How to Use this Book | Intel A31032-001 guide

C H A P T E R 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide

How to Use this Book

The information in this book is organized as follows:

•Chapter 1: Introduction provides an introduction and overview of the 7110/7115, and a summary of new features.

•Chapter 2: Installation and Initial Configuration contains installation and initial configuration procedures. (This material is also discussed in the separate Quick Start Guide.)

•Chapter 3: Theory of Operation explains the general principles behind 7110/7115 operation.

•Chapter 4: Scenarios provides examples of 7110/7115 configurations, together with specific procedures for their implementation.

•Chapter 5: Command Reference explains the Command Line Interface (CLI), and lists the commands and their functions.

•Chapter 6: Remote Management details how you can use Telnet, Secure Shell (SSH), and SNMP to manage the 7110/7115 from remote locations.

•Chapter 7: Alarms and Monitoring explains the ways in which you can configure the device to report information to you, either routinely or as a result of abnormal events or conditions.

•Chapter 8: Software Updates provides procedures for obtaining 7110/7115 system software updates.

•Chapter 9: Troubleshooting is a table containing symptoms of problems you may encounter with corresponding likely causes and remedies.

•Appendix A: Front Panel diagrams and explains the 7110/7115’s front panel LEDs, buttons, and connections.

•Appendix B: Failure/Bypass Modes explains how the 7110/7115 deals with failure conditions and details the bypass function.

•Appendix C: Supported Ciphers lists the supported encryption ciphers.

•Appendix D: Regulatory Information provides information regarding the 7110/7115’s compliance with applicable regulations.

