AOS632GA V1R3 020211-Mx93Yeqm

AcceleratorOS
User Manual
Software Version 6.3.2
Revision 3.0
Pub no. AOS632GA_V1R3_020211
This guide is delivered subject to the following conditions and restrictions:
This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely
for the purpose of assisting explicitly and properly authorized users of the Expand product series.
No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any
means, electronic, photographic or mechanical, without the express prior written permission of Expand Networks,
Inc.
The text and graphics are for the purpose of illustration and reference only. The specifications on which they are
based are subject to change without notice.
The software described in this guide is furnished under a license. The software may be used or copied only in
accordance with the terms of that agreement.
Information in this guide is subject to change without notice. Corporate and individual names and data used in
examples herein are fictitious unless otherwise noted.
Copyright© 2011 Expand Networks Inc. All rights reserved.AcceleratorOS™, Accelerator 9920/6800/6810/6920/
6950/6850/6930/6830/6840/4800/4810/4820/4920/4830/4930/3930/3830/1610/1800/1810/1820/1920™ and
ECT™ are trademarks of Expand Networks Inc.
Flex 2.5™ includes software developed by the University of California, Berkeley and its contributors. Copyright©
1990, The Regents of the University of California. All rights reserved.
Other company and brand product and service names are trademarks or registered trademarks of their
respective holders.
Contents
Chapter 1: Introducing the Accelerator................................... 1

Features and Benefits ........................................................................................ 2
Virtual Bandwidth Management ................................................................. 2
Easy Management and Configuration ........................................................ 2
Redefining Application Traffic Management............................................... 2
Next-generation WAN Compression .......................................................... 3
Application-specific Acceleration ........................................................ 3
Layer-7 QoS and Bandwidth Management ................................................ 5
Layer-7 Monitoring and Reporting ...................................................... 5
Branch Office Features ....................................................................... 6
Rapid Deployment/Dependable Results............................................. 6
Maximum Uptime and Reliability ........................................................ 6
The Accelerator Product Line ............................................................................ 7
How the Accelerator Works................................................................................ 8
IP-Based Network ...................................................................................... 8
On-Path .............................................................................................. 8
On-LAN............................................................................................... 9
Configuration and Management......................................................................... 11
Chapter 2: Getting Started........................................................ 13

Connecting and Configuring Multi-Port Accelerators ......................................... 14
Understanding the LEDs ............................................................................ 15
Working with By-pass Mode............................................................................... 16
Reviewing the Setup Checklist .......................................................................... 17
Performing Setup via the LCD ........................................................................... 19
Performing Setup via the WebUI........................................................................ 21
Performing Setup via the Wizard ....................................................................... 22
ii C o nt e nts
Configuring Basic Accelerator Details........................................................ 23

Setting Links via the Wizard....................................................................... 24
Setting the Time ......................................................................................... 26
Modifying the Password ............................................................................. 27
Reviewing Wizard Configuration ................................................................ 28
Accelerator Main Menu ...................................................................................... 29
Modifying the Basic Configuration ..................................................................... 30
Setting Routing Strategy ............................................................................ 31
Defining Advanced Settings ....................................................................... 32
About the AcceleratorOS License...................................................................... 33
Viewing the License Status ........................................................................ 34
Reviewing the Licensing Procedure........................................................... 35
Licensing a Physical Accelerator ............................................................... 35
Activating the I-Key in the Portal ........................................................ 35
Applying an Accelerator Feature License Key.................................... 36
Licensing a Virtual Accelerator................................................................... 37
Activating the Licensing Server Dongle via the Portal ........................ 37
Configuring the Licensing Server via the Accelerator......................... 37
Logging On and Off the Accelerator .................................................................. 39
Integrating the Accelerator into Your Network.................................................... 40
Integrating into Networks that use Dynamic Routing ................................. 40
Networks Using External QoS or Monitoring Devices................................ 41
Working in Noisy Link Environments.......................................................... 41
Installing On-LAN at a Data Center............................................................ 41
Installing in a High Latency Environment ................................................... 42
Installing in a Web-Intensive Environment ................................................. 42
Chapter 3: Monitoring the Network ......................................... 43

