Page 1
Cisco SCE 8000 10GBE Software Configuration Guide Release 4.1.x February 07, 2014 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: OL-30621-02...
Page 2
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Authorization and Command Mode Levels (Hierarchy) CLI Authorization Levels CLI Command Mode Hierarchy Prompt Indications Navigating Between Authorization Levels and Command Modes The do Command: Executing Commands Without Exiting CLI Help Features Partial Help Argument Help Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 4
How to Save or Change the Configuration Settings Example for Saving or Changing the Configuration Settings Restoring a Previous Configuration Example for Restoring a Previous Configuration How to Display the Cisco SCE Platform Version Information 3-10 Example for Displaying the Cisco SCE Platform Version Information 3-10...
Page 5
Contents Rebooting and Shutting Down the Cisco SCE Platform 3-23 Rebooting the Cisco SCE Platform 3-23 Examples for Rebooting the Cisco SCE Platform 3-23 How to Shut Down the Cisco SCE Platform 3-23 Example for Shutting Down the Cisco SCE Platform...
Page 6
Monitoring the Management Interface 5-10 Configuring Management Interface VLANs 5-11 Monitoring Management VLANs 5-14 TACACS+ Authentication, Authorization, and Accounting 5-15 Information About TACACS+ Authentication, Authorization, and Accounting 5-15 Login Authentication 5-15 Accounting 5-16 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 7
Configuring Telnet Timeout 5-36 Configuring the SSH Server 5-37 The SSH Server 5-37 Key Management 5-37 Managing the SSH Server 5-38 Generating a Set of SSH Keys 5-38 Enabling the SSH Server 5-38 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 8
Configuring the IP Routing Table How to Configure the Default Gateway How to Add an Entry to the IP Routing Table How to Display the IP Routing Table IP Advertising Configuring IP Advertising Cisco SCE 8000 10GBE Software Configuration Guide viii OL-30621-02...
Page 9
How to Define the SNTP Unicast Update Interval 6-15 Options 6-15 How to Display SNTP Information 6-15 Domain Name Server (DNS) Settings 6-17 Configuring DNS Lookup 6-17 How to Enable DNS Lookup 6-17 How to Disable DNS Lookup 6-17 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 10
Displaying Current DNS Settings: Example 6-19 Configuring Cisco Discovery Protocol 6-20 Cisco Discovery Protocol 6-20 Cisco Discovery Protocol on the Cisco SCE 8000 Platform 6-21 CDP Operational Modes on the Cisco SCE 8000 6-21 CDP Limitations on the Cisco SCE 8000 6-22...
Page 11
How to Create a Traffic Rule for IPv4 Addresses 7-29 How to Create a Traffic Rule for IPv6 Addresses 7-32 How to Delete a Traffic Rule 7-33 How to Delete All Traffic Rules 7-33 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 12
8-10 How to Display the Hardware Bypass Status of a Static Party 8-11 How to Display the Startup Configuration Party Database 8-11 How to Display the Currently Running Party Database Configuration 8-12 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 13
8-21 Configure the Failure Recovery Mode: Examples 8-21 Configuring the Cisco SCE Platform/SM Connection 8-22 Configuring the Behavior of the Cisco SCE Platform in Case of Failure of the SM 8-22 Options 8-22 Configuring the SM-SCE Platform Connection Timeout 8-22...
Page 14
Displaying the RDR Formatter Configuration: Example 9-19 How to the Display the Current RDR Formatter Statistics 9-19 Displaying the Current RDR Formatter Statistics: Example 9-19 Disabling the Linecard from Sending RDRs 9-21 Disabling RDR Aggregation 9-22 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 15
How to Remove All the Anonymous Subscribers 10-14 How to Remove All Subscriber Templates 10-15 Removing VPN-based Subscribers 10-15 How to Remove Subscribers by Device 10-15 How to Remove Subscribers from the SM 10-15 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 16
How to Enable Aging for Anonymous Group Subscribers 10-34 How to Enable Aging for Introduced Subscribers 10-34 How to Disable Aging for Anonymous Group Subscribers 10-34 How to Disable Aging for Introduced Subscribers 10-35 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 17
How to Display VPN-Related Mappings 10-37 How to Clear Automatic VPNs 10-37 Configuring the Cisco SCE Platform/SM Connection 10-39 Configuring the Behavior of the Cisco SCE Platform in Case of Failure of the SM 10-39 Options 10-39 Configuring the SM-SCE Platform Connection Timeout 10-40...
Page 18
How to View the Current Connection Mode 11-14 How to View the Cisco SCE-ID 11-15 How to View the Current Redundancy Status of the Cisco SCE Platform 11-15 How to View Information about the Peer Cisco SCE Platform 11-15 How to View Information about the Cascade Connections...
Page 19
How to Display the List of Ports Selected for Subscriber Notification 12-31 How to Find out Whether Hardware Attack Filtering has been Activated 12-32 Viewing the Attack Log 12-32 The Attack Log 12-32 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 20
Single ISG Router with Two Cascaded Cisco SCE Platforms (1xISG – 2xCisco SCE) 13-4 Multiple ISG Routers with Two Cascaded Cisco SCE Platforms (NxISG – 2xCisco SCE) 13-5 Multiple ISG Routers with Multiple Cisco SCE Platforms via Load Balancing (NxISG – MxCisco SCE) 13-6 SCMP Peer Devices...
Page 21
Data Flow 14-15 Multiple Cisco SCE Platforms, Multiple VAS Servers 14-15 SNMP Support for VAS 14-17 Interactions Between VAS Traffic Forwarding and Other Cisco SCE Platform Features 14-18 Incompatible Cisco SCE Platform Features 14-18 VAS Traffic Forwarding and DDoS Processing 14-18...
Page 22
How to Display Operational and Configuration Information for All VAS Server Groups 14-33 How to Display Operational and Configuration Information for a Specific VAS Server 14-33 Example 14-33 How to Display Operational and Configuration Information for All VAS Servers 14-34 Cisco SCE 8000 10GBE Software Configuration Guide xxii OL-30621-02...
Page 23
A P P E N D I X Introduction MIB Files Loading MIBs pcube to Cisco MIB Mapping Pcube Engage MIB (CISCO-SCAS-BB-MIB) pcube to Cisco MIB Mapping: Detailed OID Mappings Cisco SCE Platform-Specific MIB Information A-26 CISCO-ENTITY-ALARM-MIB A-26 MIB Updates A-27 Release 3.5.5 MIB Updates...
Page 24
Cisco SCE Platform Utilization Indicators CPU Utilization Flows Capacity Subscribers Capacity Service Loss Monitoring Service Loss Cisco SCE 8000 Licensing Information A P P E N D I X OpenSSH License NetSNMP License Cisco SCE 8000 10GBE Software Configuration Guide xxiv OL-30621-02...
Revised: February 07, 2014, OL-30621-02 Introduction This preface describes who should read Cisco SCE 8000 10GBE Software Configuration Guide, how it is organized, and its document conventions. This guide is for experienced network administrators who are responsible for configuring and maintaining the Cisco SCE platform.
“Configuring and Managing the SNMP Interface” section on page 5-41 with SNMPv3 details. Updated the “Tunneling Protocols” section on • page 7-4. Added “Release 4.1.0 MIB Updates” section on • page A-30. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 27
Chapter 1 Cisco Service Control Overview Overview of Cisco SCE platform management. Chapter 2 Command-Line Interface Detailed explanation of how to use the Cisco SCE Command-line Interface. Chapter 3 Basic Cisco SCE 8000 Platform Explanation of how to manage configurations,...
Page 28
Monitoring Cisco SCE Platform Explanation of how to monitor Cisco SCE Utilization platforms that are installed in real traffic. Appendix C Cisco SCE 8000 Licensing Copy of Open SSH and NetSNMP license Information information. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Related Publications Your Cisco SCE platform and the software running on it contain extensive features and functionality, which are documented in the following resources: For further information regarding the Service Control CLI and a complete listing of all CLI •...
Page 30
Means the described action saves time. You can save time by performing the action described in the paragraph. Warning Means reader be warned. In this situation, you might perform an action that could result in bodily injury. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
Revised: February 07, 2014, OL-30621-02 Introduction This chapter provides a general overview of the Cisco Service Control solution. It introduces the Cisco service control concept and capabilities. It also briefly describes the hardware capabilities of the service control engine (Cisco SCE) platform and the Cisco specific applications that together compose the complete Cisco service control solution.
IP services. The Cisco service control application for broadband adds a layer of service intelligence and control to existing networks that can: Report and analyze network traffic at subscriber and aggregate level for capacity planning •...
Cisco Service Control Capabilities Cisco Service Control Capabilities The core of the Cisco service control solution is the network hardware device: the Service control engine (Cisco SCE). The core capabilities of the Cisco SCE platform, which support a wide range of applications for delivering service control solutions, include: •...
The Cisco SCE family of programmable network devices performs application-layer stateful-flow inspection of IP traffic, and controls the traffic based on configurable rules. The Cisco SCE platform is a network device that uses ASIC components and reduced instruction set computer (RISC) processors to exceed beyond packet counting and expand into the contents of network traffic.
P2P, and IM and if required, associate these rules to separate Bandwidth Controls (BWCs). With BWC enforcement, you can limit the networking flows for all types of applications. There are three types of rules in the Cisco SCE which can be used for bandwidth enforcement at different levels.
No bandwidth control is enforced upon the subscribers. This results in unlimited bandwidth to the subscriber. Management and Collection The Cisco service control solution includes a complete management infrastructure that provides the following management components to manage all aspects of the solution: Network management •...
The collection manager software is an implementation of a collection system that receives RDRs from one or more Cisco SCE platforms. It collects these records and processes them in one of its adapters. Each adapter performs a specific action on the RDR.
Cisco Service Control Overview IPv6 Support IPv6 Support The Cisco SCE 8000 devices support processing of IPv6 traffic. The features that are available for IPv4, such as traffic processing, application classification and control, and management APIs, are available for IPv6 too.
Page 41
Cisco Service Control Overview IPv6 Support Cisco SCE 8000 supports a maximum of 1M subscriber range. This means that the Cisco SCE can • support a maximum of 1M subscribers with one mapping (either IPv4 or IPv6). But when the dual stack mode is enabled and all subscribers are dual stack subsribers—subscribers with one IPv4 and...
Page 42
Chapter 1 Cisco Service Control Overview IPv6 Support Cisco SCE 8000 10GBE Software Configuration Guide 1-10 OL-30621-02...
The CLI is accessed through a Telnet session or directly via the console port on the front panel of the Cisco SCE platform. When you enter a Telnet session, you enter as the simplest level of user, in the User Exec mode.
To monitor the system, you must have Viewer authorization, while to perform administrative functions on the Cisco SCE platform, you must have Admin or Root authorization. A higher level of authorization is accessed by logging in with appropriate password, as described in the procedures below.
The next levels in the hierarchy are the Global and Interface configuration modes, which hold a set of commands that control the global configuration of the Cisco SCE platform and its interfaces. Any of the parameters set by the commands in these modes should be saved in the startup configuration, such that in the case of a reboot, the Cisco SCE platform restores the saved configuration.
(config if range)# Line Configuration (config-line)# Example: The prompt indicates: SCE1(config if)# The name of the Cisco SCE platform is • SCE1 The current CLI mode is Interface configuration mode • The user has Admin authorization level • Navigating Between Authorization Levels and Command Modes The authorization levels and command modes function together under one hierarchy.
EXEC mode command (such as a show command) or a privileged EXEC (such as show running-config) without exiting to the relevant command mode. Use the do command for this purpose. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 50
The specified command executes without exiting to the appropriate exec command mode. The following example shows how to display the running configuration while in interface configuration mode. SCE(config if#) do show running-config Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
(“) marks to enclose the string. DECIMAL Any decimal number. Positive number is assumed, for negative numbers use the “–” symbol. A hexadecimal number; must start with either 0x or 0X. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 52
List the keywords associated with the specified command. <command keyword> ? List the arguments associated with the specified keyword. Example: Leave a space between the keyword and question show ? mark access-lists Show all access-lists Cisco SCE 8000 10GBE Software Configuration Guide 2-10 OL-30621-02...
Ctrl-L Re-display the current command line. Ctrl-R Keyboard Shortcuts The Cisco SCE platform has several keyboard shortcuts that make it easier to navigate and use the system. Table 2-8 shows the keyboard shortcuts available. You can get a display the keyboard shortcuts at any time by typing help bindings.
The following example illustrates how to use the completion feature with a non-default value for the argument. In this example, the enable command is completed using the specified value (15) for the authorization level. SCE>en 15 <Enter> Password: sce# Cisco SCE 8000 10GBE Software Configuration Guide 2-12 OL-30621-02...
All previous lines are excluded. The syntax of filtered commands is as follows: • command | include expression • command | exclude expression • command | begin expression Cisco SCE 8000 10GBE Software Configuration Guide 2-14 OL-30621-02...
Redirect that output to a file named current_gold_subscribers. The output should not overwrite • existing entries in the file, but should be appended to the end of the file. sce# more subscribers_10.10.2008 include gold | append current_gold_subscribers Cisco SCE 8000 10GBE Software Configuration Guide 2-15 OL-30621-02...
Cisco SCE platforms and you want to run the same configuration commands on each platform, you could create a script on one platform and run it on all the other Cisco SCE platforms. The available script commands are: script capture •...
Basic Cisco SCE 8000 Platform Operations Revised: February 07, 2014, OL-30621-02 Introduction This chapter describes how to start up the Cisco SCE 8000 platform, reboot, and shutdown. It also describes how to manage configurations. Starting the Cisco SCE 8000 Platform, page 3-2 •...
Subsequent startups • Line interfaces are properly cabled (optional) – – Cisco SCE 8000 platform is connected to at least one of the following types of management stations: Direct connection to local console (CON port) – – Remote management station via the LAN (Mng port)
The Status LED should be a constant amber while booting. After a successful boot, the Status LED • is steady green. It takes a several minutes for the Cisco SCE 8000 to boot and for the status LED to change from amber Note to green.
Page 62
Total warning messages: 0 Total error messages: 0 Total fatal messages: 0 If there are “Total error messages” or “Total fatal messages”, use the show logger device user-file-log command to display details about the errors. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
This configuration, referred to as the running-config, is saved in the Cisco SCE platform volatile memory and is effective while the Cisco SCE platform is up. After reboot, the Cisco SCE platform loads the startup-config, which includes the non-default configuration that was saved by the user, into the running-config.
The Cisco SCE platform provides multiple interfaces for the purpose of configuration and management. All interfaces supply an API to the same database of the Cisco SCE platform and any configuration made through one interface is reflected through all interfaces. Furthermore, when saving the running configuration to the startup configuration from any management interface, all configuration settings are saved regardless of the management interface used to set the configuration.
How to Display the Cisco SCE Platform Version Information Use this command to display global static information on the Cisco SCE platform, such as software and hardware version, image build time, system uptime, last open packages names and information on the SLI application assigned.
Page 69
Chapter 3 Basic Cisco SCE 8000 Platform Operations How to Display the Cisco SCE Platform Version Information cpu-0 SVR : 0x80900121 cpu-0 PVR : 0x80040202 cpu-0 freq : 1500MHz cpu-1 SVR : 0x80900121 cpu-1 PVR : 0x80040202 cpu-1 freq : 1500MHz...
