Intel® NetStructure™ 7110/7115 e-Commerce Accelerator Version 2.
Copyright Copyright © 2000 Intel Corporation. All Rights Reserved. This User Guide as well as the software described in it is furnished under license and may only be used or copied in accordance with the terms of the license. The information in this manual is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Intel Corporation.
Table of Contents Chapter 1: Introduction About this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . New in This Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Who Should Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Network and Server LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inline LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Admin Terminal Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HyperTerminal§ Paste Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Help Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Status Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 6-19 6-20 6-21 Chapter 7: Alarms and Monitoring Overview. .
CONTENTS Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Chapter 9: Troubleshooting Appendix A: Front Panel Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of Figures Mounting Bracket Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Wiring Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Front Panel Connectors and LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 7110/7115 in Single Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7110/7115 in Multiple Server Configuration .
FIGURES Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Intel’s MIB Tree (top level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 Front Panel Connectors, Controls, and Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Front Panel Detail: Failure/Bypass Mode Controls and Indicators . . . . . . . . . . . . .
Introduction Congratulations on your choice of the Intel® NetStructure™ 7110/ 7115 e-Commerce Accelerator. The processing of secure transactions through Secure Socket Layer (SSL) can occupy up to 90% of even the largest servers’ CPU power and can degrade response time significantly. The 7110/7115 provides a completely transparent way to increase the performance of Web sites for SSL transactions.
CHAPTER 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide New in This Release New features in the Intel® NetStructure™ 7110/7115 e-Commerce Accelerator include: • Improved performance: Threefold increase in SSL connections processed per second—from 200 to 600 (7115 only) • More certificate mappings: Up to 1000 certificate mappings supported • Remote Management: • 1-2 • Telnet—standard remote access to the Command Line Interface (CLI) with new “Console Monitoring” features • SSh
CHAPTER 1 Who Should Use this Book • Monitoring: Users can now configure the 7110/7115 to send periodic multi-status reports to the administration console or a remote management session (Telnet and SSh).
CHAPTER 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide How to Use this Book The information in this book is organized as follows: 1-4 • Chapter 1: Introduction provides an introduction and overview of the 7110/7115, and a summary of new features. • Chapter 2: Installation and Initial Configuration contains installation and initial configuration procedures. (This material is also discussed in the separate Quick Start Guide.
CHAPTER 1 How to Use this Book • Appendix E: Terms and Conditions contains the software license and terms and conditions of user of this product. • Glossary defines terms appearing in this User Guide.
CHAPTER 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes 1-6
Installation and Initial Configuration Intel® NetStructure™ 7110/7115 e-Commerce Accelerator installation and initial configuration instructions are in this chapter. Before You Begin WARNING: Do not remove the cover. There are no user-servicable parts inside. Before you begin installation, you need the following: • IP address for 7110/7115 (only if you intend to use the Remote Management) • IP addresses and ports of servers. • Keys/certificates.
CHAPTER 2 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Installing the 7110/7115 FreeStanding or in a Rack The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator is physically installed in either of two ways: • In a standard 19” rack, cantilevered from the provided mounting brackets • Free-standing on a flat surface with sufficient space for air-flow Rack Installation Rack mounting requires the use of the mounting brackets, and all four of the included Phillips screws. 1.
CHAPTER 2 Installing the 7110/7115 Free-Standing or in a Rack 3. Position the 7110/7115 in the desired space of your 19” rack and attach the front flange of each mounting bracket to the rack with two screws each. (Rack-mounting screws are not provided.) Free-Standing Installation 1. Attach the provided self-adhesive rubber feet to the 7110/7115’s bottom. 2.
CHAPTER 2 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Status Check Before proceeding to the PC Initialization section, take a moment to verify that the 7110/7115 is correctly connected. Network and Server LEDs Verify that the Network and Server LEDs are both illuminated. If one or both are not, refer to the Troubleshooting section at the end of this chapter. Inline LED A blinking Inline LED indicates that the system is online in Fail-safe mode.
CHAPTER 2 Installing the 7110/7115 Free-Standing or in a Rack 2. Type an appropriate name in the Name field of the Connection Description window (e.g., “Configuration”), and then click the OK button. The Phone Number panel appears. 3. In the Connect Using… field specify “Direct to COM1” (or the serial port through which the PC is connected to the 7110/7115 if different from COM1). 4. Click the OK button. The COM1 Properties panel appears. Set the values displayed here to 9600, 8, none, 1, and none. 5.
CHAPTER 2 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Troubleshooting Server and Network LEDs If either the Network or Server LED fails to illuminate using either straight-through or crossover network cables, the problem may be elsewhere in the network. Verify by wiring around the 7110/7115. Inline LED The Fail-through switch allows you to control what happens in the event of a failure. It is located in a recess between the Network and Server connectors.
Theory of Operation Security New in the Intel® NetStructure™ 7110/7115 e-Commerce Accelerator is Remote Management capability. This feature requires that the 7110/7115’s network interface be assigned an IP address, thus security becomes a matter for your attention. If you intend to manage your 7110/7115 from a remote location, be sure to read the section “Access Control,” Chapter 6, “Remote Management.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Ideally, the 7110/7115 is located in the same rack as the server, separated by a short distance. . Intel® NetStructure™ 7110/7115 e-Commerce Accelerator Router Single Server Figure 3-1: 7110/7115 in Single Server Configuration Multiple Servers Given the SSL processing power of the 7110/7115, multiple servers can be supported. In this configuration, the 7110/7115 sits between the router and the switch.
CHAPTER 3 Working with Internet Traffic Management (ITM) Devices Working with Internet Traffic Management (ITM) Devices The 7110/7115 is compatible with Internet Traffic Management (ITM) devices. In such environments, the 7110/7115 lies between the router and the ITM device, or between the ITM device and the server. ITM devices distribute workload across multiple servers and redirect traffic based on content.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Positioning 7110/7115 between ITM Device and Server If security considerations require limited network access to clear text, the 7110/7115 should be placed between the ITM device and the server.
CHAPTER 3 Keys and Certificates 7110/7115 on the server side can also be enabled to spill to the server. Spilling is performed dynamically on a connection-by-connection basis. (See spill command, Chapter 5, “Command Reference.”) If spill is disabled, the 7110/7115 “throttles,” that is, will not accept incoming requests when it becomes overloaded.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide There are three ways to obtain keys and certificates: • Obtaining a certificate from VeriSign§ or other certificate authority • Using an existing key/certificate • Creating a new key/certificate on the 7110/7115 Cutting and Pasting with HyperTerminal§ Cutting and pasting is an integral part of the next several procedures. Below are procedures for cutting and pasting in HyperTerminal§.
CHAPTER 3 Keys and Certificates Obtaining a Certificate from VeriSign§ or Other Certificate Authority Use the create key command to create your key and the create sign command to create a signing request to be sent to VeriSign or other certificate authority for authentication. The certificate authority will return it in approximately one to five days. After you have received the certificate, use the import cert command to import it into the 7110/7115.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide • Locality: This is usually the name of the city where your organization’s head office is located. • Organization: This should be the organization that owns the domain name. The organization name (corporation, limited partnership, university, or government agency) must be registered with some authority at the national, state, or city level. Use the legal name under which your organization is registered.
CHAPTER 3 Keys and Certificates Typically, the CSR will look something like this: -----BEGIN CERTIFICATE REQUEST----MIIBnDCCAQUACQAwXjELMAkGA1UEBhMCQ0ExEDOABgNVBAgT B09udGFayW8xEDAOBgNVBAcTB01vbnRyYWwxDDAKBgNVBAoT A0tGQzEdMBsGA1UEAxMUd3d3Lmlsb3ZlY2hpY2tlbi5jb20w gZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBALmJA2FLSGJ9 iCF8uwfPW2AKkyyKoe9aHnnwLLw8WWjhl[ww9pLietwX3bp6 Do87mwV3jrgQ1OIwarj9iKMLT6cSdeZ0OTNn7vvJaNv1iCBW GNypQv3kVMMzzjEtOl2uGl8VOyeE7jImYj4HlMa+R168AmXT 82ubDR2ivqQwl7AgEDoAAwDQYJKoZIhvcNAQEEBQADgYEAn8 BT
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide 5. Create mapping for Server 1. Use the create map command to specify the server IP address, ports, and keyID. Intel 7115> create map Server IP (0.0.0.0): 10.1.1.30 SSL (network) port [443]: Cleartext (server) port [80]: KeyID to use for mapping: mywebserver 6. Save the configuration when the server has been mapped. Intel 7115> config save Saving configuration to flash...