Introduction to Monitoring .................................................................................. 44
Working with Monitoring..................................................................................... 45
Installing the JAVA Applet .......................................................................... 45
Using Verisign Security Certificate ............................................................. 46
Studying The Monitoring Window............................................................... 46
Using Link Statistics and Graphs ....................................................................... 47
Viewing Throughput Statistics per Link ...................................................... 48
Viewing Acceleration Statistics per Link ..................................................... 49
Understanding Acceleration ............................................................... 49
Ac ce ler at o rOS 6 .3 .2 Us er Gui d e
Co n t en ts iii
Viewing Compression Statistics per Link.................................................... 51

Viewing Utilization Statistics per Link ......................................................... 51
Viewing Statistics per Link .......................................................................... 52
Discovering Traffic.............................................................................................. 55
Viewing Detected Applications ................................................................... 55
Viewing Detailed Traffic Discovery ............................................................. 55
Creating a New Application from Discovered Traffic .................................. 57
Viewing Monitored Applications.................................................................. 58
Discovering Layer-7 Applications ............................................................... 58
Viewing Statistics and Graphs for Specific Applications..................................... 60
Setting up Graphs ............................................................................... 61
Viewing Utilization Statistics per Application .............................................. 61
Viewing Throughput Statistics per Application............................................ 61
Viewing Acceleration Statistics per Application .......................................... 62
Viewing Compression Statistics per Application......................................... 62
Viewing Bandwidth Distribution Statistics per Application .......................... 63
Monitoring Applications .............................................................................. 63
Viewing Statistics for Applications .............................................................. 65
Viewing Summary Graphs.................................................................................. 66
Viewing Ethernet Statistics ................................................................................. 67
Configuring the Ethernet Statistics Display Fields ...................................... 67
Configuring NetFlow Support ............................................................................. 69
Identifying the Traffic .................................................................................. 70
Enabling NetFlow ....................................................................................... 70
Chapter 4: Configuring Networking......................................... 73

Optimizing the Network Topology....................................................................... 74
Taking into Account Network-Specific Considerations................................ 75
Defining WAN Setup .......................................................................................... 76
Setting the Bandwidth................................................................................. 76
Configuring the WAN.................................................................................. 76
Configuring Secondary IP Addresses ................................................................ 77
Creating and Editing Links ................................................................................. 78
Studying the Links Screen .......................................................................... 79
Adding Links ............................................................................................... 80
Advanced Link Configurations.................................................................... 82
Editing Links ............................................................................................... 87
R ev isi o n 3. 0
iv C o nt e nts
Using Dynamic Bandwidth ......................................................................... 88

Using a Virtual IP Address ................................................................................. 89
Setting Subnet Routing ...................................................................................... 90
Configuring Subnets Manually ................................................................... 91
Editing a Subnet ................................................................................ 92
Configuring Remote Subnets Manually...................................................... 92
Adding Static Routes.......................................................................................... 94
Setting Dynamic Routing ................................................................................... 95
Working with OSPF.................................................................................... 95
Configuring OSPF .............................................................................. 96
Working with Router Polling ....................................................................... 98
Enabling Packet Interception ............................................................................. 99
Working with RIP........................................................................................ 99
Configuring RIP .................................................................................. 99
RIP Route Injection............................................................................. 100
Using RIP for Packet Interception ...................................................... 101
Working with WCCP................................................................................... 101
Using WCCP for Packet Interception ................................................. 102
Adding a Dynamic Service ................................................................. 104
Editing a Dynamic Service.................................................................. 105
Setting WCCP on the Router.............................................................. 105
Working with PBR ...................................................................................... 105
Setting the Date and Time on the Accelerator ................................................... 106
Configuring DHCP Servers ................................................................................ 107
Activating DHCP Relay Agent.................................................................... 107
Setting ExpandView Connectivity Parameters................................................... 108
Chapter 5: Configuring and Managing WAFS......................... 109

Introduction to WAFS ......................................................................................... 110
Expand Networks’ WAFS Solution ............................................................. 110
Supported Servers ..................................................................................... 112
File Servers ........................................................................................ 112
Authentication Servers ....................................................................... 112
Supported Clients....................................................................................... 112
Expand Hardware Device Specifications ............................................ 112
Domains ..................................................................................................... 113
Authentication ............................................................................................ 113
Co n t en ts v
Getting Started with WAFS................................................................................. 114

