Cisco Systems, Inc 170 West Tasman Drive San Jose, CA
Corporate Headquarters
Catalyst 6500 Series Switch SSL Services Module Command Reference
Release
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS
C O N T E N T S
How to Find Command Options
Definitions of Service Request Severity
Command-Line Interface
natpool
Commands for the Catalyst 6500 Series Switch SSL Services Module
service
service client
show ssl-proxy vlan
snmp-server enable
ssl-proxy pki
Acronyms A-1
Contents
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Preface
Command-Line Interface
Commands for the Catalyst
Series Switch SSL Services
example, interface interface type
Conventions
Convention
boldface font
Obtaining Documentation
Cisco.com
Product Documentation DVD
Documentation Feedback
Cisco Product Security Overview
Ordering Documentation
Emergencies - security-alert@cisco.com
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Submitting a Service Request
xiii
Obtaining Additional Publications and Information
Catalyst 6500 Series Switch SSL Services Module Command Reference
Preface Obtaining Additional Publications and Information
OL-9105-01
Using the No and Default Forms of Commands, page
Command-Line Interface
Getting Help, page How to Find Command Options, page
Understanding Command Modes, page
How to Find Command Options
Command
Purpose
Command
Comment
Table 1-2 How to Find Command Options
ssl-proxyconfig-if# channel-group 1 mode auto
Command
Table 1-2 How to Find Command Options continued
ssl-proxyconfig-if# channel-group 1 mode auto ?
configure terminal
Understanding Command Modes
Access Method
configure terminal privileged EXEC
with an interface
Using the No and Default Forms of Commands
interface command
image using the boot system flash filename
Character
Using the CLI String Search
Regular Expressions
Single-Character Patterns
a-dA-D
\$ \ \+
aeiou
abcdABCD
ba?b
Multiple-Character Patterns
Multipliers
telebit 3107 v32bis
codex telebit
Alternation
Anchoring
A-Za-z0-9+
a.bc.\1\2
Parentheses for Recall
1300
1300$ 1300space space1300 1300, ,1300, 1300 ,1300
OL-9105-01
1-12
Chapter 1 Command-Line Interface Using the CLI String Search
Catalyst 6500 Series Switch SSL Services Module Command Reference
C H A P T E R
Commands for the Catalyst 6500 Series Switch SSL Services Module
clear ssl-proxy conn
service name
Defaults
Command Modes Command History
This example shows how to clear all of the content statistics
clear ssl-proxy content
clear ssl-proxy content all rewrite scanning module module
Defaults Command Modes Command History
Defaults
clear ssl-proxy session
Usage Guidelines
service name
ssl tcp url
service name
Command Modes
clear ssl-proxy stats
context name
Command History Usage Guidelines Examples
Release
Modification
Release
Defaults
crypto pki export pem
Command Modes Command History
crypto pki import pem
Examples
Release
Defaults Command History Command History
crypto pki import pem
Syntax Description
crypto pki export pem
2-10
151129.901 %SYS-5-CONFIGI Configured from console by console
Examples
Release
crypto pki export pkcs12
2-11
Defaults Command Modes Command History
ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blue
2-12
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Command Modes Command History
crypto pki import pkcs12
2-13
Defaults
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-14
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
filename TP2? /users/admin-1/pkcs12/TP2.p12
2-15
crypto key decrypt rsa
crypto key decrypt write rsa name key-name passphrase passphrase
passphrase passphrase
Defaults
crypto key encrypt rsa
crypto key encrypt write rsa name key-name passphrase passphrase
2-16
Syntax Description
crypto key export rsa pem
2-17
Defaults Command Modes Command History
Catalyst 6500 Series Switch SSL Services Module Command Reference
This example shows how to export a key from the SSL Services Module
2-18
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Syntax Description
crypto key import rsa pem
2-19
Defaults Command Modes Command History
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-20
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
ssl-proxyconfig# crypto key import rsa newkeys pem url scp password
Defaults Command Modes Command History
crypto key lock rsa
crypto key lock rsa name key-name passphrase passphrase
2-21
Defaults Command Modes Command History
crypto key unlock rsa
crypto key unlock rsa name key-name passphrase passphrase
