Manuals / Intel / TV and Video / TV Mount

Intel A31032-001 manual RSC Refused SSL Connections, Extended Data, RSC Alarm CLI Commands

Models: A31032-001

1 196

Download 196 pages 18.6 Kb

Page 132

C H A P T E R 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide

FNTB: indicates front panel-controlled bypass

FNTI: indicates front panel-controlled inline

APPR: indicates application restart

RSC: Refused SSL Connections

When enabled, an alarm is generated whenever SSL connections are refused for cipher suite mismatch or client certificate authentication failure during the current user-specified period (5 to 65000 seconds, default: 15 seconds). The total number of refused SSL connections is reported along with the reason for refusal. This alarm can be enabled or disabled at the CLI.

Format:

A:yyyymmddhhmmss:RSC:CSMMCCAF:XXX:

/*message*/

Where:

A:identifies the message as an alarm. yyyymmddhhmmss: is the timestamp.

RSC: identifies the message as an Refused SSL Connections Alarm.

Alarm Modifiers and Messages

CSMM: Cipher suite mismatch

CCAF: Client certificate authenticate failure

Extended Data

XXX:An integer value indicating the number of refused SSL connections that occurred in the current alarm period.

RSC Alarm CLI Commands

To set Overload Alarm time window:

set rsc_window <seconds> (Range: 5-65000,

default: 15)

7-4

Image 132

Intel A31032-001 RSC Refused SSL Connections, Extended Data, RSC Alarm CLI Commands, To set Overload Alarm time window