Overview..................................................................................................... 114
Enabling WAFS Configuration............................................................................ 115
Configuring the File Server/Domain Controller........................................... 115
Defining Shared Directories ................................................................ 115
Defining User Permissions.................................................................. 116
Defining Network Settings .......................................................................... 117
Enabling WAFS Operation Mode ............................................................... 120
Excluding Servers or Subnets from WAFS................................................. 122
Configuring the Data Center and Branch Office................................................. 123
Setting Up the File Bank Director ............................................................... 123
File Server Settings............................................................................. 124
Summary............................................................................................. 125
Confirmation and Application .............................................................. 126
Setting Up the File Bank............................................................................. 126
Overview ............................................................................................. 127
Domain Settings.................................................................................. 128
File Bank Director Settings ................................................................. 129
Summary............................................................................................. 130
Confirmation and Application .............................................................. 130
WAFS Management and Operation Modes ....................................................... 132
The WAFS Management Screen................................................................ 132
FileBank Director Categories...................................................................... 133
FileBank Director System ........................................................................... 133
File Services ............................................................................................... 133
FileBank Director Utilities ........................................................................... 134
FileBank Categories ................................................................................... 134
FileBank System ................................................................................. 134
FileBank Services ............................................................................... 135
Additional Services ............................................................................. 136
FileBank Utilities ................................................................................. 136
Managing the Data Center ................................................................................. 137
Starting the Data Center ............................................................................. 137
Managing File Services .............................................................................. 138
Defining FileBank Director Settings .................................................... 138
Managing System Users..................................................................... 140
Adding File Servers............................................................................. 141
Managing the Compression Filters List............................................... 143
R ev isi o n 3. 0
vi C o nt e nts
Configuring FileBank Services ................................................................... 145

FileBank Directors .............................................................................. 145
Virtual Servers .................................................................................... 146
Windows Domain................................................................................ 147
Cache Settings ................................................................................... 148
Time to Live (TTL) settings ................................................................. 148
Invalidate Cache................................................................................. 149
System Users ..................................................................................... 149
STF Filters .......................................................................................... 150
Setting Advanced FileBank Features................................................................. 151
Configuring the Fetch Mechanism ............................................................. 151
Fetch Mechanism Overview ............................................................... 151
Fetch User .......................................................................................... 152
Fetch Jobs .......................................................................................... 152
Fetch Settings..................................................................................... 153
Fetch Activation.......................................................................................... 153
Creating Fetch Jobs ........................................................................... 154
Replication Service .................................................................................... 155
Replication User ................................................................................. 156
Replication File Types ........................................................................ 156
Replication Schedule.......................................................................... 156
Replication Paths................................................................................ 157
Replication Service Activation.................................................................... 157
Service Activation on FileBank Director ............................................. 157
Service Activation on FileBank ........................................................... 158
Initial Pre-population of Large Files on FileBank ................................ 158
Configuring Replication Services ............................................................... 158
Replication User ................................................................................. 159
Kerberos Configuration .............................................................................. 161
Enabling and Disabling Kerberos on the FB....................................... 161
Enabling and Disabling Kerberos on the FBD .................................... 161
Auto Kerberos Configuration .............................................................. 162
Enabling Kerberos per Server ............................................................ 162
Printing Services for the FileBank...................................................................... 164
Configuring Additional Services ................................................................. 164
Print Services ..................................................................................... 164
Configuring Print Services (FileBank) ........................................................ 165
Adding a Network Printer to FileBank................................................. 165
Assigning Printing Administrators....................................................... 166
Co n t en ts vii
Point’N’Print Configuration.................................................................. 166

Uploading Printer Drivers.................................................................... 167
First Client Driver Installation .............................................................. 168
Verifying Point’N’Print Installation ....................................................... 169
Manual Client Driver Installation ......................................................... 169
Verifying Driver Installation ................................................................. 170
Connecting the Printer to the FileBank Server.................................... 172
Printing Setup Troubleshooting........................................................... 172
Using WAFS Printing Services........................................................................... 174
Adding a WAFS Printer via Windows ......................................................... 174
WAN-OUT Operation ......................................................................................... 176
About WAN-OUT ........................................................................................ 176
Detecting a WAN-OUT Event ..................................................................... 176
FileBank WAN-OUT Detection Mechanism ........................................ 177
FBD WAN-OUT Detection Mechanism ............................................... 177
Working with Files while in WAN-OUT Mode ............................................. 177
Cache.................................................................................................. 177
File Access.......................................................................................... 178
File Security ........................................................................................ 178
Replication files and Short-Term files.................................................. 179
Partially Completed Transactions ....................................................... 179
Partial Disconnection .......................................................................... 179
WAN-OUT Known Limitations .................................................................... 179
DNS Masquerading ............................................................................................ 180
DNS Masquerading Benefits ...................................................................... 180
DNS Masquerading Configuration.............................................................. 181
Monitoring WAFS Functionality .......................................................................... 185
Running System Diagnostics...................................................................... 185
Viewing Logs .............................................................................................. 185
Troubleshooting.................................................................................................. 187
Troubleshooting Tools ................................................................................ 187
Networking.................................................................................................. 187
Windows Domain Join ................................................................................ 189
Service........................................................................................................ 190
Possible Error Messages............................................................................ 191
Access denied..................................................................................... 191
Performance ............................................................................................... 193
Advanced Expand Services........................................................................ 195
R ev isi o n 3. 0
viii C o nt e nts
DHCP Services................................................................................... 195

