Примечания к выпуску для Cisco Cisco ACE Application Control Engine Module
10
Release Note for the Cisco ACE Application Control Engine Module
OL-25349-03
New Software Features in Version A5(1.2)
•
key-name—Specifies the name of an existing key pair file loaded on the ACE. To list all available
keys loaded on the ACE, include the question mark (?) character after the ip https certificate
cert-name command. For example:
keys loaded on the ACE, include the question mark (?) character after the ip https certificate
cert-name command. For example:
host1/Admin(config)# ip https certificate mycert.crt ?
cisco-sample-key
mykey.key
Use the no form of this command to restore the default certificate.
Note the following usage considerations with selecting an HTTPS certificate and key:
•
The ip https certificate command is available in the Admin context only.
•
When you select the public key to be embedded in the certificate, ensure that it matches the public
key in the key pair file that you select. The ACE warns you if there is a mismatch by displaying the
following error message: “Error: Mismatched key/cert pair”. To verify that the public keys in the
two files match, use the do crypto verify command from configuration mode.
key in the key pair file that you select. The ACE warns you if there is a mismatch by displaying the
following error message: “Error: Mismatched key/cert pair”. To verify that the public keys in the
two files match, use the do crypto verify command from configuration mode.
•
Use the show ip https command to display the current HTTP server configuration information.
For example, to specify a certificate and key for the HTTPS server on the ACE, enter the following
command:
command:
host1/Admin# config
Enter configuration commands, one per line. End with CNTL/Z.
host1/Admin(config)# ip https certificate MYCERT.PEM MYKEY.PEM
To reset the certificate and key on the HTTPS server, enter the following command:
host1/Admin(config)# no ip https certificate
Related SNMP Changes for A5(1.2)
Per CSCto13407, the ACE provides SNMP support for the slbVServerConnectionRate OID. This OID
was added to the slbVServerInfoTable table and indicates the connections per second for the virtual
server.
was added to the slbVServerInfoTable table and indicates the connections per second for the virtual
server.
Per CSCtl73658, the following two new MIB objects have been added to the CISCO-SLB-EXT-MIB to
better track Layer 7 parsing failures:
better track Layer 7 parsing failures:
•
cslbxStatsL7ParserErrorRejects
•
cslbxStatsMaxParseLenReject
The two new MIB objects are part of cslbxStatsTable.
Included below is a summary of the SNMP OIDs for these two objects:
•
cslbxStatsMaxParseLenRejects OBJECT-TYPE:
SYNTAX Counter32
UNITS "connections"
MAX-ACCESS read-only
STATUS current