CHAPTER 3 Keys and Certificates Apache SSL§ For key: 1. Look in $APACHESSLROOT/conf/httpd.conf for location of *.key file. 2. Copy and paste the key file. For certificate: 1. Look in $APACHESSLROOT/conf/httpd.conf for location of *.cert file. 2. Copy and paste the certificate file.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Stronghold§ For key: 1. Look in $STRONGHOLDROOT/conf/httpd.conf for location of *.key file. 2. Copy and paste the key file. For certificate: 1. Look in $STRONGHOLDROOT/conf/httpd.conf for location of *.cert file. 2. Copy and paste the certificate file. Importing into the 7110/7115 1. Use the import key command with the keyID, and choose an import protocol for importing the key. In this case, use the default to “paste.
CHAPTER 3 Keys and Certificates 2. Use the import cert command with the keyID. As with import key, choose an import protocol for importing the key. Use the default to “paste.” When the paste is finished, add a line break followed by three periods to display the command line. Intel 7115> import cert mywebserver keyid is mywebserver; Import protocol: (paste, xmodem, uudecode) [paste]: Type or paste in date, end with ...
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Creating a new Key/Certificate on the 7110/7115 Use the create key and create cert commands to create new keys and certificates for 7110/7115 operation. This procedure can be used when there are no existing keys and certificates on the server. The advantage is that this method is very fast, but a certificate authority has not signed the certificates. The fields input to create a certificate are called a Distinguished Name (DN).
CHAPTER 3 Keys and Certificates 4. Save the configuration when the server has been mapped. Intel 7115> config save Saving configuration to flash... Configuration saved to flash Intel 7115> Global Site Certificates Overview Four types of certificates are involved in the following discussion: • Root Certificate. The certificate of a trusted CA such as VeriSign. • Server Certificate. Loaded on the server. Can be either selfgenerated or received from a certificate authority such as VeriSign.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide A global site certificate is validated by an accompanying intermediate CA certificate. (Such pairs are called “chained certificates.”) Examples of intermediate CA certificates include Microsoft SGC Root§, and VeriSign Class 3§ CA.
CHAPTER 3 Redirection: Clients and Unsupported Ciphers : OTk3IFZlcmlTaWduMA0GCSqGSIb3DQEBAgUAA4GBALiMmMMr SPVyzWgNGrN0Y7uxWLaYRSLsEY3HTjOLYlohJGyawEK0Rak6 +2fwkb4YH9VIGZNrjcs3S4bmfZv9jHiZ/4PC/ NlVBp4xZkZ9G3hg9FXUbFXIaWJwfE22iQYFm8hDjswMKNXRj M1GUOMxlmaSESQeSltLZl5lVR5fN5qu -----END CERTIFICATE----- ...
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Intel 7115> list map Map Net Ser Cipher Re- Client ID KeyID Server IP Port Port Suites direct Auth == ===== ========= ==== ==== ====== ===== ==== 1 default Any 443 80 all(v2+v3) n n 2 sample 10.1.2.5 443 80 med(v2+v3) y n Intel 7115> show redirect 2 Redirect URL for map 2 is set: http://www.ecomm_site.com/cipher_info.
CHAPTER 3 Client Authentication Next, import the client CA certificate for Map ID 2. Intel 7115> import client_ca 2 Import protocol: (paste, xmodem, uudecode) [paste]: Type or paste in data, end with ... alone on line -----BEGIN CERTIFICATE----MIIDxzCCAzCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBpDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ BgNVBAcTCVNhbiBEaWVnbzEUMBIGA1UE . . . XcCabZcfBRuYcZeUoNrGUl8tD80jp2YNG1vidgLEaD1YCli5 I9/mNrcB25mSfdAR /08ROTMxm4VKOSA= -----END CERTIFICATE----- ...
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Creating a Client CA Certificate using OpenSSL§ NOTE: To acquire a copy of OpenSSL§ for your environment, access the OpenSSL§ Web site at www.openssl.org There are software packages available that handle the details of client certificate generation, however, you can implement them manually. The following example illustrates the appropriate steps using OpenSSL§: 1.
CHAPTER 3 SSL Processing SSL Processing The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator handles several SSL protocols, for example, HTTPS (which is the default). For security purposes, you can block access to specified IPs or ports (see “Blocking” section). Traffic that is not mapped or blocked flows through transparently (see “Failure” section). Supported protocols are listed below. (Ports listed are “well-known” port assignments. Any available port may be used.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide of “default.” Under this initial configuration, automapping occurs on any server with this network port (443) when traffic is routed through the 7110/7115. Automapping with user-specified key and certificate When a user-specified key and certificate are to be automapped, the user can replace the initial automapping entry with the create map command. By specifying the same unique identifier (server IP of 0.0.0.
CHAPTER 3 SSL Processing Combining automapping and manual mapping NOTE: If both manual mappings and applicable automappings are available, the 7110/7115 always uses the manual mapping. Any combination of automapping and manual mapping entries, up to a total of 1000, can be used provided the server IP address and network port combinations are unique. Several of the scenarios in Chapter 4 include step-by-step mapping procedures. Blocking NOTE: Blocking is always performed before mapping.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Subnet IP, Specific Port To block a subnet IP, and specific port combination: 1. Type a subnet IP address, using 0 as the final octet. (In the example below, all IPs from “10.1.x.x” to “20.1.x.x” are blocked on port 80.) 2. Type the subnet mask, with 0 indicating the portion of the IP address to be ignored. 3. Type the specific port. 4. Press Enter to accept the default port mask.
CHAPTER 3 SSL Processing Example: Intel 7115> create block Client IP to block [0.0.0.0]: Client IP mask [0.0.0.0]: Server IP to block [0.0.0.0]: Server IP mask [0.0.0.0]: Server Port to block: 80 Server Port mask [0xffff]: 5. Use the show block command to confirm the block: Intel 7115> show block ----------blocks : ----------(1) block 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 80 0xffff ----------- Delete a Block The example below illustrates how to delete a subnet block.
CHAPTER 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Failure Conditions, Fail-safe, and Fail-through During any failure condition of the 7110/7115, unprocessed data packets can either pass through or not, depending on whether Failsafe or Fail-through mode is enabled. The Fail-through switch is by default in Fail-safe mode, meaning that during a failure no data packets will pass from one side of the 7110/7115 to the other. For details, see “Failure/Bypass Modes” in Appendix B.
Scenarios This section contains scenarios illustrating examples of Intel® NetStructure™ 7110/7115 e-Commerce Accelerator configurations: • Scenario 1: Single server • Scenario 2: Multiple servers • Scenario 3: Multiple 7110/7115s, cascaded • Scenario 4: Different ingress and egress routers
CHAPTER 4 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Syntax The CLI uses the following syntax: Symbol Significance Angled brackets (< >) Angled brackets designate where you type variable parameters. Straight brackets ([ ]) Choices of parameters appear between straight brackets, separated by vertical bars. Braces ({}) Optional commands or parameters appear between braces. Boldface Commands shown as they are typed after the CLI prompt appear in boldface type.
CHAPTER 4 Scenario 1—Single Server Scenario 1—Single Server This scenario describes a typical configuration of a 7110/7115 with one server, using either automapping or manual configuration/ mapping. This scenario describes the fastest way to get up and running with a 7110/7115. Intel® NetStructure™ 7110/7115 e-Commerce Accelerator Router Single Server Figure 4-1: Single 7110/7115, Single Server Installation Procedure for Scenario 1 Automapping 1.
CHAPTER 4 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide 3. Create a mapping for the server. Use the create map command to specify the server IP address, ports, and keyID. Intel 7115>create map Server IP (0.0.0.0): 10.1.1.30 SSL (network) port [443]: Cleartext (server) port [80]: KeyID to use for mapping: myserver 4. You can delete the default mapping. After the user has manually created the mapping, the default mapping can be deleted.
