup enabled: yes Keepup max pages: 1024 Catchup enabled: yes
Product Related Topics
Steelhead appliance Data Store Replication and Protection Commands
show datastore write-q-prior
Description Syntax Parameters Example Product Related Topics Displays the data store disk write priority setting. show datastore write-q-prior None
amnesiac > show datastore write-q-prior Priority for deferred writes: yes
Steelhead appliance Data Store Replication and Protection Commands
show dns cache
Description Syntax Parameters Example Displays the DNS cache settings. show dns cache None
amnesiac > show dns cache Cache size: 1048576 bytes Minimum cache TTL: 0 seconds Maximum cache TTL: 604800 seconds Minimum ncache TTL: 0 seconds Maximum ncache TTL: 10800 seconds Cache frozen: no
Riverbed Command-Line Interface Reference Manual
29
User-Mode Commands
show dns forwarders
Product Related Topics
Steelhead appliance DNS Cache Commands
show dns forwarders
Description Syntax Parameters Example Product Related Topics Displays a list of all the forwarders. show dns forwarders None
amnesiac > show dns forwarders
Steelhead appliance DNS Cache Commands
show dns interfaces
Description Syntax Parameters Example Product Related Topics Displays a list of all the interfaces listed. show dns interfaces None
amnesiac > show dns interfaces
Steelhead appliance DNS Cache Commands
show dns settings
Description Syntax Parameters Example Displays the DNS settings. show dns settings None
amnesiac > show dns settings DNS: running Fallback to root nameservers: yes Detect down forwarders: no Time till forwarder is down: 120 seconds Lost requests till forwarder is down: 30 Time for forwarder to stay down: 300 seconds
Product Related Topics
Steelhead appliance DNS Cache Commands
30
Riverbed Command-Line Interface Reference Manual
show domain
User-Mode Commands
show domain
Description Syntax Parameters Displays the domain settings. show domain {configuration | status} configuration status Example Displays domain configuration. Displays domain status.
amnesiac > show domain configuration Domain Name : Short Domain Name : Login : Domain Controller List : Domain Required : yes Domain Check Required : no
Product Related Topics
Steelhead appliance Domain and Workgroup Commands
show email
Description Syntax Parameters Example Displays the current email settings. show email None
amnesiac > show email Mail hub: exchange Mail hub port: 30 Domain: example.com Event emails Enabled: yes Recipients: [email protected] Failure emails Enabled: yes Recipients: [email protected] Autosupport emails Enabled: no Recipient: [email protected] Mail hub: eng.riverbed.com
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Notification Commands
Riverbed Command-Line Interface Reference Manual
31
User-Mode Commands
show failover
show failover
Description Syntax Parameters Example Displays the current failover device settings. show failover None
amnesiac > show failover Enabled: no Master: yes Local Port: 7220 Buddy IP Address: 0.0.0.0 Buddy Port: 7220
Product Related Topics
Interceptor appliance, Steelhead appliance Data Store Replication and Protection Commands
show flash images
Description Syntax Parameters Example Displays the RiOS images stored in flash memory. show flash images None
amnesiac > show flash images Flash Image 1: rbt_sh 6.5.0-prealpha #46 2010-10-04 15:19:58 x86_64 root@bratisl ava:svn://svn/mgmt/trunk Flash support: yes
Product Related Topics
Interceptor appliance, Steelhead appliance containing flash memory. write flash
show hardware error-log
Description Syntax Parameters Displays IPMI system event log entries. show hardware error-log all | new all new Example Displays all IPMI SEL entries Display IPMI SEL entries since the last show hardware error-log command.
amnesiac > show hardware error-log all 1 | 11/28/2006 11:55:10 | Event Logging Disabled SEL | Log area reset/cleared | Asserted = yes. 2 | 01/04/2007 21:09:07 | Slot/Connector Drive | Fault Status | Asserted = yes. 3 | 01/07/2007 03:24:07 | Slot/Connector Drive | Fault Status | Asserted = yes.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show hardware spec
32
Riverbed Command-Line Interface Reference Manual
show hardware spec
User-Mode Commands
show hardware spec
Description Syntax Parameters Example Displays the hardware specifications that are available for the platform. Includes an indicator that displays what model specification is active and which specifications are available. show hardware spec None
amnesiac > show hardware spec Spec Description - ---- ------------------------------------50 BW Limit: 256 KB/s Connection Limit: * 100 BW Limit: 1000 KB/s Connection Limit: 200 BW Limit: 1000 KB/s Connection Limit: (unavailable) 300 BW Limit: 2000 KB/s Connection Limit: (unavailable) * = active
250 30 110 165
Product Related Topics
Steelhead appliance clear hardware error-log
show hardware watchdog
Description Syntax Parameters Example Displays hardware watchdog information. show hardware watchdog None
amnesiac > show hardware watchdog Enable: yes Last Ping: 2006-05-12 14:31:49.412973153 -0700 Saved Ping: 2006-04-21 07:25:51.000000000 -0700
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller hardware watchdog enable
show hosts
Description Syntax Parameters Example Displays system hosts. show hosts None
amnesiac > show hosts Hostname: amnesiac Name server: 10.0.0.2 (configured) Domain name: domain.com (configured) Domain name: domain.com (configured) IP 107.0.0.1 maps to hostname localhost
Riverbed Command-Line Interface Reference Manual
33
User-Mode Commands
show images
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Host Setup Commands
show images
Description Syntax Parameters Example Displays the available software images and which partition the appliance boots the next time the appliance is restarted. show images None
amnesiac > show images Images available to be installed: webimage.tbz rbtsh/linux 4.0 #12 2007-05-15 11:54:52 root@test:CVS_TMS/HEAD image.img rbtsh/linux 4.0 #17 2007-05-22 16:39:32 root@test:CVS_TMS/HEAD Installed images: Partition 1: rbtsh/linux 4.0-HEAD-2007-06-15-07:19:19 #0 2007-06-15 07:19:19 root@test:CVS_TMS/ HEAD Partition 2: rbtsh/linux 4.0 2007-05-15 11:54:52 root@test:CVS_TMS/HEAD Last boot partition: 2 Next boot partition: 2
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller License and Hardware Upgrade Commands
show info
Description Syntax Parameters Example Displays the system information, including the current state of the system. show info None
amnesiac > show info Status: Healthy Config: working Appliance Up Time: 15d 1h 14m 4s Service Up Time: 15d 1h 12m 25s Serial: H180000697a Model: 8800 Revision: A Version: spitfire-1.0
Product Related Topics
Steelhead appliance show connection
34
Riverbed Command-Line Interface Reference Manual
show in-path
User-Mode Commands
show in-path
Description Syntax Parameters Example Displays in-path interface settings. show in-path None
amnesiac > show in-path Enabled: yes Kickoff: no L4/PBR/WCCP: no Main Interface: inpath1_0 Optimizations Enabled On: inpath1_0 VLAN Tag IDs: inpath1_0: 0 inpath1_1: 0
Product Related Topics
Steelhead appliance In-Path and Virtual In-Path Support Commands
show in-path ar-circbuf
Description Syntax Parameters Example Product Related Topics Displays the asymmetric routing table. show in-path ar-circbuf None
amnesiac > show in-path ar-circbuf
Steelhead appliance Asymmetric Route Detection Commands
show in-path asym-route-tab
Description Syntax Parameters Displays the asymmetric route table. The table contains any asymmetric routes that currently exist. It includes the source IP, destination IP, reason code, and time-out. show in-path asym-route-tab None
Riverbed Command-Line Interface Reference Manual
35
User-Mode Commands
show in-path cdp
Usage
The following types of asymmetry are displayed in the asymmetric routing table: bad RST - Complete Asymmetry: packets traverse both Steelhead appliances going from client to server but bypass both Steelhead appliances on the return path. bad SYN/ACK - Server-Side Asymmetry: Packets traverse both Steelhead appliances going from client to server but bypass the server-side Steelhead appliance on the return path. no SYN/ACK - Client-Side Asymmetry: Packets traverse both Steelhead appliances going from client to server but bypass the client-side Steelhead appliance on the return path. probe-filtered (not-AR) - Probe-Filtered: Occurs when the client-side Steelhead appliance sends out multiple SYN+ frames and does not get a response. probe-filtered (not-AR) - SYN-Rexmit: Occurs when the client-side Steelhead appliance receives multiple SYN retransmits from a client and does not see a SYN/ACK packet from the destination server.
Example
amnesiac > show in-path asym-route-tab Format: [IP 1] [IP 2] [reason] [timeout( 10.111.111.19 10.111.25.23 no-SYNACK 770
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path cdp
Description Syntax Parameters Example Displays Cisco Discovery Protocol (CDP) settings for failover deployments using PBR to redirect traffic to the backup Steelhead appliance. show in-path cdp None
amnesiac > show in-path cdp CDP Enabled: no Interval: 10 seconds Hold Time: 180 seconds
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path cf-timer
Description Syntax Parameters Example Show connection forwarding timer settings. show in-path cf-timer None
amnesiac > show in-path ACK Timer Count: ACK Timer Interval: Read Timeout: Reconnect Timeout: cf-timer 3 1000 10000 10000
36
Riverbed Command-Line Interface Reference Manual
show in-path drop-when-flap
User-Mode Commands
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path drop-when-flap
Description Syntax Parameters Usage Example Product Related Topics Show dropped packets if the system detects route flapping. show in-path drop-when-flap None Route flapping occurs when a router alternately advertises a destination network through one route then another (or as unavailable, and then available again) in quick sequence.
amnesiac > show in-path drop-when-flap Drop packets on flap: no
Steelhead appliance Asymmetric Route Detection Commands
show in-path hw-assist rules
Description Syntax Parameters Example Displays the hardware assist rules. show in-path hw-assist rules None
amnesiac > show in-path hw-assist rules Hardware passthrough UDP packets on 10G: no Hardware passthrough TCP packets on 10G: no Hardware assist rules for TCP traffic: # Action Subnet-A Subnet-B VLAN --- ------------- ----------------- ----------------- ----------1 Accept all all all Desc: wibble def Accept all all all ------------------------------------------------------------------------------1 user added rule(s)
Usage
On Steelhead appliance and Interceptor appliances equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E or Two-Port LR Single Mode Fiber 10 GigabitEthernet PCI-E cards, you can configure the system to automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. By automatically bypassing these connections, you can decrease the work load on the local Steelhead appliances. If the system is not equipped with the necessary card, an error message displays.
Riverbed Command-Line Interface Reference Manual
37
User-Mode Commands
show in-path lsp
Product Related Topics
Interceptor appliance, Steelhead appliance in-path hw-assist rule, in-path hw-assist edit-rule, in-path hw-assist move-rule rulenum
show in-path lsp
Description Syntax Parameters Example Product Related Topics Displays whether link state propagation is enabled. When LSP is enabled, if the LAN interface drops the link then the WAN also drops the link. show in-path lsp None
amnesiac > show in-path lsp Link State Propagation Enabled: no
Steelhead appliance, Interceptor appliance in-path lsp enable
show in-path mac-except-locl
Description Syntax Parameters Example Product Related Topics Displays whether non-local peer Steelhead appliance MAC has been configured for simplified routing. For detailed information, see the Riverbed Deployment Guide. show in-path mac-except-locl None
amnesiac > show in-path mac-except-locl Disallow non-local peer SH MAC for SR: yes
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path mac-match-vlan
Description Syntax Parameters Example Product Related Topics Displays in-path settings if VLAN IDs are used in simplified routing table look ups for WAN visibility. For detailed information, see the Riverbed Deployment Guide. show in-path mac-match-vlan None
amnesiac > show in-path mac-match-vlan Use VLAN IDs in simplified routing table lookups: no
Steelhead appliance WAN Visibility (Transparency) Commands
38
Riverbed Command-Line Interface Reference Manual
show in-path macmap-except
User-Mode Commands
show in-path macmap-except
Description Syntax Parameters Example Product Related Topics Displays the MAC map exception table. show in-path macmap-except None
amnesiac > show in-path macmap-except 00:0e:b6:84:11:16 10.10.10.255
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path macmap-tables
Description Syntax Parameters Example Product Related Topics Displays the MAC-map tables for Wan Visibility. For detailed information, see the Riverbed Deployment Guide. show in-path macmap-tables None
amnesiac > show in-path macmap-tables
Steelhead appliance WAN Visibility (Transparency) Commands
show in-path neighbor
Description Syntax Parameters Example Displays connection forwarding settings. For detailed information about connection forwarding alarms, see the Steelhead Management Console Users Guide. show in-path neighbor None
amnesiac > show in-path neighbor In-path Neighbor Enabled: no In-path Neighbor Port: 7850 Keepalive Count: 3 Keepalive Interval: 1 Allow Failure: no Advertise Resync: yes Use the VLAN & destination MAC address as forwarded by the neighbor: Multi-interface support: Enabled: Neighbor Name -------------------No neighbors.
no
no Port -----
Main Address ---------------
Riverbed Command-Line Interface Reference Manual
39
User-Mode Commands
show in-path neighbor-detail
Product Related Topics
Steelhead appliance, Interceptor appliance Asymmetric Route Detection Commands, Connection Forwarding
show in-path neighbor-detail
Description Syntax Parameters Example Displays connection forwarding settings. For detailed information, see the Steelhead Management Console Users Guide. show in-path neighbor-detail None
amnesiac > show in-path neighbor-detail Neighbor 1 : 172.1.34.4 State : Reading message header NAT requests sent : 64 NAT DEL messages sent : 64 NAT ACKs received : 64 NAT requests received : 0 NAT DEL messages received : 0 NAT ACKs sent : 0 DYN requests sent : 0 DYN DEL messages sent : 0 DYN ACKs received : 0 DYN requests received : 0 DYN DEL messages received : 0 DYN ACKs sent : 0 REDIR requests sent : 64 REDIR DEL messages sent : 64 REDIR ACKs received : 64 REDIR requests received : 0 REDIR DEL messages received : 0 REDIR ACKs sent : 0 Connection failures : 0 Keepalive timeouts : 0 Request timeouts : 0 Max latency seen : 26 ms
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands, Connection Forwarding
show in-path neighbor advertiseresync
Description Syntax Parameters Example Displays advertisements on synchronize settings. show in-path neighbor advertiseresync None
amnesiac > show in-path neighbor advertiseresync Advertise Resync: yes
40
Riverbed Command-Line Interface Reference Manual
show in-path peer-probe-cach
User-Mode Commands
Product Related Topics
Steelhead appliance Asymmetric Route Detection Commands
show in-path peer-probe-cach
Description Syntax Parameters Example Product Related Topics Displays the peer probe cache. show in-path peer-probe-cach None
amnesiac > show in-path peer-probe-cach Peer probe cache: no
Steelhead appliance in-path peer-probe-cach
show in-path peering auto
Description Syntax Parameters Example Displays whether or not automatic in-path peer (Enhanced Auto-Discovery) detection is enabled. show in-path peering auto None
amnesiac > show in-path peering auto Enhanced Auto-Discovery Enabled: yes amnesiac >
Product Related Topics
Steelhead appliance in-path peering auto
show in-path peering disc-outer-acpt
Description Syntax Parameters Example Product Related Topics Displays outer connection for the accept rules. show in-path peering disc-outer-acpt None
amnesiac > show in-path peering disc-outer-acpt
Steelhead appliance in-path peering rule
Riverbed Command-Line Interface Reference Manual
41
User-Mode Commands
show in-path peering rules
show in-path peering rules
Description Syntax Parameters Example Displays in-path peering rules. show in-path peering rules None
amnesiac > show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- ------------1 pass * * * 10.0.1.3 2 pass * * * 10.0.1. def auto * * * *
Product Related Topics
Steelhead appliance in-path peering rule
show in-path peering oobtransparency
Description Syntax Parameters Example Displays out-of-band transparency settings. show in-path peering oobtransparency None
amnesiac > show in-path peering oobtransparency Mode: none Port: 708
Product Related Topics
Steelhead appliance WAN Visibility (Transparency) Commands, in-path peering oobtransparency mode
show in-path probe-caching
Description Syntax Parameters Example Product Related Topics Displays probe caching settings for WAN visibility. For detailed information, see the Riverbed Deployment Guide. show in-path probe-caching None
amnesiac > show in-path probe-caching Probe Caching Enabled: no
Steelhead appliance WAN Visibility (Transparency) Commands
42
Riverbed Command-Line Interface Reference Manual
show in-path probe-ftp-data
User-Mode Commands
show in-path probe-ftp-data
Description Syntax Parameters Example Product Related Topics Displays probe caching settings for WAN visibility. For detailed information, see the Riverbed Deployment Guide. show in-path probe-ftp-data None
amnesiac > show in-path probe-ftp-data Probe FTP connections to learn VLAN info: no
Steelhead appliance in-path probe-ftp-data
show in-path probe-mapi-data
Description Syntax Parameters Example Product Related Topics Displays in-path settings if MAPI data connections are probed to learn VLAN information. For detailed information, see the Riverbed Deployment Guide. show in-path probe-mapi-data None
amnesiac > show in-path probe-mapi-data Probe MAPI connections to learn VLAN info: no
Steelhead appliance in-path simplified routing
show in-path rules
Description Syntax Parameters Displays current in-path rules and VLAN identification numbers. show in-path rules None
Riverbed Command-Line Interface Reference Manual
43
User-Mode Commands
show in-path send-storeid
Example Steelhead appliance
amnesiac > Rule Type ----- ---1 pass 2 pass 3 pass def auto
show in-path rules P O L N W K VLAN Source Addr - - - - - - ---- ------------------ - - - - - all all - - - - - - all all - - - - - - all all N F F A C N all all
Dest Addr -----------------all all all all
Port --------------Secure Interactive RBT-Proto all
3 user-defined rule(s) (P) (O) (L) (N) (W) Preoptimization Policy: Optimization Policy: Latency Optimizations: Neural Framing: WAN Visibility Mode: O=Oracle-Forms S=SSL +=Oracle-Forms-over-SSL N=None F=Full S=SDR-only C=Compression-only M=SDR-M N=None F=Full H=HTTP-only N=None A=Always D=Dynamic T=TCP hints N=Never C=Correct-Addressing P=Port-Transparency F=Full-Transparency R=Full-Transparency w/Reset Y=Enabled N=Disabled
(K) Auto Kickoff:
Product Related Topics
Interceptor appliance, Steelhead appliance In-Path and Virtual In-Path Support Commands
show in-path send-storeid
Description Syntax Parameters Example Product Related Topics Displays send-store ID setting. show in-path send-storeid None
amnesiac > show in-path send-storeid Send Storeid: no
Steelhead appliance in-path send-storeid enable
show in-path simplified routing
Description Syntax Parameters Example Displays simplified routing settings. show in-path simplified routing None
amnesiac > show in-path simplified routing Collect mappings from destination MAC data: no Collect mappings from source MAC data: no Collect data from un-natted connections: no
Product Related Topics
Steelhead appliance Simplified Routing Support Commands
44
Riverbed Command-Line Interface Reference Manual
show in-path vlan-conn-based
User-Mode Commands
show in-path vlan-conn-based
Description Syntax Parameters Example Product Related Topics Displays if VLAN connection based mapping is in use. For detailed information, see the Riverbed Deployment Guide. show in-path vlan-conn-based None
amnesiac > show in-path vlan-conn-based
Steelhead appliance WAN Visibility (Transparency) Commands
show ip
Description Syntax Displays the IP settings. show ip {flow-export <cr> | destination <ip-addr> port <port> <cr> | filter <cr>| [flow-setting <cr> | lan-subnets] | [in-path route <interface> <cr> | static]| [in-path-gateway <interface> <cr> | static] | [security <cr> | peers]} flow-export <cr> | destination <ip-addr> port <port> <cr> | filter <cr> flow-setting <cr> | lansubnets in-path route <interface> <cr> | static in-path-gateway <interface> <cr> | static security <cr> | peers Example Displays NetFlow export settings.
Parameters
Displays NetFlow settings. Optionally, display LAN subnets. Displays in-path route settings for interfaces, such as inpath0_0, and inpath1_1. Displays in-path gateway settings for interfaces, such as inpath0_0, and inpath1_1. Displays IPSec connections to other appliances.
1800 1800 15
amnesiac > show ip flow-setting Configured active flow timeout: In-use active flow timeout: Inactive flow timeout:
The in-use active flow timeout can be different from the configured active flow timeout when Top Talkers is enabled. amnesiac-sh75 > show ip flow-setting Configured active flow timeout: 1800 In-use active flow timeout: 1800 Inactive flow timeout: 15 The in-use active flow timeout can be different from the configured active flow timeout when Top Talkers is enabled.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance Host Setup Commands
Riverbed Command-Line Interface Reference Manual
45
User-Mode Commands
show legacy-rsp
show legacy-rsp
Description Syntax Parameters Example Product Related Topics Displays RSP v5.0.x information. show legacy-rsp None
amnesiac > show legacy-rsp Present and reserving 12288 bytes from PFS store
Steelhead appliance RSP Commands
show limit bandwidth
Description Syntax Parameters Example Displays bandwidth limit settings. show limit bandwidth None
amnesiac > show limit bandwidth Max rate: 10000 kb/s Max burst: 750000 bytes
Product Related Topics
Steelhead appliance Host Setup Commands
show limit connection
Description Syntax Parameters Example Product Related Topics Displays the connection limit setting. show limit connection None
amnesiac > show limit connection Per source IP connection limit: 4096
Steelhead appliance Host Setup Commands
show logging
Description Syntax Parameters Displays logging and logging filter settings. show logging <cr> | filter filter Displays per-process logging configuration information.
46
Riverbed Command-Line Interface Reference Manual
show nettest
User-Mode Commands
Example
amnesiac > show logging filter Local logging level: info amnesiac > show logging Local logging level: info Default remote logging level: notice Remote syslog receiver: 10.10.10.2 (logging level: info) Number of archived log files to keep: 10 Log rotation frequency: daily
Product Related Topics
Steelhead appliance Logging Commands
show nettest
Description Syntax Parameters Displays network health test results. show nettest cable-swap | duplex | ip-port-reach | net-gateway | peer-reach cable-swap Displays the results of the cable swap test. If the test fails, ensure you are not using a straight-through cable between an appliance port and a router, or a crossover cable between an appliance port and a switch. duplex Displays the results of the duplex matching test. If one side is different from the other, then traffic is sent at different rates on each side, causing a great deal of collision. Displays the results of the IP port test. Displays the results of the network gateway test. Displays the results of the peer reachability test.
ip-portreach net-gateway peer-reach addr Example
amnesiac > show nettest net-gateway Gateway Test Last Run: 2009/08/16 09:43:32 Passed Interface Address Packet Loss Result ====================================================== Default 10.0.0.1 0% Passed amnesiac-sh75 (config) # show nettest net-gateway Gateway Test Last Run: 2009/08/16 09:43:32 Passed Interface Address Packet Loss Result ====================================================== Default 10.0.0.1 0% Passed
Product Related Topics
Steelhead appliance Network Test Commands
Riverbed Command-Line Interface Reference Manual
47
User-Mode Commands
show ntp
show ntp
Description Syntax Parameters Example Displays NTP settings. show ntp all all Display NTP settings and active peers.
amnesiac > show ntp NTP enabled: yes No NTP peers configured. NTP server: 190.6.38.127 (version 4) NTP server: 46.187.224.4 (version 4) NTP server: 46.187.233.4 (version 4)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead, Whitewater Host Setup Commands
show out-of-path
Description Syntax Parameters Example Displays out-of-path configuration settings. show out-of-path None
amnesiac > show out-of-path Enabled: no Inner Port: 7810
Product Related Topics
Steelhead appliance Out-of-Path Support
show peer version
Description Syntax Parameters Example Product Related Topics Displays the peer protocol version settings. show peer version None
amnesiac > show peer version No peer setting defined.
Steelhead appliance Peering Commands
48
Riverbed Command-Line Interface Reference Manual
show peers
User-Mode Commands
show peers
Description Syntax Parameters Example Displays information about connected peers. show peers | online-only online-only Displays connected peer appliances that are online.
amnesiac > show peers S IP Name Model Version Licenses - --------------- ---------------- ------- ----------------------------------O 10.11.3.145 gen1-sh30 2020 6.0.0 CIFS/MAPI/SSL/ORACLE-FORMS O = online, U = unknown
Product Related Topics
Steelhead appliance, Interceptor appliance Peering Commands
show pfs all-info shares
Description Syntax Parameters Example Product Related Topics Displays PFS share settings. show pfs all-info shares <cr> | local-name <localname> local-name <localname> Displays the PFS settings for the specified local share.
amnesiac > show pfs all-info shares no registered shares
Steelhead appliance PFS Support Commands
show pfs status
Description Syntax Parameters Displays the status of local shares. show pfs status <cr> | {shares <cr>| [local-name <localname>] shares <cr> local-name <localname> Example Displays the status of all PFS shares. Displays the status for the specified local share.
amnesiac > show pfs status shares +============================= | Information for PFS share lshare1 | | ----- Status ----| Last Sync Status: true | Share Ready: true | Status: START_SYNC in progress since Fri Mar | Size (MB): 39 | Last Synced: Fri Mar 9 17:05:30 2007
9 17:04:26 2007
Riverbed Command-Line Interface Reference Manual
49
User-Mode Commands
show pfs configuration
Product Related Topics
Steelhead appliance PFS Support Commands
show pfs configuration
Description Syntax Parameters Example Product Related Topics Displays PFS configuration settings. show pfs configuration shares <cr> | local-name <localname> local-name <localname> Displays the PFS settings for the specified local share.
amnesiac > show pfs configuration shares
Steelhead appliance PFS Support Commands
show pfs settings
Description Syntax Parameters Example Product Related Topics Displays PFS general settings. show pfs settings None
amnesiac > show pfs settings % PFS not enabled
Steelhead appliance PFS Support Commands
show pfs stats shares
Description Syntax Parameters Displays PFS share statistics. show pfs stats shares <cr> | local-name <localname> local-name <localname> Specify the name of the local share for which to display statistics.
50
Riverbed Command-Line Interface Reference Manual
show prepop
User-Mode Commands
Example
amnesiac > show pfs stats shares +============================= | Information for PFS share field_kit | | ----- Statistics ----+============================= | Information for PFS share internal-test | | ----- Statistics ----+============================= | Information for PFS share internal-townsend | | ----- Statistics ----+=============================
Product Related Topics
Steelhead appliance PFS Support Commands
show prepop
Description Syntax Displays prepopulation settings. show prepop {[all-info shares <cr> | remote-path <remote-path>] |[configuration shares <cr> | remote-path <remote-path>] | [stats shares <cr> | remote-path <remote-path>]| [status shares <cr> | remote-path <remote-path>] all-info <cr> | remotepath <remote-path> configuration <cr> | remote-path <remotepath> stats shares <cr> | remote-path <remotepath> status shares <cr> | remote-path <remotepath> Example Product Related Topics Displays all information for the prepopulation share or the specified share. Displays configuration of the prepopulation share or the specified share. Displays prepopulation statistics for all shares or the specified share.
Parameters
Displays status for the prepopulation shares or the specified share.
amnesiac > show prepop all-info shares No registered shares
Steelhead appliance CIFS Prepopulation Support Commands
show protocol cifs
Description Syntax Parameters Displays CIFS settings. show protocol cifs None
Riverbed Command-Line Interface Reference Manual
51
User-Mode Commands
show protocol cifs applock
Example
amnesiac > show protocol cifs Enable Transparent Prepopulation Support: no Disable CIFS Write Optimization: no Security Signature Optimization: yes Overlapping Open Enabled: yes
Product Related Topics
Steelhead appliance CIFS, SMB, and SMB2 Support Commands
show protocol cifs applock
Description Syntax Parameters Example Product Related Topics Displays CIFS applock settings. show protocol cifs applock None
amnesiac > show protocol cifs applock Enabled: no
Steelhead appliance CIFS, SMB, and SMB2 Support Commands
show protocol cifs ext-dir-cache
Description Syntax Parameters Example Displays whether or not CIFS extended directory caching is enabled. show protocol cifs ext-dir-cache None
amnesiac > show protocol cifs ext-dir-cache CIFS extended directory cache Enabled: no
Product Related Topics
Steelhead appliance CIFS, SMB, and SMB2 Support Commands, protocol cifs ext-dir-cache enable
show protocol cifs nosupport client
Description Syntax Parameters Displays the client operating systems not supported by optimization show protocol cifs nosupport client None
52
Riverbed Command-Line Interface Reference Manual
show protocol cifs nosupport server
User-Mode Commands
Example
amnesiac > show protocol cifs nosupport client Operating systems without optimization support: macunk novell winunk wnt3
Product Related Topics
Steelhead appliance CIFS, SMB, and SMB2 Support Commands
show protocol cifs nosupport server
Description Syntax Parameters Example Displays the server operating systems not supported by optimization show protocol cifs nosupport server None
amnesiac > show protocol cifs nosupport server Operating systems without optimization support: bsd win98 winunk wnt3
Product Related Topics
Steelhead appliance CIFS, SMB, and SMB2 Support Commands
show protocol cifs oopen
Description Syntax Parameters Example Displays CIFS overlapping open sessions. show protocol cifs oopen None
amnesiac > show protocol cifs oopen Enabled: yes Optimization Policy: deny first Extensions to always allow: doc, pdf, ppt, sldasm, slddrw, slddwg, sldprt, txt, vsd, xls Extensions to always deny: ldb, mdb
Product Related Topics
Steelhead appliance CIFS, SMB, and SMB2 Support Commands
Riverbed Command-Line Interface Reference Manual
53
User-Mode Commands
show protocol cifs smb signing status
show protocol cifs smb signing status
Description Syntax Parameters Example Displays SMB signing status. show protocol cifs smb signing status None
amnesiac > show protocol cifs smb signing status SMB Signing Enabled: no Mode Type: transparent
Product Related Topics
Steelhead appliance CIFS, SMB, and SMB2 Support Commands
show protocol cifs spoolss
Description Syntax Parameters Example Product Related Topics Displays CIFS print spool settings. show protocol cifs spoolss None
amnesiac > show protocol cifs spoolss
Steelhead appliance protocol cifs spoolss enable
show protocol citrix
Description Syntax Parameters Example Displays Citrix status. show protocol citrix None
amnesiac > show protocol citrix Citrix Enabled: Secure ICA Enabled: ICA Port: Session Reliability Port: no no 1494 2598
Product Related Topics
Steelhead appliance Citrix Support Commands
54
Riverbed Command-Line Interface Reference Manual
show protocol connection
User-Mode Commands
show protocol connection
Description Syntax Parameters Example Displays the HS-TCP settings. show protocol connection None
amnesiac > show protocol connection LAN: Send socket buffer size: Receive socket buffer size: WAN: Default send socket buffer size: Default receive socket buffer size:
81920 bytes 32768 bytes 262140 bytes 262140 bytes
Product Related Topics
Steelhead appliance High-Speed TCP Support Commands
show protocol domain-auth delegation auto-mode
Description Syntax Parameters Usage Example Product Related Commands Displays whether the auto-delegation mode is enabled or disabled. show protocol domain-auth delegation auto-mode None Auto-delegation mode is enabled by the protocol domain-auth delegation auto-mode enable command.
amnesiac > show protocol domain-auth delegation auto-mode Auto Delegation Mode Enabled: no
Steelhead appliance Windows Domain Authentication Delegation Commands
show protocol domain-auth delegation delegate-user
Description Syntax Parameters Usage Example Product Related Commands Displays delegate user accounts. show protocol domain-auth delegation delegate-user None Auto-delegation mode is enabled by the protocol domain-auth delegation auto-mode enable command.
amnesiac > show protocol domain-auth delegation delegate-user No domains configured.
Steelhead appliance Windows Domain Authentication Delegation Commands
Riverbed Command-Line Interface Reference Manual
55
User-Mode Commands
show protocol domain-auth delegation rules
show protocol domain-auth delegation rules
Description Syntax Parameters Usage Displays the Windows Domain delegated authentication server rules. show protocol domain-auth delegation rules None Windows Domain delegated authentication server rules are configured by the protocol domainauth delegation rule dlg-all-except and protocol domain-auth delegation rule dlgonlycommands.
amnesiac > show protocol domain-auth delegation rules Active List for Delegation Rules: Delegation-Only List No Rules configured for the Delegation-Only List No Rules configured for the Delegation-All-Except List
Example
Product Related Topics
Steelhead appliance Windows Domain Authentication Delegation Commands
show protocol domain-auth native-krb
Description Syntax Parameters Usage Example Product Related Topics Displays the native Kerberos mode setting, yes or no. show protocol domain-auth native-krb None Enable or disable native Kerberos mode with
amnesiac > show protocol domain-auth native-krb Native Kerberos Mode Enabled: yes
Steelhead appliance protocol domain-auth native-krb
show protocol domain-auth oneway-trust
Description Syntax Parameters Usage Example Displays the configurations in the one-way trust list for delegated authentication. show protocol domain-auth oneway-trust None Configure the one-way trust list for delegated authentication with the protocol domain-auth oneway-trust command.
amnesiac > show protocol domain-auth oneway-trust No Configurations in Domain One-way Trust List
56
Riverbed Command-Line Interface Reference Manual
show protocol fcip rules
User-Mode Commands
Product Related Topics
Steelhead appliance Windows Domain Authentication Delegation Commands
show protocol fcip rules
Description Syntax Parameters Example Displays FCIP (Fiber Channel over IP) optimization ports. show protocol fcip rules None
amnesiac > show Src IP -----all (0.0.0.0) protocol fcip rules Dst IP DIF Enabled ---------------all (0.0.0.0) false DIF Blocksize ------------N/A
Product Related Topics
Steelhead appliance FCIP Support Commands
show protocol fcip settings
Description Syntax Parameters Example Displays FCIP (Fiber Channel over IP) optimization settings. show protocol fcip settings None
amnesiac > show protocol fcip settings Enabled: no Ports : 3225,3226,3227,3228
Product Related Topics
Steelhead appliance FCIP Support Commands
show protocol ftp
Description Syntax Parameters Example Displays FTP settings. show protocol ftp None
amnesiac > show protocol ftp FTP Port Enable -------- -----21 true
Product Related Topics
Steelhead appliance protocol nfs alarm v2-v4 clear
Riverbed Command-Line Interface Reference Manual
57
User-Mode Commands
show protocol http
show protocol http
Description Syntax Parameters Example Displays HTTP settings. show protocol http None
amnesiac > show protocol http Enabled: yes NTLM Authentication Settings: Default Reuse Auth: no Pre-Fetch Objects with Extensions: css gif jpg js amnesiac >
Product Related Topics
Steelhead appliance HTTP Support Commands
show protocol http metadata-resp
Description Syntax Parameters Example Displays HTTP metadata response settings. show protocol http metadata-resp None
amnesiac > show protocol http metadata-resp Minimum Metadata Response Time (seconds): 60 Maximum Metadata Response Time (seconds): 86400 Metadata Response Extensions: ----------------------------css gif jpg js png
Product Related Topics
Steelhead appliance HTTP Support Commands
show protocol http prefetch extensions
Description Syntax Parameters Displays HTTP prefetched extensions through URL learning. show protocol http prefetch extensions None
58
Riverbed Command-Line Interface Reference Manual
show protocol http prefetch tags
User-Mode Commands
Example
amnesiac > show protocol http prefetch extensions Pre-Fetch Objects with Extensions through URL-learning: css gif jpg js png
Product Related Topics
Steelhead appliance HTTP Support Commands
show protocol http prefetch tags
Description Syntax Parameters Example Displays HTTP prefeteched tag settings. show protocol http prefetch tags None
amnesiac > show protocol http prefetch tags Tag Attribute ----------------------------------------------------------base href body background img src link href script src
Product Related Topics
Steelhead appliance HTTP Support Commands
show protocol http server-subnets
Description Syntax Parameters Example Displays HTTP server subnets. show protocol http server-subnets None
amnesiac > show protocol http server-subnets UL: URL-Learning PP: Parse-&-Prefetch OP: Obj-Prefetch-Table RA: Reuse-Auth SA: Strip-Auth-Header GR: Gratuitous-401 FN: Force-Nego-NTLM SC: Strip-Compression IC: Insert-Cookie IK: Insert-Keep-Alive Subnet -----------------default UL --yes PP --no OP --no RA --no SA --no GR --no FN --no SC --yes IC --no IK --no
Product Related Topics
Steelhead appliance HTTP Support Commands
Riverbed Command-Line Interface Reference Manual
59
User-Mode Commands
show protocol mapi
show protocol mapi
Description Syntax Parameters Example Displays MAPI settings. show protocol mapi None
amnesiac > show protocol mapi MAPI Optimization Enabled: Incoming MAPI Port: Prepop Enabled: Prepop Max Connections: Prepop Poll Interval: Prepop Timeout: MAPI NSPI Optimization Enabled: NSPI Port: MAPI/Exchange 2003 Support: MAPI Port Remap: MAPI 2k7 Native: MAPI Encryption Enabled: MAPI 2k7 Force NTLM Auth: yes 7830 yes 1500 20 min(s) 96 hr(s) yes 7840 yes yes yes yes yes
Product Related Topics
Steelhead appliance protocol mapi enable
show protocol ms-sql
Description Syntax Parameters Example Displays MS SQL settings. show protocol ms-sql None
amnesiac > show protocol ms-sql Enable entire MS-SQL blade: MS-SQL server port: MS-SQL number of preacknowledgement: MS-SQL prefetch fetch-next: yes 1433 5 yes
Product Related Topics
Steelhead appliance MS-SQL Blade Support Commands
show protocol ms-sql rules
Description Syntax Parameters Displays MS SQL rules. show protocol ms-sql rules [default-cmds | default-config] default-cmds default-config Displays only the MS-SQL default commands. Displays only the MS-SQL default configuration.
60
Riverbed Command-Line Interface Reference Manual
show protocol nfs
User-Mode Commands
Example
amnesiac > show protocol ms-sql rules default-config MS-SQL RPC Rule MS-SQL RPC Rule Rule ID Enable ------- -----1 true MS-SQL RPC Action Action ID Enable --------- -----1 true MS-SQL RPC Arg Action Arg Offset Enable ---------- -----5 true Action ID Enable --------- -----2 true MS-SQL RPC Arg Action Arg Offset Enable ---------- -----5 true Action ID Enable --------- -----3 true (this is a partial example)
Product Related Topics
Steelhead appliance MS-SQL Blade Support Commands
show protocol nfs
Description Syntax Parameters Displays NFS server and volume settings. show protocol nfs server | servers <name> <cr> [full | lookup-volumes | volume id <fsid>] server | servers <name> full | lookupvolumes | volume id <fsid> Displays information for the NFS server specified by <name>. You can specify the following levels of detail: full - Displays full details. lookup-volumes - Displays a list of NFS server volumes that have been exported. volume id <fsid> - Displays details for the NFS server volume. servers <cr> | full Displays NFS server settings.
Riverbed Command-Line Interface Reference Manual
61
User-Mode Commands
show protocol notes
Example
amnesiac > show protocol nfs server example Global: NFS Enabled: yes V2/V4 Alarm Enabled: yes Memory Soft Limit: 10000000 Memory Hard Limit: 12000000 Max Directory Count: 5242880 bytes Max Symlink Count: 524288 bytes Default NFS Server Settings: Policy: Global Read-Write Default NFS Volume Settings: Policy: Global Read-Write
Product Related Topics
Steelhead appliance protocol ftp port enable
show protocol notes
Description Syntax Parameters Example Displays Lotus notes settings. show protocol notes None
amnesiac > show protocol notes Enable notes blade: no Notes port number: 1352
Product Related Topics
Steelhead appliance Lotus Notes Commands
show protocol oracle-forms
Description Syntax Parameters Example Displays Oracle Forms settings. show protocol oracle-forms None
amnesiac > show protocol oracle-forms Enabled: yes HTTP mode enabled: no
Product Related Topics
Steelhead appliance Oracle Forms Support Commands
62
Riverbed Command-Line Interface Reference Manual
show protocol smb2
User-Mode Commands
show protocol smb2
Description Syntax Parameters Displays SMB2 signing status and whether or not SMB2 is enabled. show protocol smb2 <status> <signing status> signing status status Example Is SMB2 signing enabled (yes or no) and which SMB2 signing mode is configured (transparent or delegation). Is the SMB2 protocol enabled or disabled.
amnesiac (config) # show protocol smb2 status SMB2 Enabled: yes amnesiac > show protocol smb2 signing status SMB2 Signing Enabled: no Mode Type: delegation
Product Related Topics
Steelhead appliance protocol smb2 signing enable, protocol smb2 signing mode-type
show protocol srdf rules
Description Syntax Parameters Example Displays ports for Symmetrix Remote Data Facility (SRDF) optimization. show protocol srdf rules None
amnesiac > show Src IP -----all (0.0.0.0) protocol srdf rules Dst IP DIF Enabled ---------------all (0.0.0.0) false DIF Blocksize ------------N/A
Product Related Topics
Steelhead appliance SRDF Support Commands
show protocol srdf settings
Description Syntax Parameters Example Displays Symmetrix Remote Data Facility (SRDF) optimization settings. show protocol srdf settings None
amnesiac > show protocol srdf settings Enabled: yes Ports : 1748
Product Related Topics
Steelhead appliance SRDF Support Commands
Riverbed Command-Line Interface Reference Manual
63
User-Mode Commands
show protocol srdf symm
show protocol srdf symm
Description Syntax Parameters Displays Symmetrix Remote Data Facility (SRDF) selective optimization statistics. show protocol srdf symm <cr> | id <Symmetrix ID> [base_rdf_group <RDF number base> | rdf_group <RDF group> |stats <cr> | [brief | live <cr> | interval <seconds>]] id <Symmetrix ID> base_rdf_group <RDF number base> Specify a Symmetrix ID. The Symmetrix ID is an alpha-numeric string (for example, a standard Symmetrix serial number: 000194900363). Specify the Remote Data Facility (RDF) base type: 0 - Specify if your RDF group is a 0-based group type. 1 - Specify if your RDF group is a 1-based group type. This is the default value of RDF groups. rdf_group <RDF group> stats <cr> | [brief | live <cr> | interval <seconds>]] Usage Example Specify an IP address for the RDF group. The RDF group number can begin with either a 0 or 1. The default value is 1. Displays optimization statistics. Statistics are refreshed periodically as specified by the time interval (in seconds). If the Symmetrix ID is omitted, the statistics for all Symmetrix IDs on this Steelhead appliance are displayed. If brief is specified, the output is displayed with a minimum amount of detail.
SRDF selective optimization enables you to set different optimization levels for RDF groups.
amnesiac > amnesiac > show protocol srdf symm 0123 stats brief SYMM RDF group opt policy Reduction LAN Mbps WAN Mbps description ---- --------- ---------- --------- -------- -------- ----------0123 1 none 100% 20 20 Oracle1 DB 0123 2 lz-only 80% 200 40 Oracle2 DB 0123 3 sdr-default 90% 200 20 Homedirs 0123 4 sdr-default 90% 200 20 Oracle3 DB
Product Related Topics
Steelhead appliance, Cloud Steelhead SRDF Support Commands
show protocol ssl
Description Syntax Parameters Example Displays SSL configuration settings and certificates. show protocol ssl None
amnesiac > show protocol ssl Enabled: no Fail handshakes if a relevant CRL cannot be found: no CA certificates: AOL_Time_Warner_1 AOL_Time_Warner_2 Actalis AddTrust_Class_1 AddTrust_External AddTrust_Public <<partial list>>
64
Riverbed Command-Line Interface Reference Manual
show protocol ssl backend
User-Mode Commands
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl backend
Description Syntax Parameters Example Displays SSL back-end settings. show protocol ssl backend None
amnesiac > show protocol ssl backend Bypass interval when handshakes fail: 300 seconds Bypass interval when no suitable certificate is found: 3600 seconds Bypass table maximum size: 9000 Renegotiation with NULL certificates enabled: no Certificate chain caching enabled: no
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl backend bypass-table
Description Syntax Parameters Displays SSL back-end client settings. show protocol ssl backend bypass-table ip <ip-addr> | [port <port>] ip <ip-addr> port <port> Example Product Related Topics Specify the back-end IP address. Specify the back-end port.
amnesiac > show protocol ssl backend bypass-table ip 10.0.0.1 port 1234
Steelhead appliance SSL Support Commands
show protocol ssl backend client cipher-strings
Description Syntax Parameters Displays SSL cipher strings for use with clients. show protocol ssl backend client cipher-strings | [verbose] [verbose] Displays the verbose list of ciphers.
Riverbed Command-Line Interface Reference Manual
65
User-Mode Commands
show protocol ssl backend disc-table
Example
amnesiac > show protocol ssl backend client cipher-strings verbose # Cipher String/Suite Name --- -----------------------------1 DEFAULT KeyExch(*): AES256-SHA RSA DES-CBC3-SHA RSA AES128-SHA RSA RC4-SHA RSA RC4-MD5 RSA DES-CBC-SHA RSA EXP-DES-CBC-SHA RSA(512) EXP-RC2-CBC-MD5 RSA(512) EXP-RC4-MD5 RSA(512)
Auth: RSA RSA RSA RSA RSA RSA RSA RSA RSA
Enc(*): AES(256) 3DES(168) AES(128) RC4(128) RC4(128) DES(56) DES(40) RC2(40) RC4(40)
Mac: SHA1 SHA1 SHA1 SHA1 MD5 SHA1 SHA1 MD5 MD5
(+)
export export export
(*) Numbers in parentheses are key size restrictions. (+) "export" denotes an "export" classification. <<this is a partial list>>
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl backend disc-table
Description Syntax Parameters Example Displays the list of discovered servers. show protocol ssl backend disc-table <cr>|full full Displays the table settings for all discovered servers.
amnesiac > show protocol ssl backend disc-table Discovered servers: No discovered servers.
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl backend server cipher-strings
Description Syntax Parameters Example Displays SSL cipher strings for use with servers. show protocol ssl backend server cipher-strings | [verbose] [verbose] Displays the verbose list of ciphers.
amnesiac > show protocol ssl backend server cipher-strings verbose Discovered servers: No discovered servers. amnesiac > show protocol ssl backend server cipher-strings # Cipher String/Suite Name --- -----------------------------1 DEFAULT
66
Riverbed Command-Line Interface Reference Manual
show protocol ssl ca
User-Mode Commands
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl ca
Description Syntax Parameters Displays CA certificate. show protocol ssl ca <ca name> <cr> | certificate [raw| text] ca <ca name> certificate [raw | text] Example Specify the CA name. Displays SSL CA certificate in raw or text format.
amnesiac > show protocol ssl ca Actalis certificate text Certificate: Data: Version: 3 (0x2) Serial Number: 1034588298 (0x3daa908a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, O=Actalis S.p.A., OU=Certification Service Provider, CN=Ac talis Root CA Validity Not Before: Oct 14 09:38:38 2002 GMT Not After : Oct 14 08:38:38 2022 GMT Subject: C=IT, O=Actalis S.p.A., OU=Certification Service Provider, CN=A ctalis Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:bc:54:63:8a:98:15:48:be:6a:ae:e1:70:90:4a: a4:55:00:26:8b:6e:8d:4f:eb:b3:df:ca:c8:53:6c: 84:e4:30:ba:3d:bb:fb:f3:c0:40:8c:c1:62:ce:ae: 20:4e:37:1f:5c:36:fe:7a:88:5e:00:e2:a9:8a:1e: 5d:a6:ca:d3:81:c9:f5:74:33:62:53:c2:28:72:2b: c2:fb:b7:c1:81:d3:c3:fa:d7:eb:a9:62:05:94:1e: ac:1f:53:69:2b:ca:39:1c:36:8f:63:38:c5:31:e4: <<partial listing>>
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl cas
Description Syntax Parameters Displays the CA certificates. show protocol ssl cas None
Riverbed Command-Line Interface Reference Manual
67
User-Mode Commands
show protocol ssl client-cer-auth
Example
amnesiac > show protocol ssl cas ca Actalis certificate text Name (Issued To) AC_RaEDz_CerticE1mara_S.A. (AC Ra<C3><AD>z Certic<C3><A1>mara S.A.) AOL_Time_Warner_1 (AOL Time Warner Root Certification Authority 1) AOL_Time_Warner_2 (AOL Time Warner Root Certification Authority 2) AddTrust_Class_1 (AddTrust Class 1 CA Root) AddTrust_External (AddTrust External CA Root) AddTrust_Public (AddTrust Public CA Root) AddTrust_Qualified (AddTrust Qualified CA Root) America_Online_1 (America Online Root Certification Authority 1) America_Online_2 (America Online Root Certification Authority 2) Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068 (Autoridad de Certi ficacion Firmaprofesional CIF A62634068) Baltimore_CyberTrust (Baltimore CyberTrust Root) COMODO (COMODO Certification Authority) COMODO_ECC (COMODO ECC Certification Authority) Certisign_Autoridade_Certificadora_AC1S () Certisign_Autoridade_Certificadora_AC2 () Certisign_Autoridade_Certificadora_AC3S () Certisign_Autoridade_Certificadora_AC4 () Certplus_Class_1_Primary (Class 1 Primary CA) Certplus_Class_2_Primary (Class 2 Primary CA) Certplus_Class_3P_Primary (Class 3P Primary CA) <<partial listing>>
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl client-cer-auth
Description Syntax Parameters Example Product Related Topics Displays Client Certificate Authentication settings. show protocol ssl client-cer-auth None
amnesiac > show protocol ssl client-cer-auth Enabled: yes
Steelhead appliance SSL Support Commands
show protocol ssl client-side session-reuse
Description Syntax Parameters Example Displays the CA certificates. show protocol ssl client-side session-reuse None
amnesiac > show protocol ssl client-side session-reuse Enabled: no Timeout: 36000 secs (10.0 hours)
68
Riverbed Command-Line Interface Reference Manual
show protocol ssl crl
User-Mode Commands
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl crl
Description Syntax Parameters Displays current status of CRL polling. show protocol ssl crl [ca <ca name>] | [cas <cr> | crl-file <string> text] | [report ca <string>] ca <ca name> cas <cr> | crl-file <string> text crl report ca <string> Example Displays the current state of CRL polling of a CA. Displays the CRL in text format version. Displays the reports of CRL polling from CA or display reports of CRL polling from peer.
amnesiac > show protocol ssl crl ca Actalis Automatically Discovered CDPs: (can be overriden by manually configured CDP URIs): CA: Actalis CDP Index: 1 DP Name 1: URI:ldap://ldap.actalis.it/cn%3dActalis%20Root%20CA,ou%3dCertifi cation%20Service%20Provider,o%3dActalis%20S.p.A.,c%3dIT?certificateRevocationLis t;binary Last Query Status: unavailable CDP Index: 2 DP Name 1: URI:http://ca.actalis.it/crl/root/getCRL Last Query Status: unavailable Manually Configured CDP URIs: (Dangling manually configured CDP URIs for certificates that do not exist will NOT be updated.) No manually configured CDP URIs.
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl expiring-certs
Description Syntax Parameters Example Displays expiring or expired SSL certificates. show protocol ssl expiring-certs expiring-certs Displays any certificates with impending expiration dates (60 days) and expired dates.
amnesiac > show protocol ssl expiring-certs Peering certificate is OK. All server certificates are OK. All server chain certificates are OK. All CA certificates are OK. All peering trust certificates are OK.
Riverbed Command-Line Interface Reference Manual
69
User-Mode Commands
show protocol ssl internal
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl internal
Description Syntax Parameters Usage Displays current internal ssl settings. show protocol ssl internal None If you experience connection hangs when using optimized SSL/TLS connections, but do not see them when transferring with HTTP, you may be seeing a security related interoperability problem with our SSL library. Use the command protocol ssl bug-workaround dnt-insrt-empty to disable the RiOS disable the more secure behavior. For more information, see Support Knowledge base article #49078, where we document the specifics of the general SSL/TLS vulnerability at https://support.riverbed.com/kb/solution.htm?id=50170000000RjDV&categoryName=SSL.
70
Riverbed Command-Line Interface Reference Manual
show protocol ssl server-cert name
User-Mode Commands
Example
amnesiac > show protocol ssl internal Debug Extra: no Late Start: Early Finish: SSL Renegotiation: Handle Pool Limit: Handle Max Delay: Handle Max Byte Count: Peer Verification: Bypass Check Period: Server Verification: Server CN match first: Server Session Reuse: Client Session Reuse: no no no 330 3600000 1073741824 yes 5 yes no yes yes enabled? no no no no no no yes no no no enabled? no no no no no
Server AKID Serial Check: no
Session Cache Size (Client Side Reuse):20480 Workarounds for Known Bugs: MICROSOFT_BIG_SSLV3_BUFFER: NETSCAPE_REUSE_CIPHER_CHANGE_BUG: SSLREF2_REUSE_CERT_TYPE_BUG: SSLEAY_080_CLIENT_DH_BUG: TLS_D5_BUG: TLS_BLOCK_PADDING_BUG: DONT_INSERT_EMPTY_FRAGMENTS: TLS_ROLLBACK_BUG: NETSCAPE_CA_DN_BUG: NETSCAPE_DEMO_CIPHER_CHANGE_BUG: Options SINGLE_DH_USE: EPHEMERAL_RSA: CIPHER_SERVER_PREFERENCE: PKCS1_CHECK_1: PKCS1_CHECK_2:
NO_SESSION_RESUMPTION_ON_RENEGOTIATION:no
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl server-cert name
Description Syntax Parameters Example Displays a SSL server certificate. show protocol ssl server-cert name <name> <name> Specify the server certificate name.
amnesiac > show protocol ssl server-cert name Go_Daddy_Class_2
Riverbed Command-Line Interface Reference Manual
71
User-Mode Commands
show protocol ssl server-cert name certificate
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl server-cert name certificate
Description Syntax Parameters Displays a SSL server certificate. show protocol ssl server-cert name <name> certificate <cr> | [raw | text] <name> certificate [raw | text] Example Product Related Topics Specify the server certificate name. Specify the format type to display the certificate.
amnesiac > show protocol ssl server-cert name Go_Daddy_Class_2 certificate raw
Steelhead appliance SSL Support Commands
show protocol ssl server-cert name chain-cert
Description Syntax Parameters Displays a SSL server certificate. show protocol ssl server-cert name <name> chain-cert <cert-name> certificate <name> <cert-name> Example Product Related Topics Specify the server certificate name. Specify the certificate name.
amnesiac > show protocol ssl server-cert name Go_Daddy_Class_2 chain-cert certexample certificate
Steelhead appliance SSL Support Commands
show protocol ssl server-cert name chain-certs
Description Syntax Parameters Displays the SSL server certificate. show protocol ssl server-cert name <name> chain-certs <cert-name> certificate <name> <cert-name> certificate Example Specify the server certificate name. Specify the certificate name. Displays the certificate.
amnesiac > show protocol ssl server-cert name Go_Daddy_Class_2 chain-certs certexample certificate
72
Riverbed Command-Line Interface Reference Manual
show protocol ssl server-certs
User-Mode Commands
Product Related Topics
Steelhead appliance SSL Support Commands
show protocol ssl server-certs
Description Syntax Parameters Example Product Related Topics Displays the SSL server certificate. show protocol ssl server-certs None
amnesiac > show protocol ssl server-certs
Steelhead appliance SSL Support Commands
show protocol ssl server
Description Syntax Parameters Displays SSL servers and certificates. show protocol ssl server <cr> {ip <ip-addr> <cr> port <port> [certificate | chain-cert <name> certificate | chain-certs <cr>]} {ip <ip-addr> <cr> port <port> [certificate | chaincert <name> certificate | chain-certs <cr>]} certificate chain-cert <name> certificate chain-certs <cr> Example Specify the IP address and the port of the SSL server you want to display. Displays the SSL server certificate. Specify the name of the chain certificate that you want to display. Displays all chain certificates.
amnesiac > show protocol ssl server SSL servers: 1.1.1.1:443 (Enabled: yes) 2.2.2.2:443 (Enabled: yes) tcfe51 (config) # show protocol ssl server ip 1.1.1.1 chain-certs No chain certificates.
Product Related Topics
Steelhead appliance SSL Support Commands
show qos basic classification
Description Syntax Displays Basic QoS settings. show qos basic classification <cr> | wan-oversub | global-app(s) | interfaces | profile(s) | site(s)
Riverbed Command-Line Interface Reference Manual
73
User-Mode Commands
show qos classification
Parameters
wan-oversub global-app(s)
Displays basic QoS bandwidth oversubscription setting. Displays the configured global applications. For a complete list of supported global applications use show qos basic classification globalapp ? to print help information on the command line. Shows interface settings. Displays QoS classification rules. Display the configured site(s).
interface profile(s) site(s) Example
amnesiac (config) # show qos basic classification QoS Classification: Disabled Mode: Advanced (Hierarchy) Interface State Burst (kbit) LinkRate (kbps) --------- ----------- ------------ --------------wan0_0 Enabled 250 1000 primary Disabled 0 0
Product Related Topics
Steelhead appliance QoS Support Commands
show qos classification
Description Syntax Parameters Displays Advanced QoS classification settings. show qos classification <cr> | classes | interfaces | rules | site(s) classes interfaces rules site(s) Usage Displays QoS classification class settings. Shows interface settings. Displays QoS classification rules. Display the configured site(s).
Verify that QoS is enabled and properly configured. For detailed information, see the Steelhead Management Console Users Guide and Riverbed Deployment Guide.
74
Riverbed Command-Line Interface Reference Manual
show qos dscp rules traffic-type
User-Mode Commands
Example
amnesiac (config) # show qos classification classes Class Priority GBW % LW UBW % CLimit Queue Parent ------------------ ------------- ----- ------ ------ ------ ------------ ----Default-Site$$Business-Critical business 20.00 100.00 100.00 100 sfq Default-Site$$parent_class Default-Site$$Interactive interactive 20.00 100.00 100.00 100 sfq Default-Site$$parent_class Default-Site$$Low-Priority low 9.00 100.00 100.00 100 sfq Default-Site$$parent_class Default-Site$$Normal normal 40.00 100.00 100.00 100 sfq DefaultSite$$parent_class Default-Site$$Realtime realtime 10.00 100.00 100.00 100 sfq Default-Site$$parent_class Default-Site$$Best-effort besteffort 1.00 100.00 100.00 100 sfq Default-Site$$parent_class Default-Site$$parent_class normal 10.00 1.00 100.00 N/A sfq root foobar$$Business-Critical business 20.00 100.00 100.00 100 sfq foobar$$parent_class foobar$$Interactive interactive 10.00 100.00 100.00 100 sfq foobar$$parent_class foobar$$Low-Priority low 10.00 100.00 100.00 100 sfq foobar$$parent_class foobar$$Normal normal 50.00 100.00 100.00 100 sfq foobar$$parent_class foobar$$Realtime realtime 10.00 100.00 100.00 100 sfq foobar$$parent_class foobar$$Best effort besteffort 1.00 100.00 100.00 100 sfq foobar$$parent_class foobar$$parent_class normal 10.00 1.00 100.00 N/A sfq root
Product Related Topics
Steelhead appliance QoS Support Commands
show qos dscp rules traffic-type
Description Syntax Parameters Displays QoS DSCP rules. show qos dscp rules traffic-type {optimized | pass-through} optimized passthrough Example Displays optimized traffic rules. Displays pass-through traffic rules.
amnesiac > show qos dscp rules traffic-type optimized Rule Source Destination Port DSCP ----- ------------------ ------------------ --------------- ---def all all all refl ---------------------------------------------------------------0 user added rule(s)
Product Related Topics
Steelhead appliance QoS Support Commands
Riverbed Command-Line Interface Reference Manual
75
User-Mode Commands
show raid configuration
show raid configuration
Description Syntax Parameters Example Displays RAID configuration information. show raid configuration [detail] [detail] Displays RAID configuration details.
amnesiac > show raid configuration UnitType Status Stripe Size(GB) ------------------------------------------RAID-10 ONLINE 064KB 931.52 RAID-1 ONLINE DISK 01 ONLINE 232.00 DISK 02 ONLINE 232.00 RAID-1 ONLINE DISK 03 ONLINE 232.00 DISK 04 ONLINE 232.00
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Raid Commands
show raid diagram
Description Syntax Parameters Example Displays the physical layout of the RAID disks and the state of each drive: Online, Offline, Fail, Rebuild, Missing, and Spare. show raid diagram None
amnesiac [ 0 [ 3 [ 6 [ 9 [ 12 [ 15 > : : : : : : show raid diagram online ][ online ][ online ][ online ][ online ][ online ] 1 4 7 10 13 : : : : : online online online online online ][ ][ ][ ][ ][ 2 5 8 11 14 : : : : : online online online online online ] ] ] ] ]
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Raid Commands
show raid error-msg
Description Syntax Parameters Example Displays RAID error messages. show raid error-msg None
amnesiac > show raid error-msg Alarm raid_error: ok
76
Riverbed Command-Line Interface Reference Manual
show raid info
User-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Raid Commands
show raid info
Description Syntax Parameters Example Displays RAID information. show raid info [detail] [detail] Displays detailed RAID information.
amnesiac > show raid info Firmware => 713R Bios => G121 Memory => 64MB Raid type => Raid 10 Auto rebuild => Enabled Raid status => OK Stripe size => 64K Num of drives => 4 Disk Vendor => WDC Serial Number => ^B33686018
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Raid Commands
show raid physical
Description Syntax Parameters Example Displays RAID physical details. show raid physical None
amnesiac > show raid physical Adapter 0, Channel 0, Target ID 0 ---------------------------------------Type: DISK Vendor : Product: WD2500SD-01KCB0 Revision : Synchronous : No Wide-32 : LinkCmdSupport: No TagQ support: Removable : No SoftReset :
WDC 08.0 No No No
Wide-16: No RelAddr: No AENC : No
Adapter 0, Channel 0, Target ID 1 ---------------------------------------Type: DISK Vendor : Product: WD2500SD-01KCB0 Revision : Synchronous : No Wide-32 : LinkCmdSupport: No TagQ support: Removable : No SoftReset : [partial output]
WDC 08.0 No No No
Wide-16: No RelAddr: No AENC : No
Riverbed Command-Line Interface Reference Manual
77
User-Mode Commands
show report
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Raid Commands
show report
Description Syntax Parameters Displays system details. show report {all | system | service} all system service Usage Example Specify to display a complete system detail report. Specify to display system resources. Specify to display system services.
Use this report to display system summary information for each of your components. Use this command to gather system information for debugging.
amnesiac > show report all System Detail Report cpu -------------------------------status: green info: CPU 0, idle time: 20d 16h 34m 0s. CPU 1, idle time: 20d 16h h 1m 15s. CPU 2, idle time: 20d 17h 25m 9s. CPU 3, idle time: 20d 16h h 46m 52s.
20m 6s, system time: 4h 10m 19s, user time: 3h 48m 28s, system time: 3h 28m 49s, user time: 4 9m 42s, system time: 3h 50m 52s, user time: 3h 15m 59s, system time: 3h 21m 53s, user time: 4
memory -------------------------------status: green info: Physical memory, total 8174168, used 6257768, free 1916400. Swap memory, total 2096472, used 192, free 2096280. cifs -------------------------------status: green info: Optimization is enabled <<this is a partial example>>
Product Related Topics
Steelhead appliance show info, show stats alarm
show rsp
Description Syntax Parameters Displays RSP settings. show rsp None
78
Riverbed Command-Line Interface Reference Manual
show rsp backups
User-Mode Commands
Example
amnesiac > show rsp Supported: Yes Installed: Yes Release: 6.0.0 Enabled: Yes State: Running Disk Space: 5.62 GB used / 92.82 GB free / 98.44 GB total Memory: 0 MB used / 128 MB free / 128 MB total
Product Related Topics
Steelhead appliance RSP Commands
show rsp backups
Description Syntax Parameters Example Displays RSP backup files. show rsp backups None
amnesiac > show rsp backups Backups: No backups.
Product Related Topics
Steelhead appliance RSP Commands
show rsp clones
Description Syntax Parameters Example Displays RSP clone operations in progress. show rsp clones None
amnesiac > show rsp clones Clone Transfers: No clone transfers.
Product Related Topics
Steelhead appliance RSP Commands, show rsp clones server, show rsp clones status
show rsp clones server
Description Syntax Parameters Displays the settings for listening for remote RSP clones. show rsp clones server None
Riverbed Command-Line Interface Reference Manual
79
User-Mode Commands
show rsp clones status
Example Product Related Topics
amnesiac > show rsp clones server Password set; Incoming clone transfers enabled
Steelhead appliance RSP Commands, show rsp clones server, show rsp clones status
show rsp clones status
Description Syntax Parameters Example Displays the most recent status by slot for RSP clone operations. show rsp clones status None
amnesiac > show rsp clones status Slot 1: Last incoming HA sync status: N/A Last outgoing HA sync status: N/A Slot 2: Last incoming HA sync status: Status: 0 Status String: Slot cloned successfully. Time Operation Started: 2010/03/16 16:59:46 Duration of Operation: 855 Transfer Host: dugas-sh159 Last outgoing HA sync status: N/A <<Output continues to show status for each slot>>
Product Related Topics
Steelhead appliance RSP Commands, show rsp clones, show rsp clones server
show rsp dataflow
Description Syntax Parameters Usage Displays RSP settings. show rsp <cr> | <dataflow> <dataflow> Specify the dataflow to display. For example: inpath0_0
Use the dataflow option to display RSP dataflow settings. Each RSP package uses its own RSP network interfaces to communicate. These network interfaces are matched with the physical intercept points that create VNIs. VNIs are network taps that enable data flow in and out of the RSP packages. VNIs act as the connection points for the LAN, WAN, primary, and auxiliary interfaces on the Steelhead appliance.
80
Riverbed Command-Line Interface Reference Manual
show rsp images
User-Mode Commands
Example
amnesiac > show rsp Supported: Yes Installed: Yes Release: 6.0.0 Enabled: Yes State: Running Disk Space: 13.54 GB used / 163.64 GB free / 177.18 GB total Memory: 0 MB used / 128 MB free / 128 MB total amnesiac > show rsp inpath0_0 Dataflow inpath0_0: # -1 VNI -----------------------------lan0_0 RiOS0_0 wan0_0 Type -------RiOS
An "X" means the VNI is not in effect. Possible reasons include the slot is disabled/uninstalled, the VNI is invalid, etc.
Product Related Topics
Steelhead appliance RSP Commands
show rsp images
Description Syntax Parameters Displays RSP installation images on the disk. show rsp images RSP installation images contain the software that must installed before you can enable RSP functionality on the Steelhead appliance. You can download multiple RSP installation images, but you can only install one at any one time.
amnesiac > show rsp images RSP Installation images: RSP Image 1 File: rsp-image.img Version: rbt_sh guam-i386-latest-39316 #0 2008-10-16 04:06:43 i386 root@paris:svn://svn/mgmt/trunk RSP Installed image: 4.0 rbt_sh guam-i386-latest-39316 #0 2008-10-16 04:06:43 i386 root@pa ris:svn://svn/mgmt/trunk
Example
Product Related Topics
Steelhead appliance RSP Commands
show rsp opt-vni
Description Syntax Parameters Displays optimization virtual network interfaces (VNIs). show rsp opt-vni <VNI name> <cr> | rules <vni name> rules Specify the virtual network interface name. Displays configured rules for the optimization virtual network interface.
Riverbed Command-Line Interface Reference Manual
81
User-Mode Commands
show rsp package
Example
amnesiac > show rsp opt-vni RiOS0_0 VNI RiOS0_0: LAN # --1 2 3 WAN # --1 to WAN direction: Type Source Addr -------- -----------------pass all redirect all copy 123.123.123.0/24
Source Port ----------all 12345-54321 all
Dest Addr -----------------all all 123.123.123.123/32
Dest Port ----------1956 all all
Proto ----UDP all 24
to LAN direction: Type Source Addr Source Port Dest Addr Dest Port Proto -------- ------------------ ----------- ------------------ ----------- ----redirect 1.1.1.1/32 12-23 4.4.4.4/32 6621 TCP
Product Related Topics
Steelhead appliance RSP Commands
show rsp package
Description Syntax Parameters Example Displays a third-party package installed on the Steelhead appliance. show rsp package <package> Specify the package filename.
amnesiac > show rsp package Package my-package.pkg: Valid: Yes Name: Uncompressed size: Version: Encrypted: Description: My package [partial output] my 1.05MB 1 No
Product Related Topics
Steelhead appliance RSP Commands
show rsp packages
Description Syntax Parameters Example Displays RSP packages. show rsp packages None
amnesiac > show rsp packages Packages: my-package.pkg his-package.pkg another-package.pkg
82
Riverbed Command-Line Interface Reference Manual
show rsp slot
User-Mode Commands
Product Related Topics
Steelhead appliance RSP Commands
show rsp slot
Description Syntax Parameters Example Displays a specified RSP slot. show rsp slot <slot name> <slot name> Specify the slot name. The default names are 1, 2, 3, 4, 5
amnesiac > show rsp slot 1 Slot 1: Package: Name: Tiny Version: 1 Description: Tiny package Enabled: No Priority: Normal Clone Restore Pending: No Memory Size: 128 (MB) Slot Size on Disk: 1.05 MB Attached Disks: Name -----------------------------tiny Total Attached Disk Space: Watchdog: Slot Status: Timeout: Startup Grace Period: VNI Policy on fail: VM Reboot on fail: Ping Monitoring: Ping Interval: IP: Heartbeat Monitoring: Heartbeat Port:
Size ---------1.00 MB 1.00 MB
Adapter Bus -------- ----IDE 0:0
Not Applicable (Slot is not enabled) 10 second(s) 60 second(s) Bypass-on-failure No Disabled 5 second(s) 0.0.0.0 Not supported None
Optimization VNIs: Name -----------------------------1:QALanBridge 1:QAWanBridge
T L W
I R R
N R R
VLAN ----none none
MAC ----------------00:0C:29:4F:9F:B1 00:0C:29:4F:9F:BB
(T) Type: L=Lan W=Wan V=V-Inpath (I) Default IP Policy: P=Pass R=Redirect C=Copy (N) Default Non-IP Policy: P=Pass R=Redirect C=Copy Management VNIs: Name ----------------------------------1:QABridgeMgmt
L=L2-Switch L=L2-Switch
Bridged To ---------primary
MAC ----------------00:0C:29:4F:9F:A7
Riverbed Command-Line Interface Reference Manual
83
User-Mode Commands
show rsp slots
Product Related Topics
Steelhead appliance RSP Commands
show rsp slots
Description Syntax Parameters Example Displays RSP slots. show rsp slots None
amnesiac > show rsp slots Slot 1: Vacant. --------------------------------------------------------------------------Slot 2: Vacant. --------------------------------------------------------------------------Slot 3: Vacant. --------------------------------------------------------------------------Slot 5: Vacant. --------------------------------------------------------------------------Slot myslot: Vacant. ---------------------------------------------------------------------------
Product Related Topics
Steelhead appliance RSP Commands
show rsp vmware
Description Syntax Parameters Displays VMware server information. show rsp vmware log hostd [index <index>] | web-access log hostid index <index> web-access Displays VMware Server host agent logs. Optionally, specify the host agent log index. The index is an optional number that requests a numbered virtual machine log. Displays the URL for VMware server as it is running on the Steelhead appliance. It also displays the VMware SSL certificate details for the Steelhead appliance.
84
Riverbed Command-Line Interface Reference Manual
show rsp vnis
User-Mode Commands
Example
amnesiac > show rsp vmware web-access URL: http://MyTestSite.MyLab.MyDomain.com:8222 Certificate: Issued To: Common Name: Email: Organization: Organization Unit: Locality: State: Country: [partial output]
MyTestSite [email protected] VMware, Inc. VMware Management Interface Palo Alto California US
Product Related Topics
Steelhead appliance RSP Commands
show rsp vnis
Description Syntax Parameters Example Displays RSP optimization and management VNIs. show rsp vnis None
amnesiac > show rsp vnis Optimization VNIs: RiOS0_0 (type: RiOS, VLAN: None) Management VNIs: No management VNIs.
Product Related Topics
Steelhead appliance RSP Commands
show scep service
Description Syntax Parameters Example Product Related Topics Displays SCEP service status. show scep service None
amnesiac > show scep service
Steelhead appliance scep service restart
Riverbed Command-Line Interface Reference Manual
85
User-Mode Commands
show secure-peering
show secure-peering
Description Syntax Parameters Example Displays secure peering settings. show secure-peering None
amnesiac > show secure-peering Traffic Type To Encrypt: ssl-only Fallback To No Encryption: Not Applicable for 'ssl-only' Certificate Details: Issued To: Common Name: Organization: Locality: State: Country: Serial Number: Issued By: Common Name: Organization: Locality: State: Country: Validity: Issued On: Expires On: Fingerprint: SHA1: Key: Type: Size (Bits): <<partial example>>
Steelhead D34ST0005C00C Riverbed Technology, Inc. San Francisco California -cd:XX:e8:30:dd:XX:2c:XX Steelhead D34ST0005C00C Riverbed Technology, Inc. San Francisco California -Nov 12 22:36:10 2009 GMT Nov 12 22:36:10 2011 GMT 3F:XX:C6:27:C5:XX:XX:2B:D4:XX:0C:F6:0F:9E:FA:F2:1A:XX:B7:XX RSA 1024
Product Related Topics
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering black-lst-peer
Description Syntax Parameters Example Product Related Topics Displays self-signed black list peers in secure peering. show secure-peering black-lst-peer <ip-addr> <ip-addr> Specify the address of the black list peer.
amnesiac > show secure-peering black-lst-peer 10.0.0.1
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
86
Riverbed Command-Line Interface Reference Manual
show secure-peering black-lst-peers
User-Mode Commands
show secure-peering black-lst-peers
Description Syntax Parameters Example Product Related Topics Displays self-signed black list peers. show secure-peering black-lst-peer None
amnesiac > show secure-peering black-lst-peers
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering ca
Description Syntax Parameters Displays a specified peering CA certificate. show secure-peering ca <cert-name> certificate [raw | text] <cert-name> certificate [raw | text] Example Product Related Topics Specify the certificate name. Specify the format for the certificate.
amnesiac > show secure-peering ca Go_Daddy_Class_2 raw
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering cas
Description Syntax Parameters Example Product Related Topics Displays all configured secure peering CA certificates. show secure-peering cas None
amnesiac > show secure-peering cas
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering certificate
Description Syntax Displays a certificate. show secure-peering certificate <cr> [raw | text]
Riverbed Command-Line Interface Reference Manual
87
User-Mode Commands
show secure-peering cipher-strings
Parameters Example Product Related Topics
[raw | text]
Specify the format for the certificate.
amnesiac > show secure-peering certificate raw
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering cipher-strings
Description Syntax Parameters Example Displays a cipher. show secure-peering cipher-strings <cr> | verbose verbose Displays detailed information for the cipher string.
amnesiac > show secure-peering cipher-strings # Cipher String/Suite Name --- -----------------------------1 DEFAULT
Product Related Topics
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering crl
Description Syntax Parameters Displays a certificate. show secure-peering crl ca <string> <cr> | cas <cr> | [crl-file <filename> text] ca <string> cas <cr> crl-file <filename> text Example Product Related Topics Specify the name of a secure peering CA certificate Displays the CRL polling status of secure peering CAs. Specify the name of the CRL file to display in text format.
amnesiac > show secure-peering crl ca Go_Daddy_Class_2 cas
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering crl report ca
Description Syntax Parameters Displays a certificate. show secure-peering crl report ca <string> <string> Specify the name of a secure peering CA certificate
88
Riverbed Command-Line Interface Reference Manual
show secure-peering gray-lst-peer
User-Mode Commands
Example Product Related Topics
amnesiac > show secure-peering crl report ca Go_Daddy_Class_2
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering gray-lst-peer
Description Syntax Parameters Example Product Related Topics Displays self-signed gray list peers. show secure-peering gray-lst-peer <ip-addr> <ip-addr> Specify the address of the gray list peer.
amnesiac > show secure-peering gray-lst-peer 10.0.0.1
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering gray-lst-peers
Description Syntax Parameters Example Product Related Topics Displays self-signed gray list peers. show secure-peering gray-lst-peers None
amnesiac > show secure-peering gray-lst-peers
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering mobile-trust
Description Syntax Parameters Displays a trusted Steelhead Mobile Controller entities that can sign certificates for Steelhead Mobile clients. show secure-peering mobile-trust <cert-name> certificate <cr> | [raw | text] <cert-name> certificate [raw | text] Example Specify the certificate name. Displays the certificate. Displays the certificate in raw PEM or full detailed (text) format.
amnesiac > show secure-peering mobile-trust Wells_Fargo certificate
Riverbed Command-Line Interface Reference Manual
89
User-Mode Commands
show secure-peering mobile-trusts
Product Related Topics
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering mobile-trusts
Description Syntax Parameters Example Product Related Topics Displays trusted Steelhead Mobile Controller entities that may sign certificates for Steelhead Mobile clients. show secure-peering mobile-trusts None
amnesiac > show secure-peering mobile-trusts
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering scep
Description Syntax Parameters Example Product Related Topics Displays SCEP information. show secure-peering scep None
amnesiac > show secure-peering scep
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering scep auto-reenroll csr
Description Syntax Parameters Example Product Related Topics Displays the automatic re-enrollment CSR. show secure-peering scep auto-reenroll csr None
amnesiac > show secure-peering scep auto-reenroll csr
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
90
Riverbed Command-Line Interface Reference Manual
show secure-peering scep auto-reenroll last-result
User-Mode Commands
show secure-peering scep auto-reenroll last-result
Description Syntax Parameters Example Product Related Topics Displays the result of the last completed automatic re-enrollment. show secure-peering scep auto-reenroll last-result None
amnesiac > show secure-peering scep auto-reenroll last-result
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering scep ca
Description Syntax Parameters Example Product Related Topics Displays a specified SCEP peering CA certificate. show secure-peering scep ca <cert-name> certificate <cert-name> certificate Specify the certificate name.
amnesiac > show secure-peering scep ca Go_Daddy_Class_2
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering scep enrollment status
Description Syntax Parameters Example Product Related Topics Displays SCEP enrollment status. show secure-peering scep enrollment status None
amnesiac > show secure-peering scep enrollment status
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering scep on-demand csr
Description Syntax Parameters Displays SCEP on-demand enrollment information. show secure-peering scep on-demand csr None
Riverbed Command-Line Interface Reference Manual
91
User-Mode Commands
show secure-peering scep on-demand last-result
Example Product Related Topics
amnesiac > show secure-peering scep on-demand csr
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering scep on-demand last-result
Description Syntax Parameters Example Product Related Topics Displays the result of the last completed on-demand enrollment. show secure-peering scep on-demand last-result None
amnesiac > show secure-peering scep on-demand last-result
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering white-lst-peer
Description Syntax Parameters Example Product Related Topics Displays self-signed white list peers. show secure-peering white-lst-peer <ip-addr> <ip-addr> Specify the address of the white list peer.
amnesiac > show secure-peering white-lst-peer 10.0.0.1
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
show secure-peering white-lst-peers
Description Syntax Parameters Example Product Related Topics Displays self-signed white list peers. show secure-peering white-lst-peers None
amnesiac > show secure-peering white-lst-peers
Steelhead appliance Secure Peering (Secure Inner Channel) Commands
92
Riverbed Command-Line Interface Reference Manual
show service
User-Mode Commands
show service
Description Syntax Parameters Example Product Related Topics Displays the state of the Steelhead service. show service None
amnesiac > show service Optimization Service: Running
Steelhead appliance System Administration and Service Commands
show service connection pooling
Description Syntax Parameters Example Product Related Topics Displays connection pooling settings. show service connection pooling None
amnesiac > show service connection pooling Connection Pooling Max Pool Size: 20
Steelhead appliance Connection Pooling Commands
show service neural-framing
Description Syntax Parameters Example Displays neural framing settings. show service neural-framing None
amnesiac > show service neural-framing Enable Computation of Neural heuristics: no amnesiac >
Product Related Topics
Steelhead appliance In-Path and Virtual In-Path Support Commands
show service ports
Description Syntax Parameters Displays service port settings. show service ports None
Riverbed Command-Line Interface Reference Manual
93
User-Mode Commands
show snmp
Example
amnesiac > show service ports Service ports: 7800 (default) 7810 amnesiac >
Product Related Topics
Steelhead appliance System Administration and Service Commands
show snmp
Description Syntax Parameters Example Displays SNMP server settings. show snmp None
amnesiac > show snmp SNMP enabled: yes System location: System contact: Read-only community: public Traps enabled: yes No trap sinks configured.
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Notification Commands
show ssh client
Description Syntax Parameters Example Product Related Topics Displays the client settings. show ssh client None
amnesiac > show ssh client SSH server enabled: yes
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Secure Shell Access Commands
show ssh server
Description Syntax Parameters Displays the ssh server. show ssh server [publickey] publickey Display SSH server-public host key.
94
Riverbed Command-Line Interface Reference Manual
show stats alarm
User-Mode Commands
Example
amnesiac > show ssh server publickey SSH server public key: ssh-rsa AAAAB3NzaC1yc2XXXXXXXwAAAQEAwz7zKAc1NbTKSp40mRg7J 9YV5CeoGRQoCEPS17ValtEQbepaQygdifueiejht39837482y74982u7ridejbvgiIYZs/E23zmn212kj dXFda8zJxJm07RIKOxNDEBUbAUp8h8dkeiejgfoeoriu39438598439gfjeNLfhjWgh1dzeGYycaAoEA K21Igg+Sg0ELGq2cJ8mMzsSsCq5PnOmj63RAMuRgBdrtBdIAd32fy642PQJveqtfl7MBN6IwTDECRpex F3Ku98pRefc2h0u44VZNT9h4tXCe8qHpuO5k98oA
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Secure Shell Access Commands
show stats alarm
Description Syntax Parameters Example Displays alarm status. For detailed information about alarms, see the Steelhead Management Console Users Guide. show stats alarm None
amnesiac > show stats alarm Alarm Id: admission_conn Alarm Description: Admission Control - Connection Limit Status: ok ----------------------------------------Alarm Id: admission_cpu Alarm Description: Admission Control - CPU Status: ok ----------------------------------------Alarm Id: admission_mapi Alarm Description: Admission Control - MAPI Status: ok ----------------------------------------Alarm Id: admission_mem Alarm Description: Admission Control - Memory Status: ok ----------------------------------------Alarm Id: admission_tcp Alarm Description: Admission Control - TCP Status: ok ----------------------------------------Alarm Id: arcount Alarm Description: Asymmetric Routing Status: ok ----------------------------------------Alarm Id: bypass Alarm Description: Network Bypass Status: ok ----------------------------------------<<this is a partial listing>>
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller stats alarm
Riverbed Command-Line Interface Reference Manual
95
User-Mode Commands
show stats bandwidth
show stats bandwidth
Description Syntax Parameters Displays the bandwidth statistics. show stats bandwidth {[<port> | all] [bi-directional |lan-to-wan | wan-to-lan] [1min | 5min | hour | day | week | month]} <port> | all bi-directional | lan-to-wan | wan-to-lan 1min | 5min | hour | day | week | month Example Specify all ports or a specified port. Specify the traffic type.
Specify the time period.
amnesiac > show stats bandwidth all lan-to-wan hour WAN Data: 0 Bytes LAN Data: 0 Bytes Data Reduction: 0% Data Reduction Peak: 0% Data Reduction Peak Time: Capacity Increase: 1X
Product Related Topics
Steelhead appliance In-Path and Virtual In-Path Support Commands
show stats conn-pool
Description Syntax Parameters Displays the connection pooling statistics. show stats conn-pool {1min | 5min | hour | day | week | month} 1min | 5min | hour | day | week | month Specify the time period.
Example
amnesiac > show stats conn-pool week Total Connection Pool: Connection Hit : Connection Hit Ratio:
0 0
Product Related Topics
Steelhead appliance Connection Pooling Commands
show stats connections
Description Syntax Displays connection statistics. show stats connections {1min | 5min | hour | day | week | month}
96
Riverbed Command-Line Interface Reference Manual
show stats cpu
User-Mode Commands
Parameters
1min | 5min | hour | day | week | month
Specify the time period.
Example
amnesiac > show stats connections hour Avg Total Optimized: 0 Peak Total Optimized: 0 (2008/10/17 17:26:23) Avg Established: 0 Peak Established: 0 (2008/10/17 17:26:23) Avg Half Opened: 0 Peak Half Opened: 0 (2008/10/17 17:26:23) Avg Half Closed: 0 Peak Half Closed: 0 (2008/10/17 17:26:23) Avg Active Optimized: 0 Peak Active Optimized: 0 (2008/10/17 17:26:23) Avg Pass Through: 0 Peak Pass Through: 0 (2008/10/17 17:26:23) Avg Forwarded: 0 Peak Forwarded: 0 (2008/10/17 17:26:23)
Product Related Topics
Steelhead appliance In-Path and Virtual In-Path Support Commands
show stats cpu
Description Syntax Parameters Example Displays connection pooling statistics. show stats cpu None
amnesiac > show stats cpu CPU 1 Utilization: 3% Peak Utilization Last Hour: 10% at 2008/10/17 18:10:03 Avg. Utilization Last Hour: 4% CPU 2 Utilization: 7% Peak Utilization Last Hour: 9% at 2008/10/17 17:43:13 Avg. Utilization Last Hour: 4%
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show stats memory
show stats datastore
Description Syntax Displays data store statistics. show stats datastore [1min | 5min | hour | day | week | month]
Riverbed Command-Line Interface Reference Manual
97
User-Mode Commands
show stats dns
Parameters
1min | 5min | hour | day | week | month
Optionally, specify the time period.
Example
amnesiac > show stats datastore hour Total Hits: 0 Misses: 0
Product Related Topics
Steelhead appliance Data Store Configuration Commands
show stats dns
Description Syntax Parameters Displays the DNS statistics. show stats dns {1min | 5min | hour | day | week | month} 1min | 5min | hour | day | week | month Specify the time period.
Example
amnesiac > show stats dns hour Total Requests: 0 Cache Hit Rate: 0% Average Cache Entries: 0 Average Cache Usage: 0 Bytes
Product Related Topics
Steelhead appliance DNS Cache Commands
show stats ecc-ram
Description Syntax Parameters Example Product Related Topics Displays the ECC error counts. show stats ecc-ram None
amnesiac > show stats ecc-ram No ECC memory errors have been detected
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show stats memory
show stats fan
Description Syntax Displays the fan statistics. show stats fan
98
Riverbed Command-Line Interface Reference Manual
show stats http
User-Mode Commands
Parameters Example
None
amnesiac > show FanId RPM 1 3825 2 3750 stats fan Min RPM Status 750 ok 750 ok
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show hardware error-log
show stats http
Description Syntax Parameters Example Displays HTTP statistics. show stats http None
amnesiac > show stats http ---HTTP Prefetch Stats--Objects Requested: Parse-and-Prefetch Hits: Metadata Hits: URL Learning Hits: Total Hits: Total Misses: Parse-and-Prefetch Hit %: Metadata Hit %: URL Learning Hit %: Total Hit %:
0 0 0 0 0 0 0.000000 0.000000 0.000000 0.000000
Product Related Topics
Steelhead appliance High-Speed TCP Support Commands
show stats memory
Description Syntax Parameters Example Displays memory statistics. show stats memory None
amnesiac > show stats memory Total Swapped Over Last Hour: Average Swapped Over Last Hour: Peak Swapped Over Last Hour: Peak Swapped Time: 0 pages 0 pages 0 pages 2008/10/17 17:37:41
Riverbed Command-Line Interface Reference Manual
99
User-Mode Commands
show stats neighbor-fwd
Product Related Topics
Steelhead appliance show stats ecc-ram
show stats neighbor-fwd
Description Syntax Parameters Displays connection forwarding statistics. For detailed information about alarms, see the Steelhead Management Console Users Guide. show stats neighbor-fwd {[<port> | all] [packet | byte] [1min | 5min | hour | day | week | month]} <port> | all packet | byte 1min | 5min | hour | day | week | month Example Specify the all ports or a specified port. Specify the data type. Specify the time period.
amnesiac > show stats neighbor-fwd packet hour Total Sent: 0 packets Data Sent Peak: 0 packets Data Sent Peak Time: 2008/10/17 17:42:20
Product Related Topics
Steelhead appliance Connection Forwarding
show stats nfs
Description Syntax Parameters Displays connection forwarding statistics. For detailed information about alarms, see the Steelhead Management Console Users Guide. show stats nfs {[<port> | all] [1min | 5min | hour | day | week | month]} <port> | all 1min | 5min | hour | day | week | month Example Specify the all ports or a specified port. Specify the time period.
amnesiac > show stats nfs all week Locally Served: 0 calls Remotely Served: 0 calls Delay Response: 0 calls Data Reduction: 0% Data Reduction Peak: 0% Data Reduction Peak Time: 2009/09/09 14:34:23 Capacity Increase: 1X
Product Related Topics
Steelhead appliance protocol ftp port enable
100
Riverbed Command-Line Interface Reference Manual
show stats pfs
User-Mode Commands
show stats pfs
Description Syntax Parameters Displays PFS statistics. show stats pfs {[<port> | all] [1min | 5min | hour | day | week | month]} <port> | all 1min | 5min | hour | day | week | month Example Specify the all ports or a specified port. Specify the time period.
amnesiac > show stats pafs all hour Byte Sent: 0 Bytes Data Sent Peak: 0 Bytes Data Sent Peak Time: Byte Recv: 0 Bytes Data Recv Peak: 0 Bytes Data Recv Peak Time:
Product Related Topics
Steelhead appliance PFS Support Commands
show stats qos
Description Syntax Parameters Displays QoS statistics. show stats qos {[<port> | all] [packet | byte] [1min | 5min | hour | day | week | month]} <port> | all packet | byte} 1min | 5min | hour | day | week | month Example Specify the all ports or a specified port. Specify the data type. Specify the time period.
amnesiac > show stats qos all packet hour Total Sent: 0 packets Total Drop: 0 packets
Product Related Topics
Steelhead appliance QoS Support Commands
show stats rsp
Description Syntax Displays RSP statistics. show stats rsp {[all-opt-vnis | opt-vni <vin-name>] [side lan | wan | package] [period 1min | 5min | hour | day | week | month]}
Riverbed Command-Line Interface Reference Manual
101
User-Mode Commands
show stats settings bandwidth
Parameters
all-opt-vnis opt-vni <vni> side lan | wan | package period 1min | 5min | hour | day | week | month
Display RSP statistics for all VNIs. Display RSP VNI statistics for the specified VNI, for example RiOS. Displays the statistics for the specified interface. For example, the WAN side.
Specify the time period.
Example
amnesiac > show stats rsp all-opt-vnis period hour VNI: RiOS0_0 Interface: lan Bytes in: 0 Packets in: Bytes out: 0 Packets out: VNI: RiOS0_0 Interface: wan Bytes in: 0 Bytes out: 0
0 0
Packets in: Packets out:
0 0
VNI: RiOS0_0 Interface: package Bytes in: 0 Packets in: Bytes out: 0 Packets out:
0 0
Product Related Topics
Steelhead appliance RSP Commands
show stats settings bandwidth
Description Syntax Parameters Displays settings used to generate statistics. show stats settings bandwidth ports | top-talkers ports top-talkers Example Displays monitored ports. Displays Top Talker settings.
amnesiac > show stats settings bandwidth ports Monitoring the following ports: 21 FTP 80 HTTP 139 CIFS:NetBIOS 443 SSL 445 CIFS:TCP 1352 Lotus Notes 1433 SQL:TDS 7830 MAPI 8777 RCU 10566 SnapMirror
Product Related Topics
Steelhead appliance Top Talkers Commands
102
Riverbed Command-Line Interface Reference Manual
show stats ssl
User-Mode Commands
show stats ssl
Description Syntax Parameters Displays SSL statistics. show stats ssl {1min | 5min | hour | day | week | month} 1min | 5min | hour | day | week | month Specify a time period.
Example
amnesiac > show stats ssl hour Total Connection Requests: Successful Requests: Failed Requests: Average Connections/Second: Peak Connections/Second: Number of Current Connections: tcfe52 >
0 0 0 0 0 0
connections connections connections connections per second connections per second
Product Related Topics
Steelhead appliance SSL Support Commands, Secure Peering (Secure Inner Channel) Commands
show stats throughput
Description Syntax Parameters Displays throughput statistics. show stats throughput {[<port> | all] [bidirectional | lan-to-wan | wan-to-lan] [1min | 5min | hour | day | week | month]} <port> | all bidirectional | lan-to-wan | wan-to-lan 1min | 5min | hour | day | week | month Example Specify the all ports or a specified port. Specify the traffic type.
Specify a time period.
amnesiac > show stats throughput all lan-to-wan hour LAN Link Throughput Average Throughput: 0 bps 95th Percentile Throughput: 0 bps Peak Throughput: 0 bps Peak Throughput Time: 2008/10/18 10:56:30
WAN Link Throughput Average Throughput: 95th Percentile Throughput: Peak Throughput: Peak Throughput Time:
0 bps 0 bps 0 bps 2008/10/18 10:56:30
Product Related Topics
Steelhead appliance Statistics Manipulation Commands
Riverbed Command-Line Interface Reference Manual
103
User-Mode Commands
show stats top-talkers
show stats top-talkers
Description Syntax Parameters Displays top talkers statistics. show stats top-talkers <cr> | [end-time <YYYY/MM/DD HH:MM:SS>] | [start-time <YYYY/ MM/DD HH:MM:SS>] end-time <YYYY/MM/ DD HH:MM:SS> start-time <YYYY/MM/ DD HH:MM:SS> Example Product Related Topics Specify the end time period for top talkers. Use the following format: YYYY/ MM/DD HH:MM:SS
Specify the start and end time period for top talkers. Use the following format: YYYY/MM/DD HH:MM:SS
amnesiac > show stats top-talkers end-time 2008/09/10 05:00:00
Steelhead appliance Top Talkers Commands
show stats top-talkers protocol
Description Syntax Displays top talkers protocol statistics. show stats top-talkers protocol {[tcp | udp | both] <cr>] | [start-time <starttime> end-time <endtime>] <cr> | [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only]} protocol tcp | udp | both] <cr>] [start-time <starttime>] | [endtime <endtime>] report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] Displays top talkers for the specified protocol: TCP, UDP, or both. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS Display report statistics for the specified protocol. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS For detailed information about report types, see show stats top-talkers report on page 105.
Parameters
Example Product Related Topics
amnesiac > show stats top-talkers protocol tcp start-time 2008/09/09 00:00:00 endtime 2008/09/29 00:00:00
Steelhead appliance Top Talkers Commands
104
Riverbed Command-Line Interface Reference Manual
show stats top-talkers report
User-Mode Commands
show stats top-talkers report
Description Syntax Displays top talkers report statistics. show stats top-talkers {[report conversation <cr>] | dest_host_only <cr> | src_host_only <cr> | ignore_ports <cr> | dest_host_only | app_port_only] <cr> | [start-time <start-time> end-time <end-time>]} conversation <cr> [starttime <starttime> endtime <endtime>] dest_host_o nly <cr> [start-time <start-time> end-time <end-time>] src_host_onl y <cr> [starttime <starttime> endtime <endtime>] ignore_ports <cr> [starttime <starttime> endtime <endtime>] dest_host_o nly <cr> [start-time <start-time> end-time <end-time>] app_port_on ly <cr> [start-time <start-time> end-time <end-time>] Example Product Related Topics Displays top talkers with IP address and ports. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Parameters
Display top destinations receiving traffic. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Display top sources generating traffic. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Displays the top talkers while ignoring ports. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Displays top destinations receiving traffic. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Display the top applications carrying traffic Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
amnesiac > show stats top-talkers report conversation
Steelhead appliance Top Talkers Commands
Riverbed Command-Line Interface Reference Manual
105
User-Mode Commands
show stats top-talkers top-n
show stats top-talkers top-n
Description Syntax Parameters Displays the statistics for the specified number of top talkers. show stats top-talkers top-n <top-number> <cr> | [protocol *] [traffic *] [report *] [start-time *] [end-time *] [start-time <start time> endtime <end time>] [protocol [tcp | udp | both] <cr>] | [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>]] | [start-time <starttime>] | [end-time <endtime>]] [traffic [optimized | passthrough | both] <cr>] | [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>] | [start-time <starttime> end-time <endtime>]] [report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] end-time <endtime> starttime <starttime>]] Example Product Related Topics Specify the start time period for top talkers. Use the following format: YYYY/MM/DD HH:MM:SS Specify the protocol type and optionally the report and the start and end time. Use the following format for the start and end time: YYYY/ MM/DD HH:MM:SS For details about protocol types, see show stats top-talkers traffic on page 106
Specify the traffic type and optionally the report and the start and end time. Use the following format for the start and end time: YYYY/ MM/DD HH:MM:SS For details about traffic types, see show stats top-talkers traffic on page 106
Specify the report type and optionally the start and end time period for top talkers. Use the following format for the start and end time: YYYY/ MM/DD HH:MM:SS For details about report types, see show stats top-talkers report on page 105
amnesiac > show stats top-talkers top-n 5 report conversation start-time 2008/09/ 09 00:00:00 end-time 2008/09/29 00:00:00
Steelhead appliance Top Talkers Commands
show stats top-talkers traffic
Description Syntax Displays top talkers traffic statistics. show stats top-talkers traffic [optimized | pass-through | both] <cr>] | [report {conversation | src_host_only | ignore_ports | dest_host_only | app_port_only} | end-time <endtime> starttime <starttime>]] | start-time <starttime> end-time <endtime>]
106
Riverbed Command-Line Interface Reference Manual
show stats traffic optimized
User-Mode Commands
Parameters
[optimized | passthrough | both]
Displays top talkers with the specified traffic type: optimized, passthrough, or both. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
[report [conversation | src_host_only | ignore_ports | dest_host_only | app_port_only] endtime <endtime> starttime <starttime>] [start-time <starttime> end-time <endtime>]
Display report statistics for the specified protocol. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS For detailed information about report types, see show stats toptalkers report on page 105. Displays the top talkers while ignoring ports. Optionally, specify the start and end time. Use the following format: YYYY/MM/DD HH:MM:SS
Example Product Related Topics
amnesiac > show stats top-talkers traffic optimized report conversation start-time 2008/09/09 00:00:00 end-time 2008/09/29 00:00:00
Steelhead appliance Top Talkers Commands
show stats traffic optimized
Description Syntax Parameters Displays the optimized traffic statistics. show stats traffic optimized {[bi-directional | lan-to-wan | wan-to-lan] [1min | 5min | hour | day | week | month]} bi-directional | lan-to-wan | wan-to-lan 1min | 5min | hour | day | week | month Example Specify the traffic type.
Specify the time period.
amnesiac > show stats traffic optimized lan-to-wan week Port Rdx% LAN Data WAN Data Trf% ------------------------------- ------ ---------- ---------- -----Total Traffic 3 MB 3.7 MB Lotus Notes (1352) 0.00% 3 MB 3.7 MB 100.00%
Product Related Topics
Steelhead appliance Statistics Manipulation Commands
show stats traffic passthrough
Description Syntax Displays the pass-through traffic statistics. show stats traffic passthrough {1min | 5min | hour | day | week | month}
Riverbed Command-Line Interface Reference Manual
107
User-Mode Commands
show subnet side rules
Parameters
1min | 5min | hour | day | week | month
Specify the time period.
Example
amnesiac > show stats traffic passthrough week Port Rdx% LAN Data WAN Data Trf% ------------------------------- ------ ---------- ---------- -----Total Traffic 290.7 MB 290.7 MB Lotus Notes (1352) 0.00% 290.7 MB 290.7 MB 100.00%
Product Related Topics
Steelhead appliance Statistics Manipulation Commands
show subnet side rules
Description Syntax Parameters Example Displays subnet-side rule settings. show subnet side rules None
amnesiac > show subnet side rules Rule Network Prefix Type ---- ------------------ ---1 all WAN
Product Related Topics
Steelhead appliance Subnet-Side Rule Commands
show tcp highspeed
Description Syntax Parameters Example Product Related Topics Displays HS-TCP settings. show tcp highspeed None
amnesiac > show tcp highspeed High Speed TCP enabled: no
Steelhead appliance High-Speed TCP Support Commands
show tcp max-time-out
Description Syntax Parameters Displays time-out settings for TCP connections. show tcp max-time-out None
108
Riverbed Command-Line Interface Reference Manual
show tcp reordering
User-Mode Commands
Example
amnesiac > show tcp max-time-out TCP max-time-out mode enabled: no Maximum time out value for TCP connections: 1800 secs
Product Related Topics
Steelhead appliance tcp connection send keep-alive
show tcp reordering
Description Syntax Parameters Example Displays TCP reordering information. show tcp reordering None
amnesiac > show tcp reordering TCP reordering enabled: no TCP reordering threshold: 3
Product Related Topics
Steelhead appliance tcp connection send reset
show tcp sack
Description Syntax Parameters Example Product Related Topics Displays TCP selective acknowledgement setting. show tcp sack None
amnesiac > show tcp sack TCP Selective Acknowledgment Enabled: yes
Steelhead appliance tcp connection send reset
show tcp sat-opt settings
Description Syntax Parameters Example Product Related Topics Displays the TCP satellite optimization Bandwidth Estimation Mode if enabled. show tcp sat-opt settings None
amnesiac > show tcp sat-opt settings Bandwidth Estimation Mode: disable
Steelhead appliance tcp connection send reset, tcp sat-opt bw-est mode
Riverbed Command-Line Interface Reference Manual
109
User-Mode Commands
show tcpdump-x
show tcpdump-x
Description Syntax Parameters Example Product Related Topics Displays currently running tcpdumps. show tcpdump-x None
amnesiac > show tcpdump-x No running capture
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Interceptor appliance RiOS TCP Dump Commands
show terminal
Description Syntax Parameters Example Displays terminal settings. show terminal None
amnesiac > show terminal CLI current session settings Terminal width: 80 columns Terminal length: 24 rows Terminal type: xterm
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller CLI Terminal Configuration Commands
show version
Description Syntax Parameters Displays the installed software version, including build number. show version <cr> | [concise | history] concise history Example Displays the installed software version without build information. Displays upgrade version history.
amnesiac > show version Product name: rbt_ib Product release: spitfire-1.0 Build ID: #0 Build date: 2005-10-18 16:36:45 Build arch: i386 Built by: [email protected] Uptime: 15d 19h 40m 38s Product model: System memory: 208 MB used / 3681 MB free / 3890 MB total Number of CPUs: 4 CPU load averages: 0.00 / 0.00 / 0.00
110
Riverbed Command-Line Interface Reference Manual
show wccp
User-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller image fetch, license delete
show wccp
Description Syntax Parameters Example Displays WCCP settings. show wccp None
amnesiac > show wccp WCCP Support Enabled: no WCCP Multicast TTL: 1 Service Groups(s): 91: Protocol: tcp Priority: 200 Password: Encapsulation Scheme: either Assignment Scheme: hash Weight: 1 Flags: dst-ip-hash, src-ip-hash Router(s): 1.1.1.1 amnesiac > show wccp WCCP Support Enabled: no WCCP Multicast TTL: 1 Service Groups(s): 91: Protocol: tcp Priority: 200 Password: Encapsulation Scheme: either Assignment Scheme: mask Source IP Mask: 0x1741 Destination IP Mask: 0x0 Source Port Mask: 0x0 Destination Port Mask: 0x0 Router(s): 1.1.1.1
Product Related Topics
Steelhead appliance WCCP Support Commands
show wccp interface service-group
Description Syntax Displays WCCP settings for the specified interface and service group. show wccp interface <interface> service-group <service-id> [detail]
Riverbed Command-Line Interface Reference Manual
111
User-Mode Commands
show web
Parameters
<interface> <service-id> detail
Specify the interface (i.e., inpath0_0). Specify the WCCP group number. Optionally, displays detailed information about the service group.
Usage
With multi-inpath WCCP, any interface can participate in WCCP and different interfaces can be in different service groups. Therefore, the interface must be specified. This command is the most useful troubleshooting command for WCCP status and support multiinpath WCCP. It provides the following information: what redirection, return, and assignment methods have been negotiated between the Steelhead appliance and the WCCP routers. whether the wccp override-return route-no-gre command is in use (displayed as WCCP Return via Gateway Override). if the Steelhead appliance is receiving WCCP control messages from the router (I-see-you messages). details the load distribution for either mask or hash assignment.
Example
amnesiac > show wccp interface inpath0_0 service-group 91 WCCP Support Enabled: no WCCP Multicast TTL: 1 WCCP Return Path Override: no Service Group 91 on inpath0_0: Protocol: tcp Priority: 200 Password: <no password> Encapsulation Requested: l2 Assignment Requested: either Source IP Mask: 0x1741 Destination IP Mask: 0x0 Source Port Mask: 0x0 Destination Port Mask: 0x0 Weight: 120 Hash Flags: dst-ip-hash, src-ip-hash Router IP Address: 1.1.1.1
Product Related Topics
Steelhead appliance WCCP Support Commands
show web
Description Syntax Parameters Example Displays current Web settings. show web None
amnesiac > show web web-based management console enabled: HTTP enabled: yes HTTP port: 80 HTTPS enabled: yes HTTPS port: 443 Inactivity timeout: 15 minutes Session timeout: 60 minutes Session renewal threshold: 30 minutes
112
Riverbed Command-Line Interface Reference Manual
show web prefs
User-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Web Configuration Commands
show web prefs
Description Syntax Parameters Example Displays the current Web preferences. show web prefs None
amnesiac > show web prefs Log: Lines Per Page: 100
Product Related Topics
Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Web Configuration Commands
show workgroup account
Description Syntax Parameters Example Product Related Topics Displays the current workgroup account settings. show workgroup account None
amnesiac > show workgroup account
Steelhead appliance Domain and Workgroup Commands
show workgroup configuration
Description Syntax Parameters Example Product Related Topics Displays the current workgroup configuration settings. show workgroup configuration None
amnesiac > show workgroup configuration
Steelhead appliance Domain and Workgroup Commands
Riverbed Command-Line Interface Reference Manual
113
User-Mode Commands
show workgroup status
show workgroup status
Description Syntax Parameters Example Product Related Topics Displays the current workgroup status settings. show workgroup status None
amnesiac > show workgroup status
Steelhead appliance Domain and Workgroup Commands
114
Riverbed Command-Line Interface Reference Manual
CHAPTER 3
Enable-Mode Commands
This chapter is a reference for enable-mode commands. It includes the following sections: System Administration Commands on page 115 Displaying System Data on page 132 You can perform basic system administration tasks in enable-mode. Only administrator users can perform enable-mode commands. All commands available in user-mode are also available in enable-mode. Chapter 4, Configuration-Mode Commands describes some enable commands because they are more easily understood in relationship to the feature set of which they are a part. For example, the in-path asymroute-tab flush and the in-path asym-route-tab remove commands are described with the in-path asymmetric routing commands. The usage section for these enable-mode commands remind you that you can also access these commands while in enable-mode. To enter enable-mode 1. Connect to the CLI and enter the following command:
login as: admin Riverbed Steelhead Last login: Wed Jan 20 13:02:09 2010 from 10.0.1.1 gen1-sh139 > enable gen1-sh139 #
To exit enable-mode, enter exit. For information about the exit command, see exit on page 16.
System Administration Commands
This section describes the system administration commands that are available in enable-mode. For debugging commands, see Debugging Commands on page 480.
clear arp-cache
Description Syntax Clears dynamic entries from the ARP cache. This command does not clear static entries. clear arp-cache
Riverbed Command-Line Interface Reference Manual
115
Enable-Mode Commands
clear hardware error-log
Parameters Example Product Related Topics
None
amnesiac # clear arp-cache
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show bootvar
clear hardware error-log
Description Syntax Parameters Usage Example Product Related Topics Clears IPMI System Event Log (SEL). clear hardware error-log None The amber LED light stops blinking on the system.
amnesiac # clear hardware error-log amnesiac #
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show hardware error-log
clear interface
Description Syntax Parameters Example Product Related Topics Sets the interface counters for the specified interface to 0. clear interface {<interface name> <interface name> Specify the interface name: aux, primary, lo, wan1_1, lan1_1, wan1_0, lan1_0, inpath1_0, inpath1_1, all
amnesiac # clear interface aux
Steelhead appliance, Interceptor appliance show in-path ar-circbuf
clock set
Description Syntax Parameters Example Sets the system date and time. clock set {<yyyy/mm/dd>/<hh:mm:ss>} <yyyy/mm/dd>/ <hh:mm:ss> Specify the date and time (year, month, day, hour, minutes, and seconds).
amnesiac # clock set 2003/12/31 23:59:59'
116
Riverbed Command-Line Interface Reference Manual
configure terminal
Enable-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show clock
configure terminal
Description Syntax Parameters Usage Enables configuration from the terminal by entering the configuration subsystem. You must execute the enable command first to enter configuration mode. [no] configure terminal None To exit the configuration subsystem, type exit. The no command option disables the terminal configuration. Example Product Related Topics
amnesiac # configure terminal
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show terminal, show connection
disable
Description Syntax Parameters Example Product Related Topics Exits enable-mode. disable None
amnesiac # disable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller exit
file sa delete
Description Syntax Parameters Example Product Related Topics Delete a system activity report (SAR) log file. file sa delete <filename> <filename> Specify the filename for the SAR file.
amnesiac # file sa delete 2007.12.18.23.54.sar
Steelhead appliance show files sa, show files stats
Riverbed Command-Line Interface Reference Manual
117
Enable-Mode Commands
file sa generate
file sa generate
Description Syntax Parameters Example Product Related Topics Generates a system activity report (SAR) log file. file sa generate None
amnesiac # file sa generate
Steelhead appliance show files sa, show files stats
file sa upload
Description Syntax Parameters Upload a system activity report (SAR) log file to a remote host. file sa upload <filename> <URL or scp://username:password@hostname/path/filename> <filename> <URL or scp:// username:pa ssword@hos tname/path/ filename> Example Product Related Topics Specify the name of the file to upload. Specify the destination of the file in URL or scp format.
amnesiac # file sa upload 2007.12.18.23.54.sar http://www.riverbed.com/support
Steelhead appliance show files sa, show files stats
file stats delete
Description Syntax Parameters Example Product Related Topics Deletes the statistics file. file stats delete <filename> <filename> Specify the name of the file to delete.
amnesiac # file stats delete throughput
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show files stats
118
Riverbed Command-Line Interface Reference Manual
file stats move
Enable-Mode Commands
file stats move
Description Syntax Parameters Renames the statistics file. file stats move <source filename> <destination filename> <source filename> <destination filename> Example Product Related Topics Specify the source file to rename. Specify the new filename.
amnesiac # file stats move throughput throughput2
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show files stats
file stats upload
Description Syntax Parameters Uploads the statistics report file to a remote host. file stats upload <filename> <URL, scp://, or ftp://username:password@hostname/path/filename> <filename> <URL, scp://, or ftp:// username:password@host name/path/filename> Example Product Related Topics Specify the source filename to upload. Specify the upload protocol, the location, and authentication credentials for the remote file.
amnesiac # file stats upload throughput http://www.test.com/stats
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show files stats
file tcpdump
Description Syntax Parameters Deletes or uploads a TCP dump file. file tcpdump {delete <filename> | upload <filename> <URL or scp://username:password@hostname/path/filename>} delete <filename> upload <filename> <URL or scp:// username:password@hos tname/path/filename> Example Deletes the tcpdump file. Uploads a tcpdump output file to a remote host. Specify the upload protocol, the location, and authentication credentials for the remote configuration file.
amnesiac # file tcpdump delete dumpfile amnesiac # file tcpdump upload dump http://www.test.com/stats
Riverbed Command-Line Interface Reference Manual
119
Enable-Mode Commands
image delete
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller disable, tcpdump-x all-interfaces, show hardware error-log
image delete
Description Syntax Parameters Example Product Related Topics Deletes the specified software image. image delete <image-filename> <imagefilename> Specify the name of the software image to delete.
amnesiac # image delete snkv1.0
CMC appliance, Steelhead appliance, Interceptor appliance, Steelhead Mobile Controller show images, show bootvar, show info, show version
image fetch
Description Syntax Parameters Downloads a software image from a remote host. image fetch <URL, scp://, or ftp://username:password@hostname/path/filename> <image-filename> <URL, scp://, or ftp:// username:password@ hostname/path/ filename> <image-filename> Example Product Related Topics Specify the upload protocol, the location, and authentication credentials for the remote image file. Press the Enter key to downloads the image. The image retains the same name it had on the server. Specify a local filename for the image.
amnesiac # image fetch http://www.domain.com/v.1.0 version1.0
CMC appliance, Steelhead appliance, Interceptor appliance, Steelhead Mobile Controller show images, show bootvar, show info, show version
image install
Description Syntax Parameters Installs the software image onto a system partition. image install <image-filename> <partition> <image-filename> <partition> Example Specify the software image filename to install. Specify the partition number: 1, 2.
amnesiac # image install version1.0 2
120
Riverbed Command-Line Interface Reference Manual
image move
Enable-Mode Commands
Product Related Topics
CMC appliance, Steelhead appliance, Interceptor appliance, Steelhead Mobile Controller show images, show bootvar, show info, show version
image move
Description Syntax Parameters Moves or renames an inactive system image on the hard disk. image move <source-image-name> <new-image-name> <source-imagename> <new-image-name> Example Product Related Topics Specify the name of the software image to move or rename. Specify the new name of the software image.
amnesiac # image move www.domain.com/v.1.0 version1.0
CMC appliance, Steelhead appliance, Interceptor appliance, Steelhead Mobile Controller show images, show bootvar, show info, show version
ntpdate
Description Syntax Parameters Example Product Related Topics Conducts a one-time synchronization with a specified NTP server. ntpdate <ip-addr> <ip-addr> Specify the NTP server with which to synchronize.
amnesiac # ntpdate 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show ntp
reload
Description Syntax Parameters Reboots the system. reload [clean halt] | halt | force clean halt halt force Example Clears the data store, then reboots or shuts down the system. Shuts down the system. Force an immediate reboot of the system even if it is busy.
amnesiac # reload The session will close. It takes about 2-3 minutes to reboot the appliance.
