Catalyst 6500 Series Switch SSL Services Module Command Reference
Corporate Headquarters
Release
Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS
Definitions of Service Request Severity
How to Find Command Options
Command-Line Interface
C O N T E N T S
service
Commands for the Catalyst 6500 Series Switch SSL Services Module
service client
natpool
ssl-proxy pki
snmp-server enable
Acronyms A-1
show ssl-proxy vlan
OL-9105-01
Contents
Catalyst 6500 Series Switch SSL Services Module Command Reference
Commands for the Catalyst
Command-Line Interface
Series Switch SSL Services
Preface
Convention
Conventions
boldface font
example, interface interface type
Product Documentation DVD
Obtaining Documentation
Cisco.com
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Obtaining Technical Assistance
Reporting Security Problems in Cisco Products
Cisco Technical Support & Documentation Website
Emergencies - security-alert@cisco.com
Definitions of Service Request Severity
Submitting a Service Request
xiii
Obtaining Additional Publications and Information
OL-9105-01
Catalyst 6500 Series Switch SSL Services Module Command Reference
Preface Obtaining Additional Publications and Information
Getting Help, page How to Find Command Options, page
Command-Line Interface
Understanding Command Modes, page
Using the No and Default Forms of Commands, page
Purpose
How to Find Command Options
Command
Table 1-2 How to Find Command Options
Command
Comment
Table 1-2 How to Find Command Options continued
Command
ssl-proxyconfig-if# channel-group 1 mode auto ?
ssl-proxyconfig-if# channel-group 1 mode auto
Access Method
Understanding Command Modes
configure terminal privileged EXEC
configure terminal
interface command
Using the No and Default Forms of Commands
image using the boot system flash filename
with an interface
Regular Expressions
Using the CLI String Search
Single-Character Patterns
Character
aeiou
\$ \ \+
abcdABCD
a-dA-D
Multipliers
Multiple-Character Patterns
telebit 3107 v32bis
ba?b
Anchoring
Alternation
A-Za-z0-9+
codex telebit
1300
Parentheses for Recall
1300$ 1300space space1300 1300, ,1300, 1300 ,1300
a.bc.\1\2
Chapter 1 Command-Line Interface Using the CLI String Search
1-12
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
C H A P T E R
Commands for the Catalyst 6500 Series Switch SSL Services Module
Defaults
service name
Command Modes Command History
clear ssl-proxy conn
clear ssl-proxy content all rewrite scanning module module
clear ssl-proxy content
Defaults Command Modes Command History
This example shows how to clear all of the content statistics
Usage Guidelines
clear ssl-proxy session
service name
Defaults
Command Modes
service name
clear ssl-proxy stats
ssl tcp url
Release
Command History Usage Guidelines Examples
Modification
context name
crypto pki export pem
Defaults
Command Modes Command History
Release
crypto pki import pem
Examples
crypto pki import pem
Defaults Command History Command History
Syntax Description
Release
151129.901 %SYS-5-CONFIGI Configured from console by console
2-10
Examples
crypto pki export pem
2-11
crypto pki export pkcs12
Defaults Command Modes Command History
Release
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-12
Catalyst 6500 Series Switch SSL Services Module Command Reference
ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blue
2-13
crypto pki import pkcs12
Defaults
Command Modes Command History
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-14
filename TP2? /users/admin-1/pkcs12/TP2.p12
Catalyst 6500 Series Switch SSL Services Module Command Reference
crypto key decrypt write rsa name key-name passphrase passphrase
crypto key decrypt rsa
passphrase passphrase
2-15
crypto key encrypt write rsa name key-name passphrase passphrase
crypto key encrypt rsa
2-16
Defaults
2-17
crypto key export rsa pem
Defaults Command Modes Command History
Syntax Description
2-18
This example shows how to export a key from the SSL Services Module
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-19
crypto key import rsa pem
Defaults Command Modes Command History
Syntax Description
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-20
ssl-proxyconfig# crypto key import rsa newkeys pem url scp password
Catalyst 6500 Series Switch SSL Services Module Command Reference
crypto key lock rsa name key-name passphrase passphrase
crypto key lock rsa
2-21
Defaults Command Modes Command History
crypto key unlock rsa name key-name passphrase passphrase
crypto key unlock rsa
2-22
Defaults Command Modes Command History
