Cisco catalyst 6500 series Configuration Note
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. 6500 - Catalyst Series 10 Gigabit EN Interface Module...
  6. Configuration note
Cisco catalyst 6500 series Configuration Note

Cisco catalyst 6500 series Configuration Note

Content switching module
Hide thumbs Also See for catalyst 6500 series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Reference Manual
Catalyst 6500 Series Content Switching
Module Configuration Note
Software Release 3.2(1)
September, 2003
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-4612-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco catalyst 6500 series

Summary of Contents for Cisco catalyst 6500 series

  • Page 1 Catalyst 6500 Series Content Switching Module Configuration Note Software Release 3.2(1) September, 2003 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-4612-01...
  • Page 2 You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures: •...

  • Page 3: Software License Agreement

    (ii) the Software will substantially conform to its published specifications. The “Warranty Period means a period beginning on the date of Customer’s receipt of the Software and ending on the later of (a) ninety (90) days from the date of initial shipment of the Software by Cisco, or (b) the end of the minimum period required by the law of the applicable jurisdiction.
  • Page 4 State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect. Cisco hereby specifically disclaims the UN Convention on Contracts for the International Sale of Goods.
  • Page 5 Configuring the Single Subnet (Bridge) Mode Configuring the Secure (Router) Mode CSM Networking Topologies CSM Inline, MSFC Not Involved CSM Inline, MSFC on Server Side CSM Inline, MSFC on Client Side Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 6: Table Of Contents

    Configuring Server-Side VLANs Configuring Real Servers and Server Farms C H A P T E R Configuring Server Farms Configuring Real Servers Configuring Dynamic Feedback Protocol Configuring Client NAT Pools Configuring Server-Initiated Connections Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 7 RHI Overview Routing to VIP Addresses Without RHI Routing to VIP Addresses with RHI Understanding How the CSM Determines VIP Availability Understanding Propagation of VIP Availability Information Configuring RHI for Virtual Servers Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 8 Writing Health Scripts 10-5 Writing Standalone Scripts 10-8 Running TCL Scripts 10-8 Running Probe Scripts 10-8 Running Standalone TCL Scripts 10-9 Halting TCL Scripts 10-9 Configuring Scripts for Health Monitoring Probes 10-10 Catalyst 6500 Series Content Switching Module Configuration Note viii OL-4612-01...
  • Page 9 Direct Access to Servers in Router Mode A-10 Server-to-Server Load Balanced Connections A-12 Route Health Injection A-13 Server Names A-16 Backup Server Farm A-18 Balancing Based on the Source IP Address A-24 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 10 HTTP Redirect A-29 Troubleshooting and System Messages A P P E N D I X Troubleshooting System Messages CSM XML Document Type Definition A P P E N D I X Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 11 Note 6500 series and Catalyst 6000 series switches. This publication does not contain the instructions to install the Catalyst 6500 series switch chassis. For information on installing the switch chassis, refer to the Catalyst 6500 Series Switch Installation Guide. Note For translations of the warnings in this publication, see the “Safety Overview”...
  • Page 12 Information you must enter is in font. boldface screen boldface screen font italic screen font Arguments for which you supply values are in italic screen font. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 13 Timesaver. Cautions use the following conventions: Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Catalyst 6500 Series Content Switching Module Configuration Note xiii OL-4612-01...

  • Page 14: Safety Overview

    éviter les accidents. Pour prendre connaissance des traductions des avertissements figurant dans les consignes de sécurité traduites qui accompagnent cet appareil, référez-vous au numéro de l'instruction situé à la fin de chaque avertissement. CONSERVEZ CES INFORMATIONS Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 15 Al final de cada advertencia encontrará el número que le ayudará a encontrar el texto traducido en el apartado de traducciones que acompaña a este dispositivo. GUARDE ESTAS INSTRUCCIONES Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 16 Använd det nummer som finns i slutet av varje varning för att hitta dess översättning i de översatta säkerhetsvarningar som medföljer denna anordning. SPARA DESSA ANVISNINGAR Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 17: Related Documentation

    Release 12.1(8a)E3 Cisco IOS Configuration Guides and Command References—Use these publications to help you configure the Cisco IOS software that runs on the MSFC and on the MSM and ATM modules. Obtaining Documentation Cisco provides several ways to obtain documentation, technical assistance, and other technical resources.

  • Page 18: Ordering Documentation

    For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance.
  • Page 19 24 hours a day, 365 days a year. Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL: http://tools.cisco.com/RPF/register/register.do...

  • Page 20: Obtaining Additional Publications And Information

    Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL: http://www.ciscopress.com Packet magazine is the Cisco quarterly publication that provides the latest networking trends, •...

  • Page 21: Product Overview

    C H A P T E R Product Overview The Catalyst 6500 series Content Switching Module (CSM) provides high-performance server load balancing (SLB) among groups of servers, server farms, firewalls, caches, VPN termination devices, and other network devices, based on Layer 3 as well as Layer 4 through Layer 7 packet information.
  • Page 22 Provides the ability to manually add entries to the CSM ARP table. Static sticky entries The sticky table can be prepopulated with entries to force certain users to connect to specific servers. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 23 IP reassembly TCL (Toolkit Command Language) scripting XML configuration interface SNMP GSLB (Global Server Load Balancing)–requires a license Resource usage display Configurable idle and pending connection timeout Idle timeout for unidirectional flows Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 24 Transparent cache redirection Reverse proxy cache SSL off-loading VPN-Ipsec load balancing Generic IP devices and protocols Stickiness Cookie sticky with configurable offset and length SSL ID Source IP (configurable mask) HTTP redirection Redundancy Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 25: Front Panel Description

    Front Panel Description Figure 1-1 shows the CSM front panel. Figure 1-1 Content Switching Module Front Panel Status RJ-45 (Test) connector The RJ-45 connector is covered by a removable plate. Note Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 26: Status Led

    The Status LED indicates the supervisor engine operations and the initialization results. During the normal initialization sequence, the status LED changes from off to red, orange, and green. For more information on the supervisor engine LEDs, refer to the Catalyst 6500 Series Switch Module Note Installation Guide.
  • Page 27 Single subnet (bridge) mode and secure (router) mode can coexist in the same CSM with multiple VLANs. Figure 1-2 Content Switching Module and Servers Catalyst 6500 chassis Router Content 4 gigabit Switching services Internet fabric gateway Internet Content provider Client Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 28: Traffic Flow

    X server. If the NAT server option is disabled, the VIP address remains unchanged (dispatch mode). The CSM performs Network Address Translation (NAT) and eventually TCP sequence numbers translation. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 29 Configuring the Single Subnet (Bridge) Mode In the single subnet (bridge) mode configuration, the client-side and server-side VLANs are on the same subnets. Figure 2-1 shows how the single subnet (bridge) mode configuration is set up. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 30 Router(config-slb-vlan-client)# ip addr 192.158.38.10 255.255.255.0 Step 7 Defines the client-side VLAN gateway to Router A. Router(config-slb-vlan-client)# gateway 192.158.38.20 Step 8 Defines the client-side VLAN gateway to Router B. Router(config-slb-vlan-client)# gateway 192.158.38.21 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 31: Vlan Mode

    This step assumes that the server farm has already been configured. (See the “Configuring Server Farms” section on page 5-1.) Note Set the server’s default routes to Router A’s gateway (192.158.38.20) or Router B’s gateway (192.158.38.21). Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 32 Set the server’s default routes to the CSM’s IP address (192.158.39.10). CSM Networking Topologies This section describes CSM networking topologies and contains these sections: • CSM Inline, MSFC Not Involved, page 2-5 CSM Inline, MSFC on Server Side, page 2-5 • Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 33 Server-to-server load-balanced connections always require secure NAT (SNAT). • The CSM must use static routes to the upstream router (default gateway). • Routing protocols can be used in the back end. • • Layer 2-rewrite is not possible. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 34: Csm In Aggregate Mode

    The CSM is not inline and the module does not see unnecessary traffic. Easy routing and CSM configuration. • Requires PBR or client SNAT because return traffic is required. • Server-to-server load-balanced connections always require SNAT. • Layer 2-rewrite is not possible. • Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 35: Direct Server Return

    Static routes are configured with the route keyword from within a client or server VLAN configuration submode of configuration. See Chapter 4, “Configuring VLANs.” Static routes are very useful when some servers are not Layer 2 adjacent. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 36: Protecting Against Denial-Of-Service Attacks

    This feature is configurable on a per-virtual server basis, and allows you to time out established connections that have not been passing traffic for longer than an interval configured on a timer. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 37 TCP connections before load balancing those connections to the real servers. This configuration allows you to take advantage of all the CSM DoS features located in Layer 4 load balancing environments. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 38 Chapter 2 Networking with the Content Switching Module Protecting Against Denial-of-Service Attacks Catalyst 6500 Series Content Switching Module Configuration Note 2-10 OL-4612-01...

