Release
Corporate Headquarters
Catalyst 6500 Series Switch SSL Services Module Command Reference
Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS
Command-Line Interface
How to Find Command Options
Definitions of Service Request Severity
C O N T E N T S
service client
Commands for the Catalyst 6500 Series Switch SSL Services Module
service
natpool
Acronyms A-1
snmp-server enable
ssl-proxy pki
show ssl-proxy vlan
Catalyst 6500 Series Switch SSL Services Module Command Reference
Contents
OL-9105-01
Series Switch SSL Services
Command-Line Interface
Commands for the Catalyst
Preface
boldface font
Conventions
Convention
example, interface interface type
Cisco.com
Obtaining Documentation
Product Documentation DVD
Cisco Product Security Overview
Documentation Feedback
Ordering Documentation
Cisco Technical Support & Documentation Website
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Emergencies - security-alert@cisco.com
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
xiii
Preface Obtaining Additional Publications and Information
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Understanding Command Modes, page
Command-Line Interface
Getting Help, page How to Find Command Options, page
Using the No and Default Forms of Commands, page
Command
How to Find Command Options
Purpose
Comment
Command
Table 1-2 How to Find Command Options
ssl-proxyconfig-if# channel-group 1 mode auto ?
Command
Table 1-2 How to Find Command Options continued
ssl-proxyconfig-if# channel-group 1 mode auto
configure terminal privileged EXEC
Understanding Command Modes
Access Method
configure terminal
image using the boot system flash filename
Using the No and Default Forms of Commands
interface command
with an interface
Single-Character Patterns
Using the CLI String Search
Regular Expressions
Character
abcdABCD
\$ \ \+
aeiou
a-dA-D
telebit 3107 v32bis
Multiple-Character Patterns
Multipliers
ba?b
A-Za-z0-9+
Alternation
Anchoring
codex telebit
1300$ 1300space space1300 1300, ,1300, 1300 ,1300
Parentheses for Recall
1300
a.bc.\1\2
Catalyst 6500 Series Switch SSL Services Module Command Reference
1-12
Chapter 1 Command-Line Interface Using the CLI String Search
OL-9105-01
Commands for the Catalyst 6500 Series Switch SSL Services Module
C H A P T E R
Command Modes Command History
service name
Defaults
clear ssl-proxy conn
Defaults Command Modes Command History
clear ssl-proxy content
clear ssl-proxy content all rewrite scanning module module
This example shows how to clear all of the content statistics
service name
clear ssl-proxy session
Usage Guidelines
Defaults
clear ssl-proxy stats
service name
Command Modes
ssl tcp url
Modification
Command History Usage Guidelines Examples
Release
context name
Command Modes Command History
Defaults
crypto pki export pem
Release
Examples
crypto pki import pem
Syntax Description
Defaults Command History Command History
crypto pki import pem
Release
Examples
2-10
151129.901 %SYS-5-CONFIGI Configured from console by console
crypto pki export pem
Defaults Command Modes Command History
crypto pki export pkcs12
2-11
Release
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-12
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blue
Defaults
crypto pki import pkcs12
2-13
Command Modes Command History
filename TP2? /users/admin-1/pkcs12/TP2.p12
2-14
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
passphrase passphrase
crypto key decrypt rsa
crypto key decrypt write rsa name key-name passphrase passphrase
2-15
2-16
crypto key encrypt rsa
crypto key encrypt write rsa name key-name passphrase passphrase
Defaults
Defaults Command Modes Command History
crypto key export rsa pem
2-17
Syntax Description
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
This example shows how to export a key from the SSL Services Module
2-18
Catalyst 6500 Series Switch SSL Services Module Command Reference
Defaults Command Modes Command History
crypto key import rsa pem
2-19
Syntax Description
ssl-proxyconfig# crypto key import rsa newkeys pem url scp password
2-20
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-21
crypto key lock rsa
crypto key lock rsa name key-name passphrase passphrase
Defaults Command Modes Command History
2-22
crypto key unlock rsa
crypto key unlock rsa name key-name passphrase passphrase
Defaults Command Modes Command History
pki type ssl type tcp type vlan
content type
debug ssl-proxy
fdu type