DNS Services ..................................................................................... 195
Chapter 6: Applying QoS.......................................................... 197

Accelerator QoS................................................................................................. 198
About QoS.................................................................................................. 198
How to Know What is on Your Network...................................................... 199
How to Prioritize Applications..................................................................... 199
Studying the QoS Solution ......................................................................... 199
Automatic Traffic Discovery ................................................................ 200
End-to-end application performance monitoring................................. 201
Transparency to existing QoS infrastructure ...................................... 201
Priority treatment for critical applications............................................ 201
Guaranteed bandwidth for specific applications ................................. 201
Restricting rogue and greedy applications ......................................... 201
Seamless integration with compression ............................................. 201
How QoS Works ................................................................................................ 203
Prerequisites .............................................................................................. 203
Understanding QoS Rules ......................................................................... 204
How Traffic Filtering is Applied................................................................... 205
How Traffic Shaping is Applied .................................................................. 205
Studying QoS Bandwidth Allocation........................................................... 205
WAN Bandwidth.................................................................................. 206
Link Bandwidth ................................................................................... 206
Diagnostic Mode Traffic ...................................................................... 206
Bandwidth Limits................................................................................. 206
Bursts ................................................................................................. 207
Desired Bandwidth ............................................................................. 207
Priority ................................................................................................ 208
Block................................................................................................... 208
Real-time ............................................................................................ 208
The Difference Between Real-time and Desired? .............................. 209
Carrying Out Basic QoS Configuration .............................................................. 210
Viewing My Applications ............................................................................ 210
Editing an Application................................................................................. 211
Creating New Applications................................................................................. 213
Layer-7 Applications................................................................................... 217

Co n t en ts ix
Creating Web Applications ......................................................................... 217

Creating Citrix Applications ........................................................................ 218
Citrix Benefits...................................................................................... 220
Creating Remote Desktop Services ........................................................... 220
Setting QoS Rules.............................................................................................. 223
Setting Inbound QoS .................................................................................. 223
Viewing QoS Rules..................................................................................... 223
Creating QoS Rules.................................................................................... 224
Editing QoS Rules ...................................................................................... 229
Making Decisions for Specific Applications ........................................................ 230
Creating a New Application Decision ......................................................... 231
External QoS ...................................................................................................... 232
QoS Troubleshooting ......................................................................................... 233
Chapter 7: Optimizing Acceleration Services......................... 235

Studying TCP Acceleration ................................................................................ 236
Understanding the Shortcomings of TCP ................................................... 237
The TCP Acceleration Solution .................................................................. 239
Scaling the Transmission Windows .................................................... 239
Congestion Avoidance ........................................................................ 240
Local Network Isolation....................................................................... 240
Asymmetric Networks Optimization .................................................... 240
Computing Latency ............................................................................. 241
Configuring TCP Acceleration ............................................................................ 244
Enabling TCP Acceleration......................................................................... 245
Excluding Servers or Subnets from TCP Acceleration ............................... 247
TCP Acceleration Advanced Settings......................................................... 248
Keepalive.................................................................................................... 249
Understanding Web Acceleration....................................................................... 250
Configuring HTTP Acceleration.......................................................................... 251
Enabling and Disabling HTTP Caching ...................................................... 251
Setting the Cache Size ............................................................................... 251
Setting Cache Content ............................................................................... 252
Clearing HTTP Cache ................................................................................ 252
Returning to Default Settings...................................................................... 252
Setting Advanced HTTP Parameters ......................................................... 253
Setting HTTP Acceleration Rules ............................................................... 254
R ev isi o n 3. 0
x C o nt e nts
Excluding from HTTP Caching................................................................... 255

