Page 138
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
standby timers
The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to three times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.
Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used. Setting the process-max-timecommand to a suitable value may also help with flapping.
The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples | This example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 |
| seconds, and the time after which a router is considered to be down to 15 seconds: |
| interface ethernet 0 |
| standby | 1 | ip |
| standby | 1 | timers 5 15 |
This example sets, for the hot router interface that is located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:
interface ethernet 0 standby ip 172.19.10.1
standby timers msec 300 msec 900
This example sets, for the hot router interface that is located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is three times larger than the hellotime because the minimum holdtime value in milliseconds is 50.
interface ethernet 0 standby ip 172.18.10.1 standby timers msec 15 msec 50
| Catalyst 6500 Series Switch SSL Services Module Command Reference |
2-112 | OL-9105-01 |
Contents
Corporate Headquarters
Text Part Number OL-9105-01
Page
N T E N T S
Iii
Natpool
Acronyms A-1
OL-9105-01
Related Documentation
Audience
Organization
Chapter Title Description
Boldface font
Conventions
Convention Description
Example, interface interface type
Obtaining Documentation
Cisco.com
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Submitting a Service Request
Xii
Obtaining Additional Publications and Information
Xiii
Xiv
Getting Help
This chapter includes the following sections
How to Find Command Options
Command Comment
After you enter the mode keyword
Must enter next on the command line
Mode keyword
Complete the command. If additional
Configure terminal privileged Exec
Understanding Command Modes
Command Mode Access Method Prompt Exit Method
Configure terminal
Image using the boot system flash filename
Using the No and Default Forms of Commands
Interface command
With an interface
Using the CLI String Search
Character Special Meaning
AbcdABCD
\$ \ \+
Aeiou
DA-D
Ba?b
Telebit 3107 v32bis
Character
This string matches any number of asterisks
Abcd
Za-z0-9+
Codex telebit
$\.12
1300$ 1300space space1300 1300, ,1300, 1300 ,1300
For example
1300
With
OL-9105-01
A P T E R
Clear ssl-proxy conn
Defaults
Command Modes Command History
Release Modification
Clear ssl-proxy content
Defaults Command Modes Command History
Clear ssl-proxy session
Usage Guidelines
Clear ssl-proxy stats
Ssl-proxy#clear ssl-proxy stats
Des
Crypto pki export pem
Terminal
3des
Related Commands
Crypto pki import pem
Exportable
Defaults Command History
Crypto pki import pem
Usage-keys
Crypto pki export pem
Crypto pki export pkcs12
This example shows how to export a PKCS12 file using SCP
Crypto pki import pkcs12
This example shows how to import a PKCS12 file using SCP
Filename TP2? /users/admin-1/pkcs12/TP2.p12
Crypto
Passphrase passphrase
Crypto key decrypt rsa
Name key-name
Crypto key encrypt rsa
Crypto key encrypt rsa
Crypto key decrypt rsa
Crypto key lock rsa
Crypto key export rsa pem
Keylabel Name of the key
Optional Specifies that the key can be exported
Key nametest-keys UsageGeneral Purpose Key
Null-Imports from the null file system
Crypto key import rsa pem
Instead of one general-purpose key pair
System-Imports from the system file system
PEM-formatted RSA key to the SSL Services Module
Name key-name Optional Name of the key
Crypto key lock rsa
Crypto key lock rsa name key-namepassphrase passphrase
Passphrase passphrase
Crypto key unlock rsa
Crypto key unlock rsa name key-namepassphrase passphrase
Debug ssl-proxy
Command History Release Modification
This example shows how to turn on App debugging