  • Page 39: Chapter 3 Getting Started

    The CSM is supported on switches running both the Catalyst operating system on the supervisor engine and Cisco IOS on the MSFC. The CSM is also supported on switches running Cisco IOS on both the supervisor engine and the MSFC.
  • Page 40 Configure VLANs on the Catalyst 6500 series switch before you configure VLANs for the CSM. • VLAN IDs must be the same for the switch and the module. Refer to the Catalyst 6500 Series Software Configuration Guide for details. This example shows how to configure VLANs: Router# configure terminal Enter configuration commands, one per line.

  • Page 41: Using The Command-Line Interface

    IOS Software Configuration Guide. Configuring SLB Modes Server load balancing on the Catalyst 6500 series switch can be configured to operate in two modes: the routed processor (RP) mode and the CSM mode. The switch configuration does not affect CSM operation.

  • Page 42: Mode Command Syntax

    NAT for server initiated connections sticky configure a sticky group variable configure an environment variable vlan configure a vlan vserver configure an SLB virtual server xml-config settings for configuration via XML Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 43: Migrating Between Modes

    CSM to RP using the ip slb mode command. If a CSM configuration exists, you are prompted for the slot number. You can migrate from an RP mode configuration to CSM mode configuration on the Catalyst 6500 series switch. You can migrate manually only from a Cisco IOS SLB configuration to a CSM configuration.

  • Page 44: Rp Mode

    Beginning with CSM software release 2.1, the RP mode is the recommended mode when configuring the CSM. While in this mode, all the commands apply to Cisco IOS SLB and not to a CSM in the chassis. These commands begin with ip slb.

  • Page 45: Changing Modes

    % Enter slot number for CSM module configuration, 0 for none [5]: 5 % Please save the configuration and reload. Cat6k(config)# end Cat6k# write Building configuration... Cat6k# reload Proceed with reload? [confirm] y Verify Mode Operation Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 46: Verifying The Configuration

    SLB server farm vserver configure an SLB virtual server To confirm that you configuration is working properly, use these commands in the Cisco IOS SLB mode: Cat6k(config)# module csm 5 Cat6k(config-module-csm)# ? SLB CSM module config default...

  • Page 47: Configuration Overview

    IP address Policy configurations sticky GROUP TYPE If the server farm needs to be selected based on Layer 7 information or source IP Virtual servers configurations vserver NAME Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 48 • Configuring TCL Scripts, page 10-1 • Configuring Stealth Firewall Load Balancing, page 11-7 • • Configuring Regular Firewall Load Balancing, page 11-16 • Configuring Reverse-Sticky for Firewalls, page 11-24 Catalyst 6500 Series Content Switching Module Configuration Note 3-10 OL-4612-01...

  • Page 49: Upgrading To A New Software Release

    When upgrading to a new software release, you must upgrade the CSM image before upgrading the Note Cisco IOS image. Failure to do so causes the supervisor engine not to recognize the CSM. In this case, you would have to downgrade the Cisco IOS image, upgrade the CSM image, and then upgrade the Cisco IOS image.

  • Page 50: Upgrading From A Pcmcia Card

    0, and the RP is numbered processor 1. If the supervisor engine 720 is in slot 1, the upgrade takes place from IP address 127.0.0.11 (X = slot1, Y = processor 1). Step 4 Close the session to the CSM, and return to the Cisco IOS prompt: CSM> exit Step 5...
  • Page 51 Upgrading to a New Software Release Reboot the CSM by power cycling the CSM or by entering the following commands on the supervisor Step 5 engine console: Router# hw-module module csm-slot-number reset Catalyst 6500 Series Content Switching Module Configuration Note 3-13 OL-4612-01...

  • Page 52: Upgrading From An External Tftp Server

    Step 9 CSM> upgrade TFTP-server-IP-address c6slb-apc.rev-number.bin Step 10 Close the session to the CSM and return to the Cisco IOS prompt: CSM> exit Reboot the CSM by power cycling the CSM or by entering the following commands on the supervisor...

  • Page 53: Chapter 4 Configuring Vlans

    Configuring Client-Side VLANs, page 4-2 • Configuring Server-Side VLANs, page 4-3 • When you install the CSM in a Catalyst 6500 series switch, you need to configure client-side and server-side VLANs. (See Figure 4-1.) Client-side or a server-side VLAN terminology logically distinguishes the VLANs facing the client-side and the VLANs connecting to the servers or destination devices.

  • Page 54: Configuring Client-Side Vlans

    Enter the exit command to leave a mode or submode. Enter the end command to return to the menu’s top level. The no form of this command restores the defaults. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 55: Configuring Server-Side Vlans

    This example shows how to configure the CSM for server-side VLANs: Router(config-module-csm)# vlan 150 server Router(config-slb-vlan-server)# ip addr 123.46.50.6 255.255.255.0 Router(config-slb-vlan-server)# alias 123.60.7.6 255.255.255.0 Router(config-slb-vlan-server)# route 123.50.0.0 255.255.0.0 gateway 123.44.50.1 Router(config-slb-vlan-server)# exit Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 56 Chapter 4 Configuring VLANs Configuring Server-Side VLANs Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 57: Configuring Server Farms

    Step 2 Configures the load-balancing prediction Router(config-slb-sfarm)# predictor [roundrobin | leastconns | hash url | hash algorithm . If not specified, the default is address [source | destination] [ip-netmask] | roundrobin. forward]] Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 58: Configuring Real Servers

    You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the server farm mode where you are adding the real server. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 59 This example shows how to create real servers: Router(config-module-csm)# serverfarm serverfarm Router(config-slb-sfarm)# real 10.8.0.7 Router(config-slb-real)# inservice Router(config-slb-sfarm)# real 10.8.0.8 Router(config-slb-real)# inservice Router(config-slb-sfarm)# real 10.8.0.9 Router(config-slb-real)# inservice Router(config-slb-sfarm)# real 10.8.0.10 Router(config-slb-real)# inservice Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 60: Configuring Dynamic Feedback Protocol

    A DFP agent may be on any host machine. A DFP agent is independent of the IP addresses and port Note numbers of the real servers that are managed by the agent. DFP Manager is responsible for establishing the connections with DFP agents and receiving load vectors from DFP agents. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 61: Configuring Client Nat Pools

    The no form of this command restores the defaults. This example shows how to configure client NAT pools: Router(config)# natpool pool1 102.36.445.2 102.36.16.8 netmask 255.255.255.0 Router(config)# serverfarm farm1 Router(config-slb-sfarm)# nat client pool1 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 62: Configuring Server-Initiated Connections

    To configure URL hashing as a load-balancing predictor for a server farm, perform this task: Command Purpose Configures the URL hashing and load-balancing predictor for a Router(config-slb-sfarm)# predictor hash url server farm. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 63: Configuring Beginning And Ending Patterns

    Hashing occurs at the start of the beginning pattern and goes to the ending pattern. For example, in the following URL, if the beginning pattern is c&k=, and the ending pattern is &, only the substring c&k=c is hashed: http://quote.yahoo.com/q?s=csco&d=c&k=c1&t=2y&a=v&p=s&l=on&z=m&q=l\ Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 64 This example shows how to configure beginning and ending patterns for URL hashing: Router(config-module-csm)# Router(config-module-csm)# vserver vs1 Router(config-slb-vserver)# virtual 10.1.0.81 tcp 80 Router(config-slb-vserver)# url-hash begin-pattern c&k= end-pattern & Router(config-slb-vserver)# serverfarm farm1 Router(config-slb-vserver)# inservice Router(config-slb-vserver)# Router(config-slb-vserver)# exit Router(config-module-csm)# exit Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 65: Configuring Virtual Servers

