Intel NetStructure 7110/7115 e-Commerce Accelerator
Version
Copyright
Trademarks
Table of Contents
Theory of Operation
Scenarios
Remote Management
Alarms and Monitoring
Troubleshooting Appendix a Front Panel
List of Figures
Xii
Introduction
About this User Guide
New in This Release
Remote Management
Who Should Use this Book
Before You Begin
How to Use this Book
Glossary defines terms appearing in this User Guide
Page
Installation and Initial Configuration
Installing the 7110/7115 Free- Standing or in a Rack
Rack Installation
Free-Standing Installation
Network Connections
Admin Terminal Connection
Status Check
Network and Server LEDs
Inline LED
HyperTerminal§ Paste Operations
Continuing Configuration
Troubleshooting
Server and Network LEDs
Security
Theory of Operation
Single Server Acceleration
7110/7115 in Single Server Configuration
Multiple Servers
Working with Internet Traffic Management ITM Devices
Positioning 7110/7115 between ITM Device and Client Network
Scalability and Cascading
Positioning 7110/7115 between ITM Device and Server
Spilling and Throttling
Keys and Certificates
Availability
Cutting and Pasting with HyperTerminal§
Procedure
Create a key Type the create key command at the prompt
Create a Certificate Signing Request
Intel 7115 create sign
Intel 7115 export sign mywebserver
Certificate REQUEST----- lines
Asciix Enter
Typically, the CSR will look something like this
Enter
Exporting a Key/Certificate from a Server
Save the configuration when the server has been mapped
Apache Interface to Open SSL§ modssl
Apache SSL§
Importing into the 7110/7115
Stronghold§
Intel 7115 import key mywebserver
Save the configuration when the server has been mapped
Enter the create cert command with the keyID
Creating a new Key/Certificate on the 7110/7115
Create a key as follows
Intel 7115 create cert mywebserver
Global Site Certificates
Overview
Example
Global Site Certificate Paste Procedure
Intel 7115 import cert keyID
A P T E R Redirection Clients and Unsupported Ciphers
Intel 7115 set redirect
Client Authentication
To disable a redirect URL for a mapping
Intel 7115 show redirect
Intel 7115 set redirect 2 none Intel 7115 show redirect
Next, import the client CA certificate for Map ID
Intel 7115 import clientca
Generate the client CA certificate
Creating a Client CA Certificate using OpenSSL§
Generate a certificate signing request
Mapping
SSL Processing
Automapping
Automapping with user-specified key and certificate
Automapping with multiple port combinations
Deleting automapping entries
Manual mapping
Use the show block command to verify
Combining automapping and manual mapping
All IPs, Specific Port
Subnet IP, Specific Port
Use show block to verify
Delete a Block
Use the show block command to confirm the block
Intel 7115 delete block
Failure Conditions, Fail-safe, and Fail-through
Scenarios
Syntax
Manual Configuration
Procedure for Scenario
Scenario 1-Single Server
Intel 7115delete map 1 Intel 7115list maps
This scenario shows how to configure two or more servers
Scenario 2-Multiple Servers
ID KeyID
Scenario 3-Multiple 7110/ 7115s, Cascaded
Assumptions
Intel 7115 export config
Multiple Cascaded 7110/7115s
Intel 7115 import config
Save the configuration
After verification y or refusal n, the prompt reappears
To reverse this process
Intel 7115set egressmac none
Command Reference
Online Help
Command Line Interface
User Authentication
Command Line Prompt
Abbreviation to Uniqueness
A P T E R Command Line Interface
Command History
Input Editing Commands
Moving the Insertion Point
Cut and Paste
Command Summary
Nic Password Reboot
Command Command Options Import
Inline List
Command Command Options Set
Command Command Options Show
Setsnmp
Showsnmp
Status
Ttychar
Help Commands
Command Reference
Status Command
SSL Commands
Command Description Create key
Delete key
Import key
Show key
Command Description Export key
List keys
Command Description Create cert
Delete cert
Import cert
Export cert
Command Description Show cert
Display the expanded certificate including PEM format
Displays all certificates
Set ciphers
Show redirect
Command Description Set redirect
Show clientca
Delete clientca
Command Description Import clientca
Create sign
Export sign
Command Description Delete sign
Show sign keyID
Command Description Set defcert
Issuer e-mail address. You can change all, some or none
Display the default certificate creation information
Field
Command Description Set kstrength
Show kstrength
Set clienttmo
Show clienttmo
Command Description Set servertmo
Displays the currently specified server timeout value
Client request is rejected
Show servertmo
Port Mapping Commands
Command Definition Create block
Delete block
Show block
Delete permit
Command Definition Create permit
Show permit
Command Definition Create map
Delete map mapID
Show map
List maps
Command Description Bypass
Operational Commands
Inline
Command Description Set spill
Show spill
Command Description Set ip
Remote Management Commands
Maxremotesessions
Show telnet
Command Description Set telnet
Set telnetport
Command Description Show telnetport
Set ssh
Show ssh
Set sshport
Showsnmp snmp
Command Description Setsnmp snmp
Setsnmp snmpinfo
Snmpcommunity
CommandDescription
Delete Snmp community strings
Trapcommunity
Command Description Setsnmp trapauthen