Do command
Command EXEC-level command to be executed
Configuration mode
Syntax Description Defaults Command Modes Command History
Interface ssl-proxy
Syntax Description
Standby timers
Standby authentication
Standby delay minimum reload
Standby ip
Ssl-proxy config# interface ssl-proxy
Ssl-proxyconfig-subif#ip address 208.59.100.18
Natpool
Context subcommand mode
This example shows how to define a pool of IP addresses
Natpool nat-pool-name startipaddr endipaddr netmask netmask
Interval seconds
Syntax Description Defaults Command Modes
Policy health-probe tcp
Failed-interval seconds
Ssl-proxyconfig-context#policy health-probe tcp probe1
Open-timeout seconds
Ssl-proxyconfig#ssl-proxy context ssl
Running on server IP address
Page
Alias
Policy http-header
Client-cert pem
Policy that is applied to the payload
Field To Insert Description
Client-cert pem
Inserts the custom-stringheader into the Http header
Client-ip-port
Custom custom-string
Prefix
Related Commands show ssl-proxy policy
SSL-OFFLOAD-SOFTWARE VERSION3.11
Timeout session timeout absolute
Close-protocol is disabled
Session-caching is enabled
Policy ssl
SSL-Policy Configuration Submode Command Descriptions
Help
Renegotiation volume size
Timeout handshake timeout
Renegotiation interval time
OL-9105-01
This example shows how to enable a session cache
This example shows how to disable a session cache
OL-9105-01
Policy tcp
No timeout fin-wait timeout-in-seconds
Delayed-ack-threshold delay
Delayed-ack-timeout timer
No timeout inactivity timeout-in-seconds
No tos carryover
No timeout reassembly time
Form of this command to return to the default setting
Server to client connection, the server connection must be
Ssl-proxy config-ctx-tcp-policy# mss
Policy url-rewrite
Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1
Redirectonly
Pool ca
Pool ca ca-pool-name
Ca-pool-name Certificate authority pool name
Service
Inservice
Authenticate verify all signature-only
Default certificate inservice nat server
Certificate rsa general-purpose trustpoint
Virtual policy ssl ssl-policy-name
Virtual policy tcp
Vlan vlan
Related Commands show ssl-proxy service
Service client
Policy health-probe tcp Policy http-header
Virtual policy tcp
Nat server client natpool-name
Virtual policy ssl ssl-policy-name
Vlan vlan
Ssl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1
Policy tcp
Show interfaces ssl-proxy
Show interfaces ssl-proxy 0.subinterface
Show ionterfaces
Show ssl-proxy buffers
This command has no default settings
Show ssl-proxy buffers
Ssl-proxy#show ssl-proxy buffers
Specific proxy service
Show ssl-proxy certificate-history service name
Service name
Show ssl-proxy certificate-history
Ssl-proxy# show ssl-proxy certificate-history
Record 1, Timestamp000051, 163634 UTC Oct 31
Related Commands service
Local
Show ssl-proxy conn
4tuple
Remote
Context name Module module
Ssl-proxy#show ssl-proxy conn
200.200.1438814 58796
Show ssl-proxy context name
Context Default
Show ssl-proxy context
Name Optional Name of the context
Brief
Show ssl-proxy crash-info
Show ssl-proxy crash-info brief details
Details
Stack top Printing 1024 bytes from stack top
Ssl-proxy#show ssl-proxy crash-info brief
Show ssl-proxy mac address
Show ssl-proxy mac address
Ssl-proxy#show ssl-proxy mac address
Context name
Show ssl-proxy natpool
Show ssl-proxy natpool namecontext name
Natpool
Http-header
Show ssl-proxy policy
Health-probe tcp
Url-rewrite
Ssl-proxy#show ssl-proxy policy ssl ssl-policy1
Ssl-proxy#show ssl-proxy policy tcp tcp-policy1
Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health
Ssl-proxy#show ssl-proxy service
Show ssl-proxy service
Show ssl-proxy service namecontext name
Ssl-proxy#show ssl-proxy service S6
Service client
Content
Show ssl-proxy stats
Show ssl-proxy stats type
Stats
This example shows how to display the TCP statistics