    CSM. You can limit the number of connections going through the CSM Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 66 (Optional) Restricts which clients are allowed to use Router(config-slb-vserver)# client ip-address network-mask [exclude] the virtual server Step 9 (Optional) Associates one or more content switching Router(config-slb-vserver)# slb-policy policy-name policies with a virtual server Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 67 Router(config-slb-sfarm)# real 10.1.0.106 Router(config-slb-real)# inservice Router(config-slb-real)# Router(config-slb-real)# serverfarm bosco Router(config-slb-sfarm)# real 10.1.0.107 Router(config-slb-real)# inservice Router(config-slb-real)# Router(config-slb-real)# policy pc1 Router(config-slb-policy)# serverfarm bar1 Router(config-slb-policy)# url-map map3 Router(config-slb-policy)# exit Router(config-module-csm)# Router(config-module-csm)# policy pc2 Router(config-slb-policy)# serverfarm bar2 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 68: Configuring Tcp Parameters

    When enabling TCP splicing, you must designate a virtual server as a Layer 7 device even when it does not have a Layer 7 policy. This option is only valid for the TCP protocol. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 69: Configuring Redirect Virtual Servers

    CLIENTNAT redirect-vserver REDVS1 webhost relocation 10.86.213.216 virtual 10.86.213.216 tcp www inservice real 10.86.213.193 redirect-vserver REDVS1 inservice probe TEST-TCP vserver REDVS virtual 10.86.213.212 tcp www serverfarm REDIR-FARM persistent rebalance Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 70 10.86.213.178 9991. serverfarm SF1-REDIR nat server nat client CLIENT-NAT redirect-vserver VS1 webhost relocation 10.86.213.178:9991 webhost backup test.url.com virtual 10.86.213.178 tcp 9991 inservice real 10.86.213.188 8881 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 71 Step 6 Router(config-redirect-v)# client ip-ad- Configures the combination of the IP address and dress network-mask [exclude] network mask used to restrict which clients are allowed to access the redirect virtual server Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 72: Configuring Maps

    Enter the exit command to leave a mode or submode. Enter the end command to return to the menu’s top level. The no form of this command restores the defaults. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 73 This example shows how to configure maps and associate them with a policy: Router(config-module-csm)# serverfarm pl_url_url_1 Router(config-slb-sfarm)# real 10.8.0.26 Router(config-slb-real)# inservice Router(config-slb-real)# exit Router(config-slb-sfarm)# exit Router(config-slb-policy)# serverfarm pl_url_url_1 Router(config-slb-policy)# url-map url_1 Router(config-slb-policy)# exit Router(config-module-csm)# serverfarm pl_url_url_2 Router(config-slb-sfarm)# real 10.8.0.27 Router(config-slb-real)# inservice Router(config-slb-real)# exit Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 74 To configure HTTP return error code checking, perform this task: Command Purpose Configures HTTP return error code checking. Router(config-slb-sfarm)# retcode-map name_of_map For more information about return code maps, see the “Configuring HTTP Return Code Checking” section on page 9-8. Catalyst 6500 Series Content Switching Module Configuration Note 6-10 OL-4612-01...

  • Page 75: Configuring Policies

    Enter the exit command to leave a mode or submode. Enter the end command to return to the menu’s top level. The no form of this command restores the defaults. Catalyst 6500 Series Content Switching Module Configuration Note 6-11 OL-4612-01...

  • Page 76: Configuring Generic Header Parsing

    Specifying Header Fields and Match Values, page 6-14 • Assigning an HTTP Header Map to a Policy, page 6-14 • Assigning the Policy to a Virtual Server, page 6-15 • Catalyst 6500 Series Content Switching Module Configuration Note 6-12 OL-4612-01...

  • Page 77: Creating A Map For The Http Header

    Using the map command, you create a map group with the type HTTP header. When you enter the map command, you are placed in a submode where you can specify the header fields and values for CSM to search for in the request. Catalyst 6500 Series Content Switching Module Configuration Note 6-13 OL-4612-01...

  • Page 78: Specifying Header Fields And Match Values

    By default, a policy rule can be satisfied with any HTTP header information. The HTTP URL and HTTP cookie are specific types of header information and are handled separately by the CSM. Catalyst 6500 Series Content Switching Module Configuration Note 6-14...

  • Page 79: Assigning The Policy To A Virtual Server

    Router(config-slb-policy)# header-map map2 Router(config-slb-policy)# exit Router(config-module-csm)# !!! config vserver Router(config-module-csm)# vserver vs2 Router(config-slb-vserver)# virtual 10.1.0.82 tcp 80 Router(config-slb-vserver)# slb-policy pc2 Router(config-slb-vserver)# inservice Router(config-slb-vserver)# end Router(config)# show module csm 2 map det Catalyst 6500 Series Content Switching Module Configuration Note 6-15 OL-4612-01...
  • Page 80 Chapter 6 Configuring Virtual Servers, Maps, and Policies Configuring Generic Header Parsing Catalyst 6500 Series Content Switching Module Configuration Note 6-16 OL-4612-01...

  • Page 81: Chapter 7 Configuring Redundant Connections

    This section describes a fault-tolerant configuration. In this configuration, two separate Catalyst 6500 series chassis each contain a CSM. You can also create a fault-tolerant configuration with two CSMs in a single Catalyst 6500 series Note chassis. You also can create a fault-tolerant configuration in either the secure (router) mode or nonsecure (bridge) mode.
  • Page 82 Connection redundancy by configuring a link that has a 1-GB per-second capacity. Enable the • calendar in the switch Cisco IOS software so that the CSM state change gets stamped with the correct time. The following command enables the calendar:...
  • Page 83 VLAN 2. Step 3 (Optional) Defines the client-side VLAN gateway Router(config-slb-vlan-client)# gateway 192.158.38.20 for an HSRP-enabled gateway. Step 4 Creates a virtual server and enters the SLB vserver Router(config-module-csm)# vserver vip1 mode. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 84 Assigns the CSM IP address on VLAN 3. Router(config-slb-vserver)# ip addr 192.158.39.30 255.255.255.0 Step 9 Assigns the default route for VLAN 2. Router(config-slb-vserver)# alias 192.158.39.20 255.255.255.0 Step 10 Defines VLAN 9 as a fault-tolerant VLAN. Router(config-module-csm) vlan 9 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 85: Configuring Hsrp

    HSRP Configuration Overview Figure 7-2 shows that two Catalyst 6500 series switches, Switch 1 and Switch 2, are configured to route from a client-side network (10.100/16) to an internal CSM client network (10.6/16, VLAN 136) through an HSRP gateway (10.100.0.1). The configuration shows the following: The client-side network is assigned an HSRP group ID of HSRP ID 2.

  • Page 86: Creating The Hsrp Gateway

    To create an HSRP gateway, follow these steps: Configure Switch 1—FT1 (HSRP active) as follows: Step 1 Router(config)# interface FastEthernet3/6 Router(config)# ip address 10.100.0.2 255.255.0.0 Router(config)# standby 2 priority 110 preempt Router(config)# standby 2 ip 10.100.0.1 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 87: Creating Fault-Tolerant Hsrp Configurations

    Router(config-module-csm)# vlan 136 client Router(config-slb-vlan-client)# ip address 10.6.0.246 255.255.0.0 Router(config-slb-vlan-client)# gateway 10.6.0.1 Router(config-slb-vlan-client)# exit Router(config-module-csm)# vlan 272 server Router(config-slb-vlan-server)# ip address 10.5.0.3 255.255.0.0 Router(config-slb-vlan-server)# alias 10.5.0.1 255.255.0.0 Router(config-slb-vlan-server)# exit Router(config-module-csm)# vlan 71 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 88: Configuring Connection Redundancy

    Router# configure terminal Step 2 Removes IGMP snooping from the configuration. Router(config)# no ip igmp snooping Step 3 Identifies a virtual server and enters the virtual server submode. Router(config-module-csm)# vserver virtserver-name Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 89: Configuring A Hitless Upgrade

    If you have preempt enabled, turn it off. Perform a write memory on standby. Step 2 Upgrade the standby system with the new release, and then reboot the CSM. Step 3 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 90 Reboot the active CSM. When the active CSM reboots, the standby CSM becomes the new active CSM and takes over the service responsibility. Step 6 The rebooted CSM comes up as standby. Catalyst 6500 Series Content Switching Module Configuration Note 7-10 OL-4612-01...