Riverbed Command-Line Interface Reference Manual
121
Enable-Mode Commands
restart
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show stats alarm
restart
Description Syntax Parameters Example Restarts the optimization service. restart [clean] clean Restarts the optimization service and clears the data store.
amnesiac # restart Terminating the process.... Relaunching the process.
Product Related Topics
Steelhead appliance show stats alarm
service enable
Description Syntax Parameters Usage Example Product Related Topics Starts the Riverbed service. [no] service enable None The no command option disables the service (that is, it disables all the configured in-path IP addresses and ports and the appliance loses its connection to the Management Console).
amnesiac # service enable
Interceptor appliance, Steelhead appliance show stats alarm
service error reset
Description Syntax Parameters Example Product Related Topics Resets the Steelhead service after a service error. service error reset None
amnesiac # service error reset
Steelhead appliance show connection, show stats alarm
122
Riverbed Command-Line Interface Reference Manual
service restart
Enable-Mode Commands
service restart
Description Syntax Parameters Example Product Related Topics Restarts the Riverbed service. service restart [clean] clean Restarts the optimization service and clears the data store.
amnesiac # service restart
Interceptor appliance, Steelhead appliance show connection, show service
stats alarm
Description Syntax Configures alarms based on sampled or computed statistics. stats alarm {<type> <options>}
Riverbed Command-Line Interface Reference Manual
123
Enable-Mode Commands
stats alarm
Parameters
<type>
admission_conn - This alarm should not be disabled. Specifies whether the system connection limit has been reached. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. admission_cpu - This alarm should not be disabled.This alarm is triggered by high CPU usage. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. admission_mapi - This alarm should not be disabled. Specifies whether the system connection limit has been reached. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. admission_mem - This alarm should not be disabled. Specifies whether the system connection memory limit has been reached. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. admission_tcp - This alarm should not be disabled. This alarm is triggered by high TCP memory usage. Additional connections are passed through unoptimized. The alarm clears when the Steelhead appliance moves out of this condition. arcount - This alarm should not be disabled. Specifies whether the system is experiencing asymmetric traffic. If the system experiences asymmetric traffic, the system detects this condition and reports the failure. The traffic is passed through, and the route appears in the Asymmetric Routing table. bypass - This alarm should not be disabled. Specifies whether the system is in bypass mode. If the Steelhead appliance is in bypass mode, restart the Steelhead service. certs_expiring - Specifies whether the system has expiring SSL certificates. cf_ack_timeout - Specifies whether a connection cannot be established with a connection forwarding neighbor. This alarm is cleared the next time the system successfully connects to this neighbor. cf_conn_failure - Specifies whether a connection cannot be established with a connection forwarding neighbor. This alarm is cleared the next time the system successfully connects to this neighbor. cf_conn_lost_eos - Specifies whether a connection is closed by the connection forwarding neighbor. This alarm is cleared the next time the system successfully connects to this neighbor. cf_conn_lost_err - Specifies whether a connection has been lost with the connection forwarding neighbor due to an error. This alarm is cleared the next time the system successfully connects to this neighbor. cf_keepalive_timeout - Specifies whether the connection forwarding neighbor has not sent a keep-alive message within the time-out period to the neighbor Steelhead appliances, indicating that the connection has been lost. This alarm is cleared the next time the system successfully connects to this neighbor. cf_latency_exceeded - Specifies whether the amount of latency between connection forwarding neighbors has exceeded the specified threshold. This alarm is cleared when the connection latency drops below the threshold. cf_read_info_timeout - Specifies whether the connection times out waiting for an initialization message from connection forwarding neighbor. This alarm is cleared only when reading initialization information from this neighbor succeeds. cpu_util_indiv - Specifies whether the system has reached the CPU threshold for any of the CPUs in the system. If the system has reached the CPU threshold, check your settings. If your alarm thresholds are correct, reboot the Steelhead appliance.
124
Riverbed Command-Line Interface Reference Manual
stats alarm
Enable-Mode Commands
critical_temp - Specifies whether the CPU temperature has exceeded the critical threshold. The default value for the rising threshold temperature is 80 C; the default reset threshold temperature is 70 C. crl_error - Specifies whether the CRL verification on the server certificate fails. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs. To clear the alarm, execute the no stats alarm crl_error enable command. datastore_error - Specifies whether the data store is corrupt. Clear the data store to clear the alarm. datastore_sync_error - Specifies whether the system has detected a problem with the synchronized data. disk error. - Indicates the system has detected a problem with the specified disk or a Solid State Drive. domain_join_error - Specifies whether the system has encountered an error when attempting to join a domain. duplex - Whether the system has encountered a large number of packet errors in your network. Make sure the speed and duplex settings on your system match the settings on your switch and router. By default, this alarm is enabled. fan_error - Specifies whether the system has detected a fan error. fs_mnt - Specifies whether the system has detected a file system error in the software. halt_error - This alarm cannot be disabled. Specifies whether the system has detected a software error in the Steelhead service. The Steelhead service continues to function, but an error message appears in the logs that you should investigate. hardware_error - Specifies whether the system has detected a problem with the Steelhead appliance hardware. The alarm clears when you add the necessary hardware, remove the non-qualified hardware, or resolve other hardware issues. The following issues trigger the hardware error alarm: the Steelhead appliance does not have enough disk, memory, CPU cores, or NIC cards to support the current configuration; the system is using a memory Dual In-line Memory Module (DIMM), a hard disk, or a NIC that is not qualified by Riverbed; an RSP upgrade requires additional memory or a memory replacement; other hardware issues. ipmi - Specifies whether the system has detected IPMI SEL errors. license - Specifies whether the system has detected an expired license. linkstate - Specifies whether the system has detected a link that is down. The system notifies you through SNMP traps, email, and alarm status.By default, this alarm is not enabled. The no stats alarm linkstate enable command disables the link state alarm. memory_error - Specifies whether the system has detected a memory error. mismatch_peer. Specifies whether there is a mismatch between software versions in your network. If the system detects a software mismatch, resolve the mismatch by upgrading or reverting to a previous version of the software. nfs_v2_v4 - Specifies whether the system has triggered a v2 or v4 NFS alarm.
Riverbed Command-Line Interface Reference Manual
125
Enable-Mode Commands
stats alarm
non_443_ssl_servers_detected_on_upgrade - Indicates that during a RiOS upgrade (for example, from v5.5 to v6.0), the system has detected a pre-existing SSL server certificate configuration on a port other than the default SSL port 443. SSL traffic might not be optimized. To restore SSL optimization, you can either add a peering rule to the server-side Steelhead appliance to intercept the connection and optimize the SSL traffic on the non-default SSL server port or you can add an in-path rule to the client-side Steelhead appliance to intercept the connection and optimize the SSL traffic on the non-default SSL server port. After adding a peering or in-path rule, you must clear this alarm manually by issuing the following CLI command:
stats alarm non_443_ssl_servers_detected_on_upgrade clear
paging - Specifies whether the system has reached the memory paging threshold. If 100 pages are swapped approximately every two hours the Steelhead appliance is functioning properly. If thousands of pages are swapped every few minutes, then reboot the system. If rebooting does not solve the problem, contact Riverbed Support. pfs_config - Specifies whether there has been a PFS or prepopulation operation error. If the system detects an operation error, restart the Steelhead service and PFS. pfs_operation - Specifies whether a synchronization operation has failed. If the system detects an operation failure, attempt the operation again. power_supply - Indicates an inserted power supply cord does not have power, as opposed to a power supply slot with no power supply cord inserted. raid_error - Specifies whether the system has encountered RAID errors (for example, missing drives, pulled drives, drive failures, and drive rebuilds). For drive rebuilds, if a drive is removed and then reinserted, the alarm continues to be triggered until the rebuild is complete. Rebuilding a disk drive can take 4-6 hours. rps_general_alarm - The RSP alarm automatically triggers when the system has detected a problem with RSP. The following issues trigger the RSP alarm: if available memory for RSP is negative; if the installed RSP image is incompatible with the current release; if a watchdog activates for any slot that has a watchdog configured. This can indicate that an RSP package or a VM has failed and is blocking or bypassing traffic; if VMs are enabled but are not currently powered on. rsp_license_expired - Specifies whether an RSP license has expired. rsp_license_expiring - Specifies whether an RSP license is about to expire. secure_vault_unlocked - Specifies whether the secure vault is unlocked. When the vault is unlocked, SSL traffic is not optimized and you cannot encrypt a data store. serial_cascade_misconfig - Indicates the system has encountered an error in reaching a neighbor appliance configured for connection forwarding. service_error - Specifies whether the system has detected an error with the service. smb_alert - Specifies whether the system has detected an SMB signing error. ssd_wear_warning - Indicates that the specified disk is approaching its write cycle limit. (Appears only on Steelhead appliance models 7050L or 7050M).
126
Riverbed Command-Line Interface Reference Manual
stats clear-all
Enable-Mode Commands
ssl_hardware - Specifies whether the system has detected an SSL hardware error. ssl_peer_scep_auto_reenroll - Specifies whether the system has detected an SCEP error. The Steelhead appliance uses SCEP to dynamically re-enroll a peering certificate to be signed by a certificate authority. The alarm clears automatically when the next automatic re-enrollment succeeds. To clear the alarm, execute the protocol ssl peering auto- reenroll last-result clear-alarm command. sticky_staging_dir - Specifies whether the system has detected an error while trying to create a snapshot. Please contact Riverbed Support to correct the issue. store_corruption - This alarm cannot be disabled. Specifies whether the data store is corrupt. To clear the data store of data, restart the Steelhead service and clear the data store on the next restart. sw-version - Specifies whether there is a mismatch between software versions in your network. If the system detects a software mismatch, resolve the mismatch by upgrading or reverting to a previous version of the software. system_detail_report - Specifies whether the system has detected a problem with an optimization or system module. warning_temp - Specifies whether the CPU temperature has exceeded the warning threshold. The default value for the rising threshold temperature is 80 C; the default reset threshold temperature is 70 C. <options> Specify the following alarm options: clear - Clears all alarm settings. enable - Enables the alarm. rate-limit {count [long | medium | short] | [reset] | [window [long | medium | short]} - Sets the alarm event rate-limit values. rising - Sets the rising threshold. rising clear_threshold <amount> - Sets the threshold to clear the rising alarm. The default value for CPU temperature is 50 C. rising error_threshold <amount> - Sets threshold to trigger the rising alarm. The default value for the CPU temperature is 50 C. falling clear_threshold <amount> - Sets the threshold to clear the falling alarm. The default value for the CPU temperature is 0 C. falling error_threshold <amount> - Sets the threshold to trigger the falling alarm. The default value for the CPU temperature is 0 C. Usage Critical temperature settings cannot be changed. Warning temperature settings can be changed. The no command option disables all statistical alarms. The no stats alarm <type> enable command disables specific statistical alarms. Example Product Related Topics
amnesiac # stats alarm bypass enable
Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, CMC appliance show stats alarm
stats clear-all
Description Syntax Clears data for all samples, computed history data points (CHDs), and status for all alarms. stats clear-all
Riverbed Command-Line Interface Reference Manual
127
Enable-Mode Commands
stats convert
Parameters Example Product Related Topics
None
amnesiac # stats clear-all
Interceptor appliance, CMC appliance, Steelhead appliance, Steelhead Mobile Controller show stats alarm
stats convert
Description Syntax Parameters Converts statistical data from one storage format to another. stats convert <format> <format> Specify the storage format: 1 - Storage 1 version. 2 - Storage 2 version. Example Product Related Topics
amnesiac # stats convert 2
Interceptor appliance, CMC appliance, Steelhead appliance, Steelhead Mobile Controller show stats alarm
stats export
Description Syntax Exports statistics to a file. stats export <csv> <report name> <cr> | after <yyyy>/<mm>/<dd> <hh>:<mm>:<ss> <cr> | before <yyyy>/<mm>/<dd> <hh>:<mm>:<ss> <cr> | email <email address> | filename <filename> <cr>] csv Exports statistics in CSV (comma-separated value) format.
Parameters
128
Riverbed Command-Line Interface Reference Manual
stats export
Enable-Mode Commands
<report name>
Specify the report name: cpu_util - CPU utilization memory - Memory utilization paging - Paging I/O bw - Aggregate Bandwidth th_peak - Peak Throughput th_p95 - P95 Throughput pass - Aggregate Passthrough Traffic cpool - Aggregate Connection Pooling nfs - Aggregate NFS Report pfs - Aggregate PFS Report conn_history - Connection History dstore - Data Store Hit ssl - SSL statistics ssl_peak - SSL peak statistics http - HTTP statistics qos - QOS statistics top-conversations - Top Conversations Report top-senders - Top Senders Report top-receivers - Top Receivers Report top-applications - Top Applications Report
after <yyyy>/ <mm>/<dd> <hh>:<mm> :<ss> <cr> before <yyyy>/ <mm>/<dd> <hh>:<mm> :<ss> <cr> email <email address> filename <filename> Example Product Related Topics
Specify the date and time to include statistics collected after a specific time.
Specify the date and time to include statistics collected before a specific time.
Specify the address where the report should be emailed.
Specify filename for the new report.
amnesiac # stats export csv ssl email [email protected]
Interceptor appliance, CMC appliance, Steelhead appliance, Steelhead Mobile Controller show stats alarm
Riverbed Command-Line Interface Reference Manual
129
Enable-Mode Commands
tcpdump
tcpdump
Description Executes the tcpdump utility. You can quickly diagnose problems and take traces for Riverbed Support. The tcpdump command takes the standard Linux options. For detailed information, see the Linux man page. tcpdump [<options>] [<filter string>] <options> The tcpdump command takes the standard Linux options: -a Attempt to convert network and broadcast addresses to names. -c Exit after receiving count packets. -d Dump the compiled packet-matching code in a human readable form to standard output and stop. -dd Dump packet-matching code as a C program fragment. -ddd Dump packet-matching code as decimal numbers (preceded with a count). -e Print the link-level header on each dump line. -E Use secret algorithm for decrypting IPsec ESP packets. -f Print foreign internet addresses numerically rather than symbolically. -F Use file as input for the filter expression. An additional expression given on the command line is ignored. -i Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. -n Do not convert addresses, such as host addresses and port numbers to names. -N Do not print domain name qualification of hostnames. For example, if you specify this flag, then tcpdump will print nic instead of nic.ddn.mil. -m Load SMI MIB module definitions from file module. This option can be used several times to load several MIB modules into tcpdump. -q Quiet output. Print less protocol information so output lines are shorter. -r Read packets from created with the -w option. -S Print absolute, not relative, TCP sequence numbers. -v (Slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. -w Write the raw packets to a file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is -. -x Print each packet without its link level header in hexi-decimal format. The smaller of the entire packet or bytes will be printed. -X When printing hex, print ascii too. Thus if -x is also set, the packet is printed in hex/ascii. This option enables you to analyze new protocols. For detailed information, see the Linux man page.
Syntax Parameters
130
Riverbed Command-Line Interface Reference Manual
tcpdump
Enable-Mode Commands
Usage
Make sure you take separate tcpdumps for the LAN and WAN to submit to Riverbed Support. Make sure you take the tcpdump on the in-path interface. The most common options are: -n Do not resolve addresses via DNS -i <interface> capture on <interface> To take traces on lanX_Y and wanX_Y, not inpathX_Y: -e display layer 2 headers, MAC addresses, and VLAN tags -s <bytes> capture up to <bytes> bytes per packet The default is 96 bytes; not enough for deep packet inspection for Riverbed Support, instead use: -s 0 to capture full frames -w <file> store the trace in <file> (needed when taking traces for offline analysis) Common Packet Filters src host <ip> - source IP address is <ip> dst host <ip> - destination IP address is <ip> host <ip> - either source or destination is <ip> Same for src port, dst port, and port Can connect multiple filters together with logical operators: and, or, and not. Use parentheses to override operator precedence. For example:
tcpdump i lan0_0 not port 22 tcpdump i lan0_0 host 1.1.1.1 and port 2222 tcpdump i wan0_0 host 3.3.3.3 and (port 4444 or port 5555)
Suppose two Steelhead appliances are having a problem optimizing a connection:
Client Client Server Server IP SH IP SH = 10.10.10.10 IP = 10.10.10.20 = 11.11.11.11 IP = 11.11.11.21
Take traces on all LAN/WAN interfaces on both Steelhead appliances to diagnose:
C-SH# tcpdump n i lan0 host 10.10.10.10 and host 11.11.11.11 C-SH# tcpdump n i wan0_0 (host 10.10.10.10 and host 11.11.11.11) or (host 10.10.10.20 and host 11.11.11.21) S-SH# tcpdump n i lan0 host 10.10.10.10 and host 11.11.11.11 S-SH# tcpdump n i wan0_0 (host 10.10.10.10 and host 11.11.11.11) or (host 10.10.10.20 and host 11.11.11.21)
Keep the tcpdump running and establish a connection. If the problem is not obvious, use -w to capture to files, and examine in a tool like Wireshark. Sometimes you can capture very large traces of data and traffic you are interested in is a small subset of the entire trace. To work around this problem, run tcpdump through its own trace to cut down on the number of packets. Use the -r <file> option, to read from a file instead of capture on an interface
tcpdump n r my_trace.cap w my_filtered_trace.cap host 5.5.5.5 and port 2323
Example
amnesiac # tcpdump tcpdump: listening on primary 18:59:13.682568 amnesiac.domain.com.ssh > dhcp-22.domain.com.3277: P 3290808290:3290808342(52) ack 3412262693 win 5840 (DF) [dscp 0x10] 18:59:13.692513 amnesiac.domain.com.ssh > dhcp-22.domain.com.3277: P 0:52(52) ack 1 win 5840 (DF) [dscp 0x10] 18:59:13.702482 amnesiac.domain.com.ssh > dhcp-22.domain.com.3277: P 0:52(52) ack 1 win 5840 (DF) [dscp 0x10]
Riverbed Command-Line Interface Reference Manual
131
Enable-Mode Commands
tproxytrace
Product Related Topics
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Interceptor appliance RiOS TCP Dump Commands
tproxytrace
Description Syntax Parameters Describes the proxy path in real time. tproxytrace [options] [options] Specify tproxytrace options and the target IP address and port: -h - Print this help text -i - Use this interface to send probes on -d - Probe to this depth of proxies -s - Use this source IP address for probes -t - Milliseconds per depth to listen for probe responses -o - TCP option to use for probes Example
amnesiac # tsfe17 # tproxytrace 10.0.0.1:124 Probe from 10.11.34.17 (primary) to 10.0.0.1:124 depth 1 timed out
Product Related Topics
Steelhead appliance show connections
Displaying System Data
This section describes the show commands that require you to be in enable-mode. These commands are not available in user-mode because the output can include sensitive system administration data such as passwords. This type of data is not available to monitor users; it is only available to administrator users.
Note: All the show commands that are available in user-mode are available in enable-mode.
show aaa
Description Syntax Parameters Displays the authentication methods used for log in. show aaa None
132
Riverbed Command-Line Interface Reference Manual
show arp
Enable-Mode Commands
Example
amnesiac # show aaa AAA authorization: Default User: admin Map Order: remote-first Authentication fallback mode: always fallback Authentication method(s): for console login local Authentication method(s): for remote login local Per-command authorization method(s): local Per-command accounting method(s): local
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller AAA, Role-Based Management, Radius, and TACACS+ Commands
show arp
Description Syntax Parameters Example Displays the contents of the ARP cache. The ARP cache includes all statically-configured ARP entries as well as any that the system has picked up dynamically. show arp <cr> | static static Displays static ARP addresses.
amnesiac # show arp ARP cache contents IP 10.0.0.1 maps to MAC 00:07:E9:70:20:15 IP 10.0.0.2 maps to MAC 00:05:5D:36:CB:29 IP 10.0.100.22 maps to MAC 00:07:E9:55:10:09
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller clear arp-cache
show banner
Description Syntax Parameters Example Displays the banner settings. show banner None
amnesiac # show banner Banners: MOTD: Issue: Riverbed Interceptor Net Issue: Riverbed Interceptor
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller CLI Terminal Configuration Commands
Riverbed Command-Line Interface Reference Manual
133
Enable-Mode Commands
show cmc
show cmc
Description Syntax Parameters Example Displays CMC appliance settings. show cmc None
amnesiac # show cmc CMC auto-registration enabled: CMC auto-registration hostname: Managed by CMC: CMC hostname: Auto configuration status: Last message sent to cmc: Time that message was sent: yes riverbedcmc.nbttech.com yes tsfe7 (10.0.2.2) Inactive Auto-registration Thu Nov 13 12:02:25 2008
Product Related Topics
Steelhead appliance Central Management Console Feature Commands
show configuration
Description Syntax Parameters Displays the current and saved configuration settings that differ from the default settings. show configuration None
134
Riverbed Command-Line Interface Reference Manual
show configuration files
Enable-Mode Commands
Example
amnesiac # show configuration ## ## Network interface configuration ## no interface aux dhcp interface aux duplex "auto" no interface aux shutdown interface aux speed "auto" interface primary ip address 10.0.0.3 /16 ## ## Routing configuration ## ip default-gateway "10.0.0.1" ## ## Other IP configuration ## hostname "amnesiac" ip domain-list domain.com ip domain-list domain.com ip name-server 10.0.0.2 ## ## Logging configuration ## logging local "info" ## ## Process Manager configuration ## pm process mgmtd launch timeout "4000" pm process sport shutdown order "0" pm process statsd shutdown order "0" ## ## Network management configuration ## ## Miscellaneous other settings (this is a partial list of settings)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Configuration File Commands
show configuration files
Description Syntax Parameters Displays the list of active and backup configuration files or the contents of a specified file. show configuration files [<filename>] <filename> Specify a specified configuration file. The default filenames are: initial initial.bak cold working (active) working.bak
Riverbed Command-Line Interface Reference Manual
135
Enable-Mode Commands
show configuration flash
Example
amnesiac # show configuration files initial ## ## Network interface configuration ## no interface aux dhcp interface aux duplex "auto" interface aux ip address 10.0.62.75 /16 interface aux mtu "1500" no interface aux shutdown interface aux speed "auto" interface aux txqueuelen "100" no interface primary dhcp ## ## Routing configuration ## ip default-gateway "10.0.0.1" ## ## Logging configuration ## logging 10.1.10.200 logging 10.1.10.200 trap "info" <<this is a partial display>>
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Configuration File Commands
show configuration flash
Description Syntax Parameters Example Displays the flash-enabled RiOS images stored on flash memory. show configuration flash <cr>|text text Display the contents of the flash disk text configuration file.
amnesiac # show configuration flash % No backup configuration found on flash disk amnesiac # show configuration flash text % No text configuration stored on flash disk
Product Related Topics
Interceptor appliance, Steelhead appliance with flash memory. Configuration File Commands
show configuration running
Description Syntax Parameters Displays running configuration settings that are different from the defaults. show configuration | running [full] running full Displays system CLI commands to recreate current running configuration. Displays all system CLI commands and does not exclude commands that set default values.
136
Riverbed Command-Line Interface Reference Manual
show files debug-dump
Enable-Mode Commands
Example
amnesiac # show configuration running ## ## Network interface configuration ## no interface aux dhcp interface aux duplex "auto" interface aux ip address 10.0.62.75 /16 interface aux mtu "1500" no interface aux shutdown interface aux speed "auto" interface aux txqueuelen "100" no interface inpath0_0 dhcp interface inpath0_0 duplex "auto" interface inpath0_0 ip address 10.11.62.75 /16 interface inpath0_0 mtu "1500" no interface inpath0_0 shutdown interface inpath0_0 speed "auto" interface inpath0_0 txqueuelen "100" no interface lan0_0 dhcp interface lan0_0 duplex "auto" interface lan0_0 mtu "0" no interface lan0_0 shutdown interface lan0_0 speed "auto" interface lan0_0 txqueuelen "100" lines 1-23 ##(displays running configuration; this is a partial list of settings.)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Configuration File Commands
show files debug-dump
Description Syntax Parameters Example Displays a list of debug dump files. show files debug-dump None
amnesiac # show files debug-dump sysinfo-sysdump-amnesiac-20050725-183016.txt sysdump-amnesiac-20050606-140826.tgz
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Debugging Commands
show files process-dump
Description Syntax Parameters Example Displays a list of crash dump files. show files process-dump None
amnesiac # show files process-dump
Riverbed Command-Line Interface Reference Manual
137
Enable-Mode Commands
show files sa
Product Related Topics
CMC appliance, Steelhead appliance, Steelhead Mobile Controller Debugging Commands
show files sa
Description Syntax Parameters
Displays Steelhead appliance log files.
show files sa <cr> | <filename> <cr> <filename> To display a list of log files, press Enter after the command. To display the contents of the log file, specify the filename and press Enter.
Example
amnesiac # show files sa 2006.05.16.23.53.sar 2006.05.17.23.53.sar 2006.05.18.23.53.sar 2006.05.19.23.53.sar 2006.05.20.23.53.sar 2006.05.21.23.53.sar
Product Related Topics
Steelhead appliance file sa generate
show files stats
Description Syntax Parameters Usage Example Product Related Topics Displays performance statistics files. show files stats None You export performance statistics to files using the stats export command.
amnesiac # show files stats
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show stats alarm
show files tcpdump
Description Syntax Parameters Displays files saved by the tcpdump utility. show files tcpdump None
138
Riverbed Command-Line Interface Reference Manual
show hardware all
Enable-Mode Commands
Example
amnesiac # show files tcpdump unopt.cap big-noopt.cap big-opt.cap big.tgz big-opt2.cap
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller RiOS TCP Dump Commands
show hardware all
Description Syntax Parameters Example Displays hardware information such as the current slot configuration. show hardware all None
amnesiac # show hardware all Hardware Revision: B Mainboard: Series 3000/5000 motherboard, ................. CMP-00072 Slot 0: 4 Port Copper GigE Network Bypass Card, ....... CMP-00074 Slot 1: (Empty) Slot 2: (Empty) Slot 3: (Empty) Slot 4: 6 Port SATA RAID I/O Card, .................... CMP-00014 Slot 5: (Empty)
Product Related Topics
CMC appliance, Steelhead appliance, Steelhead Mobile Controller hardware upgrade model
show hardware licensing info
Description Syntax Parameters Example Displays hardware licensing information. show hardware licensing info None
amnesiac # show hardware licensing info Hardware Revision: B Mainboard: Series 3000/5000 motherboard, ................. CMP-00072 Slot 0: 4 Port Copper GigE Network Bypass Card, ....... CMP-00074 Slot 1: (Empty) Slot 2: (Empty) Slot 3: (Empty) Slot 4: 6 Port SATA RAID I/O Card, .................... CMP-00014 Slot 5: (Empty)
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller hardware upgrade model
Riverbed Command-Line Interface Reference Manual
139
Enable-Mode Commands
show interfaces
show interfaces
Description Syntax Parameters Displays the running state settings and statistics. show interfaces [<intname>] | [brief | configured] <intname> brief configured Usage Example Specify the interface name. For example, aux, lan0_0, wan0_0, primary, in-path0_0, lo. Displays the running state settings without statistics. Displays configured settings for the interface.
The set of settings and statistics displayed varies when using DHCP.
amnesiac # show interfaces configured Interface aux configuration Enabled: yes DHCP: no Speed: auto Duplex: auto IP address: 10.0.190.139 Netmask: 255.255.0.0 MTU: 1500 Interface inpath0_0 configuration Enabled: yes DHCP: no IP address: 10.11.192.139 Netmask: 255.255.0.0 MTU: 1500 Failure mode: Bypass <<fail-to-block or fail-to-bypass>> <<this is a partial example>>
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller interface
show in-path mgmt-interface
Description Syntax Parameters Example Displays the configured management in-path (MIP) interface. show in-path mgmt-interface None
amnesiac # show in-path mgmt-interface In-path interface: inpath0_0 Enabled: true IP address: 90.90.90.1 Mask Length: 24 VLAN: 0
Product Related Topics
Steelhead appliance Management In-Path Interface Commands
140
Riverbed Command-Line Interface Reference Manual
show ip default-gateway
Enable-Mode Commands
show ip default-gateway
Description Syntax Parameters Example Product Related Topics Displays the IP default gateway. show ip default gateway <cr> | static static Displays the static default gateway.
amnesiac # show ip default-gateway static Configured default gateway: 10.0.0.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller ip in-path-gateway
show ipv6
Description Syntax Parameters Usage Displays current IPv6 status and IPv6 status to be applied after next boot. show ipv6 None Displays status for both the currently enabled configuration and the configuration that will be applied when the Steelhead appliance is rebooted. IPv6 Currently Enabled IPv6 Enabled Next Boot Example Is IPv6 enabled and has the Steelhead appliance rebooted after enabling IPv6? Will IPv6 support be effective after the Steelhead appliance is rebooted?
amnesiac # show ipv6 IPv6 Currently Enabled: no IPv6 Enabled Next Boot: no
Product Related Topics
Steelhead appliance ipv6 enable
show ipv6 default-gateway
Description Syntax Parameters Example Product Related Topics Displays the IPv6 default gateway. show ipv6 default gateway <cr> | static static Displays the static default gateway.
amnesiac # show ip default-gateway static Configured default gateway: 2001:38dc:52::e9a4:c5:6282/64
Steelhead appliance ipv6 default-gateway
Riverbed Command-Line Interface Reference Manual
141
Enable-Mode Commands
show ipv6 route
show ipv6 route
Description Syntax Parameters Example Displays active IPv6 routes, both dynamic and static. show ipv6 route <cr> | static static Displays the static default gateway.
Gateway :: :: :: :: :: :: :: Interface lo primary lo aux primary lo lo
amnesiac # show ipv6 route Destination Network ::1/128 2000::/64 2001::20e:b6ff:fe01:58f1/128 2001::/60 2001::/60 fe80::200:ff:fe00:0/128 fe80::200:ff:fe00:0/128 [partial example]
Product Related Topics
Steelhead appliance ipv6 route
show ip route
Description Syntax Parameters Example Displays active routes, both dynamic and static. show ip route <cr> | static static Displays configured static routes.
Gateway 10.0.0.4
amnesiac # show ip route static Destination Mask default 0.0.0.0
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller ip route
show job
Description Syntax Parameters Example Displays the status of a scheduled job. show job <job-id> <job-id> Specify the job identification number.
amnesiac # show job 10 job {job_id}: 10 Status: pending Name: myjob Comment: this is a text Absolute range: Commands: show info. show connections. show version.
142
Riverbed Command-Line Interface Reference Manual
show jobs
Enable-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Job Commands
show jobs
Description Syntax Parameters Example Product Related Topics Displays a list of all jobs. show jobs None
amnesiac # show jobs % No jobs configured.
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Job Commands
show licenses
Description Syntax Parameters Example Displays installed (active) licenses. show licenses None
amnesiac # show licenses XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX Feature: SH10BASE Valid: yes Active: yes Start date: End date: XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX Feature: SH10CIFS Valid: yes Active: yes Start date: End date: XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX Feature: SH10EXCH Valid: yes Active: yes Start date: End date:
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller License and Hardware Upgrade Commands
Riverbed Command-Line Interface Reference Manual
143
Enable-Mode Commands
show log
show log
Description Syntax Parameters Displays the system logs. show log [continuous | files <log number> | reverse | matching] continuous files <log number> reverse matching Example Displays the log continuously, similar to the Linux tail -f command. Displays a list of log files or a specific log file. Displays the log information, in reverse order, with the latest entry at the top. Displays a list of matching log files.
amnesiac # show log May 22 20:00:00 localhost /usr/sbin/crond[784]: (root) CMD (/usr/sbin/logrotate / etc/logrotate.conf) May 22 20:00:00 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:02:31 localhost cli[555]: [cli.INFO]: user admin: Executing command: show ip route May 22 20:02:38 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) Dec 22 20:03:16 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:04:00 localhost cli[555]: [cli.INFO]: user admin: Executing command: show ip route static May 22 20:05:02 localhost cli[555]: [cli.INFO]: user admin: Executing command: show licenses Dec 22 20:05:09 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:06:44 localhost cli[555]: [cli.INFO]: user admin: Executing command: show limit bandwidth May 22 20:06:49 localhost cli[555]: [cli.INFO]: user admin: CLI got signal 2 (SIGINT) May 22 20:07:12 localhost cli[555]: [cli.INFO]: user admin: Executing command: show log
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Logging Commands
show port-label
Description Syntax Displays a list of port label configurations or a list of ports that belong to the label. show port-label <cr> | <port label>
144
Riverbed Command-Line Interface Reference Manual
show radius
Enable-Mode Commands
Parameters
<port label>
Specify one of the following default port label names or a port label name: Secure - Displays the list of ports that belong to the system label for secure ports. The Steelhead appliance automatically passes through traffic on commonly secure ports (for example, ssh, https, and smtps). For a list of secure ports, see Appendix A, Riverbed Ports. If you do not want to pass through secure ports, you must delete the default secure in-path rule. For detailed information, see in-path rule fixed-target on page 244. Interactive - Displays ports that belong to the system label for interactive ports. The Steelhead appliance automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell). RBT-Proto - Displays the list of ports that belong to the label for system processes: 7744 (data store synchronization), 7800-7801 (in-path), 7810 (out-ofpath), 7820 (failover), 7850 (connection forwarding), 7860 (Interceptor appliance), 7870 (Steelhead Mobile Controller).
Example
amnesiac # show port-label Port Label: Interactive Port Label: Secure amnesiac # show port-label Interactive Port Label: Interactive 7, 23, 37, 107, 179, 513-514, 1494, 1718-1720, 2000-2003, 2427, 2598, 2727, 3389 , 5060, 5631, 5900-5903, 6000
Product Related Topics
Interceptor appliance, Steelhead appliance Port Label Commands
show radius
Description Syntax Parameters Example Product Related Topics Displays RADIUS configuration settings. show radius None
amnesiac # show radius No radius settings.
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller AAA, Role-Based Management, Radius, and TACACS+ Commands
show remote ip
Description Syntax Parameters Example Displays the current IP network settings for the remote management port. show remote ip None
amnesiac # show remote ip
Riverbed Command-Line Interface Reference Manual
145
Enable-Mode Commands
show running-config
Product Related Topics
CMC appliance, Steelhead appliance, Steelhead Mobile Controller Remote Management Port Commands
show running-config
Description Syntax Parameters Example Product Related Topics Displays the running configuration settings that differ from the defaults. show running-config [full] full Displays all settings, including those set to the default value.
amnesiac # show running-config (displays running configuration)
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Configuration File Commands
show tacacs
Description Syntax Parameters Example Product Related Topics Displays TACACS+ settings. show tacacs None
amnesiac # show tacacs No tacacs settings.
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Interceptor appliance AAA, Role-Based Management, Radius, and TACACS+ Commands
show telnet-server
Description Syntax Parameters Example Displays Telnet server settings. show telnet-server None
amnesiac # show telnet-server TCP reordering enabled: no TCP reordering threshold: 3
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller telnet-server enable
146
Riverbed Command-Line Interface Reference Manual
show userlog
Enable-Mode Commands
show userlog
Description Syntax Parameters Displays current user log file in a scrollable pager. show userlog <cr> [continuous | files <file number>] continuous files <file number> Example Displays new user log messages as they occur. Displays archived user log files.
amnesiac # show userlog Oct 17 15:38:54 amnesiac-sh75 cli[26992]: [cli.NOTICE]: user admin: CLI launched Oct 17 15:39:00 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command: enable Oct 17 17:18:03 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command: show raid diagram Oct 17 17:18:13 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command: show version Oct 17 18:00:00 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command m atching: show rsp slots Oct 17 18:00:36 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command m atching: show rsp dataflow RiO Oct 17 18:00:46 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command m atching: show rsp dataflow RiOS Oct 17 18:00:57 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command m atching: show rsp dataflow inpath0_0 Oct 17 18:01:10 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command m atching: show rsp images Oct 17 18:08:22 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command: show service Oct 17 18:11:18 amnesiac-sh75 cli[26992]: [cli.INFO]: user admin: Executing command: show smb signing delegation domains <<this is partial display>>
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller Logging Commands
show usernames
Description Syntax Parameters Displays current user log file in a scrollable pager. show usernames None
Riverbed Command-Line Interface Reference Manual
147
Enable-Mode Commands
show web ssl cipher
Example
amnesiac # show usernames User Status Active Capability --------------------------------------------------------------admin@ enabled y admin monitor enabled n monitor --------------------------------------------------------------@ = current user
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller AAA, Role-Based Management, Radius, and TACACS+ Commands
show web ssl cipher
Description Syntax Parameters Example Product Related Topics Displays current Apache SSL cipher string. show web ssl cipher None
amnesiac # show web ssl cipher Apache SSL cipher string:
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show web ssl cert
148
Riverbed Command-Line Interface Reference Manual
CHAPTER 4
Configuration-Mode Commands
This chapter is a reference for configuration-mode commands. It includes the following sections: System Administration Commands on page 150 Steelhead Appliance Feature Configuration Commands on page 230 Interceptor Appliance Feature Commands on page 501 Central Management Console Feature Commands on page 518 Steelhead Mobile Controller Feature Commands on page 530 Cloud Steelhead Feature Commands on page 544 You can perform configuration tasks while in configuration-mode. Only administrator users can perform configuration-mode and enable-mode commands. All commands available in user-mode and enable-mode are also available in configuration-mode. Monitor users cannot perform configuration tasks. To enter configuration-mode 1. Connect to the CLI and enter the following commands:
login as: admin Riverbed Steelhead Last login: Wed Jan 20 13:02:09 2010 from 10.0.1.1 amnesiac > enable amnesiac # configure terminal amnesiac (config) #
You are now in configuration-mode. To exit configuration-mode, enter exit. For information about the exit command, see exit on page 16. Although most of the Steelhead appliance configuration commands are also available in the Interceptor appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead, and Whitewater, Riverbed strongly recommends that you do not use the CLI to perform configuration tasks on these products. Riverbed recommends that you use these products respective Management Consoles to perform configuration, system administration, and system reporting and monitoring tasks. For an alphabetical list of commands, see the Index at the end of this book.
Riverbed Command-Line Interface Reference Manual
149
Configuration-Mode Commands
System Administration Commands
System Administration Commands
This section describes commands you use to perform system administration tasks. Many system administration commands are common to the CMC appliance, the Interceptor appliance, and the Steelhead appliance. System Administrator Commands includes the following sections: Displaying Role-Based Management Configuration Settings on page 150 AAA, Role-Based Management, Radius, and TACACS+ Commands on page 151 Secure Shell Access Commands on page 167 CLI Terminal Configuration Commands on page 170 Web Configuration Commands on page 172 Configuration File Commands on page 178 Port Label Commands on page 188 Statistics Manipulation Commands on page 189 Notification Commands on page 190 Data Store Configuration Commands on page 193 Data Store Replication and Protection Commands on page 199 SNMP Commands on page 203 Logging Commands on page 212 License and Hardware Upgrade Commands on page 217 System Administration and Service Commands on page 219 Host Setup Commands on page 222
Displaying Role-Based Management Configuration Settings
This section describes the commands to display role-based management settings. The following commands are only available in configuration-mode. You must have administrator permissions and you must be in configuration mode to display these system settings.
show rbm user
Description Syntax Parameters Example Product Related Topics Displays user configuration. show rbm user <username> <username> Specify the user name.
amnesiac (config) # show rbm user admin
Steelhead appliance, Interceptor appliance, CMC appliance AAA, Role-Based Management, Radius, and TACACS+ Commands
150
Riverbed Command-Line Interface Reference Manual
show rbm users
Configuration-Mode Commands
show rbm users
Description Syntax Parameters Example Product Related Topics Displays user configuration for all users. show rbm users None
amnesiac (config) # show rbm users
Steelhead appliance, Interceptor appliance, CMC appliance AAA, Role-Based Management, Radius, and TACACS+ Commands
AAA, Role-Based Management, Radius, and TACACS+ Commands
This section describes the AAA, role-based management, Radius, and TACACS+ commands. The Steelhead appliance supports authentication and authorization.
aaa accounting per-command default
Description Syntax Parameters Usage Configures per-command account settings. [no] aaa accounting per-command default <method> <method> Specify the authentication method: tacacs+ or local. Use a space-separated list.
The Steelhead appliance performs accounting based on the order in which you specify the methods. The no command option clears all accounting states and returns the per-command accounting to the local method (local logs).
Example Product Related Topics
amnesiac (config) # aaa accounting per-command default tacacs+ local
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
aaa authentication cond-fallback
Description Syntax Parameters Usage Configures fall-back only if the server is unavailable. [no] aaa authentication cond-fallback None If enabled, the Steelhead appliance tries the next authentication method only if the servers for the current authentication method are unavailable. The no command option disables fall-back mode. Example
amnesiac (config) # aaa authentication cond-fallback
Riverbed Command-Line Interface Reference Manual
151
Configuration-Mode Commands
aaa authentication console-login default
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
aaa authentication console-login default
Description Syntax Parameters Usage Configures local, RADIUS, or TACACS+ console settings for log in. aaa authentication console-login default <method> <method> Specify the authentication method: radius, tacacs+, or local. Use a spaceseparated list.
The Steelhead appliance performs authentication based on the order in which you specify the methods. The no command option clears all authentication states and returns user authentication to the local user name database.
Example Product Related Topics
amnesiac (config) # aaa authentication console-login default radius tacacs+ local
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
aaa authentication login default
Description Syntax Parameters Usage Configures local, RADIUS, or TACACS+ login settings. [no] aaa authentication login default <method> <method> Specify the authentication method: radius, tacacs+, or local. Use a spaceseparated list.
The Steelhead appliance performs authentication based on the order in which you specify the methods. The no command option clears all authentication states and returns user authentication to the local user name database.
Example Product Related Topics
amnesiac (config) # aaa authentication login default radius tacacs+
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
152
Riverbed Command-Line Interface Reference Manual
aaa authorization map default-user
Configuration-Mode Commands
aaa authorization map default-user
Description Configures what local user the authenticated user will be logged in as when they are authenticated (through RADIUS or TACACS+) and when they do not have a local user mapping specified in the remote database. [no] aaa authorization map default-user <user_name> <user_name> Specify the user name for RADIUS or TACACS+ authentication: admin or monitor.
Syntax Parameters Usage
For the local authentication method, this setting is ignored. This mapping depends on the setting of the aaa authorization map order command. The no command option disables user default mapping.
Example Product Related Topics
amnesiac (config) # aaa authorization map default-user admin
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
aaa authorization map order
Description Syntax Parameters Usage Sets the order for remote-to-local user mappings for RADIUS or TACACS+ server authentication. [no] aaa authorization map order <policy> <policy> Specify the order in which to apply the authentication policy: remote-only, remote-first, or local-only.
The order determines how the remote user mapping behaves. If the authenticated user name is valid locally, the Steelhead appliance does not perform any mapping. The setting has the following behaviors: remote-first - If a local-user mapping attribute is returned and it is a valid local user name, map the authenticated user to the local user specified in the attribute. If the attribute is not present or not valid locally, use the user name specified by the default-user command. (This is the default behavior.) remote-only - Map only to a remote authenticated user if the authentication server sends a local-user mapping attribute. If the attribute does not specify a valid local user, no further mapping is attempted. local-only - All remote users are mapped to the user specified by the aaa authorization map default-user <user name> command. Any vendor attributes received by an authentication server are ignored. To set TACACS+ authorization levels (admin and read-only) to allow certain members of a group to log in, add the following attribute to users on the TACACS+ server:
service = rbt-exec { local-user-name = "monitor" }
where you replace monitor with admin for write access. To turn off general authentication in the Interceptor appliance, enter the following command at the system prompt:
aaa authorization map order remote-only
The no command option disables authentication. Example
amnesiac (config) # aaa authorization map order remote-only
Riverbed Command-Line Interface Reference Manual
153
Configuration-Mode Commands
aaa authorization per-command default
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
aaa authorization per-command default
Description Syntax Parameters Usage Configures authorization mapping settings. [no] aaa authorization per-command default <method> <method> Specify the authentication method: tacacs+ or local. Use a space-separated list.
The order in which the methods are specified is the order in which the authorization is attempted. The no command option clears all authorization states and returns the user authorization to the local user name database.
Example Product Related Topics
amnesiac (config) # aaa authorization per-command default tacacs+ local
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius, show tacacs
radius-server host
Description Syntax Parameters Adds a RADIUS server to the set of servers used for authentication. [no] radius-server host {<ip-addr> | auth-port <port> | timeout <seconds> | retransmit <retries> | key <string>} <ip-addr> auth-port <port> timeout <seconds> retransmit <retries> Specify the RADIUS server IP address. Specify the authentication port number to use with this RADIUS server. The default value is 1812. Specify the time-out period to use with this RADIUS server. Specify the number of times the client attempts to authenticate with any RADIUS server. The default value is 1. The range is 0-5. To disable retransmissions, set it to 0. Specify the shared secret text string used to communicate with this RADIUS server. 0 - Specify a shared secret to use with this RADIUS server. 7 - Specify a RADIUS key with an encrypted string.
key <string>
154
Riverbed Command-Line Interface Reference Manual
radius-server key
Configuration-Mode Commands
Usage
RADIUS servers are tried in the order they are configured. The same IP address can be used in more than one radius-server host command if the auth-port value is different for each. The auth-port value is a UDP port number. The auth-port value must be specified immediately after the host <ip-addr> option (if present). Some parameters override the RADIUS server global defaults. For detailed information, see the Riverbed Deployment Guide. The no command option stops sending RADIUS authentication requests to the host. If no radius-server host <ip-addr> is specified, all radius configurations for the host are deleted. The no radius-server host <ip-addr> auth-port <port> command can be specified to refine which host is deleted, as the previous command deletes all RADIUS servers with the specified IP address.
Example Product Related Topics
amnesiac (config) # radius-server host 10.0.0.1 timeout 10 key XXXX retransmit 3
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius
radius-server key
Description Syntax Parameters Usage Sets the shared secret text string used to communicate with a RADIUS server. [no] radius-server key <string> <string> Sets the shared secret text string used to communicate with a RADIUS server.
This command can be overridden using the radius-server host command. The no command option resets the key to the default value.
Example Product Related Topics
amnesiac (config) # radius-server key XYZ
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius
radius-server retransmit
Description Syntax Parameters Usage Specify the number of times the client attempts to authenticate with a RADIUS server. [no] radius-server retransmit <retries> <retries> Specify the number of times the client attempts to authenticate with a RADIUS server. The range is 0-5. The default value is 1.
This command can be overridden in a radius-server host command. The no command option resets the value to the default value.
Example
amnesiac (config) # radius-server retransmit 5
Riverbed Command-Line Interface Reference Manual
155
Configuration-Mode Commands
radius-server timeout
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius
radius-server timeout
Description Syntax Parameters Usage Sets the time-out period, in seconds, for retransmitting a request to a RADIUS server. [no] radius-server timeout <seconds> <seconds> Sets the time-out for retransmitting a request to a RADIUS server. The range is 160. The default value is 3.
This command can be overridden in a radius-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # radius-server timeout 30
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show radius
rbm role
Description Syntax Creates an RBM (role-based management) role. [no] rbm role <role> primitive <primitive>
156
Riverbed Command-Line Interface Reference Manual
rbm role
Configuration-Mode Commands
Parameters
<role>
Specify a role-based management type acceleration_service - Start and stop the optimization service. basic_diagnostics - Customizes system diagnostic logs, but does not include TCP dumps. cifs_acceleration - Enable CIFS optimization settings and Overlapping Open Optimization. citrix_acceleration - Configures Citrix ICA optimization. diagnostics - Customize system diagnostic logs, including system and user log settings. general_settings - Per source IP connection limit and the maximum connection pooling size. http_acceleration - HTTP optimization settings including: cache settings, keepalive, insert cookie, file extensions to prefetch, and ability to set up HTTP optimization for a specific server subnet. in-path_rules - Configure which TCP traffic to optimize and how to optimize traffic by setting in-path rules. Includes WAN visibility to preserve TCP/IP address or port information. jinitiator_acceleration - Optimize Oracle E-business application content and forms applications. mapi_acceleration - Optimize MAPI, set Exchange and NSPI ports. network_settings - Configure host and network interface settings, including DNS cache settings. nfs_acceleration - Configure NFS optimization. notes_acceleration - Configures Lotus Notes optimization. proxy_file_service - Enable the Proxy File Service. qos - Enforce QoS policies. replication_acceleration - Configures the SDRF/A and FCIP storage optimization modules. reports - Set system report parameters. riverbed_services_platform - Add various types of functionality into a virtualized environment on the client Steelhead appliance. The functionality can include a print server, a streaming video server and a package that provides core networking services (DNS, DHCP, TFTP and Radius mirroring). security_settings - Configure security settings, including RADIUS and TACACS authentication settings and secure vault password. sql_acceleration - Configure MS-SQL optimization. ssl_acceleration - Configure SSL support.
primitive <primitive> Usage
For a complete list of options, see the CLI help.
Roles are made up of Steelhead appliance feature sets. You can assign particular users to particular roles. For example, you could assign Judy read and write permissions on the role qos. Thus, Judy will only be able to make configuration changes for QoS settings. The no command option disables the role.
Example Product Related Topics
amnesiac (config) # rbm role qos /role_primitive/system_control/hardware
Steelhead appliance, CMC appliance, Interceptor appliance, Cloud Steelhead show rbm user
Riverbed Command-Line Interface Reference Manual
157
Configuration-Mode Commands
rbm user
rbm user
Description Syntax Parameters Assigns a a role (that is, a feature set) to a user. A user can be associated with one or more roles. [no] rbm user <username> role <role> permissions <permissions> <username> role <role> permissions <permissions> Specify the user name. Specify the role (that is, feature set) to be associated with the user. For detailed information about the feature sets that make up roles, see rbm role on page 156. You can also create users, assign passwords to the user, and assign varying configuration roles to the user. A user role determines whether the user has permission to: read-only - With read privileges you can view current configuration settings but you cannot change them. write-only - With write privileges you can view settings and make configuration changes for a feature. deny-only - With deny privileges you cannot view settings or make configuration changes for a feature. Usage Example Product Related Topics The no command option allows for the deletion of a role.
amnesiac (config) # rbm user role qos permissions read-only
Steelhead appliance, CMC appliance, Interceptor appliance, Cloud Steelhead show rbm user
tacacs-server first-hit
Description Syntax Parameters Usage Enables a first-hit option for TACACS+ servers. [no] tacacs-server first-hit <ip-addr> <ip-addr> Specify the TACACS+ server IP address.
TACACS+ servers are tried in the order they are configured. If this option is enabled, only the first server in the list of TACACS+ servers is queried for authentication and authorization purposes. The no command option disables TACACS+ first-hit option.
Example Product Related Topics
amnesiac (config) # tacacs-server first-hit 10.0.0.1
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show tacacs
tacacs-server host
Description Syntax Adds a TACACS+ server to the set of servers used for authentication. [no] tacacs-server host {<ip-addr> <cr>| auth-port <port> | auth-type <type> | timeout <seconds> | retransmit <retries> | [key <string> | key o | key 7]}
158
Riverbed Command-Line Interface Reference Manual
tacacs-server key
Configuration-Mode Commands
Parameters
<ip-addr> auth-port <port> auth-type <type> timeout <seconds> retransmit <number>
Specify the TACACS+ server IP address. Specify the authorization port number. The default value is 49. Specify the authorization type to use with this TACACS+ server: ascii, pap. Sets the time-out for retransmitting a request to any TACACS+ server. The range is 1-60. The default value is 3. Specify the number of times the client attempts to authenticate with any TACACS+ server. The default value is 1. The range is 0-5. To disable retransmissions set it to 0. Specify the shared secret text string used to communicate with this TACACS+ server. 0 - Specify a shared secret to use with this RADIUS server. 7 - Specify a TACACS+ key with an encrypted string.
key <keynumber> | key 0 | key 7
Usage
TACACS+ servers are tried in the order they are configured. The same IP address can be used in more than one tacacs-server host command if the auth-port value is different for each. The auth-port value is a UDP port number. The auth-port value must be specified immediately after the hostname option (if present). Some of the parameters given can override the configured global defaults for all TACACS+ servers. For detailed information, see the Riverbed Deployment Guide. If no tacacs-server host <ip-addr> is specified, all TACACS+ configurations for this host are deleted. The no tacacs-server host <ip-addr> auth-port <port> command can be specified to refine which host is deleted, as the previous command deletes all TACACS+ servers with the specified IP address. The no command option disables TACACS+ support.
Example Product Related Topics
amnesiac (config) # tacacs-server host 10.0.0.1
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show tacacs
tacacs-server key
Description Syntax Parameters Usage Example Product Related Topics Sets the shared secret text string used to communicate with any TACACS+ server. [no] tacacs-server key <string> <string> Sets the shared secret text string used to communicate with any TACACS+ server.
The tacacs-server key command can be overridden using the tacacs-server host command. The no command option resets the value to the default value.
amnesiac (config) # tacacs-server key XYZ
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show tacacs
Riverbed Command-Line Interface Reference Manual
159
Configuration-Mode Commands
tacacs-server retransmit
tacacs-server retransmit
Description Syntax Parameters Configures the number of times the client attempts to authenticate with any TACACS+ server. [no] tacacs-server retransmit <retries> <retries> Specify the number of times the client attempts to authenticate with any TACACS+ server. The range is 0-5. The default value is 1. To disable retransmissions set it to 0.
Usage
The tacacs-server retransmit command can be overridden in a tacacs-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # tacacs-server retransmit 5
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show tacacs
tacacs-server timeout
Description Syntax Parameters Usage Sets the time-out period for retransmitting a request to any TACACS+ server. [no] tacacs-server timeout <seconds> <seconds> Sets the time-out for retransmitting a request to any TACACS+ server. The range is 1-60. The default value is 3.
This command can be overridden with the tacacs-server host command. The no command option resets the value to the default value.
Example Product Related Topics
amnesiac (config) # tacacs-server timeout 30
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show aaa, show tacacs
username disable
Description Syntax Parameters Usage Example Product Related Topics Disables the account so that no one can log in. [no] username <userid> disable <userid> Specify the user login: admin or monitor.
The no command option re-enables the specified user account.
amnesiac (config) # username monitor disable
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show usernames
160
Riverbed Command-Line Interface Reference Manual
username nopassword
Configuration-Mode Commands
username nopassword
Description Syntax Parameters Example Product Related Topics Disables password protection for a user. username <userid> nopassword <userid> Specify the user login: admin or monitor.
amnesiac (config) # username monitor nopassword
CMC appliance, Interceptor appliance, Steelhead appliance show usernames
username password
Description Syntax Parameters Sets the password for the specified user. username <userid> password <cleartext> <userid> <cleartext> Usage Example Product Related Topics Specify the user login: admin or monitor. Specify the password. The password must be at least 6 characters.
The password is returned in cleartext format on the command line.
amnesiac (config) # username admin password xyzzzZ
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller show usernames
username password 0
Description Syntax Parameters Sets the password for the specified user. username <userid> password 0 <cleartext password> <userid> <cleartext password> Usage Example Product Related Topics Specify the user login: admin or monitor. Specify the password. The password must be at least 6 characters.
The password is returned in cleartext format on the command line.
amnesiac (config) # username admin password 0 xyzzzZ
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller show usernames
Riverbed Command-Line Interface Reference Manual
161
Configuration-Mode Commands
username password 7
username password 7
Description Syntax Parameters Sets the password for the specified user using the encrypted format of the password. Use this command if it become necessary to restore your appliance configuration, including the password. username <userid> password 7 <encrypted password> <userid> <encrypted password> Usage Specify the user login: admin or monitor. Specify the encrypted password. The password must be at least 6 characters.
Use this command to restore your password using an encrypted version of the password. You can display the encrypted version of the password using the show running configuration command. For example, executing username monitor password awesomepass results in the following line being added to the running configuration file:
username monitor password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/
If you need to restore your password in the future, you would paste:
username monitor password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/
in the CLI, to restore your monitor password to awesomepass. Example Product Related Topics
amnesiac (config) # username admin password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller show usernames
ACL Management Commands
This section describes the ACL management commands. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide.
access enable
Description Syntax Parameters Enables secure access to a Steelhead appliance using an internal management Access Control List (ACL). [no] access enable None
162
Riverbed Command-Line Interface Reference Manual
access inbound rule add
Configuration-Mode Commands
Usage
Steelhead appliances are subject to the network policies defined by corporate security policy, particularly in large networks. Using an internal management ACL you can: restrict access to certain interfaces or protocols of a Steelhead appliance. restrict inbound IP access to a Steelhead appliance, protecting it from access by hosts that do not have permission without using a separate device (such as a router or firewall). specify which hosts or groups of hosts can access and manage a Steelhead appliance by IP address, simplifying the integration of Steelhead appliances into your network. You can also restrict access to certain interfaces or protocols. This feature provides the following safeguards to prevent accidental disconnection from the Steelhead appliance (or the CMC): It detects the IP address you are connecting from and displays a warning if you add a rule that denies connections to that address. It always allows the default Steelhead appliance ports 7800, 7801, 7810, 7820, and 7850. It always allows a previously-connected CMC to connect and tracks any changes to the IP address of the CMC to prevent disconnection. It converts well-known port and protocol combinations such as SSH, Telnet, HTTP, HTTPS, SNMP, and SOAP into their default management service and protects these services from disconnection. For example, if you specify protocol 6 (TCP) and port 22, the management ACL converts this port and protocol combination into SSH and protects it from denial. It tracks changes to default service ports and automatically updates any references to changed ports in the access rules. You can also change the standard port for HTTPS (443) to match your management standards using the web https port, and web http port, commands. Usage Notes When you change the default port of services (SSH, HTTP, HTTPS, and so on) on either the client or server-side Steelhead appliance and then create a management ACL rule denying that service, the rule will not work as expected. The Steelhead appliance on the other end (either server or client) of an in-path deployment does not know that the default service port has changed, and therefore optimizes the packets to that service port. To avoid this problem, add a pass-through rule to the client-side Steelhead appliance for the management interfaces. The pass-through rule prevents the traffic from coming from the local host when optimized. A management ACL rule that denies access to port 20 on the server-side Steelhead appliance in an out-of-path deployment prevents data transfer using active FTP. In this deployment, the FTP server and client cannot establish a data connection because the FTP server initiates the SYN packet and the management rule on the server-side Steelhead appliance blocks the SYN packet. To work around this problem, use passive FTP instead. With passive FTP, the FTP client initiates both connections to the server. For detailed information about active and passive FTP, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables management ACL.
Example Product Related Topics
amnesiac (config) # access enable
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show access inbound rules, show access status
access inbound rule add
Description Syntax Adds a secure access inbound rule. [no] access inbound rule add [allow | deny] protocol <protocol number> service <service> dstport <port> srcaddr <ip-addr> interface <interface> description <description> rulenum <rulenum> | [log {on | off}] | [override]
Riverbed Command-Line Interface Reference Manual
163
Configuration-Mode Commands
access inbound rule add
Parameters
allow | deny
Specify the action on the rule: allow - Allows a matching packet access to the Steelhead appliance. This is the default action. deny - Denies access to any matching packets.
protocol <protocol number> service <service> dstport <port>
Specify all, icmp, tcp, udp, or protocol number (1, 6, 17) in IP packet header. The default setting is all. Optionally, specify the service name: http, https, snmp, ssh, soap, telnet Optionally, specify the destination port of the inbound packet. You can also specify port ranges: 1000-30000
srcaddr <ip-addr> interface <interface> rulenum <rulenum>
Optionally, specify the source subnet of the inbound packet; for example, 1.2.3.0/24 Optionally, specify an interface name: primary, aux, inpath0_0. Optionally, specify a rule number from 1 to N, start, or end. The Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
description <description> log [on | off] override
Optionally, specify a description to facilitate communication about network administration. Optionally, specify to track denied packets in the log. By default, packet logging is enabled. Specify to ignore the warning and force the rule modification. If you add, delete, edit, or move a rule that could disconnect you from the Steelhead appliance, a warning message appears. You can specify override to ignore the warning and force the rule modification. Use caution when you override a disconnect warning.
164
Riverbed Command-Line Interface Reference Manual
access inbound rule edit rulenum
Configuration-Mode Commands
Usage
The management ACL contains rules that define a match condition for an inbound IP packet. You set a rule to allow or deny access to a matching inbound IP packet. When you add a rule on a Steelhead appliance, the destination specifies the Steelhead appliance itself, and the source specifies a remote host. The ACL rules list contains default rules that allow you to use the management ACL with the RiOS features PFS, DNS caching, and RSP. These default rules allow access to certain ports required by these features. The list also includes a default rule that allows access to the CMC. If you delete the default ACL rules for one of these features and need to restore it. To restore the default rule for PFS
access inbound rule add allow protocol tcp dstport 445 description "PFS Support" rulenum 1 access inbound rule add allow protocol tcp dstport 139 description "PFS Support" rulenum 1 access inbound rule add allow protocol udp dstport 137-138 description "PFS Support" rulenum 1
To restore the default rule for RSP
access inbound rule add allow protocol tcp dstport 8222 description "Allow RSP Console" rulenum 1 access inbound rule add allow protocol tcp dstport 8333 description "Allow RSP Console" rulenum 1
To restore the default rule for DNS cache
access inbound rule add allow protocol udp dstport 53 description "DNS Caching" rulenum 1
If you have a firewall rule set on server-side Steelhead appliance that prevents access to the server-side Steelhead appliance, you might not be able to transfer data using active FTP in outof-path deployments. To solve this problem, Riverbed recommends you use passive FTP or if you have permission to change the configuration on the server-side Steelhead appliance you can add a rule to allow packets from source port 20. For example:
access inbound rule add allow protocol tcp srcport 20
To delete a rule, use the following syntax: no access inbound rule <rulenum> Example Product Related Topics
amnesiac (config) # access inbound rule add allow protocol tcp/udp dstport 1234 srcaddr 10.0.0.1/16 interface primary rulenum 2
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show access inbound rules, show access status
access inbound rule edit rulenum
Description Syntax Modifies a secure access inbound rule. [no] access inbound rule edit rulenum <rulenum> action [allow | deny] [protocol <protocol number> service <service> dstport <port>| srcaddr <ip-addr> | interface <interface> | description <description>] | log [on | off] | [override] rulenum <rulenum> Optionally, specify a rule number from 1 to N, start, or end. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
Parameters
Riverbed Command-Line Interface Reference Manual
165
Configuration-Mode Commands
access inbound rule move
action [allow | deny]
Specify the action on the rule: allow - Allows a matching packet access to the Steelhead appliance. This is the default action. deny - Denies access to and logs any matching packets.
protocol <protocol number> service <service> dstport <port>
Specify all, icmp, tcp, udp, or protocol number (1, 6, 17) in IP packet header. The default setting is all. Optionally, specify the service name: http, https, snmp, ssh, telnet Specify the destination port. You can also specify port ranges: 1000-30000
srcaddr <subnet>
Specify the source subnet. For the subnet address, use the following format: XXX.XXX.XXX.XXX/XX
interface <interface> description <description> log [on | off] override
Specify the interface: primary, aux, inpath0_0 Optionally, specify a description to facilitate communication about network administration. Optionally, specify to enable or disable log in on this command. Specify to ignore the warning and force the rule modification. If you add, delete, edit, or move a rule that could disconnect you from the Steelhead appliance, a warning message appears. You can specify override to ignore the warning and force the rule modification. Use caution when overriding a disconnect warning.
Example Product Related Topics
amnesiac (config) # access inbound rule edit action allow dstport 1234 srcaddr 10.0.0.1/16 service http interface primary rulenum 2
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show access inbound rules, show access status
access inbound rule move
Description Syntax Parameters Moves a secure access inbound rule. [no] access inbound rule move <rulenum>] to <rulenum> rulenum <rulenum> Specify a rule number from 1 to N, start, or end. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. override Specify to ignore the warning and force the rule modification. If you add, delete, edit, or move a rule that could disconnect you from the Steelhead appliance, a warning message appears. You can specify override to ignore the warning and force the rule modification. Use caution when overriding a disconnect warning.
Example
amnesiac (config) # access inbound rule move 2 to 4
166
Riverbed Command-Line Interface Reference Manual
ssh client generate identity user
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show access inbound rules, show access status
Secure Shell Access Commands
This section describes the secure shell access commands.
ssh client generate identity user
Description Syntax Parameters Usage Example Product Related Topics Generates SSH client identity keys for the specified user. SSH provides secure log in for Windows and Unix clients and servers. ssh client generate identity user <user> <user> Specify the client user login.
The no ssh client identity user <user> command disables SSH client identity keys for a specified user.
amnesiac (config) # ssh client generate identity user test
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller show ssh client
ssh client user authorized-key key sshv2
Description Syntax Parameters Sets the RSA encryption method by RSA Security and authorized-key for the SSH user. [no] ssh client user <user> authorized-key key sshv2 <public key> <user> <public key> Usage Example Product Related Topics Specify the user name. Must be an existing local user. Specify the public key for SSH version 2 for the specified SSH user.
The no command option disables the authorized-key encryption method.
amnesiac (config) # ssh client user admin authorized-key key sshv2 MyPublicKey
Steelhead appliance, CMC appliance, Cloud Steelhead show ssh client
ssh server allowed-ciphers
Description Syntax Sets the list of allowed ciphers for ssh server. [no] ssh server allowed-ciphers <ciphers>
Riverbed Command-Line Interface Reference Manual
167
Configuration-Mode Commands
ssh server enable
Parameters
<ciphers>
Specify cipher or comma separated list of ciphers, in quotation marks. Default ciphers configured are aes128-ctr, aes192-ctr, and aes256-ctr. Supported ciphers are: aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr
Usage Example Product Related Topics
The no command option resets the SSH server allowed ciphers.
amnesiac (config) # ssh server allowed-ciphers "aes128-ctr,aes192-ctr,aes256-ctr"
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Whitewater show ssh server
ssh server enable
Description Syntax Parameters Usage Example Product Related Topics Enables SSH access to the system. [no] ssh server enable None The no command option disables SSH access.
amnesiac (config) # ssh server enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show ssh server
ssh server listen enable
Description Syntax Parameters Enables SSH interface restriction access to the system (that is, it enables access control and blocks requests on all the interfaces). [no] ssh server listen enable None
168
Riverbed Command-Line Interface Reference Manual
ssh server listen interface
Configuration-Mode Commands
Usage
If the list of interfaces is empty, none of the interfaces respond to the queries. The no command option disables SSH interface restrictions which causes SSH to accept connections from all interfaces. SSH interface restrictions are not available through the Management Console.
Example Product Related Topics
amnesiac (config) # ssh server listen enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show ssh server
ssh server listen interface
Description Syntax Parameters Usage Adds one or more interfaces to the SSH server access restriction list (thus, it unblocks requests on the specified interface). [no] ssh server listen interface <interface> <interface> Specify the interface: primary, aux, inpath0_0, inpath0_1, rios-lan0_0, rios_wan0_0
If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces. To add an interface to the list
ssh server listen interface primary
To remove an interface
no ssh server listen interface <interface>
The no command option removes the interface. SSH interface restrictions are not available through the Management Console Example Product Related Topics
amnesiac (config) # ssh server listen interface primary
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show ssh server
ssh server port
Description Syntax Parameters Usage Example Sets a port for SSH access. [no] ssh server port <port> <port> Specify a port for SSH access.
The no command option resets the SSH port to its default.
amnesiac (config) # ssh server port 8080
Riverbed Command-Line Interface Reference Manual
169
Configuration-Mode Commands
ssh server v2-only enable
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Whitewater show ssh server
ssh server v2-only enable
Description Syntax Parameters Usage Enables SSH server to accept only v2 connections, which are more secure. [no] ssh server v2-only enable None This command restricts the server to accept only v2 protocol connections, which are more secure. The no command option removes the restriction. Example Product Related Topics
amnesiac (config) # ssh server v2-only enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show ssh server
CLI Terminal Configuration Commands
This section describes the CLI terminal configuration commands.
banner login
Description Syntax Parameters Usage Example Product Related Topics Creates the system log in banner. [no] banner login <message string> <message string> Specify the login banner message. Enclose the message in quotation marks.
The no command option disables the login banner.
amnesiac (config) # banner login reminder: meeting today
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show bootvar
banner motd
Description Syntax Creates the system Message of the Day banner. [no] banner motd <message string>
170
Riverbed Command-Line Interface Reference Manual
cli clear-history
Configuration-Mode Commands
Parameters Usage Example Product Related Topics
<message string>
Specify the login Message of the Day. Enclose the message in quotation marks.
The no command option disables the system Message of the Day banner.
amnesiac (config) # banner motd customer visit today
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show bootvar
cli clear-history
Description Syntax Parameters Example Product Related Topics Clears the command history for the current user. cli clear-history None
amnesiac (config) # cli clear-history
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show cli
cli default auto-logout
Description Syntax Parameters Usage Sets the keyboard inactivity time for automatic log out. [no] cli default auto-logout <minutes> <minutes> Specify the number of minutes before log out occurs.
Suppose you are using telnet versus ssh to access your Steelhead appliances and thus have enabled a telnet server. To disable timeout
cli default auto-logout 0
The no command option disables the automatic logout feature. Example Product Related Topics
amnesiac (config) # cli default auto-logout 25
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show cli
Riverbed Command-Line Interface Reference Manual
171
Configuration-Mode Commands
cli default paging enable
cli default paging enable
Description Syntax Parameters Usage Example Product Related Topics Sets ability to view text one screen at a time. [no] cli default paging enable None The no command option disables paging.
amnesiac (config) # cli default paging enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show cli
cli session
Description Syntax Parameters Sets CLI options for the current session only. [no] cli session {auto-logout <minutes> | paging enable | terminal length <lines> |terminal type <terminal_type> | terminal width <number of characters>} auto-logout <minutes> paging enable Sets the number of minutes before the CLI automatically logs out the user. The default value is 15 minutes. The no command option disables the automatic logout feature. Sets paging. With paging enabled, if there is too much text to fit on the page, the CLI prompts you for the next page of text. The no command option disables paging. Sets the terminal length. The no command option disables the terminal length. Sets the terminal type. The no command option disables the terminal type. Sets the terminal width. The no command option disables the terminal width.
terminal length <lines> terminal type <terminal_type> terminal width <number of characters> Usage Example Product Related Topics
The no command option disables CLI option settings.
amnesiac (config) # cli session auto-logout 20
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show cli
Web Configuration Commands
This section describes the Management Console configuration commands.
172
Riverbed Command-Line Interface Reference Manual
web auto-logout
Configuration-Mode Commands
web auto-logout
Description Syntax Parameters Usage Example Product Related Topics Sets the number of minutes before the Management Console automatically logs out the user. [no] web auto-logout <minutes> <minutes> Specify the number of minutes before the system automatically logs out the user. The default value is 15 minutes.
The no command option disables the automatic log out feature.
amnesiac (config) # web auto-logout 20
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web auto-refresh timeout
Description Syntax Parameters Usage Enables session timeouts on auto-refreshing report pages. [no] web auto-refresh timeout None Disabling this feature keeps you logged in indefinitely on a report page that is auto-refreshing. This can be a security risk. The no command option disables time-out. Example Product Related Topics
amnesiac (config) # web auto-refresh timeout
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web enable
Description Syntax Parameters Usage Enables the Management Console. [no] web enable None The Management Console is enabled by default. The no command option disables the Interceptor Management Console. Example Product Related Topics
amnesiac (config) # web enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
Riverbed Command-Line Interface Reference Manual
173
Configuration-Mode Commands
web http enable
web http enable
Description Syntax Parameters Usage Enables HTTP access to the Management Console. [no] web http enable None The Management Console is enabled by default. The no command option disables the Management Console. Example Product Related Topics
amnesiac (config) # web http enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web http port
Description Syntax Parameters Usage Example Product Related Topics Sets the Web port for HTTP access. [no] web http port <port> <port> Specify the port number. The default value is 80.
The no command option resets the Web port to the default value.
amnesiac (config) # web http port 8080
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web httpd listen enable
Description Syntax Parameters Usage Restricts Web interface access to this system (that is, it enables access control and blocks requests on all the interfaces). [no] web httpd listen enable None The no command option disables Web interface restrictions. Web interface restrictions are not available through the Management Console. Example Product Related Topics
amnesiac (config) # web httpd listen enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
174
Riverbed Command-Line Interface Reference Manual
web httpd listen interface
Configuration-Mode Commands
web httpd listen interface
Description Syntax Parameters Usage Adds an interface to the Web server access restriction list. [no] web httpd listen interface <interface> <interface> Specify the interface: primary, aux, inpath0_0, rios-lan0_0, rios_wan0_0
If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces. To add an interface to the list to listen on
web httpd listen interface primary
To remove an interface so that it is no longer listened to
no web httpd listen interface <interface>
Web interface restrictions are not available through the Management Console. Example Product Related Topics
amnesiac (config) # web httpd listen interface aux
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web https enable
Description Syntax Parameters Usage Example Product Related Topics Enables HTTPS access to the Web-based management console. [no] web https enable None The no command option disables access to the Web-based management console.
amnesiac (config) # web https enable
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web https port
Description Syntax Parameters Usage Example Sets the HTTPS secure Web port. [no] web https port <port> <port> Specify the port number. The default value is 80.
The no command option disables support on a secure port.
amnesiac (config) # web https port 8080
Riverbed Command-Line Interface Reference Manual
175
Configuration-Mode Commands
web prefs graphs anti-aliasing
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web prefs graphs anti-aliasing
Description Syntax Parameters Usage Example Product Related Topics Enables anti-aliasing for graphics in the Management Console. [no] web prefs graphs anti-aliasing None The no command disables this feature.
amnesiac (config) # web prefs graphs anti-aliasing
Steelhead appliance, Cloud Steelhead show web prefs
web prefs log lines
Description Syntax Parameters Usage Example Product Related Topics Sets the number of lines for the system log page. [no] web prefs log lines <number> <number> Specify the number of lines per log page.
The no command option disables the number of log lines.
amnesiac (config) # web prefs logs lines 10
Steelhead appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web proxy host
Description Syntax Parameters Sets the HTTP, HTTPS, and FTP proxy. [no] web proxy host <ip-addr> [port <port>] <ip-addr> port <port> Usage Example Specify the IP address for the host. Specify the port for the host.
The no command option disables the Web proxy.
amnesiac (config) # web proxy host 10.1.2.1 port 1220
176
Riverbed Command-Line Interface Reference Manual
web session renewal
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web session renewal
Description Syntax Parameters Usage Example Product Related Topics Sets the session renewal time. This is the time before the Web session time-out. If a Web request comes in, it automatically renews the session. [no] web session renewal <minutes> <minutes> Specify the number of minutes. The default value is 10 minutes.
The no command option resets the session renewal time to the default value.
amnesiac (config) # web session renewal 5
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web session timeout
Description Syntax Parameters Usage Example Product Related Topics Sets the session time-out value. This is the amount of time the cookie is active. [no] web session timeout <minutes> <minutes> Specify the number of minutes. The default value is 60 minutes.
The no command option resets the session time-out to the default value.
amnesiac (config) # web session timeout 120
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web snmp-trap conf-mode enable
Description Syntax Parameters Usage Example Enables SNMP traps in Web configure mode. [no] web snmp-trap conf-mode enable None The no command option disables this setting.
amnesiac (config) # web snmp-trap conf-mode enable
Riverbed Command-Line Interface Reference Manual
177
Configuration-Mode Commands
web soap-server enable
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web soap-server enable
Description Syntax Parameters Usage Example Product Related Topics Enables the Simple Object Access Protocol (SOAP) server. [no] web soap-server enable None The no command option disables this setting.
amnesiac (config) # web soap-server enable
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show web
web soap-server port
Description Syntax Parameters Usage Example Product Related Topics Enables the Simple Object Access Protocol (SOAP) server port. [no] web soap-server port <port> <port> Specify the port.
The no command option disables this setting.
amnesiac (config) # web soap-server port 1234
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Cloud Steelhead show web
Configuration File Commands
This section describes the configuration file commands.
cmc enable
Description Syntax Parameters Usage Enables auto-registration for the CMC. [no] cmc enable None The no command option disable CMC auto-registration.
178
Riverbed Command-Line Interface Reference Manual
cmc hostname
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # cmc enable
Steelhead appliance, Cloud Steelhead show protocol cifs smb signing status
cmc hostname
Description Syntax Parameters Usage Example Product Related Topics Sets the CMC hostname used for auto-registration. [no] cmc hostname <hostname> <hostname> Specify the hostname.
The no command option disable CMC auto-registration.
amnesiac (config) # cmc hostname test
Steelhead appliance, Cloud Steelhead show protocol cifs smb signing status
configuration copy
Description Syntax Parameters Copies a configuration file. configuration copy <sourcename> <new-filename> <sourcename> <newfilename> Example Product Related Topics Specify the name of the source file. Specify the name of the destination file.
amnesiac (config) # configuration copy westcoast eastcoast
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration delete
Description Syntax Parameters Example Deletes a configuration file. configuration delete <filename> <filename> Specify the name of the configuration file to delete.
amnesiac (config) # configuration delete westcoast
Riverbed Command-Line Interface Reference Manual
179
Configuration-Mode Commands
configuration factory
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration factory
Description Syntax Parameters Example Product Related Topics Create a new configuration file. configuration factory <filename> <filename> Specify the name of the destination file.
amnesiac (config) # configuration factory eastcoast
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration fetch
Description Syntax Parameters Downloads a configuration file over the network. configuration fetch {<URL, scp://, or ftp://username:password@hostname/path/filename> | <filename> <URL, scp://, or ftp:// username:password@hostna me/path/filename> <filename> Usage Specify the location of the configuration file to download in URL, scp://, or ftp:// format. Create a new name for the configuration file.
To copy one configuration file to another appliance, run the following set of commands:
configuration fetch <url-to-remote-config> <new-config-name> ;; this fetches the configuration from the remote configuration switch-to <new-config-name> ;; this activates the newly fetched configuration
Example Product Related Topics
amnesiac (config) # configuration fetch http://domain.com/westcoast newconfig amnesiac (config) # configuration switch-to newconfig
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration jump-start
Description Restarts the configuration wizard. The configuration wizard lets you set 20 configuration parameters with a single command. Press Enter to accept the value displayed or enter a new value. configuration jump-start
Syntax
180
Riverbed Command-Line Interface Reference Manual
configuration jump-start
Configuration-Mode Commands
Parameters Example
None
amnesiac (config) # configuration jump-start amnesiac (config) # configuration jump-start Riverbed Steelhead configuration wizard. Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step Step 1: Hostname? [example] 2: Use DHCP on primary interface? [no] 3: Primary IP address? [10.11.6.6] 4: Netmask? [255.255.0.0] 5: Default gateway? [10.0.0.1] 6: Primary DNS server? [10.0.0.2] 7: Domain name? [example.com] 8: Admin password? 9: SMTP server? [exchange] 10: Notification email address? [[email protected]] 11: Set the primary interface speed? [auto] 12: Set the primary interface duplex? [auto] 13: Would you like to activate the in-path configuration? [yes] 14: In-Path IP address? [10.11.6.6] 15: In-Path Netmask? [255.255.0.0] 16: In-Path Default gateway? 17: Set the in-path:LAN interface speed? [auto] 18: Set the in-path:LAN interface duplex? [auto] 19: Set the in-path:WAN interface speed? [auto] 20: Set the in-path:WAN interface duplex? [auto]
You have entered the following information: 1. Hostname: example 2. Use DHCP on primary interface: no 3. Primary IP address: 10.11.0.6 4. Netmask: 255.255.0.0 5. Default gateway: 10.0.0.1 6. Primary DNS server: 10.0.0.2 7. Domain name: example.com 8. Admin password: (unchanged) 9. SMTP server: exchange 10. Notification email address: [email protected] 11. Set the primary interface speed: auto 12. Set the primary interface duplex: auto 13. Would you like to activate the in-path configuration: yes 14. In-Path IP address: 10.11.6.6 15. In-Path Netmask: 255.255.0.0 16. In-Path Default gateway: 17. Set the in-path:LAN interface speed: auto 18. Set the in-path:LAN interface duplex: auto 19. Set the in-path:WAN interface speed: auto 20. Set the in-path:WAN interface duplex: auto To change an answer, enter the step number to return to. Otherwise hit <enter> to save changes and exit. Choice: amnesiac (config)>
Product Related Topics
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
Riverbed Command-Line Interface Reference Manual
181
Configuration-Mode Commands
configuration merge
configuration merge
Description Syntax Parameters Merges common configuration settings from one system to another. configuration merge <filename> <new-config-name> <filename> <new-configname> Usage Name of file from which to merge settings. Specify the new configuration name.
Use the configuration merge command to deploy a network of appliances. Set up a template for your appliance and merge the template with each appliance in the network. The following configuration settings are not merged when you run the configuration merge command: failover settings, SNMP SysContact and SysLocation, log settings, and all network settings (for example, hostname, auxiliary interface, DNS settings, defined hosts, static routing, and in-path routing). The following configuration settings are merged when you run the configuration merge command: in-path, out-of-path, protocols, statistics, CLI, email, NTP and time, Web, SNMP, and alarm. To merge a configuration file, run the following set of commands:
configuration write to <new-config-name> ;; this saves the current config to the new name and activates ;; the new configuration configuration fetch <url-to-remote-config> <temp-config-name> ;; this fetches the configuration from the remote configuration merge <temp-config-name> ;; this merges the fetched config into the active configuration ;; which is the newly named/created one in step 1 above configuration delete <temp-config-name> ;; this deletes the fetched configuration as it is no longer ;; needed since you merged it into the active configuration
Example Product Related Topics
amnesiac (config) # configuration merge tempconfig
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration move
Description Syntax Parameters Moves and renames a configuration file. configuration move <sourcename> <destname> <sourcename> <destname> Example Product Related Topics Specify the name of the source configuration file. Specify the name of the new configuration file.
amnesiac (config) # configuration move westcoast eastcoast
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
182
Riverbed Command-Line Interface Reference Manual
configuration new
Configuration-Mode Commands
configuration new
Description Syntax Parameters Creates a new, blank configuration file. configuration new <new-filename> <cr> | [keep licenses] <newfilename> keep licenses Usage Example Product Related Topics Specify the name of the new configuration file. Creates a new configuration file with default settings and active licenses.
Riverbed recommends that you use the keep licenses command option. If you do not keep licenses, your new configuration will not have a valid license key.
amnesiac (config) # configuration new westcoast keep licenses
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration flash restore
Description Syntax Parameters Example Product Related Topics Restores a saved configuration from flash memory. configuration flash restore None
amnesiac (config) # configuration flash restore
Steelhead appliance show info
configuration flash write
Description Syntax Parameters Example Product Related Topics Writes the active configuration to flash disk memory in binary and text form. configuration flash write None
amnesiac (config) # configuration flash write
Steelhead appliance show info
Riverbed Command-Line Interface Reference Manual
183
Configuration-Mode Commands
configuration revert keep-local
configuration revert keep-local
Description Syntax Parameters Example Product Related Topics Reverts to the initial configuration but maintains some appliance-specific settings. configuration revert keep-local None
amnesiac (config) # configuration revert keep-local
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration revert saved
Description Syntax Parameters Example Product Related Topics Reverts the active configuration to the last saved configuration. configuration revert saved None
amnesiac (config) # configuration revert saved
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller show info
configuration switch-to
Description Syntax Parameters Loads a new configuration file and makes it the active configuration. configuration switch-to <filename> <filename> Specify the filename. The default filenames are: initial - Specify the initial configuration. initial.bak - Specify the initial backup configuration. cold - Specify the configuration file before SDR has occurred. working - Specify the current configuration. Example Product Related Topics
amnesiac (config) # configuration switch-to westcoast
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
184
Riverbed Command-Line Interface Reference Manual
configuration upload
Configuration-Mode Commands
configuration upload
Description Syntax Parameters Uploads the configuration file. configuration upload <filename> <http, ftp, or scp URL (e.g. scp://username:password@host/path)> <cr> | [active] <filename> <http, ftp, or scp URL (e.g. scp:// username:password@h ost/path)> active Example Product Related Topics Specify the configuration filename. Specify the HTTP, FTP, or scp URL.
Sets the uploaded file to the active configuration file.
amnesiac (config) # configuration upload initial scp://test:MyPassword@example/tmp/
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
configuration write
Description Syntax Parameters Example Product Related Topics Writes the current, active configuration file to memory. configuration write <cr> [to <filename>] to <filename> Save the running configuration to a file.
amnesiac (config) # configuration write
Steelhead appliance, CMC appliance, Interceptor appliance, Steelhead Mobile Controller, Cloud Steelhead show info
stats settings
Description Syntax Parameters Configures settings to generate statistics. stats settings {bandwidth port <port number> desc <string>| top-talkers enable | interval <hours> bandwidth port <port number> desc <string> top-talkers enable interval <hours> Specify a port to be monitored for statistics.
Specify a description for the port. Enables top-talkers. Specify the time interval: 24 or 48 hours.
Riverbed Command-Line Interface Reference Manual
185
Configuration-Mode Commands
write flash
Example Product Related Topics
amnesiac (config) # stats settings top-talkers enable
Steelhead appliance, Cloud Steelhead show stats alarm
write flash
Description Syntax Parameters Example Product Related Topics Saves the current configuration settings to flash memory. write flash None
amnesiac (config) # write flash
Steelhead appliance show info
write memory
Description Syntax Parameters Example Product Related Topics Saves the current configuration settings to memory. write memory None
amnesiac (config) # write memory
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show info
write terminal
Description Syntax Parameters Example Product Related Topics Displays commands to recreate current running configuration. write terminal None
amnesiac (config) # write terminal
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show info
186
Riverbed Command-Line Interface Reference Manual
tcp connection send keep-alive
Configuration-Mode Commands
tcp connection send keep-alive
Description Syntax Parameters Configures TCP connection tools for debugging the system. tcp connection send keep-alive local-addr <local ip-addr> local-port <port> remote-addr <remote ip-addr> remote-port <port> local-addr <local ip-addr> local-port <port> remote-addr <remote ip-addr> remote-port <port> Specify a local and remote Steelhead appliance for which you want to terminate a connection.
Usage
Enables a keep-alive timer between a local and remote Steelhead appliance so that you can determine if there is an active connection between the appliances. If the appliance is down, it terminates the connection. Use this command to debug connection problems in your network.
amnesiac (config) # tcp connection send keep-alive local-addr 10.0.0.1 local-port 1240 remote-addr 10.0.0.2 remote-port 1300
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show tcpdump-x
tcp connection send pass-reset
Description Syntax Parameters Resets all pass-through connections that match the source and destination IP address and port. tcp connection send pass-reset source-addr <source ip-addr> source-port <source port> destaddr <destination ip-addr> dest-port <destination port> source-addr <source ip-addr> source-port <source port> dest-addr <destination ip-addr> dest-port <destination port> Usage Example Product Related Topics Specify the source IP address. Specify the source port. Specify the destination IP address. Specify the destination port.
Enables you to individually reset passed-through connections on the Steelhead appliance so that upon re-establishment they are optimized.
amnesiac (config) # tcp connection send pass-reset source-addr 10.0.0.1 source-port 1234 dest-addr 10.0.0.2 dest-port 2345
Steelhead appliance, Cloud Steelhead show stats traffic passthrough
tcp connection send reset
Description Syntax Configures TCP connection tools for debugging the system. tcp connection send reset [both local-addr <local ip-addr> local-port <port> remote-addr <remote ip-addr> remote-port <port> | local-only local-addr <local ip-addr> local-port <port> remote-addr <remote ip-addr> remote-port <port> | remote-only remote-addr <remote ip-addr> remote-port <port> local-addr <local ip-addr> local-port <port>
Riverbed Command-Line Interface Reference Manual
187
Configuration-Mode Commands
port-label
Parameters
both local-addr <local ip-addr> localport <port> remote-addr <remote ipaddr> remote-port <port> local-only local-addr <local ip-addr> local-port <port> remote-addr <remote ip-addr> remote-port <port> remote-only remote-addr <remote ipaddr> remote-port <port> local-addr <local ip-addr> local-port <port>
Terminates the connection for the local and remote Steelhead appliances. Terminates the connection for the local Steelhead appliance. Terminates the connection for the remote Steelhead appliance.
Usage Example Product Related Topics
Terminates connections between Steelhead appliances so that you can debug connection problems in your network.
amnesiac (config) # tcp connection send reset both local-only local-addr 10.0.0.1 local-port 1240 remote-addr 10.0.0.2 remote-port 1300
Steelhead appliance, Cloud Steelhead show tcpdump-x
Port Label Commands
This section describes the port label commands.
port-label
Description Configures port label settings. Port labels are names given to sets of ports. When you configure rules for feature implementation, you can specify port labels instead of port numbers to reduce the number of in-path rules. [no] port-label <name> port <port> <name> <port> Specify the name of the port label. Port labels are not case sensitive and can be any string consisting of letters, numbers, underscore ( _ ), or a hyphen ( - ). Specify a comma-separated list of ports and ranges of ports. For example: 22,443,990-995,3077-3078
Syntax Parameters
188
Riverbed Command-Line Interface Reference Manual
stats settings bandwidth
Configuration-Mode Commands
Usage
The Riverbed system includes the following default port labels: Secure - Contains ports that belong to the system label for secure ports. The Steelhead appliance automatically passes through traffic on commonly secure ports (for example, ssh, https, and smtps). For a list of secure ports, see Appendix A, Riverbed Ports. Interactive - Contains ports that belong to the system label for interactive ports. The Steelhead appliance automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell). For a list of interactive ports, see Appendix A, Riverbed Ports. RBT-Proto - Contains ports that belong to the label for system processes: 7744 (data store synchronization), 7800-7801 (in-path), 7810 (out-of-path), 7820 (failover), 7850 (connection forwarding), 7860 (Interceptor appliance), 7570 (Steelhead Mobile Controller). All - Contains all ports that have been discovered by the system. This label cannot be modified. Unknown - Contains ports that have been discovered by the system that do not belong to another port label (besides All). Riverbed appliances automatically discover active ports. Activity for the discovered port is included in the Traffic Summary report. If a port label contains the discovered port, the report reflects this. If a label does not exist, the port activity is labeled unknown. You can create an appropriately descriptive port label for activity on such ports. All statistics for this new port label are preserved from the time the port was discovered. You can use the port-label FOO port <port> command to add or modify ports in a port label. For example you define port label FOO by issuing following the command.
(config)# port-label FOO port 2-9,14
If you want to add ports to the FOO port label:
(config)# port-label FOO port 10-20
If you run the show port-label FOO command, you will see the new range of ports from 2 to 20. The no command option removes the port label for the specified port label. Example
amnesiac (config) # port-label foo port 22,443,990-995,3077-3078 amnesiac (config) # show port-label foo Port Label: foo 22,443,990-995,3077-3078
Product Related Topics
Interceptor appliance, Steelhead appliance, Cloud Steelhead show port-label
Statistics Manipulation Commands
This section describes the statistics manipulation commands.
stats settings bandwidth
Description Syntax Parameters Configures sampled statistics. [no] stats settings bandwidth <port> desc <description> <port> desc <description> Usage Example Specify the port number. Specify a description of the port.
The no command option disables bandwidth statistics.
amnesiac (config) # stats settings bandwidth 2727
Riverbed Command-Line Interface Reference Manual
189
Configuration-Mode Commands
email autosupport enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show stats bandwidth
Notification Commands
This section describes the notification commands.
email autosupport enable
Description Syntax Parameters Usage Example Product Related Topics Enables automatic email notification of significant alarms and events to Riverbed Support. [no] email autosupport enable None The no command option disables automatic email notification.
amnesiac (config) # email autosupport enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
email domain
Description Syntax Parameters Usage Sets the domain for email notifications. [no] email domain <hostname or ip-addr> <hostname or ip-addr> Specify the domain for email notifications (only if the email address does not contain it).
Use the email domain command only if the email address does not contain the domain. The no command option disables the email domain.
Example Product Related Topics
amnesiac (config) # email domain example.com
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show domain
email from-address
Description Syntax Sets the address from which email messages appear to come. [no] email from-address <email addr>
190
Riverbed Command-Line Interface Reference Manual
email mailhub
Configuration-Mode Commands
Parameters Usage
<email addr>
Specify the full user name and domain to appear in the email "From:" address.
Use the email from-address command to override the default email address used in outgoing email messages, do-not-reply@[hostname].[domainname]. The no command option disables the email address configured and returns to the default email address.
Example Product Related Topics
amnesiac (config) # email from-address [email protected]
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead, Whitewater show domain, show email
email mailhub
Description Syntax Parameters Usage Example Product Related Topics Sets the SMTP server for email notifications. [no] email mailhub <hostname or ip-addr> <hostname or ip-addr> Specify the SMTP server for email notifications.
The no command option disables the SMTP server.
amnesiac (config) # email mailhub mail-server.example.com
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
email mailhub-port
Description Syntax Parameters Usage Example Product Related Topics Sets the email port for email notifications. [no] email mailhub-port <port> <port> Specify the email port for email notifications.
The no command option disables the email port.
amnesiac (config) # email mailhub-port 135
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
Riverbed Command-Line Interface Reference Manual
191
Configuration-Mode Commands
email notify events enable
email notify events enable
Description Syntax Parameters Usage Example Product Related Topics Enables email notification for events. [no] email notify events enable None The no command option disables email notification.
amnesiac (config) # email notify events enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
email notify events recipient
Description Syntax Parameters Usage Example Product Related Topics Sets the email address for notification of events. [no] email notify events recipient <email addr> <email addr> Specify the email address of users to receive notification of events.
The no command option disables email address for notification.
amnesiac (config) # email notify events recipient [email protected]
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
email notify failures enable
Description Syntax Parameters Usage Example Product Related Topics Enables email notification of system failures, such as core dumps. [no] email notify failures enable None The no command option disables email notification.
amnesiac (config) # email notify failures enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
192
Riverbed Command-Line Interface Reference Manual
email notify failures recipient
Configuration-Mode Commands
email notify failures recipient
Description Syntax Parameters Usage Example Product Related Topics Enables email notification of system failures, such as core dumps. [no] email notify failures recipient <email addr> recipient <email-addr> Specify the email address of users to receive notification of failures.
The no command option disables email notification.
amnesiac (config) # email notify failures recipient [email protected]
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
email send-test
Description Syntax Parameters Usage Example Product Related Topics Sends a test email to all configured event and failure recipients. email send-test None You can also access this command from enable-mode.
amnesiac (config) # email send-test
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show email
Data Store Configuration Commands
This section describes the commands for configuring the following data store features: Warming branch Steelhead Mobile Clients Encrypting the data store Configuring data store notification and wrap-around Synchronizing the data store
datastore branchwarming enable
Description Syntax Parameters Enables branch warming for Steelhead Mobile Clients. By default, branch warming is enabled. [no] datastore branchwarming enable None
Riverbed Command-Line Interface Reference Manual
193
Configuration-Mode Commands
datastore encryption type
Usage
Branch warming keeps track of data segments created while a Steelhead Mobile user is in a Steelhead appliance-enabled branch office and trickles the new data back to the Steelhead Mobile laptop. When the user goes back on the road, they receive warm performance. Branch warming co-operates with and optimizes transfers for a server-side Steelhead appliance. New data transfers between the client and server are populated in the Steelhead Mobile data store, the branch Steelhead appliance data store, and the server-side Steelhead appliance data store. When the server downloads data, the server-side Steelhead appliance checks if either the Steelhead Mobile Client or the branch Steelhead appliance has the data in their data store. If either device already has the data segments, the server-side Steelhead appliance sends only references to the data. The Mobile Client and the branch Steelhead appliance communicate with each other to resolve the references. Other clients at a branch office benefit from branch warming as well, because data transferred by one client at a branch also populates the branch Steelhead appliance data store. Performance improves with all clients at the branch because they receive warm performance for that data. Note: The Steelhead Mobile Client must be running v2.1 or later. Branch Warming does not improve performance for configurations using: SSL connections Out-of-path (fixed-target rules) Steelhead Mobile Clients which communicate with multiple server-side appliances in different scenarios. For example, if a Steelhead Mobile Client home user peers with one server-side Steelhead appliance after logging in through a VPN network and peers with a different serverside Steelhead appliance after logging in from the branch office, branch warming does not improve performance. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # datastore branchwarming enable
Steelhead appliance, Cloud Steelhead show datastore branchwarming
datastore encryption type
Description Enables or disables encryption of the data store and specifies the type of encryption to use. Encrypting the data store significantly limits the exposure of sensitive data in the event the system is compromised by loss, theft, or a security violation. Before you encrypt the data store, the secure vault must be unlocked. For detailed information see, secure-vault on page 378. [no] datastore encryption type {NONE |AES_128 | AES_192 | AES_256} [NONE | AES_128 | AES_192 | AES_256] Specify a data store encryption scheme: NONE - Do not encrypt the data store. AES_128 - Use the Advanced Encryption Standard (AES) 128-bit cipher setting. AES_192 - Use the AES 192-bit cipher setting. AES_256 - Use the AES 256-bit cipher setting. This encryption scheme is the most secure. Note: Encryption types can be lower-case.
Syntax Parameters
194
Riverbed Command-Line Interface Reference Manual
datastore encryption type
Configuration-Mode Commands
Usage
Encrypting the data store significantly limits the exposure of sensitive data in the event an appliance is compromised by loss, theft, or a security violation. The secure data is difficult for a third party to retrieve. Before you encrypt the data store, the secure vault must be unlocked. The encryption key is stored in the secure vault. Encrypting the data store can have performance implications; generally, higher security means less performance. Several encryption strengths are available to provide the right amount of security while maintaining the desired performance level. When selecting an encryption type, you must evaluate the network structure, the type of data that travels over it, and how much of a performance trade-off is worth the extra security. Important: You must clear the data store and reboot the Steelhead service on theSteelhead appliance after turning on, changing, or turning off the encryption type. After you clear the data store, the data cannot be recovered. If you do not want to clear the data store, reselect your previous encryption type and reboot the service. The Steelhead appliance uses the previous encryption type and encrypted data store. To encrypt the data store 1. Make sure your secure vault is unlocked. The encryption key is stored in the secure vault.
secure-vault unlock
For detailed information see, secure-vault on page 378. 2. 3. Turn on data store encryption;
datastore encryption type AES_256
Clean the data store and restart the Steelhead service:
restart clean
Encrypted Data Store Downgrade Limitations The Steelhead appliance cannot use an encrypted data store with an earlier RiOS software version, unless the release is an update (v4.x.x). For example, an encrypted data store created in v4.1.4 would work with v4.1.2, but not with v4.0.x. Before downgrading to an earlier software version, you must select none as the encryption type, clear the data store, and restart the service. After you clear the data store, the data are removed from persistent storage and cannot be recovered. To downgrade the data store 1. 2. Turn off data store encryption.
datastore encryption type NONE
Clean the data store and restart the Steelhead service:
restart clean
If you return to a previous software version and there is a mismatch with the encrypted data store, the status bar indicates that the data store is corrupt. You can either: Use the backup software version after clearing the data store and rebooting the service. Or Return to the software version in use when the data store was encrypted, and continue using it. For detailed information, see the Steelhead Management Console Users Guide. Example Product Related Topics
amnesiac (config) # datastore encryption type AES_192 amnesiac (config) # restart clean
Steelhead appliance, Cloud Steelhead show datastore
Riverbed Command-Line Interface Reference Manual
195
Configuration-Mode Commands
datastore notification enable
datastore notification enable
Description Syntax Parameters Usage Example Product Related Topics Enables email notification when the data in the data store is replaced with new data. [no] datastore notification enable None The no command option disables notification wrap-around.
amnesiac (config) # datastore notification enable
Steelhead appliance, Cloud Steelhead show datastore
datastore notification wrap-around
Description Syntax Parameters Usage Sets the number of days to elapse before sending an email message notifying you that the data in the data store has been replaced. [no] datastore notification wrap-around <days> <days> Specify the number of days to elapse before sending an email message notifying you that the data in the data store has been replaced.
Steelhead appliance only. The no command option disables notification wrap-around.
Example Product Related Topics
amnesiac (config) # datastore notification wrap-around 2
Steelhead appliance, Cloud Steelhead show datastore
datastore sync enable
Description Enables pairs of Steelhead appliances on the same side of a WAN to automatically keep their data stores synchronized. This feature provides for failover and overflow capacity without performance loss. Beginning with RiOS v4.0 you can enable this feature which independent of whether you have enabled failover. This features is also known as active-active synchronization. [no] datastore sync enable None
Syntax Parameters
196
Riverbed Command-Line Interface Reference Manual
datastore sync enable
Configuration-Mode Commands
Usage
For deployments requiring the highest levels of redundancy and performance, RiOS supports warm standby between designated master and backup devices. Using automated data store synchronization, the data segments and the references created via data streamlining are automatically copied from the master to the backup appliance. In the event of a failure in the master appliance, the backup appliance takes its place with a warm data store, and can begin delivering fully-optimized performance immediately. Warm data transfers send only new or modified data, dramatically increasing the rate of data transfer over the WAN. RiOS supports active-active configurations, in which each appliance is serving both as a master for some traffic and as a backup for the other appliance, with full data store synchronization. Automatic synchronization can include appliances in a serial or WCCP cluster, and appliances using connection forwarding. Note: Synchronization takes place over the primary or auxiliary port only. Failover is not required for data store synchronization. Although the failover and synchronization features are typically enabled together, you can enable data store synchronization independently of standard failover. Note: In most implementations in which both failover and synchronization are enabled, the same Steelhead appliance serves as the master for both failover and data store synchronization. However, if you enable failover and synchronization, the failover master and the synchronization master do not have to be the same Steelhead appliance. You configure two Steelhead appliances to enable synchronization, one as a server (the synchronization master) and the other as a backup. The synchronization master and its backup: must be on the same LAN. do not have to be in the same physical location. If they are in different physical locations, they must be connected via a fast, reliable LAN connection with minimal latency. must be running the same version of the RiOS software. must have the same hardware model. must be configured on the primary or auxiliary interface. When you have configured the master and backup appliances, you must restart the Steelhead service on the backup Steelhead appliance. The master restarts automatically. After you have enabled and configured synchronization, the data stores are actively kept synchronized. For detailed information on how synchronized appliances replicate data and how data store synchronization is commonly used in high availability designs, see the Riverbed Deployment Guide. Note: If one of the synchronized Steelhead appliances is under high load, some data might not be copied. For detailed information, see the Riverbed Deployment Guide. Note: If data store synchronization is interrupted for any reason (such as a network interruption or if one of the Steelhead appliances is taken out of service), the Steelhead appliances continue other operations without disruption. When the interruption is resolved, data store synchronization resumes without risk of data corruption. The no command option disables automatic synchronization.
Example
amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac
(config) (config) (config) (config) (config) (config)
# # # # # #
datastore sync peer-ip 192.148.0.12 datastore sync port 7744 datastore sync reconnect 30 datastore sync master datastore sync enable service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show datastore
Riverbed Command-Line Interface Reference Manual
197
Configuration-Mode Commands
datastore sync master
datastore sync master
Description Syntax Parameters Usage Example Product Related Topics Sets the local appliance as the master appliance to which the data stores for other appliances synchronize. [no] datastore sync master None The no command option removes the master status for the appliance data store.
amnesiac (config) # datastore sync master
Steelhead appliance, Cloud Steelhead show datastore
datastore sync peer-ip
Description Syntax Parameters Example Product Related Topics Sets the IP address for the peer appliance for which you want to push replicated data. datastore sync peer-ip <ip-addr> <ip-addr> Specify the primary IP address of the backup appliance. This must be the primary IP address of a backup appliance.
amnesiac (config) # datastore sync peer-ip 10.0.0.3
Steelhead appliance, Cloud Steelhead show datastore
datastore sync port
Description Syntax Parameters Usage Example Product Related Topics Sets the port for the peer Steelhead appliance for which you want to push replicated data. [no] datastore sync port <port> <port> Specify the port of the peer Steelhead appliance. The default value is 7744.
The no command option resets the port to the default value.
amnesiac (config) # datastore sync port 1234
Steelhead appliance, Cloud Steelhead show datastore
198
Riverbed Command-Line Interface Reference Manual
datastore sync reconnect
Configuration-Mode Commands
datastore sync reconnect
Description Syntax Parameters Usage Example Product Related Topics Sets the reconnection interval for data store synchronization. [no] datastore sync reconnect <seconds> <seconds> Specify the number of seconds for the reconnection interval. The default value is 30.
The no command option resets the reconnection interval to the default.
amnesiac (config) # datastore sync reconnect 40
Steelhead appliance, Cloud Steelhead show datastore
Data Store Replication and Protection Commands
Typically, the data store does not need to be modified. You modify data store settings for data replication and data protection environments. In addition to these commands, Riverbed recommends that you also configure high-speed TCP to improve datastore performance for data protection environments. For detailed information, see High-Speed TCP Support Commands on page 312. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide or the Riverbed Deployment Guide.
Important: Riverbed recommends you contact Riverbed Support before you change these default configuration settings.
datastore codec compression adaptive
Description Syntax Parameters Usage Example Product Related Topics Enables adaptive LZ compression. [no] datastore codec compression adaptive None The no command option disables this feature.
amnesiac (config) # datastore codec compression adaptive
Steelhead appliance, Cloud Steelhead show datastore disk
datastore codec compression level
Description Syntax Configures the data store LZ compression level. [no] datastore codec compression level <lz level>
Riverbed Command-Line Interface Reference Manual
199
Configuration-Mode Commands
datastore codec multi-core-ball
Parameters Usage Example Product Related Topics
<lz level>
Specify the compression level. The range is 0-9.
The no command option disables this feature.
amnesiac (config) # datastore codec compression level
Steelhead appliance, Cloud Steelhead show datastore disk
datastore codec multi-core-ball
Description Syntax Parameters Usage Example Product Related Topics Enables data store multi-core balancing. [no] datastore codec multi-core-ball None The no command option disables this feature.
amnesiac (config) # datastore codec multi-core-ball
Steelhead appliance, Cloud Steelhead show datastore disk
datastore disk read-pressure interval
Description Syntax Parameters Usage Example Product Related Topics Configures the data store disk read-pressure. [no] datastore disk read-pressure interval <seconds> <seconds> Specify the data store read-pressure interval, in seconds.
The no command option disables the read pressure interval.
amnesiac (config) # datastore disk read-pressure interval 5
CMC appliance, Steelhead appliance, Cloud Steelhead show datastore disk
datastore disklayout fifo
Description Enables a replacement algorithm that replaces data in the order that they are received (first in, first out). Before you enable the set of data replication commands, please contact Riverbed Support at https://support.riverbed.com. Syntax [no] datastore disklayout fifo
200
Riverbed Command-Line Interface Reference Manual
datastore disklayout rvbdlru
Configuration-Mode Commands
Parameters Usage
None The data store segment replacement policy selects the technique used to replace the data in the data store. While the default setting works best for most Steelhead appliances, occasionally Riverbed Support recommends changing the policy to improve performance. The client-side and server-side Steelhead appliances must be running RiOS v6.0.x or later. Note: Upgrading from RiOS v5.0.x to v5.5 or later changes the default data store segment replacement policy from FIFO to Riverbed LRU. Important: Enabling the LRU disk layout method may cause the data store wrap warning to occur earlier than expected when using the FIFO replacement policy. This is expected behavior. The no command option disables anchor selection.