FTP Acceleration ............................................................................................... 257
Enabling and Disabling FTP Caching ........................................................ 257
Setting the Cache Size............................................................................... 258
Setting Cache Content ............................................................................... 258
Clearing FTP Cache................................................................................... 258
Returning to Default Settings ..................................................................... 258
Setting Advanced FTP Parameters............................................................ 259
Excluding from FTP Caching ..................................................................... 260
Configuring DNS Acceleration ........................................................................... 261
Enabling Aggregation......................................................................................... 264
Enabling Traffic Encryption ................................................................................ 266
Configuring an IKE Policy .......................................................................... 266
Defining Crypto Mode ................................................................................ 267
Configuring IPsec Policies ......................................................................... 268
Applying IPsec Policies on a Link .............................................................. 269
Remote Desktop Protocol Services ................................................................... 271
Configuring Terminal Services ................................................................... 271
Collecting RDP Proxy Statistics ................................................................. 272
Excluding Terminal Services ...................................................................... 273
Chapter 8: Configuring Management Options........................ 275

Studying the ExpandView System ..................................................................... 276
Using Dynamic Network Map..................................................................... 276
Simplifying WAN Optimization.................................................................... 277
Generating Advanced Alerts for World-Class NOCs.................................. 277
Generating Proactive Reports for Network Provisioning............................ 277
Defining Scalable QoS ............................................................................... 278
Updating the IP Address of ExpandView Server........................................ 278
Using Out-of-Band Management ....................................................................... 279
Using SNMP ...................................................................................................... 280
Receiving Log Error Messages.......................................................................... 281
Sending Updates to a Syslog Server ......................................................... 281
Sending Updates via Email ........................................................................ 283

Co n t en ts xi
Chapter 9: Setting Advanced Parameters............................... 285

Adding WANs ..................................................................................................... 286
Handling Interfaces ............................................................................................ 289
Viewing Available Interfaces....................................................................... 290
Working with VLAN..................................................................................... 291
Creating Static ARP Entries ............................................................................... 295
Defining Authentication Settings ........................................................................ 296
Configuring DNS ................................................................................................ 297
Dial-on-Demand ................................................................................................. 299
Chapter 10: Resiliency and Redundancy ................................ 301

RAID................................................................................................................... 302
About RAID................................................................................................. 302
RAID Support in Accelerators' Hard Drives ................................................ 302
RAID-1 Mirrored set without parity...................................................... 303
RAID-5 Striped set with distributed parity ........................................... 303
Multi-Port Support ............................................................................................. 305
Router Redundancy Protocols ........................................................................... 309
HSRP.......................................................................................................... 310
Enabling HSRP Automatic Detection.................................................. 311
Setting Manual HSRP Configuration................................................... 312
VRRP.......................................................................................................... 314
Chapter 11: Security.................................................................. 317

Studying the AcceleratorOS AAA ....................................................................... 318
Configuring AAA................................................................................................. 320
Configuring Users....................................................................................... 320
Deleting Users .................................................................................... 321
Viewing the Authentication Servers............................................................ 322
Adding a New Authentication Server .................................................. 322
Setting the Authentication Method ...................................................... 323
Defining the Security Settings .................................................................... 324
Auditing Administration Activities ....................................................................... 325
Locking and Unlocking the Keypad .................................................................... 326
Setting the Keypad Lock Definitions........................................................... 326
R ev isi o n 3. 0
xii C o nt e nts
Defining Other LCD Settings...................................................................... 327

Turning By-pass On............................................................................ 327
Locking the Keypad ............................................................................ 327
Product ID........................................................................................... 328
Management IP .................................................................................. 328
Management Mask ............................................................................. 328
Chapter 12: Troubleshooting ................................................... 329