  • Page 91: Configuring Sticky Groups

    This example shows how to configure a sticky group and associate it with a policy: Router(config-module-csm)# sticky 1 cookie foo timeout 100 Router(config-module-csm)# serverfarm pl_stick Router(config-slb-sfarm)# real 10.8.0.18 Router(config-slb-real)# inservice Router(config-slb-sfarm)# real 10.8.0.19 Router(config-slb-real)# inservice Router(config-slb-real)# exit Router(config-slb-sfarm)# exit Router(config-module-csm)# policy policy_sticky_ck Router(config-slb-policy)# serverfarm pl_stick Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 92: Configuring Route Health Injection

    On power-up with RHI enabled, the CSM sends a message to the MSFC as each VIP address becomes available. The MSFC periodically propagates the VIP address availability information that RHI provides. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 93: Understanding How The Csm Determines Vip Availability

    Identifies server farms that are reachable (have at least one reachable real server) • Identifies virtual servers that are reachable (have at least one reachable server farm) • Identifies VIPs that are reachable (have at least one reachable virtual server) • Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 94: Understanding Propagation Of Vip Availability Information

    Note For RHI to work on the CSM, the MSFC in the chassis in which the CSM resides must run Cisco IOS Release 12.1.7(E) or later and must be configured as the client-side router. Configuring RHI for Virtual Servers To configure RHI for the virtual servers, follow these steps: Verify that you have configured VLANs.
  • Page 95 Count of ARP attempts before flagging a host as down Name:ARP_LEARN_MODE Rights:RW Value:1 Default:1 Valid values:Integer (0 to 1) Description: Indicates whether CSM learns MAC address on responses only (0) or all traffic (1) Name:ARP_REPLY_FOR_NO_INSERVICE_VIP Rights:RW Value:0 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 96 Multiply the configured max-parse-len by this amount Name:NAT_CLIENT_HASH_SOURCE_PORT Rights:RW Value:0 Default:0 Valid values:Integer (0 to 1) Description: Whether to use the source port to pick client NAT IP address Name:ROUTE_UNKNOWN_FLOW_PKTS Rights:RW Value:0 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 97 Valid values:String (1 to 5 chars) Description: If "true" respond to ICMP probes regardless of vserver state Name:XML_CONFIG_AUTH_TYPE Rights:RW Value:Basic Default:Basic Valid values:String (5 to 6 chars) Description: HTTP authentication type for xml-config:Basic or Digest Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 98: Configuring Persistent Connections

    By downloading or installing the software, you are consenting to be bound by the license agreement. If Note you do not agree to all of the terms of this license, then do not download, install, or use the software. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 99: Using The Gslb Advanced Feature Set Option

    Reboots your CSM to activate changes. Router#:hw-module slot number reset 1. GSLB requires a separately purchased license. To purchase your GSLB license, contact your Cisco representative. Configuring GSLB Global Server Load Balancing (GSLB) performs load balancing between multiple, dispersed hosting sites by directing client connections through DNS to different server farms and real servers based on load availability.
  • Page 100 Step 4 Enables the virtual server for load balancing. Router(config-slb-vserver)# inservice Step 5 Identifies a virtual server for GSLB, and enters the virtual server Router(config-module-csm)# vserver virtserver-name dns submode. Catalyst 6500 Series Content Switching Module Configuration Note 8-10 OL-4612-01...
  • Page 101 [ ip-mask ] protocol port-number [service ftp] Step 23 Associates a server farm with the virtual server. Router(config-slb-vserver)# serverfarm serverfarm-name Step 24 Enables the virtual server for load balancing. Router(config-slb-vserver)# inservice Catalyst 6500 Series Content Switching Module Configuration Note 8-11 OL-4612-01...
  • Page 102 Router(config-slb-real)# exit Router(config-slb-sfarm)# exit Router(config-module-csm)# vserver WEB Router(config-slb-vserver)# virtual 20.20.20.20 tcp www Router(config-slb-vserver)#s erverfarm WEBFARM Router(config-slb-vserver)# inservice On CSM 3: Router(config-module-csm)# serverfarm WEBFARM Router(config-slb-sfarm)# predictor round-robin Router(config-slb-sfarm)# real 5.5.5.5 Router(config-slb-real)# inservice Catalyst 6500 Series Content Switching Module Configuration Note 8-12 OL-4612-01...

  • Page 103: Configuring Network Management

    With XML, you can configure the CSM using a Document Type Definition or DTD. Refer to Appendix C, “CSM XML Document Type Definition” for a sample of an XML DTD. Catalyst 6500 Series Content Switching Module Configuration Note 8-13 OL-4612-01...
  • Page 104 Forbidden (illegal credentials submitted, syslog also generated) Not Found (“/xml-config” not specified) Request Time-out (more than 30 seconds has passed waiting on receive) Missing Content-Length (missing or zero Content-Length field) Internal Server Error Catalyst 6500 Series Content Switching Module Configuration Note 8-14 OL-4612-01...
  • Page 105 IP address. Because the master copy of the configuration must be stored in Cisco IOS, as it is with the command line interface, when XML configuration requests are received by the CSM, these requests must be sent to the supervisor engine.
  • Page 106 = 0x0100, XML_ERR_ELEM_CONTEXT = 0x0200, XML_ERR_IOS_PARSER = 0x0400, XML_ERR_IOS_MODULE_IN_USE = 0x0800, XML_ERR_IOS_WRONG_MODULE = 0x1000, XML_ERR_IOS_CONFIG = 0x2000 The default error_tolerance value is 0x48, which corresponds to ignoring unrecognized attributes and elements. Catalyst 6500 Series Content Switching Module Configuration Note 8-16 OL-4612-01...

  • Page 107: Chapter 9 Configuring Health Monitoring

    Catastrophic errors may be reset (RST) from the server or no response from a server. These health checks operate at a full-session rate, and recognize failing servers quickly. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 108 Router# show module csm slot probe Step 4 Displays probe statistics. Router# show module csm slot tech-support probe The no form of this command removes the probe type from the configuration. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 109: Probe Configuration Commands

    Range = 2–65535 seconds Default = 120 seconds Sets the number of failed probes that are allowed before marking Router(config-slb-probe)# retries retry-count the server as failed Range = 0–65535 Default = 3 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 110: Configuring An Http Probe

    If no maximum is specified, this command takes Note a single number (min-number). If you specify both a minimum number and a maximum number, it takes the range of numbers. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 111: Configuring An Icmp Probe

    A TCP probe establishes and removes connections. The probe tcp command enters the TCP probe configuration mode. All the common probe commands are supported. To configure a TCP probe, perform this task: Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 112: Configuring Ftp, Smtp, And Telnet Probes

    A DNS probe sends a domain name resolve request to the real server and verifies the returned IP address. The probe dns command places the user in DNS probe configuration submode. All the probe common options are supported except open, which is ignored. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 113: Configuring Inband Health Monitoring

    “Configuring Server Farms” section on Step 1 page 5-1.) Step 2 Enter the serverfarm submode command to enable inband health monitoring for each server farm: Router(config-module-csm)# serverfarm serverfarm-name Router(config-slb-sfarm)# health retries count failed seconds Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 114: Configuring Http Return Code Checking

    When you configure HTTP return code checking on a virtual server, the performance of that virtual Note server is impacted. Once return code parsing is enabled, all HTTP server responses must be parsed for return codes. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 115: Configuring Http Return Code Checking

    Route(config-slb-map-retcode)# match protocol http retcode 500 500 action remove 3 reset 0 Route(config-slb-map-retcode)# match protocol http retcode 503 503 action remove 3 reset 0 Route(config-slb-map-retcode)# exit Router(config-module-csm)# serverfarm farm1 Router(config-slb-sfarm)# retcode-map httpcodes Router(config-slb-sfarm)# exit Router(config-module-csm)# end Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 116 Chapter 9 Configuring Health Monitoring Configuring HTTP Return Code Checking Catalyst 6500 Series Content Switching Module Configuration Note 9-10 OL-4612-01...