CHAPTER 4 Scenario 2—Multiple Servers Scenario 2—Multiple Servers This scenario shows how to configure two or more servers. Router Intel® NetStructure™ 7110/7115 e-Commerce Accelerator Server 1 10.1.1.30 Hub/switch Server 2 10.1.1.31 Figure 4-2: Single 7110/7115, Multiple Server Installation Procedure for Scenario 2 1. Perform the installation as described in Chapter 2. Access the 7115 command prompt. 2.
CHAPTER 4 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide 4. Create a mapping for Server 2. As in the previous step, use the create map command to specify the server IP address, ports for the second server, and the keyID. Intel 7115>create map Server IP: 10.1.1.31 SSL (network) port [443]: Cleartext (server) port [80]: KeyID to use for mapping: myserver 5. Use the list map command to view the mapping.
CHAPTER 4 Scenario 3—Multiple 7110/7115s, Cascaded 8. Save the configuration when mapping is completed for the server(s). Intel 7115>config save Saving configuration to flash... Configuration saved to flash Intel 7115> Scenario 3—Multiple 7110/ 7115s, Cascaded This scenario shows how to cascade 7110/7115s for additional performance and availability. The same procedures apply that were performed in Scenario 3.
CHAPTER 4 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Intel® NetStructure™ 7110/7115 e-Commerce Accelerators Hub/Router/Switch Server Figure 4-3: Multiple (Cascaded) 7110/7115s Procedure for Scenario 3 1. Configure the 7110/7115 farthest from the server as described in any of the preceding scenarios. Remain connected to that specific 7110/7115 for the export configuration procedure. 2. At the command prompt, type the set spill enable command.
CHAPTER 4 Scenario 3—Multiple 7110/7115s, Cascaded 9. Specify a filename for the received file and click OK. The operation concludes and the normal prompt reappears. Use Ctrl-X to kill transmission Export successful! Intel 7115> 10. Connect to the second 7110/7115, either through the console connection or another window (if both are connected to the same PC). 11. Import the configuration. Use the import config command to begin the process. Select xmodem (x) and press Enter to begin the import process.
CHAPTER 4 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Scenario 4—Different Ingress and Egress Routers This scenario describes the configuration of a 7110/7115 when the ingress and egress traffic paths are different. This scenario includes: Client • One or more servers • One or more 7110/7115s (Multiple commerce accelerators can be cascaded in this configuration.
Command Reference The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator is fully configurable through the Command Line Interface (CLI). The CLI is accessible through the console and aux console RS232 ports. Online Help The 7110/7115 provides online help with the following options: • Type help to display a summary of commands. • Type help (or ? ) for a description of a specific command or, if relevant, a list of subcommands you can enter from within .
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Line Interface The CLI handles all user interactions on the console and auxiliary console RS232 ports. One instance per port runs at all times. User Authentication To gain access to the CLI, the user must first be authenticated by providing a password at the logon banner prompt. The logon banner provides build version information and the serial number.
CHAPTER 5 Command Line Interface However, “sh” as shown below, is not an abbreviation to uniqueness in that it does not distinguish between show and showsnmp. Intel 7115> sh The solitary letter “e” in the context of the next example, (i.e., preceded by “ssh”), uniquely indicates ssh enable. Intel 7115> set ssh e SSH Service started.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Input Editing Commands Moving the Insertion Point Command Description ctrl-b Move back one character. ctrl-f Move forward one character. ctrl-a Move to the start of the current line. ctrl-e Move to the end of the line. ctrl-l Clear the screen and redraw the current line, leaving the current line at the top of the screen.
CHAPTER 5 Command Line Interface Cut and Paste Command Description ctrl-d Delete the character underneath the cursor. ctrl-k Delete the text from the current cursor position to the end of the line. ctrl-u Delete backward from the cursor to the beginning of the current line. ctrl-w Delete the word behind the cursor, using white space as a word boundary. ctrl-y Copy text that has been deleted. backspace/del Delete the character to the left of the cursor.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Summary This section contains a high-level view of the 7110/7115’s command structure. Details appear in the next section, Command Reference.
CHAPTER 5 Command Summary Command Command Options import cert client_ca config key patch upgrade inline list blocks filters (shows blocks and permits) keys logs maps monitoring permits procs service snmp_community trap_community nic password reboot 5-7
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Command Options set alarms cache ciphers ciphers default client_tmo date defcert egress_mac x:x:x:x:x:x: egress_mac none ether idleto ip kstrength max_remote_sessions<1-5> monitoring monitoring_interval monitoring_fields more ovl_window prompt redirect redirect none route x.x.x.
CHAPTER 5 Command Summary Command Command Options show alarms blocks cache cert client_ca client_tmo config config default config saved date defcert egress_mac ether filters idleto info ip key kstrength logs map max_remote_sessions monitoring monitoring_interval monitoring_fields more ovl_window permits rsc_window redirect route serial server_tmo ssh ssh_port sign spill status telnet 5-9
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Command Options show telnet_port utl_highwater utl_lowwater utl_window setsnmp snmp snmp_community snmp_port snmp_info sys_contact sys_location sys_name trap_authen trap_community trap_port showsnmp snmp snmp_community snmp_port snmp_info sys_contact sys_location sys_name trap_authen trap_community trap_port status realtime line tty_char 5-10
CHAPTER 5 Command Reference Command Reference Help Commands Command Description help Display the list of available commands. help Display usage for a single command. help usage Display all commands and their usage. tty_char View the available list of keyboard shortcut commands. Status Command Command Description status Display device statistics. Several modes are available, as described below. (Default: realtime.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide SSL Commands Command Description create key Create a new keypair and associate it with a Key ID. Example: Intel 7115> create key Key strength (512/1024) [512]: 1024 New keyID [001]: Keypair was created for keyID: 001. Intel 7115> delete key Delete a specified keypair for a given Key ID. Syntax: Intel 7115> delete key where is the Key ID whose associated keypair you wish to delete.
CHAPTER 5 Command Reference Command Description export key Export a keypair for a specified Key ID (ASCII, xmodem, or uuencode). Syntax: Intel 7115> export key Export protocol: (xmodem, uuencode, ascii) [ascii]: Press any key to start, then again when done... -----BEGIN RSA PRIVATE KEY----MIIBOgIBAAJBALqeajCDgfa8fY8FROLi0B8fVp3m4EI 2MpOzKvEKKe6Kk5pDBkH83tUBkssGBtbnDYHkiAyGzA . . .
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description create cert Create a new certificate for a specified Key ID. Syntax: Intel 7115> create cert where is the Key IDfor which you wish to create a certificate. delete cert Delete the certificate associated with a specified Key ID. Syntax: Intel 7115> delete cert where is the Key ID whose associated certificate you wish to delete.
CHAPTER 5 Command Reference Command Description show cert Display the expanded certificate (including PEM format) associated with a specified Key ID. If no Key ID is specified, displays all certificates. Syntax: Intel 7115> show cert where is the Key ID whose associated certificate you wish to view. set ciphers Establish the list of ciphers and cipher strengths that will be recognized by the specified Map ID.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description set redirect Set an alternative address to which a client is directed in the event it doesn’t support the specified Map ID’s selected cipher suites. Syntax: Intel 7115> set redirect [none] Enter redirect URL []: where is the Map ID for which you wish to define a redirect URL, and is the Web address to which you wish to redirect clients that don’t support the selected cipher suites.
CHAPTER 5 Command Reference Command Description import client_ca If you wish to authenticate a client, use this command to import the trusted CA’s certificate. When enabled, clients without certificates or with invalid certificates are refused connection. Syntax: Intel 7115> import client_ca Import protocol: (paste, xmodem, uudecode) [paste]: Type or paste in data, end with ... alone on line (certificate pasted here...) ...
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description delete sign Delete the signing request for a specified Key ID. Syntax: Intel 7115> delete sign where is the Key ID number of the Key whose signing request you wish to delete. export sign Export signing request (PEM format) for specified Key ID. Syntax: Intel 7115> export sign where is the Key ID number of the Key whose signing request you wish to export.