Example Product Related Topics
amnesiac (config) # datastore disklayout fifo
Steelhead appliance, Cloud Steelhead show datastore disklayout
datastore disklayout rvbdlru
Description Enables a replacement algorithm that replaces the least recently used, evicting pages that have not been used on disk for the longest time. This is the default setting. Before you enable the set of data replication commands, please contact Riverbed Support at https://support.riverbed.com. Syntax Parameters Usage [no] datastore disklayout rvbdlru None The data store segment replacement policy selects the technique used to replace the data in the data store. While the default setting works best for most Steelhead appliances, occasionally Riverbed Support recommends changing the policy to improve performance. The client-side and server-side Steelhead appliances must be running RiOS v6.0.x or later. Note: Upgrading from RiOS v5.0.x to v5.5 or later changes the default data store segment replacement policy from FIFO to Riverbed LRU. The no command option disables this option. Example Product Related Topics
amnesiac (config) # datastore disklayout rvbdlru
Steelhead appliance, Cloud Steelhead show datastore disklayout
datastore sdr-policy
Description Configures the data store SDR policy. An adaptive data streamlining mode determines how the Steelhead appliance stores and maintains the data references. It also optimizes disk access for data replication, if needed. The data streamlining approaches range from less to more aggressive. Changing the default setting is optional; you should select another setting only when it is critical and only with guidance from Riverbed Support. [no] datastore sdr-policy [default | sdr-a | sdr-m | sdr-a-advanced]
Syntax
Riverbed Command-Line Interface Reference Manual
201
Configuration-Mode Commands
datastore sdr-policy
Parameters
default
Specify the default setting and works for most implementations. The default setting: Provides the most data reduction. Reduces random disk seeks and improves disk throughput by discarding very small data margin segments that are no longer necessary. This Margin Segment Elimination (MSE) process provides network-based disk defragmentation. Writes large page clusters. Monitors the disk write I/O response time to provide more throughput.
sdr-a
Includes the default settings described above, and also: Balances writes and reads. Monitors both read and write disk I/O response time to provide more throughput. Important: Use caution with this setting, particularly when you are optimizing CIFS or NFS with prepopulation. Please contact Riverbed Support for more information.
sdr-m
Performs data reduction entirely in memory, which prevents the Steelhead appliance from reading and writing to and from the disk. Enabling this option can yield high LAN-side throughput because it removes all disk latency. SDR-M is most efficient when used between two identical high-end Steelhead appliance models; for example, 6020 - 6020. When used between two different Steelhead appliance models, the smaller model limits the performance. Important: You must reboot the client-side and server-side Steelhead appliances if you enable SDR-M. Important: You cannot use peer data store synchronization with SDR-M.
sdr-a-advanced
Maximizes LAN-side throughput dynamically under different data work loads. This switching mechanism is governed with a throughput and bandwidth reduction goal using the available WAN bandwidth. If you have enabled SDR-Adaptive prior to upgrading to RiOS v6.0 and later, the default setting is SDR-Adaptive Legacy. If you did not change the SDR-Adaptive setting prior to upgrading to RiOS 6.0 or later, the default setting is SDR-Adaptive Advanced. Important: If you did not change the SDR-Adaptive setting prior to upgrading to RiOS 6.0 or later, the default setting is SDR-Adaptive Advanced.
Usage
Generally, the default setting provides the most data reduction. When choosing an adaptive streamlining mode for your network, you should contact Riverbed Support to help you evaluate the setting based on: the amount of data replication your data store is processing. how often the replication occurs (for example, as soon as a write occurs, or in a nightly batch). how much data reduction you can sacrifice for higher throughput. The client-side and server-side Steelhead appliances must be running RiOS v6.0.x or later. The no command option disables this option.
Example
amnesiac (config) # datastore sdr-policy sdr-a
202
Riverbed Command-Line Interface Reference Manual
datastore write-q-prior
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show datastore sdr-policy
datastore write-q-prior
Description Enables priority for deferred writes. Before you enable the set of data replication commands, please contact Riverbed Support at https://support.riverbed.com. Syntax Parameters Usage [no] datastore write-q-prior None Use this command if you are experiencing a gradual decline in optimization over time when using DR applications. The no command option disables deferred writes. Example Product Related Topics
amnesiac (config) # datastore write-q-prior
Steelhead appliance, Cloud Steelhead show datastore write-q-prior
disk reset
Description Syntax Parameters Example Product Related Topics Resets the specified disk. disk <disk number> reset <disk number> Specify the disk number to be reset.
amnesiac (config) # disk 2 reset
Steelhead appliance, Cloud Steelhead show datastore disk
SNMP Commands
RiOS v5.0 provides support for the following: SNMP Version 1 SNMP Version 2c RiOS v6.0 and later provides support for the following: SNMP Version 3, which provides authentication through the User-based Security Model (USM). View-Based Access Control Mechanism (VACM), which provides richer access control. Enterprise Management Information Base (MIB).
Riverbed Command-Line Interface Reference Manual
203
Configuration-Mode Commands
snmp-server acl
ACLs (Access Control Lists) for users (v1 and v2c only). For detailed information about SNMP traps sent to configured servers, see the Steelhead Management Console Users Guide. SNMP v3 provides additional authentication and access control for message security. For example, you can verify the identity of the SNMP entity (manager or agent) sending the message. Using SNMPv3 is more secure than SNMP v1 or v2; however, it requires more configuration steps to provide the additional security features.
snmp-server acl
Description Syntax Parameters Configures changes to the View-Based Access Control Model (VACM) ACL configuration. [no] snmp-server acl group <name> security-level <level> read-view <name> group <name> securitylevel <level> Specify the name of the SNMP server community. Specify the security level for this ACL entry. noauth - Does not authenticate packets and does not use privacy. This is the default setting. auth - Authenticates packets but does not use privacy. Note: This setting whether a single atomic message exchange is authenticated. Note: A security level applies to a group, not to an individual user. read-view <name> Usage Specifies read requests will be restricted to this view.
For detailed information about SNMP traps sent to configured servers, the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables an SNMP server community.
Example Product Related Topics
amnesiac (config) # snmp-server acl group ReadOnly security-level auth read-view ReadOnly
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server community
Description Syntax Parameters Sets an SNMP read-only server community. [no] snmp-server community <name> <name> Specify the name of the SNMP server community.
204
Riverbed Command-Line Interface Reference Manual
snmp-server contact
Configuration-Mode Commands
Usage
For detailed information about SNMP traps sent to configured servers, the Management Console online help or the Steelhead Management Console Users Guide. You can still access the entire MIB tree from any source host using this setting. If you do not want this type of access, you must delete this option and configure the security name for SNMP ACL support. For details, see snmp-server group on page 206. This community string overrides any VACM settings. The no command option disables an SNMP server community.
Example Product Related Topics
amnesiac (config) # snmp-server community ReaDonLy
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server contact
Description Syntax Parameters Usage Example Product Related Topics Sets the SNMP server contact. [no] snmp-server contact <name> <name> Specify the user name of the SNMP server community contact.
The no command option disables the SNMP server contact.
amnesiac (config) # snmp-server contact john doe
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server enable
Description Syntax Parameters Usage Example Product Related Topics Enables an SNMP server. [no] snmp-server enable <cr> | [traps] traps Enables sending of SNMP traps from this system.
The no command option disables the SNMP server or traps.
amnesiac (config) # snmp-server enable traps
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
Riverbed Command-Line Interface Reference Manual
205
Configuration-Mode Commands
snmp-server group
snmp-server group
Description Syntax Parameters Configures the View Access Control Model (VACM) group configuration. [no] snmp-server group <group> security name <name> security-model <model> group <group> securitymodel <model> Specify a group name. Specify one of the following security models: v1 - Enables SNMPv1 security model. v2c - Enables SNMPv2c security model. usm - Enables User-based Security Model (USM). securityname <name> Usage Example Product Related Topics Specify a name to identify a requester (allowed to issue gets and sets) or a recipient (allowed to receive traps) of management data. The security name is also required to make changes to the VACM security name configuration.
The no command option disables the SNMP server group.
amnesiac (config) # snmp-server group rvbdgrp security-name riverbed security-model v1
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server host
Description Syntax Parameters Configures hosts to which to send SNMP traps. [no] snmp-server host <hostname or ip-addr> traps <community string> <hostname or ip-addr> traps <community string> Specify the hostname or IP address for the SNMP server. Send traps to the specified host. Specify the password-like community string to control access. Use a combination of uppercase, lowercase, and numerical characters to reduce the chance of unauthorized access to the Steelhead appliance. Note: If you specify a read-only community string, it takes precedence over this community name and allows users to access the entire MIB tree from any source host. If this is not desired, delete the read-only community string. Note: To create multiple SNMP community strings on a Steelhead, leave the default public community string and then create a second read-only community string with a different security name. Or, you can delete the default public string and create two new SNMP ACLs with unique names. Usage Example Product Related Topics The no command option disables the SNMP server host.
amnesiac (config) # snmp-server host 10.0.0.1 traps public
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
206
Riverbed Command-Line Interface Reference Manual
snmp-server host version
Configuration-Mode Commands
snmp-server host version
Description Syntax Configures hosts to which to send SNMP traps. [no] snmp-server host <hostname or ip-addr> traps <community string> version {1 | port <port>}| {2 c | port <port>]} | {3 remote-user <name>] password encrypted <key> authprotocol <MD5 | SHA>] [security-level <noauth | auth>] <cr> | port <port>] | plaintext [authprotocol <MD5 | SHA>] [security-level <noauth | auth> <cr>] | [port <port>]} <hostname or ip-addr> traps <community string> Specify the hostname or IP address for the SNMP server. Send traps to the specified host. Specify the password-like community string to control access. Use a combination of uppercase, lowercase, and numerical characters to reduce the chance of unauthorized access to the Steelhead appliance. Note: If you specify a read-only community string, it takes precedence over this community name and allows users to access the entire MIB tree from any source host. If this is not desired, delete the read-only community string. Note: To create multiple SNMP community strings on a Steelhead, leave the default public community string and then create a second read-only community string with a different security name. Or, you can delete the default public string and create two new SNMP ACLs with unique names. version <number> Specify the SNMP version of traps to send to this host: 1 - Specifies SNMPv1. 2c. Specifies SNMPv2c. 3 - Specifies SNMPv3. remote-user <name> password [encrypted | plaintext] For SNMPv3 specify the user name. Specify the password type: encrypted. Enables encrypted password authentication. plaintext. Enables plain-text password authentication. encrypted <key> auth-protocol <MD5 | SHA> For SNMPv3 specify the user password. Specify the authorization protocol: MD5. Enables MD5 security protocol. SHA - Enables SHA security protocol. security-level <noauth | auth> Specify the security level: noauth - Specifies no-authorization required. auth - Specifies authorization required. port <port> Usage Example Product Related Topics Optionally, specify the destination port.
Parameters
The no command option disables the SNMP server host.
amnesiac (config) # snmp-server host 10.0.0.1 traps version 1 public 99162? port 1234
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp, snmp-server community, snmp-server security-name
Riverbed Command-Line Interface Reference Manual
207
Configuration-Mode Commands
snmp-server ifindex
snmp-server ifindex
Description Syntax Parameters Adds a custom index value for an interface. snmp-server ifindex <interface> <index> <interface> <index> Example Product Related Topics Specify the interface: wan0_0, lan0_0, wan0_1, lan0_1, primary, aux, inpath0_0, inpath0_1 Specify the index.
amnesiac (config) # snmp-server ifindex aux 1234
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server ifindex-persist
Description Syntax Parameters Usage Example Product Related Topics Enables persistent SNMP interface indices. [no] snmp-server ifindex-persist None The no command option disables the SNMP server group.
amnesiac (config) # snmp-server ifindex-persist
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server ifindex-reset
Description Syntax Parameters Example Product Related Topics Resets the ifindex values of all interfaces to the factory default value. snmp-server ifindex-reset None
amnesiac (config) # snmp-server ifindex-reset
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
208
Riverbed Command-Line Interface Reference Manual
snmp-server listen enable
Configuration-Mode Commands
snmp-server listen enable
Description Syntax Parameters Usage Enables SNMP server interface restrictions (that is, it enables access control and blocks requests on all the interfaces). [no] snmp-server listen enable None The no command option disables SNMP interface restrictions. SNMP interface restrictions are not available through the Management Console. Example Product Related Topics
amnesiac (config) # snmp-server listen enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server listen interface
Description Syntax Parameters Usage Adds an interface to the SNMP server access restriction list. [no] snmp-server listen interface <interface> <interface> Specify the interface: primary, aux, inpath0_0, rios-lan0_0, rios_wan0_0
If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces. To add an interface to the list to listen on
snmp-server listen interface primary
To remove an interface from the list
no ssh server listen interface <interface>
SNMP interface restrictions are not available through the Management Console. Example Product Related Topics
amnesiac (config) # snmp-server listen interface aux
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server location
Description Syntax Parameters Usage Sets the value for the system location variable in the MIB. [no] snmp-server location <ip-addr> <ip-addr> Specify the IP address of the system.
The no command option disables the SNMP server location.
Riverbed Command-Line Interface Reference Manual
209
Configuration-Mode Commands
snmp-server security-name
Example Product Related Topics
amnesiac (config) # snmp-server location 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server security-name
Description Syntax Parameters Configures the SNMP security name. [no] snmp-server security-name <name> community <community name> source <ip-addr> <netmask> <name> community <community string> Specify the security name. Specify the password-like community string to control access. Use a combination of uppercase, lowercase, and numerical characters to reduce the chance of unauthorized access to the Steelhead appliance. Note: If you specify a read-only community string, it takes precedence over this community name and allows users to access the entire MIB tree from any source host. If this is not desired, delete the read-only community string. Note: To create multiple SNMP community strings on a Steelhead, leave the default public community string and then create a second read-only community string with a different security name. Or, you can delete the default public string and create two new SNMP ACLs with unique names. source <ipaddr> <netmask> Usage Example Product Related Topics Specify the source IP address and netmask.
The no command option disables the trap interface.
amnesiac (config) # snmp-server security-name riverbed community public source 10.1.2.3/24
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server trap-interface
Description Syntax Parameters Usage Sets the IP address for the designated interface in the SNMP trap header. [no] snmp-server trap-interface <ip-addr> <ip-addr> Specify the IP address.
The trap interface setting sets which interface IP address is used in the agent-address header field of SNMP v1 trap Protocol Data Units (PDUs). It does set the interface for the trap. Traps are always sent out the Primary interface. If the primary interface is physically disconnected, no traps are sent. The no command option disables the trap interface.
Example
amnesiac (config) # snmp-server trap-interface 10.0.0.1
210
Riverbed Command-Line Interface Reference Manual
snmp-server trap-test
Configuration-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server trap-test
Description Syntax Parameters Usage Example Product Related Topics Generates an SNMP trap test. snmp-server trap-test None Use this command to send a sample trap test to ensure that the SNMP server is monitoring the Steelhead appliance.
amnesiac (config) # snmp-server trap-test
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server user
Description Syntax Configures changes to the Secure Inner Channel (SIC) model. [no] snmp-server user <name> password [encrypted <key> auth-protocol <MD5 | SHA> security-level <noauth | auth> <cr> | port <port>] | plaintext [auth-protocol <MD5 | SHA> security-level <noauth | auth> <cr> | port <port>] <name> password [encrypted | plaintext] encrypted <key> authprotocol <MD5 | SHA> securitylevel <noauth | auth> port <port> Usage Example Specify the user name. Specify the password type: encrypted - Enables encrypted password authentication. plaintext - Enables plain-text password authentication. For SNMPv3 specify the user password. Specify the authorization protocol: MD5 - Enables MD5 security protocol. SHA - Enables SHA security protocol. Specify the security leve: noauth - Specifies no-authorization required. auth - Specifies authorization required. Optionally, specify the destination port.
Parameters
The no command option disables the this option.
amnesiac (config) # snmp-server user testuser password plain-text testpass authprotocol SHA
Riverbed Command-Line Interface Reference Manual
211
Configuration-Mode Commands
snmp-server view
Product Related Topics
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
snmp-server view
Description Syntax Parameters Configures changes to the View-based Access Control Model (VACM) configuration. [no] snmp-server view <name> [excluded | included] <oid> <name> excluded | included Specify the user name. Specify the following view options: excluded - Excludes an oid sub-tree from this view. included - Includes an OID subtree into this view. <oid> Usage Example Product Related Topics Specify the object ID. For example: .1.3.6.1.2.1.1 or .iso.org.dod.internet.mgmt.mib-2.system
The no command option disables this option.
amnesiac (config) # snmp-server view joedoe included .1.3.6.1.2.1.1
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show snmp
Logging Commands
This section describes the logging commands.
logging
Description Syntax Parameters Adds a remote system log (syslog) server to the system. [no] logging <ip-addr> <cr> | [trap <log level>] <ip-addr> trap <log level> Specify the IP address for the syslog server. Specify the trap log level of the syslog server: emerg - Emergency, the system is unusable. alert - Action must be taken immediately. critical - Critical conditions. err - Error conditions. warning - Warning conditions. notice - Normal but significant condition. info - Informational messages. If you have set different log levels for each remote syslog server, this option changes all remote syslog servers to have a single log level.
212
Riverbed Command-Line Interface Reference Manual
logging files delete
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option removes a remote syslog server from the system.
amnesiac (config) # logging 10.0.0.2
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging files delete
Description Syntax Parameters Usage Example Product Related Topics Deletes the oldest log file or a specified number of the oldest log files. logging files delete oldest <number> oldest <number> Specify the number of old log files to delete. The range is 1-10.
You can also access this command from enable-mode.
amnesiac (config) # logging files delete oldest 10
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging files rotation force
Description Syntax Parameters Usage Example Product Related Topics Rotates logs immediately. logging files rotation force None The size of the log file is checked every 10 minutes. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set limit in that period of time.
amnesiac (config) # logging files rotation force
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging files rotation criteria frequency
Description Syntax Parameters Sets the frequency of log rotation. logging files rotation criteria frequency <rotation frequency> <rotation frequency> Specify how often log rotation occurs: monthly, weekly, daily The size of the log file is checked every 10 minutes.
Riverbed Command-Line Interface Reference Manual
213
Configuration-Mode Commands
logging files rotation criteria size
Usage Example Product Related Topics
The size of the log file is checked every 10 minutes. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set limit in that period of time.
amnesiac (config) # logging files rotation criteria frequency weekly
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging files rotation criteria size
Description Syntax Parameters Usage Example Product Related Topics Sets the size, in MB, of the log file before rotation occurs. logging files rotation criteria size <size> <size> Specify the size of the log file to save in MB. The default value is 0 (unlimited).
The size of the log file is checked every 10 minutes. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set limit in that period of time.
amnesiac (config) # logging files rotation criteria size 100
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging files rotation max-num
Description Syntax Parameters Usage Example Product Related Topics Sets the maximum number of log files to keep locally. logging files rotation max-num <number> <number> Specify the number of log files to keep locally. The range is 1-100. The default value is 10.
The size of the log file is checked every 10 minutes. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set limit in that period of time.
amnesiac (config) # logging files rotation max-num 10
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging filter
Description Syntax Sets the minimal level of messages arriving from the specified process to the local subsystem. logging filter <process> <level>
214
Riverbed Command-Line Interface Reference Manual
logging filter
Configuration-Mode Commands
Parameters
<process>
Specify the application process: cli - Command-Line Interface. hald - Hardware Abstraction Daemon. mgmtd - Device Control and Management. pm - Process Manager. rgp - Central Management Client. rgpd - Central Management Client Daemon. sched - Process Scheduler. statsd - Statistics Collector. wdt - Watchdog Timer. webasd - Web Application Process. rspd - RSP. cifs - CIFS Optimization. http - HTTP Optimization. mapi - MAPI Optimization. nfs - NFS Optimization. notes - Lotus Notes. vix_wrapperd - Virtual machine.
<level>
Specify the trap log level: emerg - Emergency, the system is unusable. alert - Action must be taken immediately. critical - Critical conditions. err - Error conditions. warning - Warning conditions. notice - Normal but significant condition. info - Informational messages. If you have set different log levels for each remote syslog server, this option changes all remote syslog servers to have a single log level.
Usage
Use this command to capture data when a Steelhead appliance is not be able to sustain the flow of logging data that is being committed to disk. This command overrides the logging local command. This command creates a global setting that controls all output, including remote hosts. All CIFS protocol related messages are logged at level debug, and the remainder at the level notice. All remote logging hosts (if defined) also log at logging trap setting at and the logging filter process. The no logging filter all command deletes all filters.
Example Product Related Topics
amnesiac (config) # logging filter cli alert
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
Riverbed Command-Line Interface Reference Manual
215
Configuration-Mode Commands
logging local
logging local
Description Syntax Parameters Sets the minimum severity of log messages saved on the local syslog servers. [no] logging local <loglevel> <loglevel> Specify the logging severity level. The follow severity levels are supported: emerg - Emergency, the system is unusable. alert - Action must be taken immediately. crit -Critical conditions. err - Error conditions. warning - Warning conditions. notice - Normal but significant condition. info - Informational messages. The default value is notice. Usage Example Product Related Topics The no command option sets the severity level for logging to none (no logs are sent).
amnesiac (config) # logging local notice
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
logging trap
Description Syntax Parameters Sets the minimum severity for messages sent to the remote syslog servers. [no] logging trap <loglevel> <loglevel> Specify the logging severity level. The follow severity levels are supported: emerg - Emergency, the system is unusable. alert - Action must be taken immediately. crit -Critical conditions. err - Error conditions. warning - Warning conditions. notice - Normal but significant condition. info - Informational messages. The default value is notice. Usage Example Product Related Topics The no command option sets the severity level for logging to none.
amnesiac (config) # logging trap notice
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show logging
216
Riverbed Command-Line Interface Reference Manual
boot system
Configuration-Mode Commands
License and Hardware Upgrade Commands
This section describes the license and hardware upgrade commands.
boot system
Description Syntax Parameters Example Product Related Topics Boots the specified partition the next time the system is rebooted. boot system <partition> <partition> Specify the partition to boot: 1 or 2
amnesiac (config) # boot system 1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show images
hardware upgrade model
Description Syntax Parameters Usage Example Product Related Topics Upgrades hardware settings to reflect the new hardware model. hardware upgrade model None This command is valid only after you have installed a hardware upgrade license.
amnesiac (config) # hardware upgrade model
Steelhead appliance, Cloud Steelhead show hardware spec
hardware spec activate
Description Syntax Parameters Usage Example Product Related Topics Activates hardware specification settings. hardware spec activate <spec> <spec> Specify the specification to activate.
This command is valid only after you have installed a hardware upgrade license.
amnesiac (config) # hardware spec activate 1520
Steelhead appliance, Cloud Steelhead show hardware spec
Riverbed Command-Line Interface Reference Manual
217
Configuration-Mode Commands
image boot
image boot
Description Syntax Parameters Example Product Related Topics Boots the specified system image by default. image boot <partition> <partition> Specify the partition to boot: 1 or 2.
amnesiac (config) # image boot 1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show version
image flash backup
Description Syntax Parameters Example Product Related Topics Backs up the current image to flash memory. image flash backup <image version> <image version> Specify the filename under which to store the image on the flash disk.
amnesiac (config) # image flash backup image 19
CMC appliance, Steelhead appliance, Interceptor appliance show hardware spec
image flash restore
Description Syntax Parameters Example Product Related Topics Restores the system to an image in flash memory. image flash restore <flash recovery image> <flash recovery image> The name of the image saved on the flash disk.
amnesiac (config) # image flash restore image 19
CMC appliance, Steelhead appliance, Interceptor appliance show hardware spec
license client init
Description Syntax Parameters Initialize license client. license delete <license number> <license number> Specify the license number.
218
Riverbed Command-Line Interface Reference Manual
license delete
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # license delete 4
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show licenses
license delete
Description Syntax Parameters Example Product Related Topics Deletes the specified license key. license delete <license number> <license number> Specify the license number.
amnesiac (config) # license delete 4
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show licenses
license install
Description Syntax Parameters Usage Example Product Related Topics Installs a new software license key. [no] license install <license key> <license key> Specify the license key.
The no command option disables this command.
amnesiac (config) # license install SH10_B-0000-1-7F14-FC1F
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show licenses
System Administration and Service Commands
This section describes the system administration and service commands.
hardware watchdog enable
Description Syntax Parameters Enables the hardware watchdog, which monitors the system for hardware errors. hardware watchdog enable None
Riverbed Command-Line Interface Reference Manual
219
Configuration-Mode Commands
hardware watchdog shutdown
Example Product Related Topics
amnesiac (config) # hardware watchdog enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show hardware error-log
hardware watchdog shutdown
Description Syntax Parameters Example Product Related Topics Shuts down the hardware watchdog hardware watchdog shutdown None
amnesiac (config) # hardware watchdog shutdown
CMC appliance, Steelhead appliance, Steelhead Mobile Controller show hardware error-log
service default-port
Description Syntax Parameters Usage Sets the default service port. service default-port <port> <port> Specify the new target port. The default service ports are 7800 and 7810.
Service ports are the ports used for inner connections between Steelhead appliances. You can configure multiple service ports on the server-side of the network for multiple QoS mappings. You define a new service port and then map destination ports to that port, so that QoS configuration settings on the router are applied to that service port.
Example Product Related Topics
amnesiac (config) # service default-port 7880
Steelhead appliance, Cloud Steelhead show service ports
service map-port
Description Syntax Parameters Sets a target port for service port mapping. [no] service map-port <dest port> <service port> <dest port> <service port> Specify the destination port to which you want to map. Specify the service port to which you want to map.
220
Riverbed Command-Line Interface Reference Manual
service neural-framing
Configuration-Mode Commands
Usage
Setting multiple service ports on inner connections enables you to identify the type of traffic and apply QoS settings based on a port. For example, in an in-path deployment, CIFS and MAPI could be mapped to port 9800 and HTTP to port 9802. You can configure the WAN router to tag packets for port 9800 with the same priority as for port 9802, therefore CIFS and MAPI have the same priority as HTTP. Or you can create a hierarchical mapping where port 9800 receives a higher priority than 9802, and so on. In the out-of-path deployment, you define which port to listen to on the server Steelhead appliance, and you define an in-path, fixed-target rule on the client Steelhead appliance to point to the service ports for the traffic to which you want to apply QoS. You cannot map the following ports: Port 22 - Reserved for SSH. Port 80, 443, and 446 - Reserved for the Management Console. Port 139, 445, and 977 - Reserved for PFS. These ports are only excluded if you have enabled PFS. Port 7800-7899 - Reserved by Riverbed (except 7800 and 7810). Port 8777 - Reserved for CIFS transparent prepopulation. This port is excluded only if you have enabled CIFS prepopulation. The no command option disables the service map.
Example Product Related Topics
amnesiac (config) # service map-port 7018 8000
Steelhead appliance, Cloud Steelhead show service ports
service neural-framing
Description Syntax Parameters Dumps or enables neural-framing statistics. [no] service neural-framing [dump | iterations | stats enable] dump iterations stats enable Usage Dumps neural-framing debug files, which are used by sysdump. Resets Iterations before determining heuristic. Used only with the no option. For example: no service-neural framing iterations Enables collection of neural-framing statistics.
By default, neural-framing statistics are disabled. Neural framing enables the Steelhead appliance to select the optimal packet framing boundaries for SDR. SDR encoding provides the best optimization results when the largest buffer is available before a flush is performed. Neural framing creates a set of heuristics to intelligently determine the optimal moment to flush TCP buffers. The Steelhead appliance continuously evaluates these heuristics and uses the optimal heuristic to maximize the amount of buffered data transmitted in each flush, while minimizing the amount of idle time that the data sits in the buffer. You must set the neural framing mode (algorithm) for in-path rules for which you want to apply neural framing. The no command option disables neural-framing statistics.
Example
amnesiac (config) # service neural-framing stats enable
Riverbed Command-Line Interface Reference Manual
221
Configuration-Mode Commands
service port
Product Related Topics
Steelhead appliance, Cloud Steelhead show service neural-framing
service port
Description Syntax Parameters Usage Sets a new service port to add for multiple service ports. Service ports are the ports used for inner connections between Steelhead appliances. [no] service port <port> <port> Specify the new port to add. The default service ports are 7800 and 7810.
You can configure multiple service ports on the server side of the network for multiple QoS mappings. You define a new service port and then map CIFS ports to that port, so that QoS configuration settings on the router are applied to that service port. The no command option disables the service port.
Example Product Related Topics
amnesiac (config) # service port 7800
Steelhead appliance, Cloud Steelhead show service ports
Host Setup Commands
This section describes the host setup commands.
arp
Description Syntax Parameters Creates static ARP entries in the ARP table. [no] arp <ip-addr> <MAC-addr> <ip-addr> <MAC-addr> Usage Example Product Related Topics Specify the IP address of the appliance. Specify the MAC address.
The no command option disables ARP static entries.
amnesiac (config) # arp 10.0.0.1 00:07:E9:55:10:09
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show admission
222
Riverbed Command-Line Interface Reference Manual
clock timezone
Configuration-Mode Commands
clock timezone
Description Syntax Parameters Sets the current time zone. clock timezone <zone> <zone> Specify the time zone name: Africa, America, Antarctica, Arctic, Asia, Atlantic_Ocean, Australia, Europe, GMT-offset, Indian_Ocean, Pacific_Ocean, UTC.
Usage Example Product Related Topics
The default value is GMT-offset.
amnesiac (config) # clock timezone Africa
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show clock
hostname
Description Syntax Parameters Usage Example Product Related Topics Sets the hostname for this system. [no] hostname <hostname> <hostname> Specify the hostname. Do not include the domain name.
The no command option removes the hostname for this appliance.
amnesiac (config) # hostname park
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show hosts
interface
Description Syntax Parameters Configures system interfaces. [no] interface <interfacename> <options> <interfacename> Specify the interface name: lo, aux, lan0_0, wan0_0, primary, in-path0_0. The interface name varies according to the Riverbed product your are configuring. For example, for the Steelhead Mobile Controller the interface options are: primary, aux, lo. For details, see the CLI online help.
Riverbed Command-Line Interface Reference Manual
223
Configuration-Mode Commands
interface
<options>
Each interface has the following configuration options: description - Configure the description string of this interface. dhcp <cr> | renew - Enables DHCP on the interface or renews DHCP. Setting DHCP on the auxiliary interface only provides an IP lease, and does not update the gateway, routes, and DNS settings. dhcp dynamic-dns - Enables DHCP hostname registration with dynamic DNS. This option is not available on the Interceptor appliance and the Steelhead Mobile Controller. duplex <speed> - Specify the duplex speed: auto, full, half. The default value is auto. ip address <ip-addr> <netmask> - Specify the IP address and netmask for the interface. ipv6 address <ipv6-addr> <prefix length> - Specify the IPv6 address and prefix length for the interface. Your Steelhead appliance can have both an IPv4 address and an IPv6 address. To set an IPv6 address
amnesiac (config) # interface primary ipv6 address 2001:38dc:52::e9a4:c5:6282 64
mtu <speed> - Specify the MTU. The MTU is set once on the in-path interface; it propagates automatically to the LAN and the WAN. The no command option disables the MTU setting. The default value is 1500. shutdown - Shuts down the interface. speed <speed> - Specify the speed for the interface: auto, 10, 100, 1000. The default value is 100. fail-to-bypass enable - Disables fail-to-block (disconnect) mode. The no interface <interface> fail-to-bypass enable command enables fail-toblock mode. This option is not available on the Steelhead Mobile Controller. In fail-to-block mode, if the Steelhead appliance has an internal software failure or power loss, the Steelhead appliance LAN and WAN interfaces power down and stop bridging traffic. This feature is only useful if the network has a routing or switching infrastructure that can automatically divert traffic off of the link once the failed Steelhead appliance blocks it. For details about which NICs support fail-to-block, see the Network Interface Card Installation Guide. To enable fail-to-block mode
enable configure terminal no interface inpath0_0 fail-to-bypass enable write memory
To change from fail-to-block mode back to fail-to-wire mode
enable configure terminal interface inpath0_0 fail-to-bypass enable write memory
Fail-to-wire (or bypass) mode allows the Steelhead appliance WAN and LAN ports to serve as an Ethernet crossover cable. In fail-to-wire mode, Steelhead appliances cannot view or optimize traffic. Instead, all traffic is passed through the Steelhead appliance unoptimized. All Steelhead appliance in-path interfaces support fail-to-wire mode. Fail-to-wire mode is the default setting for Steelhead appliances. For detailed information about enabling and disabling fail-to-block, see the Riverbed Deployment Guide.
224
Riverbed Command-Line Interface Reference Manual
ip default-gateway
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option disables the interface settings.
amnesiac (config) # no interface inpath0_0 fail-to-bypass enable
CMC appliance, Interceptor appliance, Steelhead appliance, Cloud Steelhead show interfaces, ipv6 enable, show ipv6
ip default-gateway
Description Syntax Parameters Usage Sets the default gateway for the appliance. [no] ip default-gateway <ip-addr> <ip-addr> Specify the IP address of the management interface.
This command is used to set the default gateway for the entire appliance. It is primarily used for the primary or auxiliary (aux) interfaces for management, but can also be used for out-of-path optimization configurations as well as PFS. The no command option disables the default gateway IP address.
Example Product Related Topics
amnesiac (config) # ip default-gateway 10.0.0.12
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ip, ipv6 default-gateway
ip domain-list
Description Syntax Parameters Usage Example Product Related Topics Adds a domain name to the domain list for resolving hostnames. [no] ip domain list <domain> <domain> Specify the domain name.
The no command option removes a domain from the domain list.
amnesiac (config) # ip domain-list example.com
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show domain
ip host
Description Syntax Adds an entry to the static host table. [no] ip host <hostname> <ip-addr>
Riverbed Command-Line Interface Reference Manual
225
Configuration-Mode Commands
ipv6 default-gateway
Parameters
<hostname> <ip-addr>
Specify the hostname. Specify the IP address.
Usage Example Product Related Topics
The no command option removes an entry from the static host table.
amnesiac (config) # ip host park 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show hosts
ipv6 default-gateway
Description Syntax Parameters Usage Example Product Related Topics Configures a default IPv6 route. [no] ipv6 default-gateway <IPv6 address> <IPv6 address> Specify the IPv6 address.
The no command option removes the default gateway for IPv6 routing.
amnesiac (config) # ipv6 default-gateway 2001:38dc:52::e9a4:c5:6282
Steelhead appliance show domain, ipv6 route, ipv6 enable
ipv6 enable
Description Syntax Parameters Usage Example Product Related Topics Enables IPv6 support on the Steelhead appliance. [no] ipv6 enable None The no command option disables IPv6 routing on this appliance. Requires a reboot to take effect.
amnesiac (config) # ipv6 enable
Steelhead appliance show domain ipv6 default-gateway
ipv6 route
Description Syntax Adds IPv6 routes in addition to the default gateway, if needed. [no] ipv6 route <IPv6 destination> <prefix length> <gateway>
226
Riverbed Command-Line Interface Reference Manual
ip name-server
Configuration-Mode Commands
Parameters
<IPv6 destination> <prefix length> <gateway>
Specify the IPv6 address. Specify the IPv6 prefix length. Specify the IPv6 address of the gateway.
Usage Example Product Related Topics
The no command option removes the specified IPv6 route.
amnesiac (config) # ipv6 route 2001:38dc:52::e9a4:c5:6282 64 2001:38dc:52::1
Steelhead appliance show domain, ipv6 default-gateway
ip name-server
Description Syntax Parameters Usage Example Product Related Topics Adds a DNS name server. [no] ip name-server <ip-addr> <ip-addr> Specify the name server IP address.
The no command option removes a DNS name server.
amnesiac (config) # ip name-server 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show running-config
limit connection
Description Syntax Parameters Usage Example Product Related Topics Sets the connection limit for the source IP address. [no] limit connection <limit> <limit> Specify the connection limit.
The no command option disables the connection limit.
amnesiac (config) # limit connection 200
Steelhead appliance, Cloud Steelhead show limit connection
ip route
Description Syntax Adds a static route. [no] ip route <network prefix> <netmask> <netmask length> <next-hop-ip-addr>
Riverbed Command-Line Interface Reference Manual
227
Configuration-Mode Commands
ntp disable
Parameters
<network prefix> <netmask> <netmask length> <next-hop-ipaddr>
Specify the network prefix. Specify the netmask. For example: 255.255.255.0 Specify the netmask length. For example: /24 Specify the next hop IP address.
Usage Example Product Related Topics
The no command option disables the static route. If no ip route is run with only a network prefix and mask, it deletes all routes for that prefix.
amnesiac (config) # ip route 192 193.166.0/24 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ip
ntp disable
Description Syntax Parameters Usage Example Product Related Topics Disables NTP support. [no] ntp disable None The no command option enables NTP support.
amnesiac (config) # ntp disable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ntp
ntp enable
Description Syntax Parameters Usage Example Product Related Topics Enables NTP support. [no] ntp enable None The no command option disables NTP support.
amnesiac (config) # ntp enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ntp
228
Riverbed Command-Line Interface Reference Manual
ntp peer
Configuration-Mode Commands
ntp peer
Description Syntax Parameters Enables an NTP peer. [no] ntp peer <ip-addr> <cr> [version <number>] <ip-addr> <version <number> Usage Example Product Related Topics Specify the NTP peer IP address. Specify the NTP version number. You do not need to specify the version number for the no ntp peer command.
The no command option disables an NTP peer.
amnesiac (config) # ntp peer 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ntp
ntp server
Description Syntax Parameters Configures an NTP server with the default NTP version number or with a specified version number. [no] ntp server <ip-addr> <cr> | [version <number>] <ip-addr> <version <number> Usage Example Product Related Topics Specify the NTP server to synchronize with. Specify the NTP version number of this server. You do not need to specify the version number for the no ntp server command.
The no command option removes an NTP server.
amnesiac (config) # ntp server 10.10.10.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ntp
ntp server enable
Description Syntax Parameters Usage Example Enables an NTP server. [no] ntp server <hostname> enable <hostname> Specify the NTP server to synchronize with.
The no command option removes an NTP server.
amnesiac (config) # ntp server blah enable
Riverbed Command-Line Interface Reference Manual
229
Configuration-Mode Commands
ntpdate
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show ntp
ntpdate
Description Syntax Parameters Example Product Related Topics Sets the system clock from a remote server using NTP. ntpdate <ip-addr> <ip-addr> Specify the IP address.
amnesiac (config) # ntpdate 10.0.0.1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show clock
telnet-server enable
Description Syntax Usage Example Product Related Topics Enables you to access the CLI using telnet. This feature is disabled by default. [no] telnet-server enable You can use telnet to troubleshoot your system. It enables you to access the CLI from another system.
amnesiac (config) # telnet-server enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show telnet-server
Steelhead Appliance Feature Configuration Commands
This section describes commands you use to configure Steelhead appliance features. It includes the following sections: In-Path and Virtual In-Path Support Commands on page 232 Out-of-Path Support on page 249 Peering Commands on page 250 Asymmetric Route Detection Commands on page 258 Connection Forwarding on page 263 Simplified Routing Support Commands on page 269
230
Riverbed Command-Line Interface Reference Manual
Steelhead Appliance Feature Configuration Commands
Configuration-Mode Commands
Subnet-Side Rule Commands on page 273 Data Flow Support Commands on page 275 PFS Support Commands on page 283 CIFS Prepopulation Support Commands on page 294 CIFS, SMB, and SMB2 Support Commands on page 297 RiOS TCP Dump Commands on page 309 High-Speed TCP Support Commands on page 312 Oracle Forms Support Commands on page 317 Oracle Forms Support Commands on page 317 MAPI Support Commands on page 319 MS-SQL Blade Support Commands on page 326 FTP Support Commands on page 334 NFS Support Commands on page 335 HTTP Support Commands on page 340 Lotus Notes Commands on page 346 Citrix Support Commands on page 348 FCIP Support Commands on page 350 SRDF Support Commands on page 353 SSL Support Commands on page 357 Secure Peering (Secure Inner Channel) Commands on page 382 QoS Support Commands on page 395 Connection Pooling Commands on page 420 WAN Visibility (Transparency) Commands on page 421 WCCP Support Commands on page 425 Failover Support Commands on page 432 RSP Commands on page 435 DNS Cache Commands on page 465 Domain and Workgroup Commands on page 472 Job Commands on page 476 Debugging Commands on page 480 Raid Commands on page 482 Top Talkers Commands on page 484 Network Test Commands on page 485 Remote Management Port Commands on page 488 Windows Domain Authentication Delegation Commands on page 491 Management In-Path Interface Commands on page 495
Riverbed Command-Line Interface Reference Manual
231
Configuration-Mode Commands
in-path broadcast support enable
Hardware-Assist Rule Commands on page 498
In-Path and Virtual In-Path Support Commands
This section describes the in-path and virtual in-path support commands.
in-path broadcast support enable
Description Syntax Parameters Usage Example Product Related Topics Enables broadcast network support. [no] in-path broadcast support enable None The no command option disables in-path broadcast support.
amnesiac (config) # in-path broadcast support enable
Steelhead appliance, Cloud Steelhead show in-path
in-path enable
Description Syntax Parameters Usage Enables in-path support. An in-path configuration is a configuration in which the appliance is in the direct path of the client and the server. [no] in-path enable None For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables in-path support. Example Product Related Topics
amnesiac (config) # in-path enable
Steelhead appliance, Cloud Steelhead show in-path
in-path interface enable
Description Syntax Parameters Enables the in-path interface for optimization. [no] in-path interface <interface> enable <interface> Specify the IP address of the in-path interface. For example, inpath0_0
232
Riverbed Command-Line Interface Reference Manual
in-path interface vlan
Configuration-Mode Commands
Usage
The in-path interface enable command is only useful when there are multiple NIC cards enabled (for example, with Four-Port LX Single Mode Fiber Gigabit-Ethernet PCI-E cards). You can force master/backup pairs and connection forwarding connections from a particular interface. Suppose you have a quad deployment in which you have two Steelhead master/backup pairs at different locations (with the master closest to the LAN) and each Steelhead appliance points to the the remote Steelhead appliances as connection forwarding neighbors. In addition, suppose you want to use only fiber interfaces and not the copper interface built into the system. To ensure that the TCP connection for the master/backup pair (default on port 7820) is sourced from the interface you want, you must to ensure that any lower in-path interfaces are disabled for usage. Thus, if you do not want to use the copper interfaces built into the Steelhead appliance (that is, inpath0_0 and inpath0_1), but a fiber interface (inpath1_0), you would execute:
no in-path interface inpath0_0 enable no in-path interface inpath0_1 enable
Make sure that the following text is displayed in the running configuration (show configuration running):
in-path interface inpath1_0 enable
Then define the failover buddy address to be the inpath1_0 of the other Steelhead appliance in the master/backup pair. For detailed information about master and backup commands, see failover enable, failover master, and failover buddy addr. The no command option disables the in-path interface. Example Product Related Topics
amnesiac (config) # in-path interface inpath0_0 enable
Interceptor appliance, Steelhead appliance, Cloud Steelhead show ip
in-path interface vlan
Description Syntax Parameters Enables VLAN support for an in-path interface on a trunked link. [no] in-path interface <interface> vlan <id> <interface> <id> Usage Specify the in-path appliance for which the VLAN applies. For example, inpath0_0. Specify the VLAN identification number. The VLAN identification number is a value with a range from 0-4094 (0 specifies no tagging).
The in-path interface vlan command enables you to set which VLAN to use for connections. It does not define which VLAN to optimize. To define which VLAN to optimize, you must define in-path rules and apply them to all VLANs or a specific VLAN. The no command option disables the VLAN support.
Example Product Related Topics
amnesiac (config) # in-path interface inpath0_0 vlan 26
Interceptor appliance, Steelhead appliance, Cloud Steelhead show interfaces
Riverbed Command-Line Interface Reference Manual
233
Configuration-Mode Commands
in-path kickoff
in-path kickoff
Description Syntax Parameters Usage Resets open connections upon start up. [no] in-path kickoff None When the Steelhead service restarts with kickoff enabled, it breaks existing connections and forces clients to open new connections. With kickoff disabled, open connections are not broken, but they are unoptimized. New connections are optimized. When the appliance is not powered on or the Steelhead service is not running, the failover appliance takes over so that connections continue to be made to the WAN. Generally, connections are short lived and kickoff is not necessary; kickoff is suitable for very challenging remote environments. For example, in an environment with 128 kbps and 1.5 seconds of latency, you might want to cancel an HTTP download so that your traffic is optimized; whereas in a remote branch-office with a T1 and 35 ms round-trip time, you would want connections to migrate to optimization gracefully, rather than risk interruption with kickoff. Note: Do not enable kickoff for in-path Steelhead appliances that use auto-discovery or if you do not have a Steelhead appliance on the remote side of the network. If you do not set any in-path rules, the default behavior is to auto-discover all connections. If kickoff is enabled, all connections that existed before the Steelhead appliance started are reset. The no command option disables the in-path kickoff feature. Example Product Related Topics
amnesiac (config) # in-path kickoff
Steelhead appliance, Cloud Steelhead show in-path peering rules
in-path lsp enable
Description Syntax Parameters Usage Enables link state propagation. For example, if the LAN interface drops the link then the WAN also drops the link. Link-state propagation is on by default. [no] in-path lsp enable None If you require a Steelhead appliance to fail-to-wire (bypass) when the LAN or WAN ports become disconnected, enable this feature. This feature is similar to what ISPs do in order to follow the state of a link. Note: You cannot reach a MIP interface when Link State Propagation (LSP) is also enabled and the corresponding in-path interface fails. In physical in-path deployments, LSP shortens the recovery time of a link failure. LSP communicates link status between the devices connected to the Steelhead appliance and is enabled by default in RiOS v6.0 and later. The no command option disables the link-state propagation. Example Product Related Topics
amnesiac (config) # in-path lsp enable
Interceptor appliance, Steelhead appliance, Cloud Steelhead show in-path lsp
234
Riverbed Command-Line Interface Reference Manual
in-path multi-path maintain
Configuration-Mode Commands
in-path multi-path maintain
Description Syntax Parameters Usage Example Product Related Topics Configures multi-path settings. [no] in-path multi-path maintain None The no command option disables out-of-path support.
amnesiac (config) # in-path multi-path maintain
Steelhead appliance, Cloud Steelhead show in-path peering oobtransparency,
in-path oop enable
Description Syntax Parameters Usage Enables in-path support for networks that utilize Layer-4 switches, PBR, WCCP, and Interceptor appliances. [no] in-path oop enable None For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables out-of-path support. Example Product Related Topics
amnesiac (config) # in-path oop enable
Steelhead appliance, Cloud Steelhead show out-of-path
in-path rule auto-discover
Description Adds an auto-discovery rule. Use the auto-discovery process to determine if a remote Steelhead appliance is able to optimize the connection attempting to be created by this SYN packet. By default, auto-discovery is applied to all IP addresses and ports that are not secure, interactive, or default Riverbed ports. Defining in-path rules modifies this default setting. Syntax [no] in-path rule auto-discover [scraddr <subnet>] [dstaddr <subnet>] [dstport <port>] | [optimization {normal | sdr-only | sdr-m |compr-only | none}] | [preoptimization {ssl | oracle-forms | oracle-forms+ssl | none}] | [latency-opt {http | outlook-anywhr | normal | none}] | [vlan <vlan tag ID>] | [neural-mode {always | dynamic | never | tcphints}] | [wanvisibility correct | port | full {wan-vis-opt fwd-reset | none}] | [description <description>] | [auto-kickoff {enable | disable}] | [rulenum <rulenum>]
Riverbed Command-Line Interface Reference Manual
235
Configuration-Mode Commands
in-path rule auto-discover
Parameters
srcaddr <subnet> dstaddr <subnet> dstport <port>
Specify the source subnet. For example: 1.2.3.4/32 Specify the destination subnet and port. For the subnet address, use the following format: XXX.XXX.XXX.XXX/XX For the port, you can specify a single port (number), a port label, or all to specify all ports.
optimization {normal | sdr-only | sdr-m | compr-only | none}
Specify an optimization policy: compr-only - Specify this option to turn off SDR but perform LZ compression. normal - The normal optimization policy is the default. The normal process performs LZ compression and SDR. none - Specify this option to turn off LZ compression and SDR. sdr-only - Specify this option to turn off LZ compression. sdr-m - Performs data reduction entirely in memory, which prevents the Steelhead appliance from reading and writing to and from the disk. Enabling this option can yield high LAN-side throughput because it eliminates all disk latency. To configure optimization policies for the FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. Setting QoS for port 20 on the client-side Steelhead appliance affects passive FTP, while setting the QoS for port 20 on the serverside Steelhead appliance affects active FTP. To configure optimization policies for the Messaging Application Protocol Interface (MAPI) data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
preoptimization {ssl |oracle-forms | oracle-forms+ssl | none}
Specify a preoptimization policy: none - Preoptimization processing is set to none by default. If SSL or Oracle Forms preoptimization processing is turned on and you want to turn it off for a port, specify none. ssl - Specify ssl to enable SSL preoptimization processing for traffic via SSL secure ports. oracle-forms - Specify oracle-forms to enable preoptimization processing for the Oracle Forms browser plug-in. oracle-forms+ssl - Specify to enable preoptimization processing for both the Oracle Forms browser plug-in and SSL encrypted traffic through SSL secure ports on the client-side Steelhead appliance. Important: Make sure you specify latency-opt to none to ensure that SSL connections are optimized.
latency-opt {http | normal |none}
Specify a latency-optimization policy: http - Perform HTTP optimization on connections matching this rule. normal - Perform HTTP optimization on ports 80, 8080, and (with SSL pre-optimization) 443. This is the default setting. none - Do not perform latency optimization on connections matching this rule. outlook-anywhr - Always use Outlook-Anywhere optimization on the connection.
vlan <vlan tag ID>
Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged.
236
Riverbed Command-Line Interface Reference Manual
in-path rule auto-discover
Configuration-Mode Commands
neural-mode {always | dynamic | never | tcphints}
Enables neural framing in the Steelhead appliance. Enabling neural framing makes your WAN more efficient by gathering data to select the optimal packet framing boundaries for SDR. If you specify a neural mode, your network experiences a trade-off between the compression and SDR performance, and the latency added to the connection. For different types of traffic, one algorithm might be better than others. Specify one of the following modes: always - Always use the Nagle algorithm. This is the default setting (always wait 6 ms). All data is passed to the codec which attempts to coalesce consume calls (if needed) to achieve better fingerprinting. A timer (6 ms) backs it up and causes leftover data to be consumed. Neural heuristics are computed in this mode but are not used. dynamic - Dynamically adjust the Nagle parameters. The Steelhead appliance picks the best algorithm to use by learning what algorithm is best and adapting if the traffic characteristic changes. never - Never use the Nagle algorithm. All the data is immediately encoded without waiting for timers to fire or application buffers to fill past a specified threshold. Neural heuristics are computed in this mode but are not used. tcphints - Base setting on TCP hints. If data is received from a partial frame packet or a packet with the TCP PUSH flag set, the encoder encodes the data instead of immediately coalescing it. Neural heuristics are computed in this mode but are not used. To configure neural framing for an FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. To configure neural framing for a MAPI data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
Riverbed Command-Line Interface Reference Manual
237
Configuration-Mode Commands
in-path rule auto-discover
wan-visibility {correct | port |full [wan-vis-opt fwdreset | none]}
Enables WAN visibility, which pertains to how packets traversing the WAN are addressed. RiOS v5.0 or later offers three types of WAN visibility modes: correct addressing, port transparency, and full address transparency. You configure WAN visibility on the client-side Steelhead appliance (where the connection is initiated). The server-side Steelhead appliance must also support WAN visibility (RiOS v5.0 or later). correct - Turns WAN visibility off. Correct addressing uses Steelhead appliance IP addresses and port numbers in the TCP/IP packet header fields for optimized traffic in both directions across the WAN. This is the default setting. port - Port address transparency preserves your server port numbers in the TCP/IP header fields for optimized traffic in both directions across the WAN. Traffic is optimized while the server port number in the TCP/IP header field appears to be unchanged. Routers and network monitoring devices deployed in the WAN segment between the communicating Steelhead appliances can view these preserved fields. Use port transparency if you want to manage and enforce QoS policies that are based on destination ports. If your WAN router is following traffic classification rules written in terms of client and network addresses, port transparency enables your routers to use existing rules to classify the traffic without any changes. Port transparency enables network analyzers deployed within the WAN (between the Steelhead appliances) to monitor network activity and to capture statistics for reporting by inspecting traffic according to its original TCP port number. Port transparency does not require dedicated port configurations on your Steelhead appliances. Note: Port transparency only provides server port visibility. It does not provide client and server IP address visibility, nor does it provide client port visibility. full - Full address transparency preserves your client and server IP addresses and port numbers in the TCP/IP header fields for optimized traffic in both directions across the WAN. It also preserves VLAN tags. Traffic is optimized while these TCP/IP header fields appear to be unchanged. Routers and network monitoring devices deployed in the WAN segment between the communicating Steelhead appliances can view these preserved fields. If both port transparency and full address transparency are acceptable solutions, port transparency is preferable. Port transparency avoids potential networking risks that are inherent to enabling full address transparency. For details, see the Riverbed Deployment Guide. However, if you must see your client or server IP addresses across the WAN, full transparency is your only configuration option.
238
Riverbed Command-Line Interface Reference Manual
in-path rule auto-discover
Configuration-Mode Commands
If you specify full, further specify one of the following options: wan-vis-opt fwd-reset - Enables full address transparency and also sends a reset between the probe response and inner SYN. The reset ensures that the packet header uses the same IP address and port numbers as the initial client and server connection. Because the reset creates a fresh inner connection, you can use full transparency in systems with firewalls that perform stateful packet inspection to track the connection state. none - Specify to set the WAN visibility option to none. Important: Enabling full address transparency requires symmetrical traffic flows between the client and server. Should any asymmetry exist on the network, enabling full address transparency might yield unexpected results, up to and including loss of connectivity. For detailed information about how to configure WAN visibility, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. [wan-vis-opt fwdreset | none] Specify WAN visibility option if you have a stateful firewall. A stateful firewall examines packet headers and, essentially, remembers the source IP address, destination IP address, and ports numbers for the packet. The firewall then validates that this information is unchanged when processing subsequent packets: wan-vis-opt fwd-reset - Enables full address transparency and also sends a reset between the probe response and inner SYN. The reset ensures that the packet header uses the same IP address and port numbers as the initial client and server connection. Because the reset creates a fresh inner connection, you can use full transparency in systems with firewalls that perform stateful packet inspection to track the connection state. none - Specify to set the WAN visibility option to none. For detailed information about how to configure WAN visibility, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. description <description> Specify a description to facilitate communication about network administration.
Riverbed Command-Line Interface Reference Manual
239
Configuration-Mode Commands
in-path rule auto-discover
auto-kickoff {enable | disable}
Enables kickoff, which resets established connections to force them to go through the connection creation process again. Specify one of the following values: enable - Enables kickoff. disable - Disables kickoff. If you enable kickoff, connections that exist when the optimization service is started and restarted are disconnected. When the connections are retried they are optimized. Generally, connections are short lived and kickoff is not necessary. It is suitable for certain long-lived connections, such as data replication, and very challenging remote environments. For example, in an environment with 128 kbps and 1.5 seconds of latency, you might want to use kickoff to interupt an HTTP download so that your other traffic is optimized. In a remote branchoffice with a T1 and a 35 ms round-trip time, you would want connections to migrate to optimization gracefully, rather than risk interruption with kickoff. RiOS Version 6.5 provides two ways to enable kickoff: globally and per in-path rule. In most deployments, you do not want to set automatic kickoff globally because it disrupts all connections. When you enable kick off for an inpath rule, once the Steelhead sees any packets that match the IP and port specified in the rule, it sends an RST packet to the client and server maintaining the connection to try to close it. Next, it sets an internal flag to prevent any further kickoffs until the optimization service is once again restarted. By default, auto kickoff per in-path rule is disabled. Important: Specifying automatic kickoff per in-path rule enables kickoff even when you disable the global kickoff feature. When global kickoff is enabled, it overrides this setting. You set the global kickoff feature using the Reset Existing Client Connections on Start Up feature, which appears on the Configure > Optimization > General Service Settings page.
rulenum <rulenum>
Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and subsequent rules, if any, will also move down the list. Specify start for the rule to be the first rule and end for the rule to be the last rule. If you do not specify a rule number, the rule is added to the end of the list.
240
Riverbed Command-Line Interface Reference Manual
in-path rule deny
Configuration-Mode Commands
Usage
With regular auto-discovery, the Steelhead appliance finds the first remote Steelhead appliance along the connection path of the TCP connection and optimization occurs there. For example, if you had a deployment with four Steelhead appliances (A, B, C, D) where D represents the appliance that is furthest from A, the Steelhead appliance automatically finds B, then C, and finally D and optimization takes place in each. With enhanced auto-discovery (automatic peering) the Steelhead appliance automatically finds the furthest Steelhead appliance along the connection path of the TCP connection and optimization occurs there. For example, in a deployment with four Steelhead appliances (A, B, C, D), where D represents the appliance that is furthest from A, the Steelhead appliance automatically finds D. This simplifies configuration and makes your deployment more scalable. For detailed information, see in-path peering auto. By default, enhanced autodiscovery is enabled. If you do not enable enhanced autodiscovery, the Steelhead appliance uses regular auto-discovery. For detailed information, see the Management Console online help or the Riverbed Deployment Guide. Preventing an Unknown (or Unwanted) Steelhead Appliance from Peering Automatic peering (enhanced auto-discovery) greatly reduces the complexities and time it takes to deploy Steelhead appliances. It works so seamlessly that occasionally it has the undesirable effect of peering with Steelheads on the Internet that are not in your organization's management domain or your corporate business unit. When an unknown (or unwanted) Steelhead appliance appears connected to your network, you can create a peering rule to prevent it from peering and remove it from your list of connected appliances. The peering rule defines what to do when a Steelhead appliance receives an auto-discovery probe from the unknown Steelhead appliance. To prevent an unknown Steelhead appliance from peering you must add a pass-through peering rule that passes through traffic from the unknown Steelhead appliance in the remote location. For detailed information, in-path peering ruleor the Management Console online help. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>
Example Product Related Topics
amnesiac (config) # in-path rule auto-discover srcaddr 10.10.10.1/24 port 2121 dstaddr 10.24.24.24.1/24 rulenum 2
Steelhead appliance, Cloud Steelhead show in-path, show in-path rules
in-path rule deny
Description Syntax Adds an in-path rule that rejects connection requests. [no] in-path rule deny [scraddr <subnet>] [dstaddr <subnet>] [dstport <port>] | [vlan <vlan tag ID>] | [rulenum <rulenum>] | [description <description>]
Riverbed Command-Line Interface Reference Manual
241
Configuration-Mode Commands
in-path rule discard
Parameters
srcaddr <subnet> dstaddr <subnet> dstport <port>
Specify the source subnet for this rule. For example: 1.2.3.4/32 Specify the destination subnet and port for this rule. For the subnet address, use the following format: XXX.XXX.XXX.XXX/XX. For the port, you can specify a single port (number), a port label, or all to specify all ports.
vlan <vlan tag ID> rulenum <rulenum>
Specify the VLAN tag ID (if any). The VLAN tag ID is a number with a range from 0-4094. Specify 0 to mark the link untagged. Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and subsequent rules, if any, will also move down the list. Specify start for the rule to be the first rule and end for the rule to be the last rule. If you do not specify a rule number, the rule is added to the end of the list.
description <description> Usage
Specify a description to facilitate network administration.
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify deny rules for traffic you want to reject and return a message to the client that the request has been denied. The no command option disables the rule. The no command option syntax is: no in-path rule <rulenum>
Example Product Related Topics
amnesiac (config) # in-path rule deny srcaddr 10.0.0.1/24 dstaddr 10.0.0.2/24 rulenum 4 description test
Steelhead appliance, Cloud Steelhead show in-path, show in-path rules
in-path rule discard
Description Syntax Adds an in-path rule that drops connections. [no] in-path rule discard [scraddr <subnet>] [dstaddr <subnet>] [dstport <port>] | [rulenum <rulenum>] | [vlan <vlan tag ID>] | [description <description>]
242
Riverbed Command-Line Interface Reference Manual
in-path rule edit
Configuration-Mode Commands
Parameters
srcaddr <subnet> dstaddr <subnet> dstport <port>
Specify the source subnet for this rule. For example: 1.2.3.4/32 Specify the destination subnet and port for this rule. For the subnet address, use the following format: XXX.XXX.XXX.XXX/XX. For the port, you can specify a single port (number), a port label, or all to specify all ports.
vlan <vlan tag ID> rulenum <rulenum>
Specify the VLAN tag ID (if any). The VLAN tag ID is a number with a range from 0-4094. Specify 0 to mark the link untagged. Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and subsequent rules, if any, will also move down the list. Specify start for the rule to be the first rule and end for the rule to be the last rule. If you do not specify a rule number, the rule is added to the end of the list.
description <description> Usage
Specify a description to facilitate communication about network administration.
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify discard rules for traffic that you want to drop silently instead of optimizing or passing through. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>.
Example Product Related Topics
amnesiac (config) # in-path rule discard srcaddr 10.0.0.2 dstaddr 10.0.0.1 port 1234 rulenum 2
Steelhead appliance, Cloud Steelhead show in-path, show in-path rules
in-path rule edit
Description Syntax Parameters Edit an in-path rule description. [no] in-path rule edit rulenum <rule number> description <description> rulenum <rulenum> description <description> Example Product Related Topics Specify the order in which the rule is consulted: 1-N or start or end. Specify a description to facilitate communication about network administration.
amnesiac (config) # in-path rule edit rulenum description "this is a new description"
Steelhead appliance, Cloud Steelhead show in-path, show in-path rules
Riverbed Command-Line Interface Reference Manual
243
Configuration-Mode Commands
in-path rule fixed-target
in-path rule fixed-target
Description Syntax Adds a fixed-target in-path rule. [no] in-path rule fixed-target [target-addr <addr>] [target-port <port>] [dstaddr <subnet>] [dstport <port>] [scraddr <subnet>] | [backup-addr <addr>] [backup-port <port>] | [optimization {normal | sdr-only |sdr-m | compr-only | none}] | [preoptimization {ssl |oracleforms |none}] | [latency-opt {http | normal| none}] | [neural-mode {always | dynamic | never | tcphints}] | [vlan <vlan tag ID>] | [description <description>] | [auto-kickoff {enable | diable}] | [rulenum <rulenum>] target-addr <addr> target-port <port> Specify the fixed target appliance address. For the network address, use the following format: XXX.XXX.XXX.XXX. For the port, you can specify a single port (number), a port label, or all to specify all ports. backup-addr <addr> backup-port <port> Specify a backup appliance for this rule (if any). For the network address, use the following format: XXX.XXX.XXX.XXX. For the port, you can specify a single port (number), a port label, or all to specify all ports. dstaddr <subnet> dstport <port> Specify the destination subnet and port. For the subnet address, use the following format: XXX.XXX.XXX.XXX/XX For the port, you can specify a single port (number), a port label, or all to specify all ports. srcaddr <subnet> optimization {normal | sdr-only | compronly | none} Specify the source subnet. For example: 1.2.3.4/32 Specify an optimization policy: compr-only - Specify this option to turn off SDR but perform LZ compression. normal - The normal optimization policy is the default. The normal process performs LZ compression and SDR. none - Specify this option to turn off LZ compression and SDR. sdr-only - Specify this option to turn off LZ compression. sdr-m - Performs data reduction entirely in memory, which prevents the Steelhead appliance from reading and writing to and from the disk. Enabling this option can yield high LAN-side throughput because it eliminates all disk latency. To configure optimization policies for the FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. Setting QoS for port 20 on the client-side Steelhead appliance affects passive FTP, while setting the QoS for port 20 on the serverside Steelhead appliance affects active FTP. To configure optimization policies for the MAPI data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
Parameters
244
Riverbed Command-Line Interface Reference Manual
in-path rule fixed-target
Configuration-Mode Commands
preoptimization {ssl | oracle-forms | none}
Specify a preoptimization policy: none - Preoptimization processing is set to none by default. If SSL or Oracle Forms preoptimization processing is turned on and you want to turn it off for a port, specify none. ssl - Specify ssl to enable SSL preoptimization processing for traffic via SSL secure ports. oracle-forms - Specify oracle-forms to enable preoptimization processing for the Oracle Forms browser plug-in.
latency-opt {http | normal |none}
Specify a latency-optimization policy: http - Only perform HTTP optimizations. normal - Perform all latency optimizations. This is the default setting. none - Excludes HTTP optimizations.
neural-mode {always | dynamic | never | tcphints}
Enables neural framing in the Steelhead appliance. Enabling neural framing makes your WAN more efficient by gathering data to select the optimal packet framing boundaries for SDR. If you specify a neural mode, your network will experience a trade-off between the compression and SDR performance, and the latency added to the connection. For different types of traffic, one algorithm might be better than others. Specify one of the following modes: always - Always use the Nagle algorithm. This is the default setting (always wait 6 ms). All data is passed to the codec which attempts to coalesce consume calls (if needed) to achieve better fingerprinting. A timer (6 ms) backs it up and causes leftover data to be consumed. Neural heuristics are computed in this mode but are not used. dynamic - Dynamically adjust the Nagle parameters. The Steelhead appliance picks the best algorithm to use by learning what algorithm is best and adapting if the traffic characteristic changes. never - Never use the Nagle algorithm. All the data is immediately encoded without waiting for timers to fire or application buffers to fill past a specified threshold. Neural heuristics are computed in this mode but are not used. tcphints - Base setting on TCP hints. If data is received from a partial frame packet or a packet with the TCP PUSH flag set, the encoder encodes the data instead of immediately coalescing it. Neural heuristics are computed in this mode but are not used. To configure neural framing for an FTP data channel, define an in-path rule with the destination port 20 and set its optimization policy. To configure neural framing for a MAPI data channel, define an in-path rule with the destination port 7830 and set its optimization policy.
vlan <vlan tag ID> description <description>
Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged. Specify a description to facilitate network administration.
Riverbed Command-Line Interface Reference Manual
245
Configuration-Mode Commands
in-path rule fixed-target
auto-kickoff {enable | disable}
Enables kickoff, which resets established connections to force them to go through the connection creation process again. Specify one of the following values: enable - Enables kickoff. disable - Disables kickoff. If you enable kickoff, connections that exist when the optimization service is started and restarted are disconnected. When the connections are retried they are optimized. Generally, connections are short lived and kickoff is not necessary. It is suitable for certain long-lived connections, such as data replication, and very challenging remote environments. For example, in an environment with 128 kbps and 1.5 seconds of latency, you might want to use kickoff to interupt an HTTP download so that your other traffic is optimized. In a remote branchoffice with a T1 and a 35 ms round-trip time, you would want connections to migrate to optimization gracefully, rather than risk interruption with kickoff. RiOS Version 6.5 provides two ways to enable kickoff: globally and per in-path rule. In most deployments, you do not want to set automatic kickoff globally because it disrupts all connections. When you enable kick off for an inpath rule, once the Steelhead sees any packets that match the IP and port specified in the rule, it sends an RST packet to the client and server maintaining the connection to try to close it. Next, it sets an internal flag to prevent any further kickoffs until the optimization service is once again restarted. By default, auto kickoff per in-path rule is disabled. Important: Specifying automatic kickoff per in-path rule enables kickoff even when you disable the global kickoff feature. When global kickoff is enabled, it overrides this setting. You set the global kickoff feature using the Reset Existing Client Connections on Start Up feature, which appears on the Configure > Optimization > General Service Settings page.
rulenum <rulenum>
Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be #3, the old rule #3 will become #4, and subsequent rules, if any, will also move down the list. Specify start for the rule to be the first rule and end for the rule to be the last rule. If you do not specify a rule number, the rule is added to the end of the list.
246
Riverbed Command-Line Interface Reference Manual
in-path rule move
Configuration-Mode Commands
Usage
Defining a fixed-target rule uses a specified remote Steelhead appliance as an optimization peer. You must specify at least one remote target Steelhead appliance to optimize (and, optionally, which ports and backup Steelhead appliances), and add rules to specify the network of servers, ports, port labels, and out-of-path Steelhead appliances to use. The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify fixed-target rules to set out-of-path Steelhead appliances near the target server that you want to optimize. The no command option disables the rule. The no command option has the following syntax:
no in-path rule <rulenum>.
Note: In out-of-path deployments, to optimize MAPI Exchange 2003 by destination port, you must define fixed-target, in-path rules that specify the following ports on the client-side Steelhead appliance: the Microsoft end-point mapper port: 135; the Steelhead appliance port for Exchange traffic: 7830; the Steelhead appliance port for Exchange Directory Name Service Provider Interface (NSPI) traffic: 7840. Example Product Related Topics
amnesiac (config) # in-path rule fixed-target srcaddr 10.0.0.1/24 optimization sdr-only rulenum 1
Steelhead appliance, Cloud Steelhead show in-path, show in-path rules
in-path rule move
Description Syntax Parameters Example Product Related Topics Moves an in-path rule in the rule list to the specified position. in-path rule move rulenum <rulenum> to <rulenum> <rulenum> Specify the rule number or start or end.
amnesiac (config) # in-path rule move rulenum 25 to 10
Steelhead appliance, Cloud Steelhead show in-path rules
in-path rule pass-through
Description Adds a pass-through in-path rule. Allows the SYN packet to pass through the Steelhead appliance unoptimized. No optimization is performed on the TCP connection initiated by this SYN packet. You define pass-through rules to exclude subnets from optimization. Traffic is also passed through when the Steelhead appliance is in bypass mode. (Pass through of traffic might occur because of in-path rules or because the connection was established before the Steelhead appliance was put in place or before the Steelhead service was enabled.) [no] in-path rule pass-through [scraddr <subnet>] [dstaddr <subnet> dstport <port>] | [vlan <vlan tag ID>] | [rulenum <rulenum>] | [description <description>]
Syntax
Riverbed Command-Line Interface Reference Manual
247
Configuration-Mode Commands
ip in-path-gateway
Parameters
srcaddr <subnet> dstaddr <subnet> dstport <port>
Specify the source subnet for this rule. For example: 1.2.3.4/32 Specify the destination subnet and port. For the subnet address, use the following format: XXX.XXX.XXX.XXX/XX. For the port, you can specify a single port (number), a port label, or all to specify all ports.
vlan <vlan tag ID>
Specify the VLAN tag ID (if any). The VLAN identification number is a value with a range from 0-4094. Specify 0 to mark the link untagged. Specify the order in which the rule is consulted: 1-N or start or end. The rule is inserted into the list at the specified position. For example, if you specify rulenum as 3, the new rule will be 3, the old rule 3 will become 4, and subsequent rules will also move down the list. Specify start for the rule to be the first rule and end for the rule to be the last rule. If you do not specify a rule number, the rule is added to the end of the list.
rulenum <rulenum>
description <description> Usage
Specify a description to facilitate communication about network administration.
The Steelhead appliance automatically intercepts traffic on all IP addresses (0.0.0.0) and ports (all) and optimizes according to default settings. Specify pass-through rules for traffic that you want to pass through to its destination without optimization by the Riverbed system. The no command option disables the rule. The no command option has the following syntax: no in-path rule <rulenum>.
Example Product Related Topics
amnesiac (config) # in-path rule pass-through srcaddr 10.10.10.1 rulenum 25
Steelhead appliance, Cloud Steelhead show in-path, show in-path rules
ip in-path-gateway
Description Syntax Parameters Configures the default gateway for the in-path interface. [no] ip in-path-gateway <interface> <destination addr> <interface> <destination addr> Usage Specify the interface name. For example, in-path0_0, in-path1_1 Specify the destination IP address of the in-path gateway.
This command is used to set the default gateway for a particular bypass pair, for in-path optimization configurations. Note: in-pathX_X represents the bypass pair. Examples are in-path0_0, in-path1_0, and in-path1_1. For the in-path interfaces, this command should be used to set the default gateway. The no command option disables the default gateway.
248
Riverbed Command-Line Interface Reference Manual
ip in-path route
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # ip in-path-gateway in-path0_0 10.0.0.1
Interceptor appliance, Steelhead appliance, Cloud Steelhead show in-path
ip in-path route
Description Syntax Parameters Adds a static in-path route. [no] ip in-path route <interface> <network prefix> <network mask> <next hop IP address or WAN gateway>> <interface> <network prefix> <network mask> <next hop IP address or WAN gateway> Usage Specify the interface name: aux, lan0_0, wan0_0, primary, in-path0_0 Specify the network prefix. Specify the netmask. Specify the next hop IP address in this route or WAN gateway.
In-path interfaces use routes from an in-path route table. To configure in-path routes, you set a new in-path route that points to your WAN gateway. You must also copy any static routes that you have added to the main table, if they apply to the in-path interface. The no command option removes an in-path route.
Example Product Related Topics
amnesiac (config) # ip in-path route inpath0_0 193 255.255.0.0 190.160.0.0
Interceptor appliance, Steelhead appliance, Cloud Steelhead show ip default-gateway
Out-of-Path Support
This section describes the out-of-path support command.
out-of-path enable
Description Syntax Parameters Usage Enables an out-of-path configuration. [no] out-of-path enable None For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables out-of-path configuration. Example
amnesiac (config) # out-of-path enable
Riverbed Command-Line Interface Reference Manual
249
Configuration-Mode Commands
in-path peering auto
Product Related Topics
Steelhead appliance, Cloud Steelhead show out-of-path
Peering Commands
This section describes the peering commands. For detailed information about peering, see the Management Console online help and the Riverbed Deployment Guide.
in-path peering auto
Description Syntax Parameters Usage Enables enhanced auto-discovery (automatic peering) for serial cascade and serial cluster deployments. [no] in-path peering auto None With enhanced auto-discovery the Steelhead appliance automatically finds the furthest Steelhead appliance in a network and optimization occurs there. For example, in a deployment with four Steelhead appliances (A, B, C, D), where D represents the appliance that is furthest from A, the Steelhead appliance automatically finds D. This simplifies configuration and makes your deployment more scalable. By default, enhanced auto-discovery is enabled. When enhanced auto-discovery is disabled, the Steelhead appliance uses regular auto-discovery. With regular auto-discovery, the Steelhead appliance finds the first remote Steelhead appliance along the connection path of the TCP connection and optimization occurs there. For example, if you had a deployment with four Steelhead appliances (A, B, C, D) where D represents the appliance that is furthest from A, the Steelhead appliance automatically finds B, then C, and finally D and optimization takes place in each. In some deployments, enhanced auto-discovery can simplify configuration and make your deployments more scalable. For a detailed information about deployments that require enhanced auto-discovery, see the Riverbed Deployment Guide. Note: For Steelhead appliances running versions prior to v4.0, in-path peering rules are used at the intermediate Steelhead appliances. Note: RiOS v5.5.x or higher supports a large number of peers (up to 32,768) per Steelhead appliance. This feature is available only on Steelhead appliance models 5520, 6020, 6050, and 6120. After enabling extended peer table support, you must clear the data store and stop and restart the service. For detailed information about enhanced auto-discovery, see the Management Console online help or the Steelhead Management Console Users Guide. Preventing an Unknown (or Unwanted) Steelhead Appliance from Peering Automatic peering (enhanced auto-discovery) greatly reduces the complexities and time it takes to deploy Steelhead appliances. It works so seamlessly that occasionally it has the undesirable effect of peering with Steelheads on the Internet that are not in your organization's management domain or your corporate business unit. When an unknown (or unwanted) Steelhead appliance appears connected to your network, you can create a peering rule to prevent it from peering and remove it from your list of connected appliances. The peering rule defines what to do when a Steelhead appliance receives an auto-discovery probe from the unknown Steelhead appliance. To prevent an unknown Steelhead appliance from peering you must add a pass-through peering rule that passes through traffic from the unknown Steelhead appliance in the remote location. For detailed information, see the Management Console online help and the Riverbed Deployment Guide. The no command option disables enhanced auto-discovery.
250
Riverbed Command-Line Interface Reference Manual
in-path peering disc-outer-acpt
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # in-path peering auto
Steelhead appliance, Cloud Steelhead show in-path peering rules
in-path peering disc-outer-acpt
Description Syntax Parameters Usage Discovers the outer connection for accept rules. [no] in-path peering disc-outer-acpt None Alters the discovery protocol when you are doing double interception, VLAN transparency, and asymmetric VLANs. The no command option disables discovery of the outer connection. Example Product Related Topics
amnesiac (config) # in-path peering disc-outer-acpt
Steelhead appliance, Cloud Steelhead show in-path peering disc-outer-acpt
in-path peering edit-rule
Description Syntax Parameters Modifies an in-path peering rule description. in-path peering edit-rule rulenum <number> description <description> rulenum <number> description <description> Example Product Related Topics Specify the rule number. Specify a description to help you identify the rule. Enclosed the text in quotation marks ().
amnesiac (config) # in-path peering edit-rule rulenum 5 description this is an example
Steelhead appliance, Cloud Steelhead show in-path peering disc-outer-acpt
in-path peering move-rule
Description Syntax Parameters Moves the rule to the specified position in the rule list. [no] in-path peering move-rule <rulenum> to <rulenum> <rulenum> Specify the rule number.
Riverbed Command-Line Interface Reference Manual
251
Configuration-Mode Commands
in-path peering rule
Usage
Rules in the rule list are consulted from first to last. Use this command to reorder an in-path peering rule in the rule list. The no command option disables the rule.
Example Product Related Topics
amnesiac (config) # in-path peering move-rule 3 to 1
Steelhead appliance, Cloud Steelhead show in-path peering auto
in-path peering rule
Description Syntax Configures in-path peering rules. [no] in-path peering rule {auto | pass | accept} | [peer <peer ip-addr>]| [ssl-capability cap | incap | no-check] | [src <subnet>] | [dest <subnet> | dest-port <port>] | [rulenum <rulenum>] | [description <description>]
252
Riverbed Command-Line Interface Reference Manual
in-path peering rule
Configuration-Mode Commands
Parameters
auto | pass | accept
Specify one of the following rules: auto - Automatically determines the response for peering requests (performs the best peering possible). pass - Allows pass-through peering requests that match the source and destination port pattern. accept - Accepts peering requests that match the source-destinationport pattern.
peer <peer ip-addr>
Specify the in-path IP address of the probing Steelhead appliance. If more than one in-path interface is present on the probing Steelhead appliance, apply multiple peering rules, one for each in-path interface. Specify one of the following options to determine how to process attempts to create secure SSL connections: no-check - The peering rule does not determine whether the server Steelhead appliance is present for the particular destination IP address and port combination. This default rule catches any connection that did not match the first two default rules. The Steelhead appliance performs auto-discovery and does not optimize SSL. This rule always appears last in the list and you cannot remove it. cap (capable) - The peering rule checks whether the server-side Steelhead appliance is present for the particular destination IP address and port combination. If the destination IP address and port are of an SSL server that is properly configured and enabled on the server-side Steelhead appliance, and if there is no temporary or short-lived error condition, the SSL-capable check is a success. The Steelhead appliance accepts the condition and, assuming all other proper configurations and that the peering rule is the best match for the incoming connection, optimizes SSL. The default peering rule with the SSL capable flag matches those connections to the destination IP/port combination for which there is an SSL server configuration added. The Steelhead appliance considers the SSL server a match even if it is defined on a port number that is not the standard port 443. For all connections that match, the Steelhead appliance performs both auto-discovery and SSL optimization. incap (incapable) - If the destination IP address and port are not an SSL server that is properly configured and enabled on the server-side Steelhead appliance, or if there is a temporary or short-lived error condition, the SSL-capable check fails. The Steelhead appliance passes the connection through unoptimized without affecting connection counts. The default peering rule with the SSL incap flag matches any SSL connection to port 443 for which there is no SSL server configuration on the Steelhead appliance.
ssl-capability [cap | in-cap | no-check]
src <subnet> dest <subnet> dest-port <port>
Specify the source network for this rule. Specify the destination network for this rule. Specify the destination port for this rule. You can specify a port label, or all for all ports.
Riverbed Command-Line Interface Reference Manual
253
Configuration-Mode Commands
in-path peering rule
rulenum <rulenum>
Specify the rule number. The system evaluates the rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied. If the conditions set in the rule do not match, then the rule is not applied and the system moves on to the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. The type of a matching rule determines which action the Steelhead appliancee takes on the connection.
description <description> Usage
Specify a description to facilitate communication about network administration.
You can provide increased optimization by deploying two or more Steelhead appliances back-toback in an in-path configuration to create a serial cluster. Appliances in a serial cluster process the peering rules you specify in a spill-over fashion. When the maximum number of TCP connections for a Steelhead appliance is reached, that appliance stops intercepting new connections. This allows the next Steelhead appliance in the cluster the opportunity to intercept the new connection, if it has not reached its maximum number of connections. The in-path peering rules and in-path rules tell the Steelhead appliance in a cluster not to intercept connections between themselves. You configure peering rules that define what to do when a Steelhead appliance receives an autodiscovery probe from another Steelhead appliance. You can deploy serial clusters on the client or server-side of the network. Supported Models Two-appliance serial clusters are supported for all Steelhead appliance xx20 and xx50 models, except the 250 model. The Steelhead appliances must be the same model running RiOS v5.5.3 or later or RiOS v5.0.8 or later. The following Steelhead appliance models support serial clusters: 550 series, 1050 series, 2050, 5050, 6050, 7050, 1020, 2020, 3020, 3520, 5000, 5010, 5520, and 6020 These models can reach their specifications even while potentially passing through the LAN-side traffic for optimized connections for the other Steelhead appliance in the cluster. When running a RiOS software version prior to v5.5.1, models 5520, 6020, and 6120 are qualified by Riverbed for serial clusters. Important: For environments that want to optimize MAPI or FTP traffic which require all connections from a client to be optimized by one Steelhead appliance, Riverbed strongly recommends using the master and backup redundancy configuration instead of a serial cluster. For larger environments that require multi-appliance scalability and high availability, Riverbed recommends using the Interceptor appliance to build multi-appliance clusters. For details, see the Riverbed Deployment Guide, and the Interceptor Appliance Users Guide. Notes: When you combine two Steelhead appliances that have a bandwidth limit of 20 Mbps each, the serial cluster still has a limit of 20 Mbps. If the active Steelhead appliance in the cluster enters a degraded state because the CPU load is too high, it continues to accept new connections. Preventing an Unknown (or Unwanted) Steelhead Appliance from Peering To prevent an unknown Steelhead appliance from peering you must add a pass-through peering rule that passes through traffic from the unknown Steelhead appliance in the remote location. For detailed information, see the Management Console online help and the Riverbed Deployment Guide.
254
Riverbed Command-Line Interface Reference Manual
in-path peering rule
Configuration-Mode Commands
Example
This is an example of how to configure a cluster of three in-path appliances in a data center.
WAN----SH1----SH2----SH3----LAN SH1 ip address is 10.0.1.1 on a /16 SH2 ip address is 10.0.1.2 on a /16 SH3 ip address is 10.0.1.3 on a /16 In this example, you configure each Steelhead appliance with in-path peering rules to prevent peering with another Steelhead appliance in the cluster, and with inpath rules to not optimize connections originating from other Steelhead appliances in the same cluster. SH1 configuration: SH1 > enable SH1 # configure terminal SH1 (config) # in-path peering rule pass peer 10.0.1.2 rulenum 1 SH1 (config) # in-path peering rule pass peer 10.0.1.3 rulenum 1 SH1 (config) # in-path rule pass-through srcaddr 10.0.1.2/32 rulenum 1 SH1 (config) # in-path rule pass-through srcaddr 10.0.1.3/32 rulenum 1 SH1 (config) # wr mem SH1 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- --------------1 pass * * * 10.0.1.3 2 pass * * * 10.0.1.2 def auto * * * * SH1 (config) # show in-path rules Rule Type Source Addr Dest Addr Port Target Addr Port ----- ---- ------------------ ------------------ ----- --------------- ----1 pass 10.0.1.3/32 * * --2 pass 10.0.1.2/32 * * --def auto * * * ---
Riverbed Command-Line Interface Reference Manual
255
Configuration-Mode Commands
in-path probe direct
SH2 configuration
SH2 > enable SH2 # configure terminal SH2 (config) # in-path peering rule pass peer 10.0.1.1 rulenum 1 SH2 (config) # in-path peering rule pass peer 10.0.1.3 rulenum 1 SH2 (config) # in-path rule pass-through srcaddr 10.0.1.1/32 rulenum 1 SH2 (config) # in-path rule pass-through srcaddr 10.0.1.3/32 rulenum 1 SH2 (config) # wr mem SH2 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- --------------1 pass * * * 10.0.1.3 2 pass * * * 10.0.1.1 def auto * * * * SH1 (config) # show in-path rules Rule Type Source Addr Dest Addr Port Target Addr Port ----- ---- ------------------ ------------------ ----- --------------- ----1 pass 10.0.1.3/32 * * --2 pass 10.0.1.1/32 * * --def auto * * * --SH3 configuration SH3 > enable SH3 # configure terminal SH3 (config) # in-path peering rule pass peer 10.0.1.1 rulenum 1 SH3 (config) # in-path peering rule pass peer 10.0.1.2 rulenum 1 SH3 (config) # in-path rule pass-through srcaddr 10.0.1.1/32 rulenum 1 SH3 (config) # in-path rule pass-through srcaddr 10.0.1.2/32 rulenum 1 SH3 (config) # wr mem SH3 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ------ ------------------ ------------------ ----- --------------SH1 (config) # show in-path rules Rule Type Source Addr Dest Addr Port Target Addr Port ----- ---- ------------------ ------------------ ----- --------------- ----1 pass 10.0.1.2/32 * * --2 pass 10.0.1.1/32 * * --def auto * * * ---
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path peering rules
in-path probe direct
Description Syntax Parameters Usage Sets probing with the Steelhead appliance IP address. [no] in-path probe direct None This command causes the probe responder to make the destination of the probe return a SYN/ ACK for the in-path address of the client-side Steelhead appliance. It is useful when you are configuring correct addressing for WAN Visibility (transparency) and when you can only redirect LAN to WAN traffic at the client site. For detailed information about WAN Visibility, see the Riverbed Deployment Guide. The no command option disables the probe. Example
amnesiac (config) # in-path probe direct
256
Riverbed Command-Line Interface Reference Manual
in-path probe version
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path peering rules
in-path probe version
Description Syntax Parameters Usage Example Product Related Topics Sets probing with the Steelhead appliance IP address. [no] in-path probe version <1 or 2> <1 or 2> Specify the in-path probe version settings.
The no command option disables the version.
amnesiac (config) # in-path probe version 1
Steelhead appliance, Cloud Steelhead show in-path probe-caching
peer
Description Syntax Parameters Configures the connection protocol version. Use only to harmonize connection protocol versions in deployments with a mix of v1.2 and v2.x appliances. [no] peer <ip-addr> version [min <version> | max <version>] <ip-addr> min <version> max <version> Usage Specify the in-path or out-of-path (or both) Steelhead appliance. Specify the protocol version number: 5 or 8. Specify the protocol version number: 5 or 8.
For each v1.2 Steelhead appliance peer, enter the following commands:
sh> peer <addr> version min 5 sh> peer <addr> version max 5
After all the v1.2 Steelhead appliances in the network have been upgraded to v2.x Steelhead appliances, remove the version settings:
sh> no peer <addr> version min sh> no peer <addr> version max
If you are unable to discover all v1.2 Steelhead appliances in the network, configure all v2.1 Steelhead appliances to use v5 protocol by default with all peers by specifying 0.0.0.0 as the peer address:
sh> peer 0.0.0.0 version min 5 sh> peer 0.0.0.0 version max 5
Note: Version 5 does not support some optimization policy features. Ultimately, you need to upgrade all appliances to v2.1 or later. The no command option resets the protocol version to the default. Example
amnesiac (config) # peer 10.0.0.1 version min 5 amnesiac (config) # peer 10.0.0.2 version max 5
Riverbed Command-Line Interface Reference Manual
257
Configuration-Mode Commands
in-path asym-route-tab flush
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path peering rules
Asymmetric Route Detection Commands
This section describes the asymmetric route detection commands.
in-path asym-route-tab flush
Description Syntax Parameters Usage Example Product Related Topics Removes all entries in the asymmetric routing table. in-path asym-rout-tab flush None You can also access this command from enable-mode.
amnesiac (config) # in-path asym-route-tab flush
Steelhead appliance, Cloud Steelhead show in-path asym-route-tab
in-path asym-route-tab remove
Description Syntax Parameters Clears a specified single route from the asymmetric routing table. in-path asym-rout-tab remove <entry> <entry> Specify the IP address of the asymmetric routing table entry to remove. To specify an address pair that exists in the table, use the format X.X.X.X-X.X.X.X. For example 1.1.1.1-2.2.2.2
Usage
Requires the specification of an address pair that exists in the table. For example 1.1.1.1-2.2.2.2 You can also access this command from enable-mode.
Example Product Related Topics
amnesiac (config) # in-path asym-route-tab remove 1.1.1.1-2.2.2.2
Steelhead appliance, Cloud Steelhead show in-path asym-route-tab
in-path asymmetric routing detection enable
Description Enables asymmetric route detection. Asymmetric route detection automatically detects and reports asymmetric routing conditions and caches this information to avoid losing connectivity between a client and a server. [no] in-path asymmetric routing detection enable
Syntax
258
Riverbed Command-Line Interface Reference Manual
in-path asymmetric routing detection enable
Configuration-Mode Commands
Parameters Usage
None For detailed information about asymmetric routing, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. Types of asymmetry: Complete Asymmetry - Packets traverse both Steelhead appliances going from client to server but bypass both Steelhead appliances on the return path. Asymmetric routing table entry: bad RST Log: Sep 5 11:16:38 amnesiac kernel: [intercept.WARN] asymmetric routing
between 10.11.111.19 and 10.11.25.23 detected (bad RST)
Server-Side Asymmetry - Packets traverse both Steelhead appliances going from client to server but bypass the server-side Steelhead appliance on the return path. Asymmetric routing table entry: bad SYN/ACK Log: Sep 7 16:17:25 amnesiac kernel: [intercept.WARN] asymmetric routing
between 10.11.25.23:5001 and 10.11.111.19:33261 detected (bad SYN/ACK)
Client-Side Asymmetry - Packets traverse both Steelhead appliances going from client to server but bypass the client-side Steelhead appliance on the return path. Asymmetric routing table entry: no SYN/ACK Log: Sep 7 16:41:45 amnesiac kernel: [intercept.WARN] asymmetric routing
between 10.11.111.19:33262 and 10.11.25.23:5001 detected (no SYN/ACK)
Multi-SYN Retransmit- Probe-Filtered - Occurs when the client-side Steelhead appliance sends out multiple SYN+ frames and does not get a response. Asymmetric routing table entry: probe-filtered(not-AR) Log: Sep 13 20:59:16 amnesiac kernel: [intercept.WARN] it appears as though
probes from 10.11.111.19 to 10.11.25.23 are being filtered. Passing through connections between these two hosts.
Multi-SYN Retransmit- SYN-Rexmit - Occurs when the client-side Steelhead appliance receives multiple SYN retransmits from a client and does not see a SYN/ACK packet from the destination server. Asymmetric routing table entry: probe-filtered(not-AR) Log: Sep 13 20:59:16 amnesiac kernel: [intercept.WARN] it appears as though
probes from 10.11.111.19 to 10.11.25.23 are being filtered. Passing through connections between these two hosts.
Riverbed Command-Line Interface Reference Manual
259
Configuration-Mode Commands
in-path asymmetric routing pass-through enable
You can use the following tools to detect and analyze asymmetric routes: TCP Dump - Run tcpdump on the client-side Steelhead appliance to verify the packet sequence that is causing the asymmetric route detection. You can take traces on the LAN and WAN ports of the Steelhead appliance and, based on the packet maps, look for the packet sequence that is expected for the type of warning message in the log. For example to obtain information on all packets on the WAN interface, sourced from or destined to 10.0.0.1, and with a source/ destination TCP port of 80:
tcpdump -i wan0_0 host 10.0.0.1 port 80
You can use the following command to filter SYN, SYN/ACK, and reset packets. This command does not display the ACK packets but it can be useful if the link is saturated with traffic and the traces are filling quickly. The following command uses the -i parameter to specify the interface and the -w parameter to write to a file:
tcpdump -i wan1_0 'tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) = 0' -w lookingforasymwan
Trace Route - Run the trace route tool to discover what path a packet is taking from client to server and from server to client. Access the client and run the traceroute command with the IP address of the server, and then run the traceroute command from the server with the IP address of the client. For example for a Cisco router:
#Clients Address: 10.1.0.2 .. #Servers Address: 10.0.0.4 client# traceroute 10.0.0.4 Type escape sequence to abort. Tracing the route to 10.0.0.4 1 10.1.0.1 4 msec 0 msec 4 msec 2 10.0.0.2 4 msec 4 msec 0 msec 3 10.0.0.3 4 msec 4 msec 0 msec 4 10.0.0.4 4 msec 4 msec 0 msec server# traceroute 10.1.0.2 Type escape sequence to abort. Tracing the route to 10.1.0.2 1 10.0.0.6 4 msec 0 msec 4 msec 2 10.0.0.5 4 msec 4 msec 0 msec 3 10.1.0.1 4 msec 4 msec 0 msec 4 10.1.0.2 4 msec 4 msec 0 msec
The no command option disables asymmetric route detection and caching. Example Product Related Topics
amnesiac (config) # in-path asymmetric routing detection enable
Steelhead appliance, Cloud Steelhead show in-path asym-route-tab
in-path asymmetric routing pass-through enable
Description Enables the pass-through feature for asymmetric routing. If disabled, asymmetrically routed TCP connections are still detected and a warning message is logged, but the connection is not passedthrough and no alarm or email is sent. [no] in-path asymmetric routing pass-through enable None
Syntax Parameters
260
Riverbed Command-Line Interface Reference Manual
in-path cdp allow-failure enable
Configuration-Mode Commands
Usage
Use this command to ensure connections are not passed-through the Steelhead appliances unoptimized. Logging occurs when asymmetric routes are detected. If the system detects asymmetric routing, the pair of IP addresses, defined by the client and server addresses of the connection, is cached in the asymmetric routing cache on the Steelhead appliance. Further connections between these hosts are not optimized until that particular asymmetric routing cache entry times out. The no command option disables asymmetric routing pass through.
Example Product Related Topics
amnesiac (config) # no in-path asymmetric routing pass-through enable
Steelhead appliance, Cloud Steelhead show in-path asym-route-tab
in-path cdp allow-failure enable
Description Syntax Parameters Usage In PBR deployments with multiple in-path interfaces, this command enables Cisco Discovery Protocol (CDP) packets to be sent to the other routers when one of the routers goes down. [no] in-path cdp allow-failure enable None With PBR, CDP is used by the Steelhead appliance to notify the router that the Steelhead appliance is still alive and that the router can still redirect packets to it. In some cases, the you might want to disable this command so that if one router goes down, the Steelhead appliance stops sending CDP packets to all the routers it is attached to and connections are redirected and optimized by another Steelhead appliance. This can be useful when the routers are configured to redirect to a Steelhead appliance when all routers are up but to another Steelhead appliance when one router goes down. For detailed information about how to configure a Steelhead appliance for PBR with CDP, see the Riverbed Deployment Guide. The no command option disables CDP. Example Product Related Topics
amnesiac (config) # in-path cdp allow-failure enable
Steelhead appliance, Cloud Steelhead show in-path cdp
in-path cdp enable
Description Syntax Parameters Enables the asymmetric route caching and detection feature. [no] in-path cdp enable None
Riverbed Command-Line Interface Reference Manual
261
Configuration-Mode Commands
in-path cdp holdtime
Usage
Enables Cisco Discovery Protocol (CDP) support in PBR deployments. Virtual in-path failover deployments require CDP on the Steelhead appliance to bypass the Steelhead appliance that is down. CDP is a proprietary protocol used by Cisco routers and switches to obtain neighbor IP addresses, model information, IOS version, and so on. The protocol runs at the OSI layer 2 using the 802.3 Ethernet frame. For detailed information about how to configure a Steelhead appliance for PBR with CDP, see the Riverbed Deployment Guide. The no command option disables CDP.
Example Product Related Topics
amnesiac (config) # in-path cdp enable
Steelhead appliance, Cloud Steelhead show in-path cdp
in-path cdp holdtime
Description Syntax Parameters Usage Example Product Related Topics Configures the hold-time for CDP. The hold-time period allows for a quick recovery in failover deployments with PBR and CDP. [no] in-path cdp holdtime <holdtime> <holdtime> Specify the CDP hold-time in seconds. The default value is 5.
The no command option resets the CDP hold-time to the default value.
amnesiac (config) # in-path cdp holdtime 10
Steelhead appliance, Cloud Steelhead show in-path cdp
in-path cdp interval
Description Syntax Parameters Usage Example Product Related Topics Configures the refresh period for CDP. The refresh period allows for a quick recovery in failover deployments with PBR and CDP. [no] in-path cdp interval <seconds> <seconds> Specify the CDP refresh interval in seconds. The default value is 1.
The no command option resets the CDP refresh period to the default value.
amnesiac (config) # in-path cdp interval 10
Steelhead appliance, Cloud Steelhead show in-path cdp
262
Riverbed Command-Line Interface Reference Manual
in-path neighbor ack-timer-cnt
Configuration-Mode Commands
Connection Forwarding
This section describes connection forwarding commands, typically used with the Interceptor appliance.
in-path neighbor ack-timer-cnt
Description Syntax Parameters Usage Example Product Related Topics Sets the interval to wait for an acknowledgement (ACK). [no] in-path neighbor ack-timer-cnt <integer> <integer> Specify the number of intervals
The no command option disables this feature.
amnesiac (config) # in-path neighbor ack-timer-cnt 5
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor ack-timer-intvl
Description Syntax Parameters Usage Example Product Related Topics Sets the length of time to wait for an acknowledgement (ACK). [no] in-path neighbor ack-timer-intvl <milliseconds> <milliseconds> Specify the number of intervals in milliseconds.
The no command option disables this feature.
amnesiac (config) # in-path neighbor ack-timer-intvl 5
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor advertiseresync
Description Syntax Parameters Usage Re-synchronizes NAT entries if neighbor appliances go down and are restarted.If in-path0_0 went down, other in-path interfaces intercept and optimize connections, and traffic is optimized. [no] in-path neighbor advertiseresync None The Steelhead appliance allows neighbor connections from all in-path to all in-paths. When there are multiple neighbor connections from one Steelhead appliance to another, if one goes down the traffic is re-routed through the remaining in-path Steelhead appliance, and traffic continues on normally. The no command option disables this feature. Example
amnesiac (config) # in-path neighbor advertiseresync
Riverbed Command-Line Interface Reference Manual
263
Configuration-Mode Commands
in-path neighbor allow-failure
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path neighbor advertiseresync
in-path neighbor allow-failure
Description Syntax Parameters Usage Enables the Steelhead appliance to continue to optimize connections when one or more of the configured neighbors is unreachable. [no] in-path neighbor allow-failure None By default, if a Steelhead appliance loses connectivity to a connection forwarding neighbor, the Steelhead appliance stops attempting to optimize new connections. With the in-path neighbor allow-failure command enabled the Steelhead appliance continues to optimize new connections, regardless of the state of its neighbors. For virtual in-path deployments with multiple Steelhead appliances, including WCCP clusters, connection forwarding and the allow-failure feature must always be used. This is because certain events, such as network failures, and router or Steelhead appliance cluster changes, can cause routers to change the destination Steelhead appliance for TCP connection packets. When this happens, Steelhead appliances must be able to redirect traffic to each other to insure that optimization continues. For parallel physical in-path deployments, where multiple paths to the WAN are covered by different Steelhead appliances, connection forwarding is needed because packets for a TCP connection might be routed asymmetrically; that is, the packets for a connection might sometimes go through one path, and other times go through another path. The Steelhead appliances on these paths must use connection forwarding to ensure that the traffic for a TCP connection is always sent to the Steelhead appliance that is performing optimization for that connection. If the allow-failure feature is used in a parallel physical in-path deployment, Steelhead appliances only optimize those connections that are routed through the paths with operating Steelhead appliances. TCP connections that are routed across paths without Steelhead appliances (or with a failed Steelhead appliance) are detected by the asymmetric routing detection feature. For physical in-path deployments, the allow-failure feature is commonly used with the fail-toblock feature (on supported hardware). When fail-to-block is enabled, a failed Steelhead appliance blocks traffic along its path, forcing traffic to be re-routed onto other paths (where the remaining Steelhead appliances are deployed). For detailed information about configuring the allow-failure with the fail-to-block feature, see the Riverbed Deployment Guide. The no command option disables this feature. Example Product Related Topics
amnesiac (config) # in-path neighbor allow failure
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor enable
Description Syntax Parameters Enables connection forwarding. With connection forwarding, the LAN interface forwards and receives connection forwarding packets. [no] in-path neighbor enable None
264
Riverbed Command-Line Interface Reference Manual
in-path neighbor fwd-vlan-mac
Configuration-Mode Commands
Usage
You enable connection forwarding only in asymmetric networks; that is, in networks in which a client request traverses a different network path than the server response. The default port for connection forwarding is 7850. To optimize connections in asymmetric networks, packets traveling in both directions must pass through the same client-side and server-side Steelhead appliance. If you have one path from the client to the server and a different path from the server to the client, you need to enable in-path connection forwarding and configure the Steelhead appliances to communicate with each other. These Steelhead appliances are called neighbors and exchange connection information to redirect packets to each other. Neighbors can be placed in the same physical site or in different sites, but the latency between them should be small because the packets travelling between them are not optimized. Important: When you define a neighbor, you specify the Steelhead appliance in-path IP address, not the primary IP address. If there are more than two possible paths, additional Steelhead appliances must be installed on each path and configured as neighbors. Neighbors are notified in parallel so that the delay introduced at the connection set up is equal to the time it takes to get an acknowledgement from the furthest neighbor. When you enable connection forwarding, multiple Steelhead appliances work together and share information about what connections are optimized by each Steelhead appliance. With connection forwarding, the LAN interface forwards and receives connection forwarding packets. Steelhead appliances that are configured to use connection forwarding with each other are known as connection forwarding neighbors. If a Steelhead appliance sees a packet belonging to a connection that is optimized by a different Steelhead appliance, it forwards it to the correct Steelhead appliance. When a neighbor Steelhead appliance reaches its optimization capacity limit, that Steelhead appliance stops optimizing new connections, but continues to forward packets for TCP connections being optimized by its neighbors. You can use connection forwarding both in physical in-path deployments and in virtual in-path deployments. In physical in-path deployments, it is used between Steelhead appliances that are deployed on separate parallel paths to the WAN. In virtual in-path deployments, it is used when the redirection mechanism does not guarantee that packets for a TCP connection are always sent to the same Steelhead appliance. This includes the WCCP protocol, a commonly used virtual inpath deployment method. Typically, you want to configure physical in-path deployments that do not require connection forwarding. For example, if you have multiple paths to the WAN, you can use a Steelhead appliance model that supports multiple in-path interfaces, instead of using multiple Steelhead appliances with single in-path interfaces. In general, serial deployments are preferred over parallel deployments. For detailed information about deployment best practices, see the Riverbed Deployment Guide. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # in-path neighbor enable
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor fwd-vlan-mac
Description Syntax Parameters Sets the VLAN and destination MAC address to be included when the packet is forwarded to a neighbor. [no] in-path neighbor fwd-vlan-mac None
Riverbed Command-Line Interface Reference Manual
265
Configuration-Mode Commands
in-path neighbor keepalive count
Usage
When you are configuring connection forwarding, this command causes the packet forwarding Steelhead appliance to include the VLAN and Ethernet header when it forwards packets to a neighbor. This feature is useful when you are using connection forwarding and VLAN transparency. For detailed information, see the Riverbed Deployment Guide. You can use this command to configure full address transparency for a VLAN when the following are true: you are using connection forwarding your Steelhead appliances are on the same Layer-2 network packets on your network use two different VLANs in the forward and reverse directions You can also use this command if packets on your network use the same VLAN in the forward and reverse directions and you do not want to maintain network asymmetry. The no command option disables VLAN and destination MAC address forwarding.
Example Product Related Topics
amnesiac (config) # in-path neighbor fwd-vlan-mac
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor keepalive count
Description Syntax Parameters Usage Example Product Related Topics Sets the keep-alive messages before terminating connections with the neighbor Steelhead appliance for TCP connection forwarding. [no] in-path neighbor keepalive count <count> <count> Specify the number of keep-alive messages. The default value is 3.
The no command option resets the count to the default value.
amnesiac (config) # in-path neighbor keepalive count 10
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor keepalive interval
Description Syntax Parameters Usage Example Sets the time interval between keep-alive messages with the neighbor Steelhead appliance for connection forwarding. [no] in-path keepalive interval <seconds> <seconds> Specify the number of seconds between keep-alive messages. The default value is 1.
The no command option resets the interval to the default.
amnesiac (config) # in-path neighbor keepalive interval 15
266
Riverbed Command-Line Interface Reference Manual
in-path neighbor multi-interface fallback
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor multi-interface fallback
Description Syntax Parameters Usage Example Product Related Topics Enables negotiation back to the old protocol. Typically, this feature is used with the Interceptor appliance. [no] in-path neighbor multi-interface fallback None The no command option disables this feature.
amnesiac (config) # in-path neighbor multi-interface fallback
CMC appliance, Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor name
Description Syntax Parameters Configures connection forwarding neighbors. [no] in-path neighbor name <name> [main-ip <ip-addr>] | [port <port>] | [additional-ip <ipaddr>] | <name> main-ip <ipaddr> port <port> additional-ip <ip-addr> Usage Specify the hostname of the neighbor appliance. Specify the main connection forwarding IP address of the neighbor. Specify the connection forwarding port of the neighbor. Optionally, specify an additional connection forwarding IP address for the neighbors.
For detailed information about configuring connection forwarding, see the Riverbed Deployment Guide. The no command option disables the neighbor.
Example Product Related Topics
amnesiac (config) # in-path neighbor name test main-ip 10.0.0.1 port 1234
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor port
Description Syntax Sets the neighbor port for the Steelhead appliance in connection forwarding deployments. [no] in-path neighbor <port>
Riverbed Command-Line Interface Reference Manual
267
Configuration-Mode Commands
in-path neighbor read-timeout
Parameters Usage Example Product Related Topics
<port>
Specify the connection forwarding port for the neighbor. The default value is 7850.
The no command option resets the port to the default.
amnesiac (config) # in-path neighbor port 2380
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor read-timeout
Description Syntax Parameters Usage Example Product Related Topics Sets the response wait time. [no] in-path neighbor read-timeout <milliseconds> <milliseconds> Specify the length of the interval in milliseconds.
The no command option disables this option.
amnesiac (config) # in-path neighbor read-timeout 10
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path neighbor recon-timeout
Description Syntax Parameters Usage Example Product Related Topics Sets the reconnect response wait-time. [no] in-path neighbor recon-timeout <milliseconds> <milliseconds> Specify the length of the interval in milliseconds.
The no command option disables this option.
amnesiac (config) # in-path neighbor recon-timeout 40
Steelhead appliance, Cloud Steelhead show in-path neighbor
in-path send-storeid enable
Description Syntax Parameters Creates a table of data store IDs; typically used with the Interceptor appliance [no] in-path send-storeid enable None
268
Riverbed Command-Line Interface Reference Manual
in-path mac-except-locl
Configuration-Mode Commands
Usage
Each time the Interceptor appliance receives a connection it forwards it to the appropriate Steelhead appliance. The no command option disables this option.
Example Product Related Topics
amnesiac (config) # in-path send-storeid enable
Steelhead appliance, Cloud Steelhead show in-path neighbor
Simplified Routing Support Commands
This section describes the simplified routing support commands.
in-path mac-except-locl
Description Syntax Parameters Usage Disallows the Steelhead MAC address on the peer Steelhead appliance for simplified routing. [no] in-path mac-except-locl None Use this command if you are using simplified routing on links where Steelhead appliances are be on the same subnet (client-side and server-side in-path addresses on the same subnet and VLAN). When enabled, and if the peer Steelhead appliance is on the same subnet, the Steelhead appliance will not use the MAC address of the peer Steelhead appliance for any simplified routing entry except for the one corresponding to the peer Steelhead IP address. For detailed information, see the Riverbed Deployment Guide. The no command option disables the in-path feature. Example Product Related Topics
amnesiac (config) # in-path mac-except-locl
Steelhead appliance, Cloud Steelhead show in-path macmap-except
in-path mac-match-vlan
Description Syntax Parameters Usage Configures VLAN IDs in simplified routing table look-ups. [no] in-path mac-match-vlan None When enabled, the Steelhead appliance tracks the VLAN ID and IP address against the MAC address. For detailed information, see the Riverbed Deployment Guide. The no command option disables the in-path feature. Example
amnesiac (config) # in-path mac-match-vlan
Riverbed Command-Line Interface Reference Manual
269
Configuration-Mode Commands
in-path peer-probe-cach
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path mac-match-vlan
in-path peer-probe-cach
Description Syntax Parameters Usage Configures VLAN IDs in simplified routing table look-ups. [no] in-path peer-probe-cach None In order for the Steelhead applianceto learn about the correct VLAN ID information, you must disable probe-caching. When probe-caching is disabled, the SYN packet of every connection has the probe-request attached to it (assuming the connection should be optimized based on the inpath rules). You can turn off probe-caching on the server-side Steelhead appliance or on the client-side Steelhead appliance. The difference between the two methods is one of convenience. If there are 25 client-side Steelhead appliances and 1 server-side Steelhead appliance, it is easier to instruct the data center Steelhead appliance to inform the remote Steelhead appliances not to perform probecaching. The alternative is to disable probe-caching on all 25 Steelhead appliances in the remote offices. Enter this command on the server-side Steelhead appliance. When enabled, the server-side Steelhead appliance instructs the client-side Steelhead appliance not to cache the probe-response. For detailed information, see the Riverbed Deployment Guide. The no command option disables the in-path feature. Example Product Related Topics
amnesiac (config) # in-path peer-probe-cach
Steelhead appliance, Cloud Steelhead show in-path probe-caching
in-path probe-caching enable
Description Syntax Parameters Usage Configures probe caching settings. [no] in-path probe-caching enable None In order for the Steelhead applianceto learn about the correct VLAN ID information, you must disable probe-caching. When probe-caching is disabled, the SYN packet of every connection has the probe-request attached to it (assuming the connection should be optimized based on the inpath rules). Enter this command on the client-side Steelhead appliance. This command instructs the clientside Steelhead appliance to not cache the probe-response. For detailed information, see the Riverbed Deployment Guide. The no command option disables the in-path feature. Example
amnesiac (config) # in-path probe-caching enable
270
Riverbed Command-Line Interface Reference Manual
in-path simplified routing
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path probe-caching
in-path simplified routing
Description Syntax Parameters Enables simplified routing. [no] in-path simplified routing {none | all | dest-only | dest-source | mac-def-gw-only} all Collects source and destination MAC data. Also collects data for connections that are un-natted (connections that are not translated using NAT). This option cannot be used in connection forwarding deployments. Collects destination MAC data. This option can be used in connection forwarding. Collects destination and source MAC data. This option can be used in connection forwarding. Simplified routing entries are only used when a packet is sent to the in-path default gateway. This option enables you to override any simplified routing learning by putting in static routes. Disables all options.
dest-only dest-source mac-def-gwonly none
Riverbed Command-Line Interface Reference Manual
271
Configuration-Mode Commands
in-path simplified routing
Usage
Simplified routing collects the IP address for the next hop MAC address from each packet it receives to address traffic. With simplified routing, you can use either the WAN or LAN-side device as a default gateway. The Steelhead appliance learns the right gateway to use by watching where the switch or router sends the traffic, and associating the next-hop Ethernet addresses with IP addresses. Enabling simplified routing eliminates the need to add static routes when the Steelhead appliance is in a different subnet from the client and the server. Without simplified routing, if a Steelhead appliance is installed in a different subnet from the client or server, you must define one router as the default gateway and static routes for the other routers so that traffic is not redirected back through the Steelhead appliance. However, in some cases, even with static routes defined, the ACL on the default gateway can still drop traffic that should have gone through the other router. Enabling simplified routing eliminates this issue. Simplified routing has the following constraints: WCCP cannot be enabled. The default route must exist on each Steelhead appliance in your network. Simplified routing requires a client-side and server-side Steelhead appliance. Optionally, you can also enable enhanced autodiscovery. When you enable simplified routing, Riverbed recommends that you also enable enhanced autodiscovery because it gives the Steelhead appliance more information to associate IP addresses and MAC addresses (and potentially VLAN tags). For more information, see in-path peering auto on page 250. When deploying Steelhead appliances on a non-trunk link, using simplified routing is recommended but optional. However, when deploying Steelhead appliances on VLAN trunks, enabling simplified routing is mandatory. Simplified routing plays a bigger role in keeping track of the IP, VLAN ID, and MAC address for each connection. Use the all option to learn from both source and destination MAC addresses. If you are installing Steelhead appliance on some type of shared L2 wan connection (local and remote in-path addresses in the same subnet, with or without VLANs):
in-path mac-except-locl (bug 16389)
If you are putting the Steelhead appliance on a simple non-VLAN trunk:
in-path in-path in-path in-path simplified routing all peering auto <<enable the new discovery protocol>> simplified mac-def-gw-only mac-except-locl
If you are putting the Steelhead appliances on a VLAN trunk link:
in-path in-path in-path in-path in-path in-path simplified routing all peering auto <<enable the new discovery protocol>> vlan-conn-based <<to keep LAN side traffic in its original VLAN>> simplified mac-def-gw-only mac-except-locl mac-match-vlan
For detailed information, see the Riverbed Deployment Guide. The no command option disables simplified routing. Example Product Related Topics
amnesiac (config) # in-path simplified routing all
Steelhead appliance, Cloud Steelhead show in-path simplified routing
272
Riverbed Command-Line Interface Reference Manual
in-path simplified mac-def-gw-only
Configuration-Mode Commands
in-path simplified mac-def-gw-only
Description Syntax Parameters Usage Configures VLAN IDs in simplified routing table look-ups. [no] in-path simplified mac-def-gw-only None It might be necessary to override the information learned from the simplified routing entries. By default, simplified routing takes precedence over static routes. Use this command to change this behavior. This command instructs the Steelhead appliance to only use the simplified routing table if the packet is destined for the default gateway. If a matching static route is present, the static route entry will override the information learned from simplified routing. The no command option disables the in-path feature. Example Product Related Topics
amnesiac (config) # in-path simplified mac-def-gw-only
Steelhead appliance, Cloud Steelhead show in-path macmap-tables
Subnet-Side Rule Commands
This section describes the subnet-side rule commands. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide.
subnet side add rule
Description Syntax Parameters Adds rule to the subnet map table. subnet side add rule index <rulenum> network <network prefix> is [lan | wan] index <rulenum> Select Start, End, or a rule number. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. The type of a matching rule determines which action the Steelhead appliancee takes on the connection. network <network prefix> lan | wan Specify the subnet. Use the following format: <IP address>/<subnet mask> Specify whether the addresses on the subnet are LAN or WAN. In virtual in-path configurations, all traffic is flowing in and out of one physical interface.