  • Page 117: Chapter 10 Configuring Csm Scripts

    CSM configuration. For your convenience, sample scripts are available to support the TCL feature. Other custom scripts will work, but these sample scripts are supported by Cisco TAC. The file with sample scripts is located at this URL: http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-intellother...

  • Page 118: Loading Scripts

    After a script is loaded it remains in the system and cannot be removed. You can modify a script by • changing a script, and then by entering the no script file and script file commands again. Catalyst 6500 Series Content Switching Module Configuration Note 10-2 OL-4612-01...

  • Page 119: Writing Tcl Scripts

    [script] writable [script] udp info handle udp open [port] udp receive handle udp send handle [host port] message CSM-Specific Commands ping enable real disable real Catalyst 6500 Series Content Switching Module Configuration Note 10-3 OL-4612-01...

  • Page 120: Udp Commands

    UDP handle. The result is a list containing the source IP address, the source port, the destination IP address and the destination port. Catalyst 6500 Series Content Switching Module Configuration Note 10-4 OL-4612-01...

  • Page 121: Writing Health Scripts

    # In this example any other status code means failure. # User must do exit 5001 when a probe has failed. if { $status == 200 } { exit 5000 } else { exit 5001 Catalyst 6500 Series Content Switching Module Configuration Note 10-5 OL-4612-01...
  • Page 122 IP addresses of the suspect during any particular launch of the script. Table 10-5 lists the members of the csm_env array. Catalyst 6500 Series Content Switching Module Configuration Note 10-6 OL-4612-01...
  • Page 123 Current suspect health status You can use the new probe probe-name script command for creating a script probe in Cisco IOS. This command enters a probe submode that is similar to the existing CSM health probe submodes (such as HTTP, TCP, DNS, SMTP, etc.).

  • Page 124: Writing Standalone Scripts

    If a script file is subsequently modified, use the script file command to reload the script file and enable the changes on the CSM. (Refer to the Catalyst 6500 Series Content Switching Module Command Reference for more information.) The no script file command removes the script file command from the running configuration.

  • Page 125: Running Standalone Tcl Scripts

    To stop the script task, enter the no script task id command. The task object will be available for troubleshooting and status even after the task finishes executing. If you need to rerun the same script again, you must do the following: Catalyst 6500 Series Content Switching Module Configuration Note 10-9 OL-4612-01...

  • Page 126: Configuring Scripts For Health Monitoring Probes

    Probe scripts test the health of a real server by creating a network connection to the server, sending data to the server, and checking the response. The flexibility of this TCL scripting environment makes the available probing functions possible. Catalyst 6500 Series Content Switching Module Configuration Note 10-10 OL-4612-01...
  • Page 127 Runs the script as a stand alone task one time. Router(config-module-csm)# script task id script name Step 4 Displays all started script tasks. Router(config-module-csm)# show module csm slot script task Catalyst 6500 Series Content Switching Module Configuration Note 10-11 OL-4612-01...
  • Page 128 Chapter 10 Configuring CSM Scripts Configuring Scripts for Health Monitoring Probes Catalyst 6500 Series Content Switching Module Configuration Note 10-12 OL-4612-01...

  • Page 129: Understanding How Firewalls Work

    Layer 3 Load Balancing to Firewalls, page 11-2 • Types of Firewall Configurations, page 11-3 • IP Reverse-Sticky for Firewalls, page 11-3 • • CSM Firewall Configurations, page 11-3 Fault-Tolerant CSM Firewall Configurations, page 11-6 • Catalyst 6500 Series Content Switching Module Configuration Note 11-1 OL-4612-01...

  • Page 130: Firewalls Types

    Create a server farm for each side of the firewall. In serverfarm submode, enter the predictor hash address command. Step 2 Assign that server farm to the virtual server that accepts traffic destined for the firewalls. Step 3 Catalyst 6500 Series Content Switching Module Configuration Note 11-2 OL-4612-01...

  • Page 131: Types Of Firewall Configurations

    VLANs 15, 16, and 17 through firewalls to CSM A. CSM A uses the VLAN aliases of CSM B in its server farm, and CSM B uses the VLAN aliases of CSM A in its server farm. Catalyst 6500 Series Content Switching Module Configuration Note 11-3...
  • Page 132 11-3, traffic moves through the firewalls and is filtered in both directions. The figure shows only the flow from the Internet to the intranet, and VLANs 11 and 111 are on the same subnet. VLANs 12 and 112 are on the same subnet. Catalyst 6500 Series Content Switching Module Configuration Note 11-4 OL-4612-01...
  • Page 133 CSM A and CSM B. On the path to the intranet, CSM A balances traffic across VLANs 5, 6, and 7 through firewalls to CSM B. On the path to the intranet, CSM B balances traffic across VLANs 5, 6, and 7 through firewalls to CSM A. Catalyst 6500 Series Content Switching Module Configuration Note 11-5 OL-4612-01...

  • Page 134: Fault-Tolerant Csm Firewall Configurations

    Internet to the intranet through the primary CSMs, and VLANs 11 and 111 are on the same subnet. VLANs 12 and 112 are on the same subnet. Catalyst 6500 Series Content Switching Module Configuration Note 11-6...

  • Page 135: Configuring Stealth Firewall Load Balancing

    Stealth Firewall Configuration In a stealth firewall configuration, firewalls connect to two different VLANs and are configured with IP addresses on the VLANs to which they connect. (See Figure 11-6.) Catalyst 6500 Series Content Switching Module Configuration Note 11-7 OL-4612-01...

  • Page 136: Stealth Firewall Configuration Example

    Catalyst 6500 series switches. Note In a stealth firewall configuration, each CSM must be installed in a separate Catalyst 6500 series switch. This section describes how to create the stealth firewall configuration for CSM A and CSM B. Catalyst 6500 Series Content Switching Module Configuration Note...

  • Page 137: Configuring Csm A (Stealth Firewall Example)

    Switch-A(config-module-csm)# vlan 101 server configured, identifies it as a server VLAN, and enters VLAN configuration mode. Step 7 Specifies an IP address and netmask for VLAN 101. Switch-A(config-slb-vlan-server)# ip address 10.0.101.35 255.255.255.0 Catalyst 6500 Series Content Switching Module Configuration Note 11-9 OL-4612-01...
  • Page 138 Firewall 1 as a real server and enters real server configuration submode. Step 10 Enables the firewall. Switch-A(config-slb-real)# inservice Step 11 Returns to server farm configuration mode. Switch-A(config-slb-real)# exit Catalyst 6500 Series Content Switching Module Configuration Note 11-10 OL-4612-01...
  • Page 139 Step 13 Returns to multiple module configuration mode. Switch-A(config-slb-vserver)# exit Step 14 Specifies OUTSIDE-VS as the virtual server that is Switch-A(config-module-csm)# vserver OUTSIDE-VS being configured and enters virtual server configuration mode. Catalyst 6500 Series Content Switching Module Configuration Note 11-11 OL-4612-01...

  • Page 140: Configuring Csm B (Stealth Firewall Example)

    Creating VLANs on Switch B To create three VLANs on Switch B, perform this task: This example assumes that the CSMs are in separate Catalyst 6500 series switches. If they are in the Note same chassis, you can create all of the VLANs on the same Catalyst 6500 series switch console.
  • Page 141 SERVERS-SF specifies that client NAT will be performed using a pool of client NAT addresses Note that are created earlier in the example using the natpool command. You must create the NAT pool before referencing the command. Catalyst 6500 Series Content Switching Module Configuration Note 11-13 OL-4612-01...
  • Page 142 Switch-B(config-slb-real)# inservice FORWARD-SF is actually a route forwarding policy, not an actual server farm, that allows traffic to reach the intranet (through VLAN 20). It does not contain any real servers. Catalyst 6500 Series Content Switching Module Configuration Note 11-14 OL-4612-01...
  • Page 143 Switch-B(config-slb-vserver)# virtual 0.0.0.0 0.0.0.0 any protocol Step 16 Specifies that the virtual server will only accept Switch-B(config-slb-vserver)# vlan 20 traffic arriving on VLAN 20, which is traffic arriving from the intranet. Catalyst 6500 Series Content Switching Module Configuration Note 11-15 OL-4612-01...