CHAPTER 5 Command Reference Command Description set defcert Set the default certificate creation information. For example, country, state, city, organization, organization unit, issuer name, and issuer e-mail address. You can change all, some or none of the fields. Press Enter to accept a default and move to the next field.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description set kstrength Set the default key strength. Usable values are 512 or 1024. The default value is 512. Syntax: Intel 7115> set kstrength <512 | 1024> where <512> allows you to specify low key strength and <1024> allows you to specify high key strength. show kstrength Display the default key strength value.
CHAPTER 5 Command Reference Command Description set server_tmo Limits the period of time to establish a connection with the server. If the connection is not established within the specified time, the client request is rejected. NOTE: Typical causes for server timeout include: server powered off, server not accessible, application is not available on the specified port. Syntax: Intel 7115> set server_tmo where is a value in seconds between 5 and 36000.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Port Mapping Commands These commands are used to execute the operations described in Chapter 3’s Mapping and Blocking sections. Command Definition create block Create a block to preclude access to specified IP addresses or through specified ports. A single IP, a single port, or all ports can be blocked. If fewer than all ports are to be blocked, you must repeat the create block command for each one.
CHAPTER 5 Command Reference Command Definition create permit Create a configuration allowing a specified user access to specified servers and ports, and/or denying the specified user access to specified servers and ports. Example: Intel 7115> create permit Client IP to permit [0.0.0.0]:10.1.2.1 Client IP mask [0.0.0.0]:255.255.0.0 Server IP to permit [0.0.0.0]:20.1.2.1 Server IP mask [0.0.0.0]:255.255.0.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Definition create map Create a mapping that associates server IP, SSL port, clear text port, and Key ID. Example: Intel 7115> create map Server IP (0.0.0.0): 1.1.1.1 SSL (network) port [443]: 443 Cleartext (server) port [80]: 8080 KeyID to use for mapping: 4 Intel 7115> NOTE: The Key ID used with a new mapping must exist prior to executing create map. Use create key to create a new Key ID.
CHAPTER 5 Command Reference Operational Commands Command Description bypass Enables bypass mode, in which traffic flows through 7110/7115 without being processed. See Failure/Bypass Modes in Appendix B for details. See the inline command below for reversing bypass. WARNING: Do not issue the bypass command from a remote management session Example: (Telnet or SSh). Doing so Intel 7115> bypass will result in an immediate disconnect from the 7110/ 7115.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description set spill Allows you to enable or disable spill mode. “Spill” is used to offload processing of a request, when the 7115 has reached a specified queue threshold, to a secondary 7115 or to the server. Example: Intel 7115> set spill enable Verify spill setting with the show spill command: Intel 7115> show spill Spill on overload: enabled Intel 7115> show spill Display spill setting (enabled or disabled).
CHAPTER 5 Command Reference Remote Management Commands Command Description set ip Assign an IP address and netmask to the 7115’s network interface for Telnet and SSh sessions. CAUTION: The assignment of an IP address introduces security issues. Please refer to the “Access Control” section of Chapter 6. NOTE: To disable a currently configured IP, use set ip followed by none. Example: Intel 7115> set ip Enter IP Address (’none’ to delete) [10.1.2.124]: Enter Netmask [255.255.0.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description set telnet Enables or disables Telnet sessions. When this command is set to “enable” and an IP address is assigned to the 7115’s network interface, you can access the device’s CLI via remote Telnet session. When disabled, the device refuses Telnet connections. The console prompts for any missing parameters. Default: disable. Syntax: Intel 7115> set telnet enable Need an IP address to start Telnet service.
CHAPTER 5 Command Reference Command Description show telnet_port Display the port on which Telnet sessions are currently accepted. Example: Intel 7115> show telnet_port Telnet port: 23 set ssh Enable or disable Secure Shell (SSh) sessions. When this command is set to “enable” and an IP address is assigned to the 7115’s network interface, you can access the device’s CLI via remote SSh session. When disabled, the device refuses SSh connections. Default: disable.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description setsnmp snmp Enable or disable the SNMP agent. When enabled, you can set configure SNMP information and parameters (see setsnmp snmp_info, below) for the 7115. Default: disable. Syntax: Intel 7115> setsnmp showsnmp snmp Displays the current status of the SNMP agent: enabled or disabled.
CHAPTER 5 Command Reference Command Description showsnmp snmp_info Display the currently effective SNMP information and parameters. Example: Intel 7115> showsnmp snmp_info SNMP Port Number : 161 SNMP Trap Port Number: 162 SNMP System Contact : support SNMP System Name : 7115 SNMP System Location : San Diego System IP Address : 10.1.2.124 System Netmask : 255.255.255.0 Default Route : None setsnmp snmp_community Set SNMP community strings. Example: Intel 7115> setsnmp snmp_community IP []:xxx.xxx.xxx.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description setsnmp trap_authen When enabled, the SNMP manager receives traps upon failed authentication attempts. Example: Intel 7115> setsnmp trap_authen setsnmp trap_authen Displays current status of trap authentication trap. Example: Intel 7115> showsnmp trap_authen Trap Authentication: Enabled setsnmp trap_community Sets SNMP trap community strings.
CHAPTER 5 Command Reference Command Description delete trap_community Delete SNMP trap community strings. Example: Intel 7115> delete trap_community SNMP Trap Community String(s) Deletion. <2> Current Available SNMP Trap Community String(s): 1.) IP: 0.0.0.0 => String: public 2.) IP: 0.0.0.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Alarms and Monitoring Commands Command Description set alarms Enable all or a selection of the 7115’s alarms. Syntax: Intel 7115> set alarms where enables all five of the 7115’s alarms. enables the Encryption Status Change Alarm.
CHAPTER 5 Command Reference Command Description show rsc_window Display current Refused SSL Connections Alarm interval. Syntax: Intel 7115> show rsc_window Check refused SSL connections [secs]: 10 set utl_window Set interval (window) at which the device checks for exceeded utilization thresholds (CPU load, Connections per Second, or Total Open Connections and, if any are detected, issues a Utilization Threshold Alarm.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description set utl_lowwater Set the Utilization Threshold Alarm low-water value. Expressed as a percentage, the low-water value represents the lowest CPU utilization, Connections per Second, or Total Open Connections required to trigger a UTL Alarm. (Range: 2-100, default: 90) NOTE: See also set utl_window and set utl_highwater, this section.
CHAPTER 5 Command Reference Command Description show ovl_window Display the current Overload Alarm window.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Configuration Commands Command Description show config Display current volatile configuration settings. Example: Intel 7115> show config # default config file created on Tues July 25 06:56:46 2000 (Configuraton parameters are displayed here...) Intel 7115> show config saved Display saved non-volatile configuration settings.
CHAPTER 5 Command Reference Command Description show config default Display default configuration settings. These are values used when factory default commands are executed. Example: Intel 7115> show config default Default configuration ===================== conlog 0xffffffef ilog 0xffffffff trace 0xfffff3dd media auto logport tty01 cache 3 server_tmo 5 client_tmo 30 serverif exp1 netif exp0 map 0.0.0.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description config compare Display differences between saved and current configuration. For optimal flexibility in configuration and testing, the 7115 supports both “current” (volatile) and “saved” (non-volatile) configurations. The config compare command displays the differences, if any, between the two configurations.
CHAPTER 5 Command Reference Command Description export config Export all configuration, key, sign and certificate information (ASCII, xmodem, uuencode). WARNING: Do not edit an Example: exported configuration file. Intel 7115> export config Export protocol: (xmodem, uuencode, ascii) [ascii]: Press any key to start, then again when done... # default config file created on Fri Jul 28 06:56:46 2000 (...configuration specifics are displayed...
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description import upgrade Import a complete software release. (See Chapter 6 for details regarding software updates.) Example: Intel 7115> import upgrade Import protocol: (xmodem, uudecode) [xmodem]: Start xmodem upload now Use Ctl-x to cancel upload Verifying upgrade image... upgrade image valid version x.