Page 70
Chapter 3 Basic Cisco SCE 8000 Platform Operations How to Display the Cisco SCE Platform Version Information part-num : 73-9789-02 part-rev : A0 vid : V01 Part number: 73-10598-01 38 Revision: Software revision: LineCard S/N : CAT1202G07D Power Supply type: AC ...
How to Display the Cisco SCE Platform Inventory How to Display the Cisco SCE Platform Inventory Unique Device Identification (UDI) is a Cisco baseline feature that is supported by all Cisco platforms. This feature allows network administrators to remotely manage the assets in their network by tracing specific devices through either CLI or SNMP.
Displays the system uptime. Example for Displaying the System Uptime The following example shows how to display the system uptime of the Cisco SCE platform. SCE#show system-uptime Cisco SCE8000 uptime is 21 minutes, 37 seconds Configuring the System Mode The Cisco SCE 8000 devices operates in one the following system modes: IPv4 only system mode—All traffic processors handle only IPv4 traffic.
Configuring the IPv6 Prefix Length Cisco SCE 8000 devices identifies the IPv6 subscribers based on the MSB 64 bits of the subscriber IPv6 address. Cisco SCE 8000 devices support IPv6 subscribers with a range of /32 to /64 and not less than /32.
Page 77
For example, if the system prefix length is 48 for a party mapping configuration party mapping ipv6-address 1234:abcd:2123:abbc:0:0:1e:0 name test, only MSB 48 bits 1234:abcd:2123 is considered for identifying subscriber test. Cisco SCE 8000 10GBE Software Configuration Guide 3-19 OL-30621-02...
Cisco SCE log files , which are part of the Cisco SCE support file. This data can be used to monitor the CPU utilization trend of the control processor and the specific internal tasks over time or to view the CPU utilization required for a specific event.
CPU utilization by task in the last minute 5Min CPU utilization by task in the last five minutes Currently not relevant in the Cisco Service Control system. Process Name of the process. For more information, refer to The Processes section of this document.
Page 80
When CPU utilization is higher than about 90%, the CPU utilization per task is not reliable and can sum Note to more than 100%. This is because high CPU utilization can influence the task that samples CPU utilization. Cisco SCE 8000 10GBE Software Configuration Guide 3-22 OL-30621-02...
How to Shut Down the Cisco SCE Platform Shutting down the Cisco SCE platform is required before turning the power off. This helps to ensure that non-volatile memory devices in the Cisco SCE platform are properly flushed in an orderly manner.
IT IS NOW SAFE TO TURN THE POWER OFF. Since the Cisco SCE platform can recover from the power-down state only by being physically turned Note off (or cycling the power), this command can only be executed from the serial CLI console. This limitation helps prevent situations in which users issue this command from a Telnet session, and then realize that they have no physical access to the Cisco SCE platform.
C H A P T E R Utilities Revised: February 07, 2014, OL-30621-02 Introduction This chapter describes the following utilities: Working with Cisco SCE Platform Files, page 4-2 • The User Log, page 4-7 • Managing Syslog, page 4-10 •...
Regarding disk capacity: While performing disk operations, the user should take care that the addition Note of new files that are stored on the Cisco SCE disk do not cause the disk to exceed 70%. • Working with Directories, page 4-2 Working with Files, page 4-4 •...
How to Include Files in Sub-Directories in the Directory Files List, page 4-4 How to List the Files in the Current Directory From the SCE# prompt, type: Command Purpose Lists the files in the current directory. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
How to Rename a File From the SCE# prompt, type: Command Purpose rename current-file-name new-file-name Renames a file. How to Delete a File From the SCE# prompt, type: Command Purpose delete file-name Deletes a file. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 87
Uploading a File to a Passive FTP Site: Example The following example uploads the analysis.sli file located on the local flash file system to the host 10.1.1.1, specifying Passive FTP. SCE#copy-passive /appli/analysis.sli ftp://myname:mypw@10.1.1.1/p:/appli/analysis.sli sce# Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 88
How to Display File Contents From the SCE# prompt, type: Command Purpose more file-name Displays file contents. How to Unzip a File From the SCE# prompt, type: Command Purpose unzip file-name Unzips a file. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
You can view the log file by copying it to an external location or to disk. This command copies both log files to the local Cisco SCE platform disk or any external host running a FTP server. Copying the User Log to an External Location, page 4-7 •...
Page 90
Viewing the non-volatile counter for the user-file-log, page 4-9 • There are two types of log counters: User log counters—Count the number of system events logged from the Cisco SCE platform last • reboot. Non-volatile counters—These are not cleared during boot time •...
In order for technical support to be most effective, the user should provide them with the information contained in the system logs. Use the logger get support-file command to generate a support file via FTP for the use of Cisco technical support staff. From the SCE# prompt, type:...
To assign a port, you must use the transport udp option. If you are not assigning a port, this is not • required, since UDP is the only transport protocol supported for Syslog on the Cisco SCE platform. Each host requires a separate command.
However, you can configure the minimum severity level of the messages to logged to Syslog. Table 4-1 lists the syslog severity levels and the corresponding SCOS severity levels. Not all syslog severity levels are supported on the Cisco SCE platform. Table 4-1 Syslog and SCOS Severity Levels...
The following option is available: severity-level—The name of the desired severity level at which messages should be logged. • Messages at or lower than the specified level are logged. Severity levels supported on the Cisco SCE platform are as follows: fatal –...
You can configure a maximum number of messages logged per second. In addition, you can specify a severity level above which the rate is unlimited. For example, you can configure a rate limit for all messages below the fatal severity level. Cisco SCE 8000 10GBE Software Configuration Guide 4-13 OL-30621-02...
– If the datetime keyword is used without additional keywords, time stamps will be shown using UTC, without the year, without milliseconds, and without a time zone name. Cisco SCE 8000 10GBE Software Configuration Guide 4-14 OL-30621-02...
Step 1 From the SCE (config)# prompt, type logging message-counter and press Enter. Step 2 Monitoring Syslog You can display the following Syslog information: • Current Syslog server configuration. • Syslog counters Cisco SCE 8000 10GBE Software Configuration Guide 4-15 OL-30621-02...
From the SCE# prompt, type: Command Purpose show logging Displays the syslog configuration. How to Display the Syslog Counters From the SCE# prompt, type: Command Purpose show logging counters Displays the syslog counters. Cisco SCE 8000 10GBE Software Configuration Guide 4-16 OL-30621-02...
128 MB on the Cisco SCE 8000 platform (configurable by a const DB). In Cisco SCE 8000 that has two SCM modules, a separate cap file is created by each SCM module, each with a maximum file size of 64 MB.
L3/L4 headers and no more than the configured maximum bytes of L4 payload. Only one maximum L4 payload length value can be configured. This value applies to all – recorded packets. Cisco SCE 8000 10GBE Software Configuration Guide 4-18 OL-30621-02...
Page 101
The cap file contains marking for packets which had TCP or UDP checksum error when received in the Cisco SCE platform, since the validity of the TCP and UDP checksum cannot be checked for the captured packets due to missing bytes.
(Do not include the ".cap" file extension; it is appended automatically.) In a system with two Cisco SCE 8000-SCM modules, which creates two capture files, an indicator is appended to this prefix to indicate which Cisco SCE 8000-SCM module created the file. For example, if you assign the filename “myCapFile”, the system creates myCapFile1.cap and...
Management Interface and Security Management Interface and Security The Cisco SCE 8000 platform is equipped with two RJ-45 management ports (Port1 and Port2 on the Cisco SCE 8000-SCM-E module in slot 1). These ports provide access from a remote management console to the Cisco SCE platform via a LAN.
The following Management Interface commands are applied to both management ports, regardless of which port had been specified when entering Management Interface Configuration Mode. Therefore, both ports are configured with one command: • ip address • auto-failover Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
IP address for the currently active management port, regardless of which physical port is currently active. The following IP addresses are used internally by the Cisco SCE 8000 platform and cannot be assigned to the management interface: –...
Note After changing the IP address, you must reload the Cisco SCE platform so that the change will take effect properly in all internal and external components of the Cisco SCE platform. (See “Rebooting and...
Page 108
Configuring the Speed of the Management Interface: Example The following example shows how to use this command to configure the Management port to 100 Mbps speed. SCE#config SCE(config)#interface mng 0/1 SCE(config if)#speed 100 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Access the interface configuration mode for the management interface you want to configure as the Step 1 active management port. From the SCE(config)# prompt, type interface Mng (0/1 | 0/2) and press Enter. Step 2 Type active-port and press Enter Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Configuring the Fail-Over Mode, page 5-9 • The Cisco SCE platform contains two RJ-45 management ports. The two management ports provide the possibility for a redundant management interface, thus ensuring management access to the Cisco SCE platform even if there is a failure in one of the management links. If a failure is detected in the active management link, the standby port automatically becomes the new active management port.
Displays the specified GBE management duplex | |ip address | auto-fail-over] interface configuration for the specified interface. If no option is specified, all management interface information is displayed for the specified interface. Cisco SCE 8000 10GBE Software Configuration Guide 5-10 OL-30621-02...
Chapter 5 Configuring the Management Interface and Security Configuring Management Interface VLANs Configuring Management Interface VLANs The Cisco SCE management network interface is used for various management services such as: Accessing the Cisco SCE shell through Telnet or SSH. • SNMP •...
Page 114
L3 Switch with InterVLAN Routing VLAN 200 VLAN 110 VLAN 220 VLAN 120 Trunk Port VLAN 150 192.168.10.1 SCE 8000 The following diagram provides another view of the configured management VLAN: Cisco SCE 8000 10GBE Software Configuration Guide 5-12 OL-30621-02...
Displays the traffic statistics for the specified VLAN. show vty mng-vlan Displays the management interface VLAN configured for Telnet services. show ip ssh mng-vlan Displays the management interface VLAN configured for SSH services. Cisco SCE 8000 10GBE Software Configuration Guide 5-14 OL-30621-02...
The implementation of TACACS+ protocol allows customers to configure one or more authentication servers for the Cisco SCE platform, providing a secure means of managing the Cisco SCE platform, as the authentication server will authenticate each user. This then centralizes the authentication database, making it easier for the customers to manage the Cisco SCE platform.
Page 118
The user is re-prompted a user-configurable number of times, after which the failed login attempt is recorded in the Cisco SCE platform user log and the telnet session is terminated (unless the user is connected to the console port.)
None • If the server goes to AAA fault, the Cisco SCE platform will not be accessible until one of the AAA Caution methods is restored. In order to prevent this, it is advisable to use the "none" method as the last AAA method.
If the local database and TACACS+ are both configured, it is recommended to configure the same user names in both TACACS+ and the local database. This will allow the users to access the Cisco SCE platform in case of TACACS+ server failure.
Configuring the Global Default Timeout, page 5-21 • Adding a New TACACS+ Server Host Use this command to define a new TACACS+ server host that is available to the Cisco SCE platform TACACS+ client. The Service Control solution supports a maximum of three TACACS+ server hosts.
TACACS+ servers and clients will use when • communicating with each other. Make sure that the specified key is actually configured on the TACACS+ server hosts. Default = no encryption – Cisco SCE 8000 10GBE Software Configuration Guide 5-20 OL-30621-02...
Default = 5 seconds – To define the global default timeout, do the following: From the SCE(config)# prompt, type: Command Purpose tacacs-server timeout timeout-interval Defines global default timeout. Cisco SCE 8000 10GBE Software Configuration Guide 5-21 OL-30621-02...
The password is defined with the username. There are several password options: No password—Use the nopassword keyword. • Password—Password is saved in clear text format in the local list. • Use the password parameter. Cisco SCE 8000 10GBE Software Configuration Guide 5-22 OL-30621-02...
Page 125
How to Add a User with an MD5 Encrypted Password Entered in Clear Text From the SCE(config)# prompt, type: Command Purpose username name secret 0 password Adds a user with an MD5 encrypted password entered in clear text. Cisco SCE 8000 10GBE Software Configuration Guide 5-23 OL-30621-02...
MD5 encrypted string. Defining the User Privilege Level Privilege level authorization in the Cisco SCE platform is accomplished by the use of an " enable " command authentication request. When a user requests an authorization for a specified privilege level, by using the "...
Page 127
How to Add a User with a Privilege Level and an MD5 Encrypted Password Entered in Clear Text From the SCE(config)# prompt, type: Command Purpose username name privilege level secret 0 Adds a user with a privilege level and an MD5 password encrypted password entered in clear text. Cisco SCE 8000 10GBE Software Configuration Guide 5-25 OL-30621-02...
• telnet session is terminated. This is relevant only for Telnet sessions. From the local console, the number of re-tries is unlimited. Default = three – Cisco SCE 8000 10GBE Software Configuration Guide 5-26 OL-30621-02...
Deletes login authentication methods list. If the login authentication methods list is deleted, the default login authentication method only (enable password) will be used. TACACS+ authentication will not be used. Cisco SCE 8000 10GBE Software Configuration Guide 5-27 OL-30621-02...
How to Disable AAA Accounting, page 5-30 • If TACACS+ accounting is enabled, the Cisco SCE platform sends an accounting message to the TACACS+ server after every command execution. The accounting message is logged in the TACACS+ server for the use of the network administrator.
Note that, although most show commands are accessible to viewer level users, the ' all ' option is available only at the admin level. Use the command ' enable 10 ' to access the admin level. Cisco SCE 8000 10GBE Software Configuration Guide 5-30 OL-30621-02...
Note that, although most show commands are accessible to viewer level users, this command is available only at the admin level. Use the command ' enable 10 ' to access the admin level. Cisco SCE 8000 10GBE Software Configuration Guide 5-31 OL-30621-02...
Global (IP) level: If a global list is defined using the ip access-class command, when a request • comes in, the Cisco SCE platform first checks if there is permission for access from that IP address. If not, the Cisco SCE does not respond to the request. Configuring the Cisco SCE platform to deny a certain IP address would preclude the option of communicating with that address using any IP-based protocol including Telnet, FTP, ICMP, RPC, SSH, and SNMP.
Configuring the Management Interface and Security Configuring Access Control Lists (ACLs) The Cisco SCE Platform will respond to ping commands only from IP addresses that are allowed access. Note Pings from a non-authorized address will not receive a response from the Cisco SCE platform, as ping uses ICMP protocol.
Chapter 5 Configuring the Management Interface and Security Configuring Access Control Lists (ACLs) Defining a Global ACL A global ACL for permits or denies all traffic to the Cisco SCE platform. From the SCE(config)# prompt, type: Command Purpose ip access-class number...
• Assign an ACL to permit or deny incoming connections. • Timeout for Telnet sessions, that is, if there is no activity on the session, how long the Cisco SCE • platform waits before automatically cutting off the Telnet connection.
Removes the ACL assignment from the Telnet interface, so that any IP address may now access the Telnet interface. Configuring Telnet Timeout The Cisco SCE platform supports timeout of inactive Telnet sessions. Options The following options are available: • timeout—The length of time in minutes before an inactive Telnet session will be timed-out.
The SSH server implementation provides protection against eavesdroppers who can monitor the management communication channels of the Cisco SCE platform, but it does not provide protection against a user with knowledge of the ‘enable’ password.