  • Page 144: Configuring Regular Firewall Load Balancing

    Packet Flow in a Regular Firewall Configuration In a regular firewall configuration, firewalls connect to two different VLANs and are configured with IP addresses on the VLANs to which they connect. (See Figure 11-7.) Catalyst 6500 Series Content Switching Module Configuration Note 11-16 OL-4612-01...

  • Page 145: Regular Firewall Configuration Example

    The regular firewall configuration example contains two CSMs (CSM A and CSM B) installed in separate Catalyst 6500 series switches. You can use this example when configuring two CSMs in the same Catalyst 6500 series switch chassis. Note You can also use this example when configuring a single CSM in a single switch chassis, assuming that you specify the slot number of that CSM when configuring both CSM A and CSM B.

  • Page 146: Configuring Csm A (Regular Firewall Example)

    Figure 11-7, requires that you create two VLANs on Switch A. This example assumes that the CSMs are in separate Catalyst 6500 series switch chassis. If they are in Note the same chassis, all of the VLANs can be created on the same Catalyst 6500 series switch console.
  • Page 147 Identifies Firewall 2 as a real server, assigns an IP Switch-A(config-slb-sfarm)# real 100.0.0.4 address to its insecure side, and enters real server configuration submode. Step 13 Enables the firewall. Switch-A(config-slb-real)# inservice Catalyst 6500 Series Content Switching Module Configuration Note 11-19 OL-4612-01...
  • Page 148 INSEC-VS allows traffic from the Internet to reach CSM A (through VLAN 101). Clients reach the server farm represented by this virtual server through this address. The server farm contains firewalls rather than real servers. Catalyst 6500 Series Content Switching Module Configuration Note 11-20 OL-4612-01...

  • Page 149: Configuring Csm B (Regular Firewall Example)

    Creating VLANs on Switch B Note This example assumes that the CSMs are in separate Catalyst 6500 series switch chassis. If they are in the same chassis, all of the VLANs can be created on the same Catalyst 6500 series switch console.
  • Page 150 Disables the NAT of server IP address and port Switch-B(config-slb-sfarm)# no nat server number Step 12 Selects a server using a hash value based on the Switch-B(config-slb-sfarm)# predictor hash address destination 255.255.255.255 destination IP address Catalyst 6500 Series Content Switching Module Configuration Note 11-22 OL-4612-01...
  • Page 151 Step 11 Specifies the server farm for this virtual server Switch-B(config-slb-vserver)# serverfarm SEC-SF Step 12 Enables the virtual server. Switch-B(config-slb-vserver)# inservice Step 13 Returns to multiple module configuration mode. Switch-B(config-slb-vserver)# exit Catalyst 6500 Series Content Switching Module Configuration Note 11-23 OL-4612-01...

  • Page 152: Configuring Reverse-Sticky For Firewalls

    If a matching entry is found, the session is connected to the specified real server. Otherwise, a new entry is created linking the sticky key with the appropriate real server. Figure 11-8 shows how the reverse-sticky feature is used for firewalls. Catalyst 6500 Series Content Switching Module Configuration Note 11-24 OL-4612-01...
  • Page 153 However, the balancing metric to the firewalls from VS2 must match that of the unknown load balancer, or the unknown load balancer must stick new buddy connections in a similar manner if client responses to server initiated traffic are to be sent to the correct firewall. Catalyst 6500 Series Content Switching Module Configuration Note 11-25 OL-4612-01...

  • Page 154: Configuring Reverse-Sticky For Firewalls

    SLB-Switch# show module csm slot sticky Displays the sticky database. Configuring Stateful Firewall Connection Remapping To configure the Firewall Reassignment feature, you must have an MSFC image from Cisco IOS 12.1(19)E software release. To configure firewall reassignment, follow these steps:...

  • Page 155: Appendix

    # The CSM default gateway in this config is the # MSFC IP address on that VLAN serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice real 10.20.220.30 no inservice vserver WEB Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 156: Appendix A Configuration Example

    -------------------------------- 10.20.220.1 255.255.255.0 10.20.221.5 255.255.255.0 CLIENT GATEWAYS 10.20.221.1 Cat6k-2# Cat6k-2# show mod csm 5 real real server farm weight state conns/hits ------------------------------------------------------------------------- 10.20.220.10 WEBFARM OPERATIONAL 10.20.220.20 WEBFARM OPERATIONAL 10.20.220.30 WEBFARM OUTOFSERVICE Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 157 Redirect Connections: 0, Redirect Dropped: 0 FTP Connections: MAC Frames: Tx: Unicast: 345, Multicast: 5, Broadcast: 25844, Underflow Errors: 0 Rx: Unicast: 1841, Multicast: 448118, Broadcast: 17, Overflow Errors: 0, CRC Errors: 0 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 158: Configuring Bridged Mode With The Msfc On The Client Side

    Status -------------------------------------------------------------------- 10.20.220.1 00-02-FC-CB-70-0A GATEWAY up(0 misses) 10.20.220.2 00-02-FC-E1-68-EC 221/220 --SLB-- local 10.20.220.10 00-D0-B7-A0-81-D8 REAL up(0 misses) 10.20.220.20 00-D0-B7-A0-81-D8 REAL up(0 misses) 10.20.220.30 00-D0-B7-A0-81-D8 REAL up(0 misses) 10.20.220.100 00-02-FC-E1-68-EB VSERVER local Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 159: Configuring Probes

    5 failed 10 serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice real 10.20.220.30 health probe PING-SERVER-30 inservice probe PING probe TCP probe HTTP vserver TELNET Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 160 WEBFARM (default) FAILED 10.20.220.10:80 TELNET WEBFARM (default) OPERABLE PING-SERVER-30 icmp real vserver serverfarm policy status ------------------------------------------------------------------------------ 10.20.220.30:80 WEBFARM (default) OPERABLE 10.20.220.30:23 TELNET WEBFARM (default) OPERABLE Cat6k-2# show mod csm 5 real Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 161: Configuring Source Nat For Server-Originated Connections To The Vip

    10.20.220.30 inservice serverfarm FARM2 nat server nat client POOL-1 real 10.20.220.10 inservice real 10.20.220.20 inservice real 10.20.220.30 inservice vserver FROM-CLIENTS virtual 10.20.221.100 tcp telnet vlan 221 serverfarm FARM persistent rebalance Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 162 Cat6k-2# sh mod csm 5 natpool nat client POOL-1 10.20.220.99 10.20.220.99 netmask 255.255.255.0 Cat6k-2# sh mod csm 5 serverfarm server farm type predictor reals redirect bind id ---------------------------------------------------------------------- FARM RoundRobin FARM2 RoundRobin Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 163: Configuring Session Persistence (Stickiness

    Cat6k-2# show mod csm 5 sticky group 10 group sticky-data real timeout ---------------------------------------------------------------- ip 10.20.1.100 10.20.220.10 Cat6k-2#show mod csm 5 sticky group 20 group sticky-data real timeout ---------------------------------------------------------------- cookie 4C656B72:861F0395 10.20.220.20 1597 Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 164: Direct Access To Servers In Router Mode

    # want to rewrite the destination IP address when # forwarding the traffic. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice vserver DIRECT-ACCESS virtual 10.20.220.0 255.255.255.0 tcp 0 Catalyst 6500 Series Content Switching Module Configuration Note A-10 OL-4612-01...
  • Page 165 = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4 max parse len = 2000, persist rebalance = TRUE ssl sticky offset = 0, length = 32 conns = 1, total conns = 1 Default policy: Catalyst 6500 Series Content Switching Module Configuration Note A-11 OL-4612-01...

  • Page 166: Server-To-Server Load Balanced Connections

    221 serverfarm TIER-1 persistent rebalance inservice vserver VIP2 virtual 10.20.210.100 tcp telnet vlan 210 serverfarm TIER-2 persistent rebalance inservice Output of some show commands: Cat6k-2# sh mod csm 5 arp Catalyst 6500 Series Content Switching Module Configuration Note A-12 OL-4612-01...

