Cisco Command

Logging enable
logging standby
logging timestamp
logging trap <sevarity-level>
logging history <severity-level>
logging buffered <sevarity-level>
logging persistent <sevarity-level>
logging monitor <sevarity-level>
logging facility <number>
logging queue <queue-size>
logging device-id ipaddress vlan46
logging host <ip-address> <tcp|udp /port#>
logging rate-limit
resource-class <class-name>
limit-resource
boot system image:<filename>
login timeout <minutes>
peer hostname <name>
hostname <name>
interface gigabitEthernet <slot/number>
description <name>
Speed <speed>
duplex <full|half>
channel group <group-number>
shutdown - no shutdown
nat-pool <#> <ip start> <ip finsh> netmask <mask> pat
ntp server <ip-address>
access-list <name> line <#> extended <permit|deny> <operation>

rserver host <name>

ip address <ip address>
probe <probe-name>
inservice
conn-limit max <max-conns> min <min-conns>
description

fail-on-all

inservice
rate-limit {connection number1 | bandwidth number2}
weight <number>

serverfarm host <name>

rserver <name> <port>
description
dws <local | burst probe name>
failaction <purge | reassign [across-interface]>

fail-on-all
inband-health check <count | <log fail_threshold_count [reset milliseconds]> | <remove
fail_threshold_count [reset milliseconds] [resume-service seconds]>>>
partial-threshold <percentage1> back-inservice <percentage2>

predictor <hash <address [destination | source] [netmask]>

predictor <content [offset number1] [length number2] [begin-pattern expression1] [end-pattern
expression2]>
predictor <cookie [secondary] name1>
predictor <header name2>
predictor <layer4-payload [offset number3] [length number4] [begin-pattern expression3] [endpattern expression4]>
predictor <url [begin-pattern expression5] [end-pattern expression6]>
predictor <least-bandwidth [samples number5] [assess-time seconds]>
predictor <least-loaded probe name3 [samples number6]>
predictor <leastconns [slowstart seconds]>
predictor <response <app-req-to-resp | syn-to-close | syn-to-synack> [samples number7]>
predictor <roundrobin>
probe <probe-name>
retcode number1 number2 check <count | <log threshold_number reset seconds1
| <remove threshold_number reset seconds1 [resume-service seconds2]>>
transparent

probe <type (tcp|udp)> <name>

port <number>
interval <seconds>
receive <seconds>
faildetect <number>
passdetect interval <seconds> count <number>
connection term forced
open <timeout>

Probe http <name>

port <number>
interval <seconds>
faildetect <number>
passdetect interval <seconds> count <number>
append-port-hosttag
cridentials <username> <password>
receive <seconds>
request method {get | head} [url url_string]
expect status <min_number> <max_number>
header Accept header-value <value>
connection term forced
open <timeout>
.
class-map type management [match-all | match-any] <map_name>
<line_number> match protocol <http | https | icmp | kalap-udp | snmp | ssh | telnet | xmlhttps> <any | source-address ip_address mask>
description

class-map type radius loadbalance [match-all | match-any] <map_name>

<lineNumber> match radius attribute {calling-station-id | username} <expression>
class-map type SIP inspect [match-all | match-any] <map_name>
description
<line_number> match called-party <expression>
<line_number> match calling-party <expression>
<line_number> match content {length gt <number>} | {type sdp | <expression>}
<line_number> match im-subscriber <expression>
<line_number> match message-path expression
<line_number> match request-method <method_name>
<line_number> match third-party registration <expression>
<line_number> match uri {sip | tel} length gt <value>

class-map type sip loadbalance [match-all | match-any] map_name

description
<line_number> match class-map <name>
<line_number> match sip header name header-value <expression>
<line_number> match source-address <ip_address> [netmask]

class-map <match-all|match-any> <name>

<lineNumber> match virtual-address <address> <type> eq <port>
policy-map (multi-match) <name>
class <name>
loadbalance vip inservice
loadbalance policy <name>
nat dynamic <nat pool #> vlan <vlan #>
connection advanced-options <name>
appl-parameter http advanced-options <name>
description

policy-map type (loadbalance) first-match <name>

class {<name1> [insert-before <name2>] | class-default}
serverfarm <farm-name>
insert-http x-forward header-value "%is"
sticky-serverfarm <name>

description
match cipher {equal-to <cipher> | less-than <cipher_strength>}
match <name> http content <expression> {[offset <bytes>] [insert-before <map_name>]}
match <name> http cookie {<name2> | secondary <name3>} cookie-value <expression> [insertbefore <map_name>]

match <name> http header {<header_name> | <header_field>} header-value <expression> [insertbefore <map_name>]

match <name> http url <expression> [method <name>] [insert-before <map_name>]

match <name> source-address <ip_address> <mask> [insert-before <map_name>]