SCE8000(config)# aaa authentication login default none From the SCE(config)# prompt, type: Command Purpose ip ssh Enables SSH server. Disabling the SSH Server From the SCE(config)# prompt, type: Command Purpose no ip ssh Disables SSH server. Cisco SCE 8000 10GBE Software Configuration Guide 5-38 OL-30621-02...
However, if the startup-configuration specifies that the SSH server is enabled, the Cisco SCE platform will not be able to start the SSH server on startup if the keys have been deleted. To avoid this situation, after executing this command, always do one of the following before the Cisco SCE platform is restarted (using reload ): Generate a new set of keys.
Use this command to monitor the status of the SSH sever, including current SSH sessions. From the SCE> prompt, type: Command Purpose show ip ssh Monitors the status of SSH server. Cisco SCE 8000 10GBE Software Configuration Guide 5-40 OL-30621-02...
The User-based Security Model (USM) is the default security model. USM and its attributes are described in RFC 2574. Cisco SCE platform implementation of SNMP supports all MIB II variables, as described in RFC 1213, and defines the SNMP traps using the guidelines described in RFC 1215.
(in-band management is not supported). In addition, the Cisco SCE platform supports the option to configure community of managers for read-write accessibility or for read-only accessibility. Furthermore, an ACL may be associated with the SNMP agent by assigning it to one of the community strings to allow SNMP management to a restricted set of manager IP addresses.
CLI Commands for Monitoring SNMP, page 5-44 • The Cisco SCE platform supports the CLI commands that control the operation of the SNMP agent. All the SNMP commands are available in Admin authorization level. The SNMP agent is disabled by default and any SNMP configuration command enables the SNMP agent (except where there is an explicit disable command).
Control MIBs” section on page A-1 Configuration via SNMP Cisco SCE platform supports a limited set of variables that may be configured via SNMP (read-write variables). Setting a variable via SNMP (as via the CLI) takes effect immediately and affects only the running-configuration.
SNMP Get , Get-next , and Get-bulk requests are valid if the community string in the request matches the read-only community. SNMP Get , Get-next , Get-bulk and Set requests are valid if the community string in the request • matches the agent’s read-write community. Cisco SCE 8000 10GBE Software Configuration Guide 5-45 OL-30621-02...
Since read-only is the default, it does not need to be defined explicitly. SCE(config)#snmp-server community mycommunity 1 Removing a Community String From the SCE(config)# prompt, type: Command Purpose no snmp-server community community-string Removes a community string. Cisco SCE 8000 10GBE Software Configuration Guide 5-46 OL-30621-02...
Table A-20 on page A-21). After a host or hosts are configured to receive notifications, by default, the Cisco SCE platform sends to the host or hosts all the notifications supported by the Cisco SCE platform except for the AuthenticationFailure notification. The Cisco SCE platform provides the option to enable or disable the sending of this notification, as well as some of the Cisco SCE enterprise notifications, explicitly.
This is the view used for SNMPSET. Configuring SNMP Server View Use this command to configure the SNMP v3 server view on the Cisco SCE platform. At the SCE(config)# prompt, type: Cisco SCE 8000 10GBE Software Configuration Guide...
Note Configuring SNMP Server User Use this command to configure the SNMP v3 server user on the Cisco SCE platform. To configure large number of SNMPv3 users, disable SNMP agent before configuring the users. Enable the SNMP agent after configuring all users.
Configuring and Managing the SNMP Interface Defining SNMP Hosts Use this command to define the hosts that will receive notifications from the Cisco SCE platform. How to Configure the Cisco SCE Platform to Send Notifications to a Host (NMS), page 5-50 •...
Configures Cisco SCE platform to stop sending notifications to a host. Configuring the Cisco SCE Platform to Stop Sending Notifications to a Host: Example The following example shows how to remove the host with the IP Address: “192.168.0.83”. SCE(config)#no snmp-server host 192.168.0.83 Configuring SNMP Traps Use this command to configure the notifications that will be sent to the defined host.
Page 154
How to Restore All Notifications to the Default Status At the SCE(config)# prompt, type: Command Purpose default snmp-server enable traps Resets all notifications supported by the Cisco SCE platform to their default status. Cisco SCE 8000 10GBE Software Configuration Guide 5-52 OL-30621-02...
The time taken for the SNMP walk on any of the linkServiceUsage queries is reduced considerably. The SNMP walk acceleration enables Cisco SCE 8000 device to perform SNMP queries for LinkUsage MIB queries in background and cache the results. This may result in more CPU utilization.
Configures the default gateway. Configuring the Default Gateway: Example The following example shows how to set the default gateway IP of the Cisco SCE platform to 10.1.1.1. SCE(config)#ip default-gateway 10.1.1.1 Cisco SCE 8000 10GBE Software Configuration Guide...
IP advertising is the act of periodically sending ping requests to a configured address at configured intervals. This maintains the Cisco SCE platform IP/MAC addresses in the memory of adaptive network elements, such as switches, even during a long period of inactivity.
How to Display the Current IP Advertising Configuration From the SCE# prompt, type: Command Purpose show ip advertising Displays the status of IP advertising (enabled or disabled), the configured destination, and the configured interval. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Configuring Daylight Saving Time, page 6-9 • The Cisco SCE platform has three types of time settings, which can be configured: the clock, the calendar, and the time zone. It is important to synchronize the clock and calendar to the local time, and to set the time zone properly.
SCE#clock set 10:20:00 13 may 2007 SCE#clock update-calendar SCE#show clock 10:21:10 2007 Setting the Calendar The calendar is a system clock that continues functioning even when the system shuts down. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
= 0 From the SCE(config)# prompt, type: Command Purpose clock timezone zone hours minutes Sets the timezone to the specified timezone name with the configured offset in hours and minutes. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Configuring Daylight Saving Time The Cisco SCE platform can be configured to automatically switch to daylight saving time on a specified date, and also to switch back to standard time. In addition, the time zone code can be configured to vary with daylight saving time if required.
For the clock summer-time recurring command, the default values are the United States transition • rules: Daylight saving time begins: 2:00 (AM) on the second Sunday of March. – Daylight saving time ends: 2:00 (AM) on the first Sunday of November. – Cisco SCE 8000 10GBE Software Configuration Guide 6-10 OL-30621-02...
SCE(config)# clock summer-time DST April 16 2004 00:00 October 23 2004 23:59 How to Cancel the Daylight Saving Time Configuration From the SCE(config)# prompt, type: Command Purpose no clock summer-time Removes all daylight saving configuration. Cisco SCE 8000 10GBE Software Configuration Guide 6-11 OL-30621-02...
Configuring Time Clocks and Time Zone How to Display the Current Daylight Saving Time Configuration From the SCE# prompt, type: Command Purpose show timezone Displays the current time zone and daylight saving time configuration. Cisco SCE 8000 10GBE Software Configuration Guide 6-12 OL-30621-02...
How to Enable the SNTP Multicast Client From the SCE(config)# prompt, type: Command Purpose sntp broadcast client Enables the SNTP multicast client. It will accept time updates from any broadcast server. Cisco SCE 8000 10GBE Software Configuration Guide 6-13 OL-30621-02...
How to Disable the SNTP Unicast Client and Remove All Servers From the SCE(config)# prompt, type: Command Purpose no sntp server all Removes all SNTP unicast servers, preventing unicast SNTP query. Cisco SCE 8000 10GBE Software Configuration Guide 6-14 OL-30621-02...
SCE(config)# sntp update-interval 100 How to Display SNTP Information From the SCE> prompt, type: Command Purpose show sntp Displays the configuration of both the SNTP unicast client and the SNTP multicast client. Cisco SCE 8000 10GBE Software Configuration Guide 6-15 OL-30621-02...
Page 174
SCE# show sntp SNTP broadcast client: disabled last update time: not available SNTP unicast client: enabled SNTP unicast server: 128.182.58.100 last update time: Feb 10 2002, 14:06:41 update interval: 100 seconds Cisco SCE 8000 10GBE Software Configuration Guide 6-16 OL-30621-02...
How to Enable DNS Lookup From the SCE(config)# prompt, type: Command Purpose ip domain-lookup Enables DNS lookup. How to Disable DNS Lookup From the SCE(config)# prompt, type: Command Purpose no ip domain-lookup Disables DNS lookup. Cisco SCE 8000 10GBE Software Configuration Guide 6-17 OL-30621-02...
Removes the specified server from the DNS list. [server-address2 [server-address3]] Removing a Domain Name Server: Example The following example shows how to remove name server (DNS) IP addresses. SCE(config)#no ip name-server 10.1.1.60 10.1.1.61 Cisco SCE 8000 10GBE Software Configuration Guide 6-18 OL-30621-02...
The following example shows how to display current DNS information. SCE#show hosts Default domain is Cisco.com Name/address lookup uses domain service Name servers are 10.1.1.60, 10.1.1.61 Host Address ---- ------- PC85 10.1.1.61 sce# Cisco SCE 8000 10GBE Software Configuration Guide 6-19 OL-30621-02...
Cisco Discovery Protocol CDP is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices. It is media- and protocol-independent, and runs on all equipment manufactured by Cisco, including routers, bridges, access servers, and switches.
• generated. In this mode CDP functions as it does on a typical Cisco device. This mode should be used in most cases, even though it is not the default mode. Bypass mode (default): CDP packets are received and transmitted unchanged. Received packets are •...
Setting the Timer, page 6-24 • Enabling CDP Globally By default, CDP is enabled on the Cisco SCE 8000. If you prefer not to use the CDP device discovery capability, use the following command to disable it. From the SCE(config)# prompt, type:...
CDP modes.) Caution In cascade topologies, both Cisco SCE 8000 platforms must be configured to the same CDP mode. By default, the CDP mode is set to bypass. To reset the CDP mode to the default mode (bypass) use the default cdp mode command.
Sets hold time. Setting the Timer Use this command to configure how often the Cisco SCE 8000 platform sends CDP updates. Use either the no or the default form of the command to restore the timer to the default value.
Configuring Cisco Discovery Protocol Monitoring and Maintaining CDP To monitor and maintain CDP on the Cisco SCE 8000, use one or more of the following commands. The clear commands are in privileged EXEC mode. The show commands are in viewer mode.
Page 184
Number of times fragments of CDP advertisement were received • CDP version 1 advertisements output • • CDP version 1 advertisements input • CDP version 2 advertisements output • CDP version 2 advertisements input Cisco SCE 8000 10GBE Software Configuration Guide 6-26 OL-30621-02...
Example: Setting the CDP Mode The following example illustrates how to configure CDP mode to ‘standard’. In cascade topologies, both Cisco SCE 8000 platforms must be configured to the same CDP mode. Caution The show command verifies that the CDP configuration has been correctly updated.
Page 186
T—Transparent bridge B—Source-routing bridge S—Switch H—Host I— device is using IGMP r—Repeater The capability of the Cisco SCE 8000 is ‘r’ (Repeater), Note since it is installed as a bump-in-the-wire device. Platform The product number of the device. Port ID The protocol and port number of the device.
Cisco SCE platform. It can also provide device details, as well as information about the service and application. By default the banner is disabled. You do not have to shutdown the Cisco SCE platform in order to enable or disable the banner.
BB console as part of the status of a subscriber. Restrictions and Limitations Due to the nature of the Cisco SCE platform, there are certain limitations to the scope of the OS fingerprinting and NAT detection feature: OS information is available only for logged-in and active subscribers.
Page 190
For more information on this command, see the Cisco SCE 8000 CLI Command Reference, Release 3.7.x. Step 10 os-fingerprinting gx-report (Optional) Enables sending subscriber OS information in Gx messages. Example: SCE(config if)# os-fingerprinting gx-report Cisco SCE 8000 10GBE Software Configuration Guide 6-32 OL-30621-02...
Displays the OS fingerprinting information for the specified subscriber. This name command displays the same information as the show interface linecard slot-number subscriber name name command with the os-info option. Cisco SCE 8000 10GBE Software Configuration Guide 6-33 OL-30621-02...
Page 192
Chapter 6 Global Configuration OS Fingerprinting and NAT Detection Cisco SCE 8000 10GBE Software Configuration Guide 6-34 OL-30621-02...
Information About Line Interfaces The Cisco SCE 8000 10GBE line interfaces are found on the 1-port Ten Gigabit Ethernet SPAs installed in subslots 0 through 3 of slot 3. Each 1-port Ten Gigabit Ethernet SPA provides one 10GBE port, which interfaces with either subscriber or network traffic.
Changing the Traffic Direction on the Ten Gigabit Ethernet Line Interfaces The hardware design of the Cisco SCE 8000 10G platform is such that the traffic coming in and out of SPAs 0 and 2 is limited to a total of 16Gbps in each direction, as is the traffic coming in and out of SPAs 1 and 3.
The Cisco SCE platform is designed to recognize and process various tunneling protocols in several ways. The Cisco SCE platform is able to either ignore the tunneling protocols (skip the header) or treat the tunneling information as subscriber information (classify). A special case of classification by tunneling information is VPN with private IP support.
Page 197
L2TP is an IP-based tunneling protocol, therefore the system must be specifically configured to recognize the L2TP flows, given the UDP port used for L2TP. The Cisco SCE platform can then skip the external IP, UDP, and L2TP headers, reaching the internal IP, which is the actual subscriber traffic. If L2TP is not configured, the system treats the external IP header as the subscriber traffic, thus all the flows in the tunnel are seen as a single flow.
Cisco SCE supports IPv6 over IPv4 L2TP tunnels. In L2TP IPv6 over IPv4 tunnels, the internal L3 header is IPv6 and the external L3 header is IPv4. The Cisco SCE uses internal IPv6 addresses for tasks such as subscriber awareness, classification, load-balancing, congestion mangement.
Step 1 From the SCE(config if)#> prompt, enter shutdown and press Enter. Disable 6to4 tunneling. Step 2 From the SCE(config if)#>prompt, enter no ip-tunnel 6to4 and press Enter. Restart the linecard. Step 3 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Enable L2TP tunneling. From the SCE(config if)#> prompt, enter ip-tunnel l2tp skip and press Enter. Restart the linecard. Step 3 From the SCE(config if)#> prompt, enter no shutdown and press Enter. Cisco SCE 8000 10GBE Software Configuration Guide 7-10 OL-30621-02...
GRE tunneling is an IP-based tunneling protocol; therefore the system must be specifically configured to recognize the flows inside the tunnel. The Cisco SCE platform will then skip the external IP header, reaching the internal IP, which is the actual subscriber traffic. When GRE skip is disabled, the system treats the external IP header as the subscriber traffic, resulting in all GRE traffic being reported as generic IP.
Page 204
Step 2 From the SCE(config if)#> prompt, enter no ip-tunnel gre skip and press Enter. Step 3 Restart the linecard. From the SCE(config if)#> prompt, enter no shutdown and press Enter. Cisco SCE 8000 10GBE Software Configuration Guide 7-12 OL-30621-02...
IPinIP is an IP-based tunneling protocol; therefore the system must be specifically configured to recognize the flows inside the tunnel. The Cisco SCE platform will then skip the external IP header, reaching the internal IP, which is the actual subscriber traffic. When IPinIP skip is disabled, the system treats the external IP header as the subscriber traffic, resulting in all IPinIP traffic being reported as generic IP.