Riverbed Command-Line Interface Reference Manual
273
Configuration-Mode Commands
subnet side delete rule
Usage
You configure subnet side rules to support RSP (VRSP) and Flow Export on a virtual in-path deployment. Subnet side rules let you configure subnets as LAN-side subnets or WAN-side subnets for a virtual in-path Steelhead appliance. The subnet side rules determine whether traffic originated from the LAN or the WAN-side of the Steelhead appliance based on the source subnet. You must configure subnets on each Steelhead appliance in a virtual in-path configuration, as the subnets for each will likely be unique. With subnet side rules in place, RiOS can send incoming packets to the correct RSP VNIs for VRSP, and a virtual in-path Steelhead can use flow export collectors such as NetFlow to analyze nonoptimized or passed through traffic correctly. Otherwise, the Steelhead appliance cannot discern whether the traffic is traveling from the LAN to the WAN or in the opposite direction. This can result in over-reporting traffic in a particular direction or for a particular interface. Note: FakeIndex is necessary for correct optimized traffic reporting. For details, see the Riverbed Deployment Guide. Before you use Virtual RSP, you must disable simplified routing. For details on Virtual RSP, see rsp enable on page 440 and the Steelhead Management Console Users Guide.
Example Product Related Topics
amnesiac (config) # subnet side add rule index 4 network 16 lan
Steelhead appliance, Cloud Steelhead show subnet side rules
subnet side delete rule
Description Syntax Parameters Example Product Related Topics Deletes a subnet-side rule. subnet side delete rule <rulenum> <rulenum> Specify the rule number to delete.
amnesiac (config) # subnet side delete rule 4
Steelhead appliance, Cloud Steelhead show subnet side rules
subnet side move rule from
Description Syntax Parameters Usage Adds a subnet-side rule. subnet side move rule from <rulenum> to <rulenum> <rulenum> Specify the rule number to move.
The subnet-side rules determine whether traffic originated from the LAN or the WAN side of the Steelhead appliance based on the source subnet. With subnet-side rules in place, RiOS can send incoming packets to the correct RSP VNIs, and data flow analyzers can analyze traffic correctly.
amnesiac (config) # subnet side move rule from 4 to 3
Example
274
Riverbed Command-Line Interface Reference Manual
ip flow-export destination
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show subnet side rules
Data Flow Support Commands
This section describes the data flow analyzer support commands.
ip flow-export destination
Description Syntax Configures data flow support. Data flow support enables you to collect traffic flow data. [no] ip flow-export destination <collector ip> <collector port> [export-port {aux | primary}] | [filter ip <cr>] | [netmask <netmask> | port <port>] | [filter-enable] | [template refresh-rate <packets>] | [template-timeout-rate <minutes>] | [version <version>] |interface {[primary |primary | wanX_Y | lanX_Y] | fakeindex [on | off] | capture [all | optimized | passthrough] | lan-addrs [off | on]} <collector ip> <collector port> export-port {aux | primary} filter ip <ip-addr> <cr> | netmask <netmask> | port <port> filter-enable interface {primary |primary | wanX_Y | lanX_Y | capture all | optimized | passthrough capture [all | optimized | passthrough] Specify the export IP address and port the data flow collector is listening on. The default value is 2055. Specify the interface used to send data flow packets to the collector. Specify the IP address for filter rules. Optionally, you can configure the netmask or port.
Parameters
Specify to enable filters on the specified collector. Specify the interface used to capture packets. The data flow collector records sent from the Steelhead appliance appear to be sent from the IP address of the selected interface. Optionally, specify capture to configure the type of traffic to capture Specify the type of traffic to capture: Specify the traffic type to export to the flow collector. Select one of the following types from the drop-down list: All - Exports both optimized and non-optimized traffic. Optimized - Exports optimized traffic. Optimized - Exports optimized LAN or WAN traffic when WCCP is enabled.
fakeindex on | off
Specify one of the following to configure the LAN interface index to use on WAN-side traffic: on - Specify to not use the LAN interface index on WAN-side traffic: off - Specify to use the LAN interface index on WAN-side traffic. Use this option to report the appropriate interface on records even when in virtual in-path or out-of-path mode and report all the traffic it receives or sends on the WAN or primary interface. This option is always true for Collector v9, regardless of how it is set.
Riverbed Command-Line Interface Reference Manual
275
Configuration-Mode Commands
ip flow-export destination
lan-addrs {off | on}
Specify whether the TCP IP addresses and ports reported for optimized flows should contain the original client and server IP addresses and not those of the Steelhead appliance: off displays the Steelhead appliance information; on displays the LAN address information. The default is to display the IP addresses of the original client and server without the IP address of the Steelhead appliances. Note: This option is not applicable to collector v9.
template refresh-rate <packets> template-timeoutrate <minutes> version <CascadeFlow | Cascade-comp | Netflow-v5 | Netflow-v9>
Specify the number of packets sent after which templates are resent. Applicable only to collector v9. Specify the duration after which templates are resent. Applicable only to collector v9. Specify the data flow collector version: CascadeFlow - Specifies Cascade v8.4 or later. Cascade-comp - Specifies Cascade v8.34 or earlier. Netflow-v5 - Enables ingress flow records (Collector v5). Netflow-v9 - Enables ingress and egress flow records (Collector v9). For details on the Netflow v9 templates, flow record field descriptions, and Riverbed-specific fields, see the Riverbed Deployment Guide. The CascadeFlow and CascadeFlow-comp options are enhanced versions of flow export to Riverbed Cascade. These versions allow automatic discovery and interface grouping for Steelhead appliances in the Riverbed Cascade Profiler or Cascade Gateway and support WAN and optimization reports in Cascade. For details, see the Cascade Profiler User Manual and the Cascade Gateway User Manual.
276
Riverbed Command-Line Interface Reference Manual
ip flow-export enable
Configuration-Mode Commands
Usage
Before you enable data flow support in your network, you should consider the following: Generating data-flow data can utilize large amounts of bandwidth, especially on low bandwidth links, thereby impacting Steelhead appliance performance. You can reduce the amount of data exported by data flow collectors if you export only optimized traffic. Data flow only tracks incoming packets (ingress). For collector v9 egress flows are also tracked always To troubleshoot your flow export settings: Make sure the port configuration matches on the Steelhead appliance and the listening port of the collector. Ensure that you can reach the collector from the Steelhead appliance (for example, ping 1.1.1.1 where 1.1.1.1 is the NetFlow collector). Verify that your capture settings are on the correct interface and that traffic is flowing through it.
amnesiac (config) amnesiac (config) capture optimized amnesiac (config) primary amnesiac (config) amnesiac (config) # ip flow-export enable # ip flow-export destination 10.2.2.2 2055 interface wan0_0 # ip flow-export destination 10.2.2.2 2055 export-port # ip flow-export destination 10.2.2.2 2055 lan-addrs on # show ip flow-export
Prior to Netflow v9, for virtual in-path deployments, because the traffic is arriving and leaving from the same WAN interface, when the Steelhead appliance exports data to a NetFlow collector, all traffic has the WAN interface index. This is the correct behavior because the input interface is the same as the output interface. For Netflow v9, LAN and WAN interfaces are reported for optimized flows. For detailed information, see the Riverbed Deployment Guide. Example
amnesiac (config) # ip flow-export destination 10.2.2.2 2055 interface lan0_0 capture all amnesiac (config) # ip flow-export destination 10.2.2.2 2055 export-port aux amnesiac (config) # ip flow-export destination 10.2.2.2 2055 lan-addrs off
Product Related Topics
Steelhead appliance, Cloud Steelhead show ip
ip flow-export enable
Description Syntax Parameters Enables data flow support. [no] ip flow-export enable None
Riverbed Command-Line Interface Reference Manual
277
Configuration-Mode Commands
ip flow-setting active_to
Usage
Flow export enables you to export network statistics to external collectors that provide information about network data flows such as the top users, peak usage times, traffic accounting, security, and traffic routing. You can export pre-optimization and post-optimization data to an external collector. The Top Talkers feature enables a report that details the hosts, applications, and host and application pairs that are either sending or receiving the most data on the network. Top Talkers does not use a NetFlow Collector. Important: Steelhead appliances support NetFlow v5.0, CascadeFlow, NetFlow v9, and CascadeFlow-compatible. For details on NetFlow, including Riverbed-specific record flow fields for v9, see the Riverbed Deployment Guide. Flow export requires the following components: Exporter - When you enable flow export support, the Steelhead appliance exports data about flows through the network. Collector - A server or appliance designed to aggregate data sent to it by the Steelhead appliance. Analyzer - A collection of tools used to analyze the data and provide relevant data summaries and graphs. NetFlow analyzers are available for free or from commercial sources. Analyzers are often provided in conjunction with the collectors. Before you enable flow export in your network, consider the following: Flow data typically consumes less than 1% of link bandwidth. Care should be taken on low bandwidth links to ensure that flow export does not consume too much bandwidth and thereby impact application performance. You can reduce the amount of bandwidth consumption by applying filters that only export the most critical information needed for your reports. For virtual in-path deployments such as WCCP or PBR, because the traffic is arriving and leaving from the same WAN interface, when the Steelhead appliance exports data to a flow export collector, all traffic has the WAN interface index. This is the correct behavior because the input interface is the same as the output interface. Prior to Netflow v9, for virtual in-path deployments, because the traffic is arriving and leaving from the same WAN interface, when the Steelhead appliance exports data to a NetFlow collector, all traffic has the WAN interface index. This is the correct behavior because the input interface is the same as the output interface. For Netflow v9, LAN and WAN interfaces are reported for optimized flows. The no command option disables data flow export support.
Example Product Related Topics
amnesiac (config) # ip flow-export enable
Steelhead appliance, Cloud Steelhead show ip
ip flow-setting active_to
Description Syntax Parameters Sets length of time the collector retains a list of active flows. [no] ip flow-setting active_to <seconds> <seconds> Specify the length of life for active flows. The default value is 1800 seconds. Enabling Top Talkers automatically sets the time-out period to 60 seconds and disables this option.
Usage Example
The no command option disables the interval.
amnesiac (config) # ip flow-setting active_to 10
278
Riverbed Command-Line Interface Reference Manual
ip flow-setting inactive_to
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show ip
ip flow-setting inactive_to
Description Syntax Parameters Usage Example Product Related Topics Sets length of time the collector retains a list of inactive flows. [no] ip flow-setting inactive_to <seconds> <seconds> Optionally, specify the amount of time, in seconds, the collector retains the list of inactive traffic flows. The default value is 15 seconds.
The no command option disables the interval.
amnesiac (config) # ip flow-setting inactive_to 10
Steelhead appliance, Cloud Steelhead show ip
ip flow-setting max-pkt-size
Description Syntax Parameters Usage Example Product Related Topics Sets the maximum packet size. [no] ip flow-setting max-pkt-size <rate> <rate> Specify the maximum packet rate. The value must be between 1500 and 40000.
The no command option disables the interval.
amnesiac (config) # ip flow-setting max-pkt-size 2000
Steelhead appliance, Cloud Steelhead show ip
IPSec Commands
This section describes the IPSec commands.
ip security authentication policy
Description Syntax Sets the authentication algorithms in order of priority. ip security authentication policy <method 1> [<method 2>]
Riverbed Command-Line Interface Reference Manual
279
Configuration-Mode Commands
ip security enable
Parameters
<policy>
Specify the primary policy (method 1): hmac_md5 - Message-Digest algorithm 5 (MD5) is a widely-used cryptographic hash function with a 128-bit hash value. This is the default value. hmac_sha1 - Secure Hash Algorithm (SHA1) is a set of related cryptographic hash functions. SHA-1 is considered to be the successor to MD5.
<policy> Usage Example Product Related Topics
Specify the secondary policy (method 2): hmac_md5, hmac_sha1
You must specify at least one algorithm. The algorithm is used to guarantee the authenticity of each packet.
amnesiac (config) # ip security authentication policy hmac_md5
Steelhead appliance, Cloud Steelhead show ip
ip security enable
Description Syntax Parameters Usage Enables IPSec support. [no] ip security enable None Enabling IPSec support makes it difficult for a third party to view your data or pose as a machine you expect to receive data from. You must also specify a shared secret to enable IPSec support. To create a shared secret see, ip security shared secret. To enable IPSec authentication, you must have at least one encryption and authentication algorithm specified. You must set IPsec support on each peer Steelhead appliance in your network for which you want to establish a secure connection. You must also specify a shared secret on each peer Steelhead appliance. If you NAT traffic between Steelhead appliances, you cannot use the IPSec channel between the appliances because the NAT changes the packet headers, causing IPSec to reject them. Note: RiOS v6.0 and later also provides support for SSL peering beyond traditional HTTPS traffic. For details, see Secure Peering (Secure Inner Channel) Commands on page 382. The no command option disables IPSec support. Example Product Related Topics
amnesiac (config) # ip security enable
Steelhead appliance, Cloud Steelhead show ip
ip security encryption policy
Description Syntax Sets the encryption algorithms in order of priority. ip security encryption policy <algorithm> [<algorithm>]
280
Riverbed Command-Line Interface Reference Manual
ip security peer ip
Configuration-Mode Commands
Parameters
<algorithm>
Specify the primary algorithm. If you do not have a valid SSL license key (also called the Enhanced Cryptography License key) installed on your Steelhead appliance, you can specify one of the following encryption algorithms: des - The Data Encryption Standard. This is the default value. null_enc - The null encryption algorithm. If you have a valid SSL license key installed on your Steelhead appliance, you can specify any of the above encryption algorithms or any of the following more secure encryption algorithms: des - Triple DES encryption algorithm. aes - The AES 128-bit encryption algorithm. aes256 - The AES 256-bit encryption algorithm. If you do not specify an encryption algorithm, the default value, des, is used.
<algorithm>
Specify the alternate algorithm. If you do not have a valid SSL license key (also called the Enhanced Cryptography License key) installed on your Steelhead appliance, you can specify one of the following encryption algorithms: des - The Data Encryption Standard. This is the default value. null_enc - The null encryption algorithm. If you have a valid SSL license key installed on your Steelhead appliance, you can specify any of the above encryption algorithms or any of the following more secure encryption algorithms: des - Triple DES encryption algorithm. aes - The AES 128-bit encryption algorithm. aes256 - The AES 256-bit encryption algorithm. If you do not specify an encryption algorithm, the default value, des, is used.
Usage
You must specify at least one algorithm. The algorithm is used to encrypt each packet sent using IPSec. For detailed information about SSL, see protocol ssl enable on page 368
Example Product Related Topics
amnesiac (config) # ip security encryption policy null_enc
Steelhead appliance, Cloud Steelhead show ip
ip security peer ip
Description Syntax Parameters Sets the peer Steelhead appliance for which you want to make a secure connection. [no] ip security peer ip <ip-addr> <ip-addr> Specify the peer IP address.
Riverbed Command-Line Interface Reference Manual
281
Configuration-Mode Commands
ip security pfs enable
Usage
If IPSec is enabled on this Steelhead appliance, then it must also be enabled on all Steelhead appliances in the IP security peers list; otherwise this Steelhead appliance will not be able to make optimized connections with those peers that are not running IPSec. If a connection has not been established between the Steelhead appliances that are configured to use IPSec security, the Peers list does not display the peer Steelhead appliance because a security association has not been established. Note: When you add a peer, there is a short service disruption (3-4 seconds) causing the state and time-stamp to change in the Current Connections report. The no command option disables the peer.
Example Product Related Topics
amnesiac (config) # ip security peer ip 10.0.0.2
Steelhead appliance, Cloud Steelhead show ip
ip security pfs enable
Description Enables Perfect Forward Secrecy. Perfect Forward Secrecy provides additional security by renegotiating keys at specified intervals. With Perfect Forward Secrecy, if one key is compromised, previous and subsequent keys are secure because they are not derived from previous keys. [no] ip security pfs enable None The no command option disables Perfect Forward Secrecy.
amnesiac (config) # ip security pfs enable
Syntax Parameters Usage Example Product Related Topics
Steelhead appliance, Cloud Steelhead show ip
ip security rekey interval
Description Sets the time between quick-mode renegotiation of keys by IKE. IKE is a method for establishing a SA that authenticates users, negotiates the encryption method, and exchanges a secret key. IKE uses public key cryptography to provide the secure transmission of a secret key to a recipient so that the encrypted data can be decrypted at the other end. [no] ip security rekey interval <minutes> <minutes> Specify the number of minutes between quick-mode renegotiation of keys. The value must be a number between 1 and 65535. The default value is 240.
Syntax Parameters Usage Example Product Related Topics
The no command options resets the interval to the default.
amnesiac (config) # ip security rekey interval 30
Steelhead appliance, Cloud Steelhead show ip
282
Riverbed Command-Line Interface Reference Manual
ip security shared secret
Configuration-Mode Commands
ip security shared secret
Description Syntax Parameters Usage Example Product Related Topics Sets the shared secret used to negotiate and renegotiate secret keys. ip security shared secret <secret key> <secret key> Specify the secret key to ensure Perfect Forward Secrecy security.
All Steelhead appliances that need to communicate to each other using IPSec must have the same key. The ip security shared secret option must be set before IPSec is enabled.
amnesiac (config) # ip security shared secret xxxx
Steelhead appliance, Cloud Steelhead show ip
PFS Support Commands
This section describes the PFS support commands. PFS is an integrated virtual file server that allows you to store copies of files on the Steelhead appliance with Windows file access, creating several options for transmitting data between remote offices and centralized locations with improved performance. Data is configured into file shares and the shares are periodically synchronized transparently in the background, over the optimized connection of the Steelhead appliance. PFS leverages the integrated disk capacity of the Steelhead appliance to store file-based data in a format that allows it to be retrieved by NAS clients.
Important: Do not configure both RSP and PFS on the same Steelhead appliance. Riverbed does not support this configuration because PFS has no disk boundaries and can overwrite the space allocated to RSP.
Note: PFS is supported on Steelhead appliance models 250, 520, 550, 1010, 1020, 1050, 1520, 2010, 2011, 2020, 2050, 2510, 2511, 3010, 3020, 3030, 3510, 3520, and 5010. Virtual Steelhead and Cloud Steelhead models do not support PFS.
Note: The PFS commands pfs domain and pfs workgroup have been replaced by domain join and workgroup join. For detailed information, see domain join on page 473 and workgroup join on page 476.
pfs enable
Description Enables PFS. PFS is an integrated virtual file server that allows you to store copies of files on the Steelhead appliance with Windows file access, creating several options for transmitting data between remote offices and centralized locations with improved performance. Data is configured into file shares and the shares are periodically synchronized transparently in the background, over the optimized connection of the Steelhead appliance. PFS leverages the integrated disk capacity of the Steelhead appliance to store file-based data in a format that allows it to be retrieved by NAS clients. For detailed information about PFS, see the Riverbed Deployment Guide. Syntax [no] pfs enable
Riverbed Command-Line Interface Reference Manual
283
Configuration-Mode Commands
pfs settings
Parameters Usage
None In RiOS v3.x or higher, you do not need to install the RCU service on the server to synchronize shares. RCU functionality has been moved to the Steelhead appliance. When you upgrade from v2.x to v3.x, your existing shares will be running as v2.x shares. PFS is not appropriate for all network environments. For example, in a collaborative work environment when there are many users reading, writing, and updating a common set of files and records, you should consider not enabling PFS. For detailed information about whether PFS is appropriate for your network environment, see the Riverbed Deployment Guide. Before you enable PFS, configure the Steelhead appliance to use NTP to synchronize the time. To use PFS, the Steelhead appliance and DC clocks must be synchronized. The PFS Steelhead appliance must run the same version of the Steelhead appliance software as the server side Steelhead appliance. PFS traffic to and from the Steelhead appliance travels through the Primary interface. PFS requires that the Primary interface is connected to the same switch as the LAN interface. For detailed information, see the Steelhead Appliance Installation and Configuration Guide. The PFS share and origin-server share names cannot contain Unicode characters. Note: Using PFS can reduce the overall connection capacity for optimized TCP connections, as memory and CPU resources are diverted to support the PFS operation. Important: If you set up a PFS share on a NetApp filer, the filer allows all users access regardless of the permissions set on the NetApp share. For example, if you set No Access for a user for a share, the NetApp filer does not translate it into the appropriate ACL entry on the folder. When a PFS share is created from this origin share, the user is allowed access to the share because there is not a deny entry present in the ACL. The no command option disables PFS support.
Example Product Related Topics
amnesiac (config) # pfs enable amnesiac (config) # restart
Steelhead appliance show pfs all-info shares
pfs settings
Description Syntax Parameters Configures settings for a PFS file share. pfs settings [admin-password <password>] [log-level <0-10>] | [conn-timeout <minutes>] [max-log-size <size in KB>] | [server-signing enabled | disabled | required] admin-password <password> log-level <0-10> Specify the local administrator password. Specify the log level: 0-10. The no command option resets the log level to the default. conn-timeout <minutes> Specify the number of minutes after which to time-out idle connections. If there is no read or write activity on a mapped PFS share on a client machine, then the TCP connection times out according to the value set and the client has to re-map the share. The no command option resets the time-out to the default. max-log-size <size> Specify the maximum log size in KB. The no command option resets the size to the default.
284
Riverbed Command-Line Interface Reference Manual
pfs share cancel-event
Configuration-Mode Commands
server signing {enabled | disabled | required}
Specify the SMB server signing mode: enabled - Specify any type of security signature setting requested by the client machine. disabled - Specify the default value. In this setting, PFS does not support clients with security signatures set to required. required - Specify clients with security signatures set to enabled or required.
Usage Example Product Related Topics
This command requires at least one option.
amnesiac (config) # pfs settings server-signing enabled
Steelhead appliance. show pfs all-info shares
pfs share cancel-event
Description Syntax Parameters Example Product Related Topics Cancels PFS synchronization and verification. [no] pfs share cancel-event local-name <name> local-name <name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance.
amnesiac (config) # pfs share cancel-event local-name test
Steelhead appliance. show pfs all-info shares
pfs share configure
Description Configures a PFS file share. This command applies to v3.x or higher shares. For information on Version 2.X shares, see pfs share configure (RiOS v2.0.x only) on page 287. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares. Riverbed recommends you upgrade your v2.x shares to v3.x (or higher) shares so that you do not have to run the RCU on a server. For detailed information, see the Riverbed Deployment Guide. Syntax [no] pfs share configure local-name <local name> version 3 mode {broadcast | local | standalone} remote-path <remote path> server-name <name> server-account <login> serverpassword <password> interval <seconds> [full-interval <seconds>] [comment <"description">] [start-time <yyyy/mm/dd hh:mm:ss>] [full-start-time <yyyy/mm/dd hh:mm:ss>] local-name <local name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. The local share name cannot contain Unicode characters.
Parameters
Riverbed Command-Line Interface Reference Manual
285
Configuration-Mode Commands
pfs share configure
mode {broadcast | local | standalone}
Specify the mode of file sharing: Broadcast - Use Broadcast mode for environments seeking to broadcast a set of read-only files to many users at different sites. Broadcast mode quickly transmits a read-only copy of the files from the origin server to your remote offices. The PFS share on the Steelhead appliance contains read-only copies of files on the origin server. The PFS share is synchronized from the origin server according to parameters you specify. However, files deleted on the origin server are not deleted on the Steelhead appliance until you perform a full synchronization. Additionally, if, on the origin server, you perform directory moves (for example, move .\dir1\dir2 .\dir3\dir2) regularly, incremental synchronization will not reflect these directory changes. You must perform a full synchronization frequently to keep the PFS shares in synchronization with the origin server. Local - Use Local mode for environments that need to efficiently and transparently copy data created at a remote site to a central data center, perhaps where tape archival resources are available to back up the data. Local mode enables read-write access at remote offices to update files on the origin file server. After the PFS share on the Steelhead appliance receives the initial copy from the origin server, the PFS share copy of the data becomes the master copy. New data generated by clients is synchronized from the Steelhead appliance copy to the origin server based on parameters you specify when you configure the share. The folder on the origin server essentially becomes a back-up folder of the share on the Steelhead appliance. If you use Local mode, users must not directly write to the corresponding folder on the origin server. Caution: In Local mode, the Steelhead appliance copy of the data is the master copy; do not make changes to the shared files from the origin server while in Local mode. Changes are propagated from the remote office hosting the share to the origin server. Important: Riverbed recommends that you do not use Windows file shortcuts if you use PFS. For detailed information, contact Riverbed Support at https://support.riverbed.com. Stand-Alone - Use Stand-Alone mode for network environments where it is more effective to maintain a separate copy of files that are accessed locally by the clients at the remote site. The PFS share also creates additional storage space. The PFS share on the Steelhead appliance is a one-time, working copy of data mapped from the origin server. You can specify a remote path to a directory on the origin server, creating a copy at the branch office. Users at the branch office can read from or write to stand-alone shares but there is no synchronization back to the origin server since a stand-alone share is an initial and one-time only synchronization. Note: When you configure a v3.x Local mode share or any v2.x share (except a Stand-Alone share in which you do not specify a remote path to a directory on the origin server), a text file (._rbt_share_lock. txt) that keeps track of which Steelhead appliance owns the share is created on the origin server. Do not remove this file. If you remove the._rbt_share_lock. txt file on the origin file server, PFS will not function properly (v3.x or higher). Broadcast and Stand-Alone shares do not create this text file.
remote-path <remote path> server-name <name>
Specify, using UNC format, the path to the data on the origin server that you want to make available to PFS. Version 2.x shares only. Specify the origin server and port located in the data center which hosts the origin data volumes (folders). The origin-server share name cannot contain Unicode characters.
286
Riverbed Command-Line Interface Reference Manual
pfs share configure (RiOS v2.0.x only)
Configuration-Mode Commands
server-account <login> server-password <password> interval <seconds>
Specify the login and password to be used to access the shares folder on the origin file server. The login must be a member of the Administrators group on the origin server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). Specify the interval that you want incremental synchronization to occur. The first synchronization, or the initial copy, retrieves data from origin file server and copies it to the local disk on the Steelhead appliance. Subsequent synchronizations are based on the synchronization interval. In incremental synchronization, only new and changed data are sent between the proxy file server and the origin file server. Specify the frequency of updates (full synchronization) in minutes. In full synchronization, a full directory comparison is performed and all changes since the last full synchronization are sent between the proxy file server and the origin file server. Use full synchronization if performance is not an issue. Specify the date and time to commence initial synchronization. Specify the start time for full synchronization.
full-interval <seconds>
start-time <yyyy/ mm/dd hh:mm:ss> full-start-time <yyyy/mm/dd hh:mm:ss> [comment <"description">] Usage
Optionally, specify a description for the share.
For v3.x (or higher) PFS shares, you do not need to install the RCU service on a Windows server. Make sure the server-account you specify is a member of the Administrators group on the origin server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group).
Example
amnesiac (config) # pfs share configure local-name test version 2 mode local remotepath c:/data server-name test port 81 interval 5 full-interval 5 start-interval 2006/06/06 02:02:02 comment "test"
Product Related Topics
Steelhead appliance. show pfs all-info shares
pfs share configure (RiOS v2.0.x only)
Description Configures a PFS file share for v2.x Steelhead appliance software. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares. For information about configuring v3.x (or higher) shares, see pfs share configure on page 285. Syntax [no] pfs share configure local-name <local name> version 2 mode {broadcast | local | standalone} server-name <name> port <port> remote-path <remote path> interval <seconds> [full-interval <seconds>] [comment <"description">] [start-time <yyyy/mm/dd hh:mm:ss>] [full-start-time <yyyy/mm/dd hh:mm:ss>]
Riverbed Command-Line Interface Reference Manual
287
Configuration-Mode Commands
pfs share configure (RiOS v2.0.x only)
Parameters
version 2 local-name <local name>
Specify to configure v2.x Steelhead appliance software. Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. The local share name cannot contain Unicode characters.
mode [broadcast | local | standalone] server-name <name> port <port> remote-path <remote path>
Specify the mode of file sharing. For details, see pfs share configure on page 285. Specify the origin server and port located in the data center which hosts the origin data volumes (folders). The origin-server share name cannot contain Unicode characters. Specify the remote path for the share folder on the origin file server. For v2.x, you must have the RCU service running on a Windows server (this can be the origin file server or a separate server). If the origin server is not the RCU server, you specify the remote path using the UNC format for the mapped drive. If the origin server is the same as the RCU server then you must type its full path including the drive letter, for example C:\data. Specify the interval that you want incremental synchronization to occur. The first synchronization, or the initial copy, retrieves data from origin file server and copies it to the local disk on the Steelhead appliance. Subsequent synchronizations are based on the synchronization interval. In incremental synchronization, only new and changed data are sent between the proxy file server and the origin file server. Specify the frequency of full synchronization updates in minutes. In full synchronization, a full directory comparison is performed and all changes since the last full synchronization are sent between the proxy file server and the origin file server. Use full synchronization if performance is not an issue. Specify the date and time to commence initial synchronization. Specify the start time for full synchronization.
interval <seconds>
full-interval <seconds>
start-time <yyyy/ mm/dd hh:mm:ss> full-start-time <yyyy/mm/dd hh:mm:ss> [comment <"description">]
Optionally, specify an administrative description for the share.
288
Riverbed Command-Line Interface Reference Manual
pfs share local-name
Configuration-Mode Commands
Usage
Riverbed strongly recommends that you upgrade your shares to v3.x shares. If you upgrade any v2.x shares, you must upgrade all of them. After you have upgraded shares to v3.x, you should only create v3.x shares. By default, when you configure PFS shares with Steelhead appliance software v3.x and higher, you create v3.x PFS shares. PFS shares configured with Steelhead appliance software v2.x are v2.x shares. Version 2.x shares are not upgraded when you upgrade Steelhead appliance software. If you do not upgrade your v.2.x shares: You should not create v3.x shares. You must install and start the RCU on the origin server or on a separate Windows host with write-access to the data PFS uses. The account that starts the RCU must have write permissions to the folder on the origin file server that contains the data PFS uses. You can download the RCU from the Riverbed Support site at https://support.riverbed.com. For detailed information, see the Riverbed Copy Utility Reference Manual. Make sure the account that starts the RCU has permissions to the folder on the origin file server and is a member of the Administrators group on the remote share server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). In Steelhead appliance software version 3.x and higher, you do not need to install the RCU service on the server for synchronization purposes. All RCU functionality has been moved to the Steelhead appliance. You must configure domain, not workgroup, settings, using the domain join command. Domain mode supports v2.x PFS shares but Local Workgroup mode is supported only in v3.x (or higher).
Example
amnesiac (config) # pfs share configure local-name test version 2 mode local remote-path c:/data server-name test port 81 interval 5 full-interval 5 start-time 2006/06/06 02:02:02 comment "test"
Product Related Topics
Steelhead appliance. show pfs all-info shares
pfs share local-name
Description Syntax Parameters Removes a local share. no pfs share local-name <local-name> <cr> |force <true|false> local-name <local name> force <true|false> Specify the local share name to be removed. Specify true to enable forced removal of PFS share. Specify false to disable forced removal of PFS share. The default value is false. Usage Example Product Related Topics You can execute this command only with the preceding no.
amnesiac (config) # no pfs share local-name test force true
Steelhead appliance. show pfs all-info shares
Riverbed Command-Line Interface Reference Manual
289
Configuration-Mode Commands
pfs share manual-sync
pfs share manual-sync
Description Syntax Parameters Example Product Related Topics Performs a manual synchronization of a PFS share. pfs share manual-sync local-name <local name> local-name <local name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance.
amnesiac (config) # pfs share manual-sync local-name test
Steelhead appliance. show pfs all-info shares
pfs share modify
Description Modifies properties of a PFS file share. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares. Syntax [no] pfs share modify local-name <local name> [acl-group-ctrl {true | false}] [acl-inherit {true | false}] [syncing {true | false}] | [sharing {true | false}] [port <port>] [mode broadcast | local | standalone <cr>] [remote-path <remote path>] [server-name <name>] [server-account <login>] [server-password <password>] [port <port>] [interval <seconds>] [full-interval <seconds>] [full-start-time <yyyy/mm/dd hh:mm:ss>] [start-time <yyyy/mm/dd hh:mm:ss>] comment <"description">]
290
Riverbed Command-Line Interface Reference Manual
pfs share modify
Configuration-Mode Commands
Parameters
local-name <local name>
Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. The local share name cannot contain Unicode characters.
acl-group-ctrl {true | false}
Specify true if you want accounts in the primary owners group to be able to assign permissions. Specify false if you want only the primary owner or local administrator to be able to assign permissions. The default value is false.
acl-inherit {true | false}
Specify true if you want shared folders to inherit permissions from parents. Specify false if you do not want to retain inherited permissions. The default value is false.
syncing {true | false}
Specify true to enable synchronization. Specify false to disable synchronization. The default value is false.
sharing {true | false}
Specify true to enable sharing. Specify false to disable sharing. The default value is false.
port <port> mode broadcast | local | standalone <cr> remote-path <remote path>
Specify the share port. Specify the mode of file sharing. For details, see pfs share configure on page 285. For version 3.x (or higher) shares, specify the remote path using UNC format to specify the server name and remote path. For version 2.x shares, specify the remote path for the share folder on the origin file server. For version 2.x shares, you must have the RCU service running on a Windows server (this can be the origin file server or a separate server). If the origin server is not the RCU server, you specify the remote path using the UNC format for the mapped drive. If the origin server is the same as the RCU server then you must type its full path including the drive letter, for example C:\data.
server-name <name> port <port> server-account <login> server-password <password> interval <seconds>
Version 2.x shares only. Specify the origin server and port located in the data center which hosts the origin data volumes (folders). The origin-server share name cannot contain Unicode characters. Version 3.x or higher shares only. Specify the login to be used to access the shares folder on the origin file server. The login must be a member of the Administrators group on the origin server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). Specify the interval that you want incremental synchronization updates to occur. The first synchronization, or the initial copy, retrieves data from origin file server and copies it to the local disk on the Steelhead appliance. Subsequent synchronizations are based on the synchronization interval. Specify the frequency of full synchronization updates, in minutes. Use full synchronization if performance is not an issue. Specify the start time for full synchronization.
full-interval <seconds> [full-start-time <yyyy/mm/dd hh:mm:ss>
Riverbed Command-Line Interface Reference Manual
291
Configuration-Mode Commands
pfs share upgrade
start-time <yyyy/ mm/dd hh:mm:ss> [comment <"description">] Usage
Specify the date and time to commence initial synchronization. Optionally, specify an administrative description for the share.
You must specify at least one option. You cannot run a mixed system of v2.x and v3.0 (or higher) PFS shares; Riverbed strongly recommends you upgrade your v2.x shares to 3.x or higher shares.
Example Product Related Topics
amnesiac (config) # pfs share modify local-name test remote-path /tmp server-name mytest mode broadcast frequency 10
Steelhead appliance. show pfs all-info shares
pfs share upgrade
Description Syntax Parameters Upgrades PFS shares from v2.x to v3.x software. pfs share upgrade local-name <local name> remote-path <remote path> server-account <login> server-password <server password> local-name <local name> remote-path <remote path> server-account <server login> serverpassword <server login> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance. Specify the remote path to the share. Specify the server login. Specify the server password.
292
Riverbed Command-Line Interface Reference Manual
pfs share verify
Configuration-Mode Commands
Usage
Riverbed strongly recommends that you upgrade your shares to v3.x shares. If you upgrade any v2.x shares, you must upgrade all of them. After you have upgraded shares to v3.x, you should only create v3.x shares. By default, when you configure PFS shares with Steelhead appliance software v3.x and higher, you create v3.x PFS shares. PFS shares configured with Steelhead appliance software v2.x are v2.x shares. Version 2.x shares are not upgraded when you upgrade Steelhead appliance software. If you do not upgrade your v.2.x shares: Do not create v3.x shares. You must install and start the RCU on the origin server or on a separate Windows host with write-access to the data PFS uses. The account that starts the RCU must have write permissions to the folder on the origin file server that contains the data PFS uses. You can download the RCU from the Riverbed Support site at https://support.riverbed.com. For detailed information, see the Riverbed Copy Utility Reference Manual. Make sure the account that starts the RCU has permissions to the folder on the origin file server and is a member of the Administrators group on the remote share server, either locally on the file server (the local Administrators group) or globally in the domain (the Domain Administrator group). In Steelhead appliance software version 3.x and higher, you do not need to install the RCU service on the server for synchronization purposes. All RCU functionality has been moved to the Steelhead appliance. You must configure domain, not workgroup, settings, using the domain join command. Domain mode supports v2.x PFS shares but Local Workgroup mode is supported only in v3.x (or higher).
Example Product Related Topics
amnesiac (config) # pfs share upgrade myshare remote-path \\remoteshare serveraccount mylogin server-password mypassword
Steelhead appliance. show pfs all-info shares
pfs share verify
Description Syntax Parameters Example Product Related Topics Verifies a PFS share. pfs share verify local-name <local name> local-name <local name> Specify the local share name. A local share is the data volume exported from the origin server to the Steelhead appliance.
amnesiac (config) # pfs share verify local-name test
Steelhead appliance. show pfs all-info shares
pfs start
Description Syntax Parameters Starts the PFS service. [no] pfs start None
Riverbed Command-Line Interface Reference Manual
293
Configuration-Mode Commands
prepop enable
Example Product Related Topics
amnesiac (config) # pfs start
Steelhead appliance. show pfs all-info shares, pfs share configure
CIFS Prepopulation Support Commands
This section describes the CIFS prepopulation support commands. See also the related section, CIFS, SMB, and SMB2 Support Commands.
prepop enable
Description Syntax Parameters Usage Enables CIFS prepopulation. [no] prepop enable None The prepopulation operation effectively performs the first Steelhead appliance read of the data on the prepopulation share. Subsequently, the Steelhead appliance handles read and write requests as effectively as with a warm data transfer. With warm transfers, only new or modified data is sent, dramatically increasing the rate of data transfer over the WAN. Note: Riverbed does not support prepopulation with Windows Domain Controller servers with SMB signing set to Required. If your network environment requires SMB signing, use the RCU to prepopulate your shares. You can obtain the RCU from the Riverbed Support site at https:// support.riverbed.com. The no command option disables the prepopulation feature. Example Product Related Topics
amnesiac (config) # prepop enable
Steelhead appliance, Cloud Steelhead show prepop
prepop share cancel-event
Description Syntax Parameters Usage Example Product Related Topics Cancels CIFS prepopulation synchronization and verification for a share. [no] prepop share cancel-event {remote-path <remote-path>} remote-path <remotepath> Cancels synchronization and verification processes for a remote share.
The no command option disables the prepopulation share.
amnesiac (config) # prepop share cancel-event remote-path \\\\example\\main\\users\\my-example
Steelhead appliance, Cloud Steelhead show prepop
294
Riverbed Command-Line Interface Reference Manual
prepop share configure
Configuration-Mode Commands
prepop share configure
Description Syntax Configures CIFS prepopulation settings for a share. [no] prepop share configure {remote-path <path> server-account <login> server-password <password> interval <number of seconds> [comment <"text comment"> starttime <date and time>]} remote-path <remotepath> server-account <login> server-password <password> interval <number of seconds> comment <"text comment"> start-time <date and time> Usage Example Specify the remote path of the share to be synchronized. Use the following format: \\\\example\\example\\example\\my_example Specify the login, if any, required to access the share. Specify the corresponding password, if any, to access the share. Specify the number of seconds for the synchronization interval. Type a string to describe the share for administrative purposes. Specify a start time for synchronization, in the following format: yyyy/mm/dd hh:mm:ss
Parameters
The no command option disables the prepopulation share.
amnesiac (config) # prepop share configure remote-path \\\\example\\main\\users\\my-example server-account mylogin server-password XyyXX interval 68 comment "test" start-time 2007/09/09 00:00:00
Product Related Topics
Steelhead appliance, Cloud Steelhead show prepop
prepop share manual-sync
Description Syntax Parameters Performs a manual synchronization and verification processes for a remote share. [no] prepop share manual-sync remote-path <remote-path> remote-path <remotepath> Specify the remote path of the share to be synchronized. Use the following format: \\\\example\\example\\example\\my_example
Usage Example Product Related Topics
The no command option disables the prepopulation share.
amnesiac (config) # prepop share manual-sync remote-path \\\\example\\main\\users\\my-example
Steelhead appliance, Cloud Steelhead show prepop
Riverbed Command-Line Interface Reference Manual
295
Configuration-Mode Commands
prepop share modify
prepop share modify
Description Syntax Modifies prepopulation settings for a share. [no] prepop share modify {remote-path <path> server-account <login> server-password <password> interval <number of seconds> comment <"text comment"> starttime <date and time> | start-time <date and time> | syncing <true | false>} remote-path <remotepath> Specify the remote path of the share to be synchronized. Set up the prepopulation share on the remote box pointing to the actual share in the head-end data center server. Use the following format: \\\\example\\example\\example\\my_example Specify the login, if any, required to access the share. Specify the corresponding password, if any, to access the share. Specify the number of seconds for the synchronization interval. Type a string to describe the share for administrative purposes. Specify a start time for synchronization, in the following format: yyyy/mm/dd hh:mm:ss Disables or enables synchronization of a share.
Parameters
server-account <login> server-password <password> interval <number of seconds> comment <"text comment"> start-time <date and time> syncing <true | false> Usage Example Product Related Topics
The no command option disables the prepopulation share.
amnesiac (config) # prepop share modify remote-path \\\\example\\main\\users\\myexample interval 68 start-time 2007/09/09 00:00:00
Steelhead appliance, Cloud Steelhead show prepop
protocol cifs prepop enable
Description Syntax Parameters Usage Example Product Related Topics Enables CIFS transparent prepopulation. [no] protocol cifs prepop enable None The no command option disables CIFS transparent prepopulation.
amnesiac (config) # protocol cifs prepop enable
Steelhead appliance, Cloud Steelhead show prepop
296
Riverbed Command-Line Interface Reference Manual
ip fqdn override
Configuration-Mode Commands
CIFS, SMB, and SMB2 Support Commands
This section describes the CIFS/SMB and SMB2 support commands. For detailed information about SMB signing, including steps for configuring Windows, see the Steelhead Management Console Users Guide and CIFS Prepopulation Support Commands.
ip fqdn override
Description Syntax Parameters Usage Example Product Related Topics Sets the fully qualified domain name. [no] ip fqdn override <domain name> <domain name> Specify a fully qualified domain name.
For SMB signing specify the delegation domain in which you want to make the delegate user a trusted member. For example: SIGNING.TEST
amnesiac (config) # ip fqdn override SIGNING.TEST
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show domain
protocol cifs applock enable
Description Syntax Parameters Usage Enables CIFS application lock mechanism. RiOS v5.5.x or higher optimizes Microsoft Office, Excel, and CIFS traffic with SMB signing enabled. [no] protocol cifs applock enable None Enables CIFS latency optimizations to improve read and write performance for Microsoft Word and Excel documents when multiple users have the file open. By default, this setting is disabled. This feature enhances the Enable Overlapping Open Optimization feature by identifying and obtaining locks on read write access at the application level. The overlapping open optimization feature handles locks at the file level. Note: Enable the applock optimization feature on the client-side Steelhead appliance. The clientside Steelhead appliance must be running RiOS v5.5 or later. Example Product Related Topics
amnesiac (config) # protocol cifs applock enable
Steelhead appliance, Cloud Steelhead show protocol cifs applock
protocol cifs clear-read-resp enable
Description Syntax Clears read response CIFS data when poor performance occurs. [no] protocol cifs clear-read-resp enable
Riverbed Command-Line Interface Reference Manual
297
Configuration-Mode Commands
protocol cifs disable write optimization
Parameters Usage Example Product Related Topics
None Increases performance for deployments with high bandwidth, low-latency links.
amnesiac (config) # protocol cifs clear-read-resp enable
Steelhead appliance, Cloud Steelhead show protocol cifs
protocol cifs disable write optimization
Description Syntax Parameters Usage Disables CIFS write-through. [no] protocol cifs disable write optimization None Disable write optimization only if you have applications that assume and require write-through in the network. If you disable write optimization, the Steelhead appliance still provides optimization for CIFS reads and for other protocols, but you might experience a slight decrease in overall optimization. Most applications operate safely with write optimization because CIFS allows you to explicitly specify write-through on each write operation. However, if you have an application that does not support explicit write-through operations, you must disable it in the Steelhead appliance. If you do not disable write-through, the Steelhead appliance acknowledges writes before they are fully committed to disk, to speed up the write operation. The Steelhead appliance does not acknowledge the file close until the file is safely written. Example Product Related Topics
amnesiac (config) # protocol cifs disable write optimization
Steelhead appliance, Cloud Steelhead show protocol cifs
protocol cifs disable write optimization
Description Syntax Parameters Disables CIFS write optimization. [no] protocol cifs disable write optimization None
298
Riverbed Command-Line Interface Reference Manual
protocol cifs dw-throttling enable
Configuration-Mode Commands
Usage
Disable write optimization only if you have applications that assume and require write-through in the network. If you disable write optimization, the Steelhead appliance still provides optimization for CIFS reads and for other protocols, but you might experience a slight decrease in overall optimization. Most applications operate safely with write optimization because CIFS allows you to explicitly specify write-through on each write operation. However, if you have an application that does not support explicit write-through operations, you must disable it in the Steelhead appliance. If you do not disable write-through, the Steelhead appliance acknowledges writes before they are fully committed to disk, to speed up the write operation. The Steelhead appliance does not acknowledge the file close until the file is safely written. The no command option enables CIFS write optimization.
Example Product Related Topics
amnesiac (config) # protocol cifs disable write optimization
Steelhead appliance, Cloud Steelhead show protocol cifs
protocol cifs dw-throttling enable
Description Syntax Parameters Usage Enables CIFS dynamic throttling mechanism. [no] protocol cifs dw-throttling enable None Enables CIFS dynamic throttling mechanism which replaces the current static buffer scheme. If you enable CIFS dynamic throttling, it is activated only when there are sub-optimal conditions on the server-side causing a back-log of write messages; it does not have a negative effect under normal network conditions. The no command option disables the dynamic throttling mechanism. Example Product Related Topics
amnesiac (config) # protocol cifs dw-throttling enable
Steelhead appliance, Cloud Steelhead show protocol cifs
protocol cifs enable
Description Syntax Parameters Enables CIFS optimization. CIFS optimization is enabled by default. [no] protocol cifs enable None
Riverbed Command-Line Interface Reference Manual
299
Configuration-Mode Commands
protocol cifs ext-dir-cache enable
Usage
RiOS v5.5x and later includes settings to optimize Microsoft Office and CIFS traffic with SMB signing enabled. RiOS v6.0 and later supports CIFS latency optimization and SMB Signing settings for Mac OSX 10.5.x and later clients. Mac OSX support includes two CLI commands. You can alter a response for Query Path Info request issued with info-level QUERY_FILE_ALL_INFO and also edit the list of names that are queried by Mac clients immediately following a tree connect request. CIFS latency optimization does not require a separate license and is enabled by default. Typically, you disable CIFS optimizations only to troubleshoot the system. The no command option disables CIFS optimization for testing purposes. Typically, you disable latency optimization to troubleshoot problems with the system. Important: Latency optimization must be enabled (or disabled) on both Steelhead appliances.
Example Product Related Topics
amnesiac (config) # protocol cifs enable
Steelhead appliance, Cloud Steelhead show protocol cifs
protocol cifs ext-dir-cache enable
Description Syntax Parameters Usage Enables extended directory caching. [no] protocol cifs ext-dir-cache enable None Extended directory caching enhances directory browsing over the WAN. The no command option disables extended directory caching. Example Product Related Topics
amnesiac (config) # protocol cifs ext-dir-cache enable
Steelhead appliance, Cloud Steelhead show protocol cifs ext-dir-cache, protocol cifs enable
protocol cifs mac oplock enable
Description Syntax Parameters Usage Enables enables opportunist lock (oplock) support for Mac clients. [no] protocol cifs mac oplock enable None A lock requested by a client on a file that resides on a remote server. To prevent any compromise to data integrity, the Steelhead appliance only optimizes data where exclusive access is available (in other words, when locks are granted). When an oplock is not available, the Steelhead appliance does not perform application-level latency optimizations but still performs Scalable Data Referencing and compression on the data as well as TCP optimizations. Therefore, even without the benefits of latency optimization, Steelhead appliances still increase WAN performance, but not as effectively as when application optimizations are available. The no command option disables CIFS MAC oplock support.
300
Riverbed Command-Line Interface Reference Manual
protocol cifs nosupport
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol cifs mac oplock enable
Steelhead appliance, Cloud Steelhead show prepop
protocol cifs nosupport
Description Syntax Parameters Sets a specified OS as unsupported for optimization. protocol cifs nosupport client | server {add | remove} <os name> client | server add | remove <os name> Example Product Related Topics Specify the location to disable OS support. Adds or removes a OS support from the specified location. Specify the OS type: longhorn, vista, win2k3, winxp, win2k, win98. wnt4, wnt3, winunk. emc. mac, linux, novell, samba, snap, unix, bsd
amnesiac (config) # protocol cifs nosupport client add win2k
Steelhead appliance, Cloud Steelhead show protocol cifs nosupport client, show protocol cifs nosupport server
protocol cifs oopen enable
Description Syntax Parameters Usage Enables CIFS overlapping opens. [no] protocol cifs oopen enable None Enable overlapping opens to obtain better performance with applications that perform multiple opens on the same file (for example, CAD applications). By default, this setting is disabled. With overlapping opens enabled the Steelhead appliance optimizes data where exclusive access is available (in other words, when opportunist locks are granted). When an opportunist lock (oplock) is not available, the Steelhead appliance does not perform application-level latency optimizations but still performs SDR and compression on the data as well as TCP optimizations. Therefore, even without the benefits of latency optimization,Steelhead appliances still increase WAN performance, but not as effectively as when application optimizations are available. Note: If a remote user opens a file that is optimized using the overlapping opens feature and a second user opens the same file, they might receive an error if the file fails to go through a v3.x.x or later Steelhead appliance or if it does not go through a Steelhead appliance (for example, certain applications that are sent over the LAN). If this occurs, you should disable overlapping opens for those applications. You can configure an include list or exclude list of file types subject to overlapping opens optimization with the protocol cifs oopen extension on page 302. The no command option disables CIFS overlapping opens. Example
amnesiac (config) # protocol cifs oopen enable
Riverbed Command-Line Interface Reference Manual
301
Configuration-Mode Commands
protocol cifs oopen extension
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol cifs oopen
protocol cifs oopen extension
Description Syntax Parameters Configures file extensions to include or exclude from overlapping open optimization. protocol cifs oopen extension {[add <ext> <cr> | setting-always <policy>] | [modify <ext> setting <policy> <cr>] | remove <ext> <cr>} add <ext> <cr> setting-always <policy> Specify a list of file extensions to include in overlapping opens optimization. Specify the policy to force on the specified file extension: allow - Allows overlapping opens to enable better performance. deny - Denies overlapping opens on the specified file extension. [modify <ext> setting <policy> <cr>] Modifies the policy setting for the specified file extension: allow - Allows overlapping opens to enable better performance. deny - Denies overlapping opens on the specified file extension. remove <ext> <cr> Usage Removes a file extension from the special case list (that is, do not optimize the specified file extension)
Enable overlapping opens to obtain better performance with applications that perform multiple opens on the same file. With overlapping opens enabled, the Steelhead appliance optimizes data to which exclusive access is available (in other words, when locks are granted). When an oplock is not available, the Steelhead appliance does not perform application-level latency optimization but still performs SDR and compression on the data, as well as TCP optimizations. If you do not enable this feature, the Steelhead appliance still increases WAN performance, but not as effectively. Enabling this feature on applications that perform multiple opens on the same file to complete an operation (for example, CAD applications) results in a performance improvement. You specify a list of extensions you want to optimize using overlapping opens. You can also use this command to specify a list of extensions you do not want to optimize using overlapping opens. If a remote user opens a file which is optimized using the overlapping opens feature and a second user opens the same file, the second user might receive an error if the file fails to go through a v3.x Steelhead appliance or if it does not go through a Steelhead appliance at all (for example, certain applications that are sent over the LAN). If this occurs, you should disable overlapping opens for those applications.
Example Product Related Topics
amnesiac (config) # protocol cifs oopen extension modify pdf setting allow
Steelhead appliance, Cloud Steelhead show protocol cifs oopen
302
Riverbed Command-Line Interface Reference Manual
protocol cifs oopen policy
Configuration-Mode Commands
protocol cifs oopen policy
Description Syntax Parameters Usage Example Product Related Topics Changes the default CIFS overlapping open policy. [no] protocol cifs oopen policy allow | deny <allow | deny> Specify the policy: allow or deny
The default policy is to deny overlapping open optimization.
amnesiac (config) # protocol cifs oopen policy allow
Steelhead appliance, Cloud Steelhead show protocol cifs oopen
protocol cifs secure-sig-opt enable
Description Syntax Parameters Usage Enables Security Signature negotiations between Windows client and the server. [no] protocol cifs secure-sig-opt enable None The Secure-CIFS feature automatically stops Windows SMB signing. SMB signing prevents the appliance from applying full optimization on CIFS connections and significantly reduces the performance gain from a Steelhead deployment. Because many enterprises already take additional security precautions (such as firewalls, internal-only reachable servers, and so on), SMB signing adds little additional security, at a significant performance cost (even without Steelhead appliances). Before you enable Secure-CIFS, you must consider the following factors: If the client-side machine has Required signing, enabling Secure-CIFS prevents the client from connecting to the server. If the server-side machine has Required signing, the client and the server connect but you cannot perform full latency optimization with the Steelhead appliance. Domain Controllers default to Required. If your deployment requires SMB signing, see the Steelhead Management Console Users Guide for detailed procedures, including procedures for Windows. The no command option enables Security Signature negotiations. Example Product Related Topics
amnesiac (config) # protocol cifs secure-sig-opt enable
Steelhead appliance, Cloud Steelhead show protocol cifs
Riverbed Command-Line Interface Reference Manual
303
Configuration-Mode Commands
protocol cifs smb signing enable
protocol cifs smb signing enable
Description Syntax Parameters Enables SMB signing. By default, RiOS SMB signing is disabled. [no] protocol cifs smb signing enable None
304
Riverbed Command-Line Interface Reference Manual
protocol cifs smb signing enable
Configuration-Mode Commands
Usage
When sharing files, Windows provides the ability to sign CIFS messages to prevent man-in-themiddle attacks. Each CIFS message has a unique signature which prevents the message from being tampered. This security feature is called SMB signing. Prior to the v5.5 release, RiOS did not provide latency optimization for signed traffic. For detailed information about configuring SMB signing, including the necessary steps for Windows, see the Steelhead Management Console Users Guide. You can enable the RiOS SMB signing feature on a server-side Steelhead appliance to alleviate latency in file access with CIFS acceleration while maintaining message security signatures. With SMB signing on, the Steelhead appliance optimizes CIFS traffic by providing bandwidth optimizations (SDR and LZ), TCP optimizations, and CIFS latency optimizationseven when the CIFS messages are signed. By default, RiOS SMB signing is disabled. The RiOS SMB signing feature works with Windows 2003 and later domain security and is fullycompliant with the Microsoft SMB signing v1 protocol. The server-side Steelhead appliance in the path of the signed CIFS traffic becomes part of the Windows trust domain. The Windows domain is either the same as the domain of the user or has a trust relationship with the domain of the user. The trust relationship can be either a parent-child relationship or an unrelated trust relationship. Important: This feature works with Windows 2003 native mode domains and later, when in delegation mode. In transparent mode the domain restrictions do not apply. SMB signing transparent mode is not currently supported in Windows 7. RiOS v6.0 and later optimizes signed CIFS traffic even when the logged-in user or client machine and the target server belong to different domains, provided these domains have a trust relationship with the domain the Steelhead appliance has joined. RiOS v6.1 and later supports delegation for users that are in domains trusted by the server's domain. The RiOS SMB-signing feature uses Kerberos between the server-side Steelhead appliance and any configured servers participating in the signed session. The client-side Steelhead appliance uses NTLM and will negotiate down to NTLM from Kerberos if supported. The client-side Steelhead appliance does not use Kerberos. Prerequisites With RiOS SMB signing enabled, Steelhead appliances sign the traffic between the client and the client-side Steelhead appliance and between the server and the server-side Steelhead appliance. The traffic is not signed between the Steelhead appliances, but the Steelheads implement their own integrity mechanisms. For maximum security, Riverbed recommends that you use IPsec encryption to secure the traffic between the Steelhead appliances. RiOS SMB signing requires joining a Windows domain. Setting the correct time zone is vital for joining a domain. The most common reason for failing to join a domain is a significant difference in the system time on the Windows domain controller and the Steelhead appliance. Basic Steps 1. Verify that the Windows domain functionality is at the Windows 2003 level or later. For detailed information about configuring SMB signing, including the necessary steps for Windows, see the Steelhead Management Console Users Guide. Identify the full domain name, which must be the same as DNS. You need to specify this name when you join the server-side Steelhead appliance to the domain. Identify the short (NetBIOS) domain name (press Ctrl+Alt+Del on any member server). You need to specify the short name when the Steelhead appliance joins the domain if it does not match the left-most portion of the fully-qualified domain name. Make sure that the primary or auxiliary interface for the server-side Steelhead appliance is routed to the DNS and the Domain Controller. Verify the DNS settings:
2. 3.
4. 5.
You must be able to ping the server-side Steelhead appliance, by name, from a CIFS server joined to the same domain that the server-side Steelhead appliance will join. If you cannot, create an entry in the DNS server for the server-side Steelhead appliance. You must be able to ping the Domain Controller, by name, whose domain the server-side Steelhead appliance will join. To verify your domain run the show domain, and show dns settings.
Riverbed Command-Line Interface Reference Manual
305
Configuration-Mode Commands
protocol cifs smb signing mode-type
6.
Join the Windows domain running in native mode. In delegation mode, RiOS SMB-signing does not support Windows NT and Windows 2000. For detailed information about joining domains, see domain join on page 473. If you configured SMB signing in delegation mode, set up the Domain Controller and SPN. For detailed information, see the Steelhead Management Console Users Guide. If you configured SMB signing in delegation mode, grant the user access to delegate CIFS service in Windows. You must perform the following procedure for every server on which you want to enable RiOS SMB signing. For detailed information, see the Steelhead Management Console Users Guide. If you configured SMB signing in delegation mode, add delegate users on the Steelhead appliance.
7. 8.
9.
10. Enable SMB signing on the server-side Steelhead appliances. For detailed procedures, see the Steelhead Management Console Users Guide. Example Product Related Topics
amnesiac (config) # protocol cifs smb signing enable
Steelhead appliance, Cloud Steelhead show protocol cifs smb signing status
protocol cifs smb signing mode-type
Description Syntax Parameters Configures SMB signing mode as either transparent or delegation. [no] protocol cifs smb signing mode-type <mode> <mode> Specify one of the following modes: transparent - Enables SMB signed packets with transparent authentication. Transparent mode uses the secure inner channel to authenticate and secure traffic, eliminating the need to define delegation trust. This is the default setting in RiOS v6.0 and later; however, if you enabled SMB signing in RiOS v5.5 and upgraded to v6.0 or later, delegation mode is enabled by default. The advantage transparent mode offers over the delegation mode is that it simplifies the amount of configuration required. Delegate users do not have to be configured for this mode. Transparent mode uses NTLM end-to-end between the client and server-side Steelhead appliance and the server-side Steelhead and the server. If you have Windows 7 clients, you will need to use delegation mode. delegation - Enables SMB signed packets with delegate user authentication. Select this mode if you have previously enabled SMB signing with RiOS v5.5.x or higher. Use delegation mode if you want to optimize connections with Windows 7 clients. Using this mode requires setting up delegate users. Delegation mode uses NTLM between the client and server-side Steelhead appliance and Kerberos between the server-side Steelhead and the server. Note: If you switch between transparent and delegation modes you must restart the optimization service. Example Product Related Topics
amnesiac (config) # protocol cifs smb signing mode-type delegation amnesiac (config) # service restart
Steelhead appliance show protocol cifs smb signing status, Windows Domain Authentication Delegation Commands
306
Riverbed Command-Line Interface Reference Manual
protocol smb2 enable
Configuration-Mode Commands
protocol smb2 enable
Description Enables optimization of SMB2 traffic for native SMB2 clients and servers. SMB2 allows for access across disparate networks. It is the default mode of communication between Windows Vista and Windows 7 clients and Windows Server 2008 and Windows Server 2008r2 servers. [no] protocol smb2 enable You must restart the optimization service after running this command. For details on SMB2, see the Steelhead Management Console Users Guide and protocol cifs smb signing enable on page 304.
amnesiac (config) # protocol smb2 enable amnesiac (config) # service restart
Syntax Usage Example Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol smb2
protocol smb2 signing enable
Description Syntax Usage Enables the optimization of SMB2 signed traffic. [no] protocol smb2 signing enable You must enable SMB2 and join a domain before enabling SMB2 signing. For details on SMB2, see the Steelhead Management Console Users Guide and protocol cifs smb signing enable on page 304. When upgrading from RiOS v6.1 to v6.5 or later, you might already have a delegate user and be joined to a domain. If so, enabling SMB2 signing will work when enabled with no additional configuration. Example Product Related Topics
amnesiac (config) # protocol smb2 signing enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol smb2 protocol cifs smb signing enable, protocol smb2 enable
protocol smb2 signing mode-type
Description Syntax Configures the RiOS SMB2 signing mode. By default, RiOS SMB2 signing is disabled. [no] protocol smb2 signing <mode type>
Riverbed Command-Line Interface Reference Manual
307
Configuration-Mode Commands
protocol cifs smbv1-mode enable
Parameters
<mode type>
Specify one of the following modes: transparent - Enables SMB signed packets with transparent authentication. Transparent mode uses the secure inner channel to authenticate and secure traffic, eliminating the need to define delegation trust. This is the default setting in RiOS v6.0 and later; however, if you enabled SMB signing in RiOS v5.5 and upgraded to v6.0 or later, delegation mode is enabled by default. The advantage transparent mode offers over the delegation mode is that it simplifies the amount of configuration required. Delegate users do not have to be configured for this mode. Transparent mode uses NTLM end-to-end between the client and server-side Steelhead appliance and the server-side Steelhead and the server. Note: If you have Windows 7 clients, you will need to use delegation mode. delegation - Enables SMB signed packets with delegate user authentication. Select this mode if you have previously enabled SMB signing with RiOS v5.5.x or higher. Use delegation mode if you want to optimize connections with Windows 7 clients. Using this mode requires setting up delegate users. Delegation mode uses NTLM between the client and server-side Steelhead appliance and Kerberos between the server-side Steelhead and the server. Note: If you switch between transparent and delegation modes you must restart the optimization service.
Usage
You can enable the RiOS SMB2 signing feature on a server-side Steelhead appliance to alleviate latency in file access with CIFS acceleration while maintaining message security signatures.When sharing files, Windows provides the ability to sign CIFS messages to prevent man-in-the-middle attacks. Each CIFS message has a unique signature which prevents the message from being tampered with. You must restart the optimization service after running this command. You must enable SMB2 before enabling SMB2 signing. For more information on SMB2, see the Steelhead Management Console Users Guide
Example Product Related Topics
amnesiac (config) # protocol smb2 signing mode-type transparent amnesiac (config) # service restart
Steelhead appliance show protocol cifs smb signing status, protocol domain-auth delegation auto-mode enable, Windows Domain Authentication Delegation Commands
protocol cifs smbv1-mode enable
Description Syntax Parameters Enables SMBv1 backward compatibility mode, which allows a Steelhead appliance to perform CIFS latency optimization and SDR on SMB traffic in Windows Vista environments. [no] protocol cifs smbv1-mode enable None
308
Riverbed Command-Line Interface Reference Manual
protocol cifs spoolss enable
Configuration-Mode Commands
Usage
Improves SMB optimization for Windows Vista users. Select to perform latency and SDR optimizations on SMB traffic on the client-side Steelhead appliance. Without this feature, Steelhead appliances perform only SDR optimization without improving CIFS latency. This feature enables SMBv1 for Vista-to-Vista CIFS connections instead of SMBv2 (similar to Vista to pre-Vista CIFS connections). While the Steelhead appliances are fully compatible with the SMBv2 included in Vista, they deliver the best performance using SMBv1. Important: You must restart the client Steelhead service after enabling the SMBv1 Backward Compatibility Mode. To enable SDR and CIFS latency optimization on SMB traffic in a Windows Vista environment, perform the following steps on the client-side Steelhead appliance: 1. 2. Run the following command:
# protocol cifs smbv1-mode enable
Restart the Steelhead service.
# restart
The no command option disables this feature. Example Product Related Topics
amnesiac (config) # protocol cifs smbv1-mode enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol cifs
protocol cifs spoolss enable
Description Syntax Parameters Usage Enables CIFS print-spool subsystem optimization. [no] protocol cifs spoolss enable None Improves centralized print traffic performance. For example, when the print server is located in the data center and the printer is located in the branch office, enabling this option speeds the transfer of a print job spooled across the WAN to the server and back again to the printer. By default, this setting is disabled. Enabling this option requires an optimization service restart. Windows XP and Vista are supported as clients, and Windows 2003 and Windows 2008 as servers. Note: Both the client and server-side Steelhead appliance must be running RiOS v6.0 and later. Example Product Related Topics
amnesiac (config) # protocol cifs spoolss enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol cifs spoolss
RiOS TCP Dump Commands
This section describes RiOS TCP dump commands. The system also runs the standard tcpdump utility. For detailed information, see tcpdump on page 130.
Riverbed Command-Line Interface Reference Manual
309
Configuration-Mode Commands
tcpdump-x all-interfaces
tcpdump-x all-interfaces
Description Syntax Configures a list of all interfaces for a TCP dump capture. [no] tcpdump-x all-interfaces capture-name <capture-name> continuous <cr> | | buffer-size <size in KB> | duration <seconds> <cr> [schedule-time <HH:MM:SS> [schedule-date <YYYY/ MM/DD>]] | [rotate-count <# files>] | [snaplength <snaplength>] | [sip <src-addr>] | [dip <dst-addr>] | [sport <src-port>] | [dport <dst-port>] | [dot1q] | [custom <custom-param>] | [file-size <megabytes>] capture-name <capturename> Specify a capture name to help you identify the TCP Dump. The default filename uses the following format:
<hostname>_<interface>_<timestamp>.cap
Parameters
Where hostname is the hostname of the Steelhead appliance, interface is the name of the interface selected for the trace (for example, lan0_0, wan0_0), and timestamp is in the YYYY-MM-DD-HH-MM-SS format. Note: The .cap file extension is not included with the filename when it appears in the capture queue. continuous buffer-size <size in KB> duration <seconds> schedule-time <HH:MM:SS> schedule-date <YYYY/MM/ DD> rotate-count <# files> snaplength <snaplength> sip <src-addr> dip <dstaddr> sport <srcport> dport <dstport> dot1q custom <customparam> file-size <megabytes> Start a continuous capture. Specify the size in KB for all packets. Specify the run time for the capture in seconds. Specify a time to initiate the trace dump in the following format: HH:MM:SS Specify a date to initiate the trace dump in the following format: YYYY/MM/ DD Specify the number of files to rotate. Specify the snap length value for the trace dump. The default value is 300. Specify 0 for a full packet capture (that is, CIFS, MAPI, and SSL). Specify a comma-separated list of source IP addresses. The default setting is all IP addresses. Specify a comma-separated list of destination IP addresses. The default setting is all IP addresses. Specify a comma-separated list of source ports. The default setting is all ports. Specify a comma-separated list of destination ports. The default setting is all ports. Filter dot1q packets. For detailed information about dot1q VLAN tunneling, see your Cisco router documentation. Specify custom parameters for packet capture.
Specify the file size of the capture in megabytes.
310
Riverbed Command-Line Interface Reference Manual
tcpdump-x capture-name stop
Configuration-Mode Commands
Usage
You can capture and retrieve multiple TCP trace dumps. You can generate trace dumps from multiple interfaces at the same time and you can schedule a specific date and time to generate a trace dump.
amnesiac (config) # tcpdump-x all-interfaces capture-name continuous duration 120
Example Product Related Topics
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Interceptor appliance, Cloud Steelhead show tcpdump-x, tcpdump
tcpdump-x capture-name stop
Description Syntax Parameters Example Product Related Topics Stops the specified TCP dump capture. [no] tcpdump-x capture-name <capture-name> stop <capturename> Specify the capture name to stop.
amnesiac (config) # tcpdump-x capture-name example stop
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Interceptor appliance, Cloud Steelhead show tcpdump-x, tcpdump
tcpdump-x interfaces
Description Syntax Configures a comma-separated list of interfaces to capture in the background. [no] tcpdump-x interfaces <interface-name> continuous <cr> | duration <seconds> <cr> [schedule-time <HH:MM:SS> [schedule-date <YYYY/MM/DD>]] | [rotate-count <# files>] | [snaplength <snaplength>] | [sip <src-addr>] | [dip <dst-addr>] | [sport <src-port>] [dport <dst-port>] | [dot1q] | [custom <custom-param>] | [file-size <megabytes>]
Riverbed Command-Line Interface Reference Manual
311
Configuration-Mode Commands
protocol connection lan receive buf-size
Parameters
<interfacename> continuous duration <seconds> schedule-time <HH:MM:SS> schedule-date <YYYY/MM/ DD> rotate-count <#files> snaplength <snaplength> sip <src-addr> dip <dst-addr> sport <srcport> dport <dstport> dot1q custom <customparam> file-size <megabytes>
Specify a comma-separated list of interfaces: primary, aux, lan0_0, wan0_0 Start a continuous capture. Specify the run time for the capture in seconds. Specify a time to initiate the trace dump in the following format: HH:MM:SS Specify a date to initiate the trace dump in the following format: YYYY/MM/ DD Specify the number of files to rotate. Specify the snap length value for the trace dump. The default value is 300. Specify 0 for a full packet capture (that is, CIFS, MAPI, and SSL). Specify the source IP addresses. The default setting is all IP addresses. Specify a comma-separated list of destination IP addresses. The default setting is all IP addresses. Specify a comma-separated list of source ports. The default setting is all ports. Specify a comma-separated list of destination ports. The default setting is all ports. Filter dot1q packets. For detailed information about dot1q VLAN tunneling, see your Cisco router documentation. Specify custom parameters for packet capture.
Specify the file size of the capture in megabytes.
Example Product Related Topics
amnesiac (config) # tcpdump-x interfaces inpath0_0 continuous
Steelhead appliance, CMC appliance, Steelhead Mobile Controller, Interceptor appliance, Cloud Steelhead show tcpdump-x, tcpdump
High-Speed TCP Support Commands
This section describes the High-Speed TCP (HS-TCP) support commands.
protocol connection lan receive buf-size
Description Syntax Parameters Sets the LAN receive buffer size for HS-TCP. [no] protocol connection lan receive buf-size <bytes> <bytes> Specify the LAN receive buffer size. The default value is 32768.
312
Riverbed Command-Line Interface Reference Manual
protocol connection lan send buf-size
Configuration-Mode Commands
Usage
To support High-Speed TCP (HS-TCP), you must increase your LAN buffer size to 1 MB. The no command option resets the buffer size to the default.
Example Product Related Topics
amnesiac (config) # protocol connection lan receive buf-size 1000000
Steelhead appliance, Cloud Steelhead show protocol connection
protocol connection lan send buf-size
Description Syntax Parameters Usage Sets the LAN send buffer size for HS-TCP. [no] protocol connection lan send buf-size <bytes> <bytes> Specify the LAN send buffer size. The default value is 81920.
To support HS-TCP, you must increase your LAN buffer size to 1 MB. The no command option resets the buffer size to the default.
Example Product Related Topics
amnesiac (config) # protocol connection lan send buf-size 1000000
Steelhead appliance, Cloud Steelhead show protocol connection
protocol connection wan receive def-buf-size
Description Syntax Parameters Usage Sets the WAN receive buffer size for HS-TCP. [no] protocol connection wan receive def-buf-size <bytes> <bytes> Specify the WAN receive buffer size. The default value is 262140.
To configure your WAN buffer you must increase the WAN buffers to twice Bandwidth Delay Product (BDP) or 10 MB. You can calculate the BDP WAN buffer size. For example: Bandwidth = 155000000 Mbps Delay = 100 ms For a link of 155 Mbps and 100 ms round-trip delay, set the WAN buffers to
2 * 155000000 * 0.1 / 8 = 3875000
To calculate the BDP for a link
bandwidth * delay / 8 / MTU = X
If X is greater than default (256 KB), enable HS-TCP with the correct buffer size. The no command option resets the buffer size to the default. Example
amnesiac (config) # protocol connection wan receive def-buf-size 3875000
Riverbed Command-Line Interface Reference Manual
313
Configuration-Mode Commands
protocol connection wan send def-buf-size
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol connection
protocol connection wan send def-buf-size
Description Syntax Parameters Usage Sets the WAN send buffer size for HS-TCP. [no] protocol connection wan send def-buf-size <bytes> <bytes> Specify the WAN send buffer size. The default value is 262140.
To configure your WAN buffer you must increase the WAN buffers to twice Bandwidth Delay Product (BDP) or 10 MB. You can calculate the BDP WAN buffer size. For example: Bandwidth = 155000000 Mbps Delay = 100 ms For a link of 155 Mbps and 100 ms round-trip delay, set the WAN buffers to
2 * 155000000 * 0.1 / 8 = 3875000
To calculate the BDP for a link
bandwidth * delay / 8 / MTU = X
If X is greater than the default (256 KB), enable HS-TCP with the correct buffer size. The no command option resets the buffer size to the default. Example Product Related Topics
amnesiac (config) # protocol connection wan send def-buf-size 3875000
Steelhead appliance, Cloud Steelhead show protocol connection
tcp highspeed enable
Description Syntax Parameters Enables the HS-TCP feature, which provides acceleration and high throughput for high bandwidth networks where the WAN pipe is large but latency is high. [no] tcp highspeed enable None
314
Riverbed Command-Line Interface Reference Manual
tcp max-time-out
Configuration-Mode Commands
Usage
HS-TCP is activated for all connections that have a BDP larger than 100 packets. If you have a Bandwidth Delay Product (BDP) of greater than 512 KB, and you are more interested in filling the WAN pipe than saving bandwidth, you should consider enabling HS-TCP. You need to carefully evaluate whether HS-TCP will benefit your network environment. To enable HS-TCP, you must disable LZ compression and SDR. If you have an Optical Carrier-3 line or faster, turning off SDR makes sense and allows HS-TCP to reach its full potential. To configure HS-TCP enable HS-TCP. disable LZ compression and SDR in the optimization policies if your WAN link capacity is 100 Mbps. enable in-path support. increase the WAN buffers to twice BDP or 10 MB. You can calculate the BDP WAN buffer size. increase the LAN buffers to 1 MB. To calculate the BDP WAN buffer size Bandwidth = 155000000 Mbps Delay = 100 ms For a link of 155 Mbps and 100 ms round-trip delay, the WAN buffers should be set to
2 * 155000000 * 0.1 / 8 = 3875000
To calculate the BDP for a link
bandwidth * delay / 8 / MTU = X
If X is greater than default (256 KB), enable HS-TCP with the correct buffer size. The no command option disables HS-TCP. Example
amnesiac (config) # tcp highspeed enable amnesiac (config) # in-path rule auto-discover srcaddr 0.0.0.0/0 dstaddr 0.0.0.0/0 dstport 0 optimization none vlan -1 neural-mode always rulenum 1 amnesiac (config) # in-path enable amnesiac (config) # protocol connection lan receive buf-size 1000000 amnesiac (config) # protocol connection lan send buf-size 1000000 amnesiac (config) # protocol connection wan receive def-buf-size 3875000 amnesiac (config) # protocol connection wan send def-buf-size 3875000
Product Related Topics
Steelhead appliance, Cloud Steelhead show tcp highspeed
tcp max-time-out
Description Syntax Parameters Example Product Related Topics Sets maximum time-out value for TCP connections. Riverbed recommends you contact Riverbed Support before you configure this setting. tcp max-time-out <seconds> <seconds> Specify the maximum time out value for TCP connections.
amnesiac (config) # tcp max-time-out 60
Steelhead appliance, Cloud Steelhead show tcp max-time-out
Riverbed Command-Line Interface Reference Manual
315
Configuration-Mode Commands
tcp max-time-out mode enable
tcp max-time-out mode enable
Description Syntax Parameters Example Product Related Topics Enables the TCP maximum time-out mode. Riverbed recommends you contact Riverbed Support before you configure this setting. tcp max-time-out mode enable None
amnesiac (config) # tcp max-time-out mode enable
Steelhead appliance, Cloud Steelhead show tcp max-time-out
tcp reordering threshold
Description Syntax Parameters Example Product Related Topics Enables the TCP reordering threshold. Riverbed recommends you contact Riverbed Support before you configure this setting. tcp reordering threshold <value> <value> Specify the TCP reordering threshold.
amnesiac (config) # tcp reordering threshold
Steelhead appliance, Cloud Steelhead show tcp reordering
tcp sack enable
Description Syntax Parameters Example Product Related Topics Enables TCP Selective Acknowledgment (Sack). Riverbed recommends you contact Riverbed Support before you configure this setting. tcp sack enable None
amnesiac (config) # tcp sack enable
Steelhead appliance, Cloud Steelhead show tcp sack
tcp sack fastpath default
Description Syntax Enables a Selective acknowledgment (Sack) fast-path, controlled by high-speed TCP setting. Riverbed recommends you contact Riverbed Support before you configure this setting. tcp sack fastpath default
316
Riverbed Command-Line Interface Reference Manual
tcp sack fastpath enable
Configuration-Mode Commands
Parameters Example Product Related Topics
None
amnesiac (config) # tcp sack fastpath default
Steelhead appliance, Cloud Steelhead show tcp sack
tcp sack fastpath enable
Description Syntax Parameters Example Product Related Topics Forces Sack fast-path to be enabled. Riverbed recommends you contact Riverbed Support before you configure this setting. tcp sack fastpath enable None
amnesiac (config) # tcp sack fastpath enable
Steelhead appliance, Cloud Steelhead show tcp sack
tcp sat-opt bw-est mode
Description Syntax Parameters Enables satellite TCP optimization and bandwidth estimation features. tcp sat-opt bw-est mode <mode> mode <mode> Specify a TCP Bandwidth estimation mode. always disable Example Enables TCP Bandwidth Estimation on all connections. Disables satelite optimization.
amnesiac (config) # tcp sat-opt bw-est mode always amnesiac (config) # config write amnesiac (config) # service restart
Product Related Topics
Steelhead appliance tcp connection send reset
Oracle Forms Support Commands
This section describes the Oracle Forms support commands.
Riverbed Command-Line Interface Reference Manual
317
Configuration-Mode Commands
protocol oracle-forms enable
protocol oracle-forms enable
Description Enables Oracle Forms optimization in native mode, also known as socket mode. Oracle Forms is browser plug-in that accesses Oracle Forms and Oracle E-Business application suite content from within the browser. [no] protocol oracle-forms enable None Oracle Forms native mode optimization is enabled by default. Disable Oracle Forms only if your network users do not use Oracle applications. Before enabling Oracle Forms optimization, you need to know the mode in which Oracle Forms is running at your organization. For detailed information, see the Steelhead Management Console Users Guide. The Steelhead appliance decrypts, optimizes, and then re-encrypts Oracle Forms native, HTTP, and HTTPS mode traffic. Note: If you want to optimize HTTP mode traffic, you must also enable HTTP mode. For details, see protocol oracle-forms http-enable Use Oracle Forms optimization to improve Oracle Forms traffic performance. RiOS v5.5.x or higher and later supports 6i, which comes with Oracle Applications 11i. RiOS v6.0 and later supports 10gR2, which comes with Oracle E-Business Suite R12. Tip: Optionally, you can enable IPsec encryption to protect Oracle Forms traffic between two Steelhead appliances over the WAN. To optimize Oracle Forms traffic 1. 2. Make sure Oracle Forms optimization is enabled. Create an in-path rule (fixed-target or auto-discovery) that specifies: destination port: 9000 (native mode, using the default forms server) preoptimization policy: oracle-forms or oracle-forms+ssl optimization policy: normal latency optimization policy: normal Neural framing: always The Oracle Forms optimization also supports Oracle Forms over SSL. To configure Oracle Forms over SSL specify the preoptimization policy in the in-path rules as oracle-forms+ssl. The no command option disables Oracle Forms optimization. Example
amnesiac (config) # protocol oracle-forms enable amnesiac (config) # in-path rule auto-discover dstaddr 10.11.41.14/32 dstport 9000 preoptimization oracle-forms latency-opt normal neural-mode always rulenum 1
Syntax Parameters Usage
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol mapi, in-path rule auto-discover, in-path rule fixed-target, show protocol oracle-forms
protocol oracle-forms http-enable
Description Syntax Parameters Enables Oracle Forms HTTP mode optimization. Oracle Forms is a browser plug-in that accesses Oracle forms and Oracle E-Business application suite content from within the browser. [no] protocol oracle-forms http-enable None
318
Riverbed Command-Line Interface Reference Manual
protocol mapi enable
Configuration-Mode Commands
Usage
Before enabling Oracle Forms optimization, you need to know the mode in which Oracle Forms is running at your organization. For detailed information, see the Steelhead Management Console Users Guide. Use this command to have the forms server listen for HTTP connections in addition to native mode optimization. All internal messaging between the forms server and the Java client is encapsulated in HTTP packets. Native mode Oracle Forms optimization must be enabled as well. To optimize Oracle Forms HTTP traffic 1. 2. Make sure Oracle Forms HTTP optimization is enabled. Create an in-path rule (fixed-target or auto-discovery) that specifies: destination subnet and port: 8000 (HTTP mode) preoptimization policy: oracle-forms or oracle-forms+ssl optimization policy: normal latency optimization policy: normal Neural framing: always The Oracle Forms optimization also supports Oracle Forms over SSL. To configure Oracle Forms over SSL specify the preoptimization policy in the in-path rules as oracle-forms+ssl. The no command option disables Oracle Forms HTTP optimization.
Example
amnesiac (config) # protocol oracle-forms http-enable amnesiac (config) # in-path rule auto-discover dstaddr 10.11.41.14/32 dstport 8000 preoptimization oracle-forms latency-opt normal neural-mode always rulenum 1
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol mapi, in-path rule auto-discover, in-path rule fixed-target, show protocol oracle-forms
MAPI Support Commands
This section describes the MAPI support commands.
protocol mapi enable
Description Syntax Parameters Usage Enables MAPI support. [no] protocol mapi enable None MAPI optimization is enabled by default. Typically, you disable MAPI optimization to troubleshoot problems with the system. For example, if you are experiencing problems with Outlook clients connecting with Exchange, you can disable MAPI latency acceleration (while continuing to optimize with SDR for MAPI). The no command option disables MAPI optimization for testing purposes. You must restart the optimization service for your changes to take effect. For example, if you are experiencing problems with Outlook clients connecting with Exchange, you can disable MAPI latency acceleration (while continuing to optimize with SDR for MAPI) by issuing the no protocol mapi enable command. Example
amnesiac (config) # no protocol mapi enable amnesiac (config) # service restart
Riverbed Command-Line Interface Reference Manual
319
Configuration-Mode Commands
protocol mapi encrypted ntlm-auth enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi encrypted ntlm-auth enable
Description Syntax Parameters Usage Enables NTLM authorization for encrypted MAPI RPC traffic between Outlook and Exchange. This feature is enabled by default. [no] protocol mapi encrypted ntlm-auth enable None You must restart the optimization service for your changes to take effect. The no command option disables this option. Example Product Related Topics
amnesiac (config) # no protocol mapi encrypted ntlm-auth enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi encrypted delegation enable
Description Syntax Parameters Usage Provides encrypted MAPI optimization using the Kerberos delegation facility. [no] protocol mapi encrypted delegation enable None Enable this option if you are encrypting MAPI traffic for Windows 7 or earlier client versions. Both the server-side and client-side Steelhead appliances must be running RiOS v6.1. In RiOS v6.1, delegation mode includes support for trusted domains, wherein users are joined to a different domain from the filer being accessed. For detailed information about encrypted MAPI optimization, see the Steelhead Management Console Users Guide. Delegation mode requires additional configuration. For details, see Windows Domain Authentication Delegation Commands on page 491. You must restart the optimization service for your changes to take effect. The no command disables this feature. Example Product Related Topics
amnesiac (config) # protocol mapi encrypted delegation enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead Windows Domain Authentication Delegation Commands
320
Riverbed Command-Line Interface Reference Manual
protocol mapi encrypted enable
Configuration-Mode Commands
protocol mapi encrypted enable
Description Syntax Parameters Usage Enables encrypted MAPI RPC traffic optimization between Outlook and Exchange. By default, this option is disabled. [no] protocol mapi encrypted enable None The basic steps to enable encrypted optimization are: The server-side Steelhead appliance must join the same Windows Domain that the Exchange server belongs to and operate as a member server. Verify that Outlook is encrypting traffic. Enable this option on the server-side and client-side Steelhead appliance. Restart the Steelhead appliance. Notes: When this option and MAPI Exchange 2007 acceleration are enabled on either Steelhead appliance, MAPI Exchange 2007 acceleration remains in effect for unencrypted connections. By default, this feature supports NTLM authentication. The Steelhead appliance passes through Kerberos encrypted traffic. Note: MAPI encryption is not supported on Windows 7. You must restart the optimization service for your changes to take effect. The no command option disables this option. Example Product Related Topics
amnesiac (config) # protocol mapi encrypted enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi 2k3 enable
Description Syntax Parameters Usage Enables Exchange MAPI 2003 acceleration, which allows increased optimization of traffic between Exchange 2003 and Outlook 2003. [no] protocol mapi 2k3 enable None MAPI optimization is enabled by default. Note: For out-of-path deployments, to optimize MAPI Exchange 2003, you must define fixedtarget, in-path rules that specify the following ports on the client-side Steelhead appliance: the Microsoft end-point mapper port: 135; the Steelhead appliance port for Exchange traffic: 7830; the Steelhead appliance port for Exchange Directory Name Service Provider Interface (NSPI) traffic: 7840. You must restart the optimization service for your changes to take effect. The no command option disables MAPI 2003 acceleration. Example
amnesiac (config) # no protocol mapi 2k3 enable amnesiac (config) # service restart
Riverbed Command-Line Interface Reference Manual
321
Configuration-Mode Commands
protocol mapi 2k7 native enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi 2k7 native enable
Description Syntax Parameters Usage Enables optimization to occur if you have Outlook 2007 and Exchange Server 2003 or Exchange Server 2007. [no] protocol mapi 2k7 native enable None Sharing calendars between Outlook 2007 and Exchange 2007 increases the number of connections (anywhere from 1 to 2 extra connections per each user sharing calendars). The connections are persistent and remain even when users are not actively checking other users calendars. Enabling this option helps keep connection counts at sustained, low levels, thereby increasing optimization. Important: In contrast to Outlook 2003, Outlook 2007 uses encrypted communication with the Exchange server by default, regardless of the Exchange Server Version (Exchange Server 2003 or Exchange Server 2007). Leaving encryption on will disable MAPI optimizations. You must disable encryption on the Exchange (Outlook) 2007 clients before enabling this option. Note: You can apply a group policy to disable encryption for the Outlook 2007 clients on a wider scale. If you have Outlook 2007, regardless of the Exchange Server version (Exchange Server 2003 or Exchange Server 2007), communication is encrypted by default. To enable optimization to take place, you must perform the following steps: 1. 2. 3. Make sure you are running v3.0.8 or higher of the Steelhead software. If you are not, you must upgrade your software. For details, see the Steelhead Management Console Users Guide. Disable encryption on the Exchange (Outlook) 2007 clients. For information, refer to your Microsoft documentation. At the Steelhead appliance CLI system prompt, enter the following command:
protocol mapi 2k7 native enable
For details on disabling encryption, see https://support.riverbed.com/kb/solution.htm?id=501700000008VT8AAM. You must restart the optimization service for your changes to take effect. The no command option disables fallback. Optimization does not occur if you specify the no command option. Example Product Related Topics
amnesiac (config) # no protocol mapi 2k7 native enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi nspi
Description Syntax Sets the Name Service Provider Interface (NSPI) port. [no] protocol mapi nspi port <port>
322
Riverbed Command-Line Interface Reference Manual
protocol mapi nspi enable
Configuration-Mode Commands
Parameters Usage
<port>
Specify the incoming Name Service Provider Interface (NSPI) port number. The default value is 7840.
In certain situations (for example, clients connecting through a firewall), you might want to force a server to listen on a single pre-defined port so that access to ports can be controlled or locked down on the firewall. In out-of-path deployments, if you want to optimize MAPI Exchange by destination port, you must define in-path rules that specify the following ports on the client-side Steelhead appliance: Port 135 - The Microsoft end-point mapper port. Port 7830 - The Steelhead appliance port used for Exchange traffic. Port 7840 - The Steelhead appliance port used for Exchange Directory Name Service Provider Interface (NSPI) traffic. If you changed the Microsoft Exchange Information Store Interface port in your environment, change port 7830 to the static port number you have configured in your Exchange environment. For further information, see Microsoft Exchange Information Store Interface at http://support.microsoft.com/default.aspx?scid=kb;en-us;270836. You must restart the optimization service for your changes to take effect. The no command option resets the NSPI port to the default value.
Example Product Related Topics
amnesiac (config) # protocol mapi nspi port 2125 amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi nspi enable
Description Syntax Parameters Usage Enables the MAPI Name Service Provider Interface (NSPI) feature. [no] protocol mapi nspi enable None NSPI is the address book subcomponent of the Exchange protocol. Enable this feature to perform latency optimization for the connection when using the Exchange 2000 Server or when the client is not using Cached Exchange mode. By default, NSPI optimization is disabled. You must restart the optimization service for your changes to take effect. The no command option disables MAPI NSPI optimization for testing purposes. Example Product Related Topics
amnesiac (config) # protocol mapi nspi enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi outlook-anywhr auto-detect
Description Syntax Enables Remote Procedure Call (RPC) over HTTP and HTTPS Auto-Detect Outlook Anywhere connections. [no] protocol mapi outlook-anywhr auto-detect
Riverbed Command-Line Interface Reference Manual
323
Configuration-Mode Commands
protocol mapi outlook-anywhr enable
Parameters Usage
None Automatically detects RPC over the HTTP and HTTPS protocols used by Outlook Anywhere. You can enable RPC over HTTP and HTTPS using this command or you can set in-path rules. The auto-detect option in the MAPI page is best for simple Steelhead configurations with only a single Steelhead at each site and when the IIS server is also handling Web sites. If the IIS server is only used as RPC Proxy, and for configurations with asymmetric routing, connection forwarding or Interceptor installations, add in-path rules that identify the RPC Proxy server IP addresses and use this command. For more information on Outlook Anywhere configuration, see the Steelhead Management Console Users Guide.
Example Product Related Topics
amnesiac (config) # protocol mapi outlook-anywhr auto-detect
Steelhead appliance show protocol mapi
protocol mapi outlook-anywhr enable
Description Syntax Parameters Usage Enables RPC over HTTP and HTTPS for Outlook Anywhere. [no] protocol mapi outlook-anywhr enable None Enables Outlook Anywhere latency optimization. Outlook Anywhere is a feature for Microsoft Exchange Server 2007 and 2010 that allows Microsoft Office Outlook 2003, 2007, and 2010 clients to connect to their Exchange servers over the Internet using the RPC over HTTP(S) Windows networking component. By default, this feature is disabled. To use this feature, you must also enable HTTP Optimization. HTTPoptimization is enabled by default. If you are using Outlook Anywhere over HTTPS, you must enable the secure inner channel and the Microsoft Internet Information Server (IIS) SSL certificate must be installed on the server-side Steelhead appliance. For more information on Outlook Anywhere, see the Steelhead Management Console Users Guide. Example Product Related Topics
amnesiac (config) # protocol mapi outlook-anywhr enable
Steelhead appliance show protocol mapi, protocol http enable
protocol mapi port
Description Syntax Parameters Sets the incoming MAPI Exchange port. [no] protocol mapi port <port> <port> Specify the MAPI port number. The default value is 7830.
324
Riverbed Command-Line Interface Reference Manual
protocol mapi port-remap enable
Configuration-Mode Commands
Usage
Specify the MAPI Exchange port for optimization. Typically, you do not need to modify the default value, 7830. If you have changed the MEISI port in your Exchange Server environment, change port 7830 to the static port number you have configured in your Exchange environment. For further information about changing (MEISI) ports, see the Microsoft Exchange Information Store Interface at: https://support.microsoft.com/kb/270836/en-us You must restart the optimization service for your changes to take effect. The no command option resets the MAPI port to the default value.
Example Product Related Topics
amnesiac (config) # protocol mapi port 2125 amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi port-remap enable
Description Syntax Parameters Usage Sets MAPI port remapping settings. [no] protocol mapi port-remap enable None You must restart the optimization service for your changes to take effect. The no command option resets the MAPI port to the default value. Example Product Related Topics
amnesiac (config) # protocol mapi port-remap enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi
protocol mapi prepop enable
Description Syntax Enables MAPI transparent prepopulation. [no] protocol mapi prepop enable | max-connections <number> | poll-interval <minutes> | timeout <seconds>]
Riverbed Command-Line Interface Reference Manual
325
Configuration-Mode Commands
protocol ms-sql default-rule query-rule
Parameters
enable maxconnections <number>
Enables MAPI transparent prepopulation. Specify the maximum number of virtual MAPI connections to the Exchange server for Outlook clients that have shut down. Setting the maximum connections limits the aggregate load on all Exchange servers through the configured Steelhead appliance. The default value varies by model; for example, on a 5520 the default is 3750. You must configure the maximum connections on both the client and serverside of the network. The no option resets max-connections to the default.
poll-interval <minutes> timeout <seconds> Usage
Specify the polling interval in minutes. The default value is 20. The no option resets max-connections to the default. Specify the time out period in seconds. The default value 96. The no option resets max-connections to the default.
This feature allows email data to be delivered between the Exchange server and the client-side appliance while the Outlook client is off-line. When a user logs into their MAPI client, the mail has already been seen by the client-side appliance and can be retrieved with LAN-like performance. This feature enables email to be optimized even though it has not been seen before by the client. You must restart the optimization service for your changes to take effect. The no command option disables MAPI prepopulation support. If you specify the no option and parameters, you do not disable MAPI prepopulation support; you reset the specified parameter to its default value.
Example Product Related Topics
amnesiac (config) # no protocol mapi prepop enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol mapi,show prepop
MS-SQL Blade Support Commands
This section describes the MS-SQL blade support commands. The commands for MS-SQL support must be implemented by Riverbed professional services. Improper use can result in undesirable effects. The MS-SQL blade supports other database applications, but you must define SQL rules to obtain maximum optimization. If you are interested in enabling the MS-SQL blade for other database applications, contact Riverbed professional services. You must restart the Steelhead service after enabling this feature.
protocol ms-sql default-rule query-rule
Description Syntax Sets MS-SQL protocol default-query rule settings. [no] protocol ms-sql default-rule query-rule rule-id <rule-id> action-id <action-id> arg-offset enable
326
Riverbed Command-Line Interface Reference Manual
protocol ms-sql default-rule rpc-rule
Configuration-Mode Commands
Parameters
rule-id <rule-id> action-id <action-id> arg-offset <arg-offset>
Specify and MS-SQL protocol query-rule ID. Specify an MS-SQL protocol query-rule action-id. Specify a protocol query-rule argument off-set.
Usage Example Product Related Topics
The no command option disables query rule settings.
amnesiac (config) # protocol ms-sql default-rule query-rule rule-id 10 enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql default-rule rpc-rule
Description Syntax Parameters Sets MS-SQL protocol default query rule settings. [no] protocol ms-sql default-rule rpc-rule rule-id <rule-id> action-id <action-id> [arg-offset | enable] rule-id <rule-id> action-id <action-id> arg-offset <arg-offset> Usage Example Product Related Topics Specify and MS-SQL protocol RPC-rule ID. Specify an ID that uniquely identifies a match. Specify a protocol RPC-rule argument off-set.
The no command option disables default query rule ID.
amnesiac (config) # protocol ms-sql default-rule rpc-rule rule-id 12 enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql enable
Description Syntax Parameters Enables MS-SQL blade support. Enabling the MS-SQL blade supports MS Project optimization. [no] protocol ms-sql enable None
Riverbed Command-Line Interface Reference Manual
327
Configuration-Mode Commands
protocol ms-sql fetch-next enable
Usage
The commands for MS-SQL support must be implemented by Riverbed professional services. Improper use can result in undesirable effects. The MS-SQL blade supports other database applications, but you must define SQL rules to obtain maximum optimization. If you are interested in enabling the MS-SQL blade for other database applications, contact Riverbed professional services. You must restart the Steelhead service after enabling this feature. The no command option disables SQL blade support.
Example Product Related Topics
amnesiac (config) # protocol ms-sql enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql fetch-next enable
Description Enables pre-fetching requests to request the next row in MS Project. The server-side Steelhead appliance pre-fetches sequential row results and the client-side Steelhead appliance caches them. You decide which cursors or queries are cacheable. [no] protocol ms-sql fetch-next enable None To determine which cursors or queries are cacheable, you configure rules. By default, all fetch next queries are cacheable. You must restart the Steelhead service after enabling this feature. The no command option removes pre-fetching requests. Example Product Related Topics
amnesiac (config) # protocol ms-sql fetch-next enable amnesiac (config) # service restart
Syntax Parameters Usage
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql num-preack
Description Syntax Parameters Usage Specify the maximum number of sp_execute (or save project) requests to pre-acknowledge before waiting for a server response to be returned. [no] protocol ms-sql num-preack <number-preack> <numberpreack> Specify the maximum number of pre-acknowledgements. The default value is 5.
You can enable pre-acknowledgement if the client application does not need a result value from the server. For example, when you save a project in MS Project, server-side procedures are invoked many times to write or update database data. To maximize optimization, the protocol ms-sql num-preack command limits the number of pre-acknowledgements from the server. The no command option disables pre-acknowledgement.
Example
amnesiac (config) # protocol ms-sql num-preack 6 amnesiac (config) # service restart
328
Riverbed Command-Line Interface Reference Manual
protocol ms-sql port
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql port
Description Syntax Parameters Usage Example Product Related Topics Specify the server port to listen on for SQL requests. [no] protocol ms-sql port <port> <port> Specify the SQL server port to listen on for requests. The default value is 1433.
The no command option resets the SQL server port to the default value.
amnesiac (config) # protocol ms-sql port 2433 amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql query-act rule-id action-id num-reps
Description Syntax Specify a query action when the corresponding query match occurs. [no] protocol ms-sql query-act rule-id <rule_id> action-id <action_id> num-reps <num_reps> | invalidate {flush-all | flush-rule}] [miss-policy <policy> | allow-preack {true | false} | scope {sfe | cfe}]] rule-id <rule_id> action-id <action_id> num-reps <num_reps> invalidate <invalidate_action> {flush-all | flush-rule} miss-policy <policy> allow-preack {true | false} scope {sfe | cfe} Usage Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify how many times the action is to be repeated. Invalidates the specified action: flush-all or flush-rule.
Parameters
Specify the MS-SQL cache miss policy. Specify whether to allow the MS-SQL pre-acknowledgment (true) or not (false). Specify MS-SQL scope: sfe or cfe.
You can specify the following types of actions: prefetch requests as specified in query argument actions. invalidate prefetched cache entries. The no command option disables the query action.
Example
amnesiac (config) # protocol ms-sql query-act rule-id 10 action-id 1 num-reps 1 miss-policy 1 amnesiac (config) # service restart
Riverbed Command-Line Interface Reference Manual
329
Configuration-Mode Commands
pprotocol ms-sql query-arg-act rule-id action-id arg-offset expr
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
pprotocol ms-sql query-arg-act rule-id action-id arg-offset expr
Description Syntax Parameters Specify how the query arguments should be modified when prefetching queries. [no] protocol ms-sql query-arg-act rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expression> rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expression> Usage Example Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify the SQL query argument to be modified. Specify the SQL query expression.
The no command option disables the SQL query argument.
amnesiac (config) # protocol ms-sql query-arg-act rule-id 1 action-id 1 arg-offset 15 expr "select *" amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql query-arg-act rule-id action-id arg-offset expr
Description Syntax Parameters Specify how the query arguments should be modified when prefetching queries. [no] protocol ms-sql query-arg-act rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expression> rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expression> Usage Example Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify the SQL query argument to be modified. Specify the SQL query expression.
The no command option disables the SQL query argument.
amnesiac (config) # protocol ms-sql query-arg-act rule-id 1 action-id 1 arg-offset 15 expr "select *" amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
330
Riverbed Command-Line Interface Reference Manual
protocol ms-sql query-rule rule-id app-name-regex query-regex
Configuration-Mode Commands
protocol ms-sql query-rule rule-id app-name-regex query-regex
Description Syntax Parameters Specify how the query arguments should be modified when prefetching queries. [no] protocol ms-sql query-rule rule-id <rule-id> app-name-regex <app_name> query-regex <query-regex> rule-id <rule_id> app-name-regex <app_name> query-regex <queryregex> Usage Example Specify the rule identification number that uniquely identifies the rule. Specify the client application name (standard string expression). Specify string specifying regex match for RPC query.
The no command option disables the SQL query argument.
amnesiac (config) # protocol ms-sql query-rule rule-id 3 app-name-regex test queryregex "string specifying regex match for RPC query" amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql rpc-act rule-id action-id
Description Syntax Specify an RPC action when a match occurs. [no] protocol ms-sql rpc-act rule-id <rule_id> action-id <action_id> [[num-reps <num_reps> | invalidate {flush-all | flush-rule}] [miss-policy <policy> | allow-preack {true | false} | allow-prefetch {true | false} | scope {sfe | cfe}]] rule-id <rule_id> action-id <action_id> num-reps <num_reps> invalidate <invalidate_action> {flush-all | flush-rule} miss-policy <policy> allow-preack {true | false} allow-prefetch {true | false} scope {sfe | cfe} Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify how many times the action is to be repeated Invalidates the specified action: flush-all or flush-rule.
Parameters
Specify the MS-SQL cache miss policy. Specify whether to allow the MS-SQL pre-acknowledgment (true) or not (false). Specify whether to allow MS-SQL pre-fetch (true) or not (false). Specify MS-SQL scope: sfe or cfe.
Riverbed Command-Line Interface Reference Manual
331
Configuration-Mode Commands
protocol ms-sql rpc-arg rule-id action-id arg-offset expr
Usage
You can specify the following types of actions: prefetch requests as specified in query argument actions. invalidation of prefetched cache entries. whether the fetch next requests can be prefetched. whether spe_execute requests can be pre-acknowledged. The no command option disables the RPC action.
Example
amnesiac (config) # protocol ms-sql rpc-act rule-id 2 action-id 1 invalidate flushall amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql rpc-arg rule-id action-id arg-offset expr
Description Syntax Parameters Specify how the RPC argument should be modified when prefetching queries. [no] protocol ms-sql rpc-arg rule-id <rule_id> action-id <action_id> expr <expr> rule-id <rule_id> action-id <action_id> arg-offset <arg_offset> expr <expr> Usage Example Specify the rule identification number that uniquely identifies the rule. Specify the action identification number that uniquely identifies this action within the rule. Specify the RPC argument parameter. Specify the regular expression for the RPC value.
The no command option disables the RPC argument.
amnesiac (config) # protocol ms-sql rpc-arc rule-id 1 arg-offset 1 expr "replace select PROJ_READ_COUNT, PROJ_LOCKED, PROJ_READ_WRITE,PROJ_READ_ONLY, PROJ_ID, PROJ_MACHINE_ID, PROJ_DATA_SOURCE from MSP_PROJECTS where PROJ_NAME = '$1' " amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql rpc-arg-act rule-id arg-offset expr
Description Syntax Parameters Specify a RPC argument used to determine if the RPC request matches a rule. [no] protocol ms-sql rpc-arg-act rule-id <rule_id> arg-offset <arg_offset> expr <expr> rule-id <rule_id> arg-offset <arg_offset> expr <expr> Usage Specify the rule identification number that uniquely identifies the rule. Specify the RPC argument parameter. Specify the regular expression for the RPC value.
The no command option disables the RPC argument.
332
Riverbed Command-Line Interface Reference Manual
protocol ms-sql rpc-rule rule-id app-name-regex
Configuration-Mode Commands
Example
amnesiac (config) # protocol ms-sql rpc-arg-act rule-id 2 arg-offset 1 arg-offset 0 expr "replace select PROJ_READ_COUNT, PROJ_LOCKED, PROJ_READ_WRITE,PROJ_READ_ONLY, PROJ_ID, PROJ_MACHINE_ID, PROJ_DATA_SOURCE from MSP_PROJECTS where PROJ_NAME = '$1' " amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
protocol ms-sql rpc-rule rule-id app-name-regex
Description Syntax Specify the RPC rule. [no] protocol ms-sql rpc-rule rule-id <rule-id <rule_id> app-name-regex <app_name> {[rpc-id <rpc_id> num-params <num_params>] | [rpc-query-regex <regex_match_for_rpc_query_string>] | [cursor-type <cursor_type>]} rule-id <rule_id> app-name-regex <app_name> rpc-id <rpc_id> num-params <num_params> rpc-query-regex <regex_match_for_rpc_query_s tring> cursor-type <cursor_type> Specify the rule identification number that uniquely identifies the rule. Specify the client application name (standard string expression). Specify the RPC identifier. Specify the expected number of parameters in the SQL query. Specify the RPC name (standard string expression).
Parameters
Specify the cursor type for the RPC query. Depending on cursor type, the client can read forward or backward, from beginning or end, or read an arbitrary position in the result set: forward-only - Only the next rows can be read. The row pointer cannot be moved back. dynamic - The rows must be read in forward or reverse relative to current row pointer. The row pointer cannot be moved to an arbitrary index except for first and last positions. static - The rows can be read forward or reverse or at an arbitrary position.
Usage Example
The no command option disables the rule.
amnesiac (config) # protocol ms-sql rpc-rule rule-id 1 app-name-regex test rpc-id 2 num-params 1 rpc-query-regex test cursor-type static amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ms-sql
Riverbed Command-Line Interface Reference Manual
333
Configuration-Mode Commands
protocol ms-sql support-app
protocol ms-sql support-app
Description Syntax Parameters Specify a regular expression (standard string) for an application name that can be optimized using the MS-SQL blade. [no] protocol ms-sql support-app <name> collation <collation> | misc <misc> | unicode {-1, 0, 1} support-app <name> collation <collation> misc <misc> unicode {-1, 0, 1} Usage Example Product Related Topics Specify the name of the application to be supported by the MS-SQL blade. Specify MS-SQL protocol collation mode settings. Specify MS-SQL protocol miscellaneous settings. Specify the unicode character set: -1, 0 or 1.
The no command option removes the application from MS-SQL blade support.
amnesiac (config) # protocol ms-sql support-app msproject amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol ms-sql
FTP Support Commands
This section describes the FTP support commands.
protocol ftp port
Description Syntax Parameters Usage Example Product Related Topics Configures FTP port settings. [no] protocol ftp port <port> port <port> Specify the FTP port.
The no command option disables the FTP port.
amnesiac (config) # protocol ftp port 2243
Steelhead appliance, Cloud Steelhead show protocol ftp
protocol ftp port enable
Description Syntax Parameters Usage Enables FTP port settings. [no] protocol ftp port <port> enable port <port> Specify the FTP port.