policy-map type management first-match <name>

class <name1 [insert-before name2] | class-default>

parameter-map type connection <name>

set timeout inactivity <seconds>

exceed-mss <allow|drop>
description
nagle
random-sequence number
rate-limit <connection <number1 per sec>| bandwidth <number2>>
reserved-bits {allow | clear | drop}
set ip tos <number>
set tcp ack-delay <number>
set tcp buffer share <number>
set tcp mss {min <number1> max <number2>}
set tcp reassembly-timeout <seconds>
set tcp syn-retry < number>

set tcp timeout {embryonic <seconds> | half-closed <seconds>}

set tcp wan-optimization rtt <number>

set tcp window-scale <number>

slowstart <seconds>
syn-data <allow|drop>
tcp-options {range <number1> <number2> {allow | drop}} | {selective-ack | timestamp |
window-scale {allow | clear | drop}}
urgent-flag <allow|clear>

parameter-map type http <name>

persistence-rebalance [strict]
case-insensitive
cookie-error-ignore
description

compress {mimetype <type/subtype> | minimum-size <size> | user-agent <string>}

header modify per-request

length-exceed <continue | drop>

server-conn reuse
set content-maxparse-length <bytes>
set header-maxparse-length <bytes>
set secondary-cookie-delimiters <text>
set secondart-cookie-start [none | <text>]

sticky http-cookie <cookiename> <name2>

cookie insert [browser-expire]
cookie offset <number1> [length <number2>]
timeout <minutes>
cookie secondary <name>
replicate sticky
serverfarm <name1> [backup <name2> [sticky] [aggregate-state]]

ssl-proxy service <name>

authgroup <groupname>
cert [<cert_filenemt> | cisco-sample-key]
chaingroup <groupname>
crl [<crl_name> |best-effort]
key <key_filename> | cisco-sample-key]
ssl advanced-options <parametermap_name>
crypto authgroup <group_name>
cert <cert_filename>
crypto chaingroup <group_name>
cert <cert_fileneme>
crypto csr-params <name>
parameter-map type ssl <name>
cipher <type>
authentication-failure {ignore | redirect <reason> {serverfarm <serverfarm_name> | url
<URL_string> {301|302}}}

A10 Command

logging trap <sevarity-level>

logging buffered <sevarity-level>
logging monitor <sevarity-level>
logging facility <facility-name>
logging queue <maximum-messages>
logging host <ip-address> Port <port#>

terminal idle-timeout <minutes>

host <name>
interface ethernet <port-number>
name <name>
Speed <number>
Duplexity <full | half | auto>
enable-disable
ip nat pool <name> <ip start> <ip finish> netmask <mask>
ntp server <ip-address>
access-list <#> <permit|deny> <operation>

slb server <name> <ip address>

port <port> (**from serverfarm or class-map) <type>

(**from class-map)

healthcheck <name>
enable
conn-limit <max-conns>

(create and apply compound health check using and operator. )

enable
conn-rate-limit <number per sec> (in slb template port)
weight <number>

slb service-group <name> <type>

member <name>:<port>

(create and apply compound health check using and operator. )

(create inband health check in slb temnplate prot)
min-active-member <num>
method
method
method
method
method
method
method

stateless-src-dst-ip-hash
stateless-src-ip-hash
stateless-dst-ip-hash
src-ip-only-hash
src-ip-hash
dst-ip-only-hash
dst-ip-hash

(see host-switching in http template)

(see url-switching in http template)

method
method
method least-connection
method fastest-response
method round-robin
healthcheck <name>

no-dest-nat

health monitor <name> interval <seconds> retry <number> timeout

<seconds> up-retry <number>
override-port <port>
interval <seconds>
timeout <seconds>
retry <number>
up-retry <number>

health monitor <name> interval <seconds> retry <number> timeout

<seconds> up-retry <number>
override-port <port>
interval <seconds>
retry <number>
up-retry <number>
method http username user password encrypted
timeout <seconds>
method http url <method> <url string>
expect {<string> | response-code <code-list>}

enable-management service <type | acl> <acl#>

enable-management service <type | acl> <acl#>

slb virtual-server <name> <address>

port <port> <type>
port <port> <type>
enable
aflex, service-group, etc (see policy-map loadbalance)
source-nat pool <name>
template
template http <name>

SLB Template HTTP <name>

service-group <name>
insert-client-ip "X-Forwarded-For"
template persist source-ip <name>
slb template persist cookie <template-name>

description
aflex
aflex
aflex
(host-switching contains <header_name> service-group <sg-name>)
or
(url-hash-persist first <number if bytes>)
or
(url-switching contains <url_name> service-group <sgname>)
(url-hash-persist first <number if bytes>)
enable-management service <type | acl> <acl#>

slb template <tcp|udp> <name>

slb template TCP-Proxy <name>
slb template port <name>
idle-timeout <seconds> (tcp|udp template)
mss <octets>
or
aflex TCP::mss
nagle
conn-rate-limit <number per sec>
aflex IP::tos
similar to 'ack-aggressiveness <high | med | low>'
receive-buffer <number>
transmit-buffer <number>
mss <octets>
idle-timeout <seconds>
idle-timeout <seconds>
syn-retries <number>
half-close-idle-timeout <seconds>
half-close-idle-timeout <seconds>
force-delete-timeout <seconds> alive-if-active (for half-open/embryonic)