Source Address Destination Address L4 – L7 DSCP marking should be enabled and configured through SCA BB console. See the Cisco Service Note Control Application for Broadband User Guide for further information. Cisco SCE 8000 10GBE Software Configuration Guide 7-14 OL-30621-02...
Configuring DSCP Marking on the Internal IP Header Use this command to configure the Cisco SCE platform to mark the DSCP bits of the internal IP header. This command takes effect only when the relevant tunneling mode (GRE skip or IPinIP skip) is enabled.
SCE8000#> copy running-config startup-config Reboot the Cisco SCE 8000 device. Step 5 After Cisco SCE 8000 restarts, you can use the following configuration and show commands to configure the 6to4 and 6rd tunnels: configure interface linecard 0 IP-tunnel 6to4 •...
An a-symmetric environment is an environment in which the VLAN tags might not be the same in the upstream and downstream directions of the same flow. The Cisco SCE platform is configured by default to work in symmetric environments. A specific command should be used to allow correct operation of the Cisco SCE platform in asymmetric environments and instruct it to take into consideration that the upstream and downstream of each flow has potentially different VLAN tags.
L2TP traffic. This can be done based on the IP ranges in use by the internal IPs in the tunnel (as allocated by the LNS), or simply for all the traffic passing through the Cisco SCE platform.
(upstream/downstream). Asymmetric tunneling support (asymmetric L2 support) refers to the ability to support topologies where the Cisco SCE platform sees both directions of all flows, but some of the flows may have different layer 2 characteristics (like MAC addresses, VLAN tags, MPLS labels and L2TP headers), which the Cisco SCE platform must specifically take into account when injecting packets into the traffic (such as in block and redirect operations).
—The name of a specific currently logged-in VPN for which to display details. all-names —Use this keyword to display all the VPN names that are currently logged into the • system. Cisco SCE 8000 10GBE Software Configuration Guide 7-20 OL-30621-02...
Displays the logged-in VPNs. | all-names} How to Display the Asymmetric L2 Support Mode From the SCE# prompt, type: Command Purpose show interface linecard 0 Displays asymmetric L2 support mode. asymmetric-L2-support Cisco SCE 8000 10GBE Software Configuration Guide 7-21 OL-30621-02...
IP@VpnName, where IP can be either a single IP address or a range of addresses. Managed VPN entities can be configured only via the SM. The Cisco SCE platform CLI can be used to view VPN-related information, but not to configure the VPNs.
Chapter 7 Configuring Line Interfaces Managed VPNs Monitoring VPN Support The Cisco SCE platform CLI allows you to do the following: Display VPN-related mappings • Monitor subscriber counters • Displaying VPN-related Mappings Use the following Viewer commands to display subscriber mappings. These commands display the following information: •...
Page 216
IP range for which to display mapped subscribers • vpn-name—The name of the VPN for which to display mappings. • Use the ‘amount ‘keyword to display the number of subscribers rather than a listing of subscriber names. Cisco SCE 8000 10GBE Software Configuration Guide 7-24 OL-30621-02...
Page 217
Displaying the Number of Subscribers Mapped to range on a Specified VPN: Example SCE> show interface linecard 0 subscriber amount mapping included-in IP 0.0.0.0/0 VPN vpn1 There are 2 subscribers with 4 IP mappings included in IP range '0.0.0.0/0'. Cisco SCE 8000 10GBE Software Configuration Guide 7-25 OL-30621-02...
Ignoring certain types of flows. When a traffic rules specifies an “ignore” action, packets matching the rule criteria will not open a new flow, but will pass through the Cisco SCE platform without being processed. This is useful when a particular type of traffic should be ignored by the Cisco SCE platform.
Configuring Traffic Rules and Counters Traffic Rules A traffic rule specifies that a defined action should be taken on packets processed by the Cisco SCE Platform that meet certain criteria. The maximum number of rules for the Cisco SCE 8000 is 64, which includes not only traffic rules configured via the Cisco SCE platform CLI, but also any additional rules configured by external management systems, such as SCA BB.
From the SCE(config if)# prompt, type: Command Purpose no traffic-counter all Removes all traffic counters. Note that a traffic counter cannot be deleted if it is used by any existing traffic rule. Cisco SCE 8000 10GBE Software Configuration Guide 7-28 OL-30621-02...
Note that the VLAN tag itself is a 12-bit value, and therefore aliasing of the lower 8 bits can occur, depending on the VLAN tags used. direction: Any of the following: upstream/downstream/both Cisco SCE 8000 10GBE Software Configuration Guide 7-29 OL-30621-02...
Page 222
• • Traffic counter = counter1 • The only action performed will be counting SCE(config if)# traffic-rule name rule1 IP-addresses subscriber-side all network-side 10.10.10.10 protocol all direction both traffic-counter name counter1 Cisco SCE 8000 10GBE Software Configuration Guide 7-30 OL-30621-02...
Page 223
Name = FlowCaptureRule IP addresses: subscriber side = all IP addresses, network side = all IP addresses Direction = both Protocol = 250 Traffic counter name = counter2 Cisco SCE 8000 10GBE Software Configuration Guide 7-31 OL-30621-02...
(not required if the action is count only) One of the following: block—Block the specified traffic. • classical-open-flow-mode—Use the classical open flow mode for the specified flow. • • ignore—Bypass the specified traffic; traffic receives no service. Cisco SCE 8000 10GBE Software Configuration Guide 7-32 OL-30621-02...
Removes the specified traffic rule. How to Delete All Traffic Rules From the SCE(config if)# prompt, enter: Command Purpose no traffic-rule all Removes all existing traffic rules. Cisco SCE 8000 10GBE Software Configuration Guide 7-33 OL-30621-02...
How to View a Specified Traffic Counter From the SCE# prompt, type: Command Purpose show interface linecard 0 traffic-counter name Displays the value of the specified counter and counter-name lists the traffic rules that use it. Cisco SCE 8000 10GBE Software Configuration Guide 7-34 OL-30621-02...
0 traffic-counter name Resets the specified traffic counter. counter-name How to Reset All Traffic Counters From the SCE# prompt, enter: Command Purpose clear interface linecard 0 traffic-counter all Resets all traffic counters. Cisco SCE 8000 10GBE Software Configuration Guide 7-35 OL-30621-02...
DSCP Marking DSCP Marking DSCP marking is used in IP networks as a means to signal the priority of a packet. The Cisco Service Control solution supports the DSCP classification on a per-service, per-package level via the SCA BB application. The Cisco SCE platform DSCP marking feature enables marking the DSCP field in the IP header of each packet according to the policy configured via the SCA BB console.
• About Counting Dropped Packets By default, the Cisco SCE platform hardware drops WRED packets (packets that are marked to be dropped due to BW control criteria). However, this presents a problem for the user who needs to know the number of dropped packets per service. To be able to count dropped packets per service, the traffic processor must see all dropped packets for all flows.
Configuring the Failure Recovery Mode, page 8-21 • Configuring the Cisco SCE Platform/SM Connection, page 8-22 For more information regarding the physical installation of the Cisco SCE 8000 platform and cabling the Note connections, see the Cisco SCE8000 10GBE Installation and Configuration Guide...
Caution This command can only be used if the line card is in either no-application or shutdown mode. If an application is installed on the Cisco SCE platform, the command will fail with an error message and help instructions. Options The following topology-related parameters are included in the connection mode command.
Configuring the Connection Mode Examples Example 1 This example defines defines a primary Cisco SCE 8000 in a cascaded inline topology. Link 0 is connected to this device, and the link mode on failure is bypass (default). SCE(config if)# connection-mode inline-cascade sce-id 0 priority primary Example 2 This example defines a single-Cisco SCE platform, dual link, receive-only topology.
0 is connected to peer slot failure mode is bypass Redundancy status is active SCE> Viewing the Cisco SCE-ID: Example SCE> enable 5 Password:<cisco> SCE> show interface linecard 0 sce-id slot 0 sce-id is 1 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 235
Peer SCE's IP address is 10.10.10.10 Monitoring the Connection Status: Examples The following example shows the output of this command in the case of two cascaded Cisco SCE 8000 10GBE platforms where the cascade interfaces have not been connected correctly.
Cutoff—Completely cuts off flow of traffic through the Cisco SCE platform. Recommendations and restrictions Note the following recommendations and restrictions: For the Cisco SCE 8000 platform, the link mode setting is global, and cannot be set for each link • separately. Therefore the all-links keyword must be used.
Figure 8-1. The Cisco SCE 8000 can detect the presence of each external optical bypass device, and warns the user by various means (CLI show command, system operational-state, SNMP traps) if an expected external bypass device is not detected as present.
External bypass current state is 'not activated'. External bypass failure state is 'activated'. Amount of expected external bypass devices: 2 (automatically configured). Warning: External bypass device expected but not detected on link #1 Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
How to Copy the Startup Configuration Party Database and Create a Backup File, page 8-12 • The Cisco SCE 8000 platform supports the Hardware Bypass feature for IPv4 traffic. The main objective of this feature is to bypass the traffic of the configured static parties created in the hardware bypass mode at the hardware (SIP module) level, based on their IP address or IP range.
From the SCE(config)#> prompt, type: Command Purpose no hw-bypass mode Disables the hardware bypass mode of the Cisco SCE 8000 platform. It also allows you to reset the hardware bypass state for the specified static parties when these parties are configured in this mode.
July 2011 #cli-type 1 #version 1 hw-bypass mode party name "N/A" party name "[party-name]" party mapping ip-address 24.11.52.128 name [party-name] party mapping ip-address 110.10.10.10 name [party-name] party name [party-name] hw-bypass SCE#> Cisco SCE 8000 10GBE Software Configuration Guide 8-11 OL-30621-02...
Command Purpose copy startup-config-party-db backup-file name Enables the task of copying the startup configuration party database and create a backup file of the configured static parties in the Cisco SCE 8000 platform. Cisco SCE 8000 10GBE Software Configuration Guide 8-12...
How to Display All Mappings to Dual Stack Static Subscriber From the SCE(config )#> prompt, type: Command Purpose show part name party-name mappings all Displays all mappings to dual stack static subscriber. Cisco SCE 8000 10GBE Software Configuration Guide 8-13 OL-30621-02...
How to Display Dual Stack Static Subscriber From the SCE(config )#> prompt, type: Command Purpose show part name party-name Displays dual stack static subscribers. show interface LineCard 0 subscriber name Displays dual stack static subscribers. party-name Cisco SCE 8000 10GBE Software Configuration Guide 8-14 OL-30621-02...
Cisco SCE platform that the device is in a failure state, and therefore cannot be used. In link reflection on all ports mode, all ports of the Cisco SCE platform are forced down and the link state of the first port is reflected on all the ports.
This mode reflects a failure of one port to the other three ports of the Cisco SCE platform differently, depending on different failure conditions, as follows: One interface of the Cisco SCE 8000 is down: Link failure is reflected to the all other Cisco SCE •...
How to Disable Linecard-Aware Mode From the SCE(config if)# prompt, type: Command Purpose no link failure-reflection linecard-aware-mode Disables linecard aware mode. Note that this command does not disable link failure reflection on all ports. Cisco SCE 8000 10GBE Software Configuration Guide 8-17 OL-30621-02...
Cisco SCE platform. However, this is sometimes not feasible, due to the fact that the Cisco SCE platforms sharing the split flow are geographically remote (especially common upon peering insertion). In this type of scenario, the...
TCP unidirectional flows ratio: the ratio of TCP unidirectional flows to total TCP flows per traffic • processor, calculated over the period of time since the Cisco SCE platform was last reloaded (or since the counters were last reset). From the SCE> prompt, type:...
Forcing failure will cause a failover - do you want to continue? n Type 'Y' and press Enter to confirm the forced failure. no force failure-condition Exits from the virtual failure condition. Cisco SCE 8000 10GBE Software Configuration Guide 8-20 OL-30621-02...
This example sets the system to boot as non-operational after a failure. SCE(config)#failure-recovery operation-mode non-operational Example 2 This example sets the system to the default failure recovery mode. SCE(config)# default failure-recovery operation-mode Cisco SCE 8000 10GBE Software Configuration Guide 8-21 OL-30621-02...
If SM functionality is critical to the operation of the system—configure the desired behavior of the • Cisco SCE platform if any loss of connection with the SM (may be due either to failure of the SM or failure of the connection itself).
Raw Data Formatting: The RDR Formatter and NetFlow Exporting Revised: February 07, 2014, OL-30621-02 Introduction Cisco Service Control is able to deliver gathered reporting data to an external application for collecting, aggregation, storage and processing over two protocols: RDRv1: the Service Control proprietary export protocol •...
• NetFlow Terminology Exporter • A device (in this case, the RDR formatter component in the Cisco SCE platform) with NetFlow services enabled, responsible for exporting information using NetFlowV9 protocol. NetFlow Collector • A device that receives records from one or more exporters. It processes the received export packet(s) by parsing and storing the record information.
Each RDR type supported for NetFlowV9 exporting has a pre-defined mapping that allows the RDR formatter to convert it to a NetFlow V9 report and sent it over a NetFlow destination. The Cisco SCE platform maintains template records for several RDR types, with the structure of each NetFlow data record that corresponds to that RDR type.
• Protocol, page 9-6 • Transport Type, page 9-6 • The Cisco SCE platform can be configured with a maximum of eight destinations, three destinations per category. Each destination is defined by the following parameters: IP address • port number •...
In this case, the data types are divided into up to four groups, and each group, or category, is assigned to a particular destination or destinations. The categories are defined by the application running on the Cisco SCE platform. The system supports up to four categories: •...
The following two transport types are available: • • Currently, the transport type is linked to the configured protocol as follows: RDRv1 protocol requires TCP transport type • NetFlow V9 protocol requires UDP transport type • Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Commands relevant only to the NetFlowV9 protocol and the NetFlow exporting support • Options In order for the data records, either RDRs or NetFlow export packets, from the Cisco SCE platform to arrive at the correct location, the following parameters must be configured: ip-address—The IP address of the destination •...
Command Purpose rdr-formatter category number Defines the name for the specified category category-number name category-name number. This category name can then be used in any rdr-formatter command instead of the category number. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
The category may defined by either number or name. • A different priority may be assigned to each category. • • Note that within each category the priorities must be unique for each destination. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 264
SCE(config)# rdr-formatter category number 2 name prepaid SCE(config)# rdr-formatter destination 10.1.1.205 port 33000 category number 1 priority 90 protocol RdrV1 transport tcp SCE(config)# rdr-formatter destination 10.1.1.206 port 33000 category name prepaid protocol RdrV1 transport tcp Cisco SCE 8000 10GBE Software Configuration Guide 9-10 OL-30621-02...
Page 265
(billing) being sent to both destinations, in multi-cast mode (Figure 9-5). Figure 9-5 Configuring Destinations: Two Categories and Two Modes SCE platform Destination 1 RDR Formatter Destination 2 "Billing" "Prepaid" Cisco SCE 8000 10GBE Software Configuration Guide 9-11 OL-30621-02...
Page 266
SCE(config)# rdr-formatter destination 10.10.10.96 port 33000 category name prepaid priority 90 category name special-prepaid priority 80 protocol RdrV1 transport tcp SCE(config)# rdr-formatter destination 10.1.1.206 port 33000 category name special-prepaid priority 90 protocol NetFlowV9 transport udp Cisco SCE 8000 10GBE Software Configuration Guide 9-12 OL-30621-02...