CHAPTER 5 Command Reference Command Description factory_default Returns to factory configuration settings. Example: Intel 7115> factory_default Reset to default configuration [n]: y Reset to factory defaults System rebooting...done T944 V2.31 DXC. .. 868242+361188O/S running Generating 512 bit default key Generating default certificate Saving default key/cert to flash Restricted Rights Legend (...copyright and version information displayed here...
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Administration Commands Command Description password Set the password. Example: Intel 7115> password Old password: Enter new admin password (5 chars Retype new password: min.): admin Password changed... Intel 7115> show info Display software version information.
CHAPTER 5 Command Reference Command Description set egress_mac Allows the configuration of a 7115 when the ingress and egress traffic paths are different. (See Chapter 4, Scenario 4.) set ether Specify ethernet settings. Example: Intel 7115> set ether 1 - auto 2 - 10baseT, half duplex 3 - 10baseT, full duplex 4 - 100baseTX, half duplex 5 - 100baseTX, full duplex Select media type [1]: Media set to auto Intel 7115> show ether Display ethernet settings.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description set more Set the page length of the console display. Default is 300. Syntax: Intel 7115> set more where is the desired number of lines. Valid inputs are 0 (to disable), or 23 or greater. nic Allows you to set the network interface card configuration.
CHAPTER 5 Command Reference Command Description show serial Display console serial parameters. Example: Intel 7115> show serial Speed: 9600 Bits: 8 Stop bits: 1 Parity: n Intel 7115> exit Log the user out of the CLI. If the current configuration has changed, the user is allowed to save the current configuration as the active configuration. Example: Intel 7115> exit Goodbye . . . password: Logging Commands Command Description export log Export a saved log/trace file.
CHAPTER 5 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Command Description delete log Delete saved log/trace files from /flash/logs. Syntax: Intel 7115> delete log | all where is the ID of the specific log you wish to delete, and all deletes all logs. list logs 5-48 List all log files.
Remote Management Overview The current software release allows you to remotely manage the 7110/7115. Remote management is available via three protocols: NOTE: Remote management functions can be enabled and configured only through the local serial console. • Telnet • Secure Shell (SSh) • SNMP When enabled, remote management allows you to access the device’s Command Line Interface (CLI) from Telnet or SSh sessions running on remotely located machines.
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Limitations Note that several CLI capabilities available at the local console are unavailable in remote sessions.
CHAPTER 6 Overview • show telnet_port displays current telnet port. SSh-specific: • set ssh enable|disable enables or disables SSh sessions. • show ssh displays current SSh status: enabled or disabled. • set ssh_port sets the SSh port. (Default: 22.) • show ssh_port displays current SSh port. SNMP-specific: • setsnmp snmp enable|disable enables or disables SNMP management. • showsnmp snmp displays current SNMP status: enabled or disabled.
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Remote Telnet Sessions This section contains procedures for accessing the 7110/7115’s CLI via remote Telnet session. Local Serial Console Assign an IP address to the 7110/7115’s network interface using the following procedure: Intel 7115> set ip Enter IP [10.1.2.56]: 10.1.1.1 Enter Netmask [255.255.255.
CHAPTER 6 Remote Telnet Sessions Remote Console, Telnet With remote Telnet enabled on the 7110/7115, use the following procedure to access it’s CLI: Unix-prompt> telnet 10.1.1.1 Trying 10.1.1.1... Connected to 10.1.1.1. Escape character is ’^]’. . . .
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Disabling Telnet Telnet sessions are disabled at the 7110/7115’s local serial console. To disable, follow the steps below: Intel 7115> set telnet disable To verify Telnet disable: Intel 7115> show telnet Telnet: disable To ensure that Telnet sessions remain disabled across a device shutdown and startup, run the config save command.
CHAPTER 6 Remote SSh Sessions Verify the route configuration (optional): Intel 7115> show route Default Route : 10.1.1.1 Delete a route configuration (optional): Intel 7115> set route none NOTE: To ensure that this remote management configuration persists across a device shutdown and startup, run the config save command. Remote SSh management is now enabled and configured on the 7110/7115. Now you can access the CLI from a remote SSh session.
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide To display the SSh port: Intel 7115> show ssh_port SSH Port Number: 220 Disabling SSh SSh sessions are disabled at the 7110/7115’s local serial console. To disable, follow the steps below: Intel 7115> set ssh disable To verify SSh disable: Intel 7115> show ssh SSH: disable To ensure that SSh sessions remain disabled across a device shutdown and startup, run the config save command.
CHAPTER 6 SNMP Standards Compliance The 7110/7115 SNMP agent is bilingual and can support both SNMPv1 and SNMPv2c requests. Intel private enterprise MIB files are compliant with SMIv2 as specified in RFC 1902. SET operations are not allowed for any Intel private MIB objects for the 7110/7115, although you can change MIB variable values by way of commands issued on the CLI. Intel MIB Tree Figure 6-1 illustrates the top level of Intel’s MIB tree. iso.org.dod.internet.private.enterprises (1.3.6.1.4.
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide All Intel enterprise MIBs and MIB objects are defined under the mib2ext branch of the Intel tree. All sysObjectIds that identify Intel products are defined under the sysProducts branch of the Intel tree. Supported MIBs Management Information Base-II (MIB-II) Intel Enterprise MIBs: ceo-header.my ssl-appliance-mib.
CHAPTER 6 SNMP Enterprise Private MIB Summary Following is a summary of the 7110/7115 private MIB: mode inline(1): Device is configured to accelerate SSL traffic bypass(2): Device is configured to pass through all SSL traffic failMode safe(1): Two ethernet segments fail open, stopping traffic through(2): Two ethernet segments fail shorted, allowing traffic to continue spillMode throttle(1): Device will throttle SSL connections when utilization reaches 100% spill(2): Device will spill SSL connections when
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide thresholdAlarm enabled(1): Threshold alarm is turned on disabled(2): Threshold alarm is turned off overloadAlarm enabled(1): Overload alarm is turned on disabled(2): overload alarm is turned off linkStatusAlarm enabled(1): Network link status alarm is turned on disabled(2): Network link status alarm is turned off encryptProcessingState on(1): SSL processing on off(2):SSL processing halted encryptProcessingStateReason normal(1): Nor
CHAPTER 6 SNMP cpuUtilNetwork CPU utilization percentage processing network traffic (0-100) cpuUtilProxy CPU proxy utilization percentage (0-100) cpuUtilHiWater CPU utilization high water mark (2-100) cpuUtilLoWater CPU utilization low water msrk (1-99) cpuUtilState When CPU utilization exceeds the hi water mark, CPU utilization state is in alert and is not returned to normal until the lo water threshold is crossed sslCps SSL connections per second sslCpsMaximum Maximum SSL connection rate in connections
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide sslConnTotal Total number of SSL connections processed sslConnCntHiWater Concurrent open SSL connection count high water mark sslConnCntLoWater Concurrent open SSL connection count low water mark sslConnCntState When concurrent open SSL connection count exceeds the hi water mark, sslConnCntState is in alert and is not returned to normal until the lo water threshold is crossed encryptedBps Encryption rate in bytes per second encrypt
CHAPTER 6 SNMP throttlesPerSecMaximum Maximum number of throttles per second since (re)start throttlesTotal Total number of throttles since (re)start throttles Total number of throttles in the last sslOverloadInterval spillsPerSec Number of spills per second spillsPerSecMaximum Maximum number of spills per second since (re)start spillsTotal Total number of spills since (re)start spills Number of spills in the last sslOverloadInterval refusedSslInterval The periodic interval (in seconds) used when counting
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Trap Summary The following list summarizes the traps generated by the 7110/7115. For details about a particular trap, please read the description of each MIB above, or read the documentation within the MIB file. Traps are generated by SNMP. Standard SNMP Traps coldStart warmStart authenticationFailure linkUp linkDown Private Traps in ssl-appliance-mib.