Carrying out the Troubleshooting Procedure ..................................................... 330
Password Issues................................................................................................ 331
Resetting the Password ............................................................................. 331
Choosing a Legal Password ...................................................................... 331
Password Strength ............................................................................ 332
Examples of Good and Bad Passwords ............................................ 332
Additional Notes About Passwords .................................................... 333
Checking the Event Log..................................................................................... 334
Checking Info Events ................................................................................. 334
Checking Warning Events .......................................................................... 334
Checking Error Events ............................................................................... 334
Checking Fatal Events ............................................................................... 335
Studying Log Message Formats................................................................. 335
Displaying Information for Troubleshooting........................................................ 337
Displaying Statistics in a Compressed, Archived File ................................ 337
Checking the Link Status ................................................................................... 338
Checking Ethernet Settings ............................................................................... 339
Checking Lack of Acceleration........................................................................... 342
Accessing Remote Devices ....................................................................... 342
Checking Link Malfunction ................................................................................. 343
Checking for a Corrupted Terminal .................................................................... 344
Checking HSRP Malfunction.............................................................................. 345
Checking QoS Malfunction ................................................................................ 346
Chapter 13: Using the Accelerator Tools ................................ 347

Upgrading the AcceleratorOS Software............................................................. 348
Using the Configuration Tools ............................................................................ 350

Co n t en ts xiii
Using the General Tools ..................................................................................... 352

Sending a Ping to the Remote Accelerator ................................................ 353
Sending a Traceroute Packet ..................................................................... 353
Rebooting the Accelerator .......................................................................... 354
Gathering Statistics for Technical Support.................................................. 354
Managing User Files .......................................................................................... 356
Viewing System Information............................................................................... 357
Archiving Log Files ............................................................................................. 358
Accdump ............................................................................................................ 359
Enabling Accdump...................................................................................... 360
Deleting Accdump Files.............................................................................. 362
Downloading Accdump Files ...................................................................... 362
Appendix A: Pre-Defined Applications.................................... 363
Appendix B: Accelerator Integration ....................................... 373
Acceleration and Citrix Traffic............................................................................. 374
Disabling Citrix NFuse Compression.......................................................... 374
Disabling Citrix Encryption and Compression ............................................ 375
Defining Settings on the Server .......................................................... 376
Setting/checking ICA or RDP listener traffic ....................................... 376
Speed Screen Latency Reduction Manager ....................................... 379
Defining Settings on the Client For Citrix.................................................... 379
Turning Compression off in the PNAgent Client ......................................... 380
Understanding the PNA Problem........................................................ 380
Resolving the PNA Problem ............................................................... 380
Identifying Citrix Layer-7 Applications ........................................................ 381
Configuring NetFlow........................................................................................... 383
Studying Traffic Measurement .................................................................... 383
Studying Traffic Monitoring ......................................................................... 384
Configuring Accelerator NetFlow................................................................ 384
Disabling Compression on SAP ......................................................................... 386
Calculating Acceleration using other Applications.............................................. 388
Appendix C: MIME Types.......................................................... 391
Application.......................................................................................................... 392
Audio .................................................................................................................. 397
Image ................................................................................................................. 398
Message............................................................................................................. 399
R ev isi o n 3. 0
xiv C o nt e nts
Model ................................................................................................................. 400

Multipart ............................................................................................................. 401
Text .................................................................................................................... 402
Video.................................................................................................................. 403
Appendix D: Contacting TAC ................................................... 405
Appendix E: TCPDump Optional Flags ................................... 407
Appendix F: Command Line Interface..................................... 421
Getting Started ................................................................................................... 422
Understanding the CLI Documentation ...................................................... 422
Accessing the CLI ..................................................................................... 423
Login and Logout Commands .................................................................... 424
Basic CLI Actions ....................................................................................... 425
Licensing Commands................................................................................. 426
Basic Setup Commands............................................................................. 429
Configuration Settings Commands ............................................................ 430
Customizing the CLI................................................................................... 432
Configuration Commands .................................................................................. 434
General Commands ................................................................................... 435
Local Interface Commands ........................................................................ 436
Link Commands ......................................................................................... 440
Subnet Commands .................................................................................... 444
Alias Commands ........................................................................................ 447
OSPF Commands ...................................................................................... 449
Router Polling Commands ......................................................................... 454
RIP Commands.......................................................................................... 457
WCCP Commands..................................................................................... 462
SNTP Server Commands........................................................................... 467
DHCP Server Commands .......................................................................... 468
DHCP Relay Commands ........................................................................... 471
WEB Acceleration Commands................................................................... 473
HTTP Acceleration Commands.................................................................. 476
TCP Acceleration Commands.................................................................... 496
Keep Alive Commands............................................................................... 503
FTP Acceleration Commands .................................................................... 505
Studying a Subnet Configuration Network ................................................. 511
Ethernet Statistics Display Commands ..................................................... 512
NetFlow Commands................................................................................... 517
QoS Commands......................................................................................... 518
Co n t en ts xv
RAID Commands........................................................................................ 538