From the SCE(config)# prompt, type: Command Purpose rdr-formatter forwarding-mode mode Configures the specified forwarding mode. Configuring the Forwarding Mode: Example The following example shows how to set the forwarding-mode to multicast. SCE(config)# rdr-formatter forwarding-mode multicast Cisco SCE 8000 10GBE Software Configuration Guide 9-13 OL-30621-02...
Maximum buffer size is 64 KB. • From the SCE(config)# prompt, type: Command Purpose rdr-formatter history-size size Sets the size of the RDR formatter history buffer. Cisco SCE 8000 10GBE Software Configuration Guide 9-14 OL-30621-02...
How to Configure the Template Refresh Interval Options The following options are available: • ip-address—The destination IP address. • port-number—The destination port number • timeout-value—The frequency of exporting the template records in seconds (1 – 86400.) Cisco SCE 8000 10GBE Software Configuration Guide 9-15 OL-30621-02...
Page 270
Raw Data Formatting: The RDR Formatter and NetFlow Exporting Configuring NetFlow Exporting Support From the SCE(config)# prompt, type: Command Purpose rdr-formatter destination ip-address port Sets the template refresh interval. port-number protocol NetFlowV9 template data timeout timeout-value Cisco SCE 8000 10GBE Software Configuration Guide 9-16 OL-30621-02...
How to Restore the Default Mapping for a Specified RDR Tag From the SCE(config)# prompt, type: Command Purpose default rdr-formatter rdr-mapping tag-id Restores the default mapping for a specified RDR tag-number tag. Cisco SCE 8000 10GBE Software Configuration Guide 9-17 OL-30621-02...
How to the Display the Current RDR Formatter Configuration The system can display the complete data destination configuration, or just specific parameters. From the SCE> prompt, type: Command Purpose show rdr-formatter Displays the current RDR formatter configuration. Cisco SCE 8000 10GBE Software Configuration Guide 9-18 OL-30621-02...
Use the no form of this command if you want the linecard to send records. From the SCE(config if)# prompt, type: Command Purpose silent Disables the linecard from issuing data records. no silent Enables the linecard to produce data records. Cisco SCE 8000 10GBE Software Configuration Guide 9-21 OL-30621-02...
In large deployments, if each traffic processor sends its own records separately to the CM, the number of RDRs reaching the CM becomes enormous. Therefore, the Cisco SCE platform aggregates certain RDRs, thus reducing the load on the CM without affecting the usability of the information provided. In essence, the control processor receives records from all traffic processors, but it only sends one record for each reporting period, containing the aggregated data of all CPUs together.
Revised: February 07, 2014, OL-30621-02 Introduction The Cisco SCE platform is subscriber aware, that is, it can relate traffic and usage to specific customers. This ability to map between IP flows and a specific subscriber allows the system to do the following: Maintain the state of each subscriber transmitting traffic through the platform •...
What is a Subscriber? In the Service Control solution, a subscriber is defined as a managed entity on the subscriber side of the Cisco SCE Platform to which accounting and policy are applied individually. Table 10-1 lists several examples of subscribers in Service Control solutions.
The most basic mode is Subscriber-less mode. In this mode, there is no notion of subscriber in the system, and the entire link where the Cisco SCE platform is deployed is treated as a single subscriber. Global Application level analysis (such as total p2p, browsing) can be conducted, as well as global control (such as limiting total p2p to a specified percentage).
There are two possible Subscriber Aware modes. In these modes, subscriber IDs and currently used network IDs are provisioned into the Cisco SCE platform. The Cisco SCE platform can then bind usage to a particular subscriber, and enforce per-subscriber policies on the traffic. Named reports are supported (such as top subscribers with the OSS IDs), quota-tracking (such as tracking a subscriber-quota over time even when network IDs change) as well as dynamic binding of packages to subscribers.
The maximum rate for creation of anonymous subscribers is 360 per second. Aging Subscribers Subscribers can be aged automatically by the Cisco SCE platform. ‘Aging’ is the automatic removal of a subscriber, performed when no traffic sessions assigned to it have been detected for a certain amount of time.
A VPN-based subscriber contains a set of mappings of the form: IP@VpnName, where IP can be either a single IP address or a range of addresses. A VPN-based subscriber is VLAN-based. Most VPN-based subscriber functionality is managed via the SM, with the role of the Cisco SCE platform CLI being more limited.
• is-static flag • Only the active Cisco SCE platform communicates with the SM. The SM is aware of the active/standby state of each Cisco SCE platform, and is also aware of a failover. Specifically, this means the following: In push mode, the SM pushes events to the active Cisco SCE platform, which updates the standby •...
Each line in a csv file should contain either a comment (beginning with the character ‘#’), or a list of comma-separated fields. Subscriber csv files are application-specific, but a default format is defined by the Cisco SCE, which is used when the application does not choose to over-ride it. The application might over-ride the format when additional data is desired for each subscriber or subscriber template.
[all] Exports all the static and dynamic subscribers information to the specified file. subscriber export csv-file filename Exports only the static subscribers information to the specified file. Cisco SCE 8000 10GBE Software Configuration Guide 10-11 OL-30621-02...
Imports the subscriber template from the specified file. How to Export a Subscriber Template From the SCE(config if)# prompt, type: Command Purpose subscriber template export csv-file filename Exports the subscriber template to the specified file. Cisco SCE 8000 10GBE Software Configuration Guide 10-12 OL-30621-02...
How to Remove a Specific Subscriber Options The following option is available: subscriber-name—The name of the subscriber to be removed From the SCE(config if)# prompt, type: Command Purpose no subscriber name subscriber-name Removes the specified subscriber. Cisco SCE 8000 10GBE Software Configuration Guide 10-13 OL-30621-02...
How to Remove All the Anonymous Subscribers From the SCE# prompt, type: Command Purpose clear interface linecard 0 subscriber Removes all anonymous subscribers. anonymous all Note The clear subscriber anonymous command is a Privileged Exec command. Cisco SCE 8000 10GBE Software Configuration Guide 10-14 OL-30621-02...
Because the clear interface linecard subscriber anonymous all command clears all the anonymous Caution subscribers in the Cisco SCE, do not use the command in a production environment. Using this command in a production environment impacts anonymous subscribers’ accountability. Use the command only when the linecard interface is shut down.
Page 292
Chapter 10 Managing Subscribers Removing Subscribers and Templates Command Purpose no subscriber sm all Clears all subscribers from the SM. Cisco SCE 8000 10GBE Software Configuration Guide 10-16 OL-30621-02...
Clears all subscribers from the specified SCMP peer device. peer-device-name specifies the name of the • SCMP peer device from which to clear the subscribers. Cisco SCE 8000 10GBE Software Configuration Guide 10-17 OL-30621-02...
Create the group by importing anonymous groups from a csv file. Groups can also be exported to a csv file. Maximum creation rate of anonymous subscribers is 360 per second on the Cisco SCE 8000 and 180 • per second on the Cisco SCE2020.
Imported anonymous groups information is added to the existing anonymous groups information. It does not overwrite the existing data. The Cisco SCE platform can support a maximum of 5000 anonymous groups. How to Export Anonymous Groups Options The following option is available: filename—Name of the csv file.
Anonymous subscribers • Subscribers may be introduced to the Cisco SCE platform via the Cisco SCE platform CLI or via the Subscriber Manager. The monitoring commands may be used to monitor all subscribers and subscriber information, regardless of how the subscribers were introduced to the system.
• show interface linecard 0 subscriber mapping VLAN-id ‘VLAN-id’ • Displaying Subscribers: All Current Subscriber Names You can display the names of all subscribers currently in the Cisco SCE subscriber database. From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber all-names Displays the names of all subscribers currently in the Cisco SCE subscriber database.
From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber property Displays subscribers that are greater than or less propertyname greater-than|less-than than a specified value of a subscriber property. property-val Cisco SCE 8000 10GBE Software Configuration Guide 10-23 OL-30621-02...
Page 300
How to display the number of subscribers that are greater than or less than a specified value of a subscriber property Options The following options are available: propertyname—Name of the subscriber property to match • property-val—Value of that subscriber property to match • Cisco SCE 8000 10GBE Software Configuration Guide 10-24 OL-30621-02...
A specified VLAN ID • A specified VPN • no mapping • You can also display just the number of subscribers with a specified mapping, rather than listing the actual subscribers. Cisco SCE 8000 10GBE Software Configuration Guide 10-25 OL-30621-02...
Page 302
VLAN-id VLAN-id specified VLAN ID. How to display subscribers with no mapping From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber mapping Displays subscribers with no mapping. none Cisco SCE 8000 10GBE Software Configuration Guide 10-26 OL-30621-02...
How to Display Mappings for a Specified Subscriber Options The following options are available: name—Subscriber name • From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber name Displays mappings for a specified subscriber. name mappings Cisco SCE 8000 10GBE Software Configuration Guide 10-28 OL-30621-02...
0 subscriber anonymous [name ‘groupname’] • How to Display Currently Configured Anonymous Groups From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber Displays currently configured anonymous groups. anonymous-group all Cisco SCE 8000 10GBE Software Configuration Guide 10-29 OL-30621-02...
How to Display All Subscribers Currently in Anonymous Groups From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber Displays all subscribers currently in anonymous anonymous groups. Cisco SCE 8000 10GBE Software Configuration Guide 10-30 OL-30621-02...
How to Display the Total Number of Subscribers in All Anonymous Groups From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber amount Displays the total number of subscribers in all anonymous anonymous groups. Cisco SCE 8000 10GBE Software Configuration Guide 10-31 OL-30621-02...
Install the new application (PQI) file. (The configured subscriber maximum takes effect only after a new application file has been loaded.) If you saved the policy configuration (PQB file), apply it to the Cisco SCE platform using the SCA BB Step 5 console.
Step 5 If you saved the policy configuration (PQB file), apply it to the Cisco SCE platform using the Cisco SCA BB console. If a policy configuration (PQB file) has been applied on the active Cisco SCE platform, use the Cisco SCA BB console to retrieve it and save it before proceeding.
Enables aging for introduced subscribers. How to Disable Aging for Anonymous Group Subscribers From the SCE(config if)# prompt, type: Command Purpose no subscriber aging anonymous Disables aging for anonymous group subscribers. Cisco SCE 8000 10GBE Software Configuration Guide 10-34 OL-30621-02...
Sets the aging timeout period for introduced aging-time subscribers. How to Display Aging for Anonymous Group Subscribers From the SCE> prompt, type: Command Purpose show interface linecard 0 subscriber aging Displays aging of anonymous group subscribers. anonymous Cisco SCE 8000 10GBE Software Configuration Guide 10-35 OL-30621-02...
Displays a listing of all currently logged-in VPNs. Displaying a Listing of All VPNs: Example SCE>show interface linecard 0 VPN all-names How to Clear Automatic VPNs From the SCE# prompt, type: Cisco SCE 8000 10GBE Software Configuration Guide 10-37 OL-30621-02...
Page 314
Managing VPNs and VPN Subscriber Mappings Command Purpose clear interface linecard 0 VPN automatic Removes all VLAN VPNs that were created automatically by the Cisco SCE platform. (Only removes VPNs that have no active subscriber mappings). Cisco SCE 8000 10GBE Software Configuration Guide 10-38 OL-30621-02...
If SM functionality is critical to the operation of the system—Configure the desired behavior of the • Cisco SCE platform if any loss of connection with the SM (may be due either to failure of the SM or failure of the connection itself).
SCE platform, including updated subscriber state. Terminology and Definitions Following is a list of definitions of terms used in the chapter as they apply to the Cisco failover solution, which is based on cascaded Cisco SCE platforms. Failover—A situation in which the Cisco SCE platform experiences a problem that makes it •...
The Cisco SCE 8000 platform can control an external bypass device, which bypasses the traffic during a power failure and also under specific control command from the Cisco SCE 8000. The Cisco SCE 8000 automatically activates the external bypass device during reload for the short period (less than 10 seconds) in which the SPA Interface Processor card does not forward traffic between traffic ports.
Page 320
SM may be regarded as a cause for failover. However, this communication failure is not necessarily a problem in the Cisco SCE platform. If the connection to the SM of the active Cisco SCE platform has failed, while the connection to the SM of the standby Cisco SCE platform is alive, a failover process will be initiated to allow the Cisco SCE platform proper exchange of information between the Cisco SCE platforms and the SM.
MAC address of the other network element when forwarding traffic. To assist the network elements on both sides of the Cisco SCE platform to identify the link failures as quickly as possible, the Cisco SCE platform supports a functionality of reflecting to the other side of the Cisco SCE platforms events of link failure.
The previously standby Cisco SCE platform now processes all the traffic of this other link that is forwarded to it by the previously active Cisco SCE platform in addition to the traffic of its own link.
Page 323
Cisco SCE platform has either recovered or been replaced. If the failure is in the standby Cisco SCE platform, it will continue to forward traffic to the active Cisco SCE platform and back to its link, while the active Cisco SCE platform continues to provide its normal processing functionality to the traffic of the two links.
The external optical bypasses protect against a second Cisco SCE 8000 platform failure. In the case of a second failure, if a bypass module is connected to the last Cisco SCE 8000 to fail, it will be enabled. This preserves one of the network links, assuming the on-failure configuration is is bypass .
'dead end' , cutting off all traffic on both links. Failure in the Cascade Connection The effect of a failure in the cascade connection between the two Cisco SCE platforms depends on whether one or both connections fail: Only one cascade connection is down—In this case, both Cisco SCE platforms can still...
Page 326
Step 6 Use the show interface linecard 0 connection-mode command. If you want to start in bypass mode, change the link mode to bypass in both Cisco SCE platforms. The Step 7 bypass mode will be applied only to the active Cisco SCE platform. (See “About the Link Mode”...
• Manual Steps Step 1 Disconnect the failed Cisco SCE platform from the network Connect a new Cisco SCE platform to the management link and the cascade links (leave network ports Step 2 disconnected.) Step 3 Configure the Cisco SCE platform.
Establishment of inter-Cisco SCE platform communication. Step 1 Synchronization with the SM. Step 2 Copying updated subscriber states from the active Cisco SCE platform to the standby. Step 3 Reboot Only (Fully Automatic Recovery) Step 1 Reboot of the Cisco SCE platform.
On-failure—For each of the cascaded Cisco SCE platforms, this parameter determines whether the • system cuts the traffic or bypasses it when the Cisco SCE platform either has failed or is booting. Configuring the Connection Mode Use the following command to configure the connection mode, including the following parameters.
SCE platform in Example 1. This Cisco SCE platform would have to be the secondary Cisco SCE platform, and Link 0 would be connected to this Cisco SCE platform, since Link 1 was connected to the primary. The connection mode would be the same as the first, and the behavior of the Cisco SCE platform if a failure occurs is external-bypass.
Viewing the Cisco SCE-ID: Example SCE>enable 5 Password:<cisco> SCE>show interface linecard 0 sce-id slot 0 sce-id is 1 How to View the Current Redundancy Status of the Cisco SCE Platform From the SCE# prompt, type: Command Purpose show interface linecard 0 cascade...
Displays information about the cascade connection-status connections. Monitoring the Connection Status: Examples The following example shows the output of this command in the case of two cascaded Cisco SCE 8000 GBE platforms where the cascade interfaces have not been connected correctly. SCE>enable 5 Password:<cisco>...