1-4

Image 14

Intel A31032-001 manual How to Use this Book

Contents

Intel NetStructure 7110/7115 e-Commerce Accelerator Version Copyright Trademarks Table of Contents Theory of Operation Scenarios Remote Management Alarms and Monitoring Troubleshooting Appendix a Front Panel List of Figures Xii Introduction About this User Guide New in This Release Remote Management Who Should Use this Book Before You Begin How to Use this Book Glossary defines terms appearing in this User Guide Page Installation and Initial Configuration Installing the 7110/7115 Free- Standing or in a Rack Rack Installation Free-Standing Installation Network Connections Network and Server LEDs Admin Terminal ConnectionStatus Check Inline LED HyperTerminal§ Paste Operations Server and Network LEDs TroubleshootingContinuing Configuration Single Server Acceleration Theory of OperationSecurity 7110/7115 in Single Server Configuration Multiple Servers Working with Internet Traffic Management ITM Devices Positioning 7110/7115 between ITM Device and Client Network Spilling and Throttling Positioning 7110/7115 between ITM Device and ServerScalability and Cascading Keys and Certificates Availability Cutting and Pasting with HyperTerminal§ Create a Certificate Signing Request ProcedureCreate a key Type the create key command at the prompt Intel 7115 create sign Asciix Enter Certificate REQUEST----- linesIntel 7115 export sign mywebserver Typically, the CSR will look something like this Enter Apache Interface to Open SSL§ modssl Save the configuration when the server has been mappedExporting a Key/Certificate from a Server Apache SSL§ Intel 7115 import key mywebserver Stronghold§Importing into the 7110/7115 Save the configuration when the server has been mapped Create a key as follows Enter the create cert command with the keyIDCreating a new Key/Certificate on the 7110/7115 Intel 7115 create cert mywebserver Global Site Certificates Overview Intel 7115 import cert keyID Global Site Certificate Paste ProcedureExample A P T E R Redirection Clients and Unsupported Ciphers Intel 7115 set redirect Intel 7115 show redirect Client AuthenticationTo disable a redirect URL for a mapping Intel 7115 set redirect 2 none Intel 7115 show redirect Next, import the client CA certificate for Map ID Intel 7115 import clientca Generate a certificate signing request Creating a Client CA Certificate using OpenSSL§Generate the client CA certificate Automapping SSL ProcessingMapping Deleting automapping entries Automapping with user-specified key and certificateAutomapping with multiple port combinations Manual mapping Use the show block command to verify Combining automapping and manual mapping Use show block to verify Subnet IP, Specific PortAll IPs, Specific Port Intel 7115 delete block Use the show block command to confirm the blockDelete a Block Failure Conditions, Fail-safe, and Fail-through Scenarios Syntax Scenario 1-Single Server Procedure for ScenarioManual Configuration Intel 7115delete map 1 Intel 7115list maps This scenario shows how to configure two or more servers Scenario 2-Multiple Servers ID KeyID Scenario 3-Multiple 7110/ 7115s, Cascaded Assumptions Intel 7115 export config Multiple Cascaded 7110/7115s After verification y or refusal n, the prompt reappears Save the configurationIntel 7115 import config To reverse this process Intel 7115set egressmac none Command Reference Online Help Command Line Prompt Command Line InterfaceUser Authentication Abbreviation to Uniqueness A P T E R Command Line Interface Moving the Insertion Point Input Editing CommandsCommand History Cut and Paste Command Summary Inline List Command Command Options ImportNic Password Reboot Command Command Options Set Command Command Options Show Status SetsnmpShowsnmp Ttychar Status Command Command ReferenceHelp Commands Delete key SSL CommandsCommand Description Create key Import key List keys Command Description Export keyShow key Import cert Command Description Create certDelete cert Export cert Displays all certificates Command Description Show certDisplay the expanded certificate including PEM format Set ciphers Show clientca Command Description Set redirectShow redirect Create sign Command Description Import clientcaDelete clientca Show sign keyID Command Description Delete signExport sign Display the default certificate creation information Command Description Set defcertIssuer e-mail address. You can change all, some or none Field Set clienttmo Command Description Set kstrengthShow kstrength Show clienttmo Client request is rejected Command Description Set servertmoDisplays the currently specified server timeout value Show servertmo Delete block Port Mapping CommandsCommand Definition Create block Show block Show permit Command Definition Create permitDelete permit Show map Command Definition Create mapDelete map mapID List maps Inline Operational CommandsCommand Description Bypass Command Description Set spill Show spill Maxremotesessions Remote Management CommandsCommand Description Set ip Set telnetport Command Description Set telnetShow telnet Show ssh Command Description Show telnetportSet ssh Set sshport Setsnmp snmpinfo Command Description Setsnmp snmpShowsnmp snmp Delete Snmp community strings CommandDescriptionSnmpcommunity List