CHAPTER 6 SNMP sslConnCntAlert The device has exceeded the open SSL connection count high water threshold sslConnCntNormal The open SSL connection count of the device is back to normal levels sslConnectionRefusedMismatch SSL connections were refused in the past sslRefusedInterval due to cipher suite negotiation failuresslConnectionRefusedAuthFail SSL connections were refused in the past sslRefusedInterval due to authentication failure of the client certificate sslOverloadSpills SSL connections were spille
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Specifying SNMP Information Configurable SNMP parameters can be set collectively using the setsnmp snmp_info command as illustrated below: Intel 7115> setsnmp snmp_info SNMP port [161]: 161 SNMP trap port [162]: 162 Contact Person []: support System Location []: System Name []: 7115 Current values of SNMP parameters are displayed using the shownmp snmp_info command: Intel 7115> showsnmp snmp_info SNMP port: 161 SNMP trap port: 162
CHAPTER 6 SNMP Community String Use CLI commands setsnmp snmp_community, list snmp_community and delete snmp_community to set, list, and delete SNMP community strings. Intel 7115> setsnmp snmp_community IP []: Community String []: Intel 7115> list snmp_community SNMP Community List IP: x.x.x.x => String : public => Rights : read Intel 7115> delete snmp_community SNMP Community String(s) Deletion. <2> Current Available SNMP Community String(s): 1.) IP: 0.0.0.0 => String: public 2.) IP: 0.0.0.
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Trap Community String Use CLI commands, setsnmp trap_community, list trap_community and delete trap_community to set, display, and delete trap community strings. Intel 7115> setsnmp trap_community SNMP Trap Community String(s) Setting. Enter a SNMP Trap Community IP (q to quit): 0.0.0.0 Enter a SNMP Trap Community String (q to quit): private Enter a SNMP Trap Community IP (q to quit): 0.0.0.
CHAPTER 6 Access Control Access Control The 7110/7115 provides block and permit commands which allow you to deny or allow clients to access servers based on IP, IP mask, port and port mask. To block a client, specified by IP and IP mask, from accessing a specified server, use the create block command as illustrated below: NOTE: To show, list or delete blocks and permits, see the Command Reference in Chapter 5. Intel 7115> create block Client IP to block [0.0.0.0]: 10.1.2.1 Client IP mask [0.0.0.0]: 255.
CHAPTER 6 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes 6-22
Alarms and Monitoring Overview The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator supports the configuration of alarms and to be sent to the console upon pre-designated events, and of periodic status-monitoring reports. Both alarms and monitor reports are single lines of text, with alarms being prefaced by the letter “A,” and monitor reports with the letter “M,”and both have timestamps.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide • Overload alarms • Network Link Status All alarms are disabled by default and may be enabled in any combination. Alarm format: A:yyyymmddhhmmss: ALARM_CODE:MODIFIER:EXTENDED_DATA:/ *message*/ Where: A: Identifies the message as an alarm (as opposed to a monitor report). yyyymmddhhmmss: The timestamp. ALARM_CODE: The alarm type: [ESC|RSC|UTL|OVL|NLS].
CHAPTER 7 Alarm Types For example: Intel 7115> set alarms Select monitoring fields (all, esc, rsc, utl, ovl, nls) [all]: all Intel 7115> show alarms All alarms are enabled. Intel 7115> set alarms none Intel 7115> show alarms All alarms are disabled. Alarm Types The configurable alarm types are detailed in separate sections below. ESC: Encryption Status Change Alarm When enabled, an alarm is issued when the device is changed between INLINE and BYPASS modes.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide FNTB: indicates front panel-controlled bypass FNTI: indicates front panel-controlled inline APPR: indicates application restart RSC: Refused SSL Connections When enabled, an alarm is generated whenever SSL connections are refused for cipher suite mismatch or client certificate authentication failure during the current user-specified period (5 to 65000 seconds, default: 15 seconds).
CHAPTER 7 Alarm Types To display Overload Alarm time window show rsc_window Examples: Intel 7115> set rsc_window 10 Intel 7115> show rsc_window Check refused SSL connections [secs]: 10 UTL: Utilization Threshold Alarm This alarm monitors three utilization threshold values: • CPU • Connections per Second • Total Open Connections.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide NMRL: Message: [CPU|Open connections|CPS] drop below low water mark Extended Data CPU: Indicates that CPU Utilization triggered the alarm. CON: Indicates that Total Active Connections triggered the alarm. CPS: Indicates that Connections per Second triggered the alarm.
CHAPTER 7 Alarm Types OVL: Overload Alarm WARNING: This alarm indicates loss of encryption/decryption. When enabled, an alarm is issued upon occurence of overloads resulting in spills or throttles during the current user-configured alarm period (5 to 65000 seconds, default: 15 seconds). Format: A:yyyymmddhhmmss:OVL:SPIL|THRT:XXX: /*message*/ Where: A: identifies the message as an alarm. yyyymmddhhmmss: is the timestamp. OVL: identifies the message as an Overload Alarm.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide NLS: Network Link Status Alarm An alarm is issued whenever the Network or Server link status is changed. Format: A:yyyymmddhhmmss:NLS:NETL|SVRL:LNKD|10HDX|10 FDX|100HDX|100FDX:/*message*/ Where: A: identifies the message as an alarm. yyyymmddhhmmss: is the timestamp. NLS: identifies the message as a Network Link Status Alarm. Alarm modifiers and messages: NETL: indicates the network port status.
CHAPTER 7 Alarm Logging The historical logs consist of a snapshot of the information retrievable via the status line command followed by a dump of the alarm buffer existing at the time of the exceptional condition. These alarms can be viewed on the console using the CLI command, status alarms. Additionally, any logs generated and saved as a result of an exceptional condition are viewable by using the CLI command, status .
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Transactions Spilled: 0 Times Thottled Accepts: 0 Bypass Mode: disable L&M board status: (0x00000060) RESPEND Network NIC: Duplex 100baseTX Half INLINE (0x00000026 0x00000003 0x00000026) Server NIC: No carrier (0x00000023 0x00000001 0x00000023) Network LED: on Server LED: off Next heartbeat deadline: never SSL Caching: Enabled.
CHAPTER 7 Alarm Logging ovl_window 15 rsc_window 15 utl_window 15 utl_high 90 utl_low 60 idle 300 kstrength 512 con_speed 9600 con_bits 8 con_stop 1 con_parity n defcert_cname US defcert_state California defcert_city San Diego defcert_orgname Intel Corporation defcert_orgunit Network Equipment Division defcert_name www.intel.com defcert_email support@intel.com prompt Intel 7115> trap_authen remote_if exp0 ip 10.1.11.34 netmask 255.255.0.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Example, status alarms command: Intel 7115> status alarms A:07/27/2000 14:57:05:ESC:CONI:/* Console inline */ A:07/27/2000 14:57:05:NLS:NETL:100HDX:/* Network port status, 100Mb/s, half dup/ A:07/27/2000 14:57:01:ESC:CONB:/* Console bypass */ A:07/27/2000 14:57:01:NLS:NETL:NC:/* Network port status, No carrier */ A:07/27/2000 14:56:51:NLS:SVRL:NC:/* Server port status, No carrier */ A:07/27/2000 14:56:46:NLS:SVRL:100FDX:/* Server p
CHAPTER 7 Monitoring Monitoring Monitoring Reports A monitoring report is one line of user-configurable text displayed at the console at a user-configurable interval of between five and 65000 seconds. The interval default is 15 seconds.Console Configuration Monitoring reports are disabled by default, and are enabled with the CLI monitor... command set.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide (t)otal NetIF;s Net interface; (s)tatus [NC|10HDX|10FDX|100HDX|100FDX] SvrIF;s Svr interface; (s)tatus [NC|10HDX|10FDX|100HDX|100FDX] BES;c,m,t Bytes Encrypted per Second; (c)urrent, (m)ax, (t)otal BDS;c,m,t Bytes Decrypted per Second; (c)urrent, (m)ax, (t)otal Monitoring Reports CLI Commands Below are the CLI commands for console monitoring, with defaults and ranges where applicable: set monitoring_interval (Range: 5650
CHAPTER 7 Monitoring Intel 7115> show monitoring_fields All monitoring fields are enabled. Intel 7115> set monitoring enable Intel 7115> show monitoring The monitoring report is enabled for this CLI.