----------------------------------------------------------- | 0/2 | 0/1 SCE> How to View the Current Link Mode From the SCE# prompt, type: Command Purpose show interface linecard 0 link mode Displays the current link mode. Cisco SCE 8000 10GBE Software Configuration Guide 11-17 OL-30621-02...
From the SCE(config if)# prompt, type: Commands Purpose force failure-condition Forces the Cisco SCE platform into a virtual failure state. no force failure-condition Exits from the virtual failure state. Cisco SCE 8000 10GBE Software Configuration Guide...
Reload the active Cisco SCE platform. Step 5 After the former active Cisco SCE platform reboots and is ready to work manually, it may be left as Step 6 standby or we can manually switch the Cisco SCE platforms to their original state.
System Upgrades Remove the force failure condition in that platform. Step 7 After the former active Cisco SCE platform recovers and is ready to work, it may remain the standby or Step 8 can be manually switched back to active.
Revised: February 07, 2014, OL-30621-02 Introduction This chapter describes the ability of the Cisco SCE platform to identify and prevent DDoS attacks, and the various procedures for configuring and monitoring the Attack Filter Module. Attack Filtering and Attack Detection, page 12-2 •...
Attack filtering is performed using specific-IP attack detectors. A specific-IP attack detector tracks the rate of flows (total open and total suspected) in the Cisco SCE platform for each combination of IP address (or pair of IP addresses), protocol (TCP/UDP/ICMP/Other), destination port (for TCP/UDP), interface and direction.
Page 339
Enable port-based detection for TCP/UDP attacks that have a fixed destination port or ports. The list of destination ports for port-based detection is configured separately. (See “Specific Attack Detectors” section on page 12-14.) Cisco SCE 8000 10GBE Software Configuration Guide 12-3 OL-30621-02...
Attack Detection Thresholds There are three thresholds that are used to define an attack. These thresholds are based on meters that are maintained by the Cisco SCE platform for each IP address or pair of addresses, protocol, interface and attack-direction.
Configuring the action: Report—Attack packets are processed as usual, and the occurrence of the attack is reported. – Block—Attack packets are dropped by the Cisco SCE platform, and therefore do not reach their – destination. Regardless of which action is configured, two reports are generated for every attack: one when the start of an attack is detected, and one when the end of an attack is detected.
Service Control Application. Hardware Filtering The Cisco SCE platform has two ways of handling an attack: by software or by hardware. Normally, attacks are handled by software. This enables the Cisco SCE platform to accurately measure the attack flows and to instantly detect that an attack has ended.
Page 343
“Monitoring Attack Filtering” section on page 12-24): Check the " HW-filter " field in the show interface linecard attack-filter current-attacks • command. Check the " HW-filter " field in the attack log file. • Cisco SCE 8000 10GBE Software Configuration Guide 12-7 OL-30621-02...
When detectors 1-99 are disabled, the default attack detector configuration determines the thresholds used for detecting an attack, and the action taken by the Cisco SCE platform when an attack is detected. For each attack type, a different set of thresholds and action can be set. In addition, subscriber-notification and SNMP traps (alarm) can be enabled or disabled in the same granularity.
Page 345
(default| number) protocol protocol attack-direction direction side side • default attack-detector default • default attack-detector number default attack-detector (all-numbered|all) • attack-detector number access-list comment • attack-detector number (TCP-dest-ports|UDP-dest-ports) (all|(port1 [port2 …])) • [no] attack-filter subscriber-notification ports port1 • Cisco SCE 8000 10GBE Software Configuration Guide 12-9 OL-30621-02...
Use the no form of the command to disable the configured specific-IP detection. How to Enable Specific-IP Detection From the SCE(config if)# prompt, enter: Command Purposes attack-filter [protocol (((TCP|UDP) [dest-port Enables specific-IP detection. (specific|not-specific|both)])|ICMP|other)] [attack-direction (single-side-source|single-side-destination|sing le-side-both|dual-sided|all)] Cisco SCE 8000 10GBE Software Configuration Guide 12-10 OL-30621-02...
How to Define the Default Action and Optionally, the Default Thresholds, page 12-13 • How to Reinstate the System Defaults for a Selected Set of Attack Types, page 12-13 • How to Reinstate the System Defaults for All Attack Types, page 12-14 Cisco SCE 8000 10GBE Software Configuration Guide 12-11 OL-30621-02...
• report (default)—Report beginning and end of the attack by writing to the attack-log. – block—Block all further flows that are part of this attack, the Cisco SCE platform drops the – packets. Thresholds: • open-flows-rate—Default threshold for rate of open flows. suspected-flows-rate—Default –...
From the SCE(config if)# prompt, type: Command Purpose default attack-detector default protocol Reinstates the system defaults for the defined (((TCP|UDP) [dest-port (specific|not- attack types. specific|both)])|ICMP|other|all) attack-direction (single-side-source|single-side-destination|single-si de-both|dual-sided|all) side (subscriber|network|both) Cisco SCE 8000 10GBE Software Configuration Guide 12-13 OL-30621-02...
A specific attack detector may be configured for each possible combination of protocol, attack direction, and side. The Cisco SCE platform supports a maximum of 100 attack detectors. Each attack detector is identified by a number (1-100). Each detector can be either disabled (default) or enabled. An enabled attack detector must be configured with the following parameters: access-list—The number of the Access-Control List (ACL) associated with the specified attack...
'not configured' state (which is the default), or be configured with a specific value. action—Action: • report (default)—Report beginning and end of the attack by writing to the attack-log. – block—Block all further flows that are part of this attack, the Cisco SCE platform drops the – packets. Thresholds: •...
Use the following command to disable a specific attack detector, configuring it to use the default action, threshold values and subscriber notification for all protocols, attack directions and sides. From the SCE(config if)# prompt, type: Command Purpose default attack-detector number Disables the specified attack detector. Cisco SCE 8000 10GBE Software Configuration Guide 12-17 OL-30621-02...
Defines the thresholds and action for attack detector #1. Step 6 From the SCE(config if)# prompt, type attack-detector 1 protocol UDP dest-port specific attack-direction side and press Enter. single-side-destination subscriber notify-subscriber Enables subscriber notification for attack detector #1. Cisco SCE 8000 10GBE Software Configuration Guide 12-18 OL-30621-02...
Page 355
Step 7 Exits the linecard interface configuration mode. Configure ACL #3, which has been assigned to the attack detector. Step 8 SCE(config)# access-list 3 permit 10.1.1.10 SCE(config)# access-list 3 permit 10.1.1.13 Cisco SCE 8000 10GBE Software Configuration Guide 12-19 OL-30621-02...
You can define a port to be used as the subscriber notification port. The attack filter will never block TCP traffic from the subscriber side of the Cisco SCE platform to this port, leaving it always available for subscriber notification.
For example: • The Cisco SCE platform has detected an attack, but the user knows this to be a false alarm. The proper action that should be taken by the user is to configure the system with higher thresholds (for the whole IP range, or maybe for specific IP addresses or ports).
CLI command (either no force-filter or dont-filter). • How to Remove All force-filter Settings, page 12-23 Use the following commands to configure or remove a force-filter setting for or from a specified situation: Cisco SCE 8000 10GBE Software Configuration Guide 12-22 OL-30621-02...
(ip ip-address)|(dual-sided source-ip source-ip-address destination-ip dest-ip-address)) side (subscriber|network|both) How to Remove All force-filter Settings From the SCE(config if)# prompt, type: Command Purpose no attack-filter force-filter all Removes all force-filter settings. Cisco SCE 8000 10GBE Software Configuration Guide 12-23 OL-30621-02...
If attack end was detected in the traffic: Detected attack end • If the end of the attack was declared as a result of a no force-filter command or a new don't-filter command: Forced attack end Cisco SCE 8000 10GBE Software Configuration Guide 12-24 OL-30621-02...
Page 361
If the attack was filtered by a hardware filter: HW filters used, actual attack duration is probably smaller than reported above, actual amount of flows handled is probably larger than reported above. Cisco SCE 8000 10GBE Software Configuration Guide 12-25 OL-30621-02...
– flows per second). suspected-flows-ratio—Default threshold for ratio of suspected flow rate to open flow rate. – Subscriber notification—Enabled or disabled. • Alarm: sending an SNMP trap enabled or disabled. • Cisco SCE 8000 10GBE Software Configuration Guide 12-26 OL-30621-02...
Page 363
| other |net.|source-only|| | other |net.|dest-only | other |sub.|source-only|| | other |sub.|dest-only | Empty fields indicate that no value is set and configuration from the default attack detector is used. SCE#> Cisco SCE 8000 10GBE Software Configuration Guide 12-27 OL-30621-02...
|sub.|dest-only ||Report| 500| 250|50 |No SCE#> How to Display All Attack Detector Configurations From the SCE> prompt, type: Command Purpose show interface linecard 0 attack-detector all Displays all attack detector configurations. Cisco SCE 8000 10GBE Software Configuration Guide 12-28 OL-30621-02...
(N) below a value means that the value is set through attack-detector #N. SCE#> How to Display the Current Counters Use this command to display the current counters for the specified attack detector for attack types for a specified IP address. Cisco SCE 8000 10GBE Software Configuration Guide 12-30 OL-30621-02...
How to Display the List of Ports Selected for Subscriber Notification From the SCE> prompt, type: Command Purpose show interface linecard 0 attack-filter Displays the list of ports selected for subscriber subscriber-notification ports notification. Cisco SCE 8000 10GBE Software Configuration Guide 12-31 OL-30621-02...
IP address (Pair of addresses, if detected) • Protocol Port number (If detected) • Attack-direction (Attack-source or Attack-destination) • Interface of IP address • Number of attack flows reported/blocked • Action taken • Cisco SCE 8000 10GBE Software Configuration Guide 12-32 OL-30621-02...
Displays the attack log. How to Copy the Attack Log to a File From the SCE# prompt, type: Command Purposes more line-attack-log redirect filename Writes the log information to the specified file. Cisco SCE 8000 10GBE Software Configuration Guide 12-33 OL-30621-02...
This module provides an overview of the Service Control Management Protocol (SCMP) capabilities. It also explains the various procedures for configuring and monitoring SCMP. About SCMP, page 13-2 • Configuring the SCMP, page 13-9 • Monitoring the SCMP Environment, page 13-17 • Cisco SCE 8000 10GBE Software Configuration Guide 13-1 OL-30621-02...
The SCMP peers can work in either of two introduction modes. These introduction modes affect only how and when a session is created on the Cisco SCE platform: The SCMP peer provisions the session to the Cisco SCE platform when it is created in the peer •...
Managing the SCMP About SCMP SCMP Terminology SCMP terminology is similar to, but not identical to, existing Cisco SCE platform terminology. It is derived from the ISG terminology, since every Cisco SCE subscriber is actually an ISG session. • subscriber – The client who is purchasing service from the Service Provider and is receiving the bill.
A deployment of this type might be used with ISG running on a service gateway or BRAS • terminating a large number of subscribers. However, note that deploying only one Cisco SCE platform results in a single point of failure, which is not generally acceptable in an actual deployment.
If advanced services requiring deep packet inspection are offered, we recommend locating the Cisco SCE platforms centrally, just before traffic requiring such services exits the SP network, since not all traffic needs to be processed by Cisco SCE platforms. Please note the following: •...
Page 376
Chapter 13 Managing the SCMP About SCMP You can configure the cascaded Cisco SCE platforms to receive session info from the SCMP peer • on session creation or pull the session info when the subscribers traffic traverses the Cisco SCE platform.
SCMP Peer Devices An SCMP peer device is a Cisco device running IOS with the ISG module enabled. The Cisco SCE platform supports the ability to communicate with several SCMP peer devices at the same time. However, each peer device manages its own subscribers and the corresponding subscriber network IDs.
SCMP Subscriber Management Subscriber virtualization allows multiple SCMP peer devices to simultaneously manage subscribers in the Cisco SCE platform without interfering with each other. (Note that each device must handle a distinct set of subscribers and network IDs.) The following mechanisms support subscriber virtualization: SCMP adds the Manager-Id field to each subscriber record in the database.
Enable the SCMP • Configure the SCMP peer device to push sessions to the Cisco SCE platform • Allow the SCMP peer device to provision each subscriber to only one Cisco SCE platform. • Define the SCMP keep-alive interval •...
When SCMP establishes a connection with an SCMP peer device, it informs the device whether the SCMP is configured to push sessions or to wait till the sessions are pulled by the Cisco SCE platform. Use this command to specify push mode. Use the no form of the command to specify pull mode. This configuration takes effect only after the connection is re-established.
The reconnect interval is the amount of time between attempts by the Cisco SCE platform to reconnect with an SCMP peer. The Cisco SCE platform attempts to reconnect to the SCMP peer device at the defined intervals by sending an establish-peering-request message.
Defines the reconnect interval parameter. Defining the Loss-of-Sync Timeout Parameter The loss of sync timeout interval is the amount of time between loss of connection between the Cisco SCE platform and an SCMP peer device and the loss-of-sync event. (To prevent miss-classification, loss-of-sync event removes all subscribers that were provisioned by the relevant SCMP peer device.)
This command removes the specified anonymous group from the SCMP peer device. From the SCE(config if)# prompt, type: Command Purpose no subscriber anonymous-group name Removes an anonymous group from the SCMP group-name peer device. Cisco SCE 8000 10GBE Software Configuration Guide 13-13 OL-30621-02...
• User-Name • The GUID is always appended at the end of the subscriber ID as defined by this command. Note You must disable the SCMP interface before executing this command. Cisco SCE 8000 10GBE Software Configuration Guide 13-14 OL-30621-02...
The RADIUS client polls the sockets to receive the next message and calls the SCMP engine to handle it, based on the type of the received message. Messages that were not acknowledged can be retransmitted up to the configured maximum number of retries. Cisco SCE 8000 10GBE Software Configuration Guide 13-15 OL-30621-02...
(optional)—Timeout interval for retransmitting a message, in seconds • Default = 1 second – From the SCE(config)# prompt, type: Command Purpose ip radius-client retry limit times [timeout Configures RADIUS client. timeout] Cisco SCE 8000 10GBE Software Configuration Guide 13-16 OL-30621-02...
SCMP peer device for which to display the configuration • or statistics. How to display the general SCMP configuration From the SCE> prompt, type: Command Purpose show scmp Displays the general SCMP configuration. Cisco SCE 8000 10GBE Software Configuration Guide 13-17 OL-30621-02...
9 seconds How to display the statistics for all SCMP peer devices From the SCE> prompt, type: Command Purpose show scmp all counters Displays the statistics for all SCMP peer devices. Cisco SCE 8000 10GBE Software Configuration Guide 13-18 OL-30621-02...
Use the following command to monitor the SCMP RADIUS client. This command displays the general configuration of the RADIUS client. From the SCE> prompt, type: Command Purpose show ip radius-client Monitors the SCMP RADIUS client. Cisco SCE 8000 10GBE Software Configuration Guide 13-19 OL-30621-02...
Page 390
Chapter 13 Managing the SCMP Monitoring the SCMP Environment Cisco SCE 8000 10GBE Software Configuration Guide 13-20 OL-30621-02...