debug ssl-proxy
content type
pki type ssl type tcp type vlan
fdu type
2-24
Command History
content type
Release
Examples
This example shows how to turn on App debugging
2-25
Release
Command Modes
Modification
Usage Guidelines
default
Syntax Description Defaults Command Modes Command History
interface ssl-proxy
Syntax
text string delay minimum min-delay
standby group-number authentication
group-name preempt delayminimum
priority priority redirects enable
Examples
2-29
Related Commands show interfaces ssl-proxy show ssl-proxy vlan
show ssl-proxy natpool
natpool
2-30
Defaults
policy health-probe tcp
Syntax Description Defaults Command Modes
policy health-probe tcp policy-name
failed-interval is 60 seconds
open-timeout seconds
2-32
Syntax
Description
Related Commands show ssl-proxy policy show ssl-proxy service
2-33
client-cert pem
policy http-header
alias
Field To Insert
Field To Insert
2-35
Description
ClientCert-Subject-CN
2-36
Field to insert
Description
Syntax
prefix
client-ip-port
session
2-37
Related Commands show ssl-proxy policy
2-38
policy ssl
timeout session timeout absolute
2-39
Defaults
This command was changed to add the following subcommands
SSL Services Module
The policy ssl command entered in context subcommand mode replaces
the ssl-proxy policy ssl command entered in global subcommand mode
timeout handshake timeout
renegotiation volume size
help
renegotiation interval time
all-export-All export ciphers all-strong-All strong ciphers default
2-42
Examples
2-43
This example shows how to enter the SSL-policy configuration submode
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-44
Catalyst 6500 Series Switch SSL Services Module Command Reference
policy ssl
2-45
policy tcp
Defaults
Command Modes
delayed-ack-timeout timer
delayed-ack-threshold delay
no timeout fin-wait timeout-in-seconds
no timeout inactivity timeout-in-seconds
no tos carryover
no timeout reassembly time
2-47
Syntax
This example shows how to define the maximum size for the TCP segment
2-48
2-49
policy url-rewrite
Defaults
Command Modes
Examples
2-50
Enter the no form of the command to remove the policy
2-51
pool ca
Defaults Command Modes Command History
default
service client command
service
2-52
Defaults
default certificate inservice nat server
authenticate verify all signature-only
inservice
certificate rsa general-purpose trustpoint
Syntax
2-54
Description
virtual policy ssl ssl-policy-name
Related Commands show ssl-proxy service
2-55
policy health-probe tcp policy http-header
service client
2-56
Syntax Description Defaults Command Modes
virtual policy ssl ssl-policy-name
nat server client natpool-name
virtual policy tcp
vlan vlan
Examples
2-58
Related Commands show ssl-proxy service
show interfaces ssl-proxy 0.subinterface
show interfaces ssl-proxy
2-59
Defaults
show ssl-proxy buffers
This command has no default settings
show ssl-proxy buffers
2-60
show ssl-proxy certificate-history
show ssl-proxy certificate-history service name
2-61
Defaults Command Modes Command History
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-62
Catalyst 6500 Series Switch SSL Services Module Command Reference
Examples
2-63
Related Commands service
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
show ssl-proxy conn
show ssl-proxy conn service name context name module module
show ssl-proxy conn module module
4tuple
Release
2-65
Modification
context name
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-66
Catalyst 6500 Series Switch SSL Services Module Command Reference
ssl-proxy# show ssl-proxy conn service iis1
show ssl-proxy context name
show ssl-proxy context
2-67
Defaults
show ssl-proxy crash-info brief details
show ssl-proxy crash-info
brief
details
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-69
Catalyst 6500 Series Switch SSL Services Module Command Reference
show ssl-proxy crash-info
show ssl-proxy mac address
show ssl-proxy mac address
2-70
Syntax Description Defaults Command Modes Command History
show ssl-proxy natpool namecontext name
show ssl-proxy natpool
2-71
Defaults Command Modes Command History
url-rewrite name
show ssl-proxy policy
health-probe tcp
http-header
Reassembly timeout
2-73
Disabled
Delayed ACK timer
ssl-proxy# show ssl-proxy policy health-probe tcp tcp-health
2-74
policy tcp policy url-rewrite
show ssl-proxy service namecontext name
show ssl-proxy service
2-75
Defaults Command Modes Command History
Related Commands service
2-76
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
show ssl-proxy service
show ssl-proxy stats