Aggregation Class Commands................................................................... 541
DNS Acceleration Commands.................................................................... 548
Traffic Encryption Commands .................................................................... 556
ARP Commands......................................................................................... 562
Additional Commands ................................................................................ 564
Link Commands.......................................................................................... 570
Expand View Commands ........................................................................... 577
SNMP Commands...................................................................................... 579
Log Commands .......................................................................................... 582
Log Archives Commands ........................................................................... 589
Configuration Tool Commands ................................................................... 591
Accdump Commands ................................................................................. 595
RDP Proxy Commands .............................................................................. 600
Configuring WAFS.............................................................................................. 604
Basic Operation Commands....................................................................... 605
Cache Commands...................................................................................... 608
Print Administration Commands ................................................................. 609
Printer Driver Commands ........................................................................... 611
CUPS Commands ...................................................................................... 613
Printer Port Commands .............................................................................. 614
Printer Management Commands................................................................ 617
WAFS Transparency Commands ............................................................... 619
Excluded Server Commands...................................................................... 620
CIFS Commands ........................................................................................ 621
Compression Filter Commands .................................................................. 622
Time and Date Commands......................................................................... 623
Additional Commands ................................................................................ 624
Fetch Commands ....................................................................................... 627
FileBank Director Commands..................................................................... 628
WAFS Help Commands ............................................................................. 632
WAFS Licensing Commands...................................................................... 633
WAFS Log File Commands ........................................................................ 634
Replication Service Commands ................................................................. 639
Replication User Commands...................................................................... 646
Event Scheduling Commands .................................................................... 652
Service Management Commands .............................................................. 655
Software Commands .................................................................................. 659
Statistic Commands.................................................................................... 660
R ev isi o n 3. 0
xvi C o nt e nts
Stf_filter Commands................................................................................... 661

Transaction Monitoring Commands ........................................................... 663
TTCP Commands ...................................................................................... 664
User Commands ........................................................................................ 666
Virtual Memory Statistic Commands .......................................................... 667
Wins Commands........................................................................................ 668
Configuring Security........................................................................................... 669
Transport Type Commands........................................................................ 669
Server Configuration Commands............................................................... 671
User Account Configuration Commands.................................................... 675
Software OS Upgrade Commands............................................................. 682
Technical Information and Trouble Shooting Tools ............................................ 683
By-pass Mode Commands......................................................................... 683
show tech-support continuous ................................................................... 686
show events ............................................................................................... 686
Configuring Core Allocation ..................................................................... 687
Appendix G: Specifications and Warranty.............................. 689
Standards........................................................................................................... 690
RFC / Standard List ................................................................................... 690
Terms and Conditions of Sale ............................................................................ 692
Acceptance ................................................................................................ 692
Price and Payment..................................................................................... 692
Title and Security Interest........................................................................... 692
Risk of Loss................................................................................................ 693
Warranty..................................................................................................... 693
Product Returns ......................................................................................... 693
License Grant............................................................................................. 693
Limitation of Liability................................................................................... 694
Default........................................................................................................ 694
Indemnity.................................................................................................... 694
General ...................................................................................................... 694
Open Source Provisions ............................................................................ 695
Appendix H: Index..................................................................... 697

Chapter 1: Introducing the Accelerator
Expand Networks’ AcceleratorTM is the ideal Application Traffic Management

System for ensuring optimal application performance over the WAN. The
Accelerator is a Layer-3 WAN device that dramatically improves application
response times through a combination of bandwidth compression, Layer-7 QoS
and acceleration plug-ins for specific applications.
This chapter includes the following sections:
Features and Benefits, on page 2
Next-generation WAN Compression, on page 3
Layer-7 QoS and Bandwidth Management, on page 5
The Accelerator Product Line, on page 7
How the Accelerator Works, on page 8
Configuration and Management, on page 11
2 C h ap t er 1: Introducing the Accelerator
Features and Benefits