trapcommunity Command Description Setsnmp trapauthenTrapcommunity Delete trapcommunity Delete Snmp trap community strings Intel 7115 delete trapcommunity Show alarms Alarms and Monitoring CommandsCommand Description Set alarms Set rscwindow Set utlhighwater Command Description Show rscwindowSet utlwindow Show utlhighwater Command Description Set utllowwaterShow utlwindow Show utllowwater CommandDescription Show ovlwindow Intel 7115 show ovlwindow Display current volatile configuration settings Configuration CommandsCommand Description Show config Intel 7115 show config default Default configuration Config default Command Description Config compareConfig reset Config save Import config Command Description Export configConfiguration specifics are displayed Import a configuration file paste, xmodem, uudecode List system Command Description Import upgradeImport patch Command Description Factorydefault Returns to factory configuration settings Show info Administration CommandsCommand Description Password Set date Show ether Command Description Set egressmacSet ether Set idleto Set prompt Command Description Set moreNic Set serial Command Description Logging CommandsCommand Description Show serial Exit All deletes all logs Command Description Delete logDelete saved log/trace files from /flash/logs List logs Remote Management Overview Remote Management CLI Commands Limitations A P T E R Overview Remote Telnet Sessions Local Serial Console To display the Telnet port Remote Console, TelnetChanging the Telnet Port Unix-prompttelnet Remote SSh Sessions To verify Telnet disableEnable remote SSh sessions Disabling Telnet Remote Console, SSh Unix-promptssh -1 adminPasswordpassword Changing the SSh Port Disabling SSh To verify SSh disableIntel 7115 set ssh disable To display the SSh port Standards Compliance Intel MIB Tree Management Information Base-II MIB-II Intel Enterprise MIBs Where to find MIB FilesSupported MIBs Ceo-header.my Enterprise Private MIB Summary Following is a summary of the 7110/7115 private MIBPage Snmp ThrottlesPerSec Number of throttles per second Snmp Private Traps in ssl-appliance-mib.my Trap SummaryStandard Snmp Traps Enabling Snmp Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmpIntel 7115 setsnmp snmp disable Intel 7115 showsnmp snmp Specifying Snmp Information Intel 7115 showsnmp snmpinfo Community String Intel 7115 delete snmpcommunity Use CLI commands, setsnmp trapcommunity, list Trap Community String Access Control Page Alarms Monitoring CLI commands for alarm configuration are Set alarms All, esc, rsc, utl, ovl, nls None Show alarms Alarm Modifiers and Messages Alarm TypesESC Encryption Status Change Alarm For example RSC Refused SSL Connections RSC Alarm CLI CommandsTo set Overload Alarm time window Extended Data This alarm monitors three utilization threshold values UTL Utilization Threshold AlarmTo display Overload Alarm time window Intel 7115 set rscwindow Intel 7115 show rscwindow To set Utilization Threshold Alarm high-water value UTL Alarm CLI commandsTo set Utilization Threshold Alarm time window To set Utilization Threshold Alarm low-water value Intel 7115 set ovlwindow seconds Range OVL Overload AlarmOVL Alarm CLI Commands Intel 7115 set ovlwindow Intel 7115 show ovlwindow Alarm Logging NLS Network Link Status Alarm Intel 7115 status Respend Inline Ip 10.1.11.34 netmask Example, status alarms command Intel 7115 status alarms Monitoring Reports Report ConfigurationMonitoring Monitor report format Monitoring Reports CLI Commands Intel 7115 set monitoringfields Intel 7115 set monitoring enable Intel 7115 show monitoring Intel 7115 show monitoringfieldsPage Software Updates Intel 7115 import upgrade Using Windows§ HyperTerminal§Press y for yes at the Continue with upgrade? prompt Command import patch Connect the serial cable to the 7110/7115 auxiliary console To send the uuencoded file use the ~ command Intel 7115import upgrade Intel 7115import patch Page Troubleshooting Intel 7115 set clienttmo Error message Intermediate See Global Site Certificates Then use the nic command to force Error message ServerSettings Different media Front Panel LEDs Front Panel LEDs Buttons and SwitchesPress to physically force bypass mode bypass 7110/7115 Processing See Appendix B, Failure Overload Connectors Enable 7110/7115 processing Failure/Bypass Modes Fail-through Switch Security Level Bypass Button P E N D I X B Fail-through Switch Security Level Page Supported Ciphers Cipher Strength SSL Version Level RC4-64 SSLv2 RC2 SSLv2RC2128 RC464Page Regulatory Information Taiwan Class a EMI Statement Vcci Statement FCC Part 15 Compliance Statement Canada Compliance Statement Industry Canada CE Compliance Statement Cispr 22 Statement Vcci Class a Japan Australia Avertissement Warnung Advertencias Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise Page Terms and Conditions and Software License END User Terms and Conditions of Sale and Software LicensePage P E N D I X E Page Year warranty Process of being installed Export Law Regulations Page Glossary Glossary-2 Glossary-3 Glossary-4 North America only Support ServicesWorldwide Access to Technical Support Japan only Support-2 Intel NetStructure 7110/7115 e-Commerce Accelerator User Support-4 Index D E Index-3 Index-4