VAS Traffic Forwarding Topologies, page 14-14 • SNMP Support for VAS, page 14-17 • Interactions Between VAS Traffic Forwarding and Other Cisco SCE Platform Features, page 14-18 • Configuring VAS Traffic Forwarding, page 14-20 • Monitoring VAS Traffic Forwarding, page 14-32 •...
Information About VAS Traffic Forwarding Information About VAS Traffic Forwarding The VAS feature uses the Cisco SCE platform to access an external “expert system” for classification and control of services not supported by SCA BB. Using the VAS feature, you can forward selected flows to an external, third-party system for per-subscriber processing in addition to the existing services and functions of the SCA BB solution.
The same VAS server may be used by more than one Cisco SCE platform. • In VAS mode, the Cisco SCE performance envelope might be up to 50 percent lower than in the normal Note operation mode. The exact performance envelope is specific to the traffic mix in the customer network and should be sized in advance.
• Requirements for VAS Servers Because the VAS devices are installed behind the Cisco SCE platform, they should follow the network behavior of the Cisco SCE platform. Therefore, VAS devices must meet the following two requirements: VAS devices must be equipped with separate interfaces for the subscriber side and separate •...
VLAN Tags for VAS Traffic Forwarding The traffic is routed between the Cisco SCE platform and the VAS servers by VLANs. There is a unique VLAN tag for each Cisco SCE platform and VAS server combination. Before the traffic is forwarded to the VAS servers, the Cisco SCE platform adds the VLAN tags to the original traffic.
The Cisco SCE platform performs load sharing between multiple VAS servers belonging to the same server group; the balance is based on the subscriber load. In other words, the Cisco SCE platform ensures that the subscribers are evenly distributed between the VAS servers in the same group.The mapping of subscriber to a VAS server (per group) is maintained even when servers are added or removed from the group either due to configuration changes or changes in the operational status of the servers in the group.
A VAS data flow is slightly more complex than the basic data flow. It is received and transmitted in the same manner as the basic non-VAS Cisco SCE platform flow, but before it is transmitted to its original destination, it flows through the VAS server.
The packet is sent to the VAS subscriber port from Cisco SCE platform Port 4 (N). The VAS server processes the packets and either drops the packet or sends it back to the Cisco SCE platform from the VAS network port to the Cisco SCE platform subscribers Port 3 (S).
In pull mode, the first flow of the subscriber behaves as configured in the anonymous template. If no anonymous template is configured, such first flows are processed as defined by the default template. Therefore, the default template should provide a proper package, so these flows get VAS service. Cisco SCE 8000 10GBE Software Configuration Guide 14-9 OL-30621-02...
The system monitors the health of a VAS server by periodically checking the connectivity between the Cisco SCE platform and the VAS server. When the Cisco SCE platform fails to establish or maintain a connection to the server within a configurable window of time, the server is considered to be in Down state.
Value-Added Services (VAS) Traffic Forwarding VAS Redundancy When the Cisco SCE platform detects that the number of active servers within a group is below the configured minimum, it changes the state of the group to Failure. The configured action-on-failure is then applied to all new flows mapped for that VAS server group (existing flows are not affected.)
The Cisco SCE platform adds its own Layer 7 data on top of the UDP transport layer. This data is used by the Cisco SCE platform to validate the correctness of the packet upon retrieval.
The VAS server should not drop traffic unless it is specifically configured to do so. Therefore, if the • connectivity between the VAS server and the Cisco SCE platform is operative, the health check packets should reach the Cisco SCE platform safely.
Multiple Cisco SCE Platforms, Multiple VAS Servers, page 14-15 • A topology in which a VAS server is directly connected to the Cisco SCE platform is not supported. If Note you want a topology of a single Cisco SCE platform connected to a single VAS server, use a switch between the Cisco SCE platform and the VAS server.
If the flow is a VAS flow (red), the Cisco SCE platform selects the VAS server to which the packet should be sent, adds the server VLAN tag to the packet, and transmits the packet on Port #4 (Network).
Page 406
The two Ethernet switches route the traffic to the VAS servers. The routing is VLAN based. The Ethernet switch should be configured to trunk mode with learning disabled. The data flow is the same as that for the single Cisco SCE platform to multiple VAS servers topology (see “Data Flow”...
Object type—vasServersTable provides information on each VAS server operational status. • SNMP Trap—vasServerOperationalStatusChangeTrap signifies that the agent entity has detected a • change in the operational status of a VAS server. Cisco SCE 8000 10GBE Software Configuration Guide 14-17 OL-30621-02...
• Incompatible Cisco SCE Platform Features There are certain Cisco SCE platform features that are incompatible with VAS traffic forwarding. Before enabling VAS traffic forwarding, it is the responsibility of the user to make sure that no incompatible features or modes are configured.
Bypass—Traffic is bypassed and NO SCA BB or VAS services are provided. • VAS Traffic Forwarding and Bandwidth Management The complexity of the VAS traffic forwarding results in the modification of some Cisco SCE platform bandwidth management capabilities: VAS flows are not subject to global bandwidth control.
Value-Added Services (VAS) Traffic Forwarding Configuring VAS Traffic Forwarding Configuring VAS Traffic Forwarding There are three broad aspects to VAS traffic forwarding configuration in the Cisco SCE platform: Configuring global VAS traffic forwarding options, such as enabling or disabling VAS traffic •...
“Disabling VAS Traffic Forwarding” section on page 14-22. There are certain other Cisco SCE platform features that are incompatible with VAS traffic forwarding. Before enabling VAS traffic forwarding, make sure that no incompatible features or modes are configured. The features and modes listed below cannot coexist with VAS mode: Line-card connection modes—receive-only, receive-only-cascade, inline-cascade...
Disabling the VAS Traffic Forwarding feature in runtime must be done with special care. There are two points to consider: You cannot disable VAS mode in the Cisco SCE platform while the applied SCA BB policy instructs • the Cisco SCE platform to forward traffic to the VAS servers.
However, it is not operational since it does not have VLAN. Note A VAS server is not operational until the VLAN tag is defined, even if the server itself is enabled. Cisco SCE 8000 10GBE Software Configuration Guide 14-23 OL-30621-02...
This section contains the following topics: • How to Configure the VLAN Tag Number for a Specified VAS Server, page 14-25 • How to Remove the VLAN Tag Number from a Specified VAS Server, page 14-25 Cisco SCE 8000 10GBE Software Configuration Guide 14-24 OL-30621-02...
This section explains how to to enable and disable the Health Check, and how to define the ports it should use. By default, the VAS server health check is enabled, however you may disable it. Cisco SCE 8000 10GBE Software Configuration Guide 14-25 OL-30621-02...
Down if one or more conditions are not met: • VAS traffic forwarding mode is enabled. Pseudo IPs are configured for the Cisco SCE platform traffic ports on the VAS traffic link. • VAS server is enabled.
You should configure source and destination pseudo IP address for the health check packets. The pseudo-ip command allows you to specify a unique IP address to be used by the health check packets. The pseudo IP address is configured on the interfaces that connect the Cisco SCE platform with the VAS servers.
IP) – Default—no IP address mask (optional)—Defines the range of IP addresses that can be used by the Cisco SCE platform. • Note that the Cisco SCE platform is not required to reside in this subnet.
Failure action—The action to be applied to all new flows mapped to this server group while it is • Failure state: Block—all new flows assigned to the failed VAS server group will be blocked by the Cisco SCE – platform.
Page 420
How to Configure the Failure Action for a Specified VAS Server Group to the Default From the SCE(config if)# prompt, type: Command Purpose default VAS-traffic-forwarding VAS Configures the failure action for a specified VAS server-group group-number failure action server group to the default. Cisco SCE 8000 10GBE Software Configuration Guide 14-30 OL-30621-02...
You must shutdown the linecard when configuring VAS servers and groups. Step 6 VAS-traffic-forwarding Set the Cisco SCE platform to forward VAS traffic (enable VAS traffic forwarding). Step 7 VAS-traffic-forwarding traffic-link link-0 Set the VAS traffic forwarding link to Link 0.
Purpose show interface linecard 0 Displays the global VAS status and configuration. VAS-traffic-forwarding Example SCE>show interface linecard 0 VAS-traffic-forwarding VAS traffic forwarding is enabled VAS traffic link configured: Link-1 actual: Link-1 Cisco SCE 8000 10GBE Software Configuration Guide 14-32 OL-30621-02...
How to Clear the Health Check Counters for All VAS Servers From the SCE> prompt, type: Command Purpose clear interface linecard 0 Clears health check counters for all VAS servers. VAS-traffic-forwarding VAS server-id all counters health-check Cisco SCE 8000 10GBE Software Configuration Guide 14-35 OL-30621-02...
The traffic that is copied is also processed by the SCA BB application and forwarded without interruption to its original destination. The copy of the traffic is presumed not to return to the Cisco SCE platform after being processed by the third party servers.
Subscribers browse web For more information regarding targeted advertising, see the following documents: Cisco Service Control Online Advertising Solution Guide: Behavioral Profile Creation Using RDRs • Cisco Service Control Online Advertising Solution Guide: Behavioral Profile Creation Using Traffic •...
To save in performance on both sides, zero payload packets are also not mirrored. (note that this type of packets have no real value for offline analysis). If the VLAN traffic is mirrored, Cisco SCE devices replace the VLAN information from the incoming traffic with the VAS-configured VLAN information before mirroring the traffic on the VAS port.
Traffic mirroring is implemented by sending the mirrored packets over a designated VLAN through a predefined link of the Cisco SCE platform. The link that has been defined for traffic mirroring can be either used exclusively for this purpose, or it can be one of the traffic ports, in which case the Tx capacity of the link will be shared between the original egress traffic and the mirrored traffic.
Page 430
Chapter 14 Value-Added Services (VAS) Traffic Forwarding Intelligent Traffic Mirroring Figure 14-6 shows a Cisco SCE platform using a dedicated link for mirroring (Link 1). Figure 14-6 Traffic Mirroring on a Dedicated Link Traffic crosses the SCE through link 1...
Cisco Service Control Application for Broadband User Guide. Note Traffic mirroring is not compatible with regular VAS traffic forwarding. Traffic mirroring configuration is distributed between the SCA BB console and the Cisco SCE platform CLI: The Cisco SCE platform CLI configuration: •...
Use the same commands to monitor traffic mirroring as for regular VAS functionality. (See “Monitoring VAS Traffic Forwarding” section on page 14-32) Traffic Mirroring Sample Configuration Following is a sample illustrating the steps in configuring the Cisco SCE 8000 platform for traffic mirroring. Command Purpose Step 1...
MIB. The proprietary pcube MIBs has been replaced by a combination of standard and Cisco MIBs and new Cisco Service Control MIBs. The new MIB structure was designed to keep backward compatibility and provide the same information as provided in the past as much as possible.
MIB Files The pcube MIB was grouped into several MIBs, each of which represented a certain aspect or functionality in the Cisco SCE platform (see the tables in the “pcube to Cisco MIB Mapping: Detailed OID Mappings” section on page A-7 section for more details).
Page 435
Defines state textual conventions. HOST-RESOURCES-MIB.my Manages host systems. Only OIDs that are mapped to former pcube MIB OIDs are in use in the standard and Cisco MIBs as Note listed in this table. Cisco SCE 8000 10GBE Software Configuration Guide...
Appendix A Cisco Service Control MIBs Loading MIBs Loading MIBs It is important to load the MIBs in the proper order. Before loading any new CISCO-SERVICE-CONTROL MIB, load the following MIBs in this order: SNMPv2-SMI.my SNMPv2-CONF.my SNMPv2-TC.my SNMP-FRAMEWORK-MIB.my ENTITY-MIB.my INET-ADDRESS-MIB.my CISCO-SMI.my...
Cisco Service Control MIBs pcube to Cisco MIB Mapping pcube to Cisco MIB Mapping This section is an overview of how the former pcube MIB maps to the current Cisco MIBs. Two P-cube MIBs are mapped; PcubeSeMIB and PcubeEngageMIB (CISCO-SCABB-MIB). Table A-4...
Pcube Engage MIB (CISCO-SCAS-BB-MIB) The information in the pcubeEnageMIB is available from various RDRs and from tables of the Collection Manager database. Therefore this MIB has not been replaced by a new Cisco Service Control MIB. For information regarding the mapping of the MIB objects to RDRs and the Collection Manager...
Cisco MIB Mapping: Detailed OID Mappings The following tables provide the detailed mappings for specific pcubeSeMIB (1.3.6.1.4.1.5655.4.1/0) OIDs to the current standard and Cisco MIBs. Table A-6 systemGrp (1.3.6.1.4.1.5655.4.1.1) pcube Object Name New MIB New Object Name sysOperationalStatus 1.3.6.1.4.1.5655.4.1.1.1 ENTITY-STATE-MIB entStateTable.entStateOper...
Page 440
Object Name New MIB New Object Name pchassisSysType 1.3.6.1.4.1.5655.4.1.2.1 Not mapped. Derived from entPhysicalDescr and entPhysicalClass chassis(3) pchassisPowerSupply 1.3.6.1.4.1.5655.4.1.2.2 CISCO-ENTITY-FRU- Trap is sent Alarm CONTROL-MIB Current status available using the show environment CLI command pchassisFansAlarm 1.3.6.1.4.1.5655.4.1.2.3 CISCO-ENTITY-FRU- Trap is sent...
Page 441
ENTITY-MIB with entPhysicalClass = other Use CLI command: pmoduleConnection 1.3.6.1.4.1.5655.4.1.3.1.1.8 Not mapped Mode show interface linecard connection-mode pmoduleSerialNumber 1.3.6.1.4.1.5655.4.1.3.1.1.9 ENTITY-MIB entPhysicalSerialNum 1.3.6.1.2.1.47.1.1.1.1.11 pmoduleUpStream 1.3.6.1.4.1.5655.4.1.3.1.1.10 CISCO- cscaInfoUpStream 1.3.6.1.4.1.9.9.693.1.3.1.1 AttackFilteringTime SERVICE-CONTROL- AttackFilteringTime ATTACK-MIB pmoduleUpStreamLas 1.3.6.1.4.1.5655.4.1.3.1.1.11 CISCO- cscaInfoUpStreamLast 1.3.6.1.4.1.9.9.693.1.3.1.2 tAttackFilteringTime SERVICE-CONTROL- AttackFilteringTime...
Page 442
New Object Name pmoduleAdminStatus 1.3.6.1.4.1.5655.4.1.3.1.1.15 ENTITY-MIB entStateAdmin 1.3.6.1.2.1.131.1.1.1.2 pmoduleOperStatus 1.3.6.1.4.1.5655.4.1.3.1.1.16 ENTITY-MIB entStateOper 1.3.6.1.2.1.131.1.1.1.3 1.3.6.1.2.1.131.1.1.1.6 entStateStandby Table A-9 linkGrp (1.3.6.1.4.1.5655.4.1.4): All Mapped Objects Mapped to CISCO-SERVICE-CONTROL-LINK-MIB pcube Object Name New Object Name linkTable 1.3.6.1.4.1.5655.4.1.4.1 cscLinkStatusTable 1.3.6.1.4.1.9.9.631.1.2 linkEntry 1.3.6.1.4.1.5655.4.1.4.1.1 cscLinkStatusEntry 1.3.6.1.4.1.9.9.631.1.2.1 linkModuleIndex 1.3.6.1.4.1.5655.4.1.4.1.1.1...