backend-wscale <number>
slow-start (server port template)

slb template http <name>

strict-transaction-switch

compression enable
compression content-type <type> (for mimetype)
compression minimujm-content-length <length> (for minimum-size)
redirectre-write match <url-string> rewrite-to <url-string>
request-header-erase <field>
request-header-insert <field:value> <insert-always | insert-if-not-exist>

slb template connection-reuse <name>

slb template persist cookie <template-name>

name <cookiename>

expire <expire-seconds>

slb template client-ssl <name>

slb template server-ssl <name>
(see crypto authgroup)
cert <certname>
cert <certname>
chain-cert <chain-cert-name>
crl <filename>
key <keyname> passphrase <string>
key <keyname> passphrase <string>
(see parameter-map type SSL)

ca-cert <certname>
ca-cert <certname>

chain-cert <chain-cert-name>

cipher <type>
cipher <type>

Comment
No AX command
No AX command
(sevarity-level) 1 to 7, ACE levels match A10
No AX command
(sevarity-level) 1 to 7, ACE levels match A10
No AX command
(sevarity-level) 1 to 7, ACE levels match A10
(16-local0),(17-local1),(18-local2),(19-local3),(20-local4),(21-local5),(22-local6),(23-local7)
No AX command
can only configure once with all IP addresses in list format.
No AX command
No AX command, similar functionality to L3V template resource allocation v2.7.0
No AX command, similar functionality to L3V template resource allocation v2.7.0
No AX command
no AX command

(ACE-A10) (10M- 10) ( 100M - 100) (1000M-1000) (auto-auto)

possibly not needed. Default auto.
No AX command

4 max

command issued in slb server

No CLI command: name can be configured in GUI

NOTE: create a health monitor method compund and apply that healthcheck to the slb server. EG
health monitor <name>
method compound sub <hc-name1> sub <hc-name2> and

conn-rate-limit <number per sec> (in slb template port) or (in slb template server)

No CLI command: name can be configured in GUI

NO AX command, seems like a dynamic virtualized server intigration option.
no ax command
NOTE: create a health monitor method compund with operation and, then apply that healthcheck to
the slb server. EG
health monitor <name>
method compound sub <hc-name1> sub <hc-name2> and
NOTE: create inband health check in slb template port. EG
inband-health-check retry <number> reassign <number>
for logging when primary server fails: backup-server-event-log

no ax command
see host-switching in http template
(host-switching contains <header_name> service-group <sg-name>)
no ax command
see 'url-switching' in slb template HTTP
(url-switching contains <url_name> service-group <sgname>)
no ax command

some functions by default

only can configure count

No AX command
No AX command

no ax command
force RST to server instead of FIN for completed healthchecks.
no ax command
Similar to enable management service on AX.
same as above.
no ax command

each entry in match any is a unique slb virtual-server.

policy-map multimatch is Like a VIP port command

No AX command, this command links the advanced loadbalancing options in the loadbalance policy
map.
in slb virtual port configuration.

No AX command
No AX command
in slb virtual port configuration.
NOTE (commands for AX in slb template http <name>)
%is(source IP), %id(destination IP), %ps(Source port), %pd(destination port)
in slb virtual port configuration.
no ax command, may need aflex.
no ax command, may need aflex.
no ax command, may need aflex.

NOTE: (commands for AX in slb template http <name>)

NOTE: not an exact match. May need aflex
not an exact match. May need aflex
used primarily for management access restrictions.

TCP| UDP template L4 Options:

types {connection | generic | http | optimization http | rtsp | sip | skinny | ssl}

also see global command 'slb mss-table <num>'

no ax command
default action
also available in slb template server
no AX command
no ax command (2.7.1 tos rate shaping feature on the roadmap)
not exactly equal however similar to 'ack-aggressiveness <high | med | low>'

our implementation is minimum only

NOTE: force-delete-timeout should be used with : 'reset-fwd' and 'reset-rev'

no ax command
Note: our window scale is for backend connectrions only.
Note: AX default value=1, Cisco Default value =0
also see 'initial-window-size <number>'
no ax command
for syn-cookie SACK is auto based on server healthcheck reply.
no ax command

Already enabled by default for AX.

no ax command
no ax command in 'slb template http'

alose see 'slb hw-compression'

no ax command
NOTE (commands for AX in slb template connection-reuse <conreuse>)
no ax command, use aflex
no ax command
possible aflex
possible aflex

no ax command

for session sync use ha-conn-mirror

command not needed as sticky is applied to VIP directly to vip.

cisco-sample-key = self signed

all additional chained certs are to be loaded to main cert.

cisco-sample-key = self signed

no ax command, call to command cipher <type> for slb template client-ssl and server-ssl

call to command cipher <type> for slb template client-ssl and server-ssl
no ax command
all additional chained certs are to be loaded to main cert.
no ax command, generate each set of params manually for each key/cert creation.
no ax command
to be applied to command cipher <type> for slb template client-ssl and server-ssl
no ax command