List trapcommunity
Delete trapcommunity Delete Snmp trap community strings
Intel 7115 delete trapcommunity
Alarms and Monitoring Commands
Command Description Set alarms
Show alarms
Set rscwindow
Set utlwindow
Command Description Show rscwindow
Set utlhighwater
Command Description Set utllowwater
Show utlwindow
Show utlhighwater
Show utllowwater
CommandDescription Show ovlwindow
Intel 7115 show ovlwindow
Command Description Show config
Configuration Commands
Display current volatile configuration settings
Intel 7115 show config default Default configuration
Command Description Config compare
Config reset
Config default
Config save
Command Description Export config
Configuration specifics are displayed
Import config
Import a configuration file paste, xmodem, uudecode
Import patch
Command Description Import upgrade
List system
Command Description Factorydefault
Returns to factory configuration settings
Administration Commands
Command Description Password
Show info
Set date
Command Description Set egressmac
Set ether
Show ether
Set idleto
Command Description Set more
Nic
Set prompt
Set serial
Logging Commands
Command Description Show serial
Command Description
Exit
Command Description Delete log
Delete saved log/trace files from /flash/logs
All deletes all logs
List logs
Remote Management
Overview
Remote Management CLI Commands
Limitations
A P T E R Overview
Remote Telnet Sessions
Local Serial Console
Remote Console, Telnet
Changing the Telnet Port
To display the Telnet port
Unix-prompttelnet
To verify Telnet disable
Enable remote SSh sessions
Remote SSh Sessions
Disabling Telnet
Unix-promptssh -1 admin
Passwordpassword
Remote Console, SSh
Changing the SSh Port
To verify SSh disable
Intel 7115 set ssh disable
Disabling SSh
To display the SSh port
Standards Compliance
Intel MIB Tree
Where to find MIB Files
Supported MIBs
Management Information Base-II MIB-II Intel Enterprise MIBs
Ceo-header.my
Enterprise Private MIB Summary
Following is a summary of the 7110/7115 private MIB
Page
Snmp
ThrottlesPerSec Number of throttles per second
Snmp
Standard Snmp Traps
Trap Summary
Private Traps in ssl-appliance-mib.my
Intel 7115 setsnmp snmp disable Intel 7115 showsnmp snmp
Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmp
Enabling Snmp
Specifying Snmp Information
Intel 7115 showsnmp snmpinfo
Community String
Intel 7115 delete snmpcommunity
Use CLI commands, setsnmp trapcommunity, list
Trap Community String
Access Control
Page
Alarms Monitoring
CLI commands for alarm configuration are
Set alarms All, esc, rsc, utl, ovl, nls None Show alarms
Alarm Types
ESC Encryption Status Change Alarm
Alarm Modifiers and Messages
For example
RSC Alarm CLI Commands
To set Overload Alarm time window
RSC Refused SSL Connections
Extended Data
UTL Utilization Threshold Alarm
To display Overload Alarm time window
This alarm monitors three utilization threshold values
Intel 7115 set rscwindow Intel 7115 show rscwindow
UTL Alarm CLI commands
To set Utilization Threshold Alarm time window
To set Utilization Threshold Alarm high-water value
To set Utilization Threshold Alarm low-water value
OVL Overload Alarm
OVL Alarm CLI Commands
Intel 7115 set ovlwindow seconds Range
Intel 7115 set ovlwindow Intel 7115 show ovlwindow
Alarm Logging
NLS Network Link Status Alarm
Intel 7115 status
Respend Inline
Ip 10.1.11.34 netmask
Example, status alarms command
Intel 7115 status alarms
Report Configuration
Monitoring
Monitoring Reports
Monitor report format
Monitoring Reports CLI Commands
Intel 7115 set monitoringfields
Intel 7115 set monitoring enable Intel 7115 show monitoring
Intel 7115 show monitoringfields
Page
Software Updates
Press y for yes at the Continue with upgrade? prompt
Using Windows§ HyperTerminal§
Intel 7115 import upgrade
Command import patch
Connect the serial cable to the 7110/7115 auxiliary console
To send the uuencoded file use the ~ command
Intel 7115import upgrade
Intel 7115import patch
Page
Troubleshooting
Intel 7115 set clienttmo
Error message Intermediate
See Global Site Certificates
Error message Server
Settings
Then use the nic command to force
Different media
Front Panel
LEDs
Buttons and Switches
Press to physically force bypass mode bypass 7110/7115
Front Panel LEDs
Processing
See Appendix B, Failure
Overload
Connectors
Enable 7110/7115 processing
Failure/Bypass Modes
Fail-through Switch Security Level
Bypass Button
P E N D I X B Fail-through Switch Security Level
Page
Supported Ciphers
Cipher Strength
SSL Version Level
RC2 SSLv2
RC2128
RC4-64 SSLv2
RC464
Page
Regulatory Information
Taiwan Class a EMI Statement
Vcci Statement
FCC Part 15 Compliance Statement
Canada Compliance Statement Industry Canada
CE Compliance Statement
Cispr 22 Statement
Vcci Class a Japan Australia
Avertissement
Warnung
Advertencias
Wichtige Sicherheitshinweise
Wichtige Sicherheitshinweise
Page
Terms and Conditions and Software License
END User Terms and Conditions of Sale and Software License
Page
P E N D I X E
Page
Year warranty
Process of being installed
Export Law Regulations
Page
Glossary
Glossary-2
Glossary-3
Glossary-4
Support Services
Worldwide Access to Technical Support
North America only
Japan only
Support-2
Intel NetStructure 7110/7115 e-Commerce Accelerator User
Support-4
Index
D E
Index-3
Index-4