The no command option disables the FTP port.
334
Riverbed Command-Line Interface Reference Manual
protocol nfs alarm v2-v4 clear
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ftp port 2243 enable
Steelhead appliance, Cloud Steelhead show protocol ftp
NFS Support Commands
This section describes the NFS support commands.
protocol nfs alarm v2-v4 clear
Description Syntax Parameters Usage Resets the NFS v2 and v4 alarm. [no] protocol nfs alarm v2-v4 clear None You can also access this command in enable-mode. The no command option sets the NFS v2 and v4 alarm. Example Product Related Topics
amnesiac (config) # protocol nfs alarm v2-v4 clear
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs default server
Description Syntax Configures default settings for NFS servers. [no] protocol nfs default server {direntrymap <cr> | policy [custom | global_rw] | read-ahead [small-files <cr> | transfer-size <size>] | read-dir [optimize <cr> | read-size <size>] | threshold multiple <multiple> | write [optimize <cr> | max-data <max>]}
Riverbed Command-Line Interface Reference Manual
335
Configuration-Mode Commands
protocol nfs default volume
Parameters
direntrymap <cr> policy [custom | global_rw]
Enables the directory entry map. Specify one of the following policies: custom - Enables you to turn on or off the root squash feature for NFS volumes from this server. global-rw - Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration.
read-ahead [small-files <cr> |transfer-size <size>] read-dir [optimize <cr> | read-size <size>] threshold multiple <multiple> write [optimize <cr> | max-data <max> Usage Example Product Related Topics
Enables read-ahead for small files; sets the transfer size in bytes.
Enables read optimization for the directory; sets the read size in bytes. Specify the threshold multiple. Enables write optimization for the directory; sets the maximum write size in bytes.
The no command option resets the value of a given option. For example, no protocol nfs default server policy resets the policy to the default value.
amnesiac (config) # protocol nfs default server read-dir optimize
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs default volume
Description Syntax Configures default settings for the NFS volumes. [no] protocol nfs default volume {perm_cache | policy [custom | global_rw] |root-squash <cr>}
336
Riverbed Command-Line Interface Reference Manual
protocol nfs enable
Configuration-Mode Commands
Parameters
perm_cache
Enables a permission cache. Specify this option if the server uses ACLs or if your server is configured to map client user IDs. This option enables the Steelhead appliance to optimize traffic without violating the permissions model. Specify one of the following policies: custom - Enables you to turn on or off the root squash feature for NFS volumes from this server. global-rw - Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration.
policy [custom | global_rw]
root-squash <cr>
Enables root squashing. Root-squashing allows an NFS server to map any incoming user ID 0 or guest ID 0 to another number that does not have super user privileges, often -2 (the nobody user).
Usage
NFS file system objects have owners and permissions and the NFS optimizer conforms to the file system permissions model by enforcing file server and volume policies. The no command option resets the value of a given option.
Example Product Related Topics
amnesiac (config) # protocol nfs default volume root-squash
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs enable
Description Enables the NFS optimizer. The NFS optimizer provides latency optimization improvements for NFS operations primarily by prefetching data, storing it on the client Steelhead appliance for a short amount of time, and using it to respond to client requests. [no] protocol nfs enable None The no command option disables the NFS optimizer.
amnesiac (config) # protocol nfs enable
Syntax Parameters Usage Example Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs max-directories
Description Syntax Parameters Sets the maximum size of NFS directories. [no] protocol nfs max-directories <bytes> <bytes> Specify a number of bytes between 0 and 4294967295.
Riverbed Command-Line Interface Reference Manual
337
Configuration-Mode Commands
protocol nfs max-symlinks
Usage Example Product Related Topics
The no command option resets the size to the default.
amnesiac (config) # protocol nfs max-directories 4294967295
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs max-symlinks
Description Syntax Parameters Usage Example Product Related Topics Specify, in bytes, the maximum size of NFS symbolic link directories. [no] protocol nfs max-symlinks <bytes> <bytes> Specify a number of bytes between 0 and 4294967295.
The no command option resets the size to the default.
amnesiac (config) # protocol nfs max-symlinks 4294967295
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs memory
Description Syntax Parameters Usage Example Product Related Topics Specify, in percent, the soft-limit size (warning threshold) and hard-limit size (error threshold) of memory usage. [no] protocol nfs memory [soft-limit <percent> | hard-limit <percent>] <percent> Specify a percent to establish the respective thresholds.
The no command option resets the limit to the default.
amnesiac (config) # protocol nfs memory hard-limit 95
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs server
Description Syntax Configures settings for the specified NFS server. [no] protocol nfs server <name> default volume enable | default volume perm-cache | default volume policy [custom | global_rw | read_only] | default volume root-squash| direntrymap <cr> | ip <address> | policy [custom | global_rw | read_only] | read-ahead [small-files <cr> | transfer-size <size>] | read-dir [optimize <cr> | read-size <size>] | threshold multiple <multiple> | volume id <fsid> <cr> volume id <fsid> policy [custom | global_rw | home_dir] volume id <fsid> root-squash write [optimize <cr> | max-data <max>]
338
Riverbed Command-Line Interface Reference Manual
protocol nfs server
Configuration-Mode Commands
Parameters
<name> default volume enable default volume permcache default volume policy [custom | global_rw | read_only]
Specify the name of the NFS server. Enables defaults to be used by all volumes on the server. Enables the permission cache. Specify the default volume policy to the type specified: custom - Enables you to turn on or off the root squash feature for NFS volumes from this server. global-rw - Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. read-only - Any client can read the data on the NFS server or volume but cannot make changes.
default volume root-squash
Enables root-squashing by default on new volumes. Root-squashing allows an NFS server to map any incoming user ID 0 or guest ID 0 to another number that does not have super user privileges, often -2 (the nobody user). Enables the directory entry map. Specify the IP address of the NFS server. On the NFS server, sets one of the following policies: custom - Enables you to turn on or off the root squash feature for NFS volumes from this server. global-rw - Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. read-only - Any client can read the data on the NFS server or volume but cannot make changes.
direntrymap <cr> ip <address> policy [custom | global_rw | read_only]
read-ahead [smallfiles <cr> |transfersize <size>] read-dir [optimize <cr> | read-size <size>] threshold multiple <multiple> volume id <fsid> <cr>
Enables read-ahead for small files; sets the transfer size in bytes.
Enables read optimization for the directory and sets the read size in bytes. Specify the threshold multiple. Specify the file system volume identification (ID).
Riverbed Command-Line Interface Reference Manual
339
Configuration-Mode Commands
protocol nfs v2-v4-alarm
volume id <fsid> policy [custom | global_rw | read_only]
Specify the file system ID and policy. On the specified volume, sets one of the following policies: custom - Enables you to turn on or off the root squash feature for NFS volumes from this server. global-rw - Specify a policy that provides a trade-off of performance for data consistency. All of the data can be accessed from any client, including LAN based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. read-only - Any client can read the data on the NFS server or volume but cannot make changes.
volume id <fsid> rootsquash write [optimize <cr> | max-data <max> Usage
Enables root-squashing on the specified volume. Enables write optimization for the directory; sets the maximum write size in bytes.
NFS objects have owners and permissions and the NFS optimizer conforms to the file system permissions model by enforcing file server and volume policies. The no command option disables the NFS server.
Example Product Related Topics
amnesiac (config) # protocol nfs server exampleserver volume id 21
Steelhead appliance, Cloud Steelhead show protocol nfs
protocol nfs v2-v4-alarm
Description Syntax Parameters Usage Example Product Related Topics Enables the NFS v2 and v4 alarm. [no] protocol nfs v2-v4-alarm None The no command option disables the alarm.
amnesiac (config) # protocol nfs v2-v4-alarm
Steelhead appliance, Cloud Steelhead show protocol nfs
HTTP Support Commands
This section describes the HTTP support commands.
340
Riverbed Command-Line Interface Reference Manual
protocol http enable
Configuration-Mode Commands
protocol http enable
Description Enables HTTP acceleration, which prefetches and caches objects embedded in Web pages to improve HTTP traffic performance. Enabling HTTP module support optimizes traffic to or from port 80. HTTP optimization works for most HTTP and HTTPS applications, including SAP, Customer Relationship Management, Enterprise Resource Planning, Financials, Document Management, and Intranet portals. [no] protocol http enable None
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
341
Configuration-Mode Commands
protocol http enable
Usage
A typical Web page is not a single file that is downloaded all at once. Instead, Web pages are composed of dozens of separate objectsincluding .jpg and .gif images, JavaScript code, cascading style sheets, and moreeach of which must be requested and retrieved separately, one after the other. Given the presence of latency, this behavior is highly detrimental to the performance of Web-based applications over the WAN. The higher the latency, the longer it takes to fetch each individual object and, ultimately, to display the entire page. URL Learning - The Steelhead appliance learns associations between a base request and a follow-on request. This feature is most effective for Web applications with large amounts of static content, for example, images, style sheets, and so on. Instead of saving each object transaction, the Steelhead appliance saves only the request URL of object transactions in a Knowledge Base and then generates related transactions from the list. This feature uses the Referer header field to generate relationships between object requests and the base HTML page that referenced them and to group embedded objects. This information is stored in an internal HTTP database. The following objects are retrieved by default: .gif, .jpg, .css, .js, .png. You can add additional object types to be retrieved. Parse and Prefetch - The Steelhead appliance includes a specialized algorithm that determines which objects are going to be requested for a given Web page and prefetches them so that they are readily available when the client makes its requests. This feature complements the URL Learning feature by handling dynamically generated pages and URLs that include state information. Parse and Prefetch essentially reads a page, finds HTML tags that it recognizes as containing a prefetchable object, and sends out prefetch requests for those objects. Typically, a client would need to request the base page, parse it, and then send out requests for each of these objects. This still occurs, but with Parse and Prefetch the Steelhead appliance has quietly perused the page before the client receives it and has already sent out the requests. This allows it to serve the objects as soon as the client requests them, rather than forcing the client to wait on a slow WAN link. For example, when an HTML page contains the tag <img src=my_picture.gif>, the Steelhead appliance prefetches the image my_picture.gif because it parses an img tag with an attribute of src by default. The HTML tags that are prefetched by default are base/href, body/background, img/src, link/href, and script/src. You can add additional object types to be prefetched. Removal of Unfetchable Objects - The Steelhead appliance removes unfetchable objects from the URL Learning Knowledge Base. Object Prefetch Table - The Steelhead appliance stores object prefetches from HTTP GET requests for cascading style sheets, static images, and Java scripts. This helps the client-side Steelhead appliance respond to If-Modified-Since (IMS) requests and regular requests from the client, thus cutting back on round trips across the WAN. This feature is useful for applications that use a lot of cacheable content. Persistent Connections - The Steelhead appliance uses an existing TCP connection between a client and a server to prefetch objects from the Web server that it determines are about to be requested by the client. Many Web browsers open multiple TCP connections to the Web server when requesting embedded objects. Typically, each of these TCP connections go through a lengthy authentication dialog before the browser can request and receive objects from the Web server on that connection. NTLM is a Microsoft authentication protocol which employs a challenge-response mechanism for authentication, in which clients are required to prove their identities without sending a password to a server. NTLM requires the transmission of three messages between the client (wanting to authenticate) and the server (requesting authentication). For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables HTTP module support.
Example Product Related Topics
amnesiac (config) # protocol http enable
Steelhead appliance, Cloud Steelhead show protocol http
342
Riverbed Command-Line Interface Reference Manual
protocol http metadata-resp extension
Configuration-Mode Commands
protocol http metadata-resp extension
Description Syntax Parameters Usage Specify the object extensions to add to the cache. By default the Steelhead appliance prefetches .jpg, .gif, .js, .png, and .css object extensions. [no] protocol http metadata-resp extension <extension> <extension> Specify the type of extension. The default value is 86,400 seconds.
Use only when the browser or application performs IMS checks and recognizes the control headers. The no command option removes the extension type from the cache.
Example Product Related Topics
amnesiac (config) # no protocol http metadata-resp extension css
Steelhead appliance, Cloud Steelhead show protocol http
protocol http metadata-resp max-time
Description Syntax Parameters Usage Sets the maximum number of seconds the HTTP optimization cache stores the object information. [no] protocol http metadata-resp max-time <seconds> <seconds> Specify the maximum time for the cache to store objects. The default value is 86,400 seconds.
This setting specifies the maximum lifetime of the stored object. During this lifetime, any qualified If-Modified-Since (IMS) request or regular request from the client receives an HTTP 304 response, indicating that the resource for the requested object has not changed since stored. The no command option resets the value.
Example Product Related Topics
amnesiac (config) # protocol http metadata-resp max-time 60000
Steelhead appliance, Cloud Steelhead show protocol http
protocol http metadata-resp min-time
Description Syntax Parameters Usage Sets the minimum number of seconds the HTTP optimization cache stores the object information. [no] protocol http metadata-resp min-time <number of seconds> <number of seconds> Specify the seconds for the cache to store objects. The default value is 60 seconds.
This setting specifies the minimum lifetime of the stored object. During this lifetime, any qualified If-Modified-Since (IMS) request or regular request from the client receives an HTTP 304 response, indicating that the resource for the requested object has not changed since stored. The no command option resets the cache minimum time.
Example
amnesiac (config) # protocol http metadata-resp min-time 10
Riverbed Command-Line Interface Reference Manual
343
Configuration-Mode Commands
protocol http prefetch
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol http
protocol http prefetch
Description Syntax Parameters Specify file extensions or the tag you want to prefetch for HTTP optimization. [no] protocol http prefetch {extension <ext> | tag <tag> attribute <tag attribute>} extension <ext> tag <tag> attribute <attribute> Usage Specify a file extension to add to the list of file types to prefetch. Specify the tag and the attributes to add or modify.
Use this command if your application uses custom tags for an object. By default the Steelhead appliance prefetches .jpg, .gif, .js, .png, and .css object extensions. The no command option removes the extension.
Example Product Related Topics
amnesiac (config) # no protocol http prefetch extension css
Steelhead appliance, Cloud Steelhead show protocol http
protocol http server-subnet
Description Syntax Specify an IP address and mask pattern for the server subnet on which to accelerate HTTP traffic. [no] protocol http server-subnet <network> <cr> | [ parse-prefetch <yes | no> | [url-learning <yes | no>] | [reuse-auth <yes | no>] | [strip-auth-hdr <yes | no>] | [gratuitous-401 <yes | no>] | [force-nego-ntlm <yes | no>] | [strip-compress <yes | no>] | [insert-cookie <yes | no>] | [obj-pref-table <yes | no>] | [insrt-keep-aliv <yes | no>] <network> <cr> parseprefetch <yes | no> Specify the HTTP server subnet. Use the following format: XXX.XXX.XXX.XXX/XX Specify to enable Parse and Prefetch, which parses the base HTML page received from the server and prefetches any embedded objects to the client-side Steelhead appliance. This option complements URL Learning by handling dynamically generated pages and URLs that include state information. When the browser requests an embedded object, the Steelhead appliance serves the request from the prefetched results, eliminating the round-trip delay to the server. The prefetched objects contained in the base HTML page can be images, style sheets, or any Java scripts associated with the base page and located on the same host as the base URL. Parse and Prefetch requires cookies. If the application does not use cookies, you can insert one using the insert-cookie option.
Parameters
344
Riverbed Command-Line Interface Reference Manual
protocol http server-subnet
Configuration-Mode Commands
url-learning <yes | no>
Specify to enable URL Learning, which learns associations between a base URL request and a follow-on request. Stores information about which URLs have been requested and which URLs have generated a 200 OK response from the server. This option fetches the URLs embedded in style sheets or any JavaScript associated with the base page and located on the same host as the base URL. URL Learning works best with non-dynamic content that does not contain session-specific information. URL Learning is enabled by default. Your system must support cookies and persistent connections to benefit from URL Learning. If your system has cookies turned off and depends on URL rewriting for HTTP state management, or is using HTTP v1.0 (with no keepalives), you can force the use of cookies using the Add Cookie option and force the use of persistent connections using the Insert Keep Alive option.
reuse-auth <yes | no>
Specify to allow an unauthenticated connection to serve prefetched objects, as long as the connection belongs to a session whose base connection is already authenticated. This option is most effective when the Web server is configured to use perconnection NTLM or Kerberos authentication.
strip-authhdr <yes | no>
Specify to remove all credentials from the request on an already authenticated connection. This works around Internet Explorer behavior that re-authorizes connections that have previously been authorized. This option is most effective when the Web server is configured to use perconnection NTLM authentication. Important: If the Web server is configured to use per-request NTLM authentication, enabling this option might cause authentication failure.
gratuitous401 <yes | no>
Specify to prevent a WAN round trip by issuing the first 401 containing the realm choices from the client-side Steelhead appliance. Riverbed recommends enabling Strip Auth Header along with this option. This option is most effective when the Web server is configured to use perconnection NTLM authentication or per-request Kerberos authentication. Important: If the Web server is configured to use per-connection Kerberos authentication enabling this option might cause additional delay.
force-negontlm <yes | no>
In the case of negotiated Kerberos and NTLM authentication, specify to force NTLM. Kerberos is less efficient over the WAN because the client must contact the Domain Controller to answer the server authentication challenge and tends to be employed on a per-request basis. Riverbed recommends enabling strip-auth-hdr along with this option. This setting is disabled by default.
stripcompress <yes | no>
Specify yes to enable this feature; specify no to disable it. Removes the accept-encoding lines from the HTTP compression header. An accept-encoding directive compresses content rather than using raw HTML. Enabling this option improves the performance of the Steelhead appliance data reduction algorithms. By default, strip compression is enabled. This setting is enabled by default.
insertcookie <yes | no>
Specify to add a cookie to HTTP applications that do not already have one. HTTP applications frequently use cookies to keep track of sessions. The Steelhead appliance uses cookies to distinguish one user session from another. If an HTTP application does not use cookies, the client Steelhead appliance inserts one so that it can track requests from the same client. By default, this setting is disabled. This setting is disabled by default.
Riverbed Command-Line Interface Reference Manual
345
Configuration-Mode Commands
protocol http servers flush
obj-preftable <yes | no>
Specify to enable the Object Prefetch Table, which stores HTTP object prefetches from HTTP GET requests for cascading style sheets, static images, and Java scripts in the Object Prefetch Table. When the browser performs If-Modified-Since (IMS) checks for cached content or sends regular HTTP requests, the client-side Steelhead appliance responds to these IMS checks and HTTP requests, cutting back on round trips across the WAN. Specify to use the same TCP connection to send and receive multiple HTTP requests and responses, as opposed to opening a new one for every single request and response. Enable this option when using the URL Learning or Parse and Prefetch features with HTTP v1.0 or HTTP v1.1 applications using the Connection Close method. This setting is disabled by default.
insrt-keepaliv <yes | no>
Usage
Create a server subnet to optimize. Eliminates the need to add servers one at a time. The no command option removes the subnet from the list to optimize.
Example Product Related Topics
amnesiac (config) # protocol http server-subnet 10.10.10.10/24 cache yes amnesiac (config) # protocol http server-subnet 10.10.10.10/24 url-learning no
Steelhead appliance, Cloud Steelhead show protocol http
protocol http servers flush
Description Syntax Parameters Usage Example Product Related Topics Flushes all HTTP server entries. [no] protocol http servers flush None The no command option removes all server entries.
amnesiac (config) # protocol http servers flush
Steelhead appliance, Cloud Steelhead show protocol http
Lotus Notes Commands
This section describes the Lotus Notes support commands.
protocol notes enable
Description Syntax Parameters Enables Lotus Notes optimization. [no] protocol notes enable None
346
Riverbed Command-Line Interface Reference Manual
protocol notes port
Configuration-Mode Commands
Usage
Lotus Notes is a client-server collaborative application that provides email, instant messaging, calendar, resource, and file sharing. RiOS provides latency and bandwidth optimization for Lotus Notes v6.0 and later traffic across the WAN, accelerating email attachment transfers and server-toserver or client-to-server replications. RiOS saves bandwidth by automatically disabling socket compression (which makes SDR more effective), and by decompressing Huffman-compressed attachments and LZ-compressed attachments when they are sent or received and recompressing them on the other side. This allows SDR to recognize attachments which have previously been sent in other ways, that is; over CIFS, HTTP, or other protocols, and also allows SDR to optimize the sending and receiving of attachments that are slightly changed from previous sends and receives. To use this feature both the client-side and server-side Steelhead appliances must be running RiOS v5.5.x or later. Enabling Lotus Notes provides latency optimization regardless of the compression type (Huffman, LZ, or none). RiOS can optimize Lotus Notes with port encryption on or off. To optimize Lotus Notes with port encryption and decryption, both the client-side and server-side Steelhead appliances must be running RiOS v6.0.x or later. The client-side and server-side Steelhead appliances become a trusted part of the Lotus client-server security model to retrieve the session ID keys. Enabling Lotus Notes provides latency optimization regardless of the compression type (Huffman, LZ, or none). RiOS can optimize Lotus Notes with port encryption on or off. To optimize Lotus Notes with port encryption and decryption, both the client-side and server-side Steelhead appliances must be running RiOS v6.0.x or later. The client-side and server-side Steelhead appliances become a trusted part of the Lotus client-server security model to retrieve the session ID keys. When optimizing Lotus Notes traffic with encryption on, you can optionally use the Steelhead inner channel trust to ensure all Notes traffic sent between the client-side and the server-side Steelhead appliances are secure. Before enabling Lotus Notes optimization: Optionally, you can turn off port-level encryption as follows: From the Lotus Notes client in the Management Console, select File > Preferences > User Preferences > Communication Ports > TCP/IP and clear the Encrypt network data check box. From the server administrative client in the Management Console, select Server > Port > Setup, clear the Encrypt network data check box, and restart the server. Enabling this feature automatically disables socket level compression. The secure vault must be unlocked to import the Domino Certifier ID session keys. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # protocol notes enable
Steelhead appliance, Cloud Steelhead protocol notes pull-repl enable, show protocol notes, show stats bandwidth
protocol notes port
Description Syntax Parameters Usage Example Configures the Lotus Notes port for optimization. Typically, you do not need to modify the port. [no] protocol notes port port Specify the port for optimization. The default value is 1352.
The no command option reverts to the default port.
amnesiac (config) # protocol notes port 1222
Riverbed Command-Line Interface Reference Manual
347
Configuration-Mode Commands
protocol notes pull-repl enable
Product Related Topics
Steelhead appliance, Cloud Steelhead protocol notes enable, protocol notes port, protocol notes pull-repl enable, show protocol notes, show stats bandwidth
protocol notes pull-repl enable
Description Syntax Parameters Usage Enables pull replication for Lotus Notes protocol connections. [no] protocol notes pull-repl enable None In pull replication, the current Steelhead appliance requests information from the source Steelhead appliance. The request specifies the information that the current Steelhead appliance needs, based on its knowledge of changes already received from the source Steelhead appliance and from all other domain controllers in the domain. When the current Steelhead appliance receives information from the source, it updates that information. The current Steelhead appliances next request to the source Steelhead appliance excludes the information that has already been received and applied. The no command disables this feature. Example Product Related Topics
amnesiac (config) # protocol notes pull-repl enable
Steelhead appliance, Cloud Steelhead show protocol notes
Citrix Support Commands
This section describes the Citrix support commands.
protocol citrix enable
Description Syntax Parameters Usage Enables Citrix optimization. [no] protocol citrix enable None To consolidate operations, some organizations install thin clients in their branch offices and install a Citrix Presentation Server in the data center to front-end the applications. The proprietary protocol that Citrix uses to move updates between the client and the server is called ICA (Independent Computing Architecture). The thin clients at the branch offices have a Citrix ICA client accessing the services at the data center which are front-ended by a Citrix Presentation Server (also called Citrix Metaframe Server in earlier versions). RiOS v6.0 and later provides the following ways to recognize, prioritize, and optimize Citrix traffic: Optimize the native ICA traffic bandwidth. Classify and shape Citrix ICA traffic using QoS. For details on shaping Citrix traffic using QoS, see the Riverbed Deployment Guide. The no command option disables this feature.
348
Riverbed Command-Line Interface Reference Manual
protocol citrix ica
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol citrix enable
Steelhead appliance, Cloud Steelhead show protocol citrix
protocol citrix ica
Description Syntax Parameters Usage Example Product Related Topics Configures the Citrix ICA port for optimization. Typically, you do not need to modify the port. [no] protocol citrix ica port <port> <port> Specify the Citrix ICA port for optimization. The default value is 1494.
The no command option reverts to the default port.
amnesiac (config) # protocol citrix ica port 1222
Steelhead appliance, Cloud Steelhead show protocol citrix
protocol citrix secure-ica enable
Description Syntax Parameters Usage Enables Citrix SecureICA encryption. [no] protocol citrix secure-ica enable None Citrix SecureICA optimization will not function properly while either or both ICA port 1494 and CGP port 2598 are in the Interactive Port Label list. To view port labels, see show port-label. To remove a port label, see Port Label Commands on page 188. The no command option disables SecureICA. Example Product Related Topics
amnesiac (config) # protocol citrix secure-ica enable
Steelhead appliance, Cloud Steelhead show protocol citrix
protocol citrix session reliability port
Description Syntax Parameters Configures the Common Gateway Protocol (CGP) connections. Typically, you do not need to modify the port. [no] protocol citrix session reliability port <port> <port> Specify the port number for CGP connections. The session reliability port uses CGP to keep the session window open even if the connection to the application experiences an interruption. The session window remains open while the system restores the connection. The default value is 2598.
Riverbed Command-Line Interface Reference Manual
349
Configuration-Mode Commands
protocol fcip enable
Usage
To use session reliability, you must enable Citrix optimization on the Steelhead appliance in order to classify the traffic correctly. For details, see Steelhead Management Console Users Guide. You can use session reliability with optimized traffic only. Session reliability with RiOS QoS does not support pass-through traffic. For details about disabling session reliability, go to http:// support.citrix.com/proddocs/index.jsp?topic=/xenapp5fp-w2k8/ps-sessions-sess-rel.html The no command option reverts to the default port.
Example Product Related Topics
amnesiac (config) # protocol citrix session port 2333
Steelhead appliance, Cloud Steelhead show protocol citrix
FCIP Support Commands
This section describes the FCIP (Fiber Channel over IP) support commands. For details on FCIP optimization, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide.
protocol fcip enable
Description Enables FCIP (Fiber Channel over IP) optimization. By default, RiOS directs all traffic on the standard ports 3225, 3226, 3227, and 3228 through the FCIP optimization module. FCIP optimization is disabled by default. Environments with RF-originated SRDF traffic between VMAX arrays need additional configuration to isolate and optimize the DIFs embedded within the headers of the FCIP data payload. For details, see protocol fcip rule. Syntax Parameters [no] protocol fcip enable None
350
Riverbed Command-Line Interface Reference Manual
protocol fcip ports
Configuration-Mode Commands
Usage
Fibre Channel over TCP/IP (FCIP) is a transparent Fibre Channel (FC) tunneling protocol that transmits FC information between FC storage facilities over IP networks. FCIP is designed to overcome the distance limitations of FC. FCIP storage optimization provides support for environments using storage technology that originates traffic as FC and then uses either a Cisco MDS or a Brocade 7500 FCIP gateway to convert the FC traffic to TCP for WAN transport. To increase the data reduction LAN-to-WAN ratio with either equal or greater data throughput in environments with FCIP traffic, RiOS separates the FCIP headers from the application data workload written to storage. The FCIP headers contain changing protocol state information, such as sequence numbers. These headers interrupt the network stream and reduce the ability of SDR to match large, contiguous data patterns. After isolating the header data, the Steelhead appliance performs SDR network deduplication on the larger, uninterrupted storage data workload and LZ compression on the headers. RiOS then optimizes, reassembles, and delivers the data to the TCP consumer without compromising data integrity. Note: Environments with SRDF traffic originated through Symmetrix FC ports (RF ports) only require configuration of the RiOS FCIP storage optimization module. Traffic originated through Symmetrix GigE ports (RE ports) require configuration of the RiOS SRDF storage optimization module. For details on storage technologies that originate traffic through FC, see the Riverbed Deployment Guide. You configure the RiOS FCIP storage optimization module on the Steelhead appliance closest to the FCIP gateway that opens the FCIP TCP connection by sending the initial SYN packet. This can vary by environment. If you are unsure which gateway initiates the SYN, enable FCIP on both the client-side and server-side Steelhead appliances. Important: If you have enabled or disabled FCIP optimization or changed a port, you must restart the optimization service. The no command option disables this feature. For details, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide.
Example Product Related Topics
amnesiac (config) # protocol fcip enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol fcip rules, show protocol fcip settings
protocol fcip ports
Description Add ports to the list of FCIP ports. The default port numbers are the standard FCIP ports: 3225, 3226, 3227, and 3228. Syntax Parameters Usage [no] protocol fcip ports <port list> <port list> Specify a comma-separated list of port numbers.
Optionally, you can add FCIP port numbers separated by commas or remove a port number. Do not specify a port range For details on FCIP optimization, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. To delete one or more port number settings, use the following syntax:
no protocol fcip ports <port list> amnesiac (config) # protocol fcip ports 3225,3226,3227,3228
Example
Riverbed Command-Line Interface Reference Manual
351
Configuration-Mode Commands
protocol fcip rule
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol fcip rules, show protocol fcip settings
protocol fcip rule
Description Syntax Parameters Configures FCIP rules. [no] protocol fcip rule [src-ip <ip-addr>] [dst-ip <ip-addr>] | [dif <enable | disable>] | [difblocksize <bytes>] src-ip <ip-addr> Specify the connection source IP address of the FCIP gateway tunnel endpoints. Use the following format: XXX.XXX.XXX.XXX Note: The source IP address cannot be the same as the destination IP address. dst-ip <ip-addr> dif <enable | disable> dif-blocksize <bytes> Specify the connection destination IP address of the FCIP gateway tunnel endpoints. Use the following format: XXX.XXX.XXX.XXX Specify this option to isolate and optimize the DIFs embedded within the FCIP data workload Specify the size of a standard block of storage data, in bytes, after which a DIF header begins. The valid range is from 1 - 2048 bytes. The default value is 512, which is a standard block size for Open System environments. When you enable DIF, RiOS FCIP optimization looks for a DIF header after every 512 bytes of storage data unless you change the default setting. Open System environments (such as Windows, UNIX, and Linux) inject the DIF header into the data stream after every 512 bytes of storage data. IBM iSeries (AS/400) host environments inject the DIF header into the data stream after every 520 bytes. This parameter is required when you enable DIF. Usage For rules to take effect, FCIP optimization must be enabled by the protocol fcip enable command. Environments with RF-originated SRDF traffic between VMAX arrays need additional configuration beyond enabling FCIP optimization. You need to add FCIP rules to isolate the Data Integrity Field (DIF) headers within the FCIP data stream. These DIF headers further interrupt the data stream. You can add or remove FCIP rules by defining a match for source or destination IP traffic. The FCIP default rule optimizes all remaining traffic that has not been selected by another rule. It always appears as the last in the list. You cannot remove the default rule; however, you can change its DIF setting. The default rule uses 0.0.0.0 in the source and destination IP address fields, specifying all IP addresses. You cannot specify 0.0.0.0 as the source or destination IP address for any other rule. For details on FCIP, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. Example Product Related Topics
amnesiac (config) # protocol fcip rule src-ip 1.1.1.1 dst-ip 2.2.2.2 dif enable
Steelhead appliance, Cloud Steelhead protocol fcip enable, protocol fcip ports, show protocol fcip rules, show protocol fcip settings
352
Riverbed Command-Line Interface Reference Manual
protocol fcip stat-port
Configuration-Mode Commands
protocol fcip stat-port
Description Syntax Parameters Usage Set the port for FCIP aggregate statistics. [no] protocol fcip stat-port <port> <port> Specify the port for FCIP aggregate statistics.
You can view combined throughput and reduction statistics for two or more FCIP tunnel ports using this command. Important: If you have enabled or disabled FCIP optimization or changed a port, you must restart the optimization service. For details on FCIP, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide.
Example Product Related Topics
amnesiac (config) # protocol fcip stat-port 1243 amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol fcip rules, show protocol fcip settings
SRDF Support Commands
This section describes the SRDF (Symmetrix Remote Data Facility) support commands. For details on SRDF optimization, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide.
protocol srdf enable
Description Enables Symmetrix Remote Data Facility (SRDF) optimization. By default, RiOS directs all traffic on the standard port 1748 through the SRDF module for enhanced SRDF header isolation. Environments with RF-originated SRDF traffic between VMAX arrays need additional configuration to isolate and optimize the DIFs embedded within the headers of the data payload. For details, see protocol srdf rule on page 355. Note: RE ports are Symmetrix Fiber Channel ports. SRDF optimization is disabled by default. Syntax Parameters [no] protocol srdf enable None
Riverbed Command-Line Interface Reference Manual
353
Configuration-Mode Commands
protocol srdf ports
Usage
SRDF storage optimization provides support for environments using storage technology that originates traffic through Symmetrix GigE ports (RE ports). For details on storage technologies that originate traffic through GigE RE ports, see the Riverbed Deployment Guide. To increase the data reduction LAN-to-WAN ratio with either equal or greater data throughput in environments with SRDF traffic, RiOS separates the SRDF headers from the application data workload written to storage. The SRDF headers contain changing protocol state information, such as sequence numbers. These headers interrupt the network stream and reduce the ability of SDR to match large, contiguous data patterns. After isolating the header data, the Steelhead appliance performs SDR network deduplication on the larger, uninterrupted storage data workload and LZ compression on the headers. RiOS then optimizes, reassembles, and delivers the data to the TCP consumer without compromising data integrity. Note: Traffic originated through Symmetrix GigE ports (RE ports) require configuration of the RiOS SRDF storage optimization module. Environments with SRDF traffic originated through Symmetrix FC ports (RE ports) require configuration of the RiOS FCIP storage optimization module. For details, see protocol fcip enable on page 350. You configure the SRDF storage optimization module on the Steelhead appliance closest to the Symmetrix array that opens the SRDF TCP connection by sending the initial SYN packet. This can vary by environment. If you are unsure which array initiates the SYN, configure SRDF on both the client-side and server-side Steelhead appliances. Important: If you have enabled or disabled SRDF optimization or changed a port, you need to restart the optimization service. For details on SRDF optimization in general, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # protocol srdf enable
Steelhead appliance, Cloud Steelhead show protocol srdf rules, show protocol srdf settings
protocol srdf ports
Description Syntax Parameters Usage Add ports to the list of SRDF ports. [no] protocol srdf ports <port list> <port list> Specify a comma-separated list of ports. The default SRDF port number is 1748.
Optionally, you can add SRDF port numbers separated by commas or remove a port number. Do not specify a port range For details on SRDF optimization, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. Important: If you have enabled or disabled SRDF optimization or changed a port, you need to restart the optimization service. For details on SRDF optimization, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide.
Example Product Related Topics
amnesiac (config) # protocol srdf ports 139,445,1748
Steelhead appliance, Cloud Steelhead show protocol srdf rules, show protocol srdf settings
354
Riverbed Command-Line Interface Reference Manual
protocol srdf rule
Configuration-Mode Commands
protocol srdf rule
Description Syntax Parameters Adds or deletes a manual SRDF rule. [no] protocol srdf rule [src-ip <ip-addr>] [dst-ip <ip-addr>] | [dif <enable | disable>] | [difblocksize <bytes>] src-ip <ip-addr> Specify the connection source IP address of the Symmetrix DMX or VMAX GigE ports (RE ports) originating the replication. Note: The source IP address cannot be the same as the destination IP address. dst-ip <ip-addr> Specify the connection destination IP address of the Symmetrix DMX or VMAX GigE ports (RE ports) receiving the replication. Use the following format: XXX.XXX.XXX.XXX dif <enable | disable> dif-blocksize <bytes> Specify this option to isolate and optimize the Data Integrity Fields embedded within the SRDF data workload. For example, VMAX. Specify the size of a standard block of storage data, in bytes, after which a DIF header begins. The valid range is from 1 - 2048 bytes. The default value is 512, which is a standard block size for Open System environments. When you enable DIF, RiOS SRDF optimization looks for a DIF header after every 512 bytes of storage data unless you change the default setting. Open System environments (such as Windows, UNIX, and Linux) inject the DIF header into the data stream after every 512 bytes of storage data. IBM iSeries (AS/400) host environments inject the DIF header into the data stream after every 520 bytes. This field is required when you enable DIF. Usage Environments with GigE-based (RE port) originated SRDF traffic between VMAX arrays need to isolate DIF headers within the data stream. These DIF headers further interrupt the data stream. When the R1 Symmetrix array is running Enginuity microcode version 5875 or newer, manual SRDF rules are not necessary. In 5875+ environments, RiOS is capable of auto-detecting the presence of DIF headers and DIF blocksize for GigE-based (RE port) SRDF traffic. To manually isolate the DIF headers when the R1 Symmetrix array is running Enginuity microcode version 5874 or older, you add SRDF rules by defining a match for source or destination IP traffic. The SRDF default rule optimizes all remaining traffic that has not been selected by another rule. It always appears as the last in the list. You cannot remove the default rule; however, you can change the DIF setting of the default rule. The default rule uses 0.0.0.0 in the source and destination IP address fields, specifying all IP addresses. You cannot specify 0.0.0.0 as the source or destination IP address for any other rule. Important: Do not add a module rule isolating DIF headers in mainframe environments, as SRDF environments that replicate mainframe traffic do not currently include DIF headers. Important: Auto-detected SRDF settings in Enginuity 5875+ environments will override any manual SRDF rules that might be configured. For details on SRDF, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. Example Product Related Topics
amnesiac (config) # protocol srdf rule src-ip 1.1.1.1 dst-ip 2.2.2.2 dif enable
Steelhead appliance, Cloud Steelhead show protocol srdf rules, show protocol srdf settings
Riverbed Command-Line Interface Reference Manual
355
Configuration-Mode Commands
protocol srdf symm id address
protocol srdf symm id address
Description Syntax Parameters Creates a Symmetrix ID for SRDF selective optimization. The SRDF selective optimization enables you to set different optimization levels for RDF groups. [no] protocol srdf symm id <group ID> address <ip-addr> id <group id> address <ipaddr> Usage Specify a Symmetrix ID. The Symmetrix ID is an alpha-numeric string (for example, a standard Symmetrix serial number: 000194900363). Specify an IP address of the of the Symmetrix DMX or VMAX GigE ports (RE ports) originating the replication.
A Symmetrix ID allows the Steelhead appliance to identify the traffic coming from a Symmetrix storage array using the Symmetrix GigE port (RE port) IP address. Use this command to create a new Symmetrix ID with the specified IP address or your can add an IP address to an existing Symmetrix ID. The no protocol srdf symm id <group ID> removes the group ID. The no protocol srdf symm id <group ID> address <ip-addr> removes the specified IP address from the group ID.
Example Product Related Topics
amnesiac (config) # protocol srdf symm 001213 address 1.1.1.1
Steelhead appliance, Cloud Steelhead show protocol srdf symm
protocol srdf symm id base_rdf_group
Description Syntax Parameters Sets the Remote Data Facility (RDF) group number value to a 0-based or a 1-based group type. [no] protocol srdf symm id <Symm ID> base_rdf_group <RDF base-type> id <group id> rdf_group <RDF basetype> Specify a Symmetrix ID. The Symmetrix ID is an alpha-numeric string (for example, a standard Symmetrix serial number: 000194900363). Specify the RDF base type: 0 - Specify if your RDF group is a 0-based group type. 1 - Specify if your RDF group is a 1-based group type. This is the default value for RDF groups. Usage RiOS allows you to configure RDF group numbers starting from 0 or 1. EMC tools used in Open Systems environments (such as EMC Solutions Enabler) typically refer to RDF groups in the 1based notation. Mainframe-based tools typically use the 0-based notation. Use this command if you want to change from the default 1-based type to the 0-based type, such as to match the notation that for a Symmetrix mainframe environment. Example Product Related Topics
amnesiac (config) # protocol srdf symm 0123 base_rdf_group 0
Steelhead appliance, Cloud Steelhead show protocol srdf symm
356
Riverbed Command-Line Interface Reference Manual
protocol srdf symm id rdf_group
Configuration-Mode Commands
protocol srdf symm id rdf_group
Description Syntax Parameters Adds a selective optimization Remote Data Facility (RDF) rule for traffic coming from Symmetrix GigE ports (RE ports). [no] protocol srdf symm id <group ID> rdf_group <RDF group ID> optimization <sdr-default | lz-only | none> | [description <description>] id <group id> rdf_group <RDF group ID> optimization <sdr-default | lzonly | none> Specify a Symmetrix ID. The Symmetrix ID is an alpha-numeric string (for example, a standard Symmetrix serial number: 000194900363). Specify the RDF group. An RDF group is a number from 1-255 by default, or 0-254 if the protocol symm id base_rdf_group setting has been set to 0. Specify an optimization policy: sdr-default - Specify to enable SDR and LZ compression. The default value is sdr-default. lz-only - Specify to enable LZ compression only. There is no SDR optimization with this setting. none - Specify to disable SDR and LZ compression. description <"description"> Usage Optionally, provide a description that describes the RDF rule. For example, Oracle Applications.
SRDF selective optimization enables you to set different optimization levels for RDF groups. The optimization level is based on the compression characteristics of the data in the groups. For each Symmetrix ID, you specify an optimization policy for the RDF groups that appear in the data stream associated with the specified ID. You can configure the optimization level from no compression (none) to full Scalable Data Replication (sdr-default). SDR optimization includes LZ compression on the cold, first-pass of the data. You can also configure LZ-compression alone (lz-only) with no SDR. For some applications, it might be more important to get maximum throughput with minimal latency, and without compression, (such as, when excess WAN bandwidth is available and when it's known that the data in that RDF Group will not be reducible), and for others getting maximum reduction is more important. The no protocol srdf symm id <group ID> removes the optimization setting for the group ID.
Example Product Related Topics
amnesiac (config) # protocol srdf symm id 0815 rdf_group 1 optimization lz-only description "Oracle Forms"
Steelhead appliance, Cloud Steelhead show protocol srdf symm
SSL Support Commands
This section describes the SSL support commands.
protocol ssl backend bypass-interval
Description Syntax Parameters Usage Sets the bypass interval after failed server handshake. [no] protocol ssl backend bypass-interval <seconds> <seconds> Specify an integer value in seconds to bypass-interval.
To view current setting, use the command show protocol ssl backend.
Riverbed Command-Line Interface Reference Manual
357
Configuration-Mode Commands
protocol ssl backend bypass-table max-size
Example Product Related Topics
amnesiac (config) # protocol ssl backend bypass-interval 60
Steelhead appliance, Cloud Steelhead show protocol ssl backend
protocol ssl backend bypass-table max-size
Description Syntax Parameters Usage Example Product Related Topics Configures the SSL bypass table size. [no] protocol ssl backend bypass-table max-size <max size> <max size> Specify an integer value in seconds to bypass-interval.
The no command option disables this feature.
amnesiac (config) # protocol ssl backend bypass-table max-size 60
Steelhead appliance, Cloud Steelhead show protocol ssl backend bypass-table
protocol ssl backend bypass-table no-cert-intvl
Description Syntax Parameters Usage Example Product Related Topics Sets the bypass interval for servers for which no suitable certificate was found. [no] protocol ssl backend bypass-table no-cert-intvl <no-cert-intvl> seconds <no-cert-intvl> seconds Specify the interval in seconds.
The no command option disables this feature.
amnesiac (config) # protocol ssl backend bypass-table no-cert-intvl 120 seconds
Steelhead appliance, Cloud Steelhead show protocol ssl backend bypass-table
protocol ssl backend client cipher-string
Description Syntax Parameters Sets the cipher for use with back-end clients. [no] protocol ssl backend client cipher-string <cipher-string> cipher-num <ciphr-number> <cipher string> cipher-num <ciphrnumber> Specify a cipher string for use with clients. For a complete list: protocol ssl backend client cipher-string ? Specify the cipher number from 1-N or end.
358
Riverbed Command-Line Interface Reference Manual
protocol ssl backend server chain-cert cache enable
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option disables this feature.
amnesiac (config) # protocol ssl backend client cipher-string DEFAULT cipher-num 1
Steelhead appliance, Cloud Steelhead show protocol ssl backend
protocol ssl backend server chain-cert cache enable
Description Syntax Parameters Usage Configures certificate chain caching for the back-end server. [no] protocol ssl backend server chain-cert cache enable None Synchronizes the chain certificate configuration on the server-side Steelhead appliance with the chain certificate configuration on the back-end server. The synchronization occurs after a handshake fails between the client-side and server-side Steelhead appliance. By default, this option is disabled. Enable this option when you replace an existing chain certificate on the back-end server with a new chain to ensure that the certificate chain remains in sync on both the server-side Steelhead appliance and the back-end server. Note: This option never replaces the server certificate. It updates the chain containing the intermediate certificates and the root certificate in the client context. The no command option disables this feature. Example Product Related Topics
amnesiac (config) # protocol ssl backend server chain-cert cache enable
Steelhead appliance, Cloud Steelhead show protocol ssl backend
protocol ssl backend server cipher-string
Description Syntax Parameters Configures back-end SSL client settings. [no] protocol ssl backend server cipher-string <string> <cr> | cipher-num <number> cipher-string <string> <cr> Specify the cipher-strings (case-sensitive) or a combination using the underscore character ( _ ) for communicating with clients. For a complete list, view the CLI online help. You must specify at least one cipher for peers, clients, and servers for SSL to function properly. The default cipher setting is DEFAULT which represents a variety of highstrength ciphers that allow for compatibility with many browsers and servers. cipher-num <number> Usage Specify a number to set the order of the list. The number must be an integer greater or equal to 1-N, or end.
Create a preference list of cipher strings used for server-handshakes. To view your list, use the command show protocol ssl backend {client | server} cipher-strings.
Example
amnesiac (config) # protocol ssl backend server cipher-string LOW
Riverbed Command-Line Interface Reference Manual
359
Configuration-Mode Commands
protocol ssl backend server renegotiation null-cert enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl backend client cipher-strings
protocol ssl backend server renegotiation null-cert enable
Description Syntax Parameters Example Product Related Topics Configures renegotiation settings with back-end servers. protocol ssl backend server renegotiation null-cert enable None
amnesiac (config) # protocol ssl backend server renegotiation null-cert enable
Steelhead appliance, Cloud Steelhead show protocol ssl backend
protocol ssl bug-workaround dnt-insrt-empty
Description Syntax Parameters Usage Disables RiOS feature that can cause SSL hangs. protocol ssl bug-workaround dnt-insrt-empty None If you experience connection hangs when using optimized SSL/TLS connections, but do not see them when transferring with HTTP, you may be seeing a security related interoperability problem with our SSL library: Many existing Web browsers and HTTP/HTTPS servers are vulnerable to a class of SSL/TLS weaknesses (support kb link below with details), including but not limited to: Servers: Oracle R12 and Microsoft IIS 7. Browser: Firefox, IE 6,7,8, Chrome, and Opera. RiOS usage of OpenSSL enables behaviors that reduce these vulnerabilities and increase session security. These more secure OpenSSL behaviors cause hangs when used with servers that are still vulnerable. If you experience hangs with SSL/TLS transfers that do not happen with straight HTTP, you can use this command to disable the more secure behavior:
SH (conf) # protocol ssl bug-workaround dnt-insrt-empty
To verify that youre in the possibly vulnerable but working state, make sure that DONT_INSERT_EMPTY_FRAGMENTS is set to yes in the output of following command:?
SH # show protocol ssl internal
If you use this command, you are keeping their SSL connections at the same level of vulnerability as their servers and browsers already are. That is, you are not reducing their overall security if you enable it in environments where you see SSL hangs. For more information, see Support Knowledgebase article #49078, where we document the specifics of the general SSL/TLS vulnerability at https://support.riverbed.com/kb/solution.htm?id=50170000000RjDV&categoryName=SSL.
360
Riverbed Command-Line Interface Reference Manual
protocol ssl bulk-export password
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # protocol ssl bug-workaround dnt-insrt-empty
Steelhead appliance, Cloud Steelhead show protocol ssl internal
protocol ssl bulk-export password
Description Syntax Parameters Exports the current SSL configuration, keys, and certificates. protocol ssl bulk-export password <password> [include-servers] [incl-scep-crl] <password> [includeservers] Specify a password used to encrypt exported data. Optionally, specify include-servers to include server certificates and keys. If you include this parameter, the data includes the peering certificate, key, all certificate authorities, and all peering trust entities. In addition, it contains all the back-end server configurations (certificates, keys, and so on). Important: To protect your servers private keys, do not include this parameter when performing bulk exports of peers. [incl-scepcrl] Usage Include Simple Certificate Enrollment Protocol (SCEP) and Certificate Revocation List (CRL) configuration.
Use bulk-export to expedite backup and peer trust configurations: Backup - You can use the bulk export feature to back up your SSL configurations,
including your server configurations and private keys.
Peer Trust - If you use self-signed peering certificates and have multiple Steelhead appliances (including multiple server-side appliances), you can use the bulk import feature to avoid configuring each peering trust relationship between the pairs of Steelhead appliances. Important: To protect your server private keys, do not include server configurations (for example, Certificates and Keys) when performing bulk exports of trusted peers. The following rules apply to bulk data when importing and exporting the data: Peering Certificate and Key Data - If the serial numbers match, the Steelhead appliance importing the bulk data overwrites its existing peering certificates and keys with that bulk data. If the serial numbers do not match, the Steelhead appliance importing the bulk data does not overwrite its peering certificate and key. Certificate Authority, Peering Trust, and SSL Server Configuration Data - For all other configuration data such as certificate authorities, peering trusts, and server configurations (if included), if there is a conflict, the imported configuration data take precedence (that is, the imported configuration data overwrites any existing configurations). Example
amnesiac (config) # protocol ssl bulk-export password foo_pass include-servers U2FsdGVkX1/GM9EmJ0O9c1ZXh9N18PuxiAJdG1maPGtBzSrsU/CzgNaOrGsXPhor VEDokHUvuvzsfvKfC6VnkXHOdyAde+vbMildK/lxrqRsAD1n0ezFFuobYmQ7a7uu TmmSVDc9jL9tIVhd5sToRmeUhYhEHS369ubWMWBZ5rounu57JE6yktECqo7tKEVT DPXmF1BSbnbK+AHZc6NtyYP3OQ88vm9iNySOHGzJ17HvhojzWth5dwNNx28I8GDS zCmkqlaNX6vI3R/9KmtIR/Pk6QCfQ0sMvXLeThnSPnQ6wLGctPxYuoLJe0cTNlVh r3HjRHSKXC7ki6Qaw91VDdTobtQFuJUTvSbpKME9bfskWlFh9NMWqKEuTJiKC7GN [partial example] amnesiac (config) #
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl, show scep service
Riverbed Command-Line Interface Reference Manual
361
Configuration-Mode Commands
protocol ssl bulk-import
protocol ssl bulk-import
Description Syntax Parameters Imports SSL configuration, keys, and certificates. protocol ssl bulk-import password <password> data <data> password <password> data <data> Usage Specify a password required to decrypt data. Specify a file that contains previously exported data or cut and paste from the output of the output of the corresponding protocol ssl bulk-export command.
You can import multiple files or copy and paste multiple exported data sets. Double quotes indicate to the command that input will be supplied, and the command responds with a visible cursor. This feature can be useful for scripting. For example, if the export data has four lines and starts with 0 and ends with j:
01234 56789 abcde fghij
then the command should look like this:
steelhead (config) # protocol ssl bulk-import password <password> data " > 01234 > 56789 > abcde > fghij > "
You can use the same syntax for file names. The double-quotes are required to indicate the beginning and end of the prompts. The greater-than sign (>) cursor at the beginning of each line indicates that the CLI will continue to accept more input until the input is closed by a double quote ("). Backup and peer trust relationships Use the bulk export and import feature to expedite configuring backup and peer trust relationships: The bulk data that you import contains the serial number of the exporting Steelhead appliance. The Steelhead appliance importing the data compares its own serial number with the serial number contained in the bulk data. The following rules apply to bulk data when importing and exporting the data: Peering Certificate and Key Data - If the serial numbers match, the Steelhead appliance importing the bulk data overwrites its existing peering certificates and keys with that bulk data. If the serial numbers do not match, the Steelhead appliance importing the bulk data does not overwrite its peering certificate and key. Certificate Authority, Peering Trust, and SSL Server Configuration Data - For all other configuration data such as certificate authorities, peering trusts, and server configurations (if included), if there is a conflict, the imported configuration data take precedence (that is, the imported configuration data overwrites any existing configurations). For example, if you have two servers: 1.1.1.1:443 (enabled) and 2.2.2.2:443 (disabled), the bulk data contains three servers: 1.1.1.1:443 (disabled), 2.2.2.2:443 (disabled), and 3.3.3.3:443 (enabled). After performing a bulk import of the data, there are now three servers: 1.1.1.1:443 (disabled), 2.2.2.2:443 (disabled), and 3.3.3.3:443 (enabled). The certificates and keys of servers 1.1.1.1:443 and 2.2.2.2:443 have been overwritten with those contained in the bulk data. Note: Bulk importing of data cannot delete configurations; it can only add or overwrite them. Note: Bulk importing does not require a Steelhead service restart. Example
amnesiac (config) # protocol ssl bulk-import password temp data temp
362
Riverbed Command-Line Interface Reference Manual
protocol ssl ca cert
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl
protocol ssl ca cert
Description Syntax Parameters Imports CA certificates. [no] protocol ssl ca cert <cert-data> <cr> | local-name <name> <cert-data> <cr> local-name <name> Usage Specify the Certificate data in PEM format. You can import multiple certificates. Optionally, specify the local name for the certificate (ignored if importing multiple certificates).
Enable on a client-side Steelhead appliance to reuse the original session when the client reconnects to an SSL server. Reusing the session provides two benefits: it lessens the CPU load because it eliminates expensive asymmetric key operations and it shortens the key negotiation process by avoiding WAN round trips to the server. By default, this option is disabled. Both the client-side and server-side Steelheads must be configured to optimize SSL traffic. Enabling this option requires an optimization service restart.
Example
amnesiac (config) # protocol ssl ca cert COMODO -----BEGIN CERTIFICATE----MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB ZQ== -----END CERTIFICATE-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl
Riverbed Command-Line Interface Reference Manual
363
Configuration-Mode Commands
protocol ssl client-cer-auth enable
protocol ssl client-cer-auth enable
Description Syntax Parameters Usage Example Product Related Topics Enable Client Certificate Authentication. [no] protocol ssl client-cer-auth enable None. The no command option disables this feature.
amnesiac (config) # protocol ssl client-cer-auth enable
Steelhead appliance, Cloud Steelhead show protocol ssl
protocol ssl client-side session-reuse enable
Description Syntax Parameters Usage Configures the client-side SSL connection-reuse settings. [no] protocol ssl client-side session-reuse enable None Enable on a client-side Steelhead appliance to reuse the original session when the client reconnects to an SSL server. Reusing the session provides two benefits: it lessens the CPU load because it eliminates expensive asymmetric key operations and it shortens the key negotiation process by avoiding WAN round trips to the server. By default, this option is disabled.Enabling this option requires an optimization service restart. Example Product Related Topics
amnesiac (config) # protocol ssl client-side session-reuse enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol ssl
protocol ssl client-side session-reuse timeout
Description Syntax Parameters Configures client-side SSL connection-reuse time-out setting. [no] protocol ssl client-side session-reuse timeout <number of seconds> <number of seconds> Specify the amount of time the client can reuse a session with an SSL server after the initial connection ends. The range is 2 minutes to 24 hours. The default value is 10 hours.
Usage Example
Specify the amount of time the client can reuse a session with an SSL server after the initial connection ends. Enabling this option requires an optimization service restart.
amnesiac (config) # protocol ssl client-side session-reuse timeout 120 amnesiac (config) # service restart
364
Riverbed Command-Line Interface Reference Manual
protocol ssl crl ca
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl
protocol ssl crl ca
Description Syntax Parameters Configures Certificate Revocation Lists (CRL) for an automatically discovered CAs. You can update automatically discovered CRLs using this command. [no] protocol ssl crl ca <ca name> cdp <integer> ldap server <ip-addr or hostname> | crl-attrname <attr-name> | port <port> <ca name> cdp <integer> Specify the name of a SSL CA certificate. Specify an integer index. Index of a CRL Certificate Distribution Point (CDP) in a CA certificate. The no protocol ssl crl ca <ca name> cdp <integer> command option removes the update. ldap server <ip-addr or hostname> crl-attr-name <attr-name> port <port> Usage Specify the LDAP server IP address or hostname to modify a CDP URI.
Optionally, specify the attribute name of CRL in a LDAP entry. Optionally, specify the Lightweight Directory Access Protocol (LDAP) service port.
Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs. To clear the CRL alarm, execute the no stats alarm crl_error enable command.
Example Product Related Topics
amnesiac (config) # protocol ssl crl ca Go_Daddy_Class_2 cdp 512
Steelhead appliance, Cloud Steelhead show protocol ssl crl
protocol ssl crl cas enable
Description Enables CRL polling and use of CRL in handshake verifications of CAs certificates. Currently, the Steelhead appliance only supports downloading CRLs from Lightweight Directory Access Protocol (LDAP) servers. [no] protocol ssl crl cas enable None
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
365
Configuration-Mode Commands
protocol ssl crl handshake fail-if-missing
Usage
Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs.
Example Product Related Topics
amnesiac (config) # protocol ssl crl cas enable
Steelhead appliance, Cloud Steelhead show protocol ssl crl
protocol ssl crl handshake fail-if-missing
Description Syntax Parameters Example Product Related Topics Configures handshake behavior for a CRL. [no] protocol ssl crl handshake fail-if-missing fail-if-missing Specify to fail the handshake if a relevant CRL cannot be found.
amnesiac (config) # protocol ssl crl handshake fail-if-missing
Steelhead appliance, Cloud Steelhead show protocol ssl crl
protocol ssl crl manual
Description Syntax Parameters Manually configures a CRL Certificate Distribution Point (CDP) for CRL management. [no] protocol ssl crl manual ca < ca-name> uri <string>| peering ca uri <uri> ca <ca-name> uri <string> peering ca uri <uri> Usage Example Product Related Topics Specify the CA name to manually configure the CDP. The no protocol ssl crl manual command removes manually configured CDPs. Specify the CDP LDAP URI to manually configure the CDP for the CRL. Specify the peering CA name to manually configure the CDP URI.
The Steelhead appliance automatically discovers CDPs for all certificates on the appliance. You can manually configure a CA using this command.
amnesiac (config) # protocol ssl crl manual ca Camerfirma_Chambers_of_Commerce uri URI: http://crl.chambersign.org/chambersroot.crl
Steelhead appliance, Cloud Steelhead show protocol ssl crl
366
Riverbed Command-Line Interface Reference Manual
protocol ssl crl
Configuration-Mode Commands
protocol ssl crl
Description Syntax Parameters Configures a CRL for an automatically discovered peering CA. [no] protocol ssl crl {ca <ca name> cdp <integer> ldap server <ip-addr or hostname> <cr> [crlattr-name <string> | port <port num>]}| cas enable ca <ca name> cdp <integer> Configures CRL for an automatically discovered peering CA. Specify an integer index of a CRL Certificate Distribution Point (CDP) in a peering CA certificate. The no protocol ssl crl peering ca * cdp * removes the update. Specify the IP address or hostname of a LDAP server.
ldap server <ip-addr or hostname> <cr> crl-attr-name <string> port <port number> cas enable Usage
Optionally, specify an attribute name of CRL in a LDAP entry. Optionally, specify the LDAP service port. Enables CRL polling and use of CRL in handshake verification.
To enable CRL polling and handshakes, at the system prompt enter the following set commands:
protocol ssl crl cas enable protocol ssl crl ca Entrust_Client cdp 1 ldap-server 192.168.172.1
Example Product Related Topics
amnesiac (config) # protocol ssl crl ca Entrust_Client cdp 1 ldap-server 192.168.172.1
Steelhead appliance, Cloud Steelhead show protocol ssl crl
protocol ssl crl query-now
Description Syntax Parameters Example Product Related Topics Downloads CRLs now. [no] protocol ssl crl query-now ca <string> cdp <integer> ca <string> cdp <integer> Download CRL issued by SSL CA. Specify the CA name and CRL Certificate Distribution Point (CDP) integer.
amnesiac (config) # protocol ssl crl query-now ca myca cdp 12
Steelhead appliance, Cloud Steelhead show protocol ssl crl
Riverbed Command-Line Interface Reference Manual
367
Configuration-Mode Commands
protocol ssl enable
protocol ssl enable
Description Enables SSL optimization, which accelerates encrypted traffic on secure ports (HTTPS). This command can only be used after you have generated or imported a server. Must be enabled on both the client-side and server-side Steelhead appliances for SSL traffic to be optimized. Syntax Parameters Usage [no] protocol ssl enable None RiOS 6.0 and later simplifies the SSL configuration process because it eliminates the need to add each server certificate individually. Prior to v6.0 or later, you need to provide an IP address, port, and certificate to enable SSL optimization for a server. In RiOS v 6.0 and later, you need only add unique certificates to a Certificate Pool on the server-side Steelhead appliance. When a client initiates an SSL connection with a server, the Steelhead appliance matches the common name of the servers certificate with one in its certificate pool. If it finds a match, it adds the server name to the list of discovered servers that are optimizable and all subsequent connections to that server are optimized. If it does not find a match, it adds the server name to the list of discovered servers that are bypassed and all subsequent connections to that server are not optimized. The Steelhead appliance supports RSA private keys for peers and SSL servers. Important: Optimization does not occur for a particular server IP address and port unless that server is configured on the server-side Steelhead appliance. When you configure the back-end server proxy certificate and key on the server-side Steelhead appliance, if you choose not to use the actual certificate for the back-end server and key, you can use a self-signed certificate and key or another CA-signed certificate and key. If you have a CAsigned certificate and key, import it. If you do not have a CA-signed certificate and key, you can add the proxy server configuration with a self-signed certificate and key, back up the private key, generate CSR, have it signed by a CA, and import the newly CA-signed certificate and the backed up private key. Tip: To back up a single pair of certificate and key (that is, the peering certificate and key pair and a single certificate and key for the server) use the Export (in PEM format only) option. Make sure you check Include Private Key and enter the encryption password. Save the exported file that contains the certificate and the encrypted private key. For detailed information, see the Steelhead Management Console Users Guide. You can also simply use the generated self-signed certificate and key, but it might be undesirable because the clients by default do not trust it, requiring action from the end-users. For detailed information about the basic steps for configuring SSL, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables SSL module support. Example Product Related Topics
amnesiac (config) # protocol ssl enable
Steelhead appliance, Cloud Steelhead show protocol ssl
protocol ssl protocol-vers
Description Syntax Configures the SSL versions supported in your deployment. The default setting is SSLv3 or TLSv1. [no] protocol ssl protocol-vers <version>
368
Riverbed Command-Line Interface Reference Manual
protocol ssl server-cert import-cert-key
Configuration-Mode Commands
Parameters
<version>
Specify one of the following values to specify the SSL versions supported in your deployment: SSLv3_or_TLSv1 - Use both SSLv3 and TLSv1. SSLv3_only - Use only SSLv3. TLSv1_only - Use only TLSv1.
Usage Example Product Related Topics
The no protocol ssl protocol-vers option clears the setting.
amnesiac (config) # protocol ssl protocol-vers SSLv3_or_TLSv1
Steelhead appliance, Cloud Steelhead show protocol ssl
protocol ssl server-cert import-cert-key
Description Syntax Parameters Imports a certificate and key together. [no] protocol ssl server-cert import-cert-key <cert-key-data> <cr> | name <name> password <password> | [non-exportable] <cert-keydata> name <name> password <password> nonexportable Usage Example Specify the certificate and private key data in PEM format. Specify the server certificate name. Specify an alphanumeric password associated with the private key. Optionally, specify to make private key for server certificates non-exportable.
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert import-cert-key -----BEGIN CERTIFICATE REQUEST----MIIB9TCCAWACAQAwgbgxGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHDAaBgNV BAsME0RvY3VtZW50IERlcGFydG1lbnQxOTA3BgNVBAMMMFdoeSBhcmUgeW91IGRl Y29kaW5nIG1lPyAgVGhpcyBpcyBvbmx5IGEgdGVzdCEhITERMA8GA1UEBwwISGFt aWx0b24xETAPBgNVBAgMCFBlbWJyb2tlMQswCQYDVQQGEwJCTTEPMA0GCSqGSIb3 DQEJARYAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ9WRanG/fUvcfKiGl EL4aRLjGt537mZ28UU9/3eiJeJznNSOuNLnF+hmabAu7H0LT4K7EdqfF+XUZW/2j RKRYcvOUDGF9A7OjW7UfKk1In3+6QDCi7X34RE161jqoaJjrm/T18TOKcgkkhRzE apQnIDm0Ea/HVzX/PiSOGuertwIDAQABMAsGCSqGSIb3DQEBBQOBgQBzMJdAV4QP Awel8LzGx5uMOshezF/KfP67wJ93UW+N7zXY6AwPgoLj4Kjw+WtU684JL8Dtr9FX ozakE+8p06BpxegR4BR3FMHf6p+0jQxUEAkAyb/mVgm66TyghDGC6/YkiKoZptXQ 98TwDIK/39WEB/V607As+KoYazQG8drorw== -----END CERTIFICATE REQUEST-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name certificate
Riverbed Command-Line Interface Reference Manual
369
Configuration-Mode Commands
protocol ssl server-cert name chain-cert ca
protocol ssl server-cert name chain-cert ca
Description Syntax Parameters Configures server certificate chain. [no] protocol ssl server-cert name <server cert name> chain-cert ca <ca name> <server cert name> <ca name> Usage Example Product Related Topics Specify the server certificate name. Specify the CA name.
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert name examplename chain-cert ca Go_Daddy_Class_2
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl server-cert name chain-cert cert
Description Syntax Parameters Configures server certificate chain. [no] protocol ssl server-cert name <server cert name> chain-cert cert <ca name> cert <cert data> <cr> |local-name <local-name> <server cert name> <ca name> cert <cert name> local-name <localname> Usage Example Specify the server certificate name. Specify the CA name. Specify the certificate(s) data in PEM format to import the certificates. Specify the local name for the certificate (ignored if importing multiple certificates.
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert name examplename chain-cert cert ----BEGIN CERTIFICATE REQUEST----MIIB9TCCAWACAQAwgbgxGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHDAaBgNV BAsME0RvY3VtZW50IERlcGFydG1lbnQxOTA3BgNVBAMMMFdoeSBhcmUgeW91IGRl Y29kaW5nIG1lPyAgVGhpcyBpcyBvbmx5IGEgdGVzdCEhITERMA8GA1UEBwwISGFt aWx0b24xETAPBgNVBAgMCFBlbWJyb2tlMQswCQYDVQQGEwJCTTEPMA0GCSqGSIb3 DQEJARYAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ9WRanG/fUvcfKiGl EL4aRLjGt537mZ28UU9/3eiJeJznNSOuNLnF+hmabAu7H0LT4K7EdqfF+XUZW/2j RKRYcvOUDGF9A7OjW7UfKk1In3+6QDCi7X34RE161jqoaJjrm/T18TOKcgkkhRzE apQnIDm0Ea/HVzX/PiSOGuertwIDAQABMAsGCSqGSIb3DQEBBQOBgQBzMJdAV4QP Awel8LzGx5uMOshezF/KfP67wJ93UW+N7zXY6AwPgoLj4Kjw+WtU684JL8Dtr9FX ozakE+8p06BpxegR4BR3FMHf6p+0jQxUEAkAyb/mVgm66TyghDGC6/YkiKoZptXQ 98TwDIK/39WEB/V607As+KoYazQG8drorw== -----END CERTIFICATE REQUEST-----
Product Related Topics-
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
370
Riverbed Command-Line Interface Reference Manual
protocol ssl server-cert name change generate-cert
Configuration-Mode Commands
protocol ssl server-cert name change generate-cert
Description Syntax Imports an SSL certificate and key together. [no] protocol ssl server-cert name <server cert name> change generate-cert [rsa] | [key-size <512|1024|2048> ] | [common-name <string>] | [country <string>] | [email <email address>] | [locality <string>] | [org <string>] | [org-unit <string>] | [state <string>] | [valid- days <int>] | [non-exportable] <server cert name> [rsa] [key-size <512|1024|2 048>] commonname <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> valid-days <int> nonexportable Specify the server certificate name. Specify RSA encryption. Specify the key size.
Parameters
Specify the certificate common name.
Specify the certificate 2-letter country code. Specify the email address of the contact person.
Specify the city. Specify the organization. Specify the organization name (for example, the company). Specify the state. You cannot use abbreviations. Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years. Optionally, specify to make private key for server certificates non-exportable. If enabled the Steelhead appliance will never include this certificate as a part of its bulk-export (or allow this certificate to be individually exportable). The certificate will still be pushed out as a part of a CMC resync.
Usage
When you configure the back-end server proxy certificate and key on the server-side Steelhead appliance, if you choose not to use the actual certificate for the back-end server and key, you can use a self-signed certificate and key or another CA-signed certificate and key. If you have a CAsigned certificate and key, import it. If you do not have a CA-signed certificate and key, you can add the proxy server configuration with a self-signed certificate and key, back up the private key, generate CSR, have it signed by a CA, and import the newly CA-signed certificate and the backed up private key. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables this feature.
Example
amnesiac (config) # protocol ssl server-cert name example change generate-cert rsa common-name Company-Wide country US email [email protected] key-size 2048 locality en valid-days 360 generate-csr common-name Company-Wide country USA email [email protected] locality en org Company org-unit all state California
Riverbed Command-Line Interface Reference Manual
371
Configuration-Mode Commands
protocol ssl server-cert name change import-cert
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl server-cert name change import-cert
Description Syntax Parameters Imports an SSL certificate. [no] protocol ssl server-cert name <server certificate name> change import-cert <certificate data> | import-key <key-data> password <password> | [non-exportable] name <servercertificate name> import-cert <certificate data> import-key <key-data> password <password> nonexportable Specify the server certificate name.
Specify the certificate data in PEM format.
Specify the private key data in PEM format. Specify an alphanumeric password associated with the private key. Optionally, specify to make private key for server certificates non-exportable. If enabled the Steelhead appliance will never include this certificate as a part of its bulk-export (or allow this certificate to be individually exportable). The certificate will still be pushed out as a part of a CMC resync.
Usage Example Product Related Topics
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert name examplename change import-cert certdatainpemformat import-key blah
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl server-cert name change import-cert-key
Description Syntax Parameters Imports an SSL certificate and key together. [no] protocol ssl server-cert name <server cert name> import-cert-key <cert-key-data> <cr> | password <password> <server cert name> <cert-keydata> password <password> Usage Specify the server certificate name. Specify the certificate and private key data in PEM format. Specify an alphanumeric password associated with the private key.
The no command option disables this feature.
372
Riverbed Command-Line Interface Reference Manual
protocol ssl server-cert name export
Configuration-Mode Commands
Example
amnesiac (config) # protocol ssl server-cert name examplename change import-certkey ----BEGIN CERTIFICATE REQUEST----MIIB9TCCAWACAQAwgbgxGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHDAaBgNV BAsME0RvY3VtZW50IERlcGFydG1lbnQxOTA3BgNVBAMMMFdoeSBhcmUgeW91IGRl Y29kaW5nIG1lPyAgVGhpcyBpcyBvbmx5IGEgdGVzdCEhITERMA8GA1UEBwwISGFt aWx0b24xETAPBgNVBAgMCFBlbWJyb2tlMQswCQYDVQQGEwJCTTEPMA0GCSqGSIb3 DQEJARYAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ9WRanG/fUvcfKiGl EL4aRLjGt537mZ28UU9/3eiJeJznNSOuNLnF+hmabAu7H0LT4K7EdqfF+XUZW/2j RKRYcvOUDGF9A7OjW7UfKk1In3+6QDCi7X34RE161jqoaJjrm/T18TOKcgkkhRzE apQnIDm0Ea/HVzX/PiSOGuertwIDAQABMAsGCSqGSIb3DQEBBQOBgQBzMJdAV4QP Awel8LzGx5uMOshezF/KfP67wJ93UW+N7zXY6AwPgoLj4Kjw+WtU684JL8Dtr9FX ozakE+8p06BpxegR4BR3FMHf6p+0jQxUEAkAyb/mVgm66TyghDGC6/YkiKoZptXQ 98TwDIK/39WEB/V607As+KoYazQG8drorw== -----END CERTIFICATE REQUEST-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl server-cert name export
Description Syntax Parameters Exports certificate (and optional key) in PEM format. [no] protocol ssl server-cert name <server cert name> export <cr> |[ include-key password <password>] <server cert name> include-key password <password> Usage Example Specify the server certificate name. Includes the private key. Specify an alphanumeric password associated with the private key.
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert name examplename export ----BEGIN CERTIFICATE REQUEST----MIIB9TCCAWACAQAwgbgxGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHDAaBgNV BAsME0RvY3VtZW50IERlcGFydG1lbnQxOTA3BgNVBAMMMFdoeSBhcmUgeW91IGRl Y29kaW5nIG1lPyAgVGhpcyBpcyBvbmx5IGEgdGVzdCEhITERMA8GA1UEBwwISGFt aWx0b24xETAPBgNVBAgMCFBlbWJyb2tlMQswCQYDVQQGEwJCTTEPMA0GCSqGSIb3 DQEJARYAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ9WRanG/fUvcfKiGl EL4aRLjGt537mZ28UU9/3eiJeJznNSOuNLnF+hmabAu7H0LT4K7EdqfF+XUZW/2j RKRYcvOUDGF9A7OjW7UfKk1In3+6QDCi7X34RE161jqoaJjrm/T18TOKcgkkhRzE apQnIDm0Ea/HVzX/PiSOGuertwIDAQABMAsGCSqGSIb3DQEBBQOBgQBzMJdAV4QP Awel8LzGx5uMOshezF/KfP67wJ93UW+N7zXY6AwPgoLj4Kjw+WtU684JL8Dtr9FX ozakE+8p06BpxegR4BR3FMHf6p+0jQxUEAkAyb/mVgm66TyghDGC6/YkiKoZptXQ 98TwDIK/39WEB/V607As+KoYazQG8drorw== -----END CERTIFICATE REQUEST-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
Riverbed Command-Line Interface Reference Manual
373
Configuration-Mode Commands
protocol ssl server-cert name generate-cert
protocol ssl server-cert name generate-cert
Description Syntax Generates a private key and a self-signed certificate [no] protocol ssl server-cert name <server cert name> generate-cert [rsa] key-size <512|1024|2048> common-name <string> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> valid- days <int> | [non-exportable] <server cert name> [rsa] commonname <string> country <string> email <email address> key-size <512|1024|2 048> locality <string> org-unit <string> state <string> valid-days <int> nonexportable Specify the server certificate name. Specify RSA encryption. Specify the certificate common name.
Parameters
Specify the certificate 2-letter country code. Specify the email address of the contact person.
Specify the key size.
Specify the city. Specify the organization name (for example, the company). Specify the state. You cannot use abbreviations. Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years. Optionally, specify to make private key for server certificates non-exportable. If enabled the Steelhead appliance will never include this certificate as a part of its bulk-export (or allow this certificate to be individually exportable). The certificate will still be pushed out as a part of a CMC resync.
Usage
When you configure the back-end server proxy certificate and key on the server-side Steelhead appliance, if you choose not to use the actual certificate for the back-end server and key, you can use a self-signed certificate and key or another CA-signed certificate and key. If you have a CAsigned certificate and key, import it. If you do not have a CA-signed certificate and key, you can add the proxy server configuration with a self-signed certificate and key, back up the private key, generate CSR, have it signed by a CA, and import the newly CA-signed certificate and the backed up private key. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables this feature.
Example
amnesiac (config) # protocol ssl server-cert name examplename generate-cert rsa common-name Company-Wide country US email [email protected] key-size 2048 locality en valid-days 360 generate-csr common-name Company-Wide country USA email [email protected] locality en org Company org-unit all state California
374
Riverbed Command-Line Interface Reference Manual
protocol ssl server-cert name import-cert
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl server-cert name import-cert
Description Syntax Parameters Imports an SSL certificate and key together. [no] protocol ssl server-cert name <server cert name> import-cert <cert-data> import-key <keydata> <cr> | [password <password> ]| [non-exportable] <server cert name> <cert-data> import-key <key-data> password <password> nonexportable Specify the server certificate name. Specify the certificate data in PEM format. Specify the private key data in PEM format to import a private key. Specify an alphanumeric password associated with the private key. Optionally, specify to make private key for server certificates non-exportable. If enabled the Steelhead appliance will never include this certificate as a part of its bulk-export (or allow this certificate to be individually exportable). The certificate will still be pushed out as a part of a CMC resync.
Usage Example
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert name examplename import-cert -----BEGIN CERTIFICATE----MIIDAjCCAmsCEEakM712H2pJ5qjDp/WFQPUwDQYJKoZIhvcNAQEFBQAwgcExCzAJ BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID AQABMA0GCSqGSIb3DQEBBQUAA4GBABB79Ik/3D0LuwBM6zQoy/0HqUNphvJLAKTH 1diwgngO7ZY8ZnsHB+E+c/Z+csjFQd0pSFxj6zb0dS7FBI2qu7a3FKWAZkY9AQzS wAC1SBtLHfQpR6g8QhdYLXh7IFACJ0ubJwvt8y9UJnNI8CWpifefyaqKYbfKDD3W hHcGFOgV -----END CERTIFICATE-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
Riverbed Command-Line Interface Reference Manual
375
Configuration-Mode Commands
protocol ssl server-cert name import-cert-key
protocol ssl server-cert name import-cert-key
Description Syntax Parameters Imports an SSL certificate and key together. [no] protocol ssl server-cert name <server cert name> import-cert-key <cert-key-data> <cr> | [password <password>] | [non-exportable] <server cert name> <cert-keydata> password <password> nonexportable Specify the server certificate name. Specify the certificate and private key data in PEM format. Specify an alphanumeric password associated with the private key. Optionally, specify to make private key for server certificates non-exportable. If enabled the Steelhead appliance will never include this certificate as a part of its bulk-export (or allow this certificate to be individually exportable). The certificate will still be pushed out as a part of a CMC resync.
Usage
You can import certificate and key without specifying a server certificate name. If you specify an empty double-quotes ( " ) for the server name the back-end applies a suitable name. The no command option disables this feature.
Example
amnesiac (config) # protocol ssl server-cert name examplename import-cert-key -----BEGIN CERTIFICATE----MIIDAjCCAmsCEEakM712H2pJ5qjDp/WFQPUwDQYJKoZIhvcNAQEFBQAwgcExCzAJ BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID AQABMA0GCSqGSIb3DQEBBQUAA4GBABB79Ik/3D0LuwBM6zQoy/0HqUNphvJLAKTH 1diwgngO7ZY8ZnsHB+E+c/Z+csjFQd0pSFxj6zb0dS7FBI2qu7a3FKWAZkY9AQzS wAC1SBtLHfQpR6g8QhdYLXh7IFACJ0ubJwvt8y9UJnNI8CWpifefyaqKYbfKDD3W hHcGFOgV -----END CERTIFICATE-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl server-cert name rename
Description Syntax Parameters Renames an existing server certificate. [no] protocol ssl server-cert name <server cert name> rename <new name> <server cert name> <new name> Specify the server certificate name. Specify the new CA name.
376
Riverbed Command-Line Interface Reference Manual
protocol ssl sfe-mode
Configuration-Mode Commands
Usage Example Product Related Topics
The no command option disables this feature.
amnesiac (config) # protocol ssl server-cert name examplecertname rename myexample
Steelhead appliance, Cloud Steelhead show protocol ssl server-cert name chain-certs
protocol ssl sfe-mode
Description Syntax Parameters Configures safe SSL mode. [no] protocol ssl sfe-mode Advanced_Only | Mixed Advanced_ Only Mixed Usage Example Product Related Topics Specify to allow clients capable of Advanced mode SSL. Specify to allow both advanced and legacy clients.
The no command option disables this feature.
amnesiac (config) # protocol ssl sfe-mode Advanced_Only
Steelhead appliance, Cloud Steelhead show protocol ssl
scep service restart
Description Syntax Parameters Example Product Related Topics Restarts Simple Certificate Enrollment Protocol (SCEP) services. scep service restart None
amnesiac (config) # scep service restart
Steelhead appliance, Cloud Steelhead show secure-peering scep
protocol ssl strm-cipher-cmp enable
Description Syntax Parameters Example Enable Stream Cipher compatibility with latency optimization. Makes stream cipher and client authentication compatible with latency optimization. protocol ssl strm-cipher-cmp enable None
amnesiac (config) # protocol ssl strm-cipher-cmp enable
Riverbed Command-Line Interface Reference Manual
377
Configuration-Mode Commands
secure-vault
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl,
secure-vault
Description Syntax Parameters Manages the secure vault password and unlocks the secure vault. secure vault new-password <password> | reset-password <old password> | unlock <password> newpassword <password> resetpassword <old password> unlock <password> Usage Specify an initial or new password for the secure vault.
Specify the old secure vault password to reset it.
Specify the current password to unlock the secure vault.
The secure vault is an encrypted file system on the Steelhead appliance where all Steelhead appliance SSL server settings, other certificates (the CA, peering trusts, and peering certificates) and the peering private key are stored. The secure vault protects your SSL private keys and certificates when the Steelhead appliance is not powered on. You can set a password for the secure vault. The password is used to unlock the secure vault when the Steelhead appliance is powered on. After rebooting the Steelhead appliance, SSL traffic is not optimized until the secure vault is unlocked with the unlock <password> parameter. Data in the secure vault is always encrypted, whether or not you choose to set a password. The password is used only to unlock the secure vault. To change the secure vault password 1. 2. Reset the password with the reset-password <password> parameter. Specify a new password with the new-password <password> parameter.
Example Product Related Topics
amnesiac (config) # secure-vault unlock mypassword
Steelhead appliance, Interceptor appliance, Cloud Steelhead show protocol ssl
web ssl cert generate
Description Syntax Generates a new SSL key and self-signed certificate. web ssl cert generate <cr> | [key-size <512|1024|2048> ] | [country <string>] | [email <email address>] | [locality <string>] | [org <string>] | [org-unit <string>] | [state <string>] | [validdays <int>] key-size <512|1024|2 048> Specify the key size.
Parameters
378
Riverbed Command-Line Interface Reference Manual
web ssl cert generate-csr
Configuration-Mode Commands
country <string> email <email address> locality <string> org <string> org-unit <string> state <string> valid-days <int> Example Product Related Topics
Specify the certificate two-letter country code. The country code can be any twoletter code, such as the ISO 3166 Country Codes, as long as the appropriate Certificate Authority can verify the code. Specify the email address of the contact person.
Specify the city. Specify the organization. Specify the organization unit (for example, the company). Specify the state. You cannot use abbreviations. Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years.
amnesiac (config) # web ssl cert generate
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show web ssl cert
web ssl cert generate-csr
Description Syntax Generates a certificate signing request with current private key. web ssl cert generate-csr <cr> | [key-size <512|1024|2048> ] | [country <string>] | [email <email address>] | [locality <string>] | [org <string>] | [org-unit <string>] | [state <string>] | [valid-days <int>] key-size <512|1024|2 048> country <string> email <email address> locality <string> org <string> org-unit <string> state <string> valid-days <int> Specify the key size.
Parameters
Specify the certificate two-letter country code. The country code can be any twoletter code, such as the ISO 3166 Country Codes, as long as the appropriate Certificate Authority can verify the code. Specify the email address of the contact person.
Specify the city. Specify the organization. Specify the organization unit (for example, the company). Specify the state. You cannot use abbreviations. Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years.
Riverbed Command-Line Interface Reference Manual
379
Configuration-Mode Commands
web ssl cert import-cert
Example Product Related Topics
amnesiac (config) # web ssl cert generate-csr
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show web ssl cert
web ssl cert import-cert
Description Syntax Parameters Imports a certificate, optionally with current private key, in PEM format, and optionally a password. web ssl cert import-cert <cert-data> <cr> import-key <key> [password <password>] import-cert <cert-data> import-key <key> [password <password>] Usage Example Product Related Topics Specify a certificate file in PEM format. Specify a private key in PEM format. Optionally, specify a password.
If no key is specified the incoming certificate is matched with the existing private key, and accepted if the two match. A password is required if imported certificate data is encrypted.
amnesiac (config) # web ssl cert import-cert mydata.pem import-key mykey
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show web ssl cert
web ssl cert import-cert-key
Description Syntax Parameters Imports a certificate with current private key in PEM format. web ssl cert import-cert-key <cert-key-data> [password <password>] import-certkey <cert-keydata> [password <password>] Example Product Related Topics Specify a private key and certificate file in PEM format.
Optionally, specify a password.
amnesiac (config) # web ssl cert import-cert-key mykey
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show web ssl cert
380
Riverbed Command-Line Interface Reference Manual
web ssl protocol sslv2
Configuration-Mode Commands
web ssl protocol sslv2
Description Syntax Parameters Usage Example Product Related Topics Sets the SSL v2 protocols for Apache to use. [no] web ssl protocol sslv2 None The no command option disables this setting.
amnesiac (config) # web ssl protocol sslv2
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show protocol ssl
web ssl protocol sslv3
Description Syntax Parameters Usage Example Product Related Topics Sets the SSL v3 protocols for Apache to use. [no] web ssl protocol sslv3 None The no command option disables this setting.
amnesiac (config) # web ssl protocol sslv3
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show protocol ssl
web ssl protocol tslv1
Description Syntax Parameters Usage Example Product Related Topics Sets the SSL v1 protocols for Apache to use. [no] web ssl protocol tslv1 None The no command option disables this setting.
amnesiac (config) # web ssl protocol tslv1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show protocol ssl
Riverbed Command-Line Interface Reference Manual
381
Configuration-Mode Commands
secure-peering black-lst-peer
Secure Peering (Secure Inner Channel) Commands
This section describes the Secure Inner Channel (SIC) commands. In RiOS v6.0 and later, encrypted peering extends beyond traditional SSL traffic encryption. In addition to SSL-based traffic like HTTPS that always needs a secure inner channel between the client-side and the server-side Steelhead appliance, you can use the secure inner channel to encrypt and optimize other types of traffic as well: MAPI-encrypted, SMB signing, SMB2 siging, and Lotus Notes encrypted traffic which require a secure inner channel for certain outer connections. All other traffic that inherently does not need a secure inner channel. Each Steelhead appliance is manufactured with its own self-signed certificate and private key which uniquely identify that Steelhead. The secure inner channel setup process begins with the peer Steelhead appliances authenticating each other by exchanging certificates and negotiating a separate encryption key for each intercepted connection. Next, the Steelhead appliances create corresponding inner connections for all outer connections between the client and the client-side Steelhead appliance and between the server and the server-side Steelhead appliance. Peers are detected the first time a client-side Steelhead appliance attempts to connect to the server. The optimization service bypasses this initial connection and does not perform data reduction, but rather uses it to detect peers and populate the peer entry tables. On both Steelhead appliances, an entry appears in a peering list with the certificate of the other peer and identifying information such as IP address and hostname. You can then accept or decline the trust relationship with each Steelhead appliance requesting a secure inner channel. Once the appliances trust each other, they send encrypted data between themselves over secure inner connections matching the outer connections of the selected traffic types. The trust between the Steelheads is bidirectional; the client-side Steelhead appliance trusts the server-side Steelhead appliance, and vice versa. Riverbed recommends using the secure inner channel in place of IPsec encryption to secure traffic. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide.
secure-peering black-lst-peer
Description Syntax Parameters Configures a trusted self-signed black list peer. secure-peering black-lst-peer address <ip-addr> trust address <ipaddr> trust Usage Specify the IP address of the peer. Specify to configure a trusted black list peer.
Lists all untrusted Steelhead appliances. When you select Do Not Trust in the Management Console for a peer in a white or gray list, the public key of the Steelhead appliance peer is copied into the local Steelhead appliance untrusted hosts black list.
amnesiac (config) # secure-peering black-lst-peer address 10.0.0.1 trust
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show secure-peering black-lst-peers
382
Riverbed Command-Line Interface Reference Manual
secure-peering cipher-string
Configuration-Mode Commands
secure-peering cipher-string
Description Syntax Parameters Configures a a cipher string to use for peering. secure-peering cipher-string <string> <cr> | cipher-num <number> cipher-string <string> cipher-num <number> Usage Example Product Related Topics Specify one of the following cipher-strings (case-sensitive) or a combination using the underscore character ( _ ). For a complete list, view the CLI online help. Specify a number to set the order of the list. The number must be an integer greater or equal to 1-N, or end.
Creates a preference list of cipher strings used for client-handshakes, server-handshakes, or peering-handshakes.
amnesiac (config) # secure-peering cipher-string MD5
Steelhead appliance, Cloud Steelhead show secure-peering ca
secure-peering crl
Description Syntax Parameters Configures CRL for an automatically discovered CAs. You can update automatically discovered CRLs using this command. secure-peering crl ca <string> cdp <integer> ldap-server <ip-addr or hostname> crl-attr-name <name> port <port> ca <string> cdp <integer> ldap-server <ip-addr or hostname> crl-attr-name <name> port <port> Usage Specify Name of a secure peering CA certificate. Specify a Certificate Distribution Point (CDP) in a secure peering CA certificate. Specify a Lightweight Directory Access Protocol (LDAP) server answering query to Certificate Revocation List (CRL). Optionally, specify the attribute name of CRL in a LDAP entry. Optionally, specify the LDAP service port.
Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs.
Example Product Related Topics
amnesiac (config) # secure-peering crl ca mycert cdp 1 ldap-server 10.0.0.1
Steelhead appliance, Cloud Steelhead show secure-peering crl
Riverbed Command-Line Interface Reference Manual
383
Configuration-Mode Commands
secure-peering crl cas enable
secure-peering crl cas enable
Description Enables CRL polling and use of CRL in handshake verifications of CAs certificates. Currently, the Steelhead appliance only supports downloading CRLs from Lightweight Directory Access Protocol (LDAP) servers. [no] secure-peering crl cas enable None Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. Enabling CRL allows the CA to revoke a certificate. For example, when the private key of the certificate has been compromised, the CA can issue a CRL that revokes the certificate. A CRL includes any digital certificates that have been invalidated before their expiration date, including the reasons for their revocation and the names of the issuing certificate signing authorities. A CRL prevents the use of digital certificates and signatures that have been compromised. The certificate authorities that issue the original certificates create and maintain the CRLs. Example Product Related Topics
amnesiac (config) # secure-peering crl cas enable
Syntax Parameters Usage
Steelhead appliance, Cloud Steelhead show secure-peering crl
secure-peering crl manual ca
Description Syntax Parameters Manually configures a CDP for CRL management. [no] secure-peering crl manual ca <ca-name> uri <string> <ca-name> uri <string> Usage Example Product Related Topics Specify the CA name to manually configure the CDP. The no protocol ssl crl manual command removes manually configured CDPs. Specify the CDP URI to manually configure the CDP for the CRL.
The Steelhead appliance automatically discovers CDPs for all certificates on the appliance. You can manually configure a CA using this command.
amnesiac (config) # secure-peering crl manual ca Camerfirma_Chambers_of_Commerce uri URI: http://crl.chambersign.org/chambersroot.crl
Steelhead appliance, Cloud Steelhead show secure-peering crl
secure-peering crl query-now
Description Syntax Downloads CRL now. [no] secure-peering crl query-now ca <string> cdp <integer>
384
Riverbed Command-Line Interface Reference Manual
secure-peering export
Configuration-Mode Commands
Parameters
ca <string> cdp <integer>
Specify the CA name. Specify the CDP integer.
Usage Example Product Related Topics
The Steelhead appliance automatically discovers CDPs for all certificates on the appliance. You can manually configure a CA using this command.
amnesiac (config) # secure-peering crl query-now ca myca cdp 12
Steelhead appliance, Cloud Steelhead show secure-peering crl
secure-peering export
Description Syntax Parameters Exports a certificate (and optional key) in PEM format. [no] secure-peering export <cr> | include-key password <password> include-key password <password> Usage Example Specify to include the private key. Specify a password used to encrypt exported data.
The Steelhead appliance automatically discovers CDPs for all certificates on the appliance. You can manually configure a CA using this command.
amnesiac (config) # secure-peering export include-key password mypasswd U2FsdGVkX1/GM9EmJ0O9c1ZXh9N18PuxiAJdG1maPGtBzSrsU/CzgNaOrGsXPhor VEDokHUvuvzsfvKfC6VnkXHOdyAde+vbMildK/lxrqRsAD1n0ezFFuobYmQ7a7uu TmmSVDc9jL9tIVhd5sToRmeUhYhEHS369ubWMWBZ5rounu57JE6yktECqo7tKEVT DPXmF1BSbnbK+AHZc6NtyYP3OQ88vm9iNySOHGzJ17HvhojzWth5dwNNx28I8GDS zCmkqlaNX6vI3R/9KmtIR/Pk6QCfQ0sMvXLeThnSPnQ6wLGctPxYuoLJe0cTNlVh r3HjRHSKXC7ki6Qaw91VDdTobtQFuJUTvSbpKME9bfskWlFh9NMWqKEuTJiKC7GN [partial example]
Product Related Topics
Steelhead appliance, Cloud Steelhead show secure-peering
secure-peering fallback-no-enc enable
Description Syntax Parameters Enables fallback to no encryption on the inner channel. [no] secure-peering fallback-no-enc enable None
Riverbed Command-Line Interface Reference Manual
385
Configuration-Mode Commands
secure-peering generate-cert rsa
Usage
Specifies that the Steelhead appliance optimizes but does not encrypt the connection when it is unable to negotiate a secure, encrypted inner channel connection with the peer. This is the default setting. Enabling this option requires an optimization service restart. Important: Riverbed strongly recommends enabling this setting on both the client-side and the server-side Steelhead appliances, especially in mixed deployments where one Steelhead appliance is running RiOS v6.0 or later and the other Steelhead is running an earlier RiOS version. This option applies only to non-SSL traffic. Use the no secure-peering fallback-no-enc enable to pass through connections that do not have a secure encrypted inner channel connection with the peer. Use caution when disabling this setting, as doing so specifies that you strictly do not want traffic optimized between non-secure Steelhead appliances. Consequently, configurations with this setting disabled risk the possibility of dropped connections. For example, consider a configuration with a client-side Steelhead appliance running RiOS v5.5.x or earlier and a server-side Steelhead appliance running RiOS v6.0 or later. When this setting is disabled on the server-side Steelhead and All is selected as the traffic type, it will not optimize the connection when a secure channel is unavailable, and might drop it.
Example Product Related Topics
amnesiac (config) # secure-peering fallback-no-enc enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show scep service
secure-peering generate-cert rsa
Description Syntax Generates a private key and a self-signed certificate using RSA encryption. secure-peering generate-cert rsa <cr> | [key-size <512|1024|2048> ] | [common-name <string>] | [country <string>] | [email <email address>] | [locality <string>] | [org <string>] | [org-unit <string>] | [state <string>] | [valid-days <integer>] key-size <512|1024|2048> common-name <string> Specify the key size. Specify the common name of a certificate. To facilitate configuration, you can use wild cards in the name; for example, *.nbttech.com. If you have three origin servers using different certificates such as webmail.nbttech.com, internal.nbttech.com, and marketingweb.nbttech.com, on the server-side Steelhead appliances, all three server configurations may use the same certificate name *.nbttech.com. Specify the certificate 2-letter country code. Specify the email address of the contact person. Specify the city. Specify the organization. Specify the organization unit (for example, the company). Specify the state. You cannot use abbreviations. Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years.
Parameters
country <string> email <email address> locality <string> org <string> org-unit <string> state <string> valid-days <integer>
386
Riverbed Command-Line Interface Reference Manual
secure-peering generate-csr
Configuration-Mode Commands
Usage
RiOS 6.0 simplifies the SSL configuration process because it eliminates the need to add each server certificate individually. Prior to v6.0, you need to provide an IP address, port, and certificate to enable SSL optimization for a server. In RiOS v 6.0 and later, you need only add unique certificates to a Certificate Pool on the server-side Steelhead appliance. When a client initiates an SSL connection with a server, the Steelhead appliance matches the common name of the servers certificate with one in its certificate pool. If it finds a match, it adds the server name to the list of discovered servers that are optimizable and all subsequent connections to that server are optimized. If it does not find a match, it adds the server name to the list of discovered servers that are bypassed and all subsequent connections to that server are not optimized. The Steelhead appliance supports RSA private keys for peers and SSL servers. For detailed information about configuring SSL including basic steps, see the Steelhead Management Console Users Guide.
Example Product Related Topics
amnesiac (config) # secure-peering generate-cert rsa common-name Company-Wide country US email [email protected] key-size 2048 locality northregion valid-days 360
Steelhead appliance, Cloud Steelhead show protocol ssl server-certs
secure-peering generate-csr
Description Syntax Parameter Generates a certificate signing request with current private key. secure-peering generate-csr <cr> | [common-name <string>] | [country <string>] | [email <email address>] | [locality <string>] | [org <string>] | [org-unit <string>] | [state <string>] common-name <string> country <string> email <email address> locality <string> org-unit <string> state <string> Usage Example Specify the certificate common name. Specify the certificate 2-letter country code. Specify the email address of the contact person. Specify the city. Specify the organization name (for example, the company). Specify the state. You cannot use abbreviations.
Use this command to generate a Certificate Signing Request (CSR) for an existing SSL server using the current private key.
amnesiac (config) # secure-peering generate-csr common-name Company-Wide country USA email [email protected] locality northregion org Company org-unit all state California
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol ssl server-certs
secure-peering gray-lst-peer
Description Syntax Configures a trust a self-signed gray-list peer. [no] secure-peering gray-lst-peer <ip-addr> trust
Riverbed Command-Line Interface Reference Manual
387
Configuration-Mode Commands
secure-peering import-cert
Parameters
<ip-addr> trust
Specify the IP address for the self-signed gray list peer Enable a trust relationship for the specified peer.
Usage
Peers are detected the first time a client-side Steelhead appliance attempts to connect to the SSL server. The service bypasses this initial connection and does not perform data reduction, but rather uses it to populate the peer entry tables. On both Steelhead appliances, an entry appears in the gray list with the information and certificate of the other peer. You can then accept the peer as trusted on both appliances, as described below.
amnesiac (config) # secure-peering gray-lst-peer 10.0.0.1 trust
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show scep service
secure-peering import-cert
Description Syntax Parameters Imports a certificate. [no] secure-peering import-cert <cert data> <cr> | import-key <key data> <cert data> import-key <key data> Example Specify the existing string to import the certificate. (These are X509 PEM-format field names.) Specify the private key in PEM format.
amnesiac (config) # secure-peering import-cert -----BEGIN CERTIFICATE----MIIDZjCCAs+gAwIBAgIJAIWfJNZEJiAPMA0GCSqGSIb3DQEBBQUAMIGAMSAwHgYD VQQDExdTdGVlbGhlYWQgRDM0U1QwMDA1QzAwQzEiMCAGA1UEChMZUml2ZXJiZWQg VGVjaG5vbG9neSwgSW5jLjEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UE CBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCLS0wHhcNMDkxMTE4MDEwNTAyWhcNMTEx MTE4MDEwNTAyWjCBgDEgMB4GA1UEAxMXU3RlZWxoZWFkIEQzNFNUMDAwNUMwMEMx IjAgBgNVBAoTGVJpdmVyYmVkIFRlY2hub2xvZ3ksIEluYy4xFjAUBgNVBAcTDVNh biBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAi0tMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC94anW9uuDnY2i6xmx6u/jV3BoxS/W gTBG2kiK6lfNmmUGDj2+QVue4hZAKJZS//RKES8V2oarO/dWkl8IKak6rRm3wYKo 1mtYiClJdUJ/oUyqNZGDSksDpW9I9ATugrnwvWFartOcqPmc09lAVgfWha3BfDlw LyuwfDb8WXXofwIDAQABo4HlMIHiMB0GA1UdDgQWBBS2aGevyoPGohYRBpAsW3Q2 vixGmDCBtQYDVR0jAAAAAAAqgBS2aGevyoPGohYRBpAsW3Q2vixGmKGBhqSBgzCB gDEgMB4GA1UEAxMXU3RlZWxoZWFkIEQzNFNUMDAwNUMwMEMxIjAgBgNVBAoTGVJp dmVyYmVkIFRlY2hub2xvZ3ksIBBBBBBBFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x EzARBgNVBAgTCkNDDDDDDDDDaWExCzAJBgNVBAYTAi0tggkAhZ8k1kQmIA8wCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOBgQCwxb8SSSSSSSSSSK48+kytIgpl0SHW QYe1+YuLU36q12kY19dkpqbqmbKO/+iIIUH9cflpq2QNL7tnK1xPOxpk9AeuhRZq X7Wk5IHe7zebpYuvHxmFWjYFKjm8oLEswqnaZF9UYmxUf7+g1J7bE7A42EEM0S/B 0w7oWN72V1Yk1Q== -----END CERTIFICATE-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show secure-peering certificate
388
Riverbed Command-Line Interface Reference Manual
secure-peering import-cert-key
Configuration-Mode Commands
secure-peering import-cert-key
Description Syntax Parameters Imports a certificate and key together. [no] secure-peering import-cert-key <cert-key-data> <cr> | password <string> <cert-keydata> Specify the certificate and private key data in PEM format to import the key. (These are X509 PEM-format field names.) Note: The private key is required regardless of whether you are adding or updating. password <string> Example Specify the decryption password.
amnesiac (config) # secure-peering import-cert-key -----BEGIN CERTIFICATE----MIIDZjCCAs+gAwIBAgIJAIWfJNZEJiAPMA0GCSqGSIb3DQEBBQUAMIGAMSAwHgYD VQQDExdTdGVlbGhlYWQgRDM0U1QwMDA1QzAwQzEiMCAGA1UEChMZUml2ZXJiZWQg VGVjaG5vbG9neSwgSW5jLjEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UE CBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCLS0wHhcNMDkxMTE4MDEwNTAyWhcNMTEx MTE4MDEwNTAyWjCBgDEgMB4GA1UEAxMXU3RlZWxoZWFkIEQzNFNUMDAwNUMwMEMx IjAgBgNVBAoTGVJpdmVyYmVkIFRlY2hub2xvZ3ksIEluYy4xFjAUBgNVBAcTDVNh biBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAi0tMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC94anW9uuDnY2i6xmx6u/jV3BoxS/W gTBG2kiK6lfNmmUGDj2+QVue4hZAKJZS//RKES8V2oarO/dWkl8IKak6rRm3wYKo 1mtYiClJdUJ/oUyqNZGDSksDpW9I9ATugrnwvWFartOcqPmc09lAVgfWha3BfDlw LyuwfDb8WXXofwIDAQABo4HlMIHiMB0GA1UdDgQWBBS2aGevyoPGohYRBpAsW3Q2 vixGmDCBtQYDVR0jBIGtMIGqgBS2aGevyoPGohYRBpAsW3Q2vixGmKGBhqSBgzCB gDEgMB4GA1UEAxMXU3RlZWxoZWFkIEQzNFNUMDAwNUMwMEMxIjAgBgNVBAoTGVJp dmVyYmVkIFRlY2hub2xvZ3ksIEluYy4xFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x EzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAi0tggkAhZ8k1kQmIA8wCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOBgQCwxb8y0w2aKkkAWK48+kytIgpl0SHW QYe1+YuLU36q12kY19dkpqbqmbKO/+iIIUH9cflpq2QNL7tnK1xPOxpk9AeuhRZq X7Wk5IHe7zebpYuvHxmFWjYFKjm8oLEswqnaZF9UYmxUf7+g1J7bE7A42EEM0S/B 0w7oWN72V1Yk1Q== -----END CERTIFICATE-----
Product Related Topics
Steelhead appliance, Cloud Steelhead show secure-peering certificate
secure-peering scep auto-reenroll
Description Syntax Parameters Configures automatic re-enrollment settings. The Steelhead appliance uses SCEP to automatically re-enroll certificates. [no] secure-peering scep auto-reeroll enable | exp-threshold <number-of-days> | last-result clear-alarm enable expthreshold <number-ofdays> last-result clear-alarm Enables automatic re-enrollment of a certificate to be signed by a CA. Specify the amount of time (in days) to schedule re-enrollment before the certificate expires.
Clears the automatic re-enrollment last-result alarm. The last result is the last completed enrollment attempt.
Riverbed Command-Line Interface Reference Manual
389
Configuration-Mode Commands
secure-peering scep max-num-polls
Usage
The Steelhead appliance uses SCEP to dynamically re-enroll a peering certificate to be signed by a certificate authority. The no command option disables this feature.
Example Product Related Topics
amnesiac (config) # secure-peering scep auto-reenroll enable
Steelhead appliance, Cloud Steelhead show secure-peering scep auto-reenroll last-result
secure-peering scep max-num-polls
Description Configures the maximum number of polls. A poll is a request to the server for an enrolled certificate by the Steelhead appliance. The Steelhead appliance polls only if the server responds with pending. If the server responds with fail then the Steelhead appliance does not poll. secure-peering scep max-num-polls <max number polls> <max number polls> Specify the maximum number of polls before the Steelhead appliance cancels the enrollment. The peering certificate is not modified. The default value is 5.
Syntax Parameters
Usage Example Product Related Topics
The no command option disables this feature.
amnesiac (config) # secure-peering scep max-num-polls 12
Steelhead appliance, Cloud Steelhead show secure-peering scep
secure peering scep on-demand cancel
Description Syntax Parameters Usage Example Product Related Topics Cancels any active on-demand enrollment. [no] secure-peering scep on-demand cancel None The no command option disables this feature.
amnesiac (config) # secure-peering scep on-demand cancel
Steelhead appliance, Cloud Steelhead show secure-peering scep on-demand csr
390
Riverbed Command-Line Interface Reference Manual
secure-peering scep on-demand gen-key-and-csr rsa
Configuration-Mode Commands
secure-peering scep on-demand gen-key-and-csr rsa
Description Syntax Generates new private key and CSR for on-demand enrollment using the Rivest-Shamir-Adleman algorithm. [no] secure-peering scep on-demand gen-key-and-csr rsa state <string> | org-unit <string> | org <string> | locality <string> | email <email-addr> | country <string> | common-name <string> | key-size <512 | 1024 | 2048> state <string> org-unit <string> org <string> locality <string> email <emailaddr> country <string> commonname <string> key-size <512|1024|2 048> Usage Example Product Related Topics Specify the state. No abbreviations are permitted. Specify the organizational unit (for example, the department). Specify the organization name (for example, the company). Specify the city. Specify an email address of the contact person.
Parameters
Specify the country (2-letter code only). Specify the hostname of the peer.
Specify the key size in bits (for example, 512|1024|2048).
The no command option disables this feature.
amnesiac (config) # secure-peering scep on-demand gen-key-and-csr rsa state california
Steelhead appliance, Cloud Steelhead show secure-peering scep on-demand csr
secure-peering scep on-demand start
Description Syntax Parameters Usage Example Product Related Topics Starts an on-demand enrollment in the background. [no] secure-peering scep on-demand start <cr> | foreground foreground Specify to start an on-demand enrollment in the foreground
The no command option disables this feature.
amnesiac (config) # secure-peering scep on-demand start
Steelhead appliance, Cloud Steelhead show secure-peering scep on-demand csr
Riverbed Command-Line Interface Reference Manual
391
Configuration-Mode Commands
secure-peering scep passphrase
secure-peering scep passphrase
Description Syntax Parameters Usage Example Product Related Topics Configures the challenge password phrase. secure-peering scep passphrase <passphrase> <passphrase> Specify the challenge password phrase.
The no command option disables this feature.
amnesiac (config) # secure-peering scep passphrase myphrase
Steelhead appliance, Cloud Steelhead show secure-peering scep
secure-peering scep poll-frequency
Description Syntax Parameters Usage Example Product Related Topics Configures the poll frequency. secure-peering scep poll-frequency <minutes> <minutes> Specify the poll frequency in minutes. The default value is 5.
The no command option disables this feature.
amnesiac (config) # secure-peering scep poll-frequency 10
Steelhead appliance, Cloud Steelhead show secure-peering scep
secure-peering scep trust
Description Syntax Parameters Usage Example Product Related Topics Adds a peering trust for SCEP. [no] secure-peering scep trust peering-ca <name> peering-ca <name> Specify the name of the existing peering CA.
The no command option disables this feature.
amnesiac (config) # secure-peering scep trust peering-ca Wells_Fargo
Steelhead appliance, Cloud Steelhead show secure-peering scep ca
392
Riverbed Command-Line Interface Reference Manual
secure-peering scep url
Configuration-Mode Commands
secure-peering scep url
Description Syntax Parameters Usage Example Product Related Topics Configures the SCEP responder URL. secure-peering scep url <url> <url> Specify the URL of the SCEP responder. Use the following format: http://host[:port/path/to/service
The no command option disables this feature.
amnesiac (config) # secure-peering scep url http:examplehost:1212/pathtoservice
Steelhead appliance, Cloud Steelhead show secure-peering scep
secure-peering traffic-type
Description Syntax Parameters Controls the type of traffic sent through the secure inner channel. secure-peering traffic-type <type> <type> Specify the traffic type: ssl-only - The peer client-side Steelhead appliance and the server-side Steelhead appliance authenticate each other and then encrypt and optimize all SSL traffic; for example, HTTPS traffic on port 443. This is the default setting. ssl-and-secure-protocols - The peer client-side Steelhead appliance and the server-side Steelhead appliance authenticate each other and then encrypt and optimize all traffic traveling over the following secure protocols: SSL, SMB Signing, SMB2 Signing, and encrypted MAPI. When you select this traffic type, SMB-Signing, SMB2 Signing, and MAPI Encryption must be enabled. all - The peer client-side Steelhead appliance and the server-side Steelhead appliance authenticate each other and then encrypt and optimize all traffic. Only the optimized traffic is secure; pass-through traffic is not.
Riverbed Command-Line Interface Reference Manual
393
Configuration-Mode Commands
secure-peering trust ca
Usage
In RiOS v6.0 or later, encrypted peering extends beyond traditional SSL traffic encryption. In addition to SSL-based traffic like HTTPS that always needs a secure inner channel between the client-side and the server-side Steelhead appliance, you can use the secure inner channel to encrypt and optimize other types of traffic as well: MAPI-encrypted, SMB-signing, and Lotus Notes encrypted traffic which require a secure inner channel for certain outer connections. All other traffic that inherently does not need a secure inner channel. When you use the secure inner channel, all data between the client-side and the server-side Steelhead appliances are sent encrypted over the secure inner channel. You configure the Steelhead appliances as SSL peers so that they trust one another as WAN optimization peers. The Steelhead appliances authenticate each other by exchanging certificates and negotiating a separate encryption key for each intercepted connection. The trust between the Steelheads is bidirectional; the client-side Steelhead appliance trusts the server-side Steelhead appliance, and vice versa. All outer connections between the client and the client-side Steelhead appliance and between the server and the server-side Steelhead appliance create a corresponding secure inner connection between the Steelhead appliances. The inner connections that correspond to the outer connections of the selected traffic are encrypted. If you are securing SMB-Signed traffic, SMB2-Signed traffic, Lotus Notes traffic, or Encrypted MAPI traffic, you must enable the protocol. Navigate to: To enable SMB Signing, see protocol cifs smb signing enable on page 304 To enable SMB2 Signing, see protocol smb2 signing enable on page 307 To enable Lotus Notes Optimization, see protocol notes enable on page 346 To enable Encrypted Optimization, see protocol mapi encrypted enable on page 321 For detailed information, see the Steelhead Management Console Users Guide.