content type
Command History
2-24
Release
2-25
This example shows how to turn on App debugging
Examples
Modification
Command Modes
Release
Usage Guidelines
interface ssl-proxy
Syntax Description Defaults Command Modes Command History
default
Syntax
group-name preempt delayminimum
standby group-number authentication
text string delay minimum min-delay
priority priority redirects enable
Related Commands show interfaces ssl-proxy show ssl-proxy vlan
2-29
Examples
2-30
natpool
show ssl-proxy natpool
Defaults
policy health-probe tcp policy-name
Syntax Description Defaults Command Modes
policy health-probe tcp
failed-interval is 60 seconds
Syntax
2-32
open-timeout seconds
Description
2-33
Related Commands show ssl-proxy policy show ssl-proxy service
alias
policy http-header
client-cert pem
Field To Insert
Description
2-35
Field To Insert
ClientCert-Subject-CN
Description
Field to insert
2-36
Syntax
session
client-ip-port
prefix
2-37
2-38
Related Commands show ssl-proxy policy
2-39
timeout session timeout absolute
policy ssl
Defaults
The policy ssl command entered in context subcommand mode replaces
SSL Services Module
This command was changed to add the following subcommands
the ssl-proxy policy ssl command entered in global subcommand mode
help
renegotiation volume size
timeout handshake timeout
renegotiation interval time
2-42
all-export-All export ciphers all-strong-All strong ciphers default
This example shows how to enter the SSL-policy configuration submode
2-43
Examples
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-44
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
policy ssl
Defaults
policy tcp
2-45
Command Modes
no timeout fin-wait timeout-in-seconds
delayed-ack-threshold delay
delayed-ack-timeout timer
no timeout inactivity timeout-in-seconds
2-47
no timeout reassembly time
no tos carryover
Syntax
2-48
This example shows how to define the maximum size for the TCP segment
Defaults
policy url-rewrite
2-49
Command Modes
Enter the no form of the command to remove the policy
2-50
Examples
Defaults Command Modes Command History
pool ca
2-51
default
2-52
service
service client command
Defaults
inservice
authenticate verify all signature-only
default certificate inservice nat server
certificate rsa general-purpose trustpoint
Description
2-54
Syntax
virtual policy ssl ssl-policy-name
2-55
Related Commands show ssl-proxy service
2-56
service client
policy health-probe tcp policy http-header
Syntax Description Defaults Command Modes
virtual policy tcp
nat server client natpool-name
virtual policy ssl ssl-policy-name
vlan vlan
Related Commands show ssl-proxy service
2-58
Examples
2-59
show interfaces ssl-proxy
show interfaces ssl-proxy 0.subinterface
Defaults
show ssl-proxy buffers
This command has no default settings
show ssl-proxy buffers
2-60
2-61
show ssl-proxy certificate-history service name
show ssl-proxy certificate-history
Defaults Command Modes Command History
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-62
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Examples
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Related Commands service
2-63
Catalyst 6500 Series Switch SSL Services Module Command Reference
show ssl-proxy conn module module
show ssl-proxy conn service name context name module module
show ssl-proxy conn
4tuple
Modification
2-65
Release
context name
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-66
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
ssl-proxy# show ssl-proxy conn service iis1
2-67
show ssl-proxy context
show ssl-proxy context name
Defaults
brief
show ssl-proxy crash-info
show ssl-proxy crash-info brief details
details
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-69
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
show ssl-proxy crash-info
2-70
show ssl-proxy mac address
show ssl-proxy mac address
Syntax Description Defaults Command Modes Command History
2-71
show ssl-proxy natpool
show ssl-proxy natpool namecontext name
Defaults Command Modes Command History
health-probe tcp
show ssl-proxy policy
url-rewrite name
http-header
Disabled
2-73
Reassembly timeout
Delayed ACK timer
policy tcp policy url-rewrite
2-74
ssl-proxy# show ssl-proxy policy health-probe tcp tcp-health
2-75
show ssl-proxy service
show ssl-proxy service namecontext name
Defaults Command Modes Command History
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-76
Related Commands service