2-22
fdu type
content type
debug ssl-proxy
pki type ssl type tcp type vlan
Release
Command History
2-24
content type
This example shows how to turn on App debugging
2-25
Examples
Usage Guidelines
Command Modes
Release
Modification
Syntax
Syntax Description Defaults Command Modes Command History
default
interface ssl-proxy
priority priority redirects enable
standby group-number authentication
text string delay minimum min-delay
group-name preempt delayminimum
2-29
Related Commands show interfaces ssl-proxy show ssl-proxy vlan
Examples
Defaults
natpool
show ssl-proxy natpool
2-30
failed-interval is 60 seconds
Syntax Description Defaults Command Modes
policy health-probe tcp
policy health-probe tcp policy-name
Description
2-32
open-timeout seconds
Syntax
Related Commands show ssl-proxy policy show ssl-proxy service
2-33
Field To Insert
policy http-header
client-cert pem
alias
ClientCert-Subject-CN
2-35
Field To Insert
Description
Syntax
Field to insert
2-36
Description
2-37
client-ip-port
prefix
session
Related Commands show ssl-proxy policy
2-38
Defaults
timeout session timeout absolute
policy ssl
2-39
the ssl-proxy policy ssl command entered in global subcommand mode
SSL Services Module
This command was changed to add the following subcommands
The policy ssl command entered in context subcommand mode replaces
renegotiation interval time
renegotiation volume size
timeout handshake timeout
help
all-export-All export ciphers all-strong-All strong ciphers default
2-42
2-43
This example shows how to enter the SSL-policy configuration submode
Examples
policy ssl
2-44
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Command Modes
policy tcp
2-45
Defaults
no timeout inactivity timeout-in-seconds
delayed-ack-threshold delay
delayed-ack-timeout timer
no timeout fin-wait timeout-in-seconds
Syntax
no timeout reassembly time
no tos carryover
2-47
This example shows how to define the maximum size for the TCP segment
2-48
Command Modes
policy url-rewrite
2-49
Defaults
2-50
Enter the no form of the command to remove the policy
Examples
default
pool ca
2-51
Defaults Command Modes Command History
Defaults
service
service client command
2-52
certificate rsa general-purpose trustpoint
authenticate verify all signature-only
default certificate inservice nat server
inservice
virtual policy ssl ssl-policy-name
2-54
Syntax
Description
Related Commands show ssl-proxy service
2-55
Syntax Description Defaults Command Modes
service client
policy health-probe tcp policy http-header
2-56
vlan vlan
nat server client natpool-name
virtual policy ssl ssl-policy-name
virtual policy tcp
2-58
Related Commands show ssl-proxy service
Examples
Defaults
show interfaces ssl-proxy
show interfaces ssl-proxy 0.subinterface
2-59
2-60
This command has no default settings
show ssl-proxy buffers
show ssl-proxy buffers
Defaults Command Modes Command History
show ssl-proxy certificate-history service name
show ssl-proxy certificate-history
2-61
Examples
2-62
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Catalyst 6500 Series Switch SSL Services Module Command Reference
Related Commands service
2-63
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
4tuple
show ssl-proxy conn service name context name module module
show ssl-proxy conn
show ssl-proxy conn module module
context name
2-65
Release
Modification
ssl-proxy# show ssl-proxy conn service iis1
2-66
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Defaults
show ssl-proxy context
show ssl-proxy context name
2-67
details
show ssl-proxy crash-info
show ssl-proxy crash-info brief details
brief
show ssl-proxy crash-info
2-69
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Syntax Description Defaults Command Modes Command History
show ssl-proxy mac address
show ssl-proxy mac address
2-70
Defaults Command Modes Command History
show ssl-proxy natpool
show ssl-proxy natpool namecontext name
2-71
http-header
show ssl-proxy policy
url-rewrite name
health-probe tcp
Delayed ACK timer
2-73
Reassembly timeout
Disabled
2-74
policy tcp policy url-rewrite
ssl-proxy# show ssl-proxy policy health-probe tcp tcp-health
Defaults Command Modes Command History
show ssl-proxy service
show ssl-proxy service namecontext name
2-75
show ssl-proxy service
2-76
Related Commands service
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
2-77
content
show ssl-proxy stats
show ssl-proxy stats type
Examples
2-78