Example Product Related Topics
amnesiac (config) # secure-peering traffic-type all
Steelhead appliance, Cloud Steelhead show secure-peering scep
secure-peering trust ca
Description Syntax Parameters Example Product Related Topics Adds peering trust CA. secure-peering trust ca <cert> <cert> Specify the CA name for the certificate provided by the peer. (These are X509 PEM-format field names.)
amnesiac (config) # secure-peering trust ca ADDTRUST_Public
Steelhead appliance, Cloud Steelhead show protocol ssl server-certs
394
Riverbed Command-Line Interface Reference Manual
secure-peering trust cert
Configuration-Mode Commands
secure-peering trust cert
Description Syntax Parameters Adds peering trust CA. secure-peering trust cert <cert-data> <cr> | local-name <cert-data> local-name <local name> Example Product Related Topics Specify the certificate in PEM format to import the key. (These are X509 PEMformat field names.) Optionally, specify the local name for certificate (ignored if importing multiple certificates).
amnesiac (config) # secure-peering trust cert ADDTRUST_Public
Steelhead appliance, Cloud Steelhead show secure-peering
QoS Support Commands
This section describes the Quality of Service support commands. RiOS supports flat and hierarchical QoS. For detailed information about QoS features and limitations, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. Basic and Advanced QoS on page 395 QoS Migration on page 396 Basic QoS Commands on page 397 Advanced QoS Commands on page 403 DSCP QoS Commands on page 415
Basic and Advanced QoS
RiOS version 6.5 provides two types of QoS configurations: basic and advanced. The QoS configuration you implement depends on how much classification and shaping your network traffic requires and whether you are migrating from a previous RiOS version or configuring QoS on a Steelhead appliance for the first time. Advanced QoS supports different bandwidths for different interfaces. Basic QoS does not, but you can specify the remote site absolute bandwidth. A new Steelhead appliance or a Steelhead appliance with no QoS configuration upgraded to RiOS version 6.5 is configured with basic QoS by default. If QoS was configured prior to upgrading to RiOS version 6.5, the Steelhead appliance will be configured with advanced QoS and existing QoS settings are preserved after the upgrade. CLI commands for basic QoS begin with, qos basic classification. For example, qos basic classification site add site-name. CLI commands for advanced QoS begin with, qos classification. For example, qos classification site edit site-name. CLI commands used for DSCP contain dscp in this command. For example, qos dscp rule. These commands are divided into sections by function in this guide. The command qos classification enable is compatible with both basic and advanced QoS and is presented below.
Riverbed Command-Line Interface Reference Manual
395
Configuration-Mode Commands
qos classification enable
qos classification enable
Description Syntax Parameters Usage Enables the QoS classification feature in both basic and advanced QoS. The QoS classification feature allows you to prioritize optimized and pass-through traffic going through this appliance. [no] qos classification enable None Compatible with both Basic and advanced QoS. QoS is a reservation system for network traffic in which you create QoS classes to distribute network resources. The classes are based on traffic importance, bandwidth needs, and delaysensitivity. You allocate network resources to each of the classes. Traffic flows according to the network resources allocated to its class. You can configure QoS on Steelhead appliances to control the prioritization of different types of network traffic and to ensure that Steelhead appliances give certain network traffic (for example, VoIP) higher priority over other network traffic. QoS allows you to specify priorities for various classes of traffic and properly distribute excess bandwidth among classes. The QoS classification algorithm provides mechanisms for link sharing, real-time, and priority services while decoupling delay and bandwidth allocation. QoS classes set priorities and bandwidths. You can create multiple QoS classes. There is no requirement that QoS classes represent applications, traffic to remote sites, or any other particular aggregation. The QoS classes that are always present on the Steelhead appliance are: Root Class - The root class is used to constrain the total outbound rate of traffic leaving the Steelhead appliance to the configured, per-link WAN bandwidth. This class is not configured directly, but is created when you enable QoS classification and enforcement on the Steelhead appliance. Built-in Default Class - The QoS scheduler applies the built-in default class constraints and parameters on traffic not otherwise placed in a class by the configured QoS rules. QoS classes are configured in one of two different modes: flat or hierarchical. The difference between the two modes primarily consists of how QoS classes are created. Traffic is not classified until at least one WAN interface is enabled. QoS classification occurs during connection setup for optimized traffic, before optimization and compression. QoS shaping and enforcement occurs after optimization and compression. By design, QoS is applied to both pass-through and optimized traffic. QoS is implemented in the operating system; it is not a part of the optimization service. When the optimization service is disabled, all the traffic is passed through and is still shaped by QoS. For detailed information, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. The no command option disables QoS. A service restart is required if you disable QoS. Example Product Related Topics
amnesiac (config) # qos classification enable
Steelhead appliance, Cloud Steelhead show qos classification
QoS Migration
To move from basic QoS to advanced QoS using the command-line interface, use the command, qos migrate basic-to-adv. To move from advanced QoS to basic QoS, use, qos migrate adv-to-basic. If you move from advanced QoS to basic QoS all QoS settings are removed. If you move from basic QoS to advanced QoS your settings are preserved. If you return to basic QoS, those settings are removed.
396
Riverbed Command-Line Interface Reference Manual
qos migrate basic-to-adv
Configuration-Mode Commands
qos migrate basic-to-adv
Description Syntax Parameters Usage Configures advanced QoS mode on a Steelhead appliance currently in basic QoS mode. qos migrate basic-to-adv <confirm> <confirm> Confirm migration from Basic to Advanced mode. All QoS settings will be deleted.
You must enter this command without the confirm option and then, within 10 seconds, enter the command again, with the confirm option. Note: All QoS settings are lost when migrating from one QoS mode to another.
Example
amnesiac (config) # qos migrate adv-to-basic Proceeding with this action will result in a loss of *all* QoS settings. Please re-run with the "confirm" keyword within 10 seconds to confirm this action. gen-sh198 (config) # qos migrate adv-to-basic confirm
Product Related Topics
Steelhead appliance show qos classification
qos migrate adv-to-basic
Description Syntax Parameters Usage Configures basic QoS mode on a Steelhead appliance currently in advanced QoS mode. qos migrate adv-to-basic <confirm>} <confirm> Confirm migration from Advanced to Basic mode. All QoS settings will be deleted.
You must enter this command without the confirm option and then, within 10 seconds, enter the command again, with the confirm option. Note: All QoS settings are lost when migrating from one QoS mode to another.
Example
amnesiac (config) # qos migrate adv-to-basic Proceeding with this action will result in a loss of *all* QoS settings. Please re-run with the "confirm" keyword within 10 seconds to confirm this action. gen-sh198 (config) # qos migrate adv-to-basic confirm
Product Related Topics
Steelhead appliance show qos classification
Basic QoS Commands
Use basic QoS when you: currently do not have RiOS QoS configured. are currently using RiOS v6.1.x or earlier QoS but are willing to consolidate and reconfigure your existing rules. The existing configuration is lost when you switch from advanced to basic QoS. do not need more granular control and can use the default settings.
Riverbed Command-Line Interface Reference Manual
397
Configuration-Mode Commands
qos basic classification wan-oversub enable
qos basic classification wan-oversub enable
Description Syntax Parameters Usage Enables bandwidth oversubscription support. Allows the sum of remote site bandwidths to exceed the WAN uplink speed. [no] qos basic classification wan-oversub enable None Riverbed recommends enabling this option when your network includes remote site bandwidths that collectively exceed the available bandwidth of the local WAN uplink interface speed when a subset of remote sites are active at once. Bandwidth oversubscription shares the bandwidth fairly when the network includes remote site bandwidths that collectively exceed the available bandwidth of the local WAN uplink interface speed. The link sharing provides bandwidth guarantees when some of the sites are partially or fully inactive. For example, your data center uplink might be 45Mbit/s with three remote office sites each with 20Mbit/s uplinks. When disabled, you can only allocate bandwidth for the remote sites such that the total bandwidth does not exceed the bandwidth of any of the enabled interfaces on which QoS is enabled. Note: Enabling this option can degrade latency guarantees when the remote sites are fully active. Example Product Related Topics
amnesiac (config) # no qos basic classification wan-oversub enable
Steelhead appliance show qos basic classification
qos basic classification global-app add
Description Syntax Adds QoS classification for a global application from the list of global applications. These site rules are applied to every site. [no] qos basic classification global-app add global-app-name <name> class-name <class> [dscp <dscp level>] [protocol {all | udp | tcp | gre}] [vlan <vlan>] | [traffic-type {all |optimized |passthrough}] | [srcnet <subnet/mask> | srcport <port>] | [dstnet <subnet/mask> | dstport <port>] | [l7protocol <protocol>] | [domain-name <name> ] | [relative-path <path>] | [index <number>] global-app-name <name> Specify the name of the global application.
Parameters
398
Riverbed Command-Line Interface Reference Manual
qos basic classification global-app add
Configuration-Mode Commands
class-name <class> [dscp <dscp level>] protocol {all | udp | tcp | gre} vlan <vlan> traffic-type {all | optimized | passthrough} [srcnet <subnet/ mask> | srcport <port>] dstnet <subnet/mask> | dstport <port>}
Specify the class which applies to the global application. If the rule matches, the specified rule sends the packet to this class. Optionally, specify a DSCP level (0-63). Use this option to configure a QoS rule matching a specific DSCP mark Optionally, specify the routing protocol for the rule: all, udp, tcp, gre. The default value is all. Optionally, specify the VLAN tag ID. Specify the type of traffic: optimized or passthrough. QoS rules are applied to optimized and pass-through (egress only) traffic. Optionally, specify the subnet and mask or the port. Use the following format for subnet and mask: 1.2.3.4/123. The default value for port is all. Optionally, specify the subnet and mask or the port. Use the following format for subnet and mask: 1.2.3.4/123. The default value for port is all.
l7protocol <protocol>
Specify a protocol name Enable a protocol for classification rules. The application priority separates low-priority traffic (such as print jobs), from high-priority traffic (such as interactive screen updates). The upper bandwidth limit is defined at 100%, so that the lower priority classes can use the full bandwidth when it is available.
domain-name <name> relative-path <path>
Specify a domain name. Only valid if you specify the l7protocol protocol HTTP. Specify a relative path. For example, the relative path for www.riverbed.com/appliance/commandline would be /appliance/ commandline. Only valid if you specify the l7protocol protocol HTTP. The relative path is the part of the URL that follows the domain name Rank in QoS index.
index <number> Usage
Global applications are applications the AppFlow Engine can recognize and classify. Each global application is associated with a default QoS class. You can change the class with which a global application is associated using the class-name parameter. Display a complete list of supported global applications using show qos basic classification global-app ?. You can add additional global applications. For more information see the Riverbed Deployment Guide. Note: Available only in basic QoS.
Example
amnesiac (config) # qos basic classification global-app add global-app-name MyGlobalApp class-name Realtime vlan 1 traffic all srcport 123 srcnet 192.168.0.0/ 24 proto tcp dstport 456 dstnet 172.168.0.0/16 dscp 3
Product Related Topics
Steelhead appliance show qos basic classification, qos basic classification global-app move
Riverbed Command-Line Interface Reference Manual
399
Configuration-Mode Commands
qos basic classification global-app move
qos basic classification global-app move
Description Syntax Parameters Moves an existing QoS rule in the rule index to the specified number, optionally on a particular site. qos basic classification global-app move from <index> to <index> from <index> to <index> Move QoS global application position in index of QoS global application.
Usage
For a complete list of supported global applications use show qos basic classification global-app ? to print help information on the command line. For a complete list of global applications use qos basic classification global-app? to print help information on the command line. Note: This command is available only in basic QoS mode.
Example Product Related Topics
amnesiac (config) # qos basic classification global-app move from 2 to 4
Steelhead appliance show qos basic classification, qos classification rule
qos basic classification interface enable
Description Syntax Parameters Usage Enables QoS bandwidth allocation on the specified interface. qos basic classification interface <interface name> enable <interface name> Specify an interface name: primary or wan0_0
Enables QoS classification on a specified interface. Traffic is not classified until at least one WAN interface is enabled. Bandwidth allocation, also known as traffic shaping, is a means of allocating the correct amount of bandwidth for each QoS traffic class. The amount you specify reserves a pre-determined amount of bandwidth for each traffic class. Bandwidth allocation is important for ensuring that a given class of traffic cannot consume more bandwidth than it is allowed. It is also important to ensure that a given class of traffic has a minimum amount of bandwidth available for delivery of data through the network. Note: This command is available only in basic QoS mode.
Example Product Related Topics
amnesiac (config) # qos classification interface wan0_0 enable
Steelhead appliance show qos basic classification, qos basic classification interface rate
qos basic classification interface rate
Description Syntax Sets the absolute QoS rate limit applied individually to every interface that is performing QoS traffic shaping qos basic classification interface rate <kbit rate>
400
Riverbed Command-Line Interface Reference Manual
qos basic classification policy add
Configuration-Mode Commands
Parameters Usage
<kbit rate>
Specify an integer for the bandwidth of the interface.
The link rate is the bottleneck WAN bandwidth, not the interface speed out of the WAN interface into the router or switch. For example, if your Steelhead connects to a router with a 100 Mbps link, do not specify this valuespecify the actual WAN bandwidth (for example, T1, T3). Important: Different WAN interfaces can have different WAN bandwidths; you must enter the bandwidth link rate correctly for QoS to function properly. Note: This command is available only in basic QoS mode.
Example Product Related Topics
amnesiac (config) # qos basic classification interface rate 1000
Steelhead appliance show qos basic classification, qos basic classification interface enable
qos basic classification policy add
Description Creates policies allocating bandwidth for the six classes used by a site in basic QoS. You can use the default policies or you can optionally add a bandwidth policy to allocate a bandwidth percentage for any of the six predefined service classes. qos basic classification policy add policy-name <name> class-name <name> min-bw-pct <percentage> max-bw-pct <percentage> policy-name <name> class-name <name> min-bw-pct <percentage> max-bw-pct <percentage> Usage Specify the name of this policy. Specify the name of this class. Specify the bandwidth minimum for this class, in percentage. Specify the bandwidth maximum for this class, in percentage.
Syntax Parameters
A class policy contains the bandwidth allocation for six classes used at each site in basic QoS mode. Select a class policy when creating a new site or editing a site. Note: You must configure all six classes to create a complete policy. Note: This command is available only in basic QoS mode.
Example Product Related Topics
amnesiac (config) # qos basic classification policy add policy-name test_policy class-name Business-Critical min-bw-pct 30 max-bw-pct 50
Steelhead appliance show qos basic classification, qos basic classification policy edit
qos basic classification policy edit
Description Syntax Edits a policy and edits or adds a class to set bandwidth allocation. qos basic classification policy edit policy-name <name> [add-class | edit-class] class-name <name> min-bw-pct <percentage> max-bw-pct <percentage>
Riverbed Command-Line Interface Reference Manual
401
Configuration-Mode Commands
qos basic classification site add
Parameters
policy-name <name> [add-class | edit-class] class-name <name> min-bw-pct <percentage> max-bw-pct <percentage>
Specify the name of an existing policy. Specify the name of an existing class to edit or a new class.
Specify the class bandwidth minimum, in percentage. Specify the class bandwidth maximum, in percentage.
Usage
A class policy contains the bandwidth allocation for six classes used at each site in basic QoS mode. Select a class policy when creating a new site or editing a site. You must configure all six classes to create a complete policy. Bandwidth allocation, also known as traffic shaping, is a means of allocating the correct amount of bandwidth for each QoS traffic class. The amount you specify reserves a pre-determined amount of bandwidth for each traffic class. Bandwidth allocation is important for ensuring that a given class of traffic cannot consume more bandwidth than it is allowed. It is also important to ensure that a given class of traffic has a minimum amount of bandwidth available for delivery of data through the network. Note: This command is available only in basic QoS mode.
Example Product Related Topics
amnesiac (config) # qos basic classification policy edit policy-name test_policy edit-class class-name Business-Critical min-bw-pct 30 max-bw-pct 50
Steelhead appliance show qos basic classification, qos basic classification policy add
qos basic classification site add
Description Syntax Parameters Adds a site to a basic QoS configuration, including WAN bandwidth and, optionally, index position. qos basic classification site add site-name <name> network <IPv4 subnet> wan-bw <throughput> policy-name <name> [index <number>] site-name <name> network <IPv4 subnet> wan-bw <throughput> policy-name <name> index <number> Usage Example Specify the name of the site. For example, data center. Specify the Subnet (i.e., XXX.XXX.XXX.XXX/XX) of the site.
Specify the maximum WAN bandwidth in kbps. Specify the name of a policy to associate with the site. Optionally, specify the position in the index.
Basic QoS offers a maximum of 35 sites. For more information see the Riverbed Deployment Guide.
amnesiac (config) # qos basic classification site add site-name MyTestSite network 192.12.12.10/32 wan-bw 5000 policy-name Low-Priority index 3
402
Riverbed Command-Line Interface Reference Manual
qos basic classification site edit
Configuration-Mode Commands
Product Related Topics
Steelhead appliance show qos basic classification, qos basic classification site edit
qos basic classification site edit
Description Syntax Parameters Edits the WAN throughput and policy associated with a specified site in basic QoS. qos basic classification site edit site-name <name> [policy-name <name> | wan-bw <throughput>] site-name <name> wan-bw <throughput> policy-name <name> Example Product Related Topics Specify the name of an existing site. Specify the desired bandwidth throughput. Specify the name of a policy to associate with the site.
amnesiac (config) # qos basic classification site edit site-name MyTestSite wan-bw 5000
Steelhead appliance show qos basic classification, qos basic classification site add
qos basic classification site move
Description Syntax Parameters Moves QoS site position in the order of application. qos basic classification site move from <position> to <position> from <postion> to <position> Usage Specify the numeric position in the index. Specify the numeric position in the index.
Steelhead appliances evaluate rules in numerical order called an index, starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. Note: The default site, which is tied to the Medium Office policy, cannot be removed and is always listed last. This command is available only in basic QoS mode.
Example Product Related Topics
amnesiac (config) # qos basic classification site move from 4 to 1
Steelhead appliance show qos basic classification, qos basic classification site edit
Advanced QoS Commands
Use advanced QoS when you:
Riverbed Command-Line Interface Reference Manual
403
Configuration-Mode Commands
qos classification class
are currently using RiOS v6.1.x or earlier QoS and do not want to reconfigure your existing rules. The Steelhead preserves the configuration. need to use the MX-TCP queue. For details, see the Steelhead Management Console Users Guide. need to set application priorities for Citrix ICA traffic (this requires packet-order queue). have WAN links with different bandwidth (basic QoS assumes all links of the same size) . For example, you might have a 2 Mbps MPLS link with a 1 Mbps ADSL backup.
qos classification class
Description Syntax Adds or modifies a QoS class. Priorities and bandwidths are set by QoS class. You can create multiple classes. [no] qos classification class {add | modify class-name <classname> | priority {realtime | interactive | business | normal | low} | min-pct <min bw percent> <cr>} | parent <parent class name> | queue-length <length> <cr> | queue-type {fifo | sfq | mxtcp | packet-order} <cr> | [conn-limit <num> <cr>] | upper-limit-pct <upper-limit pct> <cr> | link-share <weight> <cr> add | modify class-name <classname> priority {realtime | interactive | business | normal | low} <cr> Specify whether to add or modify a new class. Specify a name for the QoS class. Specify a minimum guaranteed QoS priority level. The latency priority indicates how delay-sensitive a traffic class is to the QoS scheduler. Select the latency priority for the class: realtime - Specifies a Real-Time traffic class. Traffic that is your highest priority should be given this value, for example, VoIP, video conferencing. interactive - Specifies an interactive traffic class. For example, Citrix, RDP, telnet and ssh. business - Specifies the Business Critical traffic class. For example, Thick Client Applications, ERPs, and CRMs normal - Specifies a normal priority traffic class. For example, Internet browsing, file sharing, and email. low - Specifies a low priority traffic class. For example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. min-pct <min bw percent> Specify the minimum amount of bandwidth given to a flow when there is bandwidth contention (minimum bandwidth guarantee). Flows that do not use all of their allocated minimum bandwidth will share this excess bandwidth with other flows that exceed their minimum bandwidth allocation. All the classes combined cannot exceed 100%. During contention for bandwidth, the class is guaranteed at least the amount specified. It will receive more if there is unused bandwidth remaining. The guaranteed bandwidth calculated based on this percentage should be no less than 1kbps. For example, if the wan0_0 throughput is 1000 kbps, and a first-level class has its guaranteed bandwidth of 0.1%, this results in a bandwidth of 1000 * 0.1% = 1kbps. Specify the parent for a child class to enable QoS hierarchy. The class will inherit the parents definitions. For example, if the parent class has a business priority, and its child has a realtime priority, the child will inherit the business priority from its parent, and will use a realtime priority only with respect to its siblings. For detailed information, see the Steelhead Management Console Users Guide.
Parameters
parent <parent class name>
404
Riverbed Command-Line Interface Reference Manual
qos classification class
Configuration-Mode Commands
queue-length <length>
Specify QoS class queue length. By default, each class has a queue length of 100. Riverbed recommends that you consult with Riverbed Support or your sales engineer before you set this parameter.
Riverbed Command-Line Interface Reference Manual
405
Configuration-Mode Commands
qos classification class
queue-type {fifo | sfq | sfq | mxtcp | packetorder} <cr>
Optionally, select one of the following queue methods for the leaf class (the queue does not apply to the inner class): fifo - Transmits all flows in the order that they are received (first in, first out). Bursty sources can cause long delays in delivering timesensitive application traffic and potentially to network control and signaling messages. sfq - Shared Fair Queueing (SFQ) is the default queue for all classes. Determines Steelhead appliance behavior when the number of packets in a QoS class outbound queue exceeds the configured queue length. When SFQ is used, packets are dropped from within the queue in a round-robin fashion, among the present traffic flows. SFQ ensures that each flow within the QoS class receives a fair share of output bandwidth relative to each other, preventing bursty flows from starving other flows within the QoS class. mxtcp - Has very different use cases than the other queue parameters. MX-TCP also has secondary effects that you need to understand before configuring: When optimized traffic is mapped into a QoS class with the MXTCP queuing parameter, the TCP congestion control mechanism for that traffic is altered on the Steelhead appliance. The normal TCP behavior of reducing the outbound sending rate when detecting congestion or packet loss is disabled, and the outbound rate is made to match the minimum guaranteed bandwidth configured on the QoS class. You can use MX-TCP to achieve high-throughput rates even when the physical medium carrying the traffic has high loss rates. For example, MX-TCP is commonly used for ensuring high throughput on satellite connections where a lower-layer-loss recovery technique is not in use. Another usage of MX-TCP is to achieve high throughput over high-bandwidth, high-latency links, especially when intermediate routers do not have properly tuned interface buffers. Improperly tuned router buffers cause TCP to perceive congestion in the network, resulting in unnecessarily dropped packets, even when the network can support high throughput rates. You must ensure the following when you enable MX-TCP: The QoS rule for MX-TCP is at the top of QoS rules list. The rule does not use AppFlow Engine classification. You only use MX-TCP for optimized traffic. MX-TCP does not work for unoptimized traffic. Important: Use caution when specifying MX-TCP. The outbound rate for the optimized traffic in the configured QoS class immediately increases to the specified bandwidth, and does not decrease in the presence of network congestion. The Steelhead appliance always tries to transmit traffic at the specified rate. If no QoS mechanism (either parent classes on the Steelhead appliance, or another QoS mechanism in the WAN or WAN infrastructure) is in use to protect other traffic, that other traffic might be impacted by MX-TCP not backing off to fairly share bandwidth. When MX-TCP is configured as the queue parameter for a QoS class, the following parameters for that class are also affected: link-share - The link share weight parameter has no effect on a QoS class configured with MX-TCP. upper-limit-pct - The upper limit parameter has no effect on a QoS class configured with MX-TCP.
406
Riverbed Command-Line Interface Reference Manual
qos classification class
Configuration-Mode Commands
conn-limit <number>
Optionally, specify the connection limit. The connection limit is the maximum number of optimized connections for the class. When the limit is reached, all new connections are passed through unoptimized. In hierarchical mode, a parent class connection limit does not affect its child. Each child class optimized connection is limited by the connection limit specified for their class. For example, if B is a child of A, and the connection limit for A is set to 5, while the connection limit for B is set to 10, the connection limit for B is 10. Connection limit is supported only in in-path configurations. It is not supported in out-ofpath or virtual-in-path configurations. Connection Limit is supported only in in-path configurations. It is not supported in out-of-path or virtual-in-path configurations. Connection Limit does not apply to the packet-order queue or Citrix ICA traffic. RiOS does not support a connection limit assigned to any QoS class that is associated with a QoS rule with a AppFlow Engine component. A AppFlow Engine component consists of a Layer 7 protocol specification. RiOS cannot honor the class connection limit because the QoS scheduler might subsequently reclassify the traffic flow after applying a more precise match using AppFlow Engine inspection.
upper-limit-pct <upper-limit pct>
Specify the upper limit percent settings for the class. Specify the maximum allowed bandwidth (as a percentage) a class receives as a percentage of the parent class guaranteed bandwidth. The limit is applied even if there is excess bandwidth available. The upper limit parameter has no effect on a QoS class configured with MX-TCP.
link-share <weight>
Applies to flat mode only. Specify the weight for the class. The link share weight determines how the excess bandwidth is allocated among sibling classes. Link share does not depend on the minimum guaranteed bandwidth. By default, all the link shares are equal. Classes with a larger weight are allocated more of the excess bandwidth than classes with a lower link share weight. You cannot specify a link-share weight in H-QoS. In H-QoS, the link share weight is the same proportion as the guaranteed bandwidth of the class. The link-share weight does not apply to MX-TCP queues.
Usage
QoS classes set priorities and bandwidths. You can create multiple QoS classes. There is no requirement that QoS classes represent applications, traffic to remote sites, or any other particular aggregation. The QoS classes that are always present on the Steelhead appliance are: Root Class - The root class is used to constrain the total outbound rate of traffic leaving the Steelhead appliance to the configured, per-link WAN bandwidth. This class is not configured directly, but is created when you enable QoS classification and enforcement on the Steelhead appliance. Built-in Default Class - The QoS scheduler applies the built-in default class constraints and parameters on traffic not otherwise placed in a class by the configured QoS rules. QoS classes are configured in one of two different modes: flat or hierarchical. The difference between the two modes primarily consists of how QoS classes are created. For detailed information about QoS classes, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. The no command options deletes the QoS class.
Example
amnesiac (config) # qos classification class modify class-name example conn-limit 5
Riverbed Command-Line Interface Reference Manual
407
Configuration-Mode Commands
qos classification interface
Product Related Topics
Steelhead appliance, Cloud Steelhead show qos classification
qos classification interface
Description Syntax Parameters Enable and set the bandwidth link-rate for the specified WAN interface. [no] qos classification interface <interface> [enable] | [curve-burst <kbits>] | [rate <kbps>] <interface> enable curve-burst <kbits> rate <kbps> Usage Specify the interface for which to enable, set the link rate, or set the curve-burst. For example, wan0_0 Optionally enable QoS classification on interface. Optionally specify the QoS curve burst size. Sets bandwidth for traffic bursts greater than the upper bandwidth limit. Available in the CLI only. Optionally specify the link rate in kbps.
You can set the rate for an interface before it is enabled. You must enable the interface to use QoS on that interface. This rate is the bottleneck WAN bandwidth not the interface speed out of the WAN interface into the router or switch. For example, if your Steelhead appliance connects to a router with a 100 Mbps link, do not specify this valuespecify the actual WAN bandwidth (for example, T1, T3). Different WAN interfaces can have different WAN bandwidths; this value must be correctly entered for QoS to function correctly. The percentage of excess bandwidth given to a class is relative to the percentage of minimum bandwidth allocated to the class. The curve-burst option sets the amount of burst allowed for real-time QoS classes at the link rate. During this burst, all other traffic is suppressed. The formula for the burst rate is:
burst = 25% of (link-rate kb/sec * 1 sec)
Therefore, the burst rate changes as the link rate changes. The no command option disables the specified command option. Example Product Related Topics
amnesiac (config) # qos classification interface wan0_0 rate 1200 amnesiac (config) # qos classification interface wan0_0 enable
Steelhead appliance, Cloud Steelhead show qos classification
qos classification mode hierarchy enable
Description Syntax Parameters Enables advanced QoS classification in hierarchical mode. [no] qos classification mode hierarchy enable None
408
Riverbed Command-Line Interface Reference Manual
qos classification mode hierarchy enable
Configuration-Mode Commands
Usage
In hierarchical mode, you create QoS classes as children of QoS classes other than the root class. This allows you to create overall parameters for a certain traffic type, and specify parameters for subtypes of that traffic. There is no enforced limit to the number of QoS class levels you can create. In hierarchical mode, the following relationships exist between QoS classes: Sibling classes - Classes that share the same parent class. Leaf classes - Classes at the bottom of the class hierarchy. Inner classes - Classes that are neither the root class nor leaf classes. In hierarchical mode, QoS rules can only specify leaf classes as targets for traffic. Riverbed QoS controls the traffic of hierarchical QoS classes in the following manner: QoS rules assign active traffic to leaf classes. The QoS scheduler: applies active leaf class parameters to the traffic. applies parameters to inner classes that have active leaf class children. In flat mode, all of the QoS classes you create must have the root class as their parent. Thus all of the QoS classes you create are siblings. The QoS scheduler treats QoS classes in flat mode the same way that it does in hierarchical mode. However, only a single class level is defined. QoS rules place active traffic into the leaf classes. Each active class has its own QoS rule parameters which the QoS scheduler applies to traffic. For detailed information about QoS and how to configure it, see the Management Console online help or the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. The appropriate QoS enforcement system to use depends on the location of WAN bottlenecks for traffic leaving the site. Use the following guidelines when implementing QoS: A site that acts as a data server for other locations, such as a data center or regional hub, typically uses hierarchical mode. The first level of classes represents remote sites, and those remote site classes have child classes that either represent application types, or are indirectly connected remote sites. A site that typically receives data from other locations, such as a branch site, typically uses flat mode. The classes represent different application types. For example, suppose you have a network with ten locations, and you want to choose the correct mode for site 1. Traffic from site 1 normally goes to two other sites: sites 9 and 10. If the WAN links at sites 9 and 10 are at a higher bandwidth than the link at site 1, the WAN bottleneck rate for site 1 is always the link speed for site 1. In this case, you can use flat mode to enforce QoS at site 1, because the bottleneck that needs to be managed is the link at site 1. In flat mode, the parent class for all created classes is the root class that represents the WAN link at site 1. In the same network, site 10 sends traffic to sites 1 through 8. Sites 1 through 8 have slower bandwidth links than site 10. Because the traffic from site 10 faces multiple WAN bottlenecks (one at each remote site), you configure hierarchical mode for site 10. When configuring QoS classification for FTP, the QoS rules differ depending on whether the FTP data channel is using active or passive FTP. Active versus passive FTP determines whether the FTP client or the FTP server select the port connection for use with the data channel, which has implications for QoS classification. For detailed information, see the Steelhead Central Management Console Users Guide You can use the Steelhead Central Management Console (CMC) to enable QoS and to configure and apply QoS policies centrally to Steelhead appliances. For detailed information, see the Steelhead Central Management Console Users Guide. You must enable QoS classification and set the bandwidth link rate for the WAN interface before you create a QoS class.
Example
amnesiac (config) # qos classification mode hierarchy enable
Riverbed Command-Line Interface Reference Manual
409
Configuration-Mode Commands
qos classification mode hierarchy enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show qos classification
qos classification class modify
Description Syntax Sets the bandwidth link-rate for the specified WAN interface. qos classification class modify class-name <name> [queue-length <length> | queue-type <fifo | sfq> conn-limit <optimized connection number> link-share <weight> min-pct <min bw percent> priority {realtime | interactive | business | normal | low} class-name <name> queue-length <length> queue-type {fifo | sfq | sfq | packet-order} <cr> Specify a QoS class name setting. Specify QoS class queue length. By default, each class has a queue length of 100. Riverbed recommends that you consult with Riverbed Support or your sales engineer before you modify this parameter. Optionally, select one of the following queue methods for the leaf class (the queue does not apply to the inner class): fifo - Transmits all flows in the order that they are received (first in, first out). Bursty sources can cause long delays in delivering timesensitive application traffic and potentially to network control and signaling messages. sfq - Shared Fair Queueing (SFQ) is the default queue for all classes. Determines Steelhead appliance behavior when the number of packets in a QoS class outbound queue exceeds the configured queue length. When SFQ is used, packets are dropped from within the queue in a round-robin fashion, among the present traffic flows. SFQ ensures that each flow within the QoS class receives a fair share of output bandwidth relative to each other, preventing bursty flows from starving other flows within the QoS class. conn-limit <optimized connection number> Optionally, specify the maximum number of optimized connections for the class. When the limit is reached, all new connections are passed through unoptimized. In hierarchical mode, a parent class connection limit does not affect its child. Each child class optimized connection is limited by the connection limit specified for their class. For example, if B is a child of A, and the connection limit for A is set to 5, while the connection limit for B is set to 10, the connection limit for B is 10. Connection limit is supported only in in-path configurations. It is not supported in out-of-path or virtual-inpath configurations. Connection Limit is supported only in in-path configurations. It is not supported in out-of-path or virtual-in-path configurations. Connection Limit does not apply to the packet-order queue or Citrix ICA traffic. RiOS does not support a connection limit assigned to any QoS class that is associated with a QoS rule with an AppFlow Engine component. An AppFlow Engine component consists of a Layer 7 protocol specification. RiOS cannot honor the class connection limit because the QoS scheduler may subsequently re-classify the traffic flow after applying a more precise match using AppFlow Engine inspection.
Parameters
410
Riverbed Command-Line Interface Reference Manual
qos classification rule
Configuration-Mode Commands
link-share <weight>
Applies to flat mode only. Specify the weight for the class. The link share weight determines how the excess bandwidth is allocated among sibling classes. Link share does not depend on the minimum guaranteed bandwidth. By default, all the link shares are equal. Classes with a larger weight are allocated more of the excess bandwidth than classes with a lower link share weight. You cannot specify a link-share weight in H-QoS. In H-QoS, the link share weight is the same proportion as the guaranteed bandwidth of the class. The link-share weight does not apply to MX-TCP queues.
min-pct <min bw percent> priority {realtime | interactive | business | normal | low}
Specify a QoS class guaranteed minimum bandwidth percent settings Specify a minimum guaranteed QoS priority level. The latency priority indicates how delay-sensitive a traffic class is to the QoS scheduler. Select the latency priority for the class: realtime - Specifies a Real-Time traffic class. Traffic that is your highest priority should be given this value, for example, VoIP, video conferencing. interactive - Specifies an interactive traffic class. For example, Citrix, RDP, telnet and ssh. business - Specifies the Business Critical traffic class. For example, Thick Client Applications, ERPs, and CRMs normal - Specifies a normal priority traffic class. For example, Internet browsing, file sharing, and email. low - Specifies a low priority traffic class. For example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing.
Usage Example Product Related Topics
Note: Available only in advanced QoS mode.
amnesiac (config) # qos classification class modify class-name Default-Site$$Normal priority realtime
Steelhead appliance, Cloud Steelhead show qos classification, qos classification class
qos classification rule
Description Adds or modifies a QoS classification rule. QoS rules determine membership of traffic in a particular QoS class. Each rule maps a type of network traffic to a QoS class. You can create more than one QoS rule for a class. When more than one QoS rule is created for a class, the rules are followed in the order in which they are shown in the command, show qos classification rules and only the first matching rule is applied to the class. For detailed information on Steelhead appliance QoS rule, site, and port capabilities, see the Riverbed Deployment Guide. In hierarchical QoS, only child classes can have rules. Syntax [no] qos classification rule {add | modify class-name <class>} | [dscp <dscp level>] | [protocol {all | udp | tcp | gre}] | [vlan <vlan>] | [traffic-type {all |optimized |passthrough}] | [srcnet <subnet/mask> | srcport <port>] | [dstnet <subnet/mask> | dstport <port>] | [l7protocol <citrix-prio-0 | citrix-prio-1 | citrix-prio-2 | citrix-prio-3> <QoS Class>] | [domain-name <name> ] | [relative-path <path>] | [rulenum <priority>] | [site-num <number>] add | modify Adds or modifies the QoS classification rule.
Parameters
Riverbed Command-Line Interface Reference Manual
411
Configuration-Mode Commands
qos classification rule
class-name <class> [dscp <dscp level>]
Specify the class to which the rule applies. If the rule matches, the specified rule sends the packet to this class. Optionally, specify a DSCP level (0-63). Use this option to configure a QoS rule matching a specific DSCP mark. Note: In RiOS 5.5 and earlier, the DSCP parameter in a QoS classification rule matches the DSCP value before DSCP marking rules are applied. In RiOS 6.0.x and later, the DSCP field in a QoS classification rule matches the DSCP value after DSCP marking rules are applied; that is, it matches the post-marking DSCP value.
protocol {all | udp | tcp | gre} vlan <vlan> traffic-type {all | optimized | passthrough} [srcnet <subnet/ mask> | srcport <port>] dstnet <subnet/mask> | dstport <port>}
Optionally, specify the routing protocol for the rule: all, udp, tcp, gre. The default value is all. Optionally, specify the VLAN tag ID. Specify the type of traffic: optimized or passthrough. QoS rules are applied to optimized and pass-through (egress only) traffic. Optionally, specify the subnet and mask or the port. Use the following format for subnet and mask: 1.2.3.4/123. The default value for port is all. Optionally, specify the subnet and mask or the port. Use the following format for subnet and mask: 1.2.3.4/123. The default value for port is all.
l7protocol <citrixprio-0| citrix-prio-1 | citrix-prio-2 | citrixprio-3> <QoS Class>
Optionally, specify to enable Citrix QoS classification rules. When configuring QoS classification for Citrix ICA traffic, you define 4 QoS classes, 1 class for each of the 4 application priorities and 1 default class. The application priority separates low-priority traffic (such as print jobs), from high-priority traffic (such as interactive screen updates). The upper bandwidth limit is defined at 100%, so that the lower priority classes can use the full bandwidth when it is available. For the best performance, select the packet-order queue for each Citrix QoS class to protect the TCP stream order. The packet-order queue protects the TCP stream order by keeping track of flows that are currently inside the packet-shaping infrastructure. citrix-prio-0 through citrix-prio-3 are the priority 0-3 class names. Only valid when l7protocol ICA is specified. You create your own classes for each site. For details see, qos classification class on page 404. Show classes with show qos classification on page 74.
domain-name <name> relative-path <path>
Specify a domain name. Only valid if you specify the l7protocol parameter HTTP. Specify a relative path. For example, the relative path for www.riverbed.com/appliance/commandline would be /appliance/ commandline. Only valid if you specify the l7protocol parameter HTTP. The relative path is the part of the URL that follows the domain name
412
Riverbed Command-Line Interface Reference Manual
qos classification rule move
Configuration-Mode Commands
rulenum <priority>
Optionally, specify the order in which the rule is processed in the rules list. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
site-num <number> Usage
The site number for this site.
Each rule maps a type of network traffic to a QoS class. You can create more than one QoS rule for a class. When more than one QoS rule is created for a class, the rules are followed in the order in which they are shown on the QoS Classification page and only the first matching rule is applied to the class. For information on Steelhead appliance QoS rule capabilities, see the Riverbed Deployment Guide. In Hierarchical QoS, only child classes can have rules. Important: If you delete or add new rules, existing optimized connections are not affected. The changes only affect new optimized connections. The no command option disables the rule. Note: Available only in advanced QoS mode..
Example
amnesiac (config) # qos classification rule add class-name Default-Site$$BusinessCritical traffic-type passthrough srcnet 192.12.12.1/32 srcport 80 dstnet 192.168.4.0/24 dstport 80 l7protocol ICA citrix-def-prio Default-Site$$BusinessCritical citrix-prio-0 Default-Site$$Business-Critical citrix-prio-1 DefaultSite$$Business-Critical citrix-prio-2 Default-Site$$Business-Critical citrix-prio3 Default-Site$$Business-Critical dscp 2 vlan 2 rulenum 5 site-num 1
Product Related Topics
Steelhead appliance, Cloud Steelhead show qos classification
qos classification rule move
Description Syntax Parameters Moves an existing QoS rule in the rule index to the specified number, optionally on a particular site. qos classification rule move from <rule> to <rule> site-num <number> from <rule> to <rule> site-num <number> Usage Specify the number in the rules index, which determines the rule evaliuation order. In multi-site configurations, assign a number to each site. For single site configurations, the site number is 1, but the option is not required.
Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. Note: This command is available only in advanced QoS mode.
Example Product Related Topics
amnesiac (config) # qos classification rule move from 2 to 4 site-num 1
Steelhead appliance, Cloud Steelhead show qos classification, qos classification rule
Riverbed Command-Line Interface Reference Manual
413
Configuration-Mode Commands
qos classification site add
qos classification site add
Description Syntax Parameters Configures traffic from the named site as classified. qos classification site add site-name <name> network <IPv4 address> <default-class> site-name <name> network <IPv4 address> <defaultclass> Name of the site. Network IPv4 prefix for the site, in the format of 192.168.4.0/24.
Configure this traffic as unclassified if not specified. Traffic classification options are: Default-Site$$Business-Critical Default-Site$$Interactive Default-Site$$Low-Priority Default-Site$$Normal Default-Site$$Realtime Default-Site$$Best-effort Default-Site$$parent_class
Usage
A site is a logical grouping of subnets. Sites represent the physical and logical topology of a site type. You can classify traffic for each site using network addresses. Site types are typically data center, small, medium and large branch office, and so on. Each site uses a bandwidth policy, and the sites have an order. Traffic is matched to the first matching site. There is a maximum of 35 sites. For information on the number of sites and rules per site, see the Riverbed Deployment Guide. The default site is a catch-all site that has a subnet of 0.0.0.0/0. You do not need to add a remote site if you only have one remote site and the default site is suitable. Note: This command is available only in advanced QoS mode.
Example Product Related Topics
amnesiac (config) # qos classification site add site-name mySite network 192.168.4.0/24 default-class Default-Site$$Best-effort
Steelhead appliance show qos classification, qos classification rule, qos classification site edit, qos classification site move
qos classification site edit
Description Syntax Modifies the site name, IP address, and class. [no] qos classification site edit site-name <name> add-network <IPv4 address> network <IPv4 address>
414
Riverbed Command-Line Interface Reference Manual
qos classification site move
Configuration-Mode Commands
Parameters
site-name <name> add-network <IPv4 address> default-class <IPv4 address>
Specify the name of the site. Specify the network IPv4 prefix for the site. For the network address, use the following format: XXX.XXX.XXX.XXX. Specify the Default Class for the site. Traffic classification options are: Default-Site$$Business-Critical Default-Site$$Interactive Default-Site$$Low-Priority Default-Site$$Normal Default-Site$$Realtime Default-Site$$Best-effort Default-Site$$parent_class
Usage Example Product Related Topics
Note: This command is available only in advanced QoS mode.
amnesiac (config) # qos classification site edit site-name MyTestSite add-network 2.2.0.0/16
Steelhead appliance show qos classification, qos classification rule, qos classification site add
qos classification site move
Description Syntax Parameters Moves QoS site position in the index. qos classification site move from <position> to <position> from <postion> to <position> Usage Specify the numeric position in the index. Specify the numeric position in the index.
Steelhead appliances evaluate rules in numerical order called an index, starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. Note: This command is available only in advanced QoS mode.
Example Product Related Topics
amnesiac (config) # qos classification site move from 4 to 1
Steelhead appliance show qos classification, qos classification rule, qos classification site edit
DSCP QoS Commands
By default, Steelhead appliances reflect the differentiated services code point (DSCP) or IP ToS value found on pass-through traffic and optimized connections. This means that the DSCP or IP ToS value on passthrough traffic is unchanged when it passes through the Steelhead appliance.
Riverbed Command-Line Interface Reference Manual
415
Configuration-Mode Commands
qos dscp edit-rule
After you map a source-destination-port pattern and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. On the WAN side of the Steelhead appliance, you configure a network router or a traffic shaper to prioritize packets according to the value in the DSCP field before they are sent across the WAN. Enabling these features is optional. In RiOS v5.5 and earlier, the DSCP parameter of a QoS classification rule matches the DSCP value before DSCP marking rules are applied. In RiOS 6.0.x and v6.1.x, the DSCP field in a QoS classification rule matches the DSCP value after DSCP marking rules are applied; that is, it matches the post-marking DSCP value. In RiOS v6.5, the DSCP field in a QoS classification rule for pass-through traffic matches the DSCP value before DSCP marking rules are applied. The DSCP field in a QoS classification rule for optimized traffic matches the DSCP value after DSCP marking rules are applied; that is, it matches the post-marking DSCP value.
qos dscp edit-rule
Description Syntax Parameters Modifies the description of the rule. DSCP markings are applied to optimized and pass-through (egress only) traffic. The rules appear in separate lists according to the traffic type. [no] qos dscp edit-rule {[traffic-type [optimized | passthrough]] [rulenum <rule-number>] [description <description>]} traffic-type [optimized | passthrough] rulenum <rule-number> description <"description"> Usage Specify the type of traffic: optimized or passthrough. DSCP marking is applied to optimized and pass-through (egress only) traffic. Specify the rule number. Specify a string to describe the rule. Enclose the string in double quotes (").
After you map a destination port and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. On the WAN side of the Steelhead appliance, you configure a network router or a traffic shaper to prioritize packets according to the value in the DSCP field before they are sent across the WAN. Note: Optimized traffic is marked in both directions, but pass-through traffic is marked only on the egress traffic. The no command option removes the description.
Example Product Related Topics
amnesiac (config) # qos dscp edit-rule traffic-type optimized rulenum 1 description "PassThroughSecure"
Steelhead appliance, Cloud Steelhead show qos classification
qos dscp monitor interval
Description Syntax Parameters Configures QoS DSCP monitor interval settings. [no] qos dscp monitor interval <integer> <integer> Specify how many TCP bytes the client Steelhead appliance receives on the upstream connection before sending packets that reflect the same DSCP value. The default value is 3000.
416
Riverbed Command-Line Interface Reference Manual
qos dscp monitor repeat
Configuration-Mode Commands
Usage
For example, after the TCP connection has received 3000 bytes of data, the Steelhead appliance checks the DSCP value received in the last packet for that connection and uses that value to mark packets on the next hop. The DSCP value in packets received from the server is used in packets sent from the server-side Steelhead appliance to the client-side Steelhead appliance. This way, as soon as the server sends data back, the DSCP value is sent for packets in the reverse direction. This also applies to packets sent from a server-side Steelhead appliance to the server. If you set the interval to 1, the connection setup packets (SYN/SYN-ACK/ACK) are not marked, but the next packets are marked, because the server-side Steelhead appliance sends data to the server only after it receives data from the client-side Steelhead appliance.
Example Product Related Topics
amnesiac (config) # qos dscp monitor interval 1
Steelhead appliance, Cloud Steelhead show qos classification
qos dscp monitor repeat
Description Syntax Parameters Usage Configures QoS DSCP monitor repeat settings. [no] qos dscp monitor repeat <integer> <integer> Specify how often the client-side Steelhead appliance rechecks the DSCP value of the traffic. The default value is 1.
Change this value when you expect the DSCP value to change during the duration of the connection and you want to use the most recent value. If you want to check indefinitely, set the repeat interval to -1.
amnesiac (config) # qos dscp monitor repeat -1
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show qos classification
qos dscp move-rule
Description Syntax Parameters Moves the order of the DSCP mapping rule in the rule list to the specified number. qos dscp {move-rule traffic type [optimized | passthrough] rulenum <rule> to <rule>} optimized | passthrough <rule-num> to <rulenum> Specify the traffic type: optimized or passthrough Specify the rules to move.
Riverbed Command-Line Interface Reference Manual
417
Configuration-Mode Commands
qos dscp rule
Usage
You specify an ordered list of rules where each rule is the DSCP level used on the inner connection for connections matching the source IP subnet, the destination IP subnet and, optionally, the destination port fields. Steelhead appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
Example Product Related Topics
amnesiac (config) # qos dscp move-rule rulenum 2 to 1
Steelhead appliance, Cloud Steelhead show qos classification
qos dscp rule
Description Maps a service port to a QoS DSCP level based on the source IP subnet, the destination IP subnet, destination port, and rule number. The DSCP level corresponds to the DiffServ DSCP field in the IP packets header. After you map a source-destination-port pattern and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. Note: Optimized traffic is marked in both directions, but pass-through traffic is marked only on the egress traffic. Syntax Parameters [no] qos dscp rule traffic-type [optimized | passthrough] src <ip-addr> src-port <port> dest <ip-addr> [src-port <port>] [dest-port <port>] dscp <level> rulenum <rulenum> traffic-type [optimized | passthrough] src <ip-addr> src-port <port> Specify the type of traffic: optimized or passthrough.
Specify the source IP subnet. Use the following format: XXX.XXX.XXX.XXX/XX Specify the source port number, port label, or all. A port label is a label that you assign to a set of ports so that you can reduce the number of configuration rules in your system. For the MAPI data channel, specify port 7830 and the corresponding DSCP level. The method you use to configure QoS for active FTP depends on the RiOS version. RiOS versions 5.0.7 and 5.5.2: For the FTP data channel, specify source port 20 and the corresponding DSCP level on the Steelhead appliance closest to the FTP server (assuming the FTP server initiates the data channel on port 20). Setting QoS for port 20 on the server-side Steelhead appliance affects active FTP. RiOS versions prior to 5.0.7 and 5.5.2: For the FTP data channel, configure a QoS map on the server-side Steelhead appliance to match the destination port 20, because RiOS versions prior to v5.0.7 and v5.5.2 do not support the creation of QoS maps based on the source port for optimized traffic.
dest <ip-addr>
Specify the destination IP subnet. Use the following format: XXX.XXX.XXX.XXX/XX
418
Riverbed Command-Line Interface Reference Manual
qos dscp rule
Configuration-Mode Commands
dest-port <port>
Specify the destination port number, port label, or all. A port label is a label that you assign to a set of ports so that you can reduce the number of configuration rules in your system. For the MAPI data channel, specify port 7830 and the corresponding DSCP level. For the FTP data channel, specify destination port 20 and the corresponding DSCP level. Setting QoS for port 20 on the server-side Steelhead appliance effects port-passive FTP. With active FTP, the FTP client logs in and issues the PORT command, informing the server which port it must use to connect to the client for the FTP data channel. Next, the FTP server initiates the connection towards the client. From a TCP perspective, the server and the client swap roles: The FTP server becomes the client because it sends the SYN packet, and the FTP client becomes the server because it receives the SYN packet. Although not defined in the RFC, most FTP servers use source port 20 for the active FTP data channel. For active FTP, configure a QoS rule on the server-side Steelhead appliance to match source port 20. On the client-side Steelhead appliance, configure a QoS rule to match destination port 20. With passive FTP, the FTP client initiates both connections to the server. First, it requests passive mode by issuing the PASV command after logging in. Next, it requests a port number for use with the data channel from the FTP server. The server agrees to this mode, selects a random port number, and returns it to the client. Once the client has this information, it initiates a new TCP connection for the data channel to the server-assigned port. Unlike active FTP, there is no role swapping and the FTP client initiates the SYN packet for the data channel. It is important to note that the FTP client receives a random port number from the FTP server. Because the FTP server cannot return a consistent port number to use with the FTP data channel, RiOS does not support QoS Classification for passive FTP in versions earlier than RiOS v4.1.8, v5.0.6, or v5.5.1. Newer RiOS releases support passive FTP and the QoS Classification configuration for passive FTP is the same as active FTP. When configuring QoS Classification for passive FTP, port 20 on both the server and client-side Steelhead appliances simply means the port number being used by the data channel for passive FTP, as opposed to the literal meaning of source or destination port 20. The Steelhead appliance must intercept the FTP control channel (port 21), regardless of whether the FTP data channel is using active or passive FTP
dscp <level>
Specify the DSCP level (0-63) or reflect. If you want the DSCP level or IP ToS value found on pass-through traffic to remain unchanged when it passes through the Steelhead appliance, specify reflect. Important: If your connections already have a DSCP level and you do not define one in the Management Console, the Steelhead appliance uses the existing DSCP level for the connection between the Steelhead appliances. If you define a DSCP level in the Management Console, the client-side Steelhead appliance overrides the existing DSCP level and the value that you defined is applied to both the client-side and server-side appliances. Note: Optimized traffic is marked in both directions, but pass-through traffic is marked only on the egress traffic.
rulenum <rulenum>
Specify the rule number to insert before.
Riverbed Command-Line Interface Reference Manual
419
Configuration-Mode Commands
service connection pooling
Usage
You specify an ordered list of rules where each rule is the DSCP level to use on the inner connection for connections matching the source IP subnet, the destination IP subnet and, optionally, the destination port fields. Steelhead appliances can retain or alter the DSCP or IP ToS value of both pass-through traffic and optimized traffic. To alter the DSCP or IP ToS value of optimized or pass-through traffic, you create a list that maps which traffic receives a certain DSCP value. The first matching mapping is applied. After you map a source-destination-port pattern and a DSCP level, every packet corresponding to the connection with that destination port has the DSCP field set to that value in the forward and backward direction. On the WAN side of the Steelhead appliance, you configure a network router or a traffic shaper to prioritize packets according to the value in the DSCP field before they are sent across the WAN. If you have already defined a DSCP level and you do not define one in the CLI, the Steelhead appliance uses the existing DSCP level for the connection between the Steelhead appliances. If you define a DSCP level in the CLI, the Steelhead appliance overrides the existing DSCP level and the value that you defined is applied. The no qos rule rulenum <rulenum> command disables the QoS rule.
Example Product Related Topics
amnesiac (config) # qos dscp rule traffic-type optimized src 10.0.0.4/16 dest 10.0.0.1/16 level 12 rulenum 3
Steelhead appliance, Cloud Steelhead show qos dscp rules traffic-type
Connection Pooling Commands
This section describes the connection pooling commands.
service connection pooling
Description Enables a pool of connections to a peer Steelhead appliance. Connection pooling enables you to save an extra round-trip for the initial connection setup. Connection pooling is useful for protocols that open a number of short lived connections, such as HTTP. [no] service connection pooling <ip-addr> <value> <ip-addr> <value> Usage Specify the IP address of the peer Steelhead appliance. The IP address of 0.0.0.0 identifies the group of all Steelhead appliance peers. Specify the connection pooling value for the Steelhead appliance peer. The default value is 20.
Syntax Parameters
Any change in the connection pooling parameter requires you to restart the Steelhead service. The no command option disables connection pooling.
Example Product Related Topics
amnesiac (config) # service connection pooling 10.0.0.1 10
Steelhead appliance, Cloud Steelhead show service connection pooling
420
Riverbed Command-Line Interface Reference Manual
in-path mac-match-vlan
Configuration-Mode Commands
WAN Visibility (Transparency) Commands
This section describes WAN Visibility commands. For detailed information about WAN Visibility and configuring WAN transparency, see the Riverbed Deployment Guide.
in-path mac-match-vlan
Description Syntax Parameters Usage Enables VLAN IDs to be used in simplified routing table look-ups for WAN visibility. [no] in-path mac-match-vlan None VLAN transparency configuration requires: in-path rule auto-discover (configure the WAN visibility mode) in-path peering auto in-path probe-caching enable (set to no) in-path vlan-conn-based in-path mac-match-vlan in-path probe-ftp-data in-path simplified routing in-path neighbor fwd-vlan-mac (only necessary for VLAN transparent networks with neighbor Steelhead appliances) For detailed information, see the Riverbed Deployment Guide. The no command option disables. Example Product Related Topics
amnesiac (config) # in-path mac-match-vlan
Steelhead appliance, Cloud Steelhead show in-path probe-caching, in-path rule auto-discover, show in-path peering oobtransparency
in-path multi-path maintain
Description Syntax Parameters Usage Maintains the multi-path properties of the connection in transparency deployments. [no] in-path multi-path maintain None Use this command when you are configuring VLAN transparency and asymmetric routing, when you want to maintain the asymmetric flow of data (instead of having the server-side Steelhead appliance use the in-path interface that on which it first saw an incoming probe. For detailed information about VLAN transparency, see the Riverbed Deployment Guide.
amnesiac (config) # in-path multi-path maintain
Example
Riverbed Command-Line Interface Reference Manual
421
Configuration-Mode Commands
in-path peering oobtransparency mode
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path peering oobtransparency mode
Description Enables out-of-band (OOB) connection destination transparency. The OOB connection is a single, unique TCP connection that is established by a pair of Steelhead appliances that are optimizing traffic. The pair of Steelhead appliances use this connection strictly to communicate internal information required by them to optimize traffic. For detailed information about WAN visibility, see in-path rule auto-discover on page 235 and the Riverbed Deployment Guide. Syntax Parameters [no] in-path peering oobtransparency mode [none | destination | full] | [port <port>] [none | destination | full] Enables OOB mode. Specify one of the following options: none - Specify correct addressing. The OOB connection is established between the two Steelhead appliances, without any TCP/IP header manipulation. This is the default setting. destination - Specify destination mode. In this mode, the OOB connection has the form C-SHip:C-SHport<->Sip:Sport, where C-SHip is the client-side Steelhead appliance IP address, C-SHport is an ephemeral port chosen by CSH, Sip is the server IP address, and Sport is the server port number. The Sip and Sport parameters are taken from the first connection optimized by the pair of Steelhead appliances. full - Specify full mode. In this mode, the OOB connection has the form Cip:CSHfixed<->Sip:Sport, where Cip is the client IP address, C-SHfixed is a predetermined port chosen by the client-side Steelhead appliance, Sip is the server IP address, and Sport is the server port number. The Cip, Sip, and Sport parameters are taken from the first connection optimized by the pair of Steelhead appliances. [port <port>] Changes the pre-determined port in full mode (C-SHfixed). The default value is 708.
422
Riverbed Command-Line Interface Reference Manual
in-path probe-caching enable
Configuration-Mode Commands
Usage
With RiOS v5.0.x or later, and if you use WAN visibility full address transparency, you have the following transparency options for the OOB connection: OOB connection destination transparency and OOB connection full transparency. You configure OOB transparent addressing on the client-side Steelhead appliance (where the connection is initiated). By default, the OOB connection uses correct addressing. Correct addressing uses the client-side Steelhead appliance IP address, port number, and VLAN ID, and the server-side Steelhead appliance IP address, port number, and VLAN ID. If you are using OOB connection correct addressing and the client-side Steelhead appliance cannot establish the OOB connection to the server-side Steelhead appliance, OOB connection transparency can resolve this issue. For example, if you have a server on a private network that is located behind a NAT device. You configure OOB connection transparency so that the client-side Steelhead appliance uses the server IP address and port number as the remote IP address and port number. Steelhead appliances route packets on the OOB connection to the NAT device. The NAT device then translates the packet address to that of the server-side Steelhead appliance. If both of the OOB connection transparency options are acceptable solutions, OOB connection destination transparency is preferable. OOB connection destination transparency mitigates the slight possibility of port number collisions which can occur with OOB connection full transparency. When OOB connection transparency is enabled and the OOB connection is lost, the Steelhead appliances re-establish the connection using the server IP address and port number from the next optimized connection. OOB connection destination transparency uses the client-side Steelhead appliance IP address and an ephemeral port number chosen by the client-side Steelhead appliance, plus the server IP address and port number in the TCP/IP packet headers in both directions across the WAN Steelhead appliances use the server IP address and port number from the first optimized connection. Use OOB connection destination transparency if the client-side Steelhead appliance cannot establish the OOB connection to the server-side Steelhead appliance. For detailed information about configuring in-path IP addresses and OOB connections for WAN visibility, see the Riverbed Deployment Guide.
Example Product Related Topics
amnesiac (config) # in-path peering oobtransparency mode none
Steelhead appliance, Cloud Steelhead show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path probe-caching enable
Description Syntax Parameters Enable probe caching for WAN visibility. By default, probe caching is disabled in RiOS v5.5 and later. [no] in-path probe-caching enable None
Riverbed Command-Line Interface Reference Manual
423
Configuration-Mode Commands
in-path probe-ftp-data
Usage
With probe caching, the client-side Steelhead appliance caches the auto-discovery probe response from the server-side Steelhead appliance when trying to reach a specific server. On subsequent attempts to reach the same server, the Steelhead appliance uses the already cached probe response. On those attempts, the client-side Steelhead appliance sets up a session directly to the peer Steelhead appliance within the 7800 inner channel, bypassing the auto-discovery process since it was successful with the previous attempt. By default, probes are cached for 10 seconds. With probe caching enabled, Steelhead appliances still perform auto-discovery. Probe caching simply saves some steps during auto-discovery if you are going to the same destination host. With probe caching disabled, every new TCP session performs auto-discovery, instead of just some of the new TCP sessions. To determine if probe-caching is enabled on the Steelhead in RiOS v5.x and later
show in-path probe-caching Probe Caching Enabled: yes
To disable probe-caching in RiOS v5.x and later
no in-path probe-caching enable
Note: By default, probe caching is disabled in RiOS v5.5 and later. When the server-side Steelhead appliance is on a VLAN trunk and simplified routing is enabled, Riverbed recommends disabling probe caching on all the remote Steelhead appliances. This is because the connection request inside the 7800 inner channel might not have the correct VLAN ID. Because the request arrived on the inner channel, the VLAN ID in the request would be same as the Steelhead appliance in-path VLAN. If the server is on a different VLAN than the Steelhead appliance, the request will not have the correct VLAN ID and there is no easy way to determine it. With probe caching disabled, the Steelhead appliance will always get the SYN with original client and server IP addresses and the router adds the correct VLAN. You only need to disable probe caching on client-side Steelhead appliances. If you have multiple Steelhead appliances connected with WCCP, you might see many forwarded connections and a larger than expected amount of data sent in the Neighbor Statistics report. (You configure neighbors when you enable connection forwarding.) The probe caching mechanism allows some sessions to get established on the wrong Steelhead appliance. Disabling this mechanism ensures the routers have a chance to redirect every SYN packet to the correct Steelhead appliance, preventing connection forwarding from occurring. To avoid incorrect forwarded connections, disable probe caching on the client-side Steelhead appliance. For detailed information, see the Riverbed Deployment Guide. The no command option disables probe caching. Example Product Related Topics
amnesiac (config) # in-path probe-caching enable
Steelhead appliance, Cloud Steelhead show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path probe-ftp-data
Description Syntax Parameters Usage Probes FTP data connections to learn VLAN information. Enables full address transparency for WAN visibility. For detailed information, see the Riverbed Deployment Guide. [no] in-path probe-ftp-data None The no command option disables this command.
424
Riverbed Command-Line Interface Reference Manual
in-path probe-mapi-data
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # in-path probe-ftp-data
Steelhead appliance, Cloud Steelhead show in-path probe-caching, in-path rule auto-discover,show in-path peering oobtransparency
in-path probe-mapi-data
Description Syntax Parameters Usage Example Probes MAPI data connections. Enables full address transparency for WAN visibility. For detailed information, see the Riverbed Deployment Guide. [no] in-path probe-mapi-data None The no command option disables this command. The following example configures full-address transparency for a VLAN.
amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac amnesiac (config) (config) (config) (config) (config) (config) (config) (config) # # # # # # # # in-path peering auto in-path vlan-conn-based in-path mac-match-vlan no in-path probe-caching enable in-path probe-ftp-data in-path probe-mapi-data write memory service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
in-path vlan-conn-based
Description Syntax Parameters Usage Enables VLAN connection based mapping for WAN visibility. For detailed information, see the Riverbed Deployment Guide. [no] in-path vlan-conn-based None This command learns and uses the correct connection for the VLAN) The no command option disables VLAN connection based mapping. Example Product Related Topics
amnesiac (config) # in-path vlan-conn-based
Steelhead appliance, Cloud Steelhead show in-path probe-caching,in-path rule auto-discover, show in-path peering oobtransparency
WCCP Support Commands
This section describes the WCCP support commands.
Riverbed Command-Line Interface Reference Manual
425
Configuration-Mode Commands
wccp adjust-mss enable
wccp adjust-mss enable
Description Syntax Parameters Usage Enables the Adjust Maximum Segment Size (MSS) feature. [no] wccp adjust-mss enable None The default for the Steelhead appliance is to have the Dont Fragment (DF) bit set to 1 so that packets are not fragmented. However, this occasionally causes issues with WCCP using GRE and when VPN tunnels are used for Steelhead appliance connections. The result is dropped packets. This command shrinks the Maximum Segment Size (MSS) to fit accordingly. The no command disables this feature. Example Product Related Topics
amnesiac (config) # wccp adjust-mss enable
Steelhead appliance show wccp
wccp enable
Description Syntax Parameters Usage Enables WCCP support. [no] wccp enable None For detailed information about configuring WCCP, see the Steelhead Management Console Users Guide and the Riverbed Deployment Guide. WCCP enables you to redirect traffic that is not in the direct physical path between the client and the server. To enable WCCP, the Steelhead appliance must join a service group at the router. A service group is a group of routers and Steelhead appliances which define the traffic to redirect, and the routers and Steelhead appliances the traffic goes through. You might use one or more service groups to redirect traffic to the Steelheads for optimization. RiOS v6.1 and later provides additional WCCP configuration, allowing each individual Steelhead appliance in-path interface to be configured as a WCCP client. Each configured in-path interface participates in WCCP service groups as an individual WCCP client, providing flexibility to determine load balancing proportions and redundancy. The no command option disables WCCP support. Example Product Related Topics
amnesiac (config) # wccp enable
Steelhead appliance show wccp
426
Riverbed Command-Line Interface Reference Manual
wccp interface service-group
Configuration-Mode Commands
wccp interface service-group
Description Syntax Defines a new WCCP service group. wccp interface <interface> service-group service group <service-id> <cr> | routers <routers> | protocol [tcp|udp|icmp] | flags <flags> | priority <priority> | ports <ports> | password <password> | weight <weight> | encap-scheme [either | gre | l2] | assign-scheme [either | hash | mask] | src-ip-mask <mask> | dst-ip-mask <mask> | src-port-mask <mask> | dst-portmask <mask> <interface> Select a Steelhead appliance interface to participate in a WCCP service group. RiOS v6.1 allows multiple Steelhead interfaces to participate in WCCP on one or more routers for redundancy (RiOS v6.0 and earlier allows a single Steelhead interface). If one of the links goes down, the router can still send traffic to the other active links for optimization. You must include an interface with the service group ID. More than one Steelhead appliance inpath interface can participate in the same service group. For WCCP configuration examples, see the Riverbed Deployment Guide. If multiple Steelhead appliances are used in the topology, they must be configured as neighbors. Enables WCCP v2 support on all groups added to the Service Group list. Specify a number from 0 to 255 to identify the service group on the router. A value of 0 specifies the standard HTTP service group. Riverbed recommends that you use WCCP service groups 61 and 62. Note: The service group ID is local to the site where WCCP is used. Note: The service group number is not sent across the WAN. routers <routers> Specify a comma-separated list of IP addresses for routers. Note: You can specify up to 32 routers. protocol <tcp|udp|icmp> flags <flags> Specify one of the following traffic protocols: tcp, udp, or icmp. Note: The default value is tcp. Specify the service group flags. Specify a comma-separated list of the following flags, as needed: src-ip-hash - Uses the source IP address as a hash key. dst-ip-hash - Uses the destination IP address as a hash key. src-port-hash - Uses the source port as a hash key. dst-port-hash - Uses the destination port as a hash key. ports-dest - Specifies the destination ports for redirection. ports-source - Specifies the source ports for redirection. priority <priority> Specify the WCCP priority for traffic redirection. If a connection matches multiple service groups on a router, the router chooses the service group with the highest priority. The range is 0-255. The default value is 200. Note: The priority value must be consistent across all Steelhead appliances within a particular service group. ports <ports> Specify a comma-separated list of up to seven ports that the router will redirect. Note: Set this parameter only if the flags parameter specifies either ports-dest or ports-source.
Parameters
service group <service-id>
Riverbed Command-Line Interface Reference Manual
427
Configuration-Mode Commands
wccp interface service-group
password <password>
Optionally, assign a password to the Steelhead appliance. This password must be the same password that is on the router. WCCP requires that all routers in a service group have the same password. Passwords are limited to 8 characters.
weight <weight>
Specify a weight value in the range of 0-65535. You specify the percentage of connections that are redirected to a particular Steelhead appliance interface, which is useful for traffic load balancing and failover support. The number of TCP, UDP, or ICMP connections a Steelhead appliance supports determines its weight. The more connections a Steelhead appliance model supports, the heavier the weight of that model. In RiOS v6.1 you can modify the weight for each in-path interface to manually tune the proportion of traffic a Steelhead interface receives. A higher weight redirects more traffic to that Steelhead interface. The ratio of traffic redirected to a Steelhead interface is equal to its weight divided by the sum of the weights of all the Steelhead interfaces in the same service group. For example, if there are two Steelhead appliances in a service group and one has a weight of 100 and the other has a weight of 200, the one with the weight 100 receives 1/3 of the traffic and the other receives 2/3 of the traffic. However, since it is generally undesirable for a Steelhead appliance with two WCCP in-path interfaces to receive twice the proportion of traffic, for Steelhead appliances with multiple in-paths connected, each of the in-path weights is divided by the number of that Steelhead appliance interfaces participating in the service group. For example, if there are two Steelhead appliances in a service group and one has a single interface with weight 100 and the other has two interfaces each with weight 200, the total weight will still equal 300 (100 + 200/2 + 200/2). The one with the weight 100 receives 1/3 of the traffic and each of the other's in-path interfaces receives 1/3 of the traffic. The range is 0-65535. The default value corresponds to the number of TCP connections your Steelhead appliance supports. Failover Support To enable single in-path failover support with WCCP groups, define the service group weight to be 0 on the backup Steelhead appliance. If one Steelhead appliance has a weight 0, but another one has a non-zero weight, the Steelhead appliance with weight 0 does not receive any redirected traffic. If all the Steelhead appliances have a weight 0, the traffic is redirected equally among them. The best way to achieve multiple in-path failover support with WCCP groups in RiOS v6.1 is to use the same weight on all interfaces from a given Steelhead appliance for a given service group. For example, suppose you have Steelhead A and Steelhead B with two in-path interfaces each. When you configure Steelhead A with weight 100 from both inpath0_0 and inpath0_1 and Steelhead B with weight 200 from both inpath0_0 and inpath0_1, RiOS distributes traffic to Steelhead A and Steelhead B in the ratio of 1:2 as long as at least one interface is up on both Steelhead appliances. In a service group, if an interface with a non-zero weight fails, its weight transfers over to the weight 0 interface of the same service group. For details on using the weight parameter to balance traffic loads and provide failover support in WCCP, see the Riverbed Deployment Guide.
428
Riverbed Command-Line Interface Reference Manual
wccp interface service-group
Configuration-Mode Commands
encap-scheme [either | gre | l2]
Specify one of the following methods for transmitting packets between a router or a switch and a Steelhead appliance interface: either - Use Layer-2 first; if Layer-2 is not supported, GRE is used. This is the default value. gre - Generic Routing Encapsulation. The GRE encapsulation method appends a GRE header to a packet before it is forwarded. This can cause fragmentation and imposes a performance penalty on the router and switch, especially during the GRE packet de-encapsulation process. This performance penalty can be too great for production deployments. l2 -Layer-2 redirection. The L2 method is generally preferred from a performance standpoint because it requires fewer resources from the router or switch than the GRE does. The L2 method modifies only the destination Ethernet address. However, not all combinations of Cisco hardware and IOS revisions support the L2 method. Also, the L2 method requires the absence of L3 hops between the router or switch and the Steelhead appliance.
Riverbed Command-Line Interface Reference Manual
429
Configuration-Mode Commands
wccp interface service-group
assign-scheme [either | hash | mask]
Determines which Steelhead interface in a WCCP service group the router or switch selects to redirect traffic to for each connection. The assignment scheme also determines whether the Steelhead interface or the router processes the first traffic packet. The optimal assignment scheme achieves both load balancing and failover support. Specify one of the following schemes: either - Uses Hash assignment unless the router does not support it. When the router does not support Hash, it uses Mask. This is the default setting. hash - Redirects traffic based on a hashing scheme and the Weight of the Steelhead interface, providing load balancing and failover support. This scheme uses the CPU to process the first packet of each connection, resulting in slightly lower performance. However, this method generally achieves better load distribution. Riverbed recommends Hash assignment for most Steelhead appliances if the router supports it. The Cisco switches that do not support Hash assignment are the 3750, 4000, and 4500-series, among others. Your hashing scheme can be a combination of the source IP address, destination IP address, source port, or destination port. mask - Redirects traffic operations to the Steelhead appliances, significantly reducing the load on the redirecting router. Mask assignment processes the first packet in the router hardware, using less CPU cycles and resulting in better performance. Mask assignment in RiOS v5.0.1 and earlier is limited to one Steelhead appliance per service group. The Steelhead appliance with the lowest inpath IP address receives all the traffic. This scheme provides high availability. You can have multiple Steelhead appliances in a service group but only the Steelhead appliance with the lowest in-path IP address receives all the traffic. If the Steelhead appliance with the lowest in-path IP address fails, the Steelhead appliance with the next lowest in-path IP address receives all of the traffic. When the Steelhead appliance with the lowest in-path IP address recovers, it again receives all of the traffic. Mask assignment in RiOS v5.0.2 and later supports load-balancing across multiple active Steelhead appliances. This scheme bases load-balancing decisions (for example, which Steelhead appliance in a service group optimizes a given new connection) on bits pulled out, or masked, from the IP address and the TCP port packet header fields. Mask assignment in RiOS v6.1 supports load-balancing across multiple active Steelhead appliance interfaces in the same service group. The default mask scheme uses an IP address mask of 0x1741, which is applicable in most situations. However, you can change the IP mask by clicking the service group ID and changing the service group settings and flags. In multiple Steelhead environments, it is often desirable to send all users in subnet range to the same Steelhead. Using mask provides a basic ability to leverage a branch subnet and Steelhead to the same Steelhead in a WCCP cluster. Important: If you use mask assignment you must ensure that packets on every connection and in both directions (client-to-server and server-to-client), are redirected to the same Steelhead appliance. For detailed information and best practices for using assignment schemes, see the Riverbed Deployment Guide.
src-ip-mask <mask> dst-ip-mask <mask>
Specify the service group source IP mask. The default value is 0x1741. Specify the service group destination IP mask.
430
Riverbed Command-Line Interface Reference Manual
wccp mcast-ttl
Configuration-Mode Commands
src-port-mask <mask> dst-port-mask <mask> Usage
Specify the service group source port mask. Specify the service group destination port mask.
WCCP must be enabled before configuring any WCCP service groups. About the weight parameter and failover support: To enable failover support for WCCP groups, set the weight parameter to 0 on the backup Steelhead appliance. If one Steelhead appliance has a weight 0, but another one has a non-zero weight, the Steelhead appliance with weight 0 does not receive any redirected traffic. To enable failover support with multi-inpath WCCP groups in RiOS v6.1, set the weight parameter to 0 on the backup Steelhead interface. If one Steelhead interface has a weight 0, but another one has a non-zero weight, the Steelhead interface with weight 0 does not receive any redirected traffic. Note: If all the Steelhead interfaces have a weight 0, the traffic is redirected equally among them.
Example Product Related Topics
amnesiac (config) # wccp interface inpath0_0 service-group 61 routers 10.1.1.1,10.2.2.2
Steelhead appliance show wccp show wccp interface service-group
wccp mcast-ttl
Description Syntax Parameters Usage Sets the multicast TTL parameter for WCCP. The TTL determines the range over which a multicast packet is propagated in your intranet. [no] wccp mcast-ttl <value> <value> Specify the multicast-TTL value.
For detailed information about configuring WCCP, see the Riverbed Deployment Guide. The no command option disables WCCP support.
Example Product Related Topics
amnesiac (config) # wccp mcast-ttl 10
Steelhead appliance show wccp
wccp override-return route-no-gre
Description Enables the Steelhead appliance to accept whatever return direction is negotiated, but it returns traffic by using the in-path routing table, and will not use GRE encapsulation. Typically, you use this where you have an in-path gateway, which means traffic is returned to the in-path gateway. [no] wccp override-return route-no-gre None
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
431
Configuration-Mode Commands
wccp override-return sticky-no-gre
Usage
Typically, you configure the WCCP service group to specify either. By choosing either, the router and Steelhead appliance negotiate whether to use L2 or GRE for redirects, and separately, for returns as well. Certain platforms and I/OS's support L2 redirects to the Steelhead appliance (usually the 6500s or 7600s depending on their supervisor engine), and even fewer combinations support L2 return. (The 12.2(SXH) does support L2 return.) This command should only be used if there is an L2 hop between the Steelhead appliance and the next hop according to the routing table. For details, see the Riverbed Deployment Guide, The no command option disables WCCP override support.
Example Product Related Topics
amnesiac (config) # wccp override-return route-no-gre
Steelhead appliance show wccp
wccp override-return sticky-no-gre
Description Syntax Parameters Usage Example Product Related Topics Enables track redirecting router for return destination and no GRE encapsulation. [no] wccp override-return sticky-no-gre None The no command option disables WCCP override support.
amnesiac (config) # wccp override-return sticky-no-gre
Steelhead appliance show wccp
Failover Support Commands
This section describes the failover support commands.
failover buddy addr
Description Syntax Parameters Sets the IP address for a failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover buddy addr <addr> <addr> Specify the IP address for the failover, backup machine. The default value is 0.0.0.0. If you have installed multiple bypass cards, you must specify the IP address for the inpath0_0 slot. Usage The default value is 0.0.0.0. The no command option resets the failover IP address to the default value. Example
amnesiac (config) # failover buddy addr 10.10.10.1
432
Riverbed Command-Line Interface Reference Manual
failover buddy port
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show failover
failover buddy port
Description Syntax Parameters Usage Sets the port for a failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover buddy port <port> <port> Specify the port number.
The default value is 7820. You cannot specify the failover buddy port for the Interceptor appliance. The no command option resets the port to the default value.
Example Product Related Topics
amnesiac (config) # failover buddy port 2515
Steelhead appliance, Cloud Steelhead show failover
failover enable
Description Syntax Parameters Enables a failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover enable None
Riverbed Command-Line Interface Reference Manual
433
Configuration-Mode Commands
failover master
Usage
For a physical in-path failover deployment, you configure a pair of Steelhead appliances: one as a master and the other as a backup. The master Steelhead appliance in the pair (usually the Steelhead appliance closest to the LAN) is active and the backup Steelhead appliance is passive. The master Steelhead appliance is active unless it fails for some reason. The backup is passive while the master is active and becomes active if either the master fails or the master reaches its connection limit and enters admission control status. A backup Steelhead appliance does not intercept traffic while the master appliance is active. It pings the master Steelhead appliance to make sure that it is alive and processing data. If the master Steelhead appliance fails, the backup takes over and starts processing all of the connections. When the master Steelhead appliance comes back up, it sends a message to the backup that it has recovered. The backup Steelhead appliance stops processing new connections (but continues to serve old ones until they end). For an out-of-path failover deployment, you deploy two server-side Steelhead appliances and add a fixed-target rule to the client-side Steelhead appliance to define the master and backup target appliances. When both the master and backup Steelhead appliances are functioning properly, the connections traverse the master appliance. If the master Steelhead appliance fails, subsequent connections traverse the backup Steelhead appliance. The master Steelhead appliance uses an Out-of-Band (OOB) connection. The OOB connection is a single, unique TCP connection that communicates internal information. If the master Steelhead appliance becomes unavailable, it loses this OOB connection and the OOB connection times out in approximately 40-45 seconds. Once the OOB connection times out, the client-side Steelhead appliance declares the master Steelhead appliance unavailable and connects to the backup Steelhead appliance. During the 40-45 second delay before the client-side Steelhead appliance declares a peer unavailable, it passes through any incoming new connections; they are not black-holed. While the client-side Steelhead appliance is using the backup Steelhead appliance for optimization, it attempts to connect to the master Steelhead appliance every 30 seconds. If the connection succeeds, the client-side Steelhead appliance reconnects to the master Steelhead appliance for any new connections. Existing connections remain on the backup Steelhead appliance for their duration. This is the only time, immediately after a recovery from a master failure, that connections are optimized by both the master Steelhead appliance and the backup. If both the master and backup Steelhead appliances become unreachable, the client-side Steelhead appliance tries to connect to both appliances every 30 seconds. Any new connections are passed through the network unoptimized. In addition to enabling failover and configuring buddy peering, you must synchronize the data stores for the master-backup pairs to ensure optimal use of SDR for warm data transfer. With warm transfers, only new or modified data is sent, dramatically increasing the rate of data transfer over the WAN. For detailed information, see Logging Commands on page 212. The no command option disables failover.
Example Product Related Topics
amnesiac (config) # failover enable
Steelhead appliance, Cloud Steelhead show failover
failover master
Description Syntax Parameters Usage Sets the appliance as the master appliance of a failover pair. If the master fails, traffic is routed automatically through the failover buddy. [no] failover master None You must specify valid values for the buddy IP address and buddy port. The no command option sets the appliance as the failover buddy.
434
Riverbed Command-Line Interface Reference Manual
failover port
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # failover master
Steelhead appliance, Cloud Steelhead show failover
failover port
Description Syntax Parameters Usage Sets the port on the master appliance with which to communicate with the failover buddy appliance. A failover buddy is a backup appliance. If the master fails, the buddy takes over. [no] failover port <port> <port> Specify the port number.
The default value is 7820. The no command option resets the port to the default value.
Example Product Related Topics
amnesiac (config) # failover port 2515
Steelhead appliance, Cloud Steelhead show failover
RSP Commands
This section describes the RiOS Services Platform (RSP) commands. To run RSP packages you must first install the RSP image, then install the RSP package, and finally, configure dataflow rules.
Note: RSP is supported on Steelhead appliance models 250, 520, 550, 1020, 1050, 1520, 2020, 2050, 3020, 3520, 5050, 6050, and 7050. You must be running RiOS v5.5.x or higher.
For detailed information about installing and configuring RSP, see the RSP Users Guide.
legacy-rsp destroy
Description Syntax Parameters Example Product Related Topics Deletes existing v5.0.x RSP data. legacy-rsp destroy None
amnesiac (config) # legacy-rsp destroy
Steelhead appliance, Cloud Steelhead show rsp backups
Riverbed Command-Line Interface Reference Manual
435
Configuration-Mode Commands
rsp backup delete
rsp backup delete
Description Syntax Parameters Example Product Related Topics Deletes the RSP backup file from the Steelhead appliance. rsp backup delete <backup filename> <backup filename> Specify the backup name: <Steelhead appliance name>-<slotname><date>.bkup
amnesiac (config) # rsp backup delete gen-sh1-1-20090908-223616.bkup
Steelhead appliance, Cloud Steelhead show rsp backups
rsp backup fetch
Description Syntax Parameters Downloads the RSP backup file. rsp backup fetch <backup URL> [as <backup-filename>] <backup URL> Specify the backup file URL or name. You can use HTTP, FTP, or SCP to transfer the backup file. For example:
scp://username:password@host/path
[as <backupfilename>] Example Product Related Topics
Optionally, specify a different filename for the backup file that you download.
amnesiac (config) # rsp backup fetch scp://admin:password@gen-sh2/var/tmp/ rsp_backups/amnesiac-20090908-223616.bkup
Steelhead appliance, Cloud Steelhead show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp backup upload
Description Syntax Parameters Uploads the RSP backup file onto a remote server or another Steelhead appliance. rsp backup upload <backup filename> remote <backup URL> <backup filename> <backup URL> Example Product Related Topics Specify the backup filename: <Steelhead appliance name>-<slotname><date>.bkup. Specify the backup file URL or path name. You can use FTP, or SCP to transfer the backup file.
amnesiac (config) # rsp backup upload amnesiac-1-20090908-223616.bkup remote scp:/ /admin:mypassword@amnesiac-sh2/var/tmp/rsp_backups/
Steelhead appliance, Cloud Steelhead show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
436
Riverbed Command-Line Interface Reference Manual
rsp clone all
Configuration-Mode Commands
rsp clone all
Description Syntax Parameters Clones all slots to a remote Steelhead appliance. rsp clone all [hostname <remote-steelhead>] [password <password>] hostname <remotesteelhead> password <password> Specify the hostname or IP address of the remote Steelhead appliance to which all slots are to be cloned. Specify the RSP clone password for the remote Steelhead appliance to which all slots are to be cloned. Note: The password value is set by the rsp clone password command. Example Product Related Topics
amnesiac (config) # rsp clone all hostname branch003 password rsppw003
Steelhead appliance, Cloud Steelhead rsp clone password, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp clone cancel
Description Syntax Parameters Usage Example Product Related Topics Cancels the specified clone. rsp clone cancel <clone id> <clone-id> Specify the clone ID for the clone to be cancelled.
When an RSP clone is created, a clone ID is generated
amnesiac (config) # rsp clone cancel 1243
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp clone password
Description Syntax Parameters Usage Example Product Related Topics Sets the password that remote Steelhead appliances need to clone RSP virtual machines to the current Steelhead appliance. [no] rsp clone password <password> <password> Specify the password that other Steelhead appliances require to clone RSP virtual machines to the current appliance.
The no command clears the password and prevents HA on this Steelhead appliance.
amnesiac (config) # rsp clone password rsppw003
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
437
Configuration-Mode Commands
rsp clone slots
rsp clone slots
Description Syntax Parameters Clones the specified slots to the specified remote Steelhead appliance. rsp clone slots <slot-names> hostname <remote-steelhead> password <password> <slot-names> hostname <remotesteelhead> password <password> Specify the slots to be cloned as a comma-separated list (that is, 1,2,3). Specify the hostname or IP address of the remote Steelhead appliance to which the specified slots are to be cloned. Specify the RSP clone password for the remote Steelhead appliance to which the specified slots are to be cloned. Note: The password value is set by the rsp clone password command. Example Product Related Topics
amnesiac (config) # rsp clone slots 1,2,3,4 hostname branch003 password rsppw003
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp clone test
Description Syntax Parameters Tests the connection to the specified clone. rsp clone test hostname <remote-steelhead> password <password> hostname <remotesteelhead> password <password> Example Product Related Topics Specify the hostname or IP address of the remote Steelhead appliance.
Specify the rsp clone password for the remote Steelhead appliance. Note: The password value is set by the rsp clone password command.
amnesiac (config) # rsp clone test hostname gen-sh1 password rsppw003
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp dataflow
Description Syntax Configures RSP data flow. [no] rsp dataflow <dataflow name> {add opt-vni <vni name> vni-num <vni-number> | move vni-num <vni-number> to <vni-number>}
438
Riverbed Command-Line Interface Reference Manual
rsp dataflow
Configuration-Mode Commands
Parameters
<dataflow name>
Specify the dataflow name. For example: inpath0_0 For example, inpath0_0 represents and controls the flow of data through the lan0_0, inpath0_0, and wan0_0 interfaces. Adds an optimization VNI to the dataflow. Specify the Virtual Network Interface (VNI) name. The optimization VNI name is a combination of the slot name and the VNI name. For example: 1:lan0 VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters.
add opt-vni <vni name>
vni-number <vni-number>
Specify the order number of the VNI in the rule list. The order number in the rule list determines which VNI a packet goes to first, second, third, fourth, and last.: 1-n - Specifies the order number of the VNI in the rule list. Lower numbers locate the VNI closer to the LAN. Higher numbers locate the VNI closer to the WAN. start - Locates the VNI next to the LAN. A packet coming from the Steelhead appliance LAN interface goes to this VNI first. end - Locates the VNI next to the WAN. A packet coming from the Steelhead appliance WAN interface goes to this VNI first.
move <vninumber> to <vni-number>
Specify VNI numbers to move a VNI in the dataflow.
Riverbed Command-Line Interface Reference Manual
439
Configuration-Mode Commands
rsp enable
Usage
Each RSP package uses its own RSP network interfaces, equivalent to VMware network interfaces, to communicate with the outside world. These network interfaces are matched up with the physical intercept points that create VNIs. VNIs are network taps that enable data to flow in and out of the RSP slots. VNIs are available on the LAN, WAN, primary, and auxiliary interfaces of the Steelhead appliance. Note: For detailed information about configuring RSP, see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide. Each package is capable of having ten RSP network interfaces which means it can support ten VNIs. The VNIs provide a great deal of configuration flexibility, providing the basis of how packages are chained together and how data flows through the various slots in a multiple VM scenario. VNIs fall into two categories: Optimization VNIs Optimization VNIs are used with in-band packages. Optimization VNIs are part of the optimized data flow on either the LAN- or WAN-side of RiOS. There are several types of optimization VNIs: In-path - In-path VNIs are used for packages such as security packages. The following types of in-path optimization VNIs are available: LAN - LAN VNIs forward packets from the LAN-side to the virtual machine, to the WANside, or both. LAN VNIs unconditionally forward packets from the virtual machine to the LAN-side for RSP. LAN VNIs cannot receive packets from the WAN-side. For VRSP, packets from LAN or WAN VNIs can go in either direction, depending on the subnet-side rules. WAN - WAN VNIs forward packets from the WAN-side to the virtual machine, to the LANside, or both. WAN VNIs unconditionally forward packets from the virtual machine to the WAN-side. WAN VNIs cannot receive packets from the LAN-side. Virtual In-Path: These optimization VNIs belong to in-band packages that need some form of redirection to intercept traffic. The types of virtual in-path VNIs are: DNAT - Use with proxy-based solutions; for example, video proxies. Mirror - Use with network monitoring-based solutions; acts like a SPAN port to copy traffic for monitoring. For details about adding optimization VNI rules, see rsp opt-vni vlan on page 452. Management VNIs Management VNIs reside on the Steelhead appliance primary or auxiliary port. Management VNIs are used as a management interface for in-band packages. Management VNIs are the primary communication path for out-of-band packages. For details about adding optimization VNI rules, see rsp opt-vni def-ip-pol on page 445. The no command option disables dataflow on the specified VNI.
Example Product Related Topics
amnesiac (config) # rsp dataflow inpath0_0 add opt-vni 1:testVNI vni-num 1
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp enable
Description Syntax Parameters Enables the RSP service. [no] rsp enable None
440
Riverbed Command-Line Interface Reference Manual
rsp enable
Configuration-Mode Commands
Usage
In RiOS v5.5 or later, the Riverbed Services Platform (RSP), offers branch-office-in-a-box services. Important: Riverbed recommends you install and configure RSP using the Management Console. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. Note: RSP is supported on models 250, 520, 550, 1020, 1050, 1520, 2020, 2050, 3020, 3520, 5050, 6050, and 7050. RSP in RiOS v5.5.x or later uses VMware Server 2.0 as the virtualization platform. Both 32 and 64bit versions of the RSP image are available. VM Server does not need a separate license. After installing the RSP installation image, you can add packages to run additional services and applications. RSP includes configuration options that enable you to determine the data flow to and from a VM, and the ability to chain VM together. After installing the RSP image, you can install the RSP packages that run additional services and applications. RSP packages are available as a separate release from a third-party vendor or from Riverbed. For example, you can run out-of-band packages such as Internet Protocol Address Management (IPAM) and in-band packages such as security solutions that provide firewall, VPN, and content filtering. You can also run proxy solutions such as video streaming packages. You can run up to five packages simultaneously, depending on the package and the Steelhead appliance model. The configuration options include rules to determine the data flow to and from a package, and the ability to chain packages together. Important: For detailed information about installing and configuring RSP, see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide. Basic Steps 1. Download and install the RSP image, which installs the VM server on the Steelhead appliance. The Steelhead appliance RiOS image does not include the RSP image. You must install the RSP image separately. RSP is pre-installed on newly manufactured Steelhead appliances if you ordered RSP.To download the image, go to the Riverbed Support site at https://support.riverbed.com. Start RSP on the Steelhead appliance. Obtain an RSP package by using an existing package from Riverbed, a third-party vendor, or from within your organization or create your own package. For detailed information about creating your own package, see the Riverbed Partner Website. Install the package in a slot. Enable the slot. View slot status. Configure the package. For example, to install a Windows package you would need to configure an IP address for the interface. Disable the slot as a safety precaution while you configure the traffic data flow. This step is not required for out-of-band packages.
2. 3. 4.
5. 6. 7. 8. 9.
10. Configure data flow. This step is not required for out-of-band packages. 11. Add data flow rules to the VNI. This step is not required if you use the default rules for the package. 12. Optionally, configure RSP watchdog. 13. Optionally, modify the memory footprint. 14. Enable the slot. 15. Open the VMware Console. The no command option disables RSP.
Riverbed Command-Line Interface Reference Manual
441
Configuration-Mode Commands
rsp job
Example
amnesiac (config) # rsp enable amnesiac (config) # show rsp Supported: Yes Installed: Yes Release: 6.0.0 Enabled: Yes State: Running Disk Space: 11.26 GB used / 195.44 GB free / 206.70 GB total Memory: 0 MB used / 128 MB free / 128 MB total
Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp job
Description Syntax Parameters Schedules an RSP clone job to the specified remote Steelhead appliance at the specified date and time. Optionally, you can set the job to recur at a specified interval. rsp job {[time <time>] [date <date>] [interval <duration>] [clone {all | slots <slot-names>} ] [hostname <hostname>] [password <password>]} time <time> date <date> interval <duration> Specify the time for the RSP job. Use the following format: HH:MM:SS. Specify the date for the RSP job. Use the following format: YYYY/MM/DD Optionally, specify the interval of job recurrence in days, hours, minutes, and seconds, as necessary. Use the following format: <D>d <H>h <M>m <S>s For example:
interval 2d6h6m6s
clone {slots <slot-names> | all} hostname <remotesteelhead> password <password>
Indicates whether all (clone all) or only specified slots (clone slots 1,3,4) are to be cloned in the job. Specify the hostname or IP address of the remote Steelhead appliance to which the specified slots are to be cloned. Specify the RSP clone password for the remote Steelhead appliance to which the specified slots are to be cloned. Note: The password value is set by the rsp clone password command.
Example Product Related Topics
amnesiac (config) # rsp job time 09:00:00 date 2010/06/21 clone all hostname coloSH003 password sh003123
Steelhead appliance, Cloud Steelhead show rsp, show rsp clones, show rsp clones status, show rsp slots
rsp image delete
Description Syntax Parameters Deletes an RSP installation image from disk. rsp image delete <RSP image> <RSP image> Specify the RSP image to delete.
442
Riverbed Command-Line Interface Reference Manual
rsp image fetch
Configuration-Mode Commands
Usage Example Product Related Topics
This command does not uninstall RSP. It simply removes one of the previous downloaded RSP installation images from the disk, thus freeing space on the disk.
amnesiac (config) # rsp image delete rsp-image.img
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image fetch
Description Syntax Parameters Downloads an RSP installation image from a URL. rsp image fetch [ http | ftp | scp ] <URL> http <URL> ftp <URL> Uses the HTTP protocol to fetch the RSP installation image. For example,
http://server-hostname/path-to-rsp-image/rsp-image.img
Uses the FTP protocol to fetch the RSP installation image. For example, ftp:/
/username:password@server-hostname/path-to-rsp-image/rspimage.img
scp <URL>
Uses the SCP protocol to fetch the RSP installation image. For example, scp:/
/username:password@server-hostname/path-to-rsp-image/rspimage.img
Example Product Related Topics
amnesiac (config) # rsp image fetch http://server-hostname/path-to-rsp-image/rspimage.img
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image install
Description Syntax Parameters Usage Installs an RSP installation image. rsp image install <rsp image> Specify the image name.
RSP requires at least 2 GB of additional memory on the Steelhead appliance. You must have role-based permission for RSP to install RSP. For information on permissions, see the Riverbed Services Platform Installation Guide. Before installing a new RSP image, you must stop the RSP service currently running on the Steelhead appliance. If you have previously installed RSP for RiOS v5.0.x, you must reinstall the RSP image for RiOS v5.5 and later. RSP for RiOS v5.0.x is not compatible with RSP for RiOS v5.5 or later. Installing a new RSP image replaces the previously installed image (the RSP packages and all slots). For details on Steelhead appliance RSP support for guest operating systems, see the product specification sheets at: http://www.riverbed.com/products/appliances/
Riverbed Command-Line Interface Reference Manual
443
Configuration-Mode Commands
rsp image move
Example
amnesiac (config) # rsp image fetch http://server-hostname/path-to-rsp-image/rspimage.img amnesiac (config) # rsp image install rsp-image.img
Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp image move
Description Syntax Parameters Renames or moves an RSP installation image on the disk. rsp image move <old filename> to <new filename> <old filename> <new filename> Example Product Related Topics Specify the source RSP image that you want to change. Specify the new RSP image name.
amnesiac (config) # rsp image move examp1-rsp-image.img to newexamp1-rsp-image.img
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp mgmt-vni
Description Syntax Parameters Bridges a management Virtual Network Interface (VNI) to either the auxiliary or primary interface. rsp mgmt-vni <mgmt-vni> interface [aux | primary] <mgmt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. interface [aux | primary] Usage Specify the physical interface to bind to: aux or primary.
Management VNIs reside on the Steelhead appliance primary or auxiliary port. Management VNIs are used as a management interface for in-band packages. Management VNIs are the primary communication path for out-of-band packages. You bridge a management VNI to either the primary or auxiliary interface to connect the management VNI to the respective physical Ethernet adapter on the Steelhead appliance. The management VNI becomes part of the network connected to the physical primary or auxiliary port of the Steelhead appliance. For detailed information, see the RSP Users Guide.
Example Product Related Topics
amnesiac (config) # rsp mgmt-vni 1:testmgmtF interface aux
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
444
Riverbed Command-Line Interface Reference Manual
rsp opt-vni def-ip-pol
Configuration-Mode Commands
rsp opt-vni def-ip-pol
Description Syntax Parameters Sets the default policy for IP traffic. rsp opt-vni <opt-vni> def-ip-pol <def-ip-pol> <opt-vni> Specify the optimization VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. def-ip-pol <def-ip-pol> Specify one of the following policies: l2-swtich - Enables L2 swtiching. redirect - Redirects the packet to a VM. pass - Passes traffic along the dataflow, bypassing the VM copy - Copy the packet to the VM and also pass it along the data flow. Usage Example Product Related Topics For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
amnesiac (config) # rsp opt-vni 1:testVNI def-ip-pol redirect
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni def-non-ip-pol
Description Syntax Parameters Sets the default policy for non-IP traffic. rsp opt-vni <opt-vni> def-non-ip-pol <def-ip-pol> <opt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. <def-ip-pol> Specify one of the following policies: l2-swtich - Enables L2 swtiching. redirect - Redirects the packet to a VM. pass - Passes traffic along the data flow, bypassing the VM copy - Copy the packet to the VM and also pass it along the data flow. Usage Example Product Related Topics For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
amnesiac (config) # rsp opt-vni 1:testVNI def-non-ip-pol redirect
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
445
Configuration-Mode Commands
rsp opt-vni dnat def-target-ip
rsp opt-vni dnat def-target-ip
Description Syntax Parameters Configures the default DNAT target IP address. rsp opt-vni <opt-vni> dnat def-target-ip <ip-addr> <opt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. <ip-addr> Usage Example Product Related Topics Specify the destination NAT IP address.
For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
amnesiac (config) # rsp opt-vni 1:testVNI dnat def-target-ip 10.0.0.1
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni dnat enable
Description Syntax Parameters Enables Destination Network Address Translation (DNAT). rsp opt-vni <opt-vni> dnat enable <opt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. Usage DNAT VNIs are used for proxy-based solutions, such as video proxies. By default, DNAT is disabled. When DNAT is enabled, it translates the network address of packets that match the source and destination IP and the port (or port range) to the target IP and, optionally, the target port. It then routes them to the correct device, host, or network. For example, you can install an RSP package for live video streaming and add a DNAT rule (using the IP address, port number, or both) that transparently proxies all traffic redirected to the local RSP video instance. Consequently, the local RSP video instance responds to the local clients on behalf of the original server, simultaneously communicating with the original server in the background over the WAN. This process streamlines the number of requests over the WAN, resulting in time and bandwidth savings. For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide. Example Product Related Topics
amnesiac (config) # rsp opt-vni 1:testVNI dnat enable
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
446
Riverbed Command-Line Interface Reference Manual
rsp opt-vni rule dnat
Configuration-Mode Commands
rsp opt-vni rule dnat
Description Configures optimization VNI data flow rules. This type of VNI rule is used with in-band packages and is part of the optimized data flow either on the LAN or WAN side of RiOS. Riverbed recommends you use the Management Console to configure VNI data flow rules. rsp opt-vni <VNI name> rule dnat [targetip <ip-addr>| targetport <port>] <cr> | [srcaddr <srcaddr> srcport <srcport>] | [dstaddr <dstaddr> dstport <dstport>] |[ protocol {all | tcp | udp | <protocol-num>}] | [rulenum <rulenum>] <VNI name> Specify the VNI name. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In targetip <ipaddr> | targetport <port> srcaddr <srcaddr> srcport <srcport> dstaddr <dstaddr> dstport <dstport> protocol {all | tcp | udp| <protocolnumber>]} rulenum <rulenum> Specify a single target IP address. Specify the target port of the packet, either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify the source subnet and port of the packet. For example, 1.2.3.0/24, or leave blank to specify all. Specify the source port of the packet, either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify the destination network. Specify the port can be either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify all, tcp, udp, or a protocol number (1-254) from the dropdown list. The default setting is all.
Syntax
Parameter
Optionally, specify a number (0 - 65535) to replace the default rule number.
Riverbed Command-Line Interface Reference Manual
447
Configuration-Mode Commands
rsp opt-vni rule dnat move rulenum
Usage
Destination Network Address Translation (DNAT) rules are used for in-path proxy-based solutions. You can only add DNAT rules for virtual in-path optimization VNIs. By default, DNAT is disabled. When DNAT is enabled, it translates the network address of packets that match the source and destination IP and the port (or port range) to the target IP and, optionally, the target port. It then routes them to the correct device, host, or network. For example, you can install an RSP package for live video streaming and add a DNAT rule (using the IP address, port number, or both) that transparently proxies all traffic redirected to the local RSP video instance. Consequently, the local RSP video instance responds to the local clients on behalf of the original server, simultaneously communicating with the original server in the background over the WAN. This process streamlines the number of requests over the WAN, resulting in time and bandwidth savings. The RSP rule that determines which traffic is network address translated is provided in the data flow rules for the virtual in-path VNI. Data flow rules are per VNI. Data flow rules are unidirectional. For example, typically you have a LAN-to-WAN rule for the LAN VNI, and a reverse WAN-to-LAN rule for the WAN VNI. WAN VNIs do not see data coming from the LAN, and LAN VNIs do not see packets coming from the WAN. For a WAN VNI, only WAN-to-LAN rules are applicable. For a LAN VNI, only LAN-to-WAN rules are applicable. You must create WAN-to-LAN rules and LAN-to-WAN rules separately. You can only add DNAT rules for a virtual in-path VNI. You can specify a target port range with DNAT rules. Typical rule actions that you can use to control the data flow for the various VNI types: LAN - Pass traffic around a VM or redirect it to the VM within a slot. WAN - Pass traffic around a VM or redirect it to the VM within a slot. Virtual In-Path DNAT - Pass traffic to the target IP or redirect it to a target IP. Virtual In-Path Mirror - Pass traffic along the data flow and copy it for monitoring. For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
Example Product Related Topics
amnesiac (config) # rsp opt-vni 1:Rsp0VinPath rule dnat targetip 10.0.0.1/16 dstaddr 10.12.0.0./16 rulenum 3
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni rule dnat move rulenum
Description Syntax Parameters Moves a DNAT rule. rsp opt-vni <opt-vni> rule dnat move rulenum <number> to <number> <opt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters.
448
Riverbed Command-Line Interface Reference Manual
rsp opt-vni rule lan-to-wan
Configuration-Mode Commands
<number> Usage Example Product Related Topics
Specify the original rule number and the rule number to move to. Optionally, type a descriptive name for the rule to replace the default rule number.
For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
amnesiac (config) # rsp opt-vni 1:TestVlan rule dnat move rulenum 2 to 4
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni rule lan-to-wan
Description Syntax Configures LAN to WAN VNI data flow rules. rsp opt-vni <VNI name> rule lan-to-wan [action {redirect | pass | copy}] |[srcaddr <srcaddr> srcport <srcport>] | [dstaddr <dstaddr> dstport <dstport>] | [protocol {all | tcp | udp | <protocol-number>}] |[vlan <vlan-id>] | [rulenum <rulenum>] <VNI name> Specify the VNI name. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In action {redirect | pass | copy} Specify the action to perform on the rule: redirect - Redirect the packet to a VM. pass - Pass the packet along the data flow, bypassing the VM. copy - Copy the packet to the VM and also pass it along the data flow. srcaddr <srcaddr> srcport <srcport> dstaddr <dstaddr> dstport <dstport> protocol {all | tcp | udp| <protocolnumber>} vlan <vlanid> rulenum <rulenum> Optionally, specify the source subnet and port of the packet. For example, 1.2.3.0/24, or leave blank to specify all. Specify the source port of the packet, either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify the destination network. Specify the port can be either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify all, tcp, udp, or a protocol number (1-254). The default setting is all.
Parameter
Specify a VLAN tag ID for this rule Optionally, specify a number (0 - 65535) to replace the default rule number.
Riverbed Command-Line Interface Reference Manual
449
Configuration-Mode Commands
rsp opt-vni rule lan-to-wan move rulenum
Usage
VNI rules determine what the VNI does with the traffic it receives. After you install a package and add it to a slot, you need to add rules to configure the data flow for the package unless you use the default rules for the package. For a LAN VNI, you add LAN-to-WAN rules to direct traffic. The redirection can be controlled by rules based on IP or port. Rules are used with in-path and virtual in-path optimization VNIs. You do not need to add rules to management VNIs. Rules can perform one of these actions: Redirect the packets to the VM. Pass the packets along the data flow to the next VNI. Pass the packets along the data flow and also send a copy of the packets to the VM. Note: The LAN-to-WAN and WAN-to-LAN rules are not used with Virtual RSP. Suppose that you have installed a video streaming package, a security package, and a VPN package on the Steelhead appliance. You could define rules to invoke the following data path: A rule redirects all Flash video traffic coming in from the LAN side of the Steelhead appliance to a video proxy RSP package on the Steelhead appliance. A rule directs all of the other data directly to the next in-line package, RiOS, which optimizes the traffic. After RiOS optimizes the traffic, a rule intercepts the traffic on the WAN side and redirects it to a security package that checks the data (or, if it is a VPN solution, encrypts it), and sends it back out the WAN. You can control the data redirection using rules based on IP address or port number. For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
Example Product Related Topics
amnesiac (config) # rsp opt-vni 1:Rsp0VinPath rule lan-to-wan action copy srcaddr 10.0.0.1/16 dstaddr 10.12.0.0./16 rulenum 3
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni rule lan-to-wan move rulenum
Description Syntax Parameters Moves a LAN to WAN rule. rsp opt-vni <opt-vni> rule lan-to-wan move rulenum <number> to <number> <opt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. <number> Usage Example Product Related Topics Specify the original rule number and the rule number to move to. Optionally, type a descriptive name for the rule to replace the default rule number.
For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
amnesiac (config) # rsp opt-vni rule lan-to-wan move rulenum 2 to 4
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
450
Riverbed Command-Line Interface Reference Manual
rsp opt-vni rule wan-to-lan
Configuration-Mode Commands
rsp opt-vni rule wan-to-lan
Description Syntax Configures WAN to LAN VNI data flow rules. rsp opt-vni <VNI name> rule wan-to-lan [action {redirect | pass | copy}]|[srcaddr <srcaddr> srcport <srcport>] | [dstaddr <dstaddr> dstport <dstport>] | protocol {all | tcp | udp] | <protocol-number>}] | [vlan <vlan-id>] | [rulenum <rulenum>] <VNI name> Specify the VNI name. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In action {redirect | pass | copy} Specify the action to perform on the rule: redirect - Redirect the packet to a VM. pass - Pass the packet along the data flow, bypassing the VM. copy - Copy the packet to the VM and also pass it along the data flow. srcaddr <srcaddr> srcport <srcport> dstaddr <dstaddr> dstport <dstport> protocol {all | tcp | udp| <protocolnumber>} vlan <vlanid> rulenum <rulenum> Usage Optionally, specify the source subnet and port of the packet. For example, 1.2.3.0/24, or leave blank to specify all. Specify the source port of the packet, either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, specify the destination network. Specify the port can be either a single port value or a port range of port1-port2. port1 must be less than port2. Optionally, select All, TCP, UDP, or a protocol number (1-254) from the dropdown list. The default setting is All.
Parameter
Specify a VLAN tag ID for this rule Optionally, type a number (0 - 65535) to replace the default rule number.
VNI rules determine what the VNI does with the traffic it receives. After you install a package and add it to a slot, you need to add rules to configure the data flow for the package unless you use the default rules for the package. For a LAN VNI, you add LAN-to-WAN rules to direct traffic. The redirection can be controlled by rules based on IP or port. For a WAN VNI, only WAN-to-LAN rules apply. Data flow rules are unidirectional; for example, typically you have add a LAN-to-WAN for the LAN VNI and a reverse WAN-to-LAN rule for the WAN VNI. For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
Example Product Related Topics
amnesiac (config) # rsp opt-vni 1:Rsp0VinPath rule wan-to-lan action copy srcaddr 10.0.0.1/16 dstaddr 10.12.0.0./16 rulenum 3
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
451
Configuration-Mode Commands
rsp opt-vni rule wan-to-lan move rulenum
rsp opt-vni rule wan-to-lan move rulenum
Description Syntax Parameters Moves a WAN to LAN rule. rsp opt-vni <opt-vni> rule wan-to-lan move rulenum <number> to <number> <opt-vni> Specify the management VNI. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. <number> Usage Example Product Related Topics Specify the original rule number and the rule number to move to. Optionally, type a descriptive name for the rule to replace the default rule number.