Page 443
Object Name New Object Name diskNumUsedBytes 1.3.6.1.4.1.5655.4.1.5.1 hrStorageTable.hrStorageUsed 1.3.6.1.2.1.25.2.3.1.6 diskNumFreeBytes 1.3.6.1.4.1.5655.4.1.5.2 hrStorageTable.hrStorageUsed 1.3.6.1.2.1.25.2.3.1.6 hrStorageTable.hrStorageSize 1.3.6.1.2.1.25.2.3.1.5 Table A-11 rdrFormatterGrp (1.3.6.1.4.1.5655.4.1.6): All Mapped Objects Mapped to CISCO-SERVICE-CONTROL-RDR-MIB pcube Object Name New Object Name rdrFormatterEnable 1.3.6.1.4.1.5655.4.1.6.1 cServiceControlRDRFormatterEnable 1.3.6.1.4.1.9.9.637.1.1.1.1 rdrFormatterDestTable 1.3.6.1.4.1.5655.4.1.6.2 cServiceControlRDRFormatterDestTable 1.3.6.1.4.1.9.9.637.1.2 rdrFormatterDestEntry 1.3.6.1.4.1.5655.4.1.6.2.1 cServiceControlRDRFormatterDestEntry 1.3.6.1.4.1.9.9.637.1.2 .1...
Page 444
Table A-11 rdrFormatterGrp (1.3.6.1.4.1.5655.4.1.6): All Mapped Objects Mapped to CISCO-SERVICE-CONTROL-RDR-MIB (continued) pcube Object Name New Object Name rdrFormatterClear 1.3.6.1.4.1.5655.4.1.6.5 Not mapped CountersTime rdrFormatterReportRate 1.3.6.1.4.1.5655.4.1.6.6 cServiceControlRDRFormatterReportRate 1.3.6.1.4.1.9.9.637.1.1.1.4 rdrFormatterReportRate 1.3.6.1.4.1.5655.4.1.6.7 cscRdrFormatterReportRatePeak 1.3.6.1.4.1.9.9.637.1.1.1.5 Peak rdrFormatterReportRate 1.3.6.1.4.1.5655.4.1.6.8 cscRdrFormatterReportRatePeakTime 1.3.6.1.4.1.9.9.637.1.1.1.6 PeakTime rdrFormatterProtocol 1.3.6.1.4.1.5655.4.1.6.9 cServiceControlRDRFormatterProtocol 1.3.6.1.4.1.9.9.637.1.1.1.7 rdrFormatterForwarding 1.3.6.1.4.1.5655.4.1.6.10...
Page 445
Table A-11 rdrFormatterGrp (1.3.6.1.4.1.5655.4.1.6): All Mapped Objects Mapped to CISCO-SERVICE-CONTROL-RDR-MIB (continued) pcube Object Name New Object Name rdrFormatterCategory 1.3.6.1.4.1.5655.4.1.6.12.1.1 Available through the CLI. DestPriority rdrFormatterCategory 1.3.6.1.4.1.5655.4.1.6.12.1.2 Available through the CLI. DestStatus Table A-12 loggerGrp (1.3.6.1.4.1.5655.4.1.7): all Mapped Objects Mapped to CISCO-SYSLOG-EVENT-EXT-MIB...
Page 446
Table A-13 subscribersGrp (1.3.6.1.4.1.5655.4.1.8): All Mapped Objects Mapped to CISCO-SERVICE-CONTROL-SUBSCRIBERS-MIB (continued) pcube Object Name New Object Name subscribersNumActive 1.3.6.1.4.1.5655.4.1.8.1.1.9 cServiceControlSubscribersNumActive 1.3.6.1.4.1.9.9.628.1.2.1.9 subscribersNumActivePeak 1.3.6.1.4.1.5655.4.1.8.1.1.10 Not mapped subscribersNumActivePeakTime 1.3.6.1.4.1.5655.4.1.8.1.1.11 Not mapped subscribersNumUpdates 1.3.6.1.4.1.5655.4.1.8.1.1.12 cServiceControlSubscribersNumUpdates 1.3.6.1.4.1.9.9.628.1.2.1.10 subscribersCountersClearTime 1.3.6.1.4.1.5655.4.1.8.1.1.13 Not mapped subscribersNumTpIpRange 1.3.6.1.4.1.5655.4.1.8.1.1.14 cServiceControlSubscribersNumTpIpRangeMappings 1.3.6.1.4.1.9.9.628.1.2.1.11...
Page 447
Table A-13 subscribersGrp (1.3.6.1.4.1.5655.4.1.8): All Mapped Objects Mapped to CISCO-SERVICE-CONTROL-SUBSCRIBERS-MIB (continued) pcube Object Name New Object Name cServiceControlSubscribersPackageIndex 1.3.6.1.4.1.9.9.628.1.1.1.5 cServiceControlSubscribersRealTimeMonitor 1.3.6.1.4.1.9.9.628.1.1.1.6 Table A-14 trafficProcessorGrp (1.3.6.1.4.1.5655.4.1.9) pcube Object Name New MIB New Object Name tpInfoTable 1.3.6.1.4.1.5655.4.1.9.1 CISCO-SERVICE-CONTROL- cscTpTable 1.3.6.1.4.1.9.9.634.1.1 TP-STATS-MIB tpInfoEntry 1.3.6.1.4.1.5655.4.1.9.1.1...
Page 448
Table A-14 trafficProcessorGrp (1.3.6.1.4.1.5655.4.1.9) (continued) pcube Object Name New MIB New Object Name tpNumUdpActive 1.3.6.1.4.1.5655.4.1.9.1.1.13 Not mapped. FlowsPeakTime tpNumNonTcpUdp 1.3.6.1.4.1.5655.4.1.9.1.1.14 CISCO-SERVICE-CONTROL- cscTpUdpActiveFlows 1.3.6.1.4.1.9.9.634.1.1.1.5 ActiveFlows TP-STATS-MIB tpNumNonTcpUdp 1.3.6.1.4.1.5655.4.1.9.1.1.15 Not mapped. ActiveFlowsPeak tpNumNonTcpUdp 1.3.6.1.4.1.5655.4.1.9.1.1.16 Not mapped. ActiveFlowsPeakTime tpTotalNum 1.3.6.1.4.1.5655.4.1.9.1.1.17 CISCO-SERVICE-CONTROL- cscTpTotalBlockedPackets 1.3.6.1.4.1.9.9.634.1.1.1.6...
Page 449
(1.3.6.1.4.1.5655.4.1.9) (continued) pcube Object Name New MIB New Object Name tpHandledPackets 1.3.6.1.4.1.5655.4.1.9.1.1.30 Not mapped. RatePeak tpHandledPackets 1.3.6.1.4.1.5655.4.1.9.1.1.31 Not mapped. RatePeakTime tpHandledFlowsRate 1.3.6.1.4.1.5655.4.1.9.1.1.32 CISCO-SERVICE-CONTROL- cscTpHandledFlowsRate 1.3.6.1.4.1.9.9.634.1.1.1.18 TP-STATS-MIB tpHandledFlows 1.3.6.1.4.1.5655.4.1.9.1.1.33 Not mapped RatePeak tpHandledFlows 1.3.6.1.4.1.5655.4.1.9.1.1.34 Not mapped RatePeakTime tpCpuUtilization 1.3.6.1.4.1.5655.4.1.9.1.1.35 CISCO-PROCESS-MIB cpmCPUTotal1minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.7...
Page 450
1.3.6.1.4.1.5655.4.1.10.1.1.10 ENTITY-MIB entPhysicalIndex 1.3.6.1.2.1.47.1.1.1.1.1 Defined in ENTITY-STATE-MIB. Table A-16 txQueuesGrp (1.3.6.1.4.1.5655.4.1.11) pcube Object Name New MIB New Object Name txQueuesTable 1.3.6.1.4.1.5655.4.1.11.1 CISCO-QUEUE-MIB cQIfTable and cQStatsTable 1.3.6.1.4.1.9.9.37.1.2 txQueuesEntry 1.3.6.1.4.1.5655.4.1.11.1.1 CISCO-QUEUE-MIB cQStatsEntry 1.3.6.1.4.1.9.9.37.1.2.1 txQueuesModuleIndex 1.3.6.1.4.1.5655.4.1.11.1.1.1 Not mapped txQueuesPortIndex 1.3.6.1.4.1.5655.4.1.11.1.1.2 RFC1213-MIB ifIndex 1.3.6.1.2.1.2.2.1.1...
Page 451
Time txQueuesClearCounters 1.3.6.1.4.1.5655.4.1.11.1.1.9 Not mapped Time txQueuesDroppedBytes 1.3.6.1.4.1.5655.4.1.11.1.1.10 CISCO-QUEUE-MIB cQStatsDiscards 1.3.6.1.4.1.9.9.37.1.2.1.4 This object counts bytes Table A-17 globalControllerssGrp (1.3.6.1.4.1.5655.4.1.12): All Mapped Objects Mapped to CISCO-SERVICE-CONTROLLER-MIB pcube Object Name New Object Name globalControllersTable 1.3.6.1.4.1.5655.4.1.12.1 cscGlobalControllersTable 1.3.6.1.4.1.9.9.667.0.1 globalControllersEntry 1.3.6.1.4.1.5655.4.1.12.1.1 cscGlobalControllersEntry 1.3.6.1.4.1.9.9.667.0.1.1 globalControllersModuleIndex 1.3.6.1.4.1.5655.4.1.12.1.1.1...
Page 452
Table A-18 trafficCountersGrp (1.3.6.1.4.1.5655.4.1.14): All Objects Mapped to CISCO-SERVICE-CONTROL-TP-STATS-MIB pcube Object Name New Object Name trafficCountersTable 1.3.6.1.4.1.5655.4.1.14.1 cscTpStatsTrafficCountersTable 1.3.6.1.4.1.9.9.634.1.2 trafficCountersEntry 1.3.6.1.4.1.5655.4.1.14.1.1 cscTpStatsTrafficCountersEntry 1.3.6.1.4.1.9.9.634.1.2.1 trafficCounterIndex 1.3.6.1.4.1.5655.4.1.14.1.1.1 cscTpStatsTrafficCounterIndex 1.3.6.1.4.1.9.9.634.1.2.1.1 trafficCounterValue 1.3.6.1.4.1.5655.4.1.14.1.1.2 cscTpStatsTrafficCounterValue 1.3.6.1.4.1.9.9.634.1.2.1.2 trafficCounterName 1.3.6.1.4.1.5655.4.1.14.1.1.3 cscTpStatsTrafficCounterName 1.3.6.1.4.1.9.9.634.1.2.1.3 trafficCounterType 1.3.6.1.4.1.5655.4.1.14.1.1.4 cscTpStatsTrafficCounterType 1.3.6.1.4.1.9.9.634.1.2.1.4 Table A-19 attackGrp (1.3.6.1.4.1.5655.4.1.15): All Objects Mapped to CISCO-SERVICE-CONTROL-ATTACK-MIB...
Page 453
1.3.6.1.4.1.5655.4.0.9 CISCO-ENTITY-FRU- cefcPowerSupplyOutputChange 1.3.6.1.4.1.9.9.117.2.0.7 AlarmOnTrap CONTROL-MIB Trap functions as follows: • Unplug power cord from Cisco SCE platform—trap sent Plug power cord into Cisco SCE • platform—trap not sent Remove a PSU—trap sent • Insert a PSU—trap not sent •...
Page 457
Table A-21 pcubeEnageMIB 1.3.6.1.4.1.5655.4.2 (continued) pcube Object Name Corresponding RDR Objects not mapped subscriberGrp 1.3.6.1.4.1.5655.4.2.4 Subscriber Usage RDRs none 1.3.6.1.4.1.5655.4.2.4 serviceCounterGrp 1.3.6.1.4.1.5655.4.2.5 Service Configuration API or none 1.3.6.1.4.1.5655.4.2.5 the INI_VALUES DB table...
Appendix A Cisco Service Control MIBs Cisco SCE Platform-Specific MIB Information Cisco SCE Platform-Specific MIB Information This section contains definitions that are specific to the Cisco SCE platforms for certain standard and Cisco MIB objects. CISCO-ENTITY-ALARM-MIB ceAlarmDescrSeverity (integer) ceAlarmDescrSeverity.1.1—3 ceAlarmDescrSeverity.1.2—3 ceAlarmDescrSeverity.1.3—2...
Processor, in units of 0.001%. The service loss is computed as the relative amount of traffic which was bypassed by the Cisco SCE from one side to another without being serviced due to lack of resources (either CPU or memory).
The trap will also identify the component within the FRU that is associated with the threshold • violation or conformance. CISCO-ENTITY-SENSOR MIB is read-only. Thresholds are internally defined and cannot be changed. Note Temperature reported for the entities (FRUs) are a normalized temperature since there is no single Note temperature reading for an entire FRU.
Page 462
• Cisco SCE 8000 supports the linkUp/linkDown trap only on management ports. If there is a change to the management-port state, Cisco SCE 8000 sends two traps—one linkUp/linkDown trap and one entStateOperEnabled/entStateOperDisabled trap. But if there is a change to the traffic-port state, Cisco SCE 8000 sends only the entStateOperEnabled/entStateOperDisabled trap.
Service Loss, page B-3 • As with any network device, the Cisco SCE platform has its performance and capacity envelopes. As the network evolves, the utilization of the Cisco SCE platform can increase and these envelopes might be reached. It is, therefore, advisable to monitor Cisco SCE platform to be sure that utilization remains at a level that supports reliable and consistent service.
• show snmp MIB cisco-service-control-subscriber The Cisco SCE 8000 platform supports up to 1M subscribers. You should make sure that the number of introduced subscribers plus the number of anonymous subscribers stays below this figure. It is advisable that when subscribers utilization exceeds 90%, special attention should be given and sizing should be reconsidered.
Service Loss Service Loss Service Loss is an event which occurs when the Cisco SCE platform does not provide the processing it was expected to perform for any transaction in the network. This can occur due to either CPU or Flows shortage.
Page 466
Appendix B Monitoring Cisco SCE Platform Utilization Service Loss Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
OpenSSH, i.e., RSA is no longer included, found in the OpenSSL library – IDEA is no longer included, its use is deprecated – DES is now external, in the OpenSSL library – Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 468
* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. * All rights reserved. Redistribution and use in source and binary * forms, with or without modification, are permitted provided that * this copyright notice is retained. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 469
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 470
Remaining components of the software are provided under a standard 2-term BSD licence with the following names as copyright holders: Markus Friedl • Theo de Raadt • Niels Provos • Dug Song • Aaron Campbell • Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 471
* 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 472
Eric P. Allman The Regents of the University of California Constantin S. Svintsoff * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 473
* copyright notice and this permission notice appear in all copies. * THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 474
* holders shall not be used in advertising or otherwise to promote the * sale, use or other dealings in this Software without prior written * authorization. **************************************************************************** $OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Cisco SCE 8000 10GBE Software Configuration Guide OL-30621-02...
Page 476
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, Cisco SCE 8000 10GBE Software Configuration Guide C-10 OL-30621-02...
Page 477
• Neither the name of Cisco, Inc, Beijing University of Posts and Telecommunications, nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission.
Page 478
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Cisco SCE 8000 10GBE Software Configuration Guide C-12 OL-30621-02...