Contents

Intel NetStructure 7110/7115 e-Commerce Accelerator VersionCopyright TrademarksTable of Contents Theory of Operation Scenarios Remote Management Alarms and Monitoring Troubleshooting Appendix a Front Panel List of Figures Xii Introduction About this User GuideNew in This Release Remote ManagementWho Should Use this Book Before You BeginHow to Use this Book Glossary defines terms appearing in this User Guide Page Installation and Initial Configuration Installing the 7110/7115 Free- Standing or in a Rack Rack InstallationFree-Standing Installation Network ConnectionsAdmin Terminal Connection Status CheckNetwork and Server LEDs Inline LEDHyperTerminal§ Paste Operations Troubleshooting Continuing ConfigurationServer and Network LEDs Theory of Operation SecuritySingle Server Acceleration 7110/7115 in Single Server Configuration Multiple ServersWorking with Internet Traffic Management ITM Devices Positioning 7110/7115 between ITM Device and Client NetworkPositioning 7110/7115 between ITM Device and Server Scalability and CascadingSpilling and Throttling Keys and Certificates AvailabilityCutting and Pasting with HyperTerminal§ Procedure Create a key Type the create key command at the promptCreate a Certificate Signing Request Intel 7115 create signCertificate REQUEST----- lines Intel 7115 export sign mywebserverAsciix Enter Typically, the CSR will look something like this EnterSave the configuration when the server has been mapped Exporting a Key/Certificate from a ServerApache Interface to Open SSL§ modssl Apache SSL§ Stronghold§ Importing into the 7110/7115Intel 7115 import key mywebserver Save the configuration when the server has been mapped Enter the create cert command with the keyID Creating a new Key/Certificate on the 7110/7115Create a key as follows Intel 7115 create cert mywebserverGlobal Site Certificates OverviewGlobal Site Certificate Paste Procedure ExampleIntel 7115 import cert keyID A P T E R Redirection Clients and Unsupported Ciphers Intel 7115 set redirectClient Authentication To disable a redirect URL for a mappingIntel 7115 show redirect Intel 7115 set redirect 2 none Intel 7115 show redirectNext, import the client CA certificate for Map ID Intel 7115 import clientcaCreating a Client CA Certificate using OpenSSL§ Generate the client CA certificateGenerate a certificate signing request SSL Processing MappingAutomapping Automapping with user-specified key and certificate Automapping with multiple port combinationsDeleting automapping entries Manual mappingUse the show block command to verify Combining automapping and manual mappingSubnet IP, Specific Port All IPs, Specific PortUse show block to verify Use the show block command to confirm the block Delete a BlockIntel 7115 delete block Failure Conditions, Fail-safe, and Fail-through Scenarios Syntax Procedure for Scenario Manual ConfigurationScenario 1-Single Server Intel 7115delete map 1 Intel 7115list maps This scenario shows how to configure two or more servers Scenario 2-Multiple ServersID KeyID Scenario 3-Multiple 7110/ 7115s, Cascaded AssumptionsIntel 7115 export config Multiple Cascaded 7110/7115sSave the configuration Intel 7115 import configAfter verification y or refusal n, the prompt reappears To reverse this process Intel 7115set egressmac noneCommand Reference Online HelpCommand Line Interface User AuthenticationCommand Line Prompt Abbreviation to UniquenessA P T E R Command Line Interface Input Editing Commands Command HistoryMoving the Insertion Point Cut and Paste Command Summary Command Command Options Import Nic Password RebootInline List Command Command Options Set Command Command Options Show Setsnmp ShowsnmpStatus TtycharCommand Reference Help CommandsStatus Command SSL Commands Command Description Create keyDelete key Import keyCommand Description Export key Show keyList keys Command Description Create cert Delete certImport cert Export certCommand Description Show cert Display the expanded certificate including PEM formatDisplays all certificates Set ciphersCommand Description Set redirect Show redirectShow clientca Command Description Import clientca Delete clientcaCreate sign Command Description Delete sign Export signShow sign keyID Command Description Set defcert Issuer e-mail address. You can change all, some or noneDisplay the default certificate creation information FieldCommand Description Set kstrength Show kstrengthSet clienttmo Show clienttmoCommand Description Set servertmo Displays the currently specified server timeout valueClient request is rejected Show servertmoPort Mapping Commands Command Definition Create blockDelete block Show blockCommand Definition Create permit Delete permitShow permit Command Definition Create map Delete map mapIDShow map List mapsOperational Commands Command Description BypassInline Command Description Set spill Show spillRemote Management Commands Command Description Set ipMaxremotesessions Command Description Set telnet Show telnetSet telnetport Command Description Show telnetport Set sshShow ssh Set sshportCommand Description Setsnmp snmp Showsnmp snmpSetsnmp snmpinfo CommandDescription SnmpcommunityDelete Snmp community strings Command Description Setsnmp