  • Page 167: Route Health Injection

    ContentSwitchingModule 5 vlan 220 server ip address 10.20.220.2 255.255.255.0 alias 10.20.220.1 255.255.255.0 vlan 221 client ip address 10.20.221.5 255.255.255.0 gateway 10.20.221.1 alias 10.20.221.2 255.255.255.0 Catalyst 6500 Series Content Switching Module Configuration Note A-13 OL-4612-01...
  • Page 168 P - periodic downloaded static route Gateway of last resort is 10.20.1.100 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks 10.21.1.0/24 is directly connected, Vlan21 10.20.250.100/32 [1/0] via 10.20.221.2, Vlan221 Catalyst 6500 Series Content Switching Module Configuration Note A-14 OL-4612-01...
  • Page 169 Gateway of last resort is 10.20.1.100 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks 10.21.1.0/24 is directly connected, Vlan21 10.20.221.0/24 is directly connected, Vlan221 0.0.0.0/0 [1/0] via 10.30.1.100 Catalyst 6500 Series Content Switching Module Configuration Note A-15 OL-4612-01...

  • Page 170: Server Names

    SERVER1 inservice real name SERVER2 inservice probe PING probe FTP serverfarm WEBFARM nat server no nat client real name SERVER1 inservice real name SERVER2 inservice Catalyst 6500 Series Content Switching Module Configuration Note A-16 OL-4612-01...
  • Page 171 # service for that specific farm Cat6k-2# conf t Enter configuration commands, one per line. End with CNTL/Z. Cat6k-2(config)# mod csm 5 Cat6k-2(config-module-csm)# serv webfarm Cat6k-2(config-slb-sfarm)# real name server1 Cat6k-2(config-slb-real)# no inservice Cat6k-2(config-slb-real)# end Catalyst 6500 Series Content Switching Module Configuration Note A-17 OL-4612-01...

  • Page 172: Backup Server Farm

    221 client ip address 10.20.221.5 255.255.255.0 gateway 10.20.221.1 alias 10.20.221.2 255.255.255.0 vlan 210 server ip address 10.20.210.2 255.255.255.0 alias 10.20.210.1 255.255.255.0 probe PING icmp interval 2 retries 2 failed 10 Catalyst 6500 Series Content Switching Module Configuration Note A-18 OL-4612-01...
  • Page 173 = <none> Probes: PING, type = icmp Real servers: SERVER1, weight = 8, OPERATIONAL, conns = 0 SERVER2, weight = 8, OPERATIONAL, conns = 0 Total connections = 0 Catalyst 6500 Series Content Switching Module Configuration Note A-19 OL-4612-01...
  • Page 174 <none> retcode map = <none> Probes: PING, type = icmp Real servers: SERVER1, weight = 8, PROBE_FAILED, conns = 0 SERVER2, weight = 8, PROBE_FAILED, conns = 0 Catalyst 6500 Series Content Switching Module Configuration Note A-20 OL-4612-01...
  • Page 175 ---------------------------------------------------------------- ARP_INTERVAL ARP_LEARNED_INTERVAL 14400 ARP_GRATUITOUS_INTERVAL ARP_RATE ARP_RETRIES ARP_LEARN_MODE ARP_REPLY_FOR_NO_INSERVICE_VIP ADVERTISE_RHI_FREQ AGGREGATE_BACKUP_SF_STATE_TO_VS 0 DEST_UNREACHABLE_MASK 0xffff FT_FLOW_REFRESH_INT GSLB_LICENSE_KEY (no valid license) HTTP_CASE_SENSITIVE_MATCHING MAX_PARSE_LEN_MULTIPLIER NAT_CLIENT_HASH_SOURCE_PORT ROUTE_UNKNOWN_FLOW_PKTS NO_RESET_UNIDIRECTIONAL_FLOWS SYN_COOKIE_INTERVAL SYN_COOKIE_THRESHOLD 5000 TCP_MSS_OPTION 1460 Catalyst 6500 Series Content Switching Module Configuration Note A-21 OL-4612-01...
  • Page 176 Default policy: server farm = WEBFARM, backup = WEBFARM2 (no sticky) sticky: timer = 0, subnet = 0.0.0.0, group id = 0 Policy Tot matches Client pkts Server pkts ----------------------------------------------------- (default) Catalyst 6500 Series Content Switching Module Configuration Note A-22 OL-4612-01...
  • Page 177 = 8, weight(admin) = 8, metric = 0, remainder = 0 total conns established = 7, total conn failures = 0 SERVER2, WEBFARM, state = FAILED address = 10.20.220.20, location = <NA> Catalyst 6500 Series Content Switching Module Configuration Note A-23 OL-4612-01...

  • Page 178: Balancing Based On The Source Ip Address

    SERVER3 address 10.20.220.30 inservice real SERVER4 address 10.20.220.40 inservice serverfarm WEBFARM nat server no nat client real name SERVER1 inservice real name SERVER2 inservice probe PING serverfarm WEBFARM2 nat server Catalyst 6500 Series Content Switching Module Configuration Note A-24 OL-4612-01...
  • Page 179 WEB, type = SLB, state = OPERATIONAL, v_index = 18 virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4 Catalyst 6500 Series Content Switching Module Configuration Note A-25 OL-4612-01...

  • Page 180: Layer 7 Load Balancing

    Negate a command or set its defaults reverse-sticky define sticky group for reverse traffic serverfarm define policy serverfarm set policy parameters sticky-group define policy sticky group url-map define policy URL map Catalyst 6500 Series Content Switching Module Configuration Note A-26 OL-4612-01...
  • Page 181 SERVER3 address 10.20.220.30 inservice real SERVER4 address 10.20.220.40 inservice serverfarm WEBFARM nat server no nat client real name SERVER1 inservice real name SERVER2 inservice probe PING serverfarm WEBFARM2 nat server Catalyst 6500 Series Content Switching Module Configuration Note A-27 OL-4612-01...
  • Page 182 L4 Rejected Connections: L7 Load-Balanced Decisions: 29 L7 Rejected Connections: Total: 0, Parser: 0, Reached max parse len: 0, Cookie out of mem: 0, Cfg version mismatch: 0, Bad SSL2 format: 0 Catalyst 6500 Series Content Switching Module Configuration Note A-28 OL-4612-01...

  • Page 183: Http Redirect

    REDIRECTFARM vserver WWW1VIP virtual 10.20.211.100 tcp www serverfarm WWW1FARM persistent rebalance slb-policy SPORTPOLICY inservice # This configuration represents the configuration of site B module ContentSwitchingModule 7 vlan 221 client Catalyst 6500 Series Content Switching Module Configuration Note A-29 OL-4612-01...
  • Page 184 # by WWW1FARM. One request has matched the policy SPORTPOLICY and has been redirected to # the second site that has then served the request. # The following is an example of the request that was sent to www1.cisco.com asking for # /sports/.
  • Page 185 6f6d 0d0a 0d0a om..# The following example is the message that the client has received back from # www1.cisco.com. This message is the HTTP redirect message generated by the CSM 10.20.211.100.80 > 10.20.1.100.34589: FP 1:56(55) ack 287 win 2048 (DF) 0x0000 4500 005f 763c 4000 3e06 dd6c 0a14 d364 E.._v<@.>..l...d...
  • Page 186 2033 3032 2046 6f75 6e64 200d 0a4c 6f63 .302.Found...Loc 0x0040 6174 696f 6e3a 2068 7474 7073 3a2f 2f77 ation:.https://w 0x0050 7777 322e 7465 7374 2e63 6f6d 2f73 706f ww2.test.com/spo 0x0060 7274 732f 0d0a 0d0a rts/..Catalyst 6500 Series Content Switching Module Configuration Note A-32 OL-4612-01...

  • Page 187: Appendix

    When a CSM is out-of-service the module still replies to ARP requests but will not reply to pings. System Messages This section lists system log (syslog) messages supported in the CSM. For the Cisco IOS, the message logs contain the warning level with this syntax: CSM_SLB_ level-code Table B-1...
  • Page 188 CSM to come online. Error Message CSM_SLB-4-ARPCONFIG Module [dec] ARP configuration error There is an error in creating or removing static ARP configuration. Explanation Recheck your ARP configuration. Recommended Action Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 189 The CSM sends this message when you enter a debug command on the CSM console to work around the image version mismatch condition described in the previous error message. This error is a debug condition only. Recommended Action Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 190 CSM. The standby CSM stays as standby and does not take over as active if the primary CSM fails. Recommended Action The CSM does not support hitless (HA) upgrades in this situation. Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...