show ssl-proxy service
show ssl-proxy stats type
content
show ssl-proxy stats
2-77
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-78
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Examples
show ssl-proxy stats
2-79
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters
ssl-proxy# show ssl-proxy stats context Context name Default
2-80
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
ssl-proxy# show ssl-proxy stats content
2-81
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Syntax Description
show ssl-proxy status
show ssl-proxy status fdu ssl tcp
Optional Displays the FDU status
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-83
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
show ssl-proxy status
2-84
show ssl-proxy version
show ssl-proxy version
Syntax Description Defaults Command Modes Command History
show ssl-proxy vlan vlan-iddebugmodule module
Related Commands
show ssl-proxy vlan
2-85
informs
snmp-server enable
Defaults Command Modes Command History Examples
traps
Purpose and Guidelines
ssl-proxy context
ssl-proxy context name no ssl-proxy context name
description description
Command
Purpose and Guidelines
2-88
Defaults
no ssl-proxy crypto selftest
ssl-proxy crypto selftest
ssl-proxy crypto selftest time-interval seconds
time-interval
ssl-proxy mac address mac-addr
This example shows how to configure a MAC address
ssl-proxy mac address
2-90
timeout seconds
no ssl-proxy pki authenticate cache certificate history
authenticate
timeout minutes
Related Commands show ssl-proxy stats
2-92
Examples
2-93
ssl-proxy crypto key unlock rsa
ssl-proxy crypto key unlock rsa key-name passphrase passphrase
Defaults Command Modes Command History
2-94
ssl-proxy ip-frag-ttl
ssl-proxy ip-frag-ttl time
Syntax Description Defaults Command Modes
2-95
ssl-proxy ssl ratelimit
ssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit
Defaults
no standby group-number authentication text string
standby authentication
standby group-number authentication text string
2-96
no standby delay minimum min-delay reload reload-delay
standby delay minimum reload
standby delay minimum min-delay reload reload-delay
2-97
Related Commands
show standby delay
2-98
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-99
Defaults Command Modes Command History Usage Guidelines
standby ip
Syntax Description
used by the hot standby group is learned using HSRP
2-100
Examples
APPN
standby mac-address
no standby group-number mac-address
2-101
2-102
show standby
Examples
2-103
standby mac-refresh
standby mac-refresh seconds no standby mac-refresh
Defaults Command Modes Command History
standby name group-name no standby name group-name
This example shows how to specifiy the standby name as SanJoseHA
standby name
2-104
Defaults
standby preempt
2-105
Command Modes Command History
ssl-proxy config-subif# standby preempt delay minimum
2-106
Examples
2-107
standby priority
no standby group-number priority priority
Defaults Command Modes Command History
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-108
Related Commands
Catalyst 6500 Series Switch SSL Services Module Command Reference
timers
enable
disable
standby redirects
show standby redirect
This example shows how to allow HSRP to filter ICMP redirect messages
Related Commands show standby
2-110
Defaults
standby timers
2-111
Command Modes Command History
standby timers msec 300 msec
2-112
timers 5
Examples
Defaults Command Modes Command History
standby track
2-113
Syntax Description
Related Commands standby preempt
Router A Configuration
Router B Configuration
2-114
scope interface
standby use-bia
standby use-bia scope interface no standby use-bia
2-115
standby version 1
This example shows how to configure HSRP version
standby version
Specifies HSRP version
Acronym
Acronyms
A P P E N D I X A
Expansion
Expansion
Acronym
Table A-1 List of Acronyms continued
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Expansion
Catalyst 6500 Series Switch SSL Services Module Command Reference
Acronym
Table A-1 List of Acronyms continued
Appendix A Acronyms
A-10
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Acknowledgments for Open-Source Software
A P P E N D I X B
Appendix B Acronyms
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
I N D E
Symbols
Numerics
IN-1
IN-2
configuring
IN-3
secondary interface
IN-4
IN-5
Index
IN-6
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