trapauthen TrapcommunityList trapcommunity Delete trapcommunity Delete Snmp trap community strings Intel 7115 delete trapcommunityAlarms and Monitoring Commands Command Description Set alarmsShow alarms Set rscwindowCommand Description Show rscwindow Set utlwindowSet utlhighwater Command Description Set utllowwater Show utlwindowShow utlhighwater Show utllowwaterCommandDescription Show ovlwindow Intel 7115 show ovlwindowConfiguration Commands Command Description Show configDisplay current volatile configuration settings Intel 7115 show config default Default configuration Command Description Config compare Config resetConfig default Config saveCommand Description Export config Configuration specifics are displayedImport config Import a configuration file paste, xmodem, uudecodeCommand Description Import upgrade Import patchList system Command Description Factorydefault Returns to factory configuration settingsAdministration Commands Command Description PasswordShow info Set dateCommand Description Set egressmac Set etherShow ether Set idletoCommand Description Set more NicSet prompt Set serialLogging Commands Command Description Show serialCommand Description ExitCommand Description Delete log Delete saved log/trace files from /flash/logsAll deletes all logs List logsRemote Management OverviewRemote Management CLI Commands LimitationsA P T E R Overview Remote Telnet Sessions Local Serial ConsoleRemote Console, Telnet Changing the Telnet PortTo display the Telnet port Unix-prompttelnetTo verify Telnet disable Enable remote SSh sessionsRemote SSh Sessions Disabling TelnetUnix-promptssh -1 admin PasswordpasswordRemote Console, SSh Changing the SSh PortTo verify SSh disable Intel 7115 set ssh disableDisabling SSh To display the SSh portStandards Compliance Intel MIB TreeWhere to find MIB Files Supported MIBsManagement Information Base-II MIB-II Intel Enterprise MIBs Ceo-header.myEnterprise Private MIB Summary Following is a summary of the 7110/7115 private MIBPage Snmp ThrottlesPerSec Number of throttles per second Snmp Trap Summary Standard Snmp TrapsPrivate Traps in ssl-appliance-mib.my Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmp Intel 7115 setsnmp snmp disable Intel 7115 showsnmp snmpEnabling Snmp Specifying Snmp Information Intel 7115 showsnmp snmpinfoCommunity String Intel 7115 delete snmpcommunityUse CLI commands, setsnmp trapcommunity, list Trap Community StringAccess Control Page Alarms Monitoring CLI commands for alarm configuration are Set alarms All, esc, rsc, utl, ovl, nls None Show alarmsAlarm Types ESC Encryption Status Change AlarmAlarm Modifiers and Messages For exampleRSC Alarm CLI Commands To set Overload Alarm time windowRSC Refused SSL Connections Extended DataUTL Utilization Threshold Alarm To display Overload Alarm time windowThis alarm monitors three utilization threshold values Intel 7115 set rscwindow Intel 7115 show rscwindowUTL Alarm CLI commands To set Utilization Threshold Alarm time windowTo set Utilization Threshold Alarm high-water value To set Utilization Threshold Alarm low-water valueOVL Overload Alarm OVL Alarm CLI CommandsIntel 7115 set ovlwindow seconds Range Intel 7115 set ovlwindow Intel 7115 show ovlwindowAlarm Logging NLS Network Link Status AlarmIntel 7115 status Respend Inline Ip 10.1.11.34 netmask Example, status alarms command Intel 7115 status alarmsReport Configuration MonitoringMonitoring Reports Monitor report formatMonitoring Reports CLI Commands Intel 7115 set monitoringfieldsIntel 7115 set monitoring enable Intel 7115 show monitoring Intel 7115 show monitoringfieldsPage Software Updates Using Windows§ HyperTerminal§ Press y for yes at the Continue with upgrade? promptIntel 7115 import upgrade Command import patch Connect the serial cable to the 7110/7115 auxiliary consoleTo send the uuencoded file use the ~ command Intel 7115import upgradeIntel 7115import patch Page Troubleshooting Intel 7115 set clienttmo Error message Intermediate See Global Site CertificatesError message Server SettingsThen use the nic command to force Different mediaFront Panel LEDsButtons and Switches Press to physically force bypass mode bypass 7110/7115Front Panel LEDs ProcessingSee Appendix B, Failure OverloadConnectors Enable 7110/7115 processing Failure/Bypass ModesFail-through Switch Security Level Bypass ButtonP E N D I X B Fail-through Switch Security Level Page Supported Ciphers Cipher StrengthSSL Version Level RC2 SSLv2 RC2128RC4-64 SSLv2 RC464Page Regulatory Information Taiwan Class a EMI StatementVcci Statement FCC Part 15 Compliance StatementCanada Compliance Statement Industry Canada CE Compliance StatementCispr 22 Statement Vcci Class a Japan AustraliaAvertissement Warnung Advertencias Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise Page Terms and Conditions and Software License END User Terms and Conditions of Sale and Software LicensePage P E N D I X E Page Year warranty Process of being installed Export Law Regulations Page Glossary Glossary-2 Glossary-3 Glossary-4 Support Services Worldwide Access to Technical SupportNorth America only Japan onlySupport-2 Intel NetStructure 7110/7115 e-Commerce Accelerator User Support-4 Index D E Index-3 Index-4