  • Page 191: Appendix

    (yes | no) #IMPLIED > <!-- backup_name is a string of length 1 to 15 backup_sticky default is "no" --> <!ELEMENT serverfarm_ref EMPTY> <!ATTLIST serverfarm_ref sense (yes | no) #IMPLIED Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 192 (yes | no) #IMPLIED string CDATA #REQUIRED > <!-- string is of length 1 to 200 --> <!ELEMENT contact_info EMPTY> <!ATTLIST contact_info sense (yes | no) #IMPLIED string CDATA #REQUIRED Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 193 Global maximum of 255 vlan gateways (including routed gateways) --> <!ELEMENT vlan (vlan_address?, gateway*, route*, alias*)> <!ATTLIST vlan sense (yes | no) #IMPLIED NMTOKEN #REQUIRED type (client | server) #REQUIRED > <!-- ************************************************************* Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 194 0 and 65535 (default is 3) --> <!ELEMENT probe_retries EMPTY> <!ATTLIST probe_retries sense (yes | no) #IMPLIED value NMTOKEN #REQUIRED > <!-- value is between 1 and 65535 (default 10) --> <!ELEMENT probe_open EMPTY> Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 195 1 to 15 password is a string of length 1 to 15 --> <!ELEMENT probe_credentials EMPTY> <!ATTLIST probe_credentials sense (yes | no) #IMPLIED user CDATA #REQUIRED password CDATA "" Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 196 > <!-- Maximum of 255 probe_expect_addresses per dns_probe probe_address must use mode "routed" --> <!ELEMENT dns_probe (probe_failed?, probe_interval?, probe_retries?, probe_receive?, probe_port?, probe_address?, probe_domain?, probe_expect_address*) > <!-- probe_address must use mode "transparent" Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 197 (http | dns | icmp | tcp | udp | smtp | telnet | ftp | script | kal-ap-udp | kal-ap-tcp) #REQUIRED > <!-- ************************************************************* Elements and attributes required for natpool Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 198 1 and 4294967295, no effect for count action reset is between 0 and 4294967295 (0 means no reset) --> <!ELEMENT retcode_rule EMPTY> <!ATTLIST retcode_rule sense (yes | no) #IMPLIED Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 199 (yes | no) #IMPLIED name CDATA #REQUIRED > <!-- Maximum of 16 dns_rules per map --> <!ELEMENT dns_map (dns_rule*)> <!ATTLIST dns_map sense (yes | no) #IMPLIED name CDATA #REQUIRED > <!-- ************************************************************* Catalyst 6500 Series Content Switching Module Configuration Note OL-4612-01...
  • Page 200 <!ELEMENT location EMPTY> <!ATTLIST location sense (yes | no) #IMPLIED string CDATA #REQUIRED > <!ELEMENT real_address EMPTY> <!ATTLIST real_address sense (yes | no) #IMPLIED ipaddress NMTOKEN #REQUIRED > <!ELEMENT named_real_server (real_address?, location?)> Catalyst 6500 Series Content Switching Module Configuration Note C-10 OL-4612-01...
  • Page 201 (yes | no) #IMPLIED ipaddress NMTOKEN #IMPLIED named_real_server_ref CDATA #IMPLIED port NMTOKEN "0" > <!-- either ipaddress or named_real_server_ref is required port is between 0 and 65535 (0 means no port translation) Catalyst 6500 Series Content Switching Module Configuration Note C-11 OL-4612-01...
  • Page 202 (yes | no) #IMPLIED name CDATA #REQUIRED > <!ELEMENT server_nat EMPTY> <!ATTLIST server_nat sense (yes | no) #IMPLIED > <!-- value is between 0 and 65533 --> <!ELEMENT bind_id EMPTY> Catalyst 6500 Series Content Switching Module Configuration Note C-12 OL-4612-01...
  • Page 203 0 to 127 --> <!ELEMENT static_sticky EMPTY> <!ATTLIST static_sticky sense (yes | no) #IMPLIED real_ip NMTOKEN #REQUIRED expression NMTOKEN #IMPLIED src_ip NMTOKEN #IMPLIED dest_ip NMTOKEN #IMPLIED > Catalyst 6500 Series Content Switching Module Configuration Note C-13 OL-4612-01...
  • Page 204 <!ATTLIST url_map_ref sense (yes | no) #IMPLIED name CDATA #REQUIRED > <!ELEMENT cookie_map_ref EMPTY> <!ATTLIST cookie_map_ref sense (yes | no) #IMPLIED name CDATA #REQUIRED > <!ELEMENT header_map_ref EMPTY> <!ATTLIST header_map_ref Catalyst 6500 Series Content Switching Module Configuration Note C-14 OL-4612-01...
  • Page 205 (yes | no) #IMPLIED value NMTOKEN #REQUIRED > <!ELEMENT policy (serverfarm_ref?, client_group_ref?, sticky_group_ref?, reverse_sticky?, dscp?, url_map_ref?, cookie_map_ref?, header_map_ref?) > <!ATTLIST policy sense (yes | no) #IMPLIED name CDATA #REQUIRED > <!-- Catalyst 6500 Series Content Switching Module Configuration Note C-15 OL-4612-01...
  • Page 206 "255.255.255.255" > <!ELEMENT policy_ref EMPTY> <!ATTLIST policy_ref sense (yes | no) #IMPLIED name CDATA #REQUIRED > <!ELEMENT dns_policy_ref EMPTY> <!ATTLIST dns_policy_ref sense (yes | no) #IMPLIED name CDATA #REQUIRED > Catalyst 6500 Series Content Switching Module Configuration Note C-16 OL-4612-01...
  • Page 207 <!ATTLIST persistent sense (yes | no) #IMPLIED > <!-- value is between 1 and 4000 --> <!ELEMENT parse_length EMPTY> <!ATTLIST parse_length sense (yes | no) #IMPLIED value NMTOKEN #REQUIRED > Catalyst 6500 Series Content Switching Module Configuration Note C-17 OL-4612-01...
  • Page 208 <!ELEMENT dns_vserver (inservice?, dns_policy_ref*)> <!ATTLIST dns_vserver sense (yes | no) #IMPLIED name CDATA #REQUIRED > <!-- ************************************************************* Elements and attributes required for dfp ************************************************************* --> <!-- port is between 1 and 65535 --> Catalyst 6500 Series Content Switching Module Configuration Note C-18 OL-4612-01...
  • Page 209 1 and 65535 --> <!ELEMENT capp_port EMPTY> <!ATTLIST capp_port sense (yes | no) #IMPLIED value NMTOKEN #REQUIRED > <!ELEMENT capp_secure EMPTY> <!ATTLIST capp_secure sense (yes | no) #IMPLIED > Catalyst 6500 Series Content Switching Module Configuration Note C-19 OL-4612-01...
  • Page 210 Default ft_priority is 10 Default ft_failover is 3 Default ft_heartbeat is 1 --> <!ELEMENT ft (ft_preempt?, ft_priority?, ft_failover?, ft_heartbeat?)> <!ATTLIST ft sense (yes | no) #IMPLIED group NMTOKEN #REQUIRED vlan_id NMTOKEN #REQUIRED > Catalyst 6500 Series Content Switching Module Configuration Note C-20 OL-4612-01...
  • Page 211 Maximum of 1023 retcode_maps Maximum of 1023 dns_maps Maximum of 4095 serverfarms and dns_serverfarms Maximum of 255 sticky_groups (including those id=0 groups created implicitly for vservers) Maximum of 4000 vservers and dns_vservers Catalyst 6500 Series Content Switching Module Configuration Note C-21 OL-4612-01...
  • Page 212 = 0x0400 /* IOS unable to parse command */ XML_ERR_IOS_MODULE_IN_USE = 0x0800 /* Another user is configuring CSM */ XML_ERR_IOS_WRONG_MODULE = 0x1000 /* Tried to configure unavailable CSM */ XML_ERR_IOS_CONFIG = 0x2000 /* IOS configuration error */ ************** Catalyst 6500 Series Content Switching Module Configuration Note C-22 OL-4612-01...

This manual is also suitable for:

Catalyst 6000 series

Table of Contents