content
show ssl-proxy stats type
2-77
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-78
Catalyst 6500 Series Switch SSL Services Module Command Reference
Examples
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-79
show ssl-proxy stats
ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-80
ssl-proxy# show ssl-proxy stats context Context name Default
Catalyst 6500 Series Switch SSL Services Module Command Reference
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-81
ssl-proxy# show ssl-proxy stats content
Catalyst 6500 Series Switch SSL Services Module Command Reference
show ssl-proxy status fdu ssl tcp
show ssl-proxy status
Syntax Description
Optional Displays the FDU status
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-83
Catalyst 6500 Series Switch SSL Services Module Command Reference
show ssl-proxy status
show ssl-proxy version
show ssl-proxy version
2-84
Syntax Description Defaults Command Modes Command History
show ssl-proxy vlan
Related Commands
show ssl-proxy vlan vlan-iddebugmodule module
2-85
Defaults Command Modes Command History Examples
snmp-server enable
informs
traps
ssl-proxy context name no ssl-proxy context name
ssl-proxy context
Purpose and Guidelines
description description
2-88
Purpose and Guidelines
Command
Defaults
ssl-proxy crypto selftest time-interval seconds
ssl-proxy crypto selftest
no ssl-proxy crypto selftest
time-interval
ssl-proxy mac address
This example shows how to configure a MAC address
ssl-proxy mac address mac-addr
2-90
authenticate
no ssl-proxy pki authenticate cache certificate history
timeout seconds
timeout minutes
Examples
2-92
Related Commands show ssl-proxy stats
ssl-proxy crypto key unlock rsa key-name passphrase passphrase
ssl-proxy crypto key unlock rsa
2-93
Defaults Command Modes Command History
ssl-proxy ip-frag-ttl time
ssl-proxy ip-frag-ttl
2-94
Syntax Description Defaults Command Modes
ssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit
ssl-proxy ssl ratelimit
2-95
Defaults
standby group-number authentication text string
standby authentication
no standby group-number authentication text string
2-96
standby delay minimum min-delay reload reload-delay
standby delay minimum reload
no standby delay minimum min-delay reload reload-delay
2-97
2-98
show standby delay
Related Commands
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
standby ip
Defaults Command Modes Command History Usage Guidelines
2-99
Syntax Description
Examples
2-100
used by the hot standby group is learned using HSRP
no standby group-number mac-address
standby mac-address
APPN
2-101
Examples
show standby
2-102
standby mac-refresh seconds no standby mac-refresh
standby mac-refresh
2-103
Defaults Command Modes Command History
standby name
This example shows how to specifiy the standby name as SanJoseHA
standby name group-name no standby name group-name
2-104
2-105
standby preempt
Defaults
Command Modes Command History
Examples
2-106
ssl-proxy config-subif# standby preempt delay minimum
no standby group-number priority priority
standby priority
2-107
Defaults Command Modes Command History
Related Commands
2-108
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
disable
enable
timers
standby redirects
Related Commands show standby
This example shows how to allow HSRP to filter ICMP redirect messages
show standby redirect
2-110
2-111
standby timers
Defaults
Command Modes Command History
timers 5
2-112
standby timers msec 300 msec
Examples
2-113
standby track
Defaults Command Modes Command History
Syntax Description
Router B Configuration
Router A Configuration
Related Commands standby preempt
2-114
standby use-bia scope interface no standby use-bia
standby use-bia
scope interface
2-115
standby version
This example shows how to configure HSRP version
standby version 1
Specifies HSRP version
A P P E N D I X A
Acronyms
Acronym
Expansion
Table A-1 List of Acronyms continued
Acronym
Expansion
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Acronym
Catalyst 6500 Series Switch SSL Services Module Command Reference
Expansion
Table A-1 List of Acronyms continued
Catalyst 6500 Series Switch SSL Services Module Command Reference
A-10
Appendix A Acronyms
OL-9105-01
A P P E N D I X B
Acknowledgments for Open-Source Software
OL-9105-01
Catalyst 6500 Series Switch SSL Services Module Command Reference
Appendix B Acronyms
Numerics
Symbols
I N D E
IN-1
IN-2
secondary interface
IN-3
configuring
IN-4
IN-5
Catalyst 6500 Series Switch SSL Services Module Command Reference
IN-6
Index
OL-9105-01