CHAPTER 7 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes 7-16
s Software Updates Use the import upgrade command to update/upgrade your Intel® NetStructure™ 7110/7115 e-Commerce Accelerator software. When you upgrade your 7110/7115 software, the configuration (including all keys, certificates, and mapping) is saved. However, all log files are cleared. The software is in the form of an image file (*.IMG). Use the import patch command to install an Intel-provided patch to a current software release. Patches typically effect fixes to minor software issues.
CHAPTER 8 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Using Windows§ HyperTerminal§ Command: import upgrade Use the 7110/7115’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps. 1. Download the image file (.IMG) to the local PC. 2. Connect the serial cable from COM1 or COM2 to the 7110/7115 auxiliary console. 3. Log in to the 7110/7115. 4. Type the import upgrade command.
CHAPTER 8 Using Unix§ ‘cu’ and uuencoded image file Command: import patch Use the 7110/7115’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps. 1. Download the patch file (.patch) to the local PC. 2. Connect the serial cable from COM1 or COM2 to the 7110/7115 auxiliary console. 3. Log in to the 7110/7115. 4. Type the import patch command. The command prompts for xmodem or uuencode.
CHAPTER 8 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide 4. Use the ‘cu’ program to connect to the 7110/7115 (Device name may vary depending on your operating system). cu –l /dev/cuaa0 –s 115200 5. Log in to the 7110/7115. 6. Type the import upgrade command. At the prompt, press u or type uudecode. Intel 7115>import upgrade Import protocol: (xmodem, uudecode) [xmodem]: u Type or paste in data, end with ... alone on line. 7. To send the uuencoded file use the “~>” command. ~>nn.
CHAPTER 8 Using Unix§ ‘cu’ and uuencoded image file 6. Type the import patch command. At the prompt, press u or type uudecode. Intel 7115>import patch Import protocol: (xmodem, uudecode) [xmodem]: u Type or paste in data, end with ... alone on line. 7. To send the uuencoded file use the “~>” command. ~>nn.uu Verifying patch image... Patch successfully imported.
CHAPTER 8 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes 8-6
Troubleshooting Item Symptom 1 Server and/or Network LEDs not illuminated. Probable Cause • Unit is in Bypass mode. • Improper cabling. Remedy • If the Inline LED is not illuminated (solid or blinking) take the 7110/ 7115 out of Bypass mode by either pressing the Bypass switch on the unit’s front panel or using the CLI’s inline command.
CHAPTER 9 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Item Symptom 2 Non-SSL data does not pass through 7110/7115. 3 4 5 Web pages are not completely displayed, or an error message such as, “Document Contains No Data” appears. SSL traffic does not pass through 7110/ 7115 Error message: The page cannot be displayed. Probable Cause Improper cabling. Remedy • Refer to Item 1 in this table.
CHAPTER 9 Troubleshooting Item Symptom Probable Cause Remedy 6 Error message indicates that the browser does not recognize the signer of this certificate after loading global server ID. The intermediate certificate is not installed or is installed improperly. See Global Site Certificates in Chapter 3 for correct procedures.
CHAPTER 9 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Item Symptom Probable Cause Remedy 7 Error message: Server/Network media mismatch Server and network ports have autonegotiated to different media settings. Use the status command to determine the media settings: Intel 7115> status . . Network port 100baseTX Full Duplex Server port Duplex 10baseT, Half Then use the nic command to force common media attributes, e.g.
Front Panel The following diagram shows the LEDs, buttons, switches and connections for the Intel® NetStructure™ 7110/7115 e-Commerce Accelerator. Note that there is no power switch or button. Power is applied to the device by connecting the power cable.
APPENDIX A Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Buttons and Switches There are two buttons and one switch on the front panel of the 7110/ 7115. Button/Switch Action Reset button Press momentarily to issue a soft reset to the 7110/7115. Press for 5 seconds to reset the 7110/7115 and restore the factory defaults. Bypass button Press to physically force bypass mode (bypass 7110/7115 processing).
APPENDIX A LED Overload Front Panel LEDs Status ON – 7110/7115 is saturated with SSL requests. LED ranges from dim flickering to bright steady, indicating low to high spillover. Refer to the spill command for ways to offload requests to another 7110/7115. OFF – Normal operation. Activity ON – SSL processing is being performed. Ranges from dim, when processing loads are low to bright, when greater amounts of processing are occuring. OFF – No SSL processing is being performed.
APPENDIX A Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Connectors The following table describes the 7110/7115’s connectors. Designator Type Purpose Network RJ45 100baseTX/10baseT connection to network (clients), wired as a host port. Server RJ45 100baseTX/10baseT connection to server (or servers), wired as a hub port. Console DB9 RS-232 DTE console port (9600 8, N, 1) Aux Console DB9 RS-232 DTE console port (115200, 8, N, 1) includes kernel diagnostics at boot.
Failure/Bypass Modes WARNING: Enabling bypass mode will instantly and without warning terminate all active remote management sessions. The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator is designed with the ability to automatically bypass e-Commerce traffic in the event of a failure. If necessary, the user can force a bypass with the Bypass button or from the command line interface using the bypass command. There is also a security feature (Fail-through switch).
APPENDIX B Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide LEDs Inline Network Link (green) Server Link Network Link Server Link Reset Bypass Fail-Through switch Figure B-1: Front Panel Detail: Failure/Bypass Mode Controls and Indicators Bypass Button Forcing a bypass of the 7110/7115 may be necessary when certain actions must be performed offline (e.g., configuration changes, entering certificates, or problem isolation).
APPENDIX B Fail-through Switch (Security Level) or to be blocked. When the switch is in Fail-through mode (down position), traffic is allowed to pass through unprocessed in the event of a failure of the 7110/7115 or if the Bypass toggle is ON. During normal processing, the Inline (green) LED on the front panel indicates whether e-Commerce traffic will pass through in the event of a failure (depending on Fail-through switch state).
APPENDIX B Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes B-4
Supported Ciphers The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator supports only RSA key exchange and authentication. Diffie-Hellman (including Anonymous and Ephemeral) key exchange/authentication and DSS authentication are not supported. Use the set cipher command to specify the cipher. The command prompts you for the cipher strength and SSL version level.
A P P E N D I X C Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide SSL Version Level • SSLv2 - all SSL version 2.0 ciphers • SSLv3 - all SSL version 3.0 ciphers • SSLv2 and SSLv3 - all SSL version 2.0 and 3.0 ciphers The default cipher value is all supported ciphers (both SSLv2 and SSLv3). The following table provides ciphers supported by the 7110/7115. Note that the export version of the software supports only the ciphers marked “E” in the Profile column.
APPENDIX C SSL Version Level Name Protocol Key Exchange Authentication Encryption (key size) Message Profile (Hi/ Authentication Medium/ Low/ Export) RC2CBCMD5 SSLv2 RSA RSA RC2(128) MD5 M RC4-MD5 SSLv2 RSA RSA RC4(128 MD5 M RC4-64MD5 SSLv2 RSA RSA RC4(64) MD5 L DESCBCMD5 SSLv2 RSA RSA DES(56) MD5 L SSLv3 EXPDESCBC-SHA RSA(512) RSA DES(40) SHA1 E SSLv3 RSA(512) RSA RC2(40) MD5 E EXPSSLv3 RC4-MD5 RSA(512) RSA RC4(40) MD5 E SSLv2 RSA(512) RSA RC2(40) MD5
A P P E N D I X C Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes C-4
Regulatory Information Taiwan Class A EMI Statement
APPENDIX D Intel ® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide VCCI Statement Class A ITE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Internal access to Intel® Express switches is intended only for qualified service personnel.
APPENDIX D Canada Compliance Statement (Industry Canada) If these suggestions don’t help, consult your dealer or an experienced radio/TV repair technician for more suggestions. NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
APPENDIX D Intel ® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide CISPR 22 Statement WARNING: This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. VCCI Class A (Japan) Australia WARNING The system is designed to operate in a typical office environment. Choose a site that is: D-4 • Clean and free of airborne particles (other than normal room dust).