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters
2-79
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
show ssl-proxy stats
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-80
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
ssl-proxy# show ssl-proxy stats context Context name Default
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-81
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
ssl-proxy# show ssl-proxy stats content
Optional Displays the FDU status
show ssl-proxy status
show ssl-proxy status fdu ssl tcp
Syntax Description
show ssl-proxy status
2-83
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
Catalyst 6500 Series Switch SSL Services Module Command Reference
Syntax Description Defaults Command Modes Command History
show ssl-proxy version
show ssl-proxy version
2-84
2-85
Related Commands
show ssl-proxy vlan
show ssl-proxy vlan vlan-iddebugmodule module
traps
snmp-server enable
Defaults Command Modes Command History Examples
informs
description description
ssl-proxy context
ssl-proxy context name no ssl-proxy context name
Purpose and Guidelines
Defaults
Purpose and Guidelines
2-88
Command
time-interval
ssl-proxy crypto selftest
ssl-proxy crypto selftest time-interval seconds
no ssl-proxy crypto selftest
2-90
This example shows how to configure a MAC address
ssl-proxy mac address
ssl-proxy mac address mac-addr
timeout minutes
no ssl-proxy pki authenticate cache certificate history
authenticate
timeout seconds
2-92
Related Commands show ssl-proxy stats
Examples
Defaults Command Modes Command History
ssl-proxy crypto key unlock rsa
ssl-proxy crypto key unlock rsa key-name passphrase passphrase
2-93
Syntax Description Defaults Command Modes
ssl-proxy ip-frag-ttl
ssl-proxy ip-frag-ttl time
2-94
Defaults
ssl-proxy ssl ratelimit
ssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit
2-95
2-96
standby authentication
standby group-number authentication text string
no standby group-number authentication text string
2-97
standby delay minimum reload
standby delay minimum min-delay reload reload-delay
no standby delay minimum min-delay reload reload-delay
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
show standby delay
2-98
Related Commands
Syntax Description
Defaults Command Modes Command History Usage Guidelines
standby ip
2-99
2-100
used by the hot standby group is learned using HSRP
Examples
2-101
standby mac-address
no standby group-number mac-address
APPN
show standby
2-102
Examples
Defaults Command Modes Command History
standby mac-refresh
standby mac-refresh seconds no standby mac-refresh
2-103
2-104
This example shows how to specifiy the standby name as SanJoseHA
standby name
standby name group-name no standby name group-name
Command Modes Command History
standby preempt
2-105
Defaults
2-106
ssl-proxy config-subif# standby preempt delay minimum
Examples
Defaults Command Modes Command History
standby priority
no standby group-number priority priority
2-107
Catalyst 6500 Series Switch SSL Services Module Command Reference
2-108
Related Commands
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
standby redirects
enable
disable
timers
2-110
This example shows how to allow HSRP to filter ICMP redirect messages
Related Commands show standby
show standby redirect
Command Modes Command History
standby timers
2-111
Defaults
Examples
2-112
timers 5
standby timers msec 300 msec
Syntax Description
standby track
2-113
Defaults Command Modes Command History
2-114
Router A Configuration
Router B Configuration
Related Commands standby preempt
2-115
standby use-bia
standby use-bia scope interface no standby use-bia
scope interface
Specifies HSRP version
This example shows how to configure HSRP version
standby version
standby version 1
Expansion
Acronyms
A P P E N D I X A
Acronym
Acronym
Expansion
Table A-1 List of Acronyms continued
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Expansion
Acronym
Table A-1 List of Acronyms continued
Catalyst 6500 Series Switch SSL Services Module Command Reference
Acronym
Expansion
OL-9105-01
A-10
Catalyst 6500 Series Switch SSL Services Module Command Reference
Appendix A Acronyms
A P P E N D I X B
Acknowledgments for Open-Source Software
Catalyst 6500 Series Switch SSL Services Module Command Reference
Appendix B Acronyms
OL-9105-01
IN-1
Symbols
Numerics
I N D E
IN-2
IN-3
configuring
secondary interface
IN-4
IN-5
OL-9105-01
IN-6
Catalyst 6500 Series Switch SSL Services Module Command Reference
Index