For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
amnesiac (config) # rsp opt-vni 1:Rsp0VinPath rule wan-to-lan move rulenum 2 to 4
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp opt-vni vlan
Description Syntax Parameter Sets the VLAN for the optimization VNI. rsp opt-vni <VNI name> vlan <vlan> <VNI name> Specify the VNI name. VNI names have the following format: <SlotName>:<RSPinterfaceName> For example: wowzaSlot:Rsp0In, 1:LanRSPInf, firewall:eth0 VNI names must be between 1 and 30 characters long and can contain only alphanumeric, hyphen ( - ), and underscore ( _ ) characters. <vlan> Example Product Related Topics Specify the VLAN: trunk, none, or 0-4094
amnesiac (config) # rsp opt-vni 2:QAWan vlan trunk
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp package delete
Description Syntax Parameters Deletes a package from the disk. rsp package delete <package> <package> Specify the package name.
452
Riverbed Command-Line Interface Reference Manual
rsp package fetch
Configuration-Mode Commands
Usage
You can delete an RSP package installation file to release disk space. Deleting the RSP package installation file removes the file used to install the package into a slot. It does not uninstall the package from the slot. To install the package again, you must download the package and then install it into a slot.
amnesiac (config) # rsp package delete SCPS_factory1.pkg
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp package fetch
Description Syntax Parameters Downloads a package. rsp package fetch <http, ftp, or scp URL (e.g. scp://username:password@host/path)> <http, ftp, scp URL> Specify the HTTP, FTP, or scp URL path. For secure copy, use the following path: /rsp/packages
Riverbed Command-Line Interface Reference Manual
453
Configuration-Mode Commands
rsp package move
Usage
Before installing a package, you must install RSP. After installing the RSP image, you can download and install packages. A package can be a virtual machine (VM) created: by a third-party vendor that also contains configuration files specific to the RSP implementation. by Riverbed. internally within your organization. You can download any number of packages to the Steelhead appliance, but you can only run up to five packages at a time. The exact number depends on the package size, the amount of resources available, and your Steelhead appliance model. RSP packages contain the service or applications in the virtual machine. RSP packages also contain Riverbed configuration files including the package VNIs. RSP packages include a .vmx file and one ore more .vmdk files. You need not open or modify any of the files in the package. The package files can be quite large and can take up several GBs of disk space. RSP provides the following packages: In-band packages - In-band packages work in conjunction with the Steelhead appliance optimization services. You can use the following in-band packages: In-band LAN packages - In-band LAN packages intercept data on the Steelhead appliance LAN interface before or after the data flows through RiOS, depending on the traffic direction. Examples of this type of package include Intrusion Detection System or Intrusion Prevention System packages. In-band WAN packages - In-band WAN packages intercept data on the Steelhead appliance WAN interface before or after the data flows through RiOS, depending on the traffic direction. Examples of this type of package include firewall, content filtering, and VPN packages. In-band hybrid packages - In-band hybrid packages intercept data on both the LAN interface and the WAN interface of the Steelhead appliance. Typically, in-band hybrid packages are network monitoring packages. Out-of-band packages - Out-of-band packages are not required to work in conjunction with the Steelhead appliance optimization service. Typically, out-of-band packages are located on the Steelhead appliance primary interface. Examples of this type of package include IPAM, print, DNS, and DHCP. When you install an RSP package you must select an RSP slot. A slot is a directory on disk. When you install a package into a slot, the system unpacks the VM into the directory. When you remove a package, the system deletes the files from the slot. After you install a package into a slot, you configure data flow rules for the RSP package. Data flow rules are similar to in-path rules, except they are unidirectional. Riverbed recommends you use the Management Console to define your data flow rules for your packages. For detailed information, see the see the Management Console online help or the Steelhead Management Console Users Guide, and the RSP Users Guide.
Example Product Related Topics
amnesiac (config) # rsp package fetch http://example.com/newcentospkg.pkg
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp package move
Description Syntax Renames a package. rsp package move <old-filename> to <new-filename>
454
Riverbed Command-Line Interface Reference Manual
rsp shell
Configuration-Mode Commands
Parameters
<oldfilename> <newfilename>
Specify the package filename. Specify the new package filename.
Usage Example Product Related Topics
After you load an RSP package on the Steelhead appliance, you can rename the package.
amnesiac (config) # rsp package move centospkg.pkg to newcentospkg.pkg
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp shell
Description Syntax Parameters Example Product Related Topics Provides console access to RSP. rsp shell <slot-name> <slot-name> Specify the slot name: 1, 2, 3, 4, 5
amnesiac (config) # rsp shell 1
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot backup create
Description Syntax Parameters Creates an RSP backup file. rsp slot <slot-name> backup create | nocompress | remote <URL> <slot-name> nocompress remote <URL> Usage Specify the slot name. Creates an uncompressed backup file. Specify a destination URL for the backup file.
This feature enables you to create a snapshot (a VMware feature that freezes a copy of the memory and disk contents), compress the snapshot, delete the snapshot, and move the compressed snapshot file. The backup command generates a .zip file with a .bkup file extension. The default backup filename is <Steelhead appliance name>-<slotname>-<date>.bkup You can use the nocompress option to create an uncompressed backup file. The nocompress option enables you to transfer the backup file efficiently using the Steelhead de-duplication feature.
Example Product Related Topics
amnesiac (config) # rsp slot 1 backup create nocompress
Steelhead appliance, Cloud Steelhead show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
455
Configuration-Mode Commands
rsp slot backup restore
rsp slot backup restore
Description Syntax Parameters Restores RSP data. rsp slot <slot-name> backup restore <backup filename> <slot-name> <backup filename> Usage Specify the slot name. Specify the backup filename.
Use the RSP backup feature to restore the RSP data in case the Steelhead appliance fails. Important: Restores are only supported on the same Steelhead appliance model and slot.
Example Product Related Topics
amnesiac (config) # rsp slot 1 backup restore amnesiac-sh1-1-20090211.bkup
Steelhead appliance, Cloud Steelhead show rsp backups, show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot clone
Description Syntax Parameters Clones a single, specified slot to a remote Steelhead appliance. rsp slot <slot-name> clone [hostname <remote-steelhead>] [ password <password>] <slot-name> <remotesteelhead> <password> Specify the slot to be cloned to the remote Steelhead appliance. Specify the hostname or IP address of the remote Steelhead appliance to which all slots are to be cloned. Specify the RSP clone password for the remote Steelhead appliance to which all slots are to be cloned. Note: The password value is set by the rsp clone password command. Example Product Related Topics
amnesiac (config) # rsp slot 2 clone hostname branchSHA003 password rsppw003
Steelhead appliance, Cloud Steelhead rsp clone slots
rsp slot enable
Description Syntax Parameters Enables a slot (disk space) and starts the virtual machine. [no] rsp slot <slot-name> enable <slot-name> Specify the slot name: 1, 2, 3, 4, 5
456
Riverbed Command-Line Interface Reference Manual
rsp slot install package
Configuration-Mode Commands
Usage
When you install an RSP package you must select an RSP slot. A slot is a directory on disk. When you install a package into a slot, the system unpacks the VM into the directory. When you remove a package, the system deletes the files from the slot. You can install one package per slot. By default, the RSP slots are numbered 1 to 5. You can change a slot name to more make it more descriptive. Verify that enough free memory is still available to run the virtual machine in the slot. If there is not enough free memory available you receive an insufficient memory error message, and the slot is not enabled. You can try reducing the memory footprint for the virtual machine, or reducing it for a virtual machine in another slot. Note: RSP requires 2 GB additional memory on the Steelhead appliance. If the amount of available memory is less than the memory footprint for the virtual machine you are installing, you receive an insufficient memory error message. The no command option disables the slot.
Example Product Related Topics
amnesiac (config) # rsp slot 1 enable
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot install package
Description Syntax Parameters Installs an RSP package into a slot. rsp slot <slot-name> install package <package> <slot-name> <package> Usage Specify the slot name: 1, 2, 3, 4, 5 Specify the package name.
When you install an RSP package you must select an RSP slot. A slot is a directory on disk. When you install a package into a slot, the system unpacks the VM into the directory of the slot. When you uninstall a package, the system deletes the files in that slot. You can install one package per slot. By default, the five RSP slots are numbered 1 to 5, although you can change a slot name to more make it more descriptive. Note: Available slots are listed as null. To install an RSP package in an occupied slot, you must first uninstall the package for that slot. Installing a package into a slot and uninstalling that particular slot affects only the slot directory, not the package itself.
Example Product Related Topics
amnesiac (config) # rsp slot 1 install package rsp_SCPS_factory1. pkg Slot "1" is successfully installed.
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot priority
Description Syntax Sets the CPU priority for the slot if there is contention for resources. rsp slot <slot-name> priority {high | normal | low}
Riverbed Command-Line Interface Reference Manual
457
Configuration-Mode Commands
rsp slot rename
Parameters
<slot-name> high normal
Specify the slot name or number. The default names for the slots are 1, 2, 3, 4, 5. Sets a higher priority relative to other slots. Sets normal priority relative to other slots. The default priority setting is normal. In the event of CPU contention, CPU resources are allocated to the slots according to the priority specified. Slots with the same priority level receive equal access to the CPU.
low Usage
Sets low priority relative to other slots.
The CPU uses the slot priority to allocate resources in the event of contention. By default all slots are set at normal priority. Because there is only three priority levels, but five slots, it is always the case that more than one slot has the same priority. In that case, slots with the same priority are given equal access to the CPU.
Example Product Related Topics
amnesiac (config) # rsp slot 1 priority high
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot rename
Description Syntax Parameters Renames a slot. rsp slot <slot-name> rename <new-name> <slot-name> <new-name> Usage Example Product Related Topics Specify a slot name. Specify a new name for the slot.
Before you rename an RSP slot, ensure that it is empty.
amnesiac (config) # rsp slot 1 rename myslot
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot uninstall
Description Syntax Parameter Usage Example Uninstalls a slot. rsp slot <slot-name> uninstall <slot-name> Specify the slot name.
Before you uninstall an RSP package from a slot, disable the slot in which the RSP package resides.
amnesiac (config) # rsp slot 3 uninstall
458
Riverbed Command-Line Interface Reference Manual
rsp slot vm disk attach name
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm disk attach name
Description Syntax Parameters Attaches a virtual disk to the VM. rsp slot <slot-name> vm disk attach name <name> controller <integer> device <integer> <slot-name> <name> controller <integer> Specify the slot name. Specify the disk name. Specify the disk controller index: IDE: 0-1 SCSI: 0-3 device <integer> Specify the device index: IDE: 0 or 1 SCSI: 0 to 15 inclusive Usage You attach a virtual disk to the VM after you create it. Currently packages must ship with all required virtual disks. This can be inefficient since most of the existing disks may be blank. You can add one or more disks to a VM. The virtual disk can be detached and removed as needed. Example Product Related Topics
amnesiac (config) # rsp slot vm disk attach name storage controller 2 device 2
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm disk create name
Description Syntax Parameters Creates a virtual disk for the VM. rsp slot <slot-name> vm disk create name <name> size <size in MB> adapter <type> <slot-name> <name> size <size in MB> adapter <type> Specify the slot name. Specify the disk name. Specify the new disk size in MBs. Specify one of the following the adapter types: ide - Specifies an IDE adapter lsilogic - Specifies an LSI Logic SCSI adapter buslogic - Specifies a Bus Logic SCSI adapter Usage Currently packages must ship with all required virtual disks. This can be inefficient since most of the existing disks may be blank. You can add one or more disks to a VM. The virtual disk can be detached and removed as needed.
Riverbed Command-Line Interface Reference Manual
459
Configuration-Mode Commands
rsp slot vm disk delete name
Example Product Related Topics
amnesiac (config) # rsp slot 1 vm disk create name storage size 10 adapter ide
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm disk delete name
Description Syntax Parameters Deletes a virtual disk from the VM. rsp slot <slot-name> vm disk delete name <name> <slot-name> <name> Example Product Related Topics Specify the slot name. Specify the disk name.
amnesiac (config) # rsp slot 1 vm disk delete name storage
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm disk detach name
Description Syntax Parameters Detaches a virtual disk from the VM. rsp slot <slot-name> vm disk detach name <name> <slot-name> <name> Example Product Related Topics Specify the slot name. Specify the disk name.
amnesiac (config) # rsp slot 1 vm disk detach name storage
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm disk grow name
Description Syntax Parameters Enlarges a virtual disk attached to the VM. rsp slot <slot-name> vm disk grow name <name> size <size in MB> <slot-name> name <name> <size in MB> Example Specify the slot name. Specify the disk name. Specify the disk size in MBs.
amnesiac (config) # rsp slot 1 vm disk grow name storage size 10
460
Riverbed Command-Line Interface Reference Manual
rsp slot vm memory-size
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot vm memory-size
Description Syntax Parameters Changes the slot memory size. rsp slot <slot-name> vm memory-size <size> <slot-name> <size> Usage Specify the slot name. Specify how many megabytes of memory to allocate to the virtual machine. This value must be a multiple of 4.
To learn how much memory is available for RSP, execute the following command (or check the RSP Service page on the Management Console):
amnesiac (config) # show rsp Supported: Yes Installed: Yes Release: 6.0.0 Enabled: Yes State: Running Disk Space: 13.54 GB used / 163.64 GB free / 177.18 GB total Memory: 0 MB used / 128 MB free / 128 MB total
Used RSP memory is defined as the sum of each enabled or powered-on virtual memory setting of the slot. If you attempt to enable a slot, free RSP memory must be equal to or greater than the virtual memory setting of the slot. If there is insufficient free RSP memory to enable a slot, a user can free up RSP memory by reducing the virtual memory setting for that slot, disable a currently enabled slot, or both. Example Product Related Topics
amnesiac (config) # rsp slot 1 vm memory-size 256
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog block
Description Syntax Parameters Usage Example Product Related Topics Configures a watchdog for a given slot to block traffic if the package fails. rsp slot <slot-name> watchdog block <slot-name> Specify the slot name.
Requests traffic to be blocked if the watchdog indicates that a specified slot has failed.
amnesiac (config) # rsp slot 1 watchdog block
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
Riverbed Command-Line Interface Reference Manual
461
Configuration-Mode Commands
rsp slot watchdog heartbeat enable
rsp slot watchdog heartbeat enable
Description Syntax Parameters Usage Configures a regular heartbeat from a specified slot. Riverbed recommends you configure an RSP watchdog that blocks traffic in the event an in-path security package, such as a firewall, fails. rsp slot <slot-name> watchdog heartbeat enable <slot-name> Specify the slot name.
The RSP watchdog feature allows you to monitor each installed slot for failure, and determines what should happen to the traffic and the VM within the slot should failure occur. By default the watchdog sends an email alert and, if the slot is in a Inpath configuration, routes traffic around the failed slot. You can optionally configure the watchdog to block traffic in the case of failure. You can also configure the watchdog to reboot the VM within the slot. Note: This is a hard reboot, that is a power-cycling of the VM. You must confirm that the VM will come up after a virtual power-cycle before enabling this feature. The Steelhead appliance offers two types of RSP watchdog: Ping Monitoring - Ping monitoring allows you to monitor the package by simply pinging a network interface within the VM. The RSP package must have a Management Virtual Network Interface (VNI) before you can configure ping monitoring. For details on configuring ping monitoring see rsp slot watchdog ping enable on page 462. Heartbeat Monitoring - Heartbeat monitoring allows you to monitor a package for a heartbeat which is transmitted by the VM within the slot. The RSP package must have been configured separately to transmit this heartbeat. The package does not need a management VNI to use heartbeat monitoring. Because most VMs require a certain length of time to initialize, the watchdog allows you to set a startup grace period for each slot. This startup period is effectively added to the first watchdog timeout duration and prevents false failures while the VM is initializing. For details on configuring ping monitoring see rsp slot watchdog startup grace-period on page 464. You can configure one or both types. If you configure both types of watchdog, if either fails the VM is marked as failed. By default, the watchdog sends an email alert and bypasses traffic for failed packages. Traffic that normally flows through an optimization VNI on the RSP package now skips the optimization VNI, and passes through. The RSP package must have the management interface configured before you can configure a watchdog on it. You can configure a watchdog to block traffic destined for failed packages. You can also disable fail-to-bypass mode on the package interface. This is useful in the event of a firewall package failure. Otherwise, if the Steelhead appliance loses power or fails, traffic is allowed through the interface. For details about enabling fail-to-bypass, see the RSP Users Guide. For details about which interfaces support disabling fail-to-bypass, see the Network Interface Card Installation Guide.
Example Product Related Topics
amnesiac (config) # rsp slot 1 watchdog timeout 20 amnesiac (config) # rsp slot 1 watchdog heartbeat enable
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog ping enable
Description Syntax Configures ping monitoring from a specified slot. Riverbed recommends you configure an RSP watchdog that blocks traffic in the event an in-path security package, such as a firewall, fails. rsp slot <slot-name> watchdog ping enable
462
Riverbed Command-Line Interface Reference Manual
rsp slot watchdog ping interval
Configuration-Mode Commands
Parameters Usage
<slot-name>
Specify the slot name.
Ping monitoring allows you to monitor the package by simply pinging a network interface within the VM. The RSP Package must have a Management Virtual Network Interface (VNI) before you can configure ping monitoring. For details about the RSP watchdog feature, see rsp slot watchdog heartbeat enable on page 462.
amnesiac (config) # rsp slot 1 watchdog ping enable
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog ping interval
Description Syntax Parameters Configures ping interval from a specified slot. Riverbed recommends you configure an RSP watchdog that blocks traffic in the event an in-path security package, such as a firewall, fails. rsp slot <slot-name> watchdog ping interval <seconds> <slot-name> <seconds> Example Specify the slot name. Specify the number of seconds.
amnesiac (config) # rsp slot 1 watchdog ping interval 10 amnesiac (config) # rsp slot 1 watchdog ping ip 192.179.0.1 amnesiac (config) # rsp slot 1 watchdog ping enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog ping ip
Description Syntax Parameters Configures the IP address from a specified slot to ping. Riverbed recommends you configure an RSP watchdog that blocks traffic in the event an in-path security package, such as a firewall, fails. rsp slot <slot-name> watchdog ping ip <ip-addr> <slot-name> <ip-addr> Example Product Related Topics Specify the slot name. Specify the IP address to ping.
amnesiac (config) # rsp slot 1 watchdog ping ip 10.0.0.1
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog slot-reboot enable
Description Syntax Enables a slot reboot upon a VM failure. [no] rsp slot <slot-name> watchdog slot-reboot enable
Riverbed Command-Line Interface Reference Manual
463
Configuration-Mode Commands
rsp slot watchdog startup grace-period
Parameters Usage
<slot-name>
Specify the slot name.
Requests that the VM is rebooted if the watchdog detects that it has failed. The no command option disables slot reboot upon VM failure.
Example Product Related Topics
amnesiac (config) # rsp slot 1 watchdog slot-reboot enable
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog startup grace-period
Description Syntax Parameters Configures watchdog start up grace period for the specified slot, thereby preventing false slot failure alarms from being generated during slot start up. rsp slot <slot-name> watchdog startup grace-period <seconds> <slot-name> <seconds> Usage Specify the slot name. Specify the number of seconds. The minimum grace period is 15 seconds.
Because most VMs require a certain length of time to initialize, the watchdog allows you to set a startup grace period for each slot. This startup period is effectively added to the first watchdog time-out duration and prevents false failures while the VM is initializing.
amnesiac (config) # rsp slot 1 watchdog startup grace-period 60 amnesiac (config) # rsp slot 1 watchdog slot-reboot enable
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
rsp slot watchdog timeout
Description Syntax Parameters Configures watchdog time-out period for the specified slot. rsp slot <slot-name> watchdog timeout <seconds> <slot-name> <seconds> Usage Specify the slot name. Specify the number of seconds.
This command can be used to configure the watchdog time-out period for a specified slot. The time-out period is the duration after which, if on-going watchdog monitoring has not been able to confirm that the slot is operating correctly, a watchdog failure alarm is raised.
amnesiac (config) # rsp slot 1 watchdog timeout 60
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show rsp, show rsp images, show rsp opt-vni, show rsp package, show rsp packages, show rsp slot, show rsp slots
464
Riverbed Command-Line Interface Reference Manual
dns cache clear
Configuration-Mode Commands
DNS Cache Commands
This section describes the DNS cache commands.
dns cache clear
Description Syntax Parameters Example Product Related Topics Clear contents of DNS cache. dns cache clear None
amnesiac (config) # dns cache clear
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache freeze enable
Description Syntax Parameters Usage Example Product Related Topics Sets whether DNS cache entries should expire. [no] dns cache freeze enable None The no command option disables cache entries expiration.
amnesiac (config) # dns cache freeze enable
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache frozen-min-ttl
Description Syntax Parameters Sets the minimum time-to-live value on an expired entry in a frozen cache. The minimum time-tolive value applies to all entries when the cache is frozen, whether they are expired or not. [no] dns cache frozen-min-ttl <seconds> <seconds> Specify the smallest time-to-live in seconds that a response from the server can have. This setting affects the contents of the response, not how long the entry is actually cached (which is forever), and this is not specific to negative responses. The range is 0-604800. The default value is 10.
Usage Example
The no command option resets the frozen minimum time-to-live value to the default.
amnesiac (config) # dns cache frozen-min-ttl 604800
Riverbed Command-Line Interface Reference Manual
465
Configuration-Mode Commands
dns cache fwd enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache fwd enable
Description Syntax Parameters Usage Example Product Related Topics Enables or disables caching of DNS entries. [no] dns cache fwd enable None The no command option disables forwarding of name servers.
amnesiac (config) # dns cache fwd enable
Steelhead appliance, Cloud Steelhead . show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache max-ncache-ttl
Description Syntax Parameters Usage Example Product Related Topics Sets maximum time a negative response can be cached. [no] dns cache max-ncache-ttl <seconds> <seconds> Specify the number of seconds a negative response caches. The range is 22592000. The default value is 10800.
The no command option resets the value to the default.
amnesiac (config) # dns cache max-ncache-ttl 12
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache max-ttl
Description Syntax Parameters Usage Example Sets the maximum time a response can be cached. [no] dns cache max-ttl <seconds> <seconds> Specify the number of seconds a response caches. The range is 2-2592000. The default value is 604800.
The no command option resets the value to the default.
amnesiac (config) # dns cache max-ttl 12
466
Riverbed Command-Line Interface Reference Manual
dns cache min-ncache-ttl
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache min-ncache-ttl
Description Syntax Parameters Usage Example Product Related Topics Sets minimum time that a negative response can be cached. [no] dns cache min-ncache-ttl <seconds> <seconds> Specify the number of seconds a negative response to be cached. The range is 02592000 (30 days). The default value is 0.
The no command option resets the value to the default.
amnesiac (config) # dns cache min-ncache-ttl 2
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache min-ttl
Description Syntax Parameters Usage Example Product Related Topics Sets the minimum time that a response can be cached. [no] dns cache min-ttl <seconds> <seconds> Specify the minimum number of seconds that a response can be cached. The default value is 0.
The no command option resets the value to the default.
amnesiac (config) # dns cache min-ttl 2
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns cache size
Description Syntax Parameters Usage Example Sets size of DNS cache in bytes. [no] dns cache size <bytes> <bytes> Specify the size of the DNS cache in bytes. The range is 524288 and 2097152.
The no command option resets the value to the default.
amnesiac (config) # dns cache size 2097152
Riverbed Command-Line Interface Reference Manual
467
Configuration-Mode Commands
dns enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns enable
Description Enables a DNS server. Forwards name resolution requests to a DNS name server, then stores the address information locally in the Steelhead appliance. By default, the requests go to the root name servers, unless you specify another name server. [no] dns enable None A DNS name server resolves hostnames to IP addresses and stores them locally in a single Steelhead appliance. Any time your browser requests a URL, it first looks in the local cache to see if it is there before querying the external name server. If it finds the resolved URL locally, it uses that IP. Hosting the DNS name server function provides: Improved performance for Web applications by saving the round trips previously needed to resolve names. Whenever the name server receives address information for another host or domain, it stores that information for a specified period of time. That way, if it receives another name resolution request for that host or domain, the name server has the address information ready, and does not need to send another request across the WAN. Improved performance for services by saving round trips previously required for updates. Continuous DNS service locally when the WAN is disconnected, with no local administration needed, eliminating the need for DNS servers at branch offices. The no command option disables a DNS server. Example Product Related Topics
amnesiac (config) # dns enable
Syntax Parameters Usage
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns forwarder
Description Syntax Adds a new DNS forwarding name server. Optionally sets, moves, or removes an integer index position for each name server. dns forwarder add <ip-addr> [idx <index>] | move <index> to <index> | remove <integer> to <integer>
468
Riverbed Command-Line Interface Reference Manual
dns forwarder enable
Configuration-Mode Commands
Parameters
add <ip-addr> [idx <index>]
Specify the IP address of the forwarder. A forwarder is a DNS server to which the Steelhead appliance caching-name server will forward requests. Forwarder is added to the end of the index of forwarders by default. Optionally, use idx to specify the order in which the Steelhead appliance contacts forwarder by assigning the forwarder a numeric position in the forwarder index. The Steelhead appliance first sends a request to the forwarder with index 0, next to the forwarder with index 1, and so on, to an upper index limit of 2147483647.
move <index> to <index> remove <index> Usage Example Product Related Topics
Specify the index number of the forwarder. Moves a forwarder from one index position to another. Specify the index number of the forwarder. Removes a forwarder from the index.
You can also access this command from enable-mode.
amnesiac (config) # dns forwarder add 10.0.0.1 idx 2
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings,show stats dns
dns forwarder enable
Description Syntax Parameters Usage Example Product Related Topics Sets the ID of forwarder IP address to enable. [no] dns forwarder enable <integer> <integer> Specify the ID in the form of an integer. The integer indicates the positions on the list.
The no command option disables use of the forwarder with the specified index.
amnesiac (config) # dns forwarder enable 2
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-fail-count
Description Syntax Parameters Sets the number of consecutive dropped requests until a forwarder is considered down. [no] dns fwd-fail-count <requests> <requests> Specify the number of dropped requests before a forwarder is considered down. When both the specified number of requests to the forwarder have been dropped and all requests have been dropped for the amount of time specified by dns fwd-fail-time, a forwarder is considered down.
Usage Example
The no command option resets the value to the default.
amnesiac (config) # dns fwd-fail-count 12
Riverbed Command-Line Interface Reference Manual
469
Configuration-Mode Commands
dns fwd-fail-dtxn enable
Product Related Topics
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-fail-dtxn enable
Description Syntax Parameters Usage Example Product Related Topics Enable this option to detect unresponsive forwarders and request responses from them only after trying responsive forwarders. [no] dns fwd-fail-dtxn enable None The no command option resets the value to the default.
amnesiac (config) # dns fwd-fail-dtxn enable
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-fail-time
Description Syntax Parameters Usage Example Product Related Topics Sets the number of consecutive seconds of no response from a forwarder until it is considered down. [no] dns fwd-fail-time <seconds> <seconds> Specify the number of seconds for non-response from a forwarder.
The no command option resets the value to the default.
amnesiac (config) # dns fwd-fail-time 12
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns fwd-tm-staydown
Description Syntax Parameters Usage Example Sets the number of seconds that a forwarder is considered down before it is considered up again. [no] dns fwd-tm-staydown <seconds> <seconds> Specify the number of seconds of down time for the forwarder.
The no command option resets the value to the default.
amnesiac (config) # dns fwd-tm-staydown 12
470
Riverbed Command-Line Interface Reference Manual
dns interface
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns interface
Description Syntax Parameters Sets the interfaces on which DNS is enabled. dns interface {add <interface> | remove <interface>} add <interface> remove <interface> Example Product Related Topics Specify the name of the interface. Specify the name of the interface.
amnesiac (config) # dns interface add aux
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns root-fallback enable
Description Syntax Parameters Usage Example Product Related Topics Sets the use of root name servers. [no] dns root-fallback enable None The no command option disables the use of root of name servers.
amnesiac (config) # dns root-fallback enable
Steelhead appliance, Cloud Steelhead show dns cache, show dns forwarders, show dns interfaces, show dns settings
dns round-robin enable
Description Syntax Parameters Usage Example Configures DNS service round-robin setting. [no] dns round-robin enable None The no command option disables the use of the round-robin feature.
amnesiac (config) # dns round-robin enable
Riverbed Command-Line Interface Reference Manual
471
Configuration-Mode Commands
domain cancel-event
Product Related Topics
Steelhead appliance show dns cache, show dns forwarders, show dns interfaces, show dns settings
Domain and Workgroup Commands
This section describes the Domain and Workgroup commands. The domain commands apply to the following features: SMB signing delegation trust for CIFS optimizations and SMB2 signing. For SMB and SMB2 signing commands, see CIFS, SMB, and SMB2 Support Commands on page 297. MAPI 2007 encrypted traffic optimization authentication. For detailed information, see MAPI Support Commands on page 319. PFS. For detailed information, see PFS Support Commands on page 283 or the Steelhead Central Management Console Users Guide.
domain cancel-event
Description Syntax Parameters Example Product Related Topics Cancels domain action. domain cancel-event None
amnesiac (config) # domain cancel-event
Steelhead appliance, Cloud Steelhead show domain
domain check
Description Syntax Parameters Example Product Related Topics Configures the system to require a domain check upon start up. [no] domain check None
amnesiac (config) # domain check
Steelhead appliance, Cloud Steelhead show domain
472
Riverbed Command-Line Interface Reference Manual
domain join
Configuration-Mode Commands
domain join
Description Syntax Parameters Configures a Windows domain. domain join domain-name <name> login <login> password <password> [short-name <name>] | dc-list <dc-list> [short-name <name>]] domain-name <name> Specify the domain in which to make the Steelhead appliance a member. Typically, this is your company domain name. RiOS v5.5 or later supports Windows 2000 or later domains. Note: This account must have domain-join privileges; it does not need to be a domain administrator account. login <login> password <password> short-name <name> dc-list <dclist> Specify the login for the domain. The login and password are not stored. Specify the password for the domain. The login and password are not stored. Specify a short domain name. Typically, the short domain name is a sub-string of the realm. In rare situations, this is not the case, and you must explicitly specify it. Optionally, specify the Domain Controllers (hosts) that provides user login service in the domain. (Typically, with Windows 2000 Active Directory Service domains, given a domain name, the system automatically retrieves the DC name.) Note: If you specify the domain controller name in high latency situations, it reduces the time to join domain significantly. Usage A server-side Steelhead appliance can join a Windows domain or Local Workgroup. You configure the Steelhead appliance to join a Windows domain (typically, the domain of your company) for PFS, SMB signing, SMB2 signing, and MAPI 2007 encrypted traffic optimization authentication. When you configure the Steelhead appliance to join a Windows domain, you do not have to manage local accounts in the branch office, as you do in Local Workgroup mode. Domain mode allows a Domain Controller (DC) to authenticate users. The Steelhead appliance must be configured as a Member Server in the Windows 2000, or later, Active Directory Services (ADS) domain. Domain users are allowed to access the PFS shares, use the Kerberos delegation trust facility and/or NTLM environments for MAPI 2007 encryption or SMB Signing and SMB2 signing, based on the access permission settings provided for each user. Data volumes at the data center are configured explicitly on the proxy-file server and are served locally by the Steelhead appliance. As part of the configuration, the data volume and ACLs from the origin-file server are copied to the Steelhead appliance. RiOS allocates a portion of the Steelhead appliance data store for users to access as a network file system. Before enabling Domain mode make sure you: configure the DNS server correctly. The configured DNS server must be the same DNS server to which all the Windows client computers point. To use SMB and SMB2 signing, the server-side Steelhead appliance must be in DNS. have a fully-qualified domain name. This domain name must be the domain name for which all the Windows desktop computers are configured. set the owner of all files and folders in all remote paths to a domain account and not a local account. Note: PFS only supports domain accounts on the origin-file server; PFS does not support local accounts on the origin-file server. During an initial copy from the origin-file server to the PFS Steelhead appliance, if PFS encounters a file or folder with permissions for both domain and local accounts, only the domain account permissions are preserved on the Steelhead appliance. For detailed information about domains and PFS, see the Steelhead Management Console Users Guide. Example
amnesiac (config) # domain join domain-name mydomain login myname password mypassword
Riverbed Command-Line Interface Reference Manual
473
Configuration-Mode Commands
domain leave
Product Related Topics
Steelhead appliance, Cloud Steelhead show domain
domain leave
Description Syntax Parameters Example Product Related Topics Enables the system to leave a domain. domain leave None
amnesiac (config) # domain leave
Steelhead appliance, Cloud Steelhead show domain
domain rejoin
Description Syntax Parameters Configures a domain. domain rejoin {login <login> password <password> [short-name <name>] | dc-list <dc-list> [short-name <name>]} login <login> password <password> short-name <name> dc-list <dclist> Example Product Related Topics Specify the domain login. The login is not stored. Specify the domain password. The password is not stored. Specify a short domain name. Typically, the short domain name is a sub-string of the realm. In rare situations, this is not the case, and you must explicitly specify it. Specify a Domain Controller list separated by commas.
amnesiac (config) # domain rejoin login myname password mypassword short-name mydomain
Steelhead appliance, Cloud Steelhead show domain
domain require
Description Syntax Parameters Example Configures the system to require a domain. [no] domain require None
amnesiac (config) # domain require
474
Riverbed Command-Line Interface Reference Manual
workgroup account add
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show domain
workgroup account add
Description Syntax Parameters Adds a local user to the local workgroup. workgroup account add username <local user> password <password> username <local user> password <password> Example Product Related Topics Specify a local user name for the Local Workgroup. Specify a local password for the Local Workgroup.
amnesiac (config) # workgroup account add username myuser password mypass
Steelhead appliance, Cloud Steelhead show workgroup account, show workgroup configuration, show workgroup status
workgroup account modify
Description Syntax Parameters Modifies a local user settings for the local workgroup. workgroup account modify username <local user> password <password> username <local user> password <password> Example Product Related Topics Specify a local user name for the Local Workgroup. Specify a local password for the Local Workgroup.
amnesiac (config) # workgroup account modify username myuser password userpass
Steelhead appliance, Cloud Steelhead show workgroup account, show workgroup configuration, show workgroup status
workgroup account remove
Description Syntax Parameters Removes a local user from the local workgroup. workgroup account remove username <local user> password <password> username <local user> password <password> Example Specify a local user name for the domain. Specify a local password for the domain.
amnesiac (config) # workgroup account remove username myuser password userpass
Riverbed Command-Line Interface Reference Manual
475
Configuration-Mode Commands
workgroup join
Product Related Topics
Steelhead appliance, Cloud Steelhead show workgroup account, show workgroup configuration, show workgroup status
workgroup join
Description Syntax Parameters Configures the system to join a Windows local workgroup. workgroup join <workgroup> <workgroup> Specify the name of the Local Workgroup you want to join. If you configure in Local Workgroup mode the Steelhead appliance does not need to join a domain. Local Workgroup accounts are used by clients when they connect to the Steelhead appliance. Note: PFS, MAPI 2007, SMB signing, or SMB2 signing must be enabled and Local Workgroup Settings must be selected before you can set the Workgroup Name. After you have set a Workgroup Name, click Join. Usage In Local Workgroup mode, you define a workgroup and add individual users that have access to the Steelhead appliance. The Steelhead appliance does not join a Windows domain. Use Local Workgroup mode in environments where you do not want the Steelhead appliance to be a part of a Windows domain. Creating a workgroup eliminates the need to join a Windows domain and simplifies the configuration process. Note: If you use Local Workgroup mode you must manage the accounts and permissions for the branch office on the Steelhead appliance. The Local Workgroup account permissions might not match the permissions on the origin-file server. Example Product Related Topics
amnesiac (config) # workgroup join myworkgroup
Steelhead appliance, Cloud Steelhead show workgroup account, show workgroup configuration, show workgroup status
workgroup leave
Description Syntax Parameters Example Product Related Topics Configures the system to leave a Windows workgroup. workgroup leave None
amnesiac (config) # workgroup leave
Steelhead appliance, Cloud Steelhead show workgroup account, show workgroup configuration, show workgroup status
Job Commands
This section describes commands for running jobs in the system.
476
Riverbed Command-Line Interface Reference Manual
job command
Configuration-Mode Commands
job command
Description Syntax Parameters Schedules CLI command execution for a specified time in the future. [no] job <job-id> command <sequence #> <"cli-command"> <job-id> <sequence #> Specify the job identification number. Specify the sequence number for job execution. The sequence number is an integer that controls the order in which a CLI command is executed. CLI commands are executed from the smallest to the largest sequence number. Specify the CLI command. Enclose the command in double-quotes.
<"cli-command"> Usage
A job includes a set of CLI commands and a time when the job runs. Jobs are run one time only, but they can be reused. Any number of CLI commands can be specified with a job and are executed in an order specified by sequence numbers. If a CLI command in the sequence fails, no further commands in the job are executed. A job can have an empty set of CLI commands. The output of all commands executed are saved to a file in a specified directory. The output of each command is simply appended to the file. The job output and any error messages are saved. Jobs can be canceled and rescheduled. The no job <job-id> command <sequence #> command option deletes the CLI command from the job. The no job <job-id> command option removes all statistics associated with the specified job. If the job has not executed, the timer event is canceled. If the job was executed, the results are deleted along with the job statistics.
Example
amnesiac (config) # job 10 command 1 "show info" amnesiac (config) # job 10 command 2 "show connections" amnesiac (config) # job 10 command 3 "show version"
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
job comment
Description Syntax Parameters Adds a comment to the job for display when show jobs is run. [no] job <job-id> comment <"description"> <job-id> comment <"description"> Usage Example Product Related Topics Specify the job identification number. Specify the comment for the job. Enclose the description in double-quotes.
The no command option deletes the comment.
amnesiac (config) # job 10 "comment this is a test"
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
Riverbed Command-Line Interface Reference Manual
477
Configuration-Mode Commands
job date-time
job date-time
Description Syntax Parameters Sets the date and time for the job to execute. [no] job <job-id> date-time <hh>: <mm>:<ss> <cr>| <yyyy>/<mm>/<dd> <job-id> <hh>:<mm>:<ss> <cr> [<date>] <yyyy>/<mm>/<dd> Usage Specify the date for the job to execute. Specify the job identification number. Specify the time for the job to execute.
If the time specified is in the past, the job does not execute and is in the inactive state. The no command option disables the date and time settings.
Example Product Related Topics
amnesiac (config) # job 10 date-time 04:30:23
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
job enable
Description Syntax Parameters Usage Example Product Related Topics Enables a CLI command job to execute at the date and time specified in the job. [no] job <job-id> enable <job-id> Specify the job identification number.
The no command option disables jobs.
amnesiac (config) # job 10 enable
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show job, show jobs
job execute
Description Syntax Parameters Usage Example Forces an immediate execution of a job. The timer (if set) is canceled, and the job is moved to the completed state. job <job-id> execute <job-id> Specify the job identification number.
You can also access this command from enable-mode.
amnesiac (config) # job 10 execute
478
Riverbed Command-Line Interface Reference Manual
job fail-continue
Configuration-Mode Commands
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
job fail-continue
Description Syntax Parameters Usage Example Product Related Topics Executes all commands in a job even if a command in the sequence fails. [no] job <job-id> fail-continue <job-id> Specify the job identification number.
The no command option disables this command.
amnesiac (config) # job 10 fail-continue
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
job name
Description Syntax Parameters Sets the name for the job. [no] job <job-id> name <friendly-name> <job-id> <friendly-name> Usage Example Product Related Topics Specify the job identification number. Specify a name for the job.
The no command option deletes the job name.
amnesiac (config) # job 10 name myjob
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
job recurring
Description Syntax Parameters Sets the frequency with which to recurrently execute this job. [no] job <job-id> recurring <seconds> <job-id> <seconds> Example Specify the job identification number. Specify how frequently the recurring job should execute.
amnesiac (config) # job 10 recurring 36000
Riverbed Command-Line Interface Reference Manual
479
Configuration-Mode Commands
debug generate dump
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show job, show jobs
Debugging Commands
This section describes the commands to debug the system.
debug generate dump
Description Syntax Parameters Generates a report you can use to diagnose misconfiguration in deployments. debug generate dump [full | brief | rsp | stats] full brief rsp stats Example Product Related Topics Generates a full system dump. Generates a brief system dump. Generate a full system dump, include VMware Server data Generates a full system dump including .dat files.
amnesiac (config) # debug generate dump brief
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead
RiOS TCP Dump Commands
file debug-dump delete
Description Syntax Parameters Example Product Related Topics Deletes the specified debug dump file. file debug-dump delete <filename> <filename> Specify the filename.
amnesiac (config) # file debug-dump delete mydumpfile.txt
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead
RiOS TCP Dump Commands
file debug-dump email
Description Syntax Sends a debug dump file in email to pre-configured recipients. file debug-dump email <filename>
480
Riverbed Command-Line Interface Reference Manual
file debug-dump upload
Configuration-Mode Commands
Parameters Example Product Related Topics
<filename>
Specify the filename.
amnesiac (config) # file debug-dump email mydumpfile.txt
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead
RiOS TCP Dump Commands
file debug-dump upload
Description Syntax Parameters Uploads the specified debug dump file. file debug-dump upload <filename> <ftp, or scp://username:password@host/path)> <filename> <<ftp, or scp URL (e.g. scp:// username:password @host/path)> Example Product Related Topics Specify the filename. Specify the FTP or scp URL.
amnesiac (config) # file debug-dump upload mydebug.txt scp://me:[email protected]/ mypath
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead
RiOS TCP Dump Commands
file process-dump delete
Description Syntax Parameters Example Product Related Topics Deletes the specified crash dump file. file process-dump delete <filename> <filename> Specify the filename.
amnesiac (config) # file process-dump delete mycrash.txt
CMC appliance, Steelhead appliance, Steelhead Mobile Controller
RiOS TCP Dump Commands
file process-dump upload
Description Syntax Uploads the specified crash dump file. file process-dump upload <filename> <ftp or scp://username:password@hostname/path/ filename>
Riverbed Command-Line Interface Reference Manual
481
Configuration-Mode Commands
raid alarm silence
Parameters
<filename> <ftp or scp:// username:password @hostname/path/ filename>
Specify the filename. Specify the FTP or scp URL.
Example Product Related Topics
amnesiac (config) # file process-dump upload mycrash.txt scp:// mylogin:mypassword@myhostname/path/filename
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead
RiOS TCP Dump Commands
Raid Commands
This section describes the RAID commands.
raid alarm silence
Description Syntax Parameters Example Product Related Topics Silences the RAID alarm. raid alarm silence None
amnesiac (config) # raid alarm silence
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show raid info
raid swraid add-disk
Description Syntax Parameters Usage Adds a disk back into the system of RAID arrays. Does not require physically removing and re-inserting the drive. raid swraid add-disk <disk> <disk> Specify the physical drive number of the drive to be added.
Use the swraid add-disk command to add drives back into the system without removing and re-inserting the drive physically. The parameter is the physical drive number. The command takes care of re-adding the partitions on the drive to all the appropriate RAID arrays.
amnesiac (config) # raid swraid add-disk 1
Example Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show raid info
482
Riverbed Command-Line Interface Reference Manual
raid swraid fail-disk
Configuration-Mode Commands
raid swraid fail-disk
Description Syntax Parameters Example Product Related Topics Configures fail setting on a RAID disk. Forcibly fails a physical drive from all the software RAID arrays. Use this command before removing a disk that has not failed from the system, if possible. raid swraid fail-disk <disk> <disk> Specify the physical drive number of the disk.
amnesiac (config) # raid swraid fail-disk 1
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show raid info
raid swraid get-rate
Description Syntax Parameters Example Product Related Topics Displays the RAID rebuild rate. raid swraid get-rate None
amnesiac (config) # raid swraid get-rate
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show raid info
raid swraid mdstat
Description Syntax Parameters Usage Displays the contents of /proc/mdstat. raid swraid mdstat None Use raid swraid mdstat to view the kernel RAID status for all active multiple disk devices, as it is stored in the Linux file /proc/mdstat. The Personalities field lists the RAID levels currently supported. For more information on the contents of /proc/mdstat, see standard Linux documentation.
amnesiac (config) # raid swraid mdstat Personalities : [linear] [raid0] [raid10] unused devices: <none>
Example
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show raid info
Riverbed Command-Line Interface Reference Manual
483
Configuration-Mode Commands
raid swraid set-rate
raid swraid set-rate
Description Syntax Parameters Example Product Related Topics Sets the RAID rebuild rate. raid swraid set-rate <rate> <rate> Specify rebuild rate as a number of MBs or: fast_rebuild, slow_rebuild, or normal.
amnesiac (config) # raid swraid set-rate fast_rebuild
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show raid info
Top Talkers Commands
This sections describes Top Talkers commands.
stats settings top-talkers enable
Description Enables Top Talkers statistics for most active traffic flows. A traffic flow consists of data sent and received from a single source IP address and port number to a single destination IP address and port number over the same protocol. stats settings top-talkers enable None A traffic flow consists of data sent and received from a single source IP address and port number to a single destination IP address and port number over the same protocol. The most active, heaviest users of WAN bandwidth are called the Top Talkers. A flow collector identifies the top consumers of the available WAN capacity (the top 50 by default) and displays them in the Top Talkers report. Collecting statistics on the Top Talkers provides visibility into WAN traffic without applying an in-path rule to enable a WAN visibility mode. You can analyze the Top Talkers for accounting, security, troubleshooting, and capacity planning purposes. You can also export the complete list in CSV format. The collector gathers statistics on the Top Talkers based on the proportion of WAN bandwidth consumed by the top hosts, applications, and host and application pair conversations. The statistics track pass-through or optimized traffic, or both. Data includes TCP or UDP traffic, or both (configurable on the Top Talkers report page). You must enable Flow Export before you enable Top Talkers. A NetFlow collector is not required for this feature. Enabling Top Talkers automatically sets the Active Flow Timeout to 60 seconds. You must enable Netflow Export (ip flow-export enable) before you enable Top Talkers. Enabling Top Talkers automatically sets the Active Flow Timeout (ip flow-setting active_to) to 60 seconds. The no command option disables this feature. Example
amnesiac (config) # stats settings top-talkers enable
Syntax Parameters Usage
484
Riverbed Command-Line Interface Reference Manual
stats settings top-talkers interval
Configuration-Mode Commands
Product Related Topics
Steelhead appliance, Cloud Steelhead show stats top-talkers
stats settings top-talkers interval
Description Syntax Parameters Usage Enables Top Talkers collection period. stats settings top-talkers interval <interval> interval <hours> Specify the interval: 24 or 48 hours.
Optionally, specify a time period to adjust the collection interval: 24-hour Report Period - For a five-minute granularity (the default setting). 48-hour Report Period - For a ten-minute granularity.
Example Product Related Topics
amnesiac (config) # stats settings top-talkers interval 24
Steelhead appliance, Cloud Steelhead show stats top-talkers
Network Test Commands
This section describes the network testing commands. If you are experiencing network issues Riverbed Support will ask you to run network tests so that they can understand the state of the network. With these tests common problems are easily identified and can be immediately addressed by the Riverbed support representative.
nettest run cable-swap
Description Syntax Parameters Runs the cable swap test. nettest run cable-swap None
Riverbed Command-Line Interface Reference Manual
485
Configuration-Mode Commands
nettest run duplex
Usage
Ensures that the WAN and LAN cables on the Steelhead appliance are connected to the LAN and WAN of the network. The test enumerates the results by interface (one row entry per pair of bypass interfaces). By default, this test is disabled. Certain network topologies might cause an incorrect result for this test. For the following topologies, Riverbed recommends that you confirm the test result manually: Steelhead appliances deployed in virtual in-path mode. Server-side Steelhead appliances that receive significant amounts of traffic from nonoptimized sites. Steelhead appliances that sit in the path between other Steelheads that are optimizing traffic. If the test fails, ensure a straight-through cable is not in use between an appliance port and a router, or that a crossover cable is not in use between an appliance port and a switch.
Example Product Related Topics
amnesiac (config) # nettest run cable-swap
Steelhead appliance, Cloud Steelhead show nettest
nettest run duplex
Description Syntax Parameters Usage Runs the duplex matching test. nettest run duplex <cr> |<interface> <interface> Specify the duplex interface.
Determines if the speed and duplex settings match on each side of the default gateway connection. If one side is different from the other, then traffic is sent at different rates on each side, causing a great deal of collision. This test runs the ping utility for 5 seconds with a packet size of 2500 bytes against the default gateway. Optionally, select an interface to test. The more interfaces you test, the longer it takes the diagnostics to run. If you do not specify an interface, the Steelhead runs the duplex test on all interfaces. The test passes if the system acknowledges 100% of the packets and a receives responses from all packets. If any packets are lost, the test fails. If the test fails, ensure the speed and duplex settings of the appliance's Ethernet interfaces match that of the switch ports to which they are connected. The test output records the percentage of any lost packets and number of collisions. Note: For accurate test results, traffic must be running through the Steelhead appliance.
Example Product Related Topics
amnesiac (config) # nettest run duplex
Steelhead appliance, Cloud Steelhead show nettest
486
Riverbed Command-Line Interface Reference Manual
nettest run ip-port-reach
Configuration-Mode Commands
nettest run ip-port-reach
Description Syntax Parameters Runs the IP address and port test. nettest run ip-port-reach addr <ip-addr> <cr>| port <port> addr <ipaddr> port <port> Usage Specify the IP address. Specify the port.
Select to determine whether a specified IP address and optional port is correctly connected. If you specify only an IP address, the test sends an ICMP message to the IP address. If you specify a port number, the test telnets to the port. If the test fails, ensure that dynamic or static routing on your network is correctly configured and that the remote network is reachable from hosts on the same local subnet as this appliance.
Example Product Related Topics
amnesiac (config) # nettest run ip-port-reach addr 10.0.0.1
Steelhead appliance, Cloud Steelhead show nettest
nettest run net-gateway
Description Syntax Parameters Usage Runs the network gateway test. nettest run net-gateway None Determines if each configured gateway is connected correctly. Run this test to ping each configured gateway address with 4 packets and record the number of failed or successful replies. The test passes if all 4 packets are acknowledged. The default packet size is 64 bytes. If the test fails and all packets are lost, ensure the gateway IP address is correct and the Steelhead appliance is on the correct network segment. If the gateway is reachable from another source, check the connections between the Steelhead appliance and the gateway. If the test fails and only some packets are lost, check your duplex settings and other network conditions that might cause dropped packets. Example Product Related Topics
amnesiac (config) # nettest run net-gateway
Steelhead appliance, Cloud Steelhead show nettest
nettest run peer-reach
Description Syntax Runs the peer reachability test. nettest run peer-reach addr <ip-addr> | port <port>
Riverbed Command-Line Interface Reference Manual
487
Configuration-Mode Commands
remote dhcp
Parameters
addr <ipaddr> port <port>
Specify the IP address of the peer appliance to test. Specify the port.
Usage
Select to send a test probe to a specified peer and await the probe response. If a response is not received, the test fails. Tip: To view the current peer appliances, choose Reports > Optimization > Connected Appliances in the Management Console. Note: Do not specify the primary or auxiliary IP of the same Steelhead appliance displayed in the Connected Appliances report (the primary or aux IP to which the Steelhead appliance is connected). If the test fails, ensure that there are no firewalls, IDS/IPS, VPNs, or other security devices which may be stripping or dropping connection packets between Steelhead appliances.
Example Product Related Topics
amnesiac (config) # nettest run peer-reach addr 10.0.0.1 port 1243
Steelhead appliance, Cloud Steelhead show nettest
Remote Management Port Commands
This section describes the commands for configuring the remote management port in Models 1050x, 2050x, 5050x, 6050, & 7050xs. The port is labeled REMOTE on the back of each appliance. This remote management port is unique in that it is connected to the Baseboard Management Controller (BMC) on these models. The BMC is a central component of the Intelligent Platform Management Interface (IPMI) capabilities of the machine, which are important for reading the onboard sensors, reading and writing Electrically Erasable Programmable Read-Only Memory (EEPROMs), fan control, LED control, and in-path hardware bypass control for these models. The BMC and remote management port operate independently of the CPUs and network interfaces, which allow them to continue to operate even when the machine has hit a kernel panic, become wedged, or has been given the reload halt command. For details on configuring the remote management port, see remote ip address on page 489.
Important: You can only configure the remote management port on the Model 1050x, 2050x, 5050x, 6050x, and 7050x. Remote port management is not supported on other platforms.
Important: Access to the Steelhead appliance through the remote management port requires the use of the IPMItool utility. You can download a Linux version at http://sourceforge.net/projects/ipmitool/files/. You can obtain a Windows version of the IPMI tool on the Document CD that ships with your system or from the Riverbed Support at https://support.riverbed.com.
remote dhcp
Description Syntax Parameters Enables DHCP on the remote management port. remote dhcp None
488
Riverbed Command-Line Interface Reference Manual
remote ip address
Configuration-Mode Commands
Example Product Related Topics
amnesiac (config) # remote dhcp
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show remote ip
remote ip address
Description Syntax Parameters Usage Manually sets the IP address of the remote management port. remote ip address <ip-addr> <ip-addr> Specify the IP address to assign to the remote management port.
Access to the Steelhead appliance through the remote port requires the use of the IPMItool utility. You can download a Linux version at http://sourceforge.net/projects/ipmitool/files/. You can obtain a Windows version of the IPMI tool on the Document CD that ships with your system or from the Riverbed Support at https://support.riverbed.com. This utility must to be run on an administrator's system outside of the Steelhead appliance to access the remote port functions. Check the man page for IPMItool for a full list of capabilities (although not all the commands are supported on RiOS hardware platforms). To configure the remote management port 1. Physically connect the REMOTE port to the network. You cable the remote management port to the Ethernet network in the same manner as the Primary interface. For details, see the Steelhead Appliance Installation and Configuration Guide. Install the IPMItool on the client machine. Assuming the IP address is 192.168.100.100, the netmask is 255.255.255.0, and the default gateway is 192.168.100.1, assign an IP address to the remote management port:
(config) # remote dhcp (config) # remote ip address 192.168.100.100 (config) # remote ip netmask 255.255.255.0 (config) # remote ip default-gateway 192.168.100.1
2. 3.
amnesiac - or amnesiac amnesiac amnesiac
4.
Verify the IP address is set properly.
amnesiac (config) # show remote ip
Tip: Ping the new management IP address from a remote computer, and verify it replies. 5. To secure the remote port, assign a password to the port:
amnesiac (config) # remote password <newpassword>
6.
Set the remote port bit-rate to match the current serial port bitrate. Typically, this value is 9.6.
amnesiac (config) # remote bitrate 9.6
7.
To activate the serial connection:
-P "<password>" sol activate
ipmitool -I lanplus -H 192.168.100.100
Press the Tilde character (~) to end the serial connection. Note: While your serial connection is established, the actual serial console is disabled. Ending the remote serial connection cleanly with Tilde (~) re-enables the real serial port. If you fail to exit cleanly your actual serial port might not reactivate. If your serial port fails to reactivate, reconnect remotely and exit cleanly using Tilde (~).
Riverbed Command-Line Interface Reference Manual
489
Configuration-Mode Commands
remote ip netmask
Example Product Related Topics
amnesiac (config) # remote ip address 192.168.100.100
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show remote ip
remote ip netmask
Description Syntax Parameters Example Product Related Topics Manually sets the subnet mask of the remote management port. remote ip netmask <netmask> <netmask> Specify the subnet mask to assign to the remote management port.
amnesiac (config) # remote ip netmask 255.255.255.0
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show remote ip
remote ip default-gateway
Description Syntax Parameters Example Product Related Topics Manually sets the default gateway of the remote management port. remote ip default-gateway <ip-addr> <ip-addr> Specify the IP address of default gateway to assign to remote management port.
amnesiac (config) # remote ip default-gateway 10.0.0.2
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show remote ip
remote password
Description Syntax Parameters Sets the password to remotely connect to the remote management port. [no] remote password <password> <password> Specify the password to connect to the remote management port.
490
Riverbed Command-Line Interface Reference Manual
protocol domain-auth delegation auto-mode enable
Configuration-Mode Commands
Usage
To set a remote management port password 1. On the Steelhead appliance, assign a password to the remote management port:
amnesiac (config) # remote password TestPassword
2.
Using the IPMItool on a remote computer, view the power status of the Steelhead appliance. If you are using the Windows version of IPMItool, replace all references to ipmitool with ipmitool.exe.
ipmitool -H <remote port ip address> -P "testpassword" chassis power status
Output should state Chassis Power is on. Note: You can download a Linux version at http://sourceforge.net/projects/ipmitool/files/. You can obtain a Windows version of the IPMI tool on the Document CD that ships with your system or from the Riverbed Support at https://support.riverbed.com. Example Product Related Topics
amnesiac (config) # remote password TestPassword
CMC appliance, Steelhead appliance, Steelhead Mobile Controller, Cloud Steelhead show remote ip
Windows Domain Authentication Delegation Commands
Delegation mode in RiOS v6.1 or later automatically updates the delegate user in Active Directory with delegation rights to servers. The service updates the user in real-time, eliminating the need to grant the user access to delegate on every server. This section describes how to give special privileges to the delegate user so they have automatic delegation rights to servers. Before you enable domain authentication delegation, you must first create a Delegate User with a Service Principal Name (SPN). A delegate user is required in each of the domains where a server is going to be optimized. After you create a Delegate User, you enable delegation for the user on the Domain Controller. For details, see the Steelhead Management Console Users Guide. You can only add one delegate user per domain. A delegate user is required in each of the domains where a server is going to be optimized. A delegate user that is an Administrator already has the correct delegation rights for auto-delegation mode.
protocol domain-auth delegation auto-mode enable
Description Syntax Parameters Enables delegate user authentication and automatically discovers the servers on which to delegate and sign. This eliminates the need to set up the servers to sign to for each domain. [no] protocol domain-auth delegation auto-mode enable None
Riverbed Command-Line Interface Reference Manual
491
Configuration-Mode Commands
protocol domain-auth delegation delegate-user
Usage
Before performing Windows Domain authentication delegation using the CLI, Windows-side Domain Controller and SPN (Service Principal Names) configuration is required. For details, see the Steelhead Management Console Users Guide. Use this mode if you have previously enabled SMB Signing with RiOS v5.5.x, SMB2 signing, or if you are enabling MAPI encryption for Windows 7 in RiOS v6.1 or later. The no command option disables this feature. Note: If you switch between manual and automatic delegation you must restart the optimization service. Note: A delegate user is required in each of the domains where a server is going to be optimized.
Example Product Related Topics
amnesiac (config) # protocol domain-auth delegation auto-mode enable amnesiac (config) # service restart
Steelhead appliance, Cloud Steelhead show protocol domain-auth delegation auto-mode, show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth onewaytrust
protocol domain-auth delegation delegate-user
Description Syntax Parameters Configures a delegate account for the Active Directory Domain. [no] protocol domain-auth delegation delegate-user [domain <domain>] [user <username>] [password <password>] domain <domain> Specify the delegation domain in which you want to make the delegate user a trusted member, for example:
SIGNING.TEST
user <username> password <password> Usage
Specify the delegate user name. The system translates the user name into uppercase to match the registered server realm information. Specify the password.
Before performing Windows Domain authentication delegation using the CLI, Windows-side Domain Controller and SPN (Service Principal Names) configuration is required. For details, see the Steelhead Management Console Users Guide. Use this mode if you have previously enabled SMB Signing with RiOS v5.5.x, SMB2 signing, or if you are enabling MAPI encryption for Windows 7 in RiOS v6.1 or later. Note: If you switch between manual and automatic delegation you must restart the optimization service. Note: A delegate user that is an Administrator already has the correct delegation rights for automatic delegation mode. The no command removes the specified user.
Example
amnesiac (config) # protocol domain-auth delegation delegate-user domain SIGNING.TEST user testname password RR1243 amnesiac (config) # service restart
Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth oneway-trust
492
Riverbed Command-Line Interface Reference Manual
protocol domain-auth delegation rule dlg-all-except
Configuration-Mode Commands
protocol domain-auth delegation rule dlg-all-except
Description Syntax Parameters Allows delegated Windows Domain authentication to intercept all of the connections except those destined for the servers in this list. [no] protocol domain-auth delegation rule dlg-all-except <ip-addr> <ip-addr> Specify the file server IP addresses that do not require SMB signing, SMB2 signing, or MAPI encryption in the text box, separated by commas. By default, this setting is disabled. Only the file servers that do not appear in the list are signed or encrypted. You must register any servers on not this list with the Domain Controller or be using Auto-Delegation Mode. Usage Before performing Windows Domain authentication delegation using the CLI, Windows-side Domain Controller and SPN (Service Principal Names) configuration is required. For details, see the Steelhead Management Console Users Guide. The no command option allows the specified server IP addresses. Example Product Related Topics
amnesiac (config) # protocol domain-auth delegation rule dlg-all-except 3.3.3.3,4.4.4.4
Steelhead appliance, Cloud Steelhead show protocol domain-auth delegation auto-mode, show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth onewaytrust
protocol domain-auth delegation rule dlg-only
Description Syntax Parameters Allows delegated Windows Domain authentication to only the specified servers. [no] protocol domain-auth delegation rule dlg-only <ip-addr> <ip-addr> Specify the file server IP addresses for SMB signed or MAPI encrypted traffic in the text box, separated by commas. You can switch between the Delegate-Only (dlg-only) and Delegate-All-Except (dlg-all-except) controls without losing the list of IP addresses for the control. Only one list is active at a time. Usage Before performing Windows Domain authentication delegation using the CLI, Windows-side Domain Controller and SPN (Service Principal Names) configuration is required. For details, see the Steelhead Management Console Users Guide. The no command disallows the specified server IP addresses. Example Product Related Topics
amnesiac (config) # protocol domain-auth delegation rule dlg-only 3.3.3.3,4.4.4.4
Steelhead appliance, Cloud Steelhead show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth oneway-trust
protocol domain-auth delegation rule select
Description Syntax Specifies which set of server rules (Delegate-Only or Delegate-All-Except) to apply. protocol domain-auth delegation rule select {dlg-only |dlg-all-except}
Riverbed Command-Line Interface Reference Manual
493
Configuration-Mode Commands
protocol domain-auth native-krb
Parameters
dlg-only dlg-all-except
Specify this option to apply the rule defined by the protocol domain-auth delegation rule dlg-only command. Specify this option to apply the rule defined by the protocol domain-auth delegation rule dlg-all-except command.
Usage
After configuring the commands protocol domain-auth delegation rule dlg-all-except and protocol domain-auth delegation rule dlg-only, use this command to specify which resulting list to apply.
amnesiac (config) # protocol domain-auth delegation rule select dlg-only
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol domain-auth delegation auto-mode, show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth onewaytrust
protocol domain-auth native-krb
Description Syntax Usage Example Product Related Topics Enables or disables native Kerberos mode. . [no] protocol domain-auth native-krb enable Use the no command to disable native Kerberos mode.
amnesiac (config) # protocol domain-auth native-krb enable
Steelhead appliance, Cloud Steelhead show protocol domain-auth native-krb,show protocol domain-auth delegation auto-mode, show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth oneway-trust
protocol domain-auth oneway-trust
Description Syntax Parameters Configures a valid one-way trusted domain for Windows Domain authentication. [no] protocol domain-auth oneway-trust [dns-name <domain>] [netbios-name <netbiosname>] | [all] <domain> <netbiosname> all Specify the hostname of the delegation domain. Specify the NetBIOS domain name of the delegation domain. Clears all entries in the one-way trust list. Note: The all parameter is only used with the no command.
494
Riverbed Command-Line Interface Reference Manual
in-path interface mgmt-interface enable
Configuration-Mode Commands
Usage
Use the no command for the following: To clear an entry in the one-way trust list keyed on the NetBIOS name:
no protocol domain-auth oneway-trust netbios-name
To clear an entry in the one-way trust list keyed on dns name:
no protocol domain-auth oneway-trust dns-name
To clear all entries in the one-way trust list:
no protocol domain-auth oneway-trust all amnesiac (config) # protocol domain-auth oneway-trust dns-name ns1.something.en.wikipedia.org netbios-name wikipedia
Example Product Related Topics
Steelhead appliance, Cloud Steelhead show protocol domain-auth delegation auto-mode, show protocol domain-auth delegation rules, show protocol domain-auth delegation rules, show protocol domain-auth onewaytrust
Management In-Path Interface Commands
This section describes the Management In-Path Interface (MIP) commands. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide
in-path interface mgmt-interface enable
Description Syntax Parameters Enables a management in-path (MIP) interface. [no] in-path interface <interface> mgmt-interface enable <interface> Specify the MIP interface. For example, inpath0_0.
Riverbed Command-Line Interface Reference Manual
495
Configuration-Mode Commands
in-path interface mgmt-interface ip
Usage
In a typical in-path deployment, optimized and pass-through traffic flows through the Steelhead appliance LAN and WAN interfaces and Riverbed network management traffic flows through the auxiliary interface. You can also use the auxiliary interface to connect the appliance to a nonRiverbed network management device. Some deployments do not allow access to the auxiliary management interface when plugged into a private subnet with a separate IP address space. In this type of deployment you cannot use the auxiliary interface to manage the Steelhead appliance. RiOS v6.1 provides a way to configure a secondary MIP interface that you can reach through the physical in-path LAN and WAN interfaces. Configuring a secondary MIP interface is a way to manage Steelhead appliances from a private network while maintaining a logical separation of network traffic. This configuration eliminates the need to deploy a switch or borrow a switchport. You can configure one MIP interface for each LAN and WAN interface pair. A MIP interface is accessible from both the LAN and WAN side and you can reach it even when: the primary interface is unavailable. the optimization service is not running. the (logical) in-path interface fails. A MIP interface is not accessible if the (physical) LAN and WAN interfaces fail. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. Note: You cannot reach a MIP interface when Link State Propagation (LSP) is also enabled and the corresponding in-path interface fails. In physical in-path deployments, LSP shortens the recovery time of a link failure. LSP communicates link status between the devices connected to the Steelhead appliance and is enabled by default in RiOS v6.0 and later. The no command option disables the management in-path (MIP) interface. Note: This command requires you to also configure in-path interface mgmt-interface ip and inpath interface mgmt-interface vlan.
Example Product Related Topics
amnesiac (config) # in-path interface inpath0_0 mgmt-interface enable
Steelhead appliance, Cloud Steelhead show in-path mgmt-interface, in-path interface mgmt-interface ip, in-path interface mgmtinterface vlan
in-path interface mgmt-interface ip
Description Syntax Parameters Specifies the static IP address and network mask for the management in-path (MIP) interface. [no] in-path interface <interface> mgmt-interface ip <ip-addr> <interface> <ip-addr Usage Specify the MIP interface. For example, inpath0_0. Specify the IP address for the MIP interface.
For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option disables in-path support. Note: This command requires you to also configure in-path interface vlan and in-path interface mgmt-interface vlan.
Example Product Related Topics
amnesiac (config) # in-path interface inpath0_0 mgmt-interface ip 90.55.0.1
Steelhead appliance, Cloud Steelhead in-path interface vlan, in-path interface mgmt-interface vlan, show in-path mgmt-interface
496
Riverbed Command-Line Interface Reference Manual
in-path interface mgmt-interface vlan
Configuration-Mode Commands
in-path interface mgmt-interface vlan
Description Syntax Parameters Specifies the VLAN ID for the management in-path (MIP) interface. [no] in-path interface <interface> mgmt-interface vlan <vlan> <interface> <vlan> Specify the MIP interface. For example, inpath0_0. Specify a numeric VLAN Tag ID. When you specify the VLAN Tag ID for the MIP interface, all packets originating from the Steelhead appliance are tagged with that identification number. Specify the VLAN tag that the appliance uses to communicate with other Steelhead appliances in your network. The VLAN Tag ID might be the same value or a different value than the in-path interface VLAN tag ID. The MIP interface could be un-tagged and in-path interface could be tagged and vice versa. A zero (0) value specifies non-tagged (or native VLAN) and is the correct setting if there are no VLANs present. For example, if the MIP interface is 192.168.1.1 in VLAN 200, you would specify tag 200. Usage For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. The no command option resets the MIP VLAN. Note: This command requires you to also configure in-path interface vlan and in-path interface mgmt-interface ip. Example Product Related Topics
amnesiac (config) # in-path interface inpath0_0 mgmt-interface vlan 26
Steelhead appliance, Cloud Steelhead in-path interface mgmt-interface ip, show in-path mgmt-interface, in-path interface vlan
Riverbed Command-Line Interface Reference Manual
497
Configuration-Mode Commands
in-path hw-assist edit-rule
Hardware-Assist Rule Commands
The following section describes the hardware-assist rule commands for the Steelhead appliance and Interceptor appliance.
in-path hw-assist edit-rule
Description Syntax Parameters Provides an optional text description of the specified rule. in-path hw-assist edit-rule rulenum <rule number> description <"text"> rulenum <rule number> description <"text"> Specify the rule number. Specify the description. Note: The text must be enclosed in quotation marks. Usage This feature functions only on a Steelhead appliance or Interceptor appliance equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards. Hardware Assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local Steelhead appliances because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the system receives it. Note: For a hardware assist rule to be applied to a specific 10G bypass card, the corresponding inpath interface must be enabled and have an IP address. If the system is not equipped with the necessary card, an error message displays. Example Product Related Topics
amnesiac (config) # in-path hw-assist edit-rule rulenum 5 description "This rule enables automatic passthrough for all UDP connections"
Steelhead appliance, Interceptor appliance, Cloud Steelhead show in-path hw-assist rules
498
Riverbed Command-Line Interface Reference Manual
in-path hw-assist move-rule rulenum
Configuration-Mode Commands
in-path hw-assist move-rule rulenum
Description Syntax Parameters Moves the rule to the specified position. in-path hw-assist move-rule rulenum <rule number> to <new rule number> rulenum <rule number> to <new rule number> Usage Specify the rule number. Specify the new position for the specified rule.
This feature functions only on a Steelhead appliance or Interceptor appliance equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards. Hardware Assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local Steelhead appliances because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the system receives it. Note: For a hardware assist rule to be applied to a specific 10G bypass card, the corresponding inpath interface must be enabled and have an IP address. If the system is not equipped with the necessary card, an error message displays.
Example Product Related Topics
amnesiac (config) # in-path hw-assist move-rule rulenum 5 to 3
Steelhead appliance, Interceptor appliance, Cloud Steelhead show in-path hw-assist rules
in-path hw-assist passthrough tcp enable
Description Syntax Parameters Usage Enables automatic pass-through of TCP traffic. [no] in-path hw-assist passthrough tcp enable None This feature functions only on a Steelhead appliance or Interceptor appliance equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards. Hardware Assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local Steelhead appliances because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the system receives it. Note: For a hardware assist rule to be applied to a specific 10G bypass card, the corresponding inpath interface must be enabled and have an IP address. If the system is not equipped with the necessary card, an error message displays. Example Product Related Topics
amnesiac (config) # in-path hw-assist passthrough tcp enable
Steelhead appliance, Interceptor appliance, Cloud Steelhead show in-path hw-assist rules
Riverbed Command-Line Interface Reference Manual
499
Configuration-Mode Commands
in-path hw-assist passthrough udp enable
in-path hw-assist passthrough udp enable
Description Syntax Parameters Usage Enables automatic pass-through of all UDP traffic. [no] in-path hw-assist passthrough udp enable None This feature functions only on a Steelhead appliance or Interceptor appliance equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards. Hardware Assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local Steelhead appliances because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the system receives it. Note: For a hardware assist rule to be applied to a specific 10G bypass card, the corresponding inpath interface must be enabled and have an IP address. If the system is not equipped with the necessary card, an error message displays. Example Product Related Topics
amnesiac (config) # in-path hw-assist passthrough udp enable
Steelhead appliance, Interceptor appliance, Cloud Steelhead show in-path hw-assist rules
in-path hw-assist rule
Description Syntax Parameters Enables the hardware UDP pass-through feature. [no] in-path hw-assist rule [accept | passthrough] | [subnet-a <Subnet A>] | [subnet-b <Subnet B>] | [description <"string">] | [vlan <VLAN>] | [rulenum <rulenum>] accept | passthrough Specify the action of the rule: accept - Accepts traffic for this rule. pass-through - Passes through traffic for this rule. subnet-a <Subnet A> Specify an IP address for the subnet that can be both source and destination together with Subnet B. Use the following format: XXX.XXX.XXX.XXX/XX Note: You can specify all or 0.0.0.0/0 as the wildcard for all traffic. subnet-b <Subnet B> Specify an IP address for the subnet that can be both source and destination together with Subnet A. Use the following format: XXX.XXX.XXX.XXX/XX Note: You can specify all or 0.0.0.0/0 as the wildcard for all traffic. description <"string"> Specify a description of the rule. The string must be in double-quotes.
500
Riverbed Command-Line Interface Reference Manual
Interceptor Appliance Feature Commands
Configuration-Mode Commands
vlan <VLAN>
Optionally, specify the VLAN identification number to set the VLAN tag ID: -1 = all, 1 = untagged, maximum = 4094 Specify all to specify the rule applies to all VLANs. Select untagged to specify the rule applies to non-tagged connections. Note: Pass-through traffic maintains any pre-existing VLAN tagging between the LAN and WAN interfaces. Note: To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the Interceptor appliance uses to communicate with other Interceptor appliance.
rulenum <rulenum> Usage
Specify the rule number to insert the pass-through load-balancing rule before.
This feature functions only on a Steelhead appliance or Interceptor appliance equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards. Hardware Assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local Steelhead appliances because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the system receives it. Note: For a hardware assist rule to be applied to a specific 10G bypass card, the corresponding inpath interface must be enabled and have an IP address. If the system is not equipped with the necessary card, an error message displays. To delete a rule, use the no command option as follows:
no in-path hw-assist rule rulenum <rule number> amnesiac (config) # in-path hw-assist rule accept subnet-a 10.0.0.1/16 subnet-b 10.0.0.4/16 rulenum 1
Example Product Related Topics
Steelhead appliance, Interceptor appliance, Cloud Steelhead show in-path hw-assist rules
Interceptor Appliance Feature Commands
This section describes commands you use to configure Interceptor appliance features. Riverbed recommends that you use the Interceptor Management Console to configure the Interceptor appliance. For details, see the Interceptor Appliance Users Guide and the Riverbed Deployment Guide.
Important: You must also set up the host and networking configuration, configure in-path interfaces, and configure inpath rules for deployments that use the Interceptor appliance for load-balancing. These commands are common to the Steelhead appliance and Interceptor appliance. For detailed information, see the previous sections of this chapter.
Riverbed Command-Line Interface Reference Manual
501
Configuration-Mode Commands
arp filter response
Interceptor System Commands
This section describes the Interceptor system commands.
Note: For hardware-assist rule commands, see Hardware-Assist Rule Commands on page 498.
arp filter response
Description Syntax Parameters Example Product Related Topics Enables ARP filtering. arp <ip-addr> filter response <ip-addr> Specify the IP address of appliance.
amnesiac (config) # arp 10.0.0.1 filter response
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show arp
Load-Balancing Commands
This section describes the load-balancing commands.
load balance default-rule fair-peering
Description Syntax Parameters Example Product Related Topics Enables fair-peering on the default rule. load balance default-rule fair-peering None
amnesiac (config) # load balance default-rule fair-peering
Interceptor appliance show load balance rules
load balance move-rule
Description Syntax Parameters Example Moves the order of the rule in the rule list to the specified number. load balance move-rule rulenum <rulenum> to <rulenum> rulenum <rulenum> to <rulenum> Specify the rule number to be moved and where to move it.
amnesiac (config) # load balance move-rule rulenum 9 to 5
502
Riverbed Command-Line Interface Reference Manual
load balance rule edit rulenum
Configuration-Mode Commands
Product Related Topics
Interceptor appliance show load balance rules
load balance rule edit rulenum
Description Syntax Parameters Edits a hardware assist rule. load balance edit rule rulenum <rulenum> description <"description"> <rulenum> description <description> Example Product Related Topics Specify the rule number to edit. Specify a description for the rule. The description must be in doublequotes.
amnesiac (config) # load balance edit rule rulenum 9 description "this is a test"
Interceptor appliance show load balance rules
load balance rule pass
Description Syntax Creates load balancing pass-through rule. load balance rule pass [dest <subnet>/<mask> dest-port <port>] | [description <string>] | [peer <ip-addr> {any | probe-only| non-probe}] | [rulenum <rulenum>] | [src <subnet>/ <mask>] | [vlan <vlan number>] dest <subnet>/<mask> dest-port <port> description <string> peer <ip-addr> {any | probe-only | non-probe} Specify the IP address for the destination subnet. Use the following format: XXX.XXX.XXX.XXX/XX Specify the destination port number or port label. Specify a description of the rule. Specify the peer IP address to apply pass-through loadbalancing rules to this IP address only. Optionally, specify one of the following pass-through load-balancing peer options: any - Applies the pass-through rule to any SYN packet and probe. probe-only - Applies the pass-through rule to any probes from any router. non-probe - Applies the pass-through rule to any SYN packet without a probe. rulenum <rulenum> src <subnet>/<mask> vlan <vlan-number> Specify the rule number to insert the pass-through loadbalancing rule before. Specify the IP address for the source network. Use the following format: XXX.XXX.XXX.XXX/XX Specify the VLAN tag Identification Number (ID).
Parameter
Riverbed Command-Line Interface Reference Manual
503
Configuration-Mode Commands
load balance rule redirect
Usage
Configure rules of this type as a second-preference rule for cases where you would like to optimize when connections are available on specified targets, but, in the event targets have reached Admission Control capacity, you would rather pass-through than tax the auto-balance pool. For example, you might use pass-through rules to handle HTTP traffic on port 80. Load-balancing rules define the characteristics by which traffic is selected for load balancing and the availability of LAN-side Steelhead appliance for such traffic. Typically, your rules list should: Account for traffic over all subnets and ports that have been selected for redirection. Account for all Steelhead appliances you have configured as neighbor peers to be targets of redirect rules or reserved for the automatic load-balancing rule. If a neighbor Steelhead appliance is specified as a target for a rule, it is reserved for traffic that matches that rule and is not available to the pool used for automatic load-balancing. If a neighbor Steelhead appliance is not specified as a target for a rule, it is available for automatic load balancing. Account for second-preference cases where you would rather pass-through traffic than tax the autoload-balancing pool. The Interceptor appliance processes load-balancing rules as follows: 1. 2. 3. 4. 5. Redirect rule matches and target Steelhead appliance available: Redirect to a target appliance according to the load balancing algorithm. Redirect rule matches but none of the target Steelhead appliances for the rules are available: Consults the next rule in list. Pass-through rule matches: Pass-through, traversing Riverbed routes but unoptimized. Redirect rule matches but no capacity and does not match a pass-through rule: Automatically balances load among neighbor Steelhead appliances not reserved by other rules. No rules match or no rules specified, target Steelhead appliances are chosen based on the following rules: Peer Affinity - Prefers a target Steelhead appliance that has had a previous connection with the source Steelhead appliance. Least Connections - If more than one target Steelhead appliance has peer affinity, the connection is redirected to one that has the least current connections. No Peer Affinity - If no Steelhead appliance has peer affinity, the connection is redirected to the Steelhead appliance with the least current connections.
Example Product Related Topics
amnesiac (config) # load balance rule pass src 10.0.0.1/16 dest 10.0.0.2/16 destport 1240 rulenum 3 description test vlan 12
Interceptor appliance show load balance rules
load balance rule redirect
Description Syntax Creates load balancing redirect rules. load balance rule redirect [addrs <ip-addr>] | [src <subnet>/<mask>] | [dest <subnet>/<mask> dest-port <port>] | [peer <ip-addr> {any | probe-only | non-probe}] | [[rulenum <rulenum>] | [description <string>] | [vlan <vlan number>] | [fair-peering yes | no]
504
Riverbed Command-Line Interface Reference Manual
load balance rule redirect
Configuration-Mode Commands
Parameters
addrs <ip-addr>
Specify a comma-separated list of Steelhead appliance IP addresses to which traffic may be redirected. (Specify the IP address for the Steelhead inpath0_0 interface.) If a rule matches, connections are redirected to a Steelhead appliance in the list according to the load balancing algorithm. Note: This parameter is not required for rules of type pass. Note: You must also configure Interceptor-to-Steelhead appliance communication and Steelhead appliance-toInterceptor communication for peering between appliances. For detailed information, see in-path neighbor multi-interface enable on page 508.
src <subnet>/<mask> dest <subnet>/<mask> dest-port <port> peer <ip-addr> {any | probe-only | non-probe}
Specify the IP address for the source network. Use the following format: XXX.XXX.XXX.XXX/XX. Specify the IP address for the destination network. Use the following format: XXX.XXX.XXX.XXX/XX. Specify a port number or port label. Specify the peer IP address to apply pass-through loadbalancing rules to this IP address only. Optionally, specify one of the following pass-through load-balancing peer options: any - Applies the pass-through rule to any SYN packet and probe. probe-only - Applies the pass-through rule to any probes from any router. non-probe - Applies the pass-through rule to any SYN packet without a probe.
rulenum <rulenum> description <string> vlan <vlan-number> fair-peering yes | no
Specify the rule number to insert the pass-through loadbalancing rule before. Specify a description of the rule. Specify the VLAN tag Identification Number (ID). Specify to use fair peering for the load balanced rule.
Riverbed Command-Line Interface Reference Manual
505
Configuration-Mode Commands
conn-trace rule
Usage
Load-balancing rules define the characteristics by which traffic is selected for load balancing and the availability of LAN-side Steelhead appliance for such traffic. Typically, your rules list should: Account for traffic over all subnets and ports that have been selected for redirection. Account for all Steelhead appliances you have configured as neighbor peers to be targets of redirect rules or reserved for the automatic load-balancing rule. If a neighbor Steelhead appliance is specified as a target for a rule, it is reserved for traffic that matches that rule and is not available to the pool used for automatic load-balancing. If a neighbor Steelhead appliance is not specified as a target for a rule, it is available for automatic load balancing. Account for second-preference cases where you would rather pass-through traffic than tax the autoload-balancing pool. The Interceptor appliance processes load-balancing rules as follows: 1. 2. 3. 4. 5. Redirect rule matches and target Steelhead appliance available: Redirect to a target appliance according to the load balancing algorithm. Redirect rule matches but none of the target Steelhead appliances for the rules are available: Consults the next rule in list. Pass-through rule matches: Pass-through, traversing Riverbed routes but unoptimized. Redirect rule matches but no capacity and does not match a pass-through rule: Automatically balances load among neighbor Steelhead appliances not reserved by other rules. No rules match or no rules specified, target Steelhead appliances are chosen based on the following rules:
Peer Affinity - Prefers a target Steelhead appliance that has had a previous connection with the source Steelhead appliance. If no Steelhead appliance has peer affinity, the connection is redirected to the Steelhead appliance with the least current connections. Least Connections - If more than one target Steelhead appliance has peer affinity, the connection is redirected to one that has the least current connections. No Peer Affinity - If no Steelhead appliance has peer affinity, the connection is redirected to the Steelhead appliance with the least current connections. Example
amnesiac (config) # load balance rule redirect addrs 10.0.0.1,10.0.0.2 src 10.0.0.1/ 16 dest 10.0.0.2/16 dest-port 1240 description test vlan 12 addrs 10.0.0.3,10.0.0.4,10.0.0.5
Product Related Topics
Interceptor appliance show load balance rules
Interceptor Peering and Redirect Commands
This section describes the Interceptor peering and redirect commands.
conn-trace rule
Description Syntax Configures connection tracing rules. [no] conn-trace rule srcnet <subnet> srcport-start <startport> srcport-end <endport> dstnet <dst ip-addr> dstport-start <startport> dstport-end <endport>
506
Riverbed Command-Line Interface Reference Manual
in-path neighbor interface
Configuration-Mode Commands
Parameters
srcnet <subnet>
Specify an IP address and mask for the traffic source. Use the following format: XXX.XXX.XXX.XXX/XX Note: You can specify all or 0.0.0.0/0 as the wildcard for all traffic.
srcport-start <port> srcport-end <endport> dstnet <dst ipaddr>
Specify the start port for the source. Specify the end port for the source. Specify an IP address and mask for the traffic destination. Use the following format: XXX.XXX.XXX.XXX/XX Note: You can specify all or 0.0.0.0/0 as the wildcard for all traffic.
dstport-start <startport> dstport-end <endport> Usage
Specify the start port for the destination. Specify the end port for the destination.
Connection traces enable you to determine to which Steelhead appliances the Interceptor appliance has redirected specific connections. Connection traces also enable users to debug failing or unoptimized connections. Note: If you manually restart the Interceptor appliance, the connection traces are lost. Prior to restarting, perform a system dump using the disable command. The no command option disables the connection tracing.
Example Product Related Topics
amnesiac (config) # conn-trace rule 10.0.0.1 src-port 1234 srcport-end 4567 dstportstart 7890 dstport-end 8890
Interceptor appliance show conn-trace
in-path neighbor interface
Description Syntax Parameters Sets the interface to use for Interceptor-to-Steelhead communication. in-path neighbor interface <iface> <iface> Specify the interface name.
Riverbed Command-Line Interface Reference Manual
507
Configuration-Mode Commands
in-path neighbor multi-interface enable
Usage
Make sure you configure the Steelhead appliance to communicate with this Interceptor appliance on this interface when you configure Steelhead-to-Interceptor communication. Assume you want to configure peering between Interceptor A (with primary interface 10.10.10.1. inpath0_0 interface 10.10.10.2, inpath0_1 interface 10.10.10.3) and Steelhead Z (with primary interface 10.10.10.21, inpath0_0 10.10.10.22, inpath0_1 interface 10.10.10.23). 1. 2. Log into the CLI for Interceptor A. Specify which in-path interface on Interceptor A to use for Interceptor-to-Steelhead peering.
in-path neighbor interface inpath0_0
3.
Add Steelhead Z as a peer by specifying the name and IP address for the Steelhead Z inpath0_0 interface.
in-path neighbor peer name shaZ main-ip 10.10.10.22
4. 5.
Log in to the CLI for Steelhead Z. Enable the in-path interface, as shown in the following example:
in-path enable
6.
Enable the out-of-path support, as shown in the following example:
in-path oop enable
7.
Enable peering, as shown in the following example:
in-path neighbor enable
8.
Specify the neighbor name and main IP address, as shown in the following example:
in-path neighbor name interceptA main-ip 10.10.10.2
The no command option disables the interface. Example Product Related Topics
amnesiac (config) # in-path neighbor interface inpath0_0
Interceptor appliance show in-path neighbor
in-path neighbor multi-interface enable
Description Syntax Parameters Usage Configures neighbor multiple interface support. [no] in-path neighbor interface multi-interface enable None When using more than one data connection on the Steelhead appliance, you must enable multiple interface support. If you enable multiple interface support, the following constraints apply: v5.0x Steelhead appliances must be running RiOS v5.0.7 or higher. v5.5.x Steelhead appliances must be running RiOS v5.5.2 or higher. Load balancing rules apply only to the main IP address. The no command option disables multiple interface support. Example
amnesiac (config) # in-path neighbor interface multi-interface enable
508
Riverbed Command-Line Interface Reference Manual
in-path neighbor name additional-ip
Configuration-Mode Commands
Product Related Topics
Interceptor appliance, Steelhead appliance show in-path passthrough rules
in-path neighbor name additional-ip
Description Syntax Parameters Configures additional IP addresses for neighbor peers. [no] in-path neighbor name <name or ip-addr> additional-ip <ip-addr> <name or ip-addr> additional-ip <ipaddr> Usage Specify the hostname or IP address for the Interceptor in-path interface. Specify the IP address of the inpath0_0 interface for the Interceptor appliance.
Optionally, if you have enabled multiple interface support, supply additional addresses for the remaining in-path interfaces: The no command option disables the connection.
Example Product Related Topics
amnesiac (config) # in-path neighbor name 10.10.10.1 additional-ip 10.10.10.1
Steelhead appliance, Cloud Steelhead show in-path interface,show redirect, show redirect peers
in-path neighbor name
Description Syntax Parameters Configures Interceptor-to-Steelhead peering communication. [no] in-path neighbor name <name or ip> main-ip <ip-addr> [port <port>] [paused] <name or ip-addr> main-ip <ip-addr> port <port> paused Usage Specify the hostname or IP address for the Interceptor in-path interface. Specify the IP address of the inpathX_X interface for the Interceptor appliance. Specify the port number for communication with the peer. The default value is 7850. Pauses communication with the peer neighbor.
Specify the same in-path interface you set for all Interceptor-to-Steelhead communication. For example, if you set Interceptor-to-Steelhead communication on Interceptor inpath0_0, you would specify the IP address for a particular Interceptor inpath0_0 using this command. The no command option disables the connection.
Example Product Related Topics
amnesiac (config) # in-path neighbor name 10.10.10.1 main-ip 10.10.10.1
Steelhead appliance, Cloud Steelhead show in-path passthrough rules,show redirect, show redirect peers
Riverbed Command-Line Interface Reference Manual
509
Configuration-Mode Commands
redirect allow-failure
redirect allow-failure
Description Syntax Parameters Usage Allows failure in active-passive Interceptor appliance deployments. [no] redirect allow-failure None Run this command on all Interceptor appliances on the active and passive links. You must also run the command in-path neighbor allow-failure on all Steelhead appliances that point to the Interceptor appliances on which you ran this command. The no command option disables the command. Example Product Related Topics
amnesiac (config) # redirect allow-failure
Interceptor appliance show redirect, show redirect peers,
redirect interface
Description Syntax Parameters Usage Configures the redirect interface. redirect interface <interface> <interf ace> Specify the name of the interface the appliance uses to communicate with peer Interceptor appliances.
Your selection must be implemented system-wide. For example, if you decide for Interceptor A to use inpath0_0, you must specify inpath0_0 when you run this command on Interceptor B and any other Interceptor appliance in your deployment.
amnesiac (config) # redirect interface inpath0_0 You must restart the service for your changes to take effect. amnesiac (config) # service restart
Example
Product Related Topics
Interceptor appliance show redirect, show redirect peers,
redirect multi-interface enable
Description Syntax Parameters Example Product Related Topics Enables the neighbor multiple interface support. redirect multi-interface enable None
amnesiac (config) # redirect multi-interface enable
Interceptor appliance show redirect, show redirect peers
510
Riverbed Command-Line Interface Reference Manual
redirect peer name
Configuration-Mode Commands
redirect peer name
Description Syntax Parameters Configures a redirect peer. redirect peer name addr <host or ip-addr> [additional-ip <ip-addr>] <cr> | [main-ip <ip-addr>] <cr> | port <port> name <host or ip-addr> Specify the hostname or IP address for a redirect-peer Interceptor appliance in-path interface. This is the interface you set when you run the redirect interface command on the peer Interceptor appliance. Use the following format: 0.0.0.0. Specify an additional IP address for this redirect peer. Specify the main IP address of the redirect peer. Specify the corresponding port for the redirect peer. The default is 7860.
additional-ip <ip-addr> main-ip <ip-addr> port <port> Usage
The no command option disables the connection to the peer Interceptor appliance. Assume you want to configure peering between Interceptor A (with primary interface 10.10.10.1. inpath0_0 interface 10.10.10.2, inpath0_1 interface 10.10.10.3) and Interceptor B (with primary interface 10.10.10.11, inpath0_0 10.10.10.12, inpath0_1 interface 10.10.10.13). 1. 2. Log into the CLI for Interceptor A. Specify which in-path interface on Interceptor A to use for Interceptor-to-Interceptor peering.
redirect interface inpath0_0
3.
Add Interceptor B as a peer by specifying the IP address for the Interceptor B inpath0_0 interface.
redirect peer name interceptB main-ip 10.10.10.12
4. 5.
Next, log into the CLI for Interceptor B. Specify the Interceptor B interface to use for Interceptor-to-Interceptor peering:
redirect interface inpath0_0
6.
Add Interceptor A as a peer by specify the IP address for the Interceptor A inpath0_0 interface:
redirect peer name interceptA main-ip 10.10.10.2
Example Product Related Topics
amnesiac (config) # redirect peer name mypeer main-ip 10.10.10.1 additional-ip 10.0.0.2
Interceptor appliance show redirect, show redirect peers,
Configuring Load Balancing In-Path Pass-Through Rules
This section describes the commands for configuring in-path pass-through rules for load-balancing.
in-path passthrough move-rule
Description Syntax Moves an in-path pass-through rule. in-path passthrough move-rule rulenum <rulenum> to <rulenum>
Riverbed Command-Line Interface Reference Manual
511
Configuration-Mode Commands
in-path passthrough rule allow
Parameters Usage Example Product Related Topics
<rulenum>
Specify the rule number.
Moves pass-through connection rules so that they can be optimized.
amnesiac (config) # in-path passthrough move-rule 2 to 4
Interceptor appliance show in-path passthrough rules
in-path passthrough rule allow
Description Syntax Parameters Configures an in-path load balancing rule that allows pass-through traffic. in-path passthrough rule allow <cr> | addr <ip-addr> | [port <port> start <port range> end <port>] | description <description> | rulenum <rule number> | vlan <vlan id> addr <ip-addr> port <port> start <port range> end <port> description <description> rulenum <rulenum> Specify the subnet IP address. Optionally, specify the port for the subnet. Specify the start of the port range and the end port number. Optionally, specify a description of the rule. Optionally, specify a rule number from 1 to N, start, or end. The system evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. vlan <vlan id> Usage Specify the VLAN ID.
A maximum of 105 rules is allowed. Use reset connection rules to reset an existing connection and force a new connection to be formed. The feature ensures that upon reboot the system resets certain long-lived pass-through connections so they can be optimized. A badly formed rule can block traffic. This feature is only available in the CLI.
Example Product Related Topics
amnesiac (config) # in-path passthrough rule allow addr 10.0.0.1 rulenum 1
Interceptor appliance show in-path passthrough rules
512
Riverbed Command-Line Interface Reference Manual
in-path passthrough rule block
Configuration-Mode Commands
in-path passthrough rule block
Description Syntax Parameters Configures an in-path load balancing rule that blocks pass-through traffic. in-path passthrough rule block <cr> | addr <ip-addr> | [port <port> start <port range> end <port>] | description <description> | rulenum <rule number> | vlan <vlan id> addr <ip-addr> port <port> start <port range> end <port> description <description> <rulenum> Specify the subnet IP address. Optionally, specify the port for the subnet. Specify the start of the port range and the end port number. Optionally, specify a description of the rule. Optionally, specify a rule number from 1 to N, start, or end. The system evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. vlan <vlan id> Usage Specify the VLAN ID.
These rules block existing pass-through connections and prevent formation of new pass-through connections that match a specified rule. A maximum of 105 rules is allowed. Use reset connection rules to reset an existing connection and force a new connection to be formed. The feature ensures that upon reboot the system resets certain long-lived pass-through connections so they can be optimized. A badly formed rule can block traffic. This feature is only available in the CLI.
Example Product Related Topics
amnesiac (config) # in-path passthrough rule block addr 10.0.0.1 port start 6509 end 6509 vlan 12
Interceptor appliance show in-path passthrough rules
in-path passthrough rule edit
Description Syntax Parameters Edit an in-path pass-through rule description. in-path passthrough rule edit rulenum <rule number> description <"description"> <rulenum> description <"description"> Usage Example Specify a rule number to modify. Specify a description of the rule. The description must be enclosed in double-quotes.
This feature is only available in the CLI.
amnesiac (config) # in-path passthrough rule edit 2 description blocks traffic to port 6509
Riverbed Command-Line Interface Reference Manual
513
Configuration-Mode Commands
show conn-trace
Product Related Topics
Interceptor appliance show in-path passthrough rules
Displaying Interceptor Settings
This section describes the commands for displaying Interceptor appliance settings. Most of the Steelhead appliance show commands are also available in the Interceptor appliance. For detailed information, see Chapter 2, User-Mode Commands.
show conn-trace
Description Syntax Parameters Displays connection tracing status. show conn-trace [connection srcaddr <ip-addr> srcport <port> dstaddr <ip-addr> dstaddr <ipaddr> vlan <vlanid>] | [rule] | [summary] connection srcaddr <ipaddr> srcport <port> dstaddr <ipaddr> dstaddr <ipaddr> vlan <vlanid> rule summary Example Displays tracing details of one connection. Specify the source IP address, and optionally, source port, for this connection.
Specify the destination IP address, and optionally, destination port, for this connection.
Specify the VLAN ID for this connection. Displays connection tracing rules. Displays connection tracing summary.
amnesiac > show conn-trace summary Abbreviations: r#: rule matched, O: owner, R: remote, L: local time created r# source ip:port destination ip:port
vlan O state
Product Related Topics
Interceptor appliance Interceptor Peering and Redirect Commands
show in-path interface
Description Syntax Parameters Displays a list of appliance interfaces, indicates whether or not they are currently enabled, and displays the VLAN tag (displays 0 if VLAN is disabled). show in-path interface None
514
Riverbed Command-Line Interface Reference Manual
show in-path passthrough rules
Configuration-Mode Commands
Example
amnesiac > show in-path interface In-Path Interface(s): inpath0_0: enabled vlan: 0 inpath0_1: disabled vlan: 0 inpath1_0: disabled vlan: 0 inpath1_1: disabled vlan: 0 inpath2_0: disabled vlan: 0 inpath2_1: disabled vlan: 0
Product Related Topics
Steelhead appliance, Cloud Steelhead Interceptor Peering and Redirect Commands
show in-path passthrough rules
Description Syntax Parameters Example Displays in-path pass-through rules. show in-path passthrough rules None
amnesiac > show in-path passthrough rules # Type Network Port VLAN --- -------- -------------------- -------------------- -----1 allow all all all 2 3 block block 172.16.1.1/32 172.16.1.1/32 all 1234-5678 all all
def allow all all all -----------------------------------------------------------------------------3 user added rule(s)
Product Related Topics
Interceptor appliance Interceptor Peering and Redirect Commands
show in-path neighbor peers
Description Syntax Parameters Displays in-path neighbor peers. show in-path neighbor peers [brief | configured] brief configured Displays in-path neighbor peers. Displays configured in-path neighbor peers.
Riverbed Command-Line Interface Reference Manual
515
Configuration-Mode Commands
show load balance rules
Example
amnesiac > show in-path neighbor peers brief Neighbor 1: IP Address: 172.0.234.2 Version: 5.0.7 Last Reconnect: 2009/01/20 12:54:20 IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: Neighbor 2: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: IP Address: Version: Last Reconnect: 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20 172.0.234.2 5.0.7 2009/01/20 12:54:20
172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11 172.0.233.2 5.0.7 2009/01/20 12:55:11
Product Related Topics
Interceptor appliance Interceptor Peering and Redirect Commands
show load balance rules
Description Syntax Parameters Displays load balancing settings. show load balance rules None
516
Riverbed Command-Line Interface Reference Manual
show redirect
Configuration-Mode Commands
Example
amnesiac > show # Type --- ----------1 redirect
load balance rules Source Destination VLAN Target(s) ----------------- ----------------- ---- --------------all all all 172.0.245.3 172.0.245.2 Port: all Peer: Any all Port: all Peer: Any all all 172.0.245.2
redirect
def auto
all all all auto Port: all Peer: Any -----------------------------------------------------------------------------2 user added rule(s)
Product Related Topics
Interceptor appliance Load-Balancing Commands
show redirect
Description Syntax Parameters Example Displays the interface the appliance uses to communicate with peers. show redirect None
amnesiac Redirect Multiple Optimize > show redirect Interface: inpath0_0 Interface Support: yes Connections When Peer Interceptor Not Connected: no
Product Related Topics
Interceptor appliance Load-Balancing Commands
show redirect peers
Description Displays status of redirect peers. Redirect Peers include Interceptor appliances deployed in parallel to cover asymmetric routing, as well as an Interceptor appliance that functions as a failover buddy. show redirect peers <cr> [configured] [brief] configured brief Specify this option to display only a list of configured peers. Specify this option to display only brief status of peer connections.
Syntax Parameters
Riverbed Command-Line Interface Reference Manual
517
Configuration-Mode Commands
Central Management Console Feature Commands
Example
amnesiac > show redirect peers perf1-int1 # show redirect peers Peer Type Version Backup ----------------------- ---- ------------- ----------------------------------perf1-int3 F 2.0.3 172.16.38.2:7860 10:49:38 Interface(s): 172.16.38.3:7860 gen1-sh124 R hellcat-i386-flamebox-latest-58291 255.255.255.255:0 2009/10/23 10:49 :38 Interface(s): 172.16.55.3:7860 Type: 'R' = Redirect 'F' = Failover
Last Reconnect
2009/10/23 Connected
Connected
Product Related Topics
Interceptor appliance Load-Balancing Commands
Central Management Console Feature Commands
This section describes the Central Management Console (CMC) commands that are unique to the CMC appliance. The majority of the Steelhead appliance CLI commands are also available in the CMC appliance, however Riverbed strongly recommends that you do not use the CLI to configure the CMC appliance, CMC features, or remote Steelhead appliances that you are monitoring and configuring using the CMC. Riverbed strongly recommends that you use the CMC GUI to configure the CMC appliance, CMC features, and remote Steelhead appliances that you are monitoring and configuring using the CMC.
518
Riverbed Command-Line Interface Reference Manual
cmc backup-config
Configuration-Mode Commands
CMC Compatibility
The Steelhead appliance has been tested with the following Central Management Console (CMC) versions:
Steelhead RiOS Version v6.5 Recommended CMC Version v6.1.x partial support Parity in subsequent v6.5 release. v6.1.x v6.1.0 CMC v6.1.x CMC v6.0.x CMC v5.5.x
Manages only v6.1.x features, does not support QoS.
Not supported
Parity; Includes Virtual Steelhead, does not support ProCurve. Parity; Manages all Steelhead appliance v6.0.2 and later features, including RSP. Parity; Manages all Steelhead appliance v5.5.4 only, does not support RSP.
Manages some RiOS v6.1.x features may be supported in subsequent point releases of CMC v6.0. Parity; Manages all Steelhead appliance v6.0.x features. Parity; Manages all Steelhead appliance v5.5.4 features only, does not support RSP.
Not supported
v6.0.x
v6.1.0, 6.0.1
CMC v5.5.3 and later, manages only v5.5 Steelhead appliance features. Parity; does not support RSP.
v5.5.x
v6.1.0, 6.0.1
CMC Configuration and Backup Commands
This section describes the CMC commands for backing up the configuration and statistics to a backup server in your network.
cmc backup-config
Description Syntax Parameters Example Product Related Topics Backs up the CMC configuration to the configured backup server. cmc backup-config <cr> | name <snapshot name> name <snapshot name> Specify the name of configuration snapshot.
amnesiac (config) # cmc backup-config
CMC appliance show cmc appliances, show cmc groups
cmc backup-stats
Description Syntax Parameters Backs up statistics to the configured backup server. cmc backup-stats None
Riverbed Command-Line Interface Reference Manual
519
Configuration-Mode Commands
cmc reboot
Example Product Related Topics
amnesiac (config) # cmc backup-stats
CMC appliance show cmc appliances, show cmc groups
cmc reboot
Description Syntax Parameters Reboots an appliance or group cmc reboot [appliance <appliance>] | [group <group>] | [switch <no | yes>] appliance <appliance> group <group> switch <no | yes> Example Product Related Topics Specify the appliance name to reboot. Specify the group name to reboot. Specify yes to switch the boot partition before rebooting; specify no to note switch the boot partition before rebooting.
amnesiac (config) # cmc reboot appliance gen-sh
CMC appliance show cmc appliances, show cmc groups
cmc restore-config name
Description Syntax Parameters Restores a back-up configuration from the backup server. cmc restore-config name <name> <cr> | vault-pw <password> | omit-vault <name> vault-pw <password> omit-vault Example Product Related Topics Specify the name of configuration snapshot. Specify the password for backed up secure vault. Specify to omit restoration the secure vault.
amnesiac (config) # cmc restore-config name gen-sh1 omit-vault
CMC appliance show cmc appliances, show cmc groups
cmc restore-stats
Description Syntax Parameters Example Restores statistics from the configured backup server. cmc restore-stats None
amnesiac (config) # cmc restore-stats
520
Riverbed Command-Line Interface Reference Manual
cmc secure-vault unlock appliance
Configuration-Mode Commands
Product Related Topics
CMC appliance show cmc appliances, show cmc groups
cmc secure-vault unlock appliance
Description Syntax Parameters Unlocks the secure vault on the specified appliance. cmc secure-vault unlock appliance <appliance> password <secure vault password> <appliance> password <secure vault password> Example Product Related Topics Specify the appliance serial number. Specify the password for the secure vault of the specified appliance.
amnesiac (config) # cmc secure-vault unlock appliance D11AA123456789 password nycD11AA
CMC appliance cmc secure-vault unlock group
cmc secure-vault unlock group
Description Syntax Parameters Unlocks the secure vault on the appliances in the specified appliance group. cmc secure-vault unlock group <group name> password <secure vault password> <group name> password <secure vault password> Usage Specify the name of the group. Specify the shared password for the secure vault configurations of the appliances in the specified group.
You can only use this command if all the appliances in the specified group use the same password in the secure vault configurations. Otherwise, use the cmc secure-vault unlock appliance command to unlock the secure vault of individual appliances
amnesiac (config) # cmc secure-vault unlock group <manhattan_group> password <nyc123>
Example Product Related Topics
CMC appliance cmc secure-vault unlock appliance
CMC Email Commands
This section describes the email commands for the CMC appliance.
Riverbed Command-Line Interface Reference Manual
521
Configuration-Mode Commands
cmc email notify appliance aggregate duration
cmc email notify appliance aggregate duration
Description Syntax Parameters Example Product Related Topics Configures settings for aggregating notifications into periodic emails. cmc email notify appliance aggregate duration <minutes> <minutes> Specify the number of minutes of aggregate appliance state notifications.
amnesiac (config) # cmc email notify appliance aggregate duration 5
CMC appliance show cmc appliances, show cmc groups
cmc email notify appliance aggregate enable
Description Syntax Parameters Example Product Related Topics Enables aggregating notifications into periodic emails. cmc email notify appliance aggregate enable None
amnesiac (config) # cmc email notify appliance aggregate enable
CMC appliance show cmc appliances, show cmc groups,
cmc email notify appliance enable
Description Syntax Parameters Example Product Related Topics Enables appliance state notifications. cmc email notify appliance enable None
amnesiac (config) # cmc email notify appliance enable
CMC appliance show cmc appliances, show cmc groups,
CMC Policy Commands
This section describes the policy commands for managing CMC policies.
522
Riverbed Command-Line Interface Reference Manual
cmc policy push appliance
Configuration-Mode Commands
cmc policy push appliance
Description Syntax Parameters Pushes a policy to an appliance or group. cmc policy push appliance <name> | [group <group>] | [restart-service] <name> group <group> restart-service Example Product Related Topics Specify the name of target appliance. Specify the group name. Specify to restart the optimization service, if needed.
amnesiac (config) # cmc policy push appliance gen-sh restart-service
CMC appliance show cmc appliances, show cmc groups
cmc policy push group
Description Syntax Parameters Pushes a policy to an appliance or group. cmc policy push group <group> | [appliance <name>] | [restart-service] <group> appliance <name> restart-service Example Product Related Topics Specify the name of target group. Specify the appliance name. Specify to restart the optimization service, if needed.
amnesiac (config) # cmc policy push group mygroup restart-service
CMC appliance show cmc appliances, show cmc groups
CMC Send CLI Commands
This section describes the commands for sending CLI commands and operations to the Steelhead appliances in your network.
cmc send-cmd appliance
Description Syntax Parameters Pushes CLI commands to Steelhead appliances. cmc send-cmd appliance <name> | [group <group>] commands <CLI commands> <name> group <group> commands <CLI commands> Example Specify the name of target appliance. Specify the group name. Specify the CLI commands to send. Use a semicolon ( ; ) to separate commands.
amnesiac (config) # cmc send-cmd appliance gen-sh commands show version
Riverbed Command-Line Interface Reference Manual
523
Configuration-Mode Commands
cmc send-cmd group
Product Related Topics
CMC appliance show cmc appliances, show cmc groups
cmc send-cmd group
Description Syntax Parameters Pushes an operation to a Steelhead appliance. cmc send-cmd group <group> | [appliance <name>] commands <CLI commands> <group> appliance <name> commands <CLI commands> Example Product Related Topics Specify the name of target group. Specify the appliance name. Specify the CLI commands to send. Use a semicolon ( ; ) to separate commands.
amnesiac (config) # cmc send-cmd group mygroup commands show version
CMC appliance show cmc appliances, show cmc groups
cmc send-op appliance
Description Syntax Parameters Pushes an operation to a Steelhead appliance. cmc send-op appliance <name> | [group <group>] operation <operation> clean <group> appliance <name> operation <operation> clean Example Product Related Topics Specify the name of target group. Specify the appliance name. Specify the operation: reload, shutdown, start, stop, or restart Specify to perform a clean operation.
amnesiac (config) # cmc send-op appliance gen-sh operation restart
CMC appliance show cmc appliances, show cmc groups
cmc send-op group
Description Syntax Push an operation to a group of Steelhead appliances. cmc send-op group <group> | [appliance <name>] operation <operation> clean
524
Riverbed Command-Line Interface Reference Manual
cmc upgrade abort
Configuration-Mode Commands
Parameters
<group> appliance <name> operation <operation> clean
Specify the name of target group. Specify the appliance name. Specify the operation: reload, shutdown, start, stop, or restart Specify to perform a clean operation.
Example Product Related Topics
amnesiac (config) # cmc send-op group mygroup operation restart
CMC appliance show cmc appliances, show cmc groups
CMC Upgrade Commands
This section describes the commands for upgrading the CMC appliance and the Steelhead appliances in your network.
cmc upgrade abort
Description Syntax Parameters Aborts appliance upgrades; reboots operations in progress. cmc upgrade abort <cr> | [all active [appliance <ip-addr>| group <group name>]] | [appliance <ip-addr> | group <group name>] [all active [appliance <ipaddr>| group <group name>]] appliance <serial number> group <group name> Example Product Related Topics Aborts all appliances or specified appliances and groups. Specify the CMC appliance serial number. Specify the CMC appliance group name.
amnesiac (config) # cmc upgrade abort all active appliance 10.0.0.1
CMC appliance show cmc appliances, show cmc groups,
cmc upgrade appliance
Description Syntax Upgrades target appliances with new software. cmc upgrade appliance <serial number> <cr> [group <group name> <cr>] | image <image name>| image_url <image url> | stop_after [install | reboot]| transition <image name>| transitions_url <image url>
Riverbed Command-Line Interface Reference Manual
525
Configuration-Mode Commands
cmc upgrade auto
Parameters
appliance <serial number> <cr> | [group <group name> <cr>] image <image name> image_url stop_after [install | reboot] transition <image name> transition_url <image url>
Upgrades the specified appliance and group.
Specify the image name. Specify the image URL Specify when (install or reboot) the upgrade should stop. Specify the 32-bit transition image. Specify the remote image to use as transition image.