This example shows how to display the PKI statistics
This example shows how to display context statistics
Ssl-proxy#show ssl-proxy stats context Context name Default
Ssl-proxy# show ssl-proxy stats hdr
This example shows how to display content statistics
Ssl-proxy#show ssl-proxy stats content
Show ssl-proxy status
Show ssl-proxy status fdu ssl tcp
Show ssl-proxy status
TCP cpu is alive
Show ssl-proxy version
Show ssl-proxy version
Ssl-proxy#show ssl-proxy version
Debug
Show ssl-proxy vlan
Show ssl-proxy vlan vlan-iddebugmodule module
Optional Displays debug information
Snmp-server enable
Defaults Command Modes Command History Examples
Ssl-proxy context name No ssl-proxy context name
Command Purpose and Guidelines Defaults
Ssl-proxy context
Description description
Policy url-rewrite policy-name
Policy ssl policy-name
Policy tcp policy-name
Pool ca name
Ssl-proxy crypto selftest
Seconds Global configuration
This example shows how to start a cryptographic self-test
Time-interval
Ssl-proxy config# ssl-proxy mac address 00e0.b0ff.f232
This example shows how to configure a MAC address
Related Commands show ssl-proxy mac address
Ssl-proxy mac address
Ssl-proxy pki
This example shows how to specify the cache size
This example shows how to enable PKI event-history
Related Commands show ssl-proxy stats
Ssl-proxy crypto key unlock rsa
Key-name Name of the key Passphrase Pass phrase
Ssl-proxy ip-frag-ttl
Time is 6 seconds Global configuration
Ssl-proxyconfig#ssl-proxy ip-frag-ttl
Ssl-proxy ip-frag-ttl time
Ssl-proxy ssl ratelimit
Ssl-proxy config# ssl-proxy ssl ratelimit
Ssl-proxy config# no ssl-proxy ssl ratelimit
Ssl-proxy ssl ratelimit No ssl-proxy ssl ratelimit
Standby authentication
Group-number is String is cisco
Standby delay minimum reload
Min-delay is 1 second Reload-delay is 5 seconds
Show standby delay
Ssl-proxyconfig#interface ssl-proxy
Ssl-proxyconfig-subif#standby delay minimum 30 reload
Secondary
Defaults Command Modes Command History Usage Guidelines
Standby ip
Group-number is
Used by the hot standby group is learned using Hsrp
100
No standby group-numbermac-address
Standby mac-address
Standby group-numbermac-addressmac-address
Mac-address MAC address
Show standby
Ssl-proxyconfig-subif#standby 1 mac-address
That is used in the end nodes
102
Standby mac-refresh
Standby mac-refresh seconds no standby mac-refresh
103
Standby name group-name No standby name group-name
Hsrp is disabled
Standby name
Group-name Name of the standby group
Standby preempt
105
Clients
Operation returns to the default behavior
Leaves any synchronization delay if it was configured
To become the active router
No standby group-numberpriority priority
Standby priority
Standby group-numberpriority priority
Group-number is Priority is
This example shows how to change the router priority
108
Standby redirects
109
Show standby redirect
Related Commands show standby
Ssl-proxyconfig-subif#standby redirects timers 90
110
Optional Specifies the interval in milliseconds
Standby timers
Msec
111
112
Or comes back up
Standby track
Decrement priority
113
Related Commands standby preempt
Router a Configuration
Router B Configuration
114
Scope interface
Standby use-bia
Standby use-bia scope interface no standby use-bia
On which it was entered, instead of the major interface
Standby version 1
This example shows how to configure Hsrp version
Standby version
Specifies Hsrp version
Acronym Expansion
CDP
Cbac
CCA
CEF
Dscp
Dram
Dsap
Dspu
IDB
ICD
Icmp
IDP
Mdss
MD5
Mdix
MFD
Ospf
OSI
OSM
PAE
Rommon
Rmon
ROM
RPC
SVI
STP
SVC
TACACS+
XNS
Weighted round-robin
WRR
Xerox Network System
OL-9105-01
Acknowledgments for Open-Source Software
OL-9105-01
$ character
# character privileged Exec mode prompt
Asterisk + plus sign Period ? command Caret
IN-1
IN-2
IN-3
IN-4
TCP
IN-5
Configuration submode User Exec mode, summary
IN-6