APPENDIX D CISPR 22 Statement • Isolated from strong electromagnetic fields produced by electrical devices. • In regions that are susceptible to electrical storms, we recommend you plug your system into a surge suppressor and disconnect telecommunication lines to your modem during an electrical storm. • Provided with a properly grounded wall outlet. Do not attempt to modify or use the supplied AC power cord if it is not the exact type required.
APPENDIX D Intel ® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide WARNUNG Das System wurde für den Betrieb in einer normalen Büroumgebung entwickelt. Der entwickelt.
APPENDIX D CISPR 22 Statement • In aree soggette a temporali, è consigliabile collegare il sistema ad un limitatore di corrente. In caso di temporali, scollegare le linee di comunicazione dal modem. • Dotata di una presa a muro correttamente installata. Non modificare o utilizzare il cavo di alimentazione in c. a. fornito dal produttore, se non corrisponde esattamente al tipo richiesto.
APPENDIX D Intel ® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Wichtige Sicherheitshinweise 1. Bitte lesen Sie sich diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den spätern Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. 4.
APPENDIX D Wichtige Sicherheitshinweise 15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einerqualifizierten Servicestelle zu überprüfen: a. Netzkabel oder Netzstecker sint beschädigt. b. Flüssigkeit ist in das Gerät eingedrungen. c. Das Gerät war Feuchtigkeit ausgesetzt. d. Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e.
APPENDIX D Intel ® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes D-10
Terms and Conditions and Software License Intel Corporation END USER TERMS AND CONDITIONS OF SALE AND SOFTWARE LICENSE IF THE PRODUCT IS PURCHASED DIRECTLY FROM INTEL AND UNLESS SUCH PARTIES HAVE ENTERED INTO A BILATERALLY EXECUTED AGREEMENT, WHICH EXPRESSLY TAKES PRECEDENCE, THE TERMS AND CONDITIONS STATED HEREIN WILL APPLY. IF THE PRODUCT WAS PURCHASED FROM AN INTEL CHANNEL PARTNER, THEN ONLY SECTIONS 13-23 APPLY TO THE END USER. 1.
APPENDIX E Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Intel’s performance hereunder is expressly conditioned on End User’s assent to this Agreement. 2. Orders: End User may purchase Product by submitting a valid purchase order (“Order”) to Intel at the corporate address stated herein. Orders are subject to Intel’s written acceptance (“Order Acceptance”).
APPENDIX E at the lesser of eighteen percent (18%) per year or the maximum amount permitted by law. Intel may refuse shipment to End User if End User is delinquent in making payments to Intel. 10.
APPENDIX E Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide (2). The license accompanying the Product shall apply to Lessor; and (3). Notwithstanding anything to the contrary in the license accompanying the Product, Lessor may transfer such title and license rights to End User under a leasing arrangement. 12. Returns: No Product may be returned except under warranty for repair or due to shipment error by Intel. 13.
APPENDIX E This warranty does not cover replacement of products damaged by abuse, accident, misuse, neglect, alteration, repair, disaster, improper installation or improper testing. If the product is found to be otherwise defective, Intel, at its option, will replace or repair the product at no charge except as set forth below, provided that you deliver the product along with a return material authorization (RMA) number (see below) either to the company from whom you purchased it or to Intel.
APPENDIX E Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide the process of being installed. THE ABOVE WARRANTY IS IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT, OR ANY WARRANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.
APPENDIX E 17. Export Law Regulations: 17. 1. Applicable Laws. End User acknowledges that all Products, spares, documentation or other materials (collectively “Product”) are subject to applicable import and export regulations of the United States and of the countries in which End User transacts business, specifically including U.S. Export Administration Act and Export Administration Regulations. This Agreement is also specifically subject to U.S.
APPENDIX E Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide 19. Copyrights; Trade Secrets: End User acknowledges and agrees that the structure, sequence and organization of the software (including but not limited to any images, photographs, animations, video, audio, music, and text) are the valuable trade secrets of Intel and its suppliers. End User agrees to hold such trade secrets in confidence.
Glossary This section defines terms and acronyms used throughout the Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide. Bypass User action causing traffic to bypass 7110/7115 processing, done either through the CLI bypass command or Bypass button on the front panel of the 7110/7115. Cascading A configuration of two or more 7110/7115s serially connected together to accommodate larger e-Commerce traffic processing (CPS) loads.
GLOSSARY Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Fulfillment Server HTTP HTTPS Inline IP IP Address IP Service A server that stores content used to satisfy user requests. Hypertext Transfer Protocol: the protocol used between a Web browser and a server to request a document and transfer its contents. HTTP exchanged over an SSL-encrypted session. When the 7110/7115 is able to process SSL traffic, the Inline LED on the front panel is lit (blinking or steadily illuminated).
GLOSSARY Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Service Signing Request SNMP SSL (Secure Socket Layer) VeriSign§ A service is an IP application paired with a port number. For example: “HTTP:80.” This describes a service consisting of a server's HTTP application listening on port 80. Another example of a service: “FTP:21.” Required for a request for certificate authentication by a Certificate Authority. Simple Network Management Protocol.
GLOSSARY Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes Glossary-4
Support Services Intel offers a range of support services for your new product. You can learn about the options available for your area by visiting the Intel® support Web site at http://www.intel.com/network/ service and choosing your geography. Worldwide Access to Technical Support Intel has technical support centers worldwide. Technicians who speak the local languages staff many of the centers. Visit our Web site at http://support.intel.com.
SUPPORT Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Country Dialing Information Indonesia 2 Dial 001-801-10, await dial tone, dial 800-838-7136 Korea 1 Dial 0-911, await dial tone, dial 800-838-7136 Malaysia 4 Dial 800-0011, await dial tone, dial 800-838-7136 New Zealand Dial 000-911, await dial tone, dial 800-838-7136 Singapore Dial 800-0111-111, await dial tone, dial 800-838-7136 Sri Lanka Dial 430-430, await dial tone, dial 800-838-7136 Taiwan 1 Dial 0080-10288-0, aw
SUPPORT Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Country Dialing Information Switzerland 1 Dial 0-800-550011, await dial tone, dial 800-838-7136 United Kingdom (Mercury) 3 Dial 0500-89-0011, await dial tone, dial 800-838-7136 United Kingdom (BT) 3 Dial 0800-89-0011, await dial tone, dial 800-838-7136 RSA (South Africa) Dial 0-800-99-0123, await dial tone, dial 800-838-7136 Philippines Dial 105-11, await dial tone, dial 800-838-7136 Vietnam Dial 12010288, await dial tone, dia
SUPPORT Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes Support-4
Index A Access Control 6-21 Administration Commands 5-44 Alarms Encryption status change 7-3 Logging 7-8 Network link status 7-8 Overload 7-7 Refused SSL connections 7-4 Utilization threshold 7-5 Automapping 3-21 Automapping with multiple port combinations 3-22 Automapping with user-specified key and certificate 3-22 B Blocking 3-23 All IPs, specific port 3-24 Delete block 3-25 Specific IP, specific port 3-23 Subnet IP, subnet mask, specific port 3-24 Bypass mode B-1 C Cascading 3-4, 4-7 Certificate Author
INDEX Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Deleting a block 3-25 L E Logging alarms 7-8 Logging Commands 5-47 Egress routers 4-10 Encryption status change alarm 7-3 F M Failure/Bypass modes B-1 Front panel LEDs A-2 Manual mapping 3-22 Mapping 3-21 Multiple 7110/7115s 4-7 Multiple servers 4-5 G N Getting Help 5-1 Global site certificates 3-15 Network connections 2-3 Network link status alarm 7-8 H O Help 5-1 Operational Commands 5-25 Overload alarm 7-7 I Import c
INDEX Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Telnet, local console 6-4 Telnet, remote console 6-5 Remote SSh sessions 6-6 S Scenarios Cascading Multiple 7110/7115s 4-7 Using the 7110/7115 with Ingress and Egress Routers 4-10 Using the 7110/7115 with Multiple Servers 4-5 Using the 7110/7115 with One Server 4-3 SNMP 6-8 Community string 6-19 Enabling 6-17 Private traps 6-16 Specifying information 6-18 Standard traps 6-16 Trap community string 6-20 Trap summary 6-16 Spill enable 4-8
INDEX Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide Notes Index-4