Example Product Related Topics
amnesiac (config) # cmc upgrade appliance X67XR00007DC1 image rbt_sh 5.5.1h #58_18
CMC appliance show cmc appliances, show cmc groups,
cmc upgrade auto
Description Syntax Parameters Enables automatic upgrades. [no] cmc upgrade auto i386 <image name> x86_64 <image name> image transition <image name> i386 <image name> x86_64 <image name> image transition <image name> Example Product Related Topics Specify the image name to use for 32-bit appliances. Use double-quotes ( '' ) to unset. Specify the image name to use for 64-bit appliances. Use double-quotes ( '' ) to unset. Specify the 32-bit transition image.
amnesiac (config) # cmc upgrade auto 1386 rbt_sh 5.5.1h #58_18
CMC appliance show cmc appliances, show cmc groups,
cmc upgrade concurrent limit
Description Syntax Parameters Example Product Related Topics Configures concurrent upgrades. cmc upgrade concurrent limit <# of upgrades> <# of upgrades> Specify the maximum number of upgrades to process concurrently.
amnesiac (config) # cmc upgrade concurrent limit 10
CMC appliance show cmc appliances, show cmc groups,
526
Riverbed Command-Line Interface Reference Manual
cmc upgrade delete
Configuration-Mode Commands
cmc upgrade delete
Description Syntax Parameters Example Product Related Topics Deletes an appliance image from the image library. cmc upgrade delete <image name> <image name> Specify the software image name to delete.
amnesiac (config) # cmc upgrade delete rbt_sh 5.5.1h #58_18
CMC appliance show cmc appliances, show cmc groups,
cmc upgrade fetch
Description Syntax Parameters Downloads an appliance image to the local image library. cmc upgrade fetch <http, ftp, or scp URL (e.g. scp://username:password@host/path)> <<http, ftp, or scp URL (e.g. scp:// username:pass word@host/ path)> Specify the HTTP, FTP or scp URL. For example, scp://user:pass@host/pathtoimage
Example Product Related Topics
amnesiac (config) # cmc upgrade fetch scp://user:pass@server/path/to/image
CMC appliance show cmc appliances, show cmc groups,
cmc upgrade timeout
Description Syntax Parameters Example Product Related Topics Configures a time-out period for upgrades. cmc upgrade timeout <minutes> <minutes> Specify to automatically stop upgrades that take longer than the time-out period.
amnesiac (config) # cmc upgrade timeout 60
CMC appliance show cmc appliances, show cmc groups,
CMC Export Commands
This section describes the export commands for the CMC appliance.
Riverbed Command-Line Interface Reference Manual
527
Configuration-Mode Commands
export appliance
export appliance
Description Syntax Parameters Exports appliance information for CMC managed appliances to a remote email address or SCP/ FTP location. export appliance to-email <email addr> html | csv | to-file <URL or scp://username:password@hostname/path/filename> html | csv to-email <email addr> html | csv to-file <URL or scp://username:password@hostname/path/ filename html | csv Example Product Related Topics Specify an email address, file format, and type of report to export. Specify a URL or SCP, file format, and type of report to export.
amnesiac (config) # export appliance to-email foo@bar html
CMC appliance export stats
export stats
Description Syntax Exports statistics information for CMC managed appliances to a remote email address or SCP/ FTP location. export stats <quoted list of groups separated by /> <period over which to export, in seconds> <granularity of the exported stat, in seconds> [to-email <email addr> html | csv <bandwidth | throughput | data-reduction | conn-history | traffic-summary>] | [to-file <URL or scp:// username:password@hostname/path/filename> html | csv <bandwidth | throughput | datareduction | conn-history | traffic-summary>] to-email <email addr> html | csv <bandwidth | throughput | data-reduction | conn-history | traffic-summary> to-file <URL or scp html | csv <bandwidth | throughput | data-reduction | conn-history | traffic-summary Example Product Related Topics Specify an email address, file format, and type of report to export. Specify a URL or SCP, file format, and type of report to export.
Parameters
amnesiac (config) # export stats "remoteappliance" 3600 60 to-email [email protected] html bandwidth
CMC appliance export appliance
Displaying CMC Data
This section describes the show commands that are unique to the CMC appliance.
show cmc appliance
Description Syntax Displays settings for the specified CMC appliance. show cmc appliance <serial number>
528
Riverbed Command-Line Interface Reference Manual
show cmc appliances
Configuration-Mode Commands
Parameters Example
<serial number>
Specify the serial number for the appliance.
amnesiac (config) # show cmc appliance T30QK0006805E Appliance T30QK0006805E (T30QK0006805E) Connected: Version: Model: Parent Group: Status: Reduction: Comment: Optimization Policy: Networking Policy: Security Policy: System Policy: Branch Services Policy: Auto-configuration: Branch Managed: User-specified Address: Auto-registration Address: Disable Auto-Upgrade: false false false
Global Unknown Unavailable
false
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
show cmc appliances
Description Syntax Parameters Example Product Related Topics Displays settings for all CMC appliances. show cmc appliances <cr> | detail detail Displays detailed information for all appliances.
amnesiac (config) # show cmc appliances
CMC appliance CLI Terminal Configuration Commands
show cmc group
Description Syntax Parameters Displays the specified CMC appliance group settings. show cmc group <group name> <group name> Specify the group name.
Riverbed Command-Line Interface Reference Manual
529
Configuration-Mode Commands
show cmc groups
Example
amnesiac (config) # show cmc group Global Group Global Parent Group: Comment: Optimization Policy: Networking Policy: Security Policy: System Policy: Appliances: T24GK00008C48
10.1.11.0
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
show cmc groups
Description Syntax Parameters Example Displays the specified CMC appliance group settings. show cmc groups <cr> | detail detail Displays detailed information for CMC appliance groups.
amnesiac (config) # show cmc groups Group Global Parent Group: Comment: Appliances: T24GK000XXXXX
Product Related Topics
CMC appliance CLI Terminal Configuration Commands
Steelhead Mobile Controller Feature Commands
This section describes the Steelhead Mobile Controller (Mobile Controller) commands that are unique to the Mobile Controller appliance. Riverbed strongly recommends that you use the Mobile Controller GUI to configure the Mobile Controller appliance and Mobile Controller features.
Acceleration Policy Commands
This section describes the acceleration policy commands that are available in configuration mode.
530
Riverbed Command-Line Interface Reference Manual
policy acceleration branch-warming enable
Configuration-Mode Commands
policy acceleration branch-warming enable
Description Syntax Parameters Usage Enables branch warming. [no] policy acceleration <id> branch-warming enable <id> Specify the policy assignment for the Deployment ID.
You must also enable branch warming on the Steelhead appliance. For detailed information, see the Management Console online help or the Steelhead Management Console Users Guide. Branch warming requires Steelhead Mobile v3.0 or later. The no command option disables branch warming.
Example Product Related Topics
amnesiac (config) # no policy acceleration 1 branch-warming enable
Mobile Controller Endpoint Information Commands
policy acceleration assignment adpath
Description Syntax Parameters Configures policy acceleration assignment by Active Directory path. [no] policy acceleration assignment adpath <ad path> policy_id <policy id> <ad path> policy_id <policy id> Usage Example Product Related Topics Specify the Active Directory Path. Specify the policy assignment for the Deployment ID.
The no command option removes the policy acceleration assignment by Active Directory Path.
amnesiac (config) # no policy acceleration assignment adpath //path policy_id 1
Mobile Controller Endpoint Information Commands
policy acceleration assignment adpath remove-all
Description Syntax Parameters Example Product Related Topics Removes all the Active Directory path assignments. [no] policy acceleration assignment adpath remove-all policy_id <policy id> policy_id <policy id> Specify the policy assignment for the Deployment ID.
amnesiac (config) # policy acceleration assignment adpath remove-all policy_id 1
Mobile Controller Endpoint Information Commands
Riverbed Command-Line Interface Reference Manual
531
Configuration-Mode Commands
policy acceleration assignment depid
policy acceleration assignment depid
Description Syntax Parameters Configures policy acceleration assignment by Deployment ID. [no] policy acceleration assignment depid <deploy id> policy_id <policy id> depid <deploy-id> policy_id <policy id> Usage Example Product Related Topics Specify the Deployment ID. Specify the policy ID.
The no command option removes the policy acceleration assignment by Deployment ID.
amnesiac (config) # no policy acceleration assignment depid 2566 policy_id 1
Mobile Controller show policy acceleration assignments depid
policy acceleration assignment depid remove-all
Description Syntax Parameters Removes all the Deployment ID assignments [no] policy acceleration assignment depid <deploy-id> remove-all policy_id <policy id> <deploy-id> policy_id <policy id> Example Product Related Topics Specify the Deployment ID. Specify the policy ID.
amnesiac (config) # policy acceleration assignment depid 2566 remove-all policy_id 1
Mobile Controller show policy acceleration assignments depid
policy acceleration id cifs
Description Syntax Parameters Configures CIFS settings. [no] policy acceleration id <id> cifs [dw-throttling enable | smb1-bckwd-comp enable] <id> dwthrottling enable smb1bckwdcomp enable Usage Example Specify the policy name or number. Enables CIFS dynamic-write throttling.
Enables CIFS SMBv1 backward compatibility mode.
The no command option disables these CIFS features.
amnesiac (config) # no policy acceleration id 1 cifs dw-throttling enable
532
Riverbed Command-Line Interface Reference Manual
policy acceleration id mapi
Configuration-Mode Commands
Product Related Topics
Mobile Controller show policy acceleration id cifs,
policy acceleration id mapi
Description Syntax Parameters Configures MAPI port remapping. [no] policy acceleration id <id> mapi port-remap enable <id> port-remap enable Usage Example Product Related Topics Specify the policy name or number. Enables MAPI port remapping.
The no command option disables MAPI port remapping.
amnesiac (config) # no policy acceleration id 1 mapi port-remap enable
Mobile Controller show policy acceleration id mapi port-remap
policy acceleration id notes
Description Syntax Parameters Configures Lotus Notes settings. [no] policy acceleration id <id> notes enable | port <lotus notes port number> <id> port <lotus notes port number> Usage Example Product Related Topics Specify the policy name or number. Sets the Lotus Notes port number.
The no command option disables the Lotus Notes blade.
amnesiac (config) # no policy acceleration id 1 notes enable
Mobile Controller show policy acceleration id probe-tcp-opt
policy acceleration id probe-tcp-opt
Description Syntax Parameters Sets the probe TCP option value. [no] policy acceleration id <id> probe-tcp-opt <probe tcp value> <id> <probe tcp value> Specify the policy name or number. Specify the probe TCP value.
Riverbed Command-Line Interface Reference Manual
533
Configuration-Mode Commands
adaptor info clear-all
Usage Example Product Related Topics
The no command option disables the probe TCP option.
amnesiac (config) # no policy acceleration id 1 probe-tcp-opt 2
Mobile Controller Endpoint Information Commands
Endpoint Information Commands
This section describes the endpoint information commands for the Mobile Controller.
adaptor info clear-all
Description Syntax Parameters Example Product Related Topics Clears all adapter list information. adaptor info clear-all None
amnesiac (config) # adpator info clear-all
Mobile Controller show info
endpoint info clear-all
Description Syntax Parameters Example Product Related Topics Clears all endpoint list information.
endpoint info clear-all
None
amnesiac (config) # endpoint info clear-all
Mobile Controller show info
Endpoint Policy Commands
This section describes the endpoint policy commands for the Mobile Controller.
534
Riverbed Command-Line Interface Reference Manual
policy endpoint assignment adpath
Configuration-Mode Commands
policy endpoint assignment adpath
Description Syntax Parameters Configures policy endpoint assignment by Active Directory path. [no] policy endpoint assignment adpath <ad path> policy_id <policy id> <ad path> policy_id <policy id> Usage Example Product Related Topics Specify the Active Directory path. Specify the policy assignment for Deployment ID.
The no command option removes the policy endpoint assignment by Active Directory Path.
amnesiac (config) # no policy endpoint assignment adpath //path policy_id 1
Mobile Controller show policy endpoint assignments adpath
policy endpoint assignment adpath remove-all
Description Syntax Parameters Example Product Related Topics Removes all the endpoint Active Directory path assignments. [no] policy endpoint assignment adpath remove-all policy_id <policy id> policy_id <policy id> Specify the policy assignment for Active Directory.
amnesiac (config) # policy endpoint assignment adpath remove-all policy_id 1
Mobile Controller show policy endpoint assignments adpath
policy endpoint assignment depid
Description Syntax Parameters Configures the policy endpoint assignment by Deployment ID. [no] policy endpoint assignment depid <deploy-id> policy_id <policy id> depid <deploy-id> policy_id <policy id> Usage Example Product Related Topics Specify the Deployment ID. Specify the policy assignment for the Deployment ID.
The no command option removes the policy endpoint assignment by Deployment ID.
amnesiac (config) # no policy endpoint assignment depid 2566 policy_id 1
Mobile Controller show policy acceleration assignments depid
Riverbed Command-Line Interface Reference Manual
535
Configuration-Mode Commands
policy endpoint assignment depid remove-all
policy endpoint assignment depid remove-all
Description Syntax Parameters Removes all the endpoint Deployment ID assignments. [no] policy endpoint assignment depid <deploy-id> remove-all policy_id <policy id> <deploy-id> policy_id <policy id> Example Product Related Topics Specify the endpoint assignment for Deployment ID. Specify the policy assignment ID.
amnesiac (config) # policy endpoint assignment depid 123 remove-all policy_id 1
Mobile Controller show policy acceleration assignments depid
policy endpoint id dis-chksum-offl
Description Syntax Parameters Example Product Related Topics Disables Checksum Offloading for TCP/IP operations. [no] policy endpoint id <id> dis-chksum-offl <id> Specify the policy name or number.
amnesiac (config) # policy endpoint id 1 dis-chksum-offl
Mobile Controller show policy acceleration assignments depid
policy endpoint id kickoff
Description Syntax Parameters Configures the kickoff process. [no] policy endpoint id <id> kickoff <process name> <id> <process name> Usage Example Product Related Topics Specify the policy name or number. Specify the kickoff process.
Use the no option of this command to disable the kickoff process.
amnesiac (config) # no policy endpoint id 1 kickoff testkickoff
Mobile Controller show policy endpoint id kickoff processes
536
Riverbed Command-Line Interface Reference Manual
package assignment adpath
Configuration-Mode Commands
Package Commands
This section describes the package commands for the Mobile Controller.
package assignment adpath
Description Syntax Parameters Configures package assignment by Active Directory path.
[no] package assignment adpath <ad path> package_id <package-id>
<ad path> package_id <packageid> Specify the Active Directory path. Specify the package name.
Usage Example Product Related Topics
Use the no option of this command to remove the package assignment by Active Directory path.
amnesiac (config) # no package assignment adpath //path package_id 1
Mobile Controller show package assignments depid
package assignment depid
Description Syntax Parameters Configures package assignment by Deployment ID. [no] package assignment depid <deploy id> package_id <package-id> depid <depid> package_id <packageid> Usage Example Product Related Topics Specify the Deployment ID. Specify the package ID.
Use the no option of this command to remove the package assignment by Deployment ID.
amnesiac (config) # no package assignment depid 2566 package_id 1
Mobile Controller show package assignments depid
package assignment depid remove-all
Description Syntax Parameters Removes all the package Deployment ID assignments. package assignment depid remove-all policy_id <policy id> policy_id <policy id> Specify the package assignment for the Deployment ID.
Riverbed Command-Line Interface Reference Manual
537
Configuration-Mode Commands
ip fqdn override
Example Product Related Topics
amnesiac (config) # package assignment depid remove-all policy_id 1
Mobile Controller show package assignments depid
Miscellaneous Steelhead Mobile Commands
This section describes miscellaneous Steelhead Mobile commands.
ip fqdn override
Description Syntax Parameters Usage Enables the Steelhead Mobile Client to override the fully qualified domain name. [no] ip fqdn override <domain name> <domain name> Specify the override domain name.
If set, the fully qualified domain name always refers to the override value. This command should be used sparingly and very carefully. If the override string has an error in it, the Steelhead Mobile Client will not be able to connect to the Mobile Controller until you change this override value. To change the override domain name value 1. 2. 3. 4. 5. 6. On your endpoint client machine, click the Riverbed icon in your tool bar to open the Steelhead Mobile Client window. Click Settings. Under Configure Steelhead Mobile Controllers, click Configure to open the Configure Steelhead Mobile Controller window. Click Override the controller list and click New. Type a new hostname in the Hostname or IP Address text box and click OK. Click Apply to apply your changes.
Example Product Related Topics
amnesiac (config) # ip fqdm override thisisatest
CMC appliance, Steelhead appliance, Steelhead Mobile Controller show hosts
Displaying Steelhead Mobile Information
This section describes the show commands for displaying system information.
show package assignments adpath
Description Syntax Displays package Active Directory path assignments. show package assignments adpath
538
Riverbed Command-Line Interface Reference Manual
show package assignments depid
Configuration-Mode Commands
Parameters Example
None
amnesiac (config) # show package assignments adpath #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller package assignment adpath
show package assignments depid
Description Syntax Parameters Example Displays package Deployment ID assignments. show package assignments depid None
amnesiac (config) # show package assignments depid #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller package assignment depid
show package list
Description Syntax Parameters Example Displays current package list. show package list None
amnesiac (config) # show package list Package Name Version Package ID ---------------------------------Default 2.1.0.27 1784341108700150
Product Related Topics
Mobile Controller package assignment adpath, package assignment depid
show policy acceleration assignments adpath
Description Syntax Parameters Displays policy acceleration Active Directory path assignments. show policy acceleration assignments adpath None
Riverbed Command-Line Interface Reference Manual
539
Configuration-Mode Commands
show policy acceleration assignments depid
Example
amnesiac (config) # show policy acceleration assignments adpath #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy acceleration assignment adpath
show policy acceleration assignments depid
Description Syntax Parameters Example Displays policy acceleration Deployment ID assignments. show policy acceleration assignments depid None
amnesiac (config) # show policy acceleration assignments depid #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy acceleration assignment depid
show policy acceleration id <id> branch-warming
Description Syntax Parameters Example Displays branch-warming settings. show policy acceleration id <id> branch-warming <id> Specify the policy acceleration ID.
policy acceleration id 1 branch-warming no 1000 1024 1024 25
amnesiac (config) # show Enable Branch Warming: Ref Flush Interval (ms): Ref Flush Threshold: Ref Max Outstanding: REQ Max Process Sync:
Product Related Topics
Mobile Controller policy acceleration branch-warming enable
show policy acceleration id cifs
Description Syntax Parameters Displays CIFS settings. show policy acceleration id <id> cifs <id> Specify the policy acceleration ID.
540
Riverbed Command-Line Interface Reference Manual
show policy acceleration id mapi encrypted
Configuration-Mode Commands
Example
amnesiac (config) # show policy acceleration id 1 cifs Enable initiation of bigger read from CFE: yes Enable CIFS DCE RPC optimization: yes Enable Reparse Point Optimization: yes Enable Dynamic Write Throttling: yes Enable SMBv1 Backwards Compatibility Mode: no Enable Holdback Overlapped Open: yes Enable Findfirst Option: yes
Product Related Topics
Mobile Controller policy acceleration id cifs
show policy acceleration id mapi encrypted
Description Syntax Parameters Example Product Related Topics Displays MAPI encryption settings. show policy acceleration id <id> mapi encrypted <id> Specify the policy acceleration ID.
amnesiac (config) # show policy acceleration id 1 mapi encrypted MAPI / Exchange Encryption Optimization Enabled: no
Mobile Controller policy acceleration id mapi
show policy acceleration id mapi port-remap
Description Syntax Parameters Example Product Related Topics Displays MAPI settings for port remapping. show policy acceleration id <id> mapi port-remap <id> Specify the policy acceleration ID.
amnesiac (config) # show policy acceleration id 1 mapi port-remap MAPI Port Remap: Disabled
Mobile Controller policy acceleration id mapi
show policy acceleration id mapi2k7
Description Syntax Parameters Example Displays MAPI settings for Exchange 2007. show policy acceleration id <id> mapi2k7 <id> Specify the policy acceleration ID.
amnesiac (config) # show policy acceleration id 1 mapi2k7 Exchange 2007 optimization: yes
Riverbed Command-Line Interface Reference Manual
541
Configuration-Mode Commands
show policy acceleration id notes
Product Related Topics
Mobile Controller policy acceleration id mapi
show policy acceleration id notes
Description Syntax Parameters Example Product Related Topics Displays Lotus Notes settings. show policy acceleration id <id> notes <id> Specify the policy acceleration ID.
amnesiac (config) # show policy acceleration id 1 notes Exchange 2007 optimization: yes
Mobile Controller policy acceleration id notes
show policy acceleration id probe-tcp-opt
Description Syntax Parameters Example Displays MAPI settings the probe TCP option. show policy acceleration id <id> probe-tcp-opt <id> Specify the policy acceleration ID.
amnesiac (config) # show policy acceleration id 1 probe-tcp-opt Probe TCP Option: Disabled Probe TCP Option Value: 76
Product Related Topics
Mobile Controller policy acceleration id probe-tcp-opt
show policy endpoint assignments adpath
Description Syntax Parameters Example Displays policy endpoint Active Directory path assignments. show policy endpoint assignments adpath None
amnesiac (config) # show policy endpoint assignments adpath #Assignment ID Policy ID Policy Name -------------------------------------load-test-client-0 10 Policy[10]
Product Related Topics
Mobile Controller policy endpoint assignment adpath
542
Riverbed Command-Line Interface Reference Manual
show policy endpoint assignments depid
Configuration-Mode Commands
show policy endpoint assignments depid
Description Syntax Parameters Example Displays endpoint assignments by deployment ID. show policy endpoint assignments depid None
amnesiac (config) # show policy endpoint assignments depid Assignment ID Policy ID Policy Name -------------------------------
Product Related Topics
Mobile Controller policy endpoint assignment depid
show policy endpoint id dis-chksum-offl
Description Syntax Parameters Example Product Related Topics Displays the endpoint checksum off load setting. show policy endpoint id <id> dis-chksum-offl <id> Specify the endpoint policy ID.
amnesiac (config) # show policy endpoint 2345 dis-chksum-offl Disable checksum offload: no
Mobile Controller policy endpoint id dis-chksum-offl,
show policy endpoint id kickoff processes
Description Syntax Parameters Example Product Related Topics Displays kickoff processes. show policy endpoint id <id> kickoff processes <id> Specify the endpoint policy ID.
amnesiac (config) # show policy endpoint id 1 kickoff processes
Mobile Controller policy endpoint id kickoff
Riverbed Command-Line Interface Reference Manual
543
Configuration-Mode Commands
Cloud Steelhead Feature Commands
Cloud Steelhead Feature Commands
This section describes the commands unique to Cloud Steelhead. You can use the command-line to perform basic cloud configuration tasks, display configuration information, and check status. Some commands require information available only from the Riverbed Cloud Portal. Riverbed strongly recommends that you use the Cloud Steelhead GUI to configure the Cloud Steelhead appliance. This section also contains: Displaying Cloud Steelhead Information on page 548 For detailed information about the Cloud Steelhead, see the Riverbed Cloud Services Deployment Guide.
discovery enable
Description Syntax Usage Enables the Discovery Client on the Cloud Steelhead. [no] discovery enable The Discovery Client is a software package that you install on the client or server in the optimized Riverbed cloud. When a client Steelhead connects to a server in the cloud, the Discovery Client redirects any autodiscovery probe request to a Cloud Steelhead in its optimization group. Then, the client Steelhead discovers and starts peering and optimizing with the Cloud Steelhead. After the auto-discovery process completes, the connection is terminated locally on the Steelhead without going over the WAN. When a client in the cloud connects to a server, the Discovery Client redirects any TCP connection to a Cloud Steelhead in its optimization group. The Cloud Steelhead sends an auto-discovery probe, discovers the remote Steelhead, and starts peering and optimizing with it. Configure discovery client settings before you enable discovery. The Discovery Client provides auto-discovery, transparency, failure detection, and load balancing. For details, see the Riverbed Cloud Services Deployment Guide. The no command option disables the Discovery Client on the Cloud Steelhead. Example Product Related Topics
amnesiac (config) # discovery enable
Cloud Steelhead show discovery
discovery local
Description Syntax Parameters Specifies the local node configuration in the Discovery Client. discovery local [node-id <id>] [node-key <key>] [discovery-type {riverbed-portal | local-portal url <portal URL>} ] [refresh-time <time>] node-id <id> node-key <key> Specify the local client ID. Specify the local client key.
544
Riverbed Command-Line Interface Reference Manual
in-path agent-intercept
Configuration-Mode Commands
discovery-type {riverbedportal| localportal url <portal URL>} refresh time <time> Example Product Related Topics
Specify the portal with which the Discovery Client should communicate. The default value is riverbed-portal. You can use your own local portal by specifying the local-portal url option and typing the URL of the local portal. The riverbed-portal parameter does not take a URL. Specify the refresh time in seconds for the Discovery Client. The time must be between 300 and 3600 seconds. The default value is 300 seconds.
amnesiac (config) # discovery local local-portal url testsite.com refresh-time 400
Cloud Steelhead show discovery
in-path agent-intercept
Description Syntax Parameters Configures the in-path intercept mode. in-path agent-intercept [heartbeat port <IP port>] [keepalive count <int>] [keepalive interval <int>] [server-nat-mode<mode> heartbeat port <IP port> keepalive count <int> keepalive interval <int> server-natmode <mode> Specify the IP port that transmits a regular heartbeat. Specify a value for the keepalive count. This is the total number of acknowledgements (ACKs) for which the Cloud Steelhead waits before it reports that the Discovery Client is down. Specify the time interval in seconds between keep-alive messages of the Cloud Steelhead for heartbeat connection with the Discovery Client. Specify the transparency mode for client connections. You configure the transparency mode in the Cloud Steelhead and it transmits it to the Discovery Client. There are three transparency modes: safe-transparent - If the client is behind a NAT device, the client
connection to the application server is non-transparentthe application server sees the connection as a connection from the Cloud Steelhead IP address and not the client IP address. All connections from a client that is not behind a NAT device are transparent and the server sees the connection as a connection from the client IP address instead of the Cloud Steelhead IP address.
restricted-transparent - All client connections are transparent with the following restrictions: If the client connection is from a NATed network, the application server detects the private IP address of the client. You can use this mode only if there is no conflict between the private IP address ranges (there are no duplicate IP addresses) and ports. This is the default mode. non-transparent - All client connections are non-transparentthe Steelhead IP address and not the client IP address. Riverbed
application server detects the connections from the server-side
recommends that you use this mode as the last option.
Usage Example
There is a constant keep-alive connection between the Cloud Steelhead and the Discovery Client.
amnesiac (config) # in-path agent-intercept keepalive count 3 You must restart the optimization service for your changes to take effect.
Riverbed Command-Line Interface Reference Manual
545
Configuration-Mode Commands
in-path agent-intercept enable
Product Related Topics
Cloud Steelhead show in-path agent-intercept
in-path agent-intercept enable
Description Syntax Parameters Usage Enables the in-path intercept mode. [no] in-path agent-intercept enable None You must map the in-path intercept feature between the Amazon Web Services (AWS) appliance public IP address and private IP address. You must restart the Cloud Steelhead for this command to take effect. The no command option disables the in-path intercept mode on the Cloud Steelhead. Example Product Related Topics
amnesiac (config) # no in-path agent-intercept enable You must restart the optimization service for your changes to take effect.
Cloud Steelhead show in-path agent-intercept
in-path agent-intercept keepalive non-zero
Description Syntax Parameters Usage Enables keep-alive non-zero in the in-path intercept mode. The keep-alive features checks for peer connectivity status and provides network activity to prevent disconnection due to inactivity. [no] in-path agent-intercept keepalive non-zero None There is a constant keep-alive connection between the Cloud Steelhead and the Discovery Client. The no command option disables the keep-alive non-zero feature in the in-path intercept mode on the server. Example Product Related Topics
amnesiac (config) # in-path agent-intercept keepalive non-zero
Cloud Steelhead show in-path agent-intercept
ip addrmap
Description Syntax Parameters Creates a new IP address map between the public IP address of the server to its private IP address in AWS. [no] ip addrmap public-addr <public IP address> private-addr <private IP address> public-addr <public IP address> Specify the public IP address of the server.
546
Riverbed Command-Line Interface Reference Manual
ip addrmap enable
Configuration-Mode Commands
private-addr <private IP address> Usage Example Product Related Topics
Specify the private IP address of the server. The command no ip addrmap does not allow the parameter private-addr.
The no command option deletes a map entry from the public to private IP address map table.
amnesiac (config) # ip addrmap public-addr 10.0.62.164 private-addr 10.0.62.165
Cloud Steelhead show ip addrmap
ip addrmap enable
Description Syntax Parameters Usage Enables the IP address mapping between the public IP address of the server and its private IP address in Amazon Web Services (AWS). [no] ip addrmap enable None The Cloud Steelhead needs to know the IP address mapping between the public and private IP addresses of the server so that it can recognize the connection coming from the server and optimize it. You must restart the Cloud Steelhead for this command to take effect. The no command option disables the IP address mapping between the public IP address of the server and its private IP address in AWS. Example Product Related Topics
amnesiac (config) # ip addrmap enable
Cloud Steelhead show ip addrmap
license client init
Description Syntax Parameters Usage Installs a one-time-token or license for the Cloud Steelhead. [no] license client init <one-time-token> <one-timetoken> Specify the one-time token required to install the Cloud Steelhead.
The license client is stored in the Cloud Steelhead and communicates with the license server. It has two main functions: It periodically contacts the license server and checks out and renews the license or lease. It enables you to query available features, licenses and other metadata such as serial number. You can configure the license client to communicate with the license server at the company headquarters or the local license server. The no command option deletes the one-time token or license.
Example
amnesiac (config) # license client init "8c163d46-39b2-427d-9b3e-4f0c5317effb"
Riverbed Command-Line Interface Reference Manual
547
Configuration-Mode Commands
license server
Product Related Topics
Cloud Steelhead show in-path agent-intercept
license server
Description Syntax Parameters Adds a license server. [no} license server <hostname> [priority <number>] [port <number>] <hostname> priority <number> port <number> Usage Specify the hostname of the computer that contains the license server. Specify the order in which the license server is added. 0 is the highest priority and 9 is the lowest priority. The default priority is 9. Specify the port number where the license server is added.
The license server provides licenses to Cloud Steelheads. The no command option deletes the license server specified. The default license server is the server hosted at Riverbed headquarters. The no license server <hostname> priority command resets the priority at which the specified license server is added to the default value. The default value is 9, the lowest priority. The no license server <hostname> port command resets the license server port to default port.
Example
amnesiac (config) # license server MyLicenseServer amnesiac (config) # show license-servers Server Name Port ----------------------------MyLicenseServer 80
Priority --------------0
Product Related Topics
Cloud Steelhead show license-servers
Displaying Cloud Steelhead Information
This section describes the show commands for displaying Cloud Steelhead information.
show discovery
Description Syntax Parameters Displays whether the Discovery Client is enabled or disabled on the Cloud Steelhead. show discovery [settings | info] info settings Example Displays groups and nodes associated with the Discovery Client in the Riverbed Cloud Portal. Displays the Discovery Client settings such as the client ID and client key.
amnesiac (config) # show discovery Enabled: no
548
Riverbed Command-Line Interface Reference Manual
show in-path agent-intercept
Configuration-Mode Commands
Product Related Topics
Cloud Steelhead discovery enable
show in-path agent-intercept
Description Syntax Parameters Example Displays the status of the in-path intercept feature. show in-path agent intercept None
amnesiac (config) # show in-path agent-intercept Enabled : yes Heartbeat port : 7850 Keepalive count : 3 Keepalive interval : 1
Product Related Topics
Cloud Steelhead in-path enable
show in-path agent intercept server-nat mode
Description Syntax Parameters Example Product Related Topics Displays the transparency mode for client connections. show in-path agent intercept server-nat mode None
amnesiac (config) # show in-path agent server-nat-mode Server NAT mode : restricted-transparent
Cloud Steelhead in-path enable
show ip addrmap
Description Syntax Parameters Displays the mapping between the public IP address and private IP address of the server in AWS. show ip addrmap [public-addr <public IP address>] public-addr <public IP address> Displays the public IP address of the Cloud Steelhead.
Example
amnesiac (config) # show ip addrmap IP address mapping: enabled Public addr Private addr ---------------------10.0.62.164 10.0.62.165
Riverbed Command-Line Interface Reference Manual
549
Configuration-Mode Commands
show license-client
Product Related Topics
Cloud Steelhead ip addrmap enable, ip addrmap
show license-client
Description Syntax Parameters Example Displays the license clients. show license-client None
gen-sh198 (config) # show license-client Status: Uninitialized Last Checkout From: Unknown Last Checkout At: 1969/12/31 16:00:00 Renew Interval: 1m 0s
Product Related Topics
Cloud Steelhead license client init, show licenses
show license-servers
Description Syntax Parameters Example Displays the license servers. show license servers None
amnesiac (config) # license server MyLicenseServer amnesiac (config) # show license-servers Server Name Port ----------------------------MyLicenseServer 80
Priority --------------0
Product Related Topics
Cloud Steelhead license server, show licenses
show web ssl cert
Description Syntax Parameters Displays the details of the existing certificate. show web ssl cert None
550
Riverbed Command-Line Interface Reference Manual
show web ssl cert
Configuration-Mode Commands
Example
amnesiac # show web ssl cert Issued To: Common Name: amnesiac Email: admin@amnesiac Organization: Riverbed Technology Organization Unit: MyOrg Locality: San Francisco State: CA Country: US Issued By: Common Name: amnesiac Email: admin@amnesiac Organization: Riverbed Technology Organization Unit: MyOrg Locality: San Francisco State: CA Country: US Validity: Issued On: Dec 23 21:30:07 2010 GMT Expires On: Dec 22 21:30:07 2012 GMT Fingerprint: SHA1: B6:85:64:BA:43:C6:6D:53:45:B1:B4:87:FF:E1:A8:DB:62:F7:3C:45
Product Related Topics
CMC appliance, Interceptor appliance, Steelhead appliance, Steelhead Mobile Controller show web ssl cipher
Riverbed Command-Line Interface Reference Manual
551
Configuration-Mode Commands
show web ssl cert
552
Riverbed Command-Line Interface Reference Manual
CHAPTER 5
Troubleshooting
This chapter contains a table of commands to provide a quick reference for troubleshooting.
Problem General Commands show stats alarm show logging logging local show info show version Start, Stop, and Reboot service map-port service map-port Connectivity Issue ping traceroute show bootvar Data Store Optimization Service show datastore show in-path show in-path cdp show out-of-path show in-path rules show peers show service show wccp show licenses
Riverbed Command-Line Interface Reference Manual
553
Troubleshooting
Problem Hardware
Commands show stats cpu show stats memory show stats ecc-ram show stats fan show hardware error-log show hardware error-log
Protocol Specific
show protocol cifs show protocol nfs show protocol mapi show protocol ftp show protocol http show protocol ms-sql show protocol notes show protocol oracle-forms show protocol ssl
PFS and Prepopulation
show pfs status show pfs configuration show prepop pfs settings
Asymmetric Routing and Failover
show failover show in-path asym-route-tab show in-path neighbor show in-path neighbor advertiseresync show hardware error-log
RAID
show raid configuration show raid diagram show raid error-msg show raid info show report
Upgrade and Boot
show images show bootvar
Collecting System Data for Riverbed Technical Support
RiOS TCP Dump Commands disable
554
Riverbed Command-Line Interface Reference Manual
APPENDIX A
Riverbed Ports
This appendix provides a reference to ports used by the system. It includes the following sections: Default Ports on page 555 Commonly Excluded Ports on page 556 Interactive Ports Forwarded by the Steelhead Appliance on page 556 Secure Ports Forwarded by the Steelhead Appliance on page 557
Default Ports
The following table summarizes Steelhead appliance default ports with the port label: RBT-Proto.
Default Ports 7744 7800 7801 7810 7820 7850 7860 7870 Description Data store synchronization port. In-path port for appliance-to-appliance connections. Network Address Translation (NAT) port. Out-of-path server port. Failover port for redundant appliances. Connection forwarding (neighbor) port. Interceptor appliance. Steelhead Mobile.
Note: Because optimization between Steelhead appliances typically takes place over a secure WAN, it is not necessary to configure company firewalls to support Steelhead-specific ports. If there are one or more firewalls between two Steelhead appliances, ports 7800 and 7810, must be passed through firewall devices located between the pair of Steelhead appliances. Also, SYN and SYN/ACK packets with the TCP option 76 must be passed through firewalls for auto-discovery to function properly. For the CMC, port 22 must be passed through for the firewall to function properly.
Riverbed Command-Line Interface Reference Manual
555
Riverbed Ports
Commonly Excluded Ports
Commonly Excluded Ports
This section summarizes the ports that are commonly excluded from optimization in the Steelhead appliance. If you have multiple ports that you want to exclude, create a port label and list the ports.
Application PolyComm (video conferencing) Cisco IPTel Ports 1503, 1720-1727, 3230-3253, 5060 2000
Interactive Ports Forwarded by the Steelhead Appliance
A default in-path rule with the port label Interactive is automatically created in your system. This in-path rule automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell).
Tip: If you do not want to automatically forward these ports, simply delete the Interactive rule in the Management Console.
The following table lists the interactive ports that are automatically forwarded by the Steelhead appliance.
Port 7 23 37 107 179 513 514 1494 1718-1720 2000-2003 2427 2598 2727 3389 5060 5631 Description TCP ECHO Telnet UDP/Time Remote Telnet Service Border Gateway Protocol Remote Login Shell Citrix h323gatedisc Cisco SCCp Media Gateway Control Protocol Gateway Citrix Media Gateway Control Protocol Call Agent MS WBT Server, TS/Remote Desktop SIP PC Anywhere
556
Riverbed Command-Line Interface Reference Manual
Secure Ports Forwarded by the Steelhead Appliance
Riverbed Ports
Port 5900-5903 6000
Description VNC X11
Secure Ports Forwarded by the Steelhead Appliance
A default in-path rule with the port label Secure is automatically created in your system. This in-path rule automatically passes through traffic on commonly secure ports (for example, ssh, https, and smtps).
Tip: If you do not want to automatically forward these ports, simply delete the Secure rule in the Management Console.
The following table lists the common secure ports that are automatically forwarded by the Steelhead appliance.
Type ssh tacacs https smtps nntps imap4-ssl sshell ldaps ftps-data ftps telnets imaps pop3s l2tp pptp tftps Port 22/tcp 49/tcp 443/tcp 465/tcp 563/tcp 585/tcp 614/tcp 636/tcp 989/tcp 990/tcp 992/tcp 993/tcp 995/tcp 1701/tcp 1723/tcp 3713/tcp Description SSH Remote Login Protocol TACACS+ http protocol over TLS/SSL # SMTP over SSL (TLS) nntp protocol over TLS/SSL (was snntp) IMAP4+SSL (use 993 instead) SSLshell ldap protocol over TLS/SSL (was sldap) FTP protocol, data, over TLS/SSL FTP protocol, control, over TLS/SSL telnet protocol over TLS/SSL imap4 protocol over TLS/SSL pop3 protocol over TLS/SSL (was spop3) l2tp pptp TFTP over TLS
The following table contains the uncommon ports automatically forwarded by the Steelhead appliance.
Type nsiiops ddm-ssl corba-iiop-ssl Port 261/tcp 448/tcp 684/tcp Description IIOP Name Service over TLS/SSL DDM-Remote DB Access Using Secure Sockets CORBA IIOP SSL
Riverbed Command-Line Interface Reference Manual
557
Riverbed Ports
Secure Ports Forwarded by the Steelhead Appliance
Type ieee-mms-ssl ircs njenet-ssl ssm-cssps ssm-els giop-ssl ttc-ssl groove syncserverssl dicom-tls realsecure orbix-loc-ssl orbix-cfg-ssl cops-tls csvr-sslproxy xnm-ssl msft-gc-ssl networklenss xtrms jt400-ssl seclayer-tls vt-ssl jboss-iiop-ssl ibm-diradm-ssl can-nds-ssl can-ferret-ssl linktest-s asap-tcp-tls topflow-ssl sdo-tls sdo-ssh iss-mgmt-ssl suucp wsm-server-ssl
Port 695/tcp 994/tcp 2252/tcp 2478/tcp 2479/tcp 2482/tcp 2484/tcp 2492 2679/tcp 2762/tcp 2998/tcp 3077/tcp 3078/tcp 3183/tcp 3191/tcp 3220/tcp 3269/tcp 3410/tcp 3424/tcp 3471/tcp 3496/tcp 3509/tcp 3529/tcp 3539/tcp 3660/tcp 3661/tcp 3747/tcp 3864/tcp 3885/tcp 3896/tcp 3897/tcp 3995/tcp 4031/tcp 5007/tcp
Description IEEE-MMS-SSL irc protocol over TLS/SSL NJENET using SSL SecurSight Authentication Server (SSL) SecurSight Event Logging Server (SSL) Oracle GIOP SSL Oracle TTC SSL GROOVE Sync Server SSL DICOM TLS Real Secure Orbix 2000 Locator SSL Orbix 2000 Locator SSL COPS/TLS ConServR SSL Proxy XML NM over SSL Microsoft Global Catalog with LDAP/SSL NetworkLens SSL Event xTrade over TLS/SSL jt400-ssl securitylayer over tls Virtual Token SSL Port JBoss IIOP/SSL IBM Directory Server SSL Candle Directory Services using SSL Candle Directory Services using SSL LXPRO.COM LinkTest SSL asap/tls tcp port TopFlow SSL Simple Distributed Objects over TLS Simple Distributed Objects over SSH ISS Management Svcs SSL UUCP over SSL wsm server ssl
558
Riverbed Command-Line Interface Reference Manual
Secure Ports Forwarded by the Steelhead Appliance
Riverbed Ports
Type sip-tls imqtunnels davsrcs intrepid-ssl rets-ssl
Port 5061/tcp 7674/tcp 9802/tcp 11751/tcp 12109/tcp
Description SIP-TLS iMQ SSL tunnel WebDAV Source TLS/SSL Intrepid SSL RETS over SSL
Riverbed Command-Line Interface Reference Manual
559
Riverbed Ports
Secure Ports Forwarded by the Steelhead Appliance
560
Riverbed Command-Line Interface Reference Manual
APPENDIX B
Steelhead Appliance MIB
This appendix provides a reference to the Steelhead Enterprise MIB and SNMP traps. These tools allow for easy management of the Steelhead appliances and straightforward integration into existing network management systems. This appendix includes the following sections: Accessing the Steelhead Enterprise MIB on page 561 SNMP Traps on page 562
Note: RiOS v6.0 and later includes support for integration of a configurable XML/SOAP API. The SOAP API allows a broad set of reporting and management actions to be taken from external Network Management Systems (for example, HP OpenView). Most statistics are exposed and many configuration actions can be taken remotely. For information on the SOAP API, see the Steelhead Appliance API Guide.
Accessing the Steelhead Enterprise MIB
The Steelhead Enterprise MIB monitors device status, peers, and provides network statistics for seamless integration into network management systems such as Hewlett Packard OpenView Network Node Manager, PRTG, and other SNMP browser tools. For details on configuring and using these network monitoring tools, consult their individual Web sites. The following guidelines describe how to download and access the Steelhead Enterprise MIB using common MIB browsing utilities: You can download the Steelhead Enterprise MIB (STEELHEAD-MIB.txt) from the Support page of the Management Console or from the Riverbed Support site at https://support.riverbed.com and load it into any MIB browser utility. Some utilities might expect a file type other than a text file. If this occurs, change the file type to the one expected. Some utilities assume that the root is mib-2 by default. If the utility sees a new node, such as enterprises, it might look under mib-2.enterprises. If this occurs, use .iso.org.dod.internet.private.enterprises.rbt as the root.
Riverbed Command-Line Interface Reference Manual
561
Steelhead Appliance MIB
SNMP Traps
Some command-line browsers might not load all MIB files by default. If this occurs, find the appropriate command option to load the STEELHEAD-MIB.txt file. For example, for NET-SNMP browsers: snmpwalk -m all.
Retrieving Optimized Traffic Statistics By Port
When you perform an snmpwalk on the Steelhead MIB object bwPortTable to display a table of statistics for optimized traffic by port, it retrieves only the monitored ports. The monitored ports include the default TCP ports and any ports you add. To view the monitored ports this object returns, choose Configure > System Settings > Monitored Ports or enter the following CLI command at the system prompt:
show stats settings bandwidth ports
To retrieve statistics for an individual port, perform an smnpget for that port. For example:
.iso.org.dod.internet.private.enterprises.rbt.products.steelhead.statistics.bandwidth. bandwidthPerPort.bwPort Table.bwPortEntry.bwPortOutLan.port_number
SNMP Traps
Every Steelhead appliance supports SNMP traps and email alerts for conditions that require attention or intervention. An alarm fires for most, but not every, event and the related trap is sent. For most events, when the condition clears, the system clears the alarm and also sends out a clear trap. The clear traps are useful in determining when an event has been resolved. This section describes the SNMP traps. It does not list the corresponding clear traps. RiOS v6.0 and later includes support for SNMP v3. You can view Steelhead appliance health at the top of each Management Console page, and by entering the CLI show info command, and through SNMP (health, systemHealth). The Steelhead appliance tracks key hardware and software metrics and alerts you of any potential problems so you can quickly discover and diagnose issues. The health of an appliance falls into one of the following states: Healthy - The Steelhead is functioning and optimizing traffic. Needs Attention - Accompanies a healthy state to indicate management-related issues not affecting the ability of the Steelhead to optimize traffic. Degraded - The Steelhead is optimizing traffic but the system has detected an issue. Admission Control - The Steelhead is optimizing traffic but has reached its connection limit. Critical - The Steelhead may or may not be optimizing traffic; you need to address a critical issue.
562
Riverbed Command-Line Interface Reference Manual
SNMP Traps
Steelhead Appliance MIB
The following table summarizes the SNMP traps sent out from the system to configured trap receivers and their effect on the Steelhead appliance health state.
Trap and OID procCrash (enterprises.17163.1.1.4.0.1) Steelhead State Text A procCrash trap signifies that a process managed by PM has crashed and left a core file. The variable sent with the notification indicates which process crashed. Description A process has crashed and subsequently been restarted by the system. The trap contains the name of the process that crashed. A system snapshot associated with this crash has been created on the appliance and is accessible via the CLI or the Management Console. Riverbed Support might need this information to determine the cause of the crash. No other action is required on the appliance as the crashed process is automatically restarted. A process has unexpectedly exited and been restarted by the system. The trap contains the name of the process. The process might have exited automatically or due to other process failures on the appliance. Review the release notes for known issues related to this process exit. If none exist, Contact Riverbed Support to determine the cause of this event. No other action is required on the appliance as the crashed process is automatically restarted. Average CPU utilization has exceeded an acceptable threshold. If CPU utilization spikes are frequent, it might be because the system is undersized. Sustained CPU load can be symptomatic of more serious issues. Consult the CPU Utilization report to gauge how long the system has been loaded and also monitor the amount of traffic currently going through the appliance. A one-time spike in CPU is normal but Riverbed recommends reporting extended high CPU utilization to Riverbed Support. No other action is necessary as the alarm clears automatically. The system is running low on memory and has begun swapping memory pages to disk. This event can be triggered during a software upgrade while the optimization service is still running but there can be other causes. If this event triggers at any other time, generate a debug sysdump and send it to Riverbed Support. No other action is required as the alarm clears automatically. A disk is about to fail. Contact Riverbed Support immediately. Note: Applicable to models 100, 200, 510, 520, 1010, 1020, 2010, 2510, and 2511 only.
procExit (enterprises.17163.1.1.4.0.2)
A procExit trap signifies that a process managed by PM has exited unexpectedly, but not left a core file. The variable sent with the notification indicates which process exited.
cpuUtil (enterprises.17163.1.1.4.0.3)
Degraded
The average CPU utilization in the past minute has gone above the acceptable threshold.
pagingActivity (enterprises.17163.1.1.4.0.4)
Degraded
The system has been paging excessively (thrashing).
smartError (enterprises.17163.1.1.4.0.5)
SMART has sent an event about a possible disk error.
Riverbed Command-Line Interface Reference Manual
563
Steelhead Appliance MIB
SNMP Traps
Trap and OID peerVersionMismatch (enterprises.17163.1.1.4.0.6)
Steelhead State Degraded
Text Detected a peer with a mismatched software version.
Description The appliance has encountered another appliance which is running an incompatible version of system software. Refer to the CLI, Management Console, or the SNMP peer table to determine which appliance is causing the conflict. Connections with that peer will not be optimized, connections with other peers running compatible RiOS versions are unaffected. To resolve the problem, upgrade your system software. No other action is required as the alarm clears automatically. The appliance has entered bypass mode and is now passing through all traffic unoptimized. This error is generated if the optimization service locks up or crashes. It can also be generated when the system is first turned on or turned off. If this trap is generated on a system that was previously optimizing and is still running, contact Riverbed Support. A drive has failed in a RAID array. Consult the CLI or Management Console to determine the location of the failed drive. Contact Riverbed Support for assistance with installing a new drive, a RAID rebuild, or drive reseating. The appliance continues to optimize during this event. After the error is corrected, the alarm clears automatically. Note: Applicable to models 3010, 3510, 3020, 3520, 5010, 5520, 6020, and 6120 only.
bypassMode (enterprises.17163.1.1.4.0.7)
Critical
The appliance has entered bypass (failthru) mode.
raidError (enterprises.17163.1.1.4.0.8)
Degraded
An error has been generated by the RAID array.
storeCorruption (enterprises.17163.1.1.4.0.9) admissionMemError (enterprises.17163.1.1.4.0.10)
Critical
The data store is corrupted. Admission control memory alarm has been triggered.
Corruption has been detected in the datastore. Contact Riverbed Support immediately. The appliance has entered admission control due to memory consumption. The appliance is optimizing traffic beyond its rated capability and is unable to handle the amount of traffic passing through the WAN link. During this event, the appliance continues to optimize existing connections, but new connections are passed through without optimization. No other action is necessary as the alarm clears automatically when the traffic has decreased.
Admission Control
564
Riverbed Command-Line Interface Reference Manual
SNMP Traps
Steelhead Appliance MIB
Trap and OID admissionConnError (enterprises.17163.1.1.4.0.11)
Steelhead State Admission Control
Text Admission control connections alarm has been triggered.
Description The appliance has entered admission control due to the number of connections and is unable to handle the amount of connections going over the WAN link. During this event, the appliance continues to optimize existing connections, but new connections are passed through without optimization. No other action is necessary as the alarm clears automatically when the traffic has decreased. The optimization service has halted due to a serious software error. See if a core dump or sysdump was created. If so, retrieve and contact Riverbed Support immediately. The optimization service has encountered a condition which might degrade optimization performance. Consult the system log for more information. No other action is necessary. A scheduled job on the system (for example, a software upgrade) has failed. To determine which job failed, use the CLI or the Management Console. A user on the system has entered a configuration mode from either the CLI or the Management Console. A log in to the Management Console by user admin sends this trap as well. This is for notification purposes only; no other action is necessary. A user on the system has exited configuration mode from either the CLI or the Management Console. A log out of the Management Console by user admin sends this trap as well. This is for notification purposes only; no other action is necessary. The system has lost one of its Ethernet links due to a network event. Check the physical connectivity between the Steelhead appliance and its neighbor device. Investigate this alarm as soon as possible. Depending on what link is down, the system might no longer be optimizing and a network outage could occur. This is often caused by surrounding devices, like routers or switches interface transitioning. This alarm also accompanies service or system restarts on the Steelhead appliance.
haltError (enterprises.17163.1.1.4.0.12)
Critical
The service is halted due to a software error.
serviceError (enterprises.17163.1.1.4.0.13)
Degraded
There has been a service error. Please consult the log file.
scheduledJobError (enterprises.17163.1.1.4.0.14)
A scheduled job has failed during execution.
confModeEnter (enterprises.17163.1.1.4.0.15)
A user has entered configuration mode.
confModeExit (enterprises.17163.1.1.4.0.16)
A user has exited configuration mode.
linkError (enterprises.17163.1.1.4.0.17)
Degraded
An interface on the appliance has lost its link.
Riverbed Command-Line Interface Reference Manual
565
Steelhead Appliance MIB
SNMP Traps
Trap and OID nfsV2V4 (enterprises.17163.1.1.4.0.18)
Steelhead State Degraded
Text NFS v2/v4 alarm notification.
Description The Steelhead appliance has detected that either NFSv2 or NFSv4 is in use. The Steelhead appliance only supports NFSv3 and passes through all other versions. Check that the clients and servers are using NFSv3 and reconfigure if necessary. A redundant power supply on the appliance has failed on the appliance and needs to be replaced. Contact Riverbed Support for an RMA replacement as soon as practically possible. Asymmetric routing has been detected on the network. This is very likely due to a failover event of an inner router or VPN. If so, no action needs to be taken. If not, contact Riverbed Support for further troubleshooting assistance. A fan is failing or has failed and needs to be replaced. Contact Riverbed Support for an RMA replacement as soon practically possible. A memory error has been detected. A system memory stick might be failing. Try reseating the memory first. If the problem persists, contact Riverbed Support for an RMA replacement as soon as practically possible. An Intelligent Platform Management Interface (IPMI) event has been detected. Check the Alarm Status page for more detail. You can also view the IPMI events on the Steelhead appliance, by entering the CLI command:
show hardware error-log all
powerSupplyError (enterprises.17163.1.1.4.0.19)
Degraded
A power supply on the appliance has failed (not supported on all models).
asymRouteError (enterprises.17163.1.1.4.0.20)
Asymmetric routes have been detected, certain connections might not have been optimized because of this. Degraded A fan has failed on this appliance (not supported on all models). A memory error has been detected on the appliance (not supported on all models).
fanError (enterprises.17163.1.1.4.0.21)
memoryError (enterprises.17163.1.1.4.0.22)
Degraded
ipmi (enterprises.17163.1.1.4.0.23)
Degraded
An IPMI event has been detected on the appliance. Please check the details in the alarm report on the Web UI (not supported on all models).
configChange (enterprises.17163.1.1.4.0.24)
A change has been made to the system configuration.
A configuration change has been detected. Check the log files around the time of this trap to determine what changes were made and whether they were authorized. The datastore on the Steelhead appliance went through an entire cycle and is removing data to make space for new data. This is normal behavior unless it wraps too quickly, which might indicate the datastore is undersized. If message is received every seven days or less, investigate traffic patterns and datastore sizing.
datastoreWrapped (enterprises.17163.1.1.4.0.25)
The datastore has wrapped around.
566
Riverbed Command-Line Interface Reference Manual
SNMP Traps
Steelhead Appliance MIB
Trap and OID temperatureWarning (enterprises.17163.1.1.4.0.26)
Steelhead State Degraded
Text The system temperature has exceeded the threshold.
Description The appliance temperature is a configurable notification. By default, this notification is set to trigger when the appliance reached 70 degrees Celsius. Raise the alarm trigger temperature if it is normal for the Steelhead appliance to get that hot, or reduce the temperature of the Steelhead appliance. This trap/alarm triggers a critical state on the appliance. This alarm occurs when the appliance temperature reaches 90 degrees Celsius. The temperature value is not user-configurable. Reduce the appliance temperature. The connection forwarding neighbor has not responded to a keep-alive message within the time-out period, indicating that the connection has been lost. This alarm clears automatically when all neighbors of the Steelhead appliance are responding to keep-alive messages within the time-out period. The connection cannot be established with a connection forwarding neighbor. This alarm clears automatically the next time all neighbors connect successfully. The connection has been closed by the connection forwarding neighbor. This alarm clears automatically the next time all neighbors connect successfully. The connection has been lost with the connection forwarding neighbor due to an error. This alarm clears automatically the next time all neighbors connect successfully. The connection has been lost because requests have not been acknowledged by a connection forwarding neighbor within the set time-out threshold. This alarm clears automatically the next time all neighbors receive an ACK from this neighbor and the latency of that acknowledgment is less than the set time-out threshold. The Steelhead appliance has timed out while waiting for an initialization message from the connection forwarding neighbor. This alarm clears automatically when the Steelhead appliance is able to read the initialization message from all of its neighbors.
temperatureCritical (enterprises.17163.1.1.4.0.27)
Critical
The system temperature has reached a critical stage.
cfKeepaliveTimeout (enterprises.17163.1.1.4.0.28)
Degraded
Connection lost due to lack of keep-alives from the specified neighbor.
cfConnFailure (enterprises.17163.1.1.4.0.29)
Degraded
Unable to establish connection with the specified neighbor. Connection lost since end of stream was received from the specified neighbor. Connection lost due to an error communicating with the specified neighbor.
cfConnLostEos (enterprises.17163.1.1.4.0.30)
Degraded
cfConnLostErr (enterprises.17163.1.1.4.0.31)
Degraded
cfAckTimeout (enterprises.17163.1.1.4.0.32)
Degraded
Connection lost due to lack of ACKs from the specified neighbor.
cfReadInfoTimeout (enterprises.17163.1.1.4.0.33)
Degraded
Timeout reading info from the specified neighbor.
Riverbed Command-Line Interface Reference Manual
567
Steelhead Appliance MIB
SNMP Traps
Trap and OID cfLatencyExceeded (enterprises.17163.1.1.4.0.34)
Steelhead State Degraded
Text Connection forwarding latency with the specified neighbor has exceeded the threshold.
Description The amount of latency between connection forwarding neighbors has exceeded the specified threshold. The alarm clears automatically when the latency falls below the specified threshold. An SSL peering certificate has failed to re-enroll with the Simple Certificate Enrollment Protocol (SCEP). The polling for SSL peering CAs has failed to update the Certificate Revocation List (CRL) within the specified polling period. This alarm clears automatically when the CRL is updated. The datastore synchronization between two Steelhead appliances has been disrupted and the datastores are no longer synchronized. The secure vault is locked. SSL traffic is not being optimized and the datastore cannot be encrypted. Check the Alarm Status page for more details. The alarm clears when the secure vault is unlocked. The secure vault password needs to be verified or reset. Initially, the secure vault has a default password known only to the RiOS software so the Steelhead appliance can automatically unlock the vault during system startup. For details, check the Alarm Status page and refer to Knowledge Base article 5592. The alarm clears when you verify the default password or reset the password.
sslPeeringSCEPAutoReenroll Error (enterprises.17163.1.1.4.0.35) crlError (enterprises.17163.1.1.4.0.36)
Needs Attention Needs Attention
There is an error in the automatic re-enrollment of the SSL peering certificate. CRL polling fails.
datastoreSyncFailure (enterprises.17163.1.1.4.0.37)
Degraded
Data store sync has failed.
secureVaultNeedsUnlock (enterprises.17163.1.1.4.0.38)
Needs Attention
SSL acceleration and the secure data store cannot be used until the secure vault has been unlocked.
secureVaultNeedsRekey (enterprises.17163.1.1.4.0.39)
Needs Attention
If you wish to use a nondefault password for the secure vault, the password must be rekeyed. Please see Knowledge Base article 5592 for more details.
secureVaultInitError (enterprises.17163.1.1.4.0.40)
An error was detected while initializing the secure vault. Please contact Riverbed Support. The current appliance configuration has been saved.
An error occurred while initializing the secure vault after a RiOS software version upgrade. Contact Riverbed Support. A configuration has been saved either by entering the
write mem
configSave (enterprises.17163.1.1.4.0.41)
CLI command or by clicking Save in the Management Console. This message is for security notification purposes only; no other action is necessary.
568
Riverbed Command-Line Interface Reference Manual
SNMP Traps
Steelhead Appliance MIB
Trap and OID tcpDumpStarted (enterprises.17163.1.1.4.0.42)
Steelhead State
Text A TCP dump has been started.
Description A user has started a TCP dump on the Steelhead appliance by entering a
tcpdump
or
tcpdump-x
command from the CLI. This message is for security notification purposes only; no other action is necessary. tcpDumpScheduled (enterprises.17163.1.1.4.0.43) A TCP dump has been scheduled. A user has started a TCP dump on the Steelhead appliance by entering a
tcpdump
or
tcpdump-x
command with a scheduled start time from the CLI. This message is for security notification purposes only; no other action is necessary. newUserCreated (enterprises.17163.1.1.4.0.44) A new user has been created. A new Role-Based Management user has been created using the CLI or the Management Console. This message is for security notification purposes only; no other action is necessary. A disk error has been detected. A disk might be failing. Try reseating the memory first. If the problem persists, contact Riverbed Support. Triggers on Steelhead appliance models 7050L and 7050M. A Solid State Disk (SSD) has reached 95% of its write cycle limit. Contact Riverbed Support. A user has logged in to the Steelhead appliance using the Command Line Interface. This message is for security notification purposes only; no other action is necessary. A user has logged out of the Steelhead appliance using the Command Line Interface using the Quit command or ^D. This message is for security notification purposes only; no other action is necessary. A user has logged in to the Steelhead appliance using the Management Console. This message is for security notification purposes only; no other action is necessary.
diskError (enterprises.17163.1.1.4.0.45)
Disk error has been detected.
wearWarning (enterprises.17163.1.1.4.0.46)
Accumulated SSD write cycles passed predefined level.
cliUserLogin (enterprises.17163.1.1.4.0.47)
A user has just logged-in via CLI.
cliUserLogout (enterprises.17163.1.1.4.0.48)
A CLI user has just logged-out.
webUserLogin (enterprises.17163.1.1.4.0.49)
A user has just logged-in via the Web UI.
Riverbed Command-Line Interface Reference Manual
569
Steelhead Appliance MIB
SNMP Traps
Trap and OID webUserLogout (enterprises.17163.1.1.4.0.50)
Steelhead State
Text A user has just logged-out via the Web UI.
Description A user has logged out of the Steelhead appliance using the Management Console. This message is for security notification purposes only; no other action is necessary. An SNMP trap test has occurred on the Steelhead appliance. This message is informational and no action is necessary. The appliance has entered admission control due to high CPU use. During this event, the appliance continues to optimize existing connections, but new connections are passed through without optimization. No other action is necessary as the alarm clears automatically when the CPU usage has decreased. The appliance has entered admission control due to high TCP memory use. During this event, the appliance continues to optimize existing connections, but new connections are passed through without optimization. No other action is necessary as the alarm clears automatically when the TCP memory pressure has decreased. The alarm clears when the system partitions fall below usage thresholds.
trapTest (enterprises.17163.1.1.4.0.51) admissionCpuError (enterprises.17163.1.1.4.0.52) Admission Control
Trap Test
Optimization service is experiencing high CPU utilization.
admissionTcpError (enterprises.17163.1.1.4.0.53)
Admission Control
Optimization service is experiencing high TCP memory pressure.
systemDiskFullError (enterprises.17163.1.1.4.0.54)
One or more system partitions is full or almost full.
570
Riverbed Command-Line Interface Reference Manual
SNMP Traps
Steelhead Appliance MIB
Trap and OID domainJoinError (enterprises.17163.1.1.4.0.55)
Steelhead State
Text An attempt to join a domain failed.
Description An attempt to join a Windows domain has failed. The number one cause of failing to join a domain is a significant difference in the system time on the Windows domain controller and the Steelhead appliance. When the time on the domain controller and the Steelhead appliance do not match, the following error message appears:
lt-kinit: krb5_get_init_creds: Clock skew too great
Riverbed recommends using NTP time synchronization to synchronize the client and server clocks. It is critical that the Steelhead appliance time is the same as on the Active Directory controller. Sometimes an NTP server is down or inaccessible, in which case there can be a time difference.You can also disable NTP if it is not being used and manually set the time. You must also verify that the time zone is correct. A domain join can fail when the DNS server returns an invalid IP address for the Domain Controller. When a DNS misconfiguration occurs during an attempt to join a domain, the following error messages appear:
Failed to join domain: failed to find DC for domain <domain name> Failed to join domain : No Logon Servers
Additionally, the Domain Join alarm triggers and messages similar to the following appear in the logs:
Oct 13 14:47:06 bravo-sh81 rcud[10014]: [rcud/main/.ERR] - {-} Failed to join domain: failed to find DC for domain GENVCS78DOM.COM
When you encounter this error, go to the Configure > Networking > Host Settings page and verify that the DNS settings are correct. certsExpiringError (enterprises.17163.1.1.4.0.56) Some x509 certificates may be expiring. The service has detected some x.509 certificates used for Network Administration Access to the Steelhead appliance that are close to their expiration dates. The alarm clears when the x.509 certificates are updated.
Riverbed Command-Line Interface Reference Manual
571
Steelhead Appliance MIB
SNMP Traps
Trap and OID licenseError (enterprises.17163.1.1.4.0.57)
Steelhead State
Text The main Steelhead license has expired, been removed, or become invalid. Hardware error detected.
Description A license on the Steelhead appliance has been removed, has expired, or is invalid. The alarm clears when a valid license is added or updated. A hardware error has been detected. Triggers an alarm when any top-level module on the system detail report is in error. The total number of MAPI optimized connections have exceeded the maximum admission control threshold. By default, the maximum admission control threshold is 85% of the total maximum optimized connection count for the client-side Steelhead appliance. The Steelhead appliance reserves the remaining 15% so the MAPI admission control does not affect the other protocols. The 85% threshold is applied only to MAPI connections. RiOS is now passing through MAPI connections from new clients but continues to intercept and optimize MAPI connections from existing clients (including new MAPI connections from these clients). RiOS continues optimizing non-MAPI connections from all clients. This alarm is disabled by default. The alarm clears automatically when the MAPI traffic has decreased; however, it can take one minute for the alarm to clear. Important: MAPI admission control cannot solve a general Steelhead appliance Admission Control Error (enterprises.17163.1.1.4.0.11); however, it can help to prevent it from occurring.
hardwareError (enterprises.17163.1.1.4.0.58) sysdetailError (enterprises.17163.1.1.4.0.59) admissionMapiError (enterprises.17163.1.1.4.0.60) Needs Attention Degraded
Error is found in System Detail Report. New MAPI connections will be passed through due to high connection count.
neighborIncompatibility (enterprises.17163.1.1.4.0.61) flashError (enterprises.17163.1.1.4.0.62)
Degraded
Serial cascade misconfiguration has been detected. Flash hardware error detected.
Check your auto-peering configuration. Restart the optimization service to clear the alarm. At times, the USB flash drive that holds the system images may become unresponsive. When this happens, the system is unable to write a new upgrade image to the flash drive without first power cycling the system. Reboot using either the Management Console or the CLI reload command to automatically power cycle the Steelhead appliance and restore the flash drive to proper function.
572
Riverbed Command-Line Interface Reference Manual
SNMP Traps
Steelhead Appliance MIB
Riverbed Command-Line Interface Reference Manual
573
Steelhead Appliance MIB
SNMP Traps
574
Riverbed Command-Line Interface Reference Manual
Acronyms and Abbreviations
AAA. Authentication, Authorization, and Accounting. ACL. Access Control List. ACK. Acknowledgment Code. ACS. (Cisco) Access Control Server. AD. Active Directory. ADS. Active Directory Services. AES. Advanced Encryption Standard. APT. Advanced Packaging Tool. AR. Asymmetric Routing. ARP. Address Resolution Protocol. BDP. Bandwidth-Delay Product. BW. Bandwidth. CA. Certificate Authority. CAD. Computer Aided Design. CDP. Cisco Discovery Protocol or Certificate Distribution Point. CHD. Computed Historical Data. CIFS. Common Internet File System. CLI. Command-Line Interface. CMC. Central Management Console. CPU. Central Processing Unit.
Riverbed Command-Line Interface Reference Manual
575
Acronyms and Abbreviations
CRL. Certificate Revocation List. CRM. Customer Relationship Management. CSR. Certificate Signing Request. CSV. Comma-Separated Value. DC. Domain Controller. DER. Distinguished Encoding Rules. DES. Data Encryption Standard. DHCP. Dynamic Host Configuration Protocol. DID. Deployment ID. DMZ. Demilitarized Zone. DNS. Domain Name Service. DR. Data Replication. DSA. Digital Signature Algorithm. DSCP. Differentiated Services Code Point. ECC. Error-Correcting Code. ERP. Enterprise Resource Planning. ESD. Electrostatic Discharge. FDDI. Fiber Distributed Data Interface. FIFO. First in First Out. FIPS. Federal Information Processing Standards. FSID. File System ID. FTP. File Transfer Protocol. GB. Gigabytes. GMT. Greenwich Mean Time. GPO. Group Policy Object. GRE. Generic Routing Encapsulation. GUI. Graphical User Interface.
576
Riverbed Command-Line Interface Reference Manual
Acronyms and Abbreviations
HFSC. Hierarchical Fair Service Curve. HSRP. Hot Standby Routing Protocol. HSTCP. High-Speed Transmission Control Protocol. HTTP. HyperText Transport Protocol. HTTPS. HyperText Transport Protocol Secure. ICA. Independent Computing Architecture. ICMP. Internet Control Message Protocol. ID. Identification Number. IETF. Internet Engineering Task Force. IGP. Interior Gateway Protocol. IKE. Internet Key Exchange. IOS. (Cisco) Internetwork Operating System. IP. Internet Protocol. IPMI. Intelligent Platform Management Interface. IPSec. Internet Protocol Security Protocol. ISL. InterSwitch Link. Also known as Cisco InterSwitch Link Protocol. L2. Layer-2. L4. Layer-4. LAN. Local Area Network. LDAP. Lightweight Directory Access Protocol. LED. Light-Emitting Diode. LRU. Least Recently Used. LZ. Lempel-Ziv. MAC. Media Access Control. MAPI. Messaging Application Protocol Interface. MDI, MDI-X. Medium Dependent Interface-Crossover. MEISI. Microsoft Exchange Information Store Interface.
Riverbed Command-Line Interface Reference Manual
577
Acronyms and Abbreviations
MIB. Management Information Base. MOTD. Message of the Day. MS GPO. Microsoft Group Policy Object. MS SMS. Microsoft Systems Management Server. MS-SQL. Microsoft Structured Query Language. MSFC. Multilayer Switch Feature Card. MSI Package. Microsoft Installer Package. MTU. Maximum Transmission Unit. MX-TCP. Max-Speed TCP. NAS. Network Attached Storage. NAT. Network Address Translate. NFS. Network File System. NIS. Network Information Services. NSPI. Name Service Provider Interface. NTLM. Windows NT LAN Manager. NTP. Network Time Protocol. OSI. Open System Interconnection. OSPF. Open Shortest Path First. PAP. Password Authentication Protocol. PBR. Policy-Based Routing. PCI. Peripheral Component Interconnect. PEM. Privacy Enhanced Mail. PFS. Proxy File Service. PKCS12. Public Key Cryptography Standard #12. PRTG. Paessler Router Traffic Grapher. PSU. Power Supply Unit. QoS. Quality of Service.
578
Riverbed Command-Line Interface Reference Manual
Acronyms and Abbreviations
RADIUS. Remote Authentication Dial-In User Service. RAID. Redundant Array of Independent Disks. RCU. Riverbed Copy Utility. ROFS. Read-Only File System. RPC. Remote Procedure Call. RSA. Rivest-Shamir-Adleman Encryption Method by RSA Security. RSP. Riverbed Services Platform. SA. Security Association. SAP. System Application Program. SCP. Secure Copy Program. SCEP. Simple Certificate Enrollment Protocol. SCPS. Space Communications Protocol Standards. SDR. Scalable Data Referencing. SEL. System Event Log. SFQ. Stochastic Fairness Queuing. SMB. Server Message Block. SMI. Structure of Management Information. SMTP. Simple Mail Transfer Protocol. SNMP. Simple Network Management Protocol. SOAP. Simple Object Access Protocol SPAN. Switched Port Analyzer. SQL. Structured Query Language. SSH. Secure Shell. SSL. Secure Sockets Layer. SYN. Synchronize. SYN/ACK. Synchronize/Acknowledgement. TA. Transaction Acceleration.
Riverbed Command-Line Interface Reference Manual
579
Acronyms and Abbreviations
TACACS+. Terminal Access Controller Access Control System. TCP. Transmission Control Protocol. TCP/IP. Transmission Control Protocol/Internet Protocol. ToS. Type of Service. TP. Transaction Prediction. TTL. Time to Live. U. Unit. UDP. User Diagram Protocol. UNC. Universal Naming Convention. URL. Uniform Resource Locator. USM. User-based Security Model. UTC. Universal Time Code. VACM. View-Based Access Control Model. VGA. Video Graphics Array. VLAN. Virtual Local Area Network. VoIP. Voice over IP. VWE. Virtual Window Expansion. WAN. Wide Area Network. WCCP. Web Cache Communication Protocol. XOR. Exclusive OR logic.
580
Riverbed Command-Line Interface Reference Manual
Index
A aaa authentication cond-fallback 151 aaa authentication cond-fallback default 152 aaa authentication login default 152 aaa authorization map default-user 153 aaa authorization map order 153 Access Control List 162 access enable 162 access inbound rule add 163 access inbound rule edit 165 access inbound rule move 166 Accounts Domain 473 for Local Workgroup 476 adaptor info clear-all 534 Analyzer for NetFlow 278 arp 222 arp filter response 502 Auto-discover, in-path rule 235 Automatic kickoff 240, 246 B Backup appliance 434 banner login 170 banner motd 170 boot system 217 C Caching HTTP responses 342 CIFS disabling write optimization 298, 299 dynamic throttling 299 CIFS optimizations 297 clear arp-cache 115 clear hardware error-log 116 clear interface 116 CLI command negation 14 connecting 11 online help 13
overview of 12 saving configurations 14 cli clear-history 171 cli default auto-logout 171 cli default paging enable 172 cli session options 20, 172 clock set 116 clock timezone 223 Clocks synchronizing client and server 571 clocks 571 cmc backup-config 519 cmc backup-stats 519 CMC compatibility 519 cmc email notify appliance aggregate duration 522 cmc email notify appliance aggregate enable 522 cmc email notify appliance enable 522 cmc enable 178 cmc policy push appliance 523 cmc reboot 520 cmc restore-config name 520 cmc restore-stats 520 cmc secure-vault unlock appliance 521 cmc secure-vault unlock group 521 cmc send-cmd appliance 523 cmc send-cmd group 524 cmc send-op appliance 524 cmc send-op group 524 cmc upgrade abort 525 cmc upgrade appliance 525 cmc upgrade auto 526 cmc upgrade concurrent limit 526 cmc upgrade delete 527 cmc upgrade fetch 527 cmc upgrade timeout 527 Collect traffic flow data 278 configuration copy 179 configuration delete 179 configuration factory 180 configuration fetch 180
Riverbed Command-Line Interface Reference Manual
581
Index
configuration flash restore 183 configuration flash write 183 configuration jump-start 180 configuration jump-start command, restarting the wizard 14 configuration merge 182 configuration move 182 configuration new 183 configuration revert keep-local 184 configuration revert saved 184 configuration switch-to 184 configuration upload 185 Configuration wizard restarting 14 configuration write 185 configure terminal 117 conn-trace rule 506 Correct addressing 238 D Data store corrupt 195 data reduction 202, 236, 244 data throughput settings 201 Margin Segment Elimination 202 securing 195 synchronization 197 datastore branchwarming enable 193 datastore codec compression adaptive 199 datastore codec compression level 199 datastore codec multi-core-ball 200 datastore disk read-pressure interval 200 datastore disklayout fifo 200 datastore disklayout rvbdlru 201 datastore encryption type 194 datastore notification enable 196 datastore notification wrap-around 196 datastore sdr-policy 201 datastore sync enable 196 datastore sync master 198 datastore sync peer-ip 198 datastore sync port 198 datastore sync reconnect 199 datastore write-q-prior 203 debug generate dump 480 DES, example of 576 DHCP, example of 576 DIF 350 disable 117 disk reset 203 DNAT optimization VNI 440 dns cache clear 465 dns cache freeze enable 465 dns cache frozen-min-ttl 465
dns cache fwd enable 466 dns cache max-ncache-ttl 466 dns cache max-ttl 466 dns cache min-ncache-ttl 467 dns cache min-ttl 467 dns cache size 467 dns enable 468 dns forwarder 468 dns forwarder enable 469 dns fwd-fail-count 469 dns fwd-fail-dtxn enable 470 dns fwd-fail-time 470 dns fwd-tm-staydown 470 dns interface 471 dns root-fallback enable 471 dns round-robin enable 471 Document conventions, overview of 7 Documentation, contacting 10 domain cancel-event 472 domain check 472 domain join 473 domain leave 474 domain rejoin 474 domain require 474 E email autosupport enable 190 email domain 190 email from-address 190 email mailhub 191 email mailhub-port 191 email notify events enable 192 email notify events recipient 192 email notify failures enable 192 email notify failures recipient 193 email send-test 193 enable 16 Enabling optimization for Outlook 2007 322 Encrypted MAPI traffic 321 endpoint info clear-all 534 Enterprise MIB accessing 561 Ethernet network compatibility 9 Excel 297 Exchange Server 322 exit 16 Exporter for NetFlow 278 F failover buddy addr 432 failover buddy port 433 failover enable 433 failover master 434 failover port 435 Fail-to-block mode
582
Index
Index
allow-failure and 264 enabling 224 Fail-to-block mode, enabling 224 Fiber interfaces, enabling in master/backup pairs 233 Fibre Channel over TCP/IP 351 FIFO queue in QoS 406 file debug-dump delete 480 file debug-dump email 480 file debug-dump upload 481 file process-dump delete 481 file process-dump upload 481, 482 file sa delete 117 file sa generate 118 file sa upload 118 file stats move 119 file tcpdump 119 Fixed-target rules 247 Flow export configuring subnet side rules for a collector 274 FTP QoS classification 409 H Hardware dependencies, overview of 8 hardware spec activate 217 hardware upgrade model 217 hardware watchdog 220 hardware watchdog enable 219 hardware watchdog shutdown 220 Hash assignment 430 High availability 197 hostname 223 I IBM iSeries (AS/400) host environments 352 image boot 218 image delete 120 image fetch 120 image flash backup 218 image flash restore 218 image install 120 image move 121 In-band hybrid packages, overview of 454 In-band LAN packages, overview of 454 In-band packages, overview of 454 In-band WAN packages, overview of 454 in-path asymmetric routing detection enable 258 in-path asymmetric routing pass-through enable 260 in-path asym-route-tab flush 258 in-path asym-route-tab remove 258 in-path broadcast support enable 232 in-path cdp allow-failure 261 in-path cdp enable 261 in-path cdp holdtime 262 in-path cdp interval 262
in-path enable 232 in-path hw-assist edit-rule 498 in-path hw-assist move-rule rulenum 499 in-path hw-assist passthrough tcp enable 499 in-path hw-assist passthrough udp enable 500 in-path hw-assist rule 500 in-path interface enable 232 in-path interface mgmt-interface enable 495 in-path interface mgmt-interface ip 496 in-path interface mgmt-interface vlan 497 in-path interface vlan 497 in-path kickoff 234 in-path lsp enable 234 in-path mac-except-locl 269 in-path mac-match-vlan 269, 421 in-path multi-path maintain 235 in-path neighbor ack-timer-cnt 263 in-path neighbor ack-timer-intvl 263 in-path neighbor advertiseresync 263 in-path neighbor allow failure 264 in-path neighbor enable 264 in-path neighbor fwd-vlan-mac 265 in-path neighbor interface 507 in-path neighbor keepalive count 266 in-path neighbor keepalive interval 266 in-path neighbor multi-interface enable 267, 508 in-path neighbor multi-interface fallback 267 in-path neighbor name 267 in-path neighbor peer name 509 in-path neighbor peer name additional-ip 509 in-path neighbor port 267 in-path neighbor read-timeout 268 in-path neighbor recon-timeout 268 in-path oop enable 235 in-path passthrough move-rule 511 in-path passthrough rule allow 512 in-path passthrough rule block 513 in-path passthrough rule edit 513 in-path peering auto 250, 251 in-path peering disc-outer-acpt 251 in-path peering edit-rule 251 in-path peering move-rule 251 in-path peering oobtransparency mode 422 in-path peering rule 252 in-path peer-probe-cach 270 in-path probe direct 256 in-path probe version 257 in-path probe-caching enable 270 in-path probe-ftp-data 424 in-path probe-mapi-data 425 in-path rule auto-discover 235 in-path rule deny 241 in-path rule discard 242 in-path rule edit 243
583
Index
Index
in-path rule fixed-target 244 in-path rule move 247 in-path rule pass-through 247 In-path rules auto-discover 235 fixed-target 247 pass-through 247 in-path send-storeid enable 268 in-path simplified mac-def-gw-only 273 in-path simplified routing 271 in-path vlan-conn-based 425 Interactive ports list of 556 interface 223 Interfaces, disabling built-in copper 233 ip default-gateway 225 ip domain-list 225 ip flow-export destination 275 ip flow-export enable 277 ip flow-setting active_to 278 ip flow-setting inactive_to 279 ip flow-setting max-pkt-size 279 ip fqdn override 297, 538 ip host 225 ip in-path route 249 ip in-path-gateway 248 ip name-server 227 ip route 227 ip security authentication policy 279 ip security enable 280 ip security encryption policy 280 ip security peer ip 281 ip security pfs enable 282 ip security rekey interval 282 ip security shared secret 283 IPsec encryption with Oracle Forms 318 ipv6 default-gateway 226 ipv6 enable 226 ipv6 route 226 J job command 477 job comment 477 job date-time 478 job enable 478 job execute 478 job fail-continue 479 job name 479 job recurring 479 K Kickoff, automatic 240, 246 Known issues 9
L legacy-rsp destroy 435 license client init 218, 547 license delete 219 license install 219 license serverl 548 limit connection 227 load balance default-rule fair-peering 502 load balance edit rulenum 503, 506 load balance move-rule 502 load balance rule pass 503 load balance rule redirect 504 load balance rule src 154 logging 212 logging files delete 213 logging files rotation criteria frequency 213 logging files rotation criteria size 214 logging files rotation force 213 logging files rotation max-num 214 logging filter 214 logging local 216 logging trap 216 M Management VNIs, overview of 440 MAPI admission control 572 Master appliance 434 MIB file accessing 561 SNMP traps sent 563 Microsoft Office 297 MIP interface 496 Models 1020, 1520, 2020, no 64-bit VM support 9 Models 250 and 550, no 64-bit VM support 9 MX-TCP queue in QoS 406 N NetFlow in-path deployment 278 troubleshooting 277 NetFlow support commands 275 nettest run cable-swap 485 nettest run duplex 486 nettest run ip-port-reach 487 nettest run net-gateway 487 nettest run peer-reach 487 NTLM 342 NTP 571 ntp disable 228 ntp enable 228 ntp peer 229 ntp server 229 ntp server enable 229 ntpdate 121, 230
Riverbed Command-Line Interface Reference Manual
584
Index
O Online documentation 9 Online notes 9 Open System environments 352 Optimization CIFS 297 Encrypted MAPI traffic 321 transparent prepopulation, enabling 294 Outlook 2007, enabling optimization for 322 out-of-path enable 249 P package assignment adpath 537 package assignment depid 537 package assignment depid remove-all 537 peer 257 peer addr 510 pfs enable 283 pfs settings 284 pfs share cancel-event 285 pfs share configure 285 pfs share configure, (version 2.0) 287 pfs share local-name 289 pfs share manual-sync 290 pfs share modify 290 pfs share upgrade 292 pfs share verify 293 pfs start 293 ping 16 ping6 17 policy acceleration assignment adpath 531 policy acceleration assignment adpath remove-all 531 policy acceleration assignment depid 532 policy acceleration assignment depid remove-all 532 policy acceleration branch-warming enable 531 policy acceleration id cifs 532 policy acceleration id mapi 533 policy acceleration id notes 533 policy acceleration id probe-tcp-opt 533 policy endpoint assignment adpath 535 policy endpoint assignment adpath remove-all 535 policy endpoint assignment depid 535 policy endpoint assignment depid remove-all 536 policy endpoint id dis-chksum-offl 536 policy endpoint id kickoff 536 port-label 188 Ports commonly excluded 556 default listening 555 interactive ports forwarded 556 secure automatically forwarded 557 prepop enable 294 prepop share cancel-event 294 prepop share configure 295 prepop share manual-sync 295
prepop share modify 296 Prepopulation overview of 294 Priorities, QoS 396 Professional services, contacting 10 Protect access to a Steelhead 163 protocol cifs applock enable 297 protocol cifs clear-read-resp enable 297 protocol cifs disable write optimization 298 protocol cifs dw-throttling enable 299 protocol cifs enable 299 protocol cifs ext-dir-cache enable 300 protocol cifs mac oplock enable 300 protocol cifs nosupport 301 protocol cifs oopen enable 301 protocol cifs oopen extension 302 protocol cifs oopen policy 303 protocol cifs prepop enable 296 protocol cifs secure-sig-opt enable 303 protocol cifs smb signing enable 304 protocol cifs smb signing mode-type 306 protocol cifs smb spoolss enable 309 protocol cifs smbv1-mode enable 308 protocol citrix enable 348 protocol citrix ica 349 protocol citrix secure-ica enable 349 protocol citrix session reliability port 349 protocol connection lan receive buf-size 312 protocol connection lan send buf-size 313 protocol connection wan receive def-buf-size 313 protocol connection wan send def-buf-size 314 protocol domain-auth delegation auto-mode enable 491 protocol domain-auth delegation delegate-user 492 protocol domain-auth delegation rule dlg-allexcept 493 protocol domain-auth delegation rule dlg-only 493 protocol domain-auth delegation rule select 493 protocol domain-auth native-krb 494 protocol domain-auth oneway-trust 494 protocol fcip enable 350 protocol fcip ports 351 protocol fcip rule 352 protocol fcip stat-port 353 protocol ftp port 334 protocol ftp port enable 334 protocol http enable 341 protocol http metadata-resp extension 343 protocol http metadata-resp max-time 343 protocol http metadata-resp min-time 343 protocol http prefetch 344 protocol http servers flush 346 protocol http server-subnet 344 protocol mapi 2k3 enable 321
585
Index
Index
protocol mapi 2k7 native enable 322 protocol mapi enable 319 protocol mapi encrypted delegation enable 320 protocol mapi encrypted enable 321 protocol mapi encrypted ntlm-auth enable 320 protocol mapi nspi 322 protocol mapi nspi enable 323 protocol mapi outlook-anywhr auto-detect 323 protocol mapi outlook-anywhr enable 324 protocol mapi port 324 protocol mapi port-remap enable 325 protocol mapi prepop enable 325 protocol ms-sql default-rule query-rule 326 protocol ms-sql default-rule rpc-rule 327 protocol ms-sql enable 327 protocol ms-sql fetch-next enable 328 protocol ms-sql num-preack 328 protocol ms-sql port 329 protocol ms-sql query-act rule-id action-id num-reps 329 protocol ms-sql query-arg-act rule-id action-id arg-offset expr 330 protocol ms-sql query-rule rule-id app-name-regex query-regex 331 protocol ms-sql rpc-act rule-id action-id 331 protocol ms-sql rpc-arg rule-id action-id arg-offset expr 332 protocol ms-sql rpc-arg-act rule-id arg-offset expr 332 protocol ms-sql rpc-rule rule-id app-name-regex 333 protocol ms-sql support-app 334 protocol nfs alarm v2-v4 clear 335 protocol nfs default server 335 protocol nfs default volume 336 protocol nfs enable 337 protocol nfs max-directories 337 protocol nfs max-symlinks 338 protocol nfs memory 338 protocol nfs server 338 protocol nfs v2-v4-alarm 340 protocol notes enable 346 protocol notes port 347 protocol notes pull-repl enable 348 protocol oracle-forms enable 318 protocol oracle-forms http-enable 318 protocol smb2 enable 307 protocol smb2 signing enable 307 protocol smb2 signing mode-type 307 protocol srdf enable 353 protocol srdf ports 354 protocol srdf rule 355 protocol srdf symm id address 356 protocol srdf symm id base_rdf_group 356 protocol srdf symm id rdf_group 357 protocol ssl backend bypass-interval 357 protocol ssl backend bypass-table max-size 358
protocol ssl backend bypass-table no-cert-intvl 358 protocol ssl backend client cipher-string 358 protocol ssl backend server 360 protocol ssl backend server chain-cert cache enable 359 protocol ssl backend server cipher-string 359 protocol ssl bug-workaround dnt-insrt-empty 360 protocol ssl bulk-export password 361 protocol ssl bulk-import 362 protocol ssl ca cert 363 protocol ssl client-cer-auth enable 364 protocol ssl client-side session-reuse enable 364 protocol ssl client-side session-reuse timeout 364 protocol ssl crl 367 protocol ssl crl ca 365 protocol ssl crl cas enable 365 protocol ssl crl handshake fail-if-missing 366 protocol ssl crl manual 366 protocol ssl crl query-now 367 protocol ssl enable 368 protocol ssl protocol-vers 368 protocol ssl server-cert import-cert-key 369 protocol ssl server-cert name chain-cert ca 370 protocol ssl server-cert name chain-cert cert 370 protocol ssl server-cert name change generate-cert 371 protocol ssl server-cert name change import-cert 372 protocol ssl server-cert name change import-certkey 372 protocol ssl server-cert name export 373 protocol ssl server-cert name generate-cert 374 protocol ssl server-cert name import-cert 375 protocol ssl server-cert name import-cert-key 376 protocol ssl server-cert name rename 376 protocol ssl sfe-mode 377 protocol ssl strm-cipher-cmp enable 377 Proxy certificate for SSL back-end server 368, 371, 374 Q QoS FIFO queue 406 MX-TCP queue 406 priorities 396 SFQ queue 406, 410 qos baisc classification site move 403 qos basic classification global-app move 400, 401 qos basic classification interface enable 400 qos basic classification interface rate 400 qos basic classification profile edit 401, 402 qos basic classification site edit 403 qos classification class 404 qos classification class modify 410 qos classification class rule 411 qos classification enable 396
Riverbed Command-Line Interface Reference Manual
586
Index
qos classification global-app add 398 qos classification interface 408 qos classification mode hierarchy enable 408 qos classification rule move 413 qos classification site add 414 qos classification site edit 414 qos classification site move 415 qos classification wan-oversub enable 398 qos dscp edit-rule 416 qos dscp monitor interval 416 qos dscp monitor repeat 417 qos dscp move-rule 417 qos dscp rule 418 qos migrate adv-to-basic 397 qos migrate basic-to-adv 397 QoS policies port transparency 238 R radius-server host 154 radius-server key 230 radius-server retransmit 155 radius-server timeout 156 raid alarm silence 482 raid swraid add-disk 482 raid swraid fail-disk 483 raid swraid get-rate 483 raid swraid mdstat 483 raid swraid set-rate 484 rbm role 156 rbm role primitive 158 rbm user 158 RBT-Proto common ports used by the system 555 redirect allow-failure 510 redirect interface 510 redirect multi-interface enable 510 redirect peer addr 435 redirect peer name 511 Related reading 9, 10 Release notes 9 reload 121 remote dhcp 488 remote ip address 489 remote ip default-gateway 490 remote ip netmask 490 remote password 490 restart 122 Riverbed, contacting 10 RSP image versions 441 rules 450, 451 slot, overview of 454, 457 rsp backup delete 436
rsp backup fetch 436 rsp backup upload 436 rsp clone all 437 rsp clone cancel 437 rsp clone password 437 rsp clone slots 438 rsp clone test 438 rsp dataflow 438 rsp enable 440 rsp image delete 442 rsp image fetch 443 rsp image install 443 rsp image move 444 rsp job 442 rsp mgmt-vni 444 rsp opt-vni def-ip-pol 445 rsp opt-vni def-non-ip-pol 445 rsp opt-vni dnat def-target-ip 446 rsp opt-vni dnat enable 446 rsp opt-vni lan-to-wan move rulenum 450 rsp opt-vni rule 452 rsp opt-vni rule dnat 447 rsp opt-vni rule dnat move rulenum 448 rsp opt-vni rule lan-to-wan 449 rsp opt-vni rule wan-to-lan 451 rsp opt-vni rule wan-to-lan move rulenum 452 rsp opt-vni vlan 452 rsp package delete 452 rsp package fetch 453 rsp package move 454 rsp shell 455 rsp slot 456 rsp slot backup create 455 rsp slot backup restore 456 rsp slot clone 456 rsp slot install package 457, 458 rsp slot priority 457 rsp slot uninstall 458 rsp slot vm disk attach name 459 rsp slot vm disk create name 459 rsp slot vm disk delete name 460 rsp slot vm disk detach name 460 rsp slot vm disk grow name 460 rsp slot vm memory-size 461 rsp slot watchdog 463 rsp slot watchdog block 461 rsp slot watchdog heartbeat enable 462 rsp slot watchdog ping enable 462 rsp slot watchdog ping interval 463 rsp slot watchdog ping ip 463 rsp slot watchdog startup grace-period 464 rsp slot watchdog timeout 464
587
Index
Index
S scep service restart 377 SDR 434 Secure access by inbound IP address 162 Secure inner channel 382, 394 Secure ports automatically forwarded 557 Secure vault data store encryption 195 secure vault 377, 378 secure-peering black-lst-peer 382 secure-peering cipher-string 383 secure-peering crl ca 383 secure-peering crl cas enable 384 secure-peering crl manual ca 384 secure-peering crl query-now 384 secure-peering export 385 secure-peering fallback-no-enc enable 385 secure-peering generate-cert rsa 386 secure-peering generate-csr 387 secure-peering gray-lst-peer 387 secure-peering import-cert 388 secure-peering import-cert-key 389 secure-peering scep auto-reenroll 389 secure-peering scep max-num-polls 390 secure-peering scep on-demand cancel 390 secure-peering scep on-demand gen-key-and-csr rsa 391 secure-peering scep on-demand start 391 secure-peering scep passphrase 392 secure-peering scep poll-frequency 392 secure-peering scep trust 392 secure-peering scep url 393 secure-peering traffic-type 393 secure-peering trust ca 394 secure-peering trust cert 395 secure-vault 378 Serial cluster deployment 254 Server Message Block (SMB) optimization 309 service connection pooling 420 service default-port 220, 421 service enable 122, 230 service error reset 122 service map-port 220 service neural-framing 221 service port 222 service restart 123 SFQ queue in QoS 406, 410 show aaa 132 show access inbound rules 21 show access status 22 show admission 22 show arp 133 show banner 133 show bootvar 23
show cli 23 show cmc 24, 134 show cmc appliance 528 show cmc appliances 529 show cmc group 529 show cmc groups 530 show configuration 134 show configuration files 135 show configuration flash 136 show configuration running 136 show connection 25 show connections 25 show conn-trace 514 show datastore 27 show datastore branchwarming 28 show datastore disk 28 show datastore disklayout 28 show datastore optimization 28 show datastore sync 29 show datastore write-q-prior 29 show email 31 show failover 32 show files debug-dump 137 show files process-dump 137 show files sa 138 show files stats 138 show files tcpdump 138 show flash images 32 show hardware all 139 show hardware error-log 32 show hardware licensing info 139 show hardware spec 33 show hardware watchdog 33 show hosts 33 show images 34 show info 34 show in-path 35 show in-path ar-circbuf 35 show in-path asym-route-tab 35 show in-path cdp 36, 38 show in-path cf-timer 36 show in-path drop-when-flap 37 show in-path hw-assist rules 37 show in-path lsp 38 show in-path mac-except-locl 38 show in-path macmap-except 39 show in-path macmap-tables 39 show in-path mac-match-vlan 38 show in-path mgmt-interface 140 show in-path neighbor 39, 514 show in-path neighbor (Steelhead) 39 show in-path neighbor advertiseresync 40 show in-path neighbor peers 515 show in-path neighbor-detail 40
Riverbed Command-Line Interface Reference Manual
588
Index
show in-path peering auto 41 show in-path peering disc-outer-acpt 41 show in-path peering rules 42 show in-path peer-probe-cach 41 show in-path probe-caching 42 show in-path probe-ftp-data 43 show in-path probe-mapi-data 43 show in-path rules 43 show in-path send-storeid 44 show in-path simplified routing 44 show in-path vlan-conn-based 45 show interfaces 140 show ip 45 show ip default-gateway 141 show ip route 142 show ipv6 141 show ipv6 default-gateway 141 show ipv6 route 142 show job 142 show legacy-rsp 46 show licenses 143 show limit bandwidth 46 show limit connection 46 show load balance rules 516 show log 144 show logging 46 show nettest 47 show ntp 48 show out-of-path 48 show package assignments adpath 538 show package assignments depid 539 show package list 539 show peer version 48 show peers 49 show pfs all-info shares 49 show pfs configuration 50 show pfs settings 50 show pfs stats shares 50 show pfs status 49 show policy acceleration assignments adpath 539 show policy acceleration assignments depid 540 show policy acceleration id branch-warming 540 show policy acceleration id cifs 540 show policy acceleration id mapi encrypted 541 show policy acceleration id mapi port-remap 541 show policy acceleration id mapi2k7 541 show policy acceleration id notes 542 show policy acceleration id probe-tcp-opt 542 show policy endpoint assignments adpath 542 show policy endpoint assignments depid 543 show policy endpoint id dis-chksum-offl 543 show policy endpoint id kickoff processes 543 show port-label 144 show prepop 51
show protocol cifs 51 show protocol cifs applock 52 show protocol cifs ext-dir-cache 52 show protocol cifs nosupport client 52 show protocol cifs nosupport server 53 show protocol cifs oopen 53 show protocol cifs smb signing status 54 show protocol cifs spoolss 54 show protocol citrix 54 show protocol connection 55 show protocol domain-auth delegation auto-mode 55 show protocol domain-auth delegation delegateuser 55 show protocol domain-auth delegation rules 56 show protocol domain-auth native-krb 56 show protocol domain-auth oneway-trust 56 show protocol fcip rules 57 show protocol fcip settings 57 show protocol ftp 57 show protocol http 58 show protocol http metadata-resp 58 show protocol http prefetch extensions 58 show protocol http prefetch tags 59 show protocol http server-subnets 59 show protocol mapi 60 show protocol ms-sql 60 show protocol ms-sql rules 60 show protocol nfs 61 show protocol notes 62 show protocol oracle-forms 60, 62 show protocol smb2 63 show protocol srdf rules 63 show protocol srdf settings 63 show protocol srdf symm 64 show protocol ssl 64 show protocol ssl backend 65 show protocol ssl backend bypass-table 65 show protocol ssl backend client cipher-strings 65 show protocol ssl backend disc-table 66 show protocol ssl backend server cipher-strings 66 show protocol ssl ca 67 show protocol ssl cas 67 show protocol ssl client-cer-auth 68 show protocol ssl client-side session-reuse 68 show protocol ssl crl 69 show protocol ssl expiring-certs 69 show protocol ssl internal 70 show protocol ssl server 73 show protocol ssl server-cert name 71 show protocol ssl server-cert name certificate 72 show protocol ssl server-cert name chain-cert 72 show protocol ssl server-cert name chain-certs 72 show protocol ssl server-certs 73 show qos basic classification 73
589
Index
Index
show qos classification 74 show qos dscp rules traffic-type 75 show radius 145 show raid configuration 76 show raid diagram 76 show raid error-msg 76 show raid info 77 show raid physical 77 show rbm user 150, 151 show redirect 517 show redirect peers 517 show remote ip 145 show report 78 show rsp 78 show rsp backups 79 show rsp clones 79 show rsp clones server 79 show rsp clones status 80 show rsp dataflow 80 show rsp images 81 show rsp opt-vni 81 show rsp package 82 show rsp packages 82 show rsp slot 83 show rsp slots 84 show rsp vmware 84 show rsp vnis 85 show running-config 146 show scep service 85 show secure-peering 86 show secure-peering black-lst-peer 86, 87 show secure-peering ca 87 show secure-peering certificate 87 show secure-peering cipher-strings 88 show secure-peering crl 88 show secure-peering crl report ca 88 show secure-peering gray-lst-peer 89 show secure-peering gray-lst-peers 89 show secure-peering mobile-trust 89 show secure-peering mobile-trusts 90 show secure-peering scep 90 show secure-peering scep auto-reenroll csr 90 show secure-peering scep auto-reenroll last-result 91 show secure-peering scep ca 91 show secure-peering scep on-demand csr 91 show secure-peering scep on-demand last-result 92 show secure-peering white-lst-peer 92 show service 93 show service connection pooling 93 show service neural-framing 93 show service ports 93 show snmp 94 show ssh client 94 show ssh server 94
show stats alarm 95 show stats bandwidth 96 show stats connections 96 show stats conn-pool 96 show stats cpu 97 show stats datastore 97 show stats dns 98 show stats ecc-ram 98 show stats fan 98 show stats http 99 show stats memory 99 show stats neighbor-fwd 100 show stats nfs 100 show stats pfs 101 show stats qos 101 show stats settings bandwidth 102 show stats ssl 103 show stats throughput 103 show stats top-talkers 104 show stats top-talkers protocol 104 show stats top-talkers report 105 show stats top-talkers top-n 106 show stats top-talkers traffic 106 show stats traffic optimized 107 show stats traffic passthrough 107 show subnet side rules 108 show tacacs 146 show tcp highspeed 108 show tcp max-time-out 108 show tcp reordering 109 show tcp sack 109 show tcp sat-opt settings 109 show tcpdump-x 110 show telnet-server 146 show terminal 110 show userlog 147 show usernames 147 show version 110 show wccp 111 show wccp interface service-group 111 show web 112 show web prefs 113 show web ssl cert 550 show web ssl cipher 148 show workgroup account 113 show workgroup configuration 113 show workgroup status 114 slogin 17 smb signing always-sign enable 309 SNMP ACLs 204 MIB, accessing 561 traps, summary of sent 563 snmp-server acl 204
Riverbed Command-Line Interface Reference Manual
590
Index
snmp-server community 204 snmp-server contact 205 snmp-server enable 205 snmp-server group 206 snmp-server host 206 snmp-server host version 207 snmp-server ifindex 208 snmp-server ifindex-persist 208 snmp-server ifindex-reset 208 snmp-server listen enable 209 snmp-server listen interface 209 snmp-server location 209 snmp-server security-name 210 snmp-server trap-interface 210 snmp-server trap-test 211 snmp-server user 211 snmp-server view 212 Software dependencies, overview of 8 sport codec addr 222 ssh client generate identity user 167 ssh client user authorized-key rsakey sshv2 167 ssh server allowed-ciphers 167 ssh server enable 168 ssh server listen enable 168 ssh server listen interface 169 ssh server port 169 ssh server v2-only enable 170 ssh slogin 18 SSL black list 382 server-side appliances, configuring 368 stats alarm 123 stats clear-all 127 stats convert 128 stats export 18, 128 stats settings 185 stats settings bandwidth 189 stats settings top-talkers enable 484 stats settings top-talkers interval 485 subnet side add rule 273 subnet side delete rule 274 subnet side move rule from 274 Subnet side rules, configuring 274 Symmetrix array 354 Synchronizing peer data stores 197 T tacacs-server first-hit 158 tacacs-server host 158 tacacs-server key 159 tacacs-server retransmit 160 tacacs-server timeout 160 tcp connection send keep-alive 187 tcp connection send pass-reset 187
tcp connection send reset 187 tcp highspeed enable 314 tcp max-time-out 315 tcp max-time-out mode enable 316 tcp reordering threshold 316 tcp sack enable 316 tcp sack fastpath default 316 tcp sack fastpath enable 317 tcp sat-opt bw-est mode 317 tcpdump 130 tcpdump-x all-interfaces 310 tcpdump-x capture-name stop 311 tcpdump-x interfaces 311 Technical Publications, contacting 10 Technical support, contacting 10 telnet-server enable 230 terminal 426 Time zone setting for SMB signing 305 traceroute 21 traceroute6 21 Traffic flow data, collecting 275 Transparent prepopulation overview of 294 Traps, summary of SNMP traps sent 563 Trust Windows domain 305 U URL Learning 342 username disable 160 username nopassword 161 username password 161 username password 0 161 username password 7 162 V View-Based Access Control Mechanism 203 Vista SMB support 309 VLAN preserving tags 238 VMAX array 350 VMs, no 64-bit support 9 VMware Server 441 VNIs in-path rules for 440 management, overview of 440 W WAN top bandwidth consumers 484 wccp adjust-mss enable 426 wccp enable 426 wccp interface service-group 427 wccp mcast-ttl 431
591
Index
Index
wccp override-return route-no-gre 431 wccp override-return sticky-no-gre 432 web auto-logout 173 web auto-refresh timeout 173 web enable 173 web http enable 174 web http port 174 web httpd listen enable 174 web httpd listen interface 175 web https enable 175 web https port 175 web prefs graphs anti-aliasing 176 web prefs log lines 176 web proxy host 176 web session renewal 177 web session timeout 177 web snmp-trap conf-mode enable 177 web soap-server enable 178 web soap-server port 178 web ssl cert generate 378 web ssl cert generate-csr 379 web ssl cert import-cert 380 web ssl cert import-cert-key 380 web ssl protocol sslv2 381 web ssl protocol sslv3 381 web ssl protocol tslv1 381 Windows Vista SMB support 309 Wizard, restarting 14 workgroup account add 475 workgroup account modify 475 workgroup account remove 475 workgroup join 476 workgroup leave 476 write flash 186 write memory 186 write terminal 186
592
Riverbed Command-Line Interface Reference Manual
You might also like
- React to Python: Creating React Front-End Web Applications with PythonFrom EverandReact to Python: Creating React Front-End Web Applications with PythonNo ratings yet
- Virtual Steelhead Installation Guide: Version1.0 (Rios V6.1.1) September 2010No ratings yetVirtual Steelhead Installation Guide: Version1.0 (Rios V6.1.1) September 201048 pages
- Cascade Express User Guide Profiler Express 9 0 5 UgNo ratings yetCascade Express User Guide Profiler Express 9 0 5 Ug226 pages
- Riverbed Virtual Steelhead Appliance Installation GuideNo ratings yetRiverbed Virtual Steelhead Appliance Installation Guide90 pages
- Optimizing Google Apps With Riverbed Steelhead Appliances-V1aNo ratings yetOptimizing Google Apps With Riverbed Steelhead Appliances-V1a29 pages
- SteelHead - Deployment Installation Gui08No ratings yetSteelHead - Deployment Installation Gui0890 pages
- Steelhead® Appliance Installation and Configuration GuideNo ratings yetSteelhead® Appliance Installation and Configuration Guide78 pages
- Steelhead Mobile Controller Installation GuideNo ratings yetSteelhead Mobile Controller Installation Guide68 pages
- Detecting Compromised Systems Automated Nmap Fingerprinting Tool Layer Defense in Depth - 3183No ratings yetDetecting Compromised Systems Automated Nmap Fingerprinting Tool Layer Defense in Depth - 318312 pages
- IN 90 InstallationAndConfigurationGuideNo ratings yetIN 90 InstallationAndConfigurationGuide128 pages
- Gsscdeaada Groupshield Security Suite PDFNo ratings yetGsscdeaada Groupshield Security Suite PDF180 pages
- CDC Guide For Linux, Unix, and Windows: Informatica Powerexchange (Version 9.0)No ratings yetCDC Guide For Linux, Unix, and Windows: Informatica Powerexchange (Version 9.0)187 pages
- Linux Essentials - Chapter 2 - Operating SystemsNo ratings yetLinux Essentials - Chapter 2 - Operating Systems5 pages
- Conceptual Framework: Review of Related Literature and StudiesNo ratings yetConceptual Framework: Review of Related Literature and Studies47 pages
- Informatica PowerCenter 9.0 Designer GuideNo ratings yetInformatica PowerCenter 9.0 Designer Guide272 pages
- Raspberry Pi :The Ultimate Step by Step Raspberry Pi User Guide (The Updated Version )From EverandRaspberry Pi :The Ultimate Step by Step Raspberry Pi User Guide (The Updated Version )4/5 (4)
- VirusScan Enterprise 8.5i Student Workbook 09062006100% (1)VirusScan Enterprise 8.5i Student Workbook 09062006208 pages
- Chapter No - 1: 1.1 Introduction To The ProjectNo ratings yetChapter No - 1: 1.1 Introduction To The Project63 pages
- Computer Jargon: The Illustrated Glossary of Basic Computer TerminologyFrom EverandComputer Jargon: The Illustrated Glossary of Basic Computer TerminologyNo ratings yet
- Linux Interview Questions: Open Source Operating Systems Interview Questions, Answers, and ExplanationsFrom EverandLinux Interview Questions: Open Source Operating Systems Interview Questions, Answers, and Explanations4.5/5 (2)
- Computer Jargon - The Illustrated Glossary of Basic Computer Terminology: Decode and simplify complex computer terms with easy-to-follow visual guidesFrom EverandComputer Jargon - The Illustrated Glossary of Basic Computer Terminology: Decode and simplify complex computer terms with easy-to-follow visual guidesNo ratings yet
- Configuring IPCop Firewalls: Closing Borders with Open SourceFrom EverandConfiguring IPCop Firewalls: Closing Borders with Open SourceNo ratings yet
- Harmony Connect Remote Access BattlecardNo ratings yetHarmony Connect Remote Access Battlecard4 pages
- Enhanced Room Management Deployment Guide v1.0.bNo ratings yetEnhanced Room Management Deployment Guide v1.0.b96 pages
- Install FreeIPA Server On CentOS 8 - CentLinuxNo ratings yetInstall FreeIPA Server On CentOS 8 - CentLinux16 pages
- DigiOne Volumio Installation Config GuideNo ratings yetDigiOne Volumio Installation Config Guide5 pages
- 3com Switch 4500G Getting Started GuideNo ratings yet3com Switch 4500G Getting Started Guide92 pages
- High-Performance Reservoir Risk Assessment (Jacta Cluster) : SKUA® and GOCAD® 2011.2 Patch 2 - Paradigm™ 2011.2No ratings yetHigh-Performance Reservoir Risk Assessment (Jacta Cluster) : SKUA® and GOCAD® 2011.2 Patch 2 - Paradigm™ 2011.218 pages
- Instant Download Learning Ansible 2 2nd Edition Fabio Alessandro Locati PDF All Chapters100% (3)Instant Download Learning Ansible 2 2nd Edition Fabio Alessandro Locati PDF All Chapters65 pages
- Accessing The IITB Internal Network From Outside100% (1)Accessing The IITB Internal Network From Outside5 pages
- Trinity Rescue Kit & MultiPass - USB Hacks - Hak5 PDFNo ratings yetTrinity Rescue Kit & MultiPass - USB Hacks - Hak5 PDF9 pages
- Practical: - 1 Aim: - Execution of Basic TCP/IP Utilities and CommandsNo ratings yetPractical: - 1 Aim: - Execution of Basic TCP/IP Utilities and Commands100 pages
- [FREE PDF sample] (Ebook) RHCSA/RHCE Red Hat Linux certification study guide: exams (EX200 & EX300) by Jang, Michael H.;Orsaria, Alessandro ISBN 9780071841948, 0071841946 ebooks100% (12)[FREE PDF sample] (Ebook) RHCSA/RHCE Red Hat Linux certification study guide: exams (EX200 & EX300) by Jang, Michael H.;Orsaria, Alessandro ISBN 9780071841948, 0071841946 ebooks65 pages