The Accelerator’s new and improved algorithms provide the highest WAN
compression performance available, in an easy to install package that fits
seamlessly into various network topologies such as MPLS, QoS clouds, noisy
networks, high BER networks, load balanced networks, and networks experiencing
many out-of-order errors.
Features include:
Virtual Bandwidth Management, on page 2
Easy Management and Configuration, on page 2
Redefining Application Traffic Management, on page 2
Next-generation WAN Compression, on page 3
Layer-7 QoS and Bandwidth Management, on page 5
Virtual Bandwidth Management

Expand’s next-generation compression and caching take your limited WAN links
and create four to ten times the output on the same infrastructure, thereby closing
the proximity gap created by applications that consume bandwidth and create a
poor user experience on the WAN. Expand extends your budget and stretches your
resources further than imagined. Include the option of using a virtual Accelerator
and the possibilities are endless.
Easy Management and Configuration

Many of the Settings in the User Interface contain an “Auto” setting. This allows the
Accelerator to choose the proper parameter setting according to conditions at the
given time allowing you to continually experience maximized optimization.
Redefining Application Traffic

Management
The Accelerator takes application traffic management to the next level by reducing
WAN costs and improving application performance. In addition to bandwidth
compression capabilities, the Accelerator provides a rich set of features that
improve application response times and provide Layer-7 visibility and control tools,

Features and Benefits 3
which enable network managers to align network resources with business priorities.
Acceleration of application response times is achieved through next-generation
WAN compression, application-specific acceleration, Layer-7 QoS capabilities and
sophisticated monitoring and reporting.
Next-generation WAN Compression

The Accelerators’ bandwidth expansion algorithms provide an effective alternative to
WAN upgrades with a 3 to 9 month ROI.
Typical capacity gains of 100% to 400%+ additional capacity, peaks of
1000%+.
Combination of byte-level caching, packet header reduction and
adaptive packet compression.
High performance, low latency algorithms
Packets incur a maximum of 1 millisecond latency passing through
the device.
100% lossless, works on all applications
Supports up to 350 remote sites and 45 Mbps in a single device.
Unique On-LAN deployments enable rack-and-stack above 350
sites and 45 Mbps.
Verified in over 27,000 production installations.
Network transparent RTM (Router Transparency Mode) enables 100%
IP header preservation, ensuring guaranteed compatibility with any
kind of WAN device. RTM also preserves Layer 4 for TCP & UDP
traffic.
Dynamic routing enables effortless installation even in complex
networks that use OSPF, RIP and other routing protocols.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in
combination with next-generation compression for improving application response
times.
Improves application response times by 100% to 400%, peaks of
1000%+
Extensible architecture based on application acceleration plug-ins for
additional application support
TCP acceleration enables TCP transfer speeds in excess of WAN
link speed, even under challenging latency and packet loss
R ev isi o n 3. 0
conditions. The TCP acceleration plug-in is standards-based,

meeting the SCPS standard (www.scps.org) that was developed by
NASA and the DoD for performance optimization in high latency
links.
HTTP acceleration provides faster web application response times
for chatty HTTP transactions by eliminating repetitive download of
frequently accessed objects, applets, and so on.
FTP acceleration provides faster response times due to elimination
of long FTP transactions by keeping local copies of frequently
accessed files.
DNS acceleration eliminates DNS wait times for applications (for
example: web portals) by keeping copies of frequently accessed
DNS translations cached at the edge Accelerator.
HTTPS acceleration enables compression of encrypted traffic by
accelerating and encrypting traffic to the client browser, and
ensures faster response times from secure application servers by
optimizing TCP connections to browsers and web servers.
The Accelerator's full-scale WAFS and CIFS acceleration optimizes
file access over the WAN, solving remote server data access from the
data center over the WAN. Server consolidation is made possible
without paying the price in WAN application performance. Expand
Networks’ enhanced WAFS offering addresses the key performance,
availability and management issues raised by server consolidation:
LAN-like application performance: Expand Networks’
acceleration architecture replicates files and keeps them on the
remote site’s cache, thereby maintaining LAN-like performance for
future file transfers.
Virtual-Server: Expand Networks’ enhanced WAFS offering retains
critical remote branch system services such as: DNS, DHCP, and
print.
Addressing ‘WAN-Outs’: In the event of a network outage, remote
users can continue working because files are served from a local
cache.

Features and Benefits 5
Layer-7 QoS and Bandwidth

Management
The Accelerator’s Instant QoS functionality stops bandwidth abuse, guarantees
network resources for critical applications like VoIP and lets network managers
prioritize network applications according to business objectives.
Low operational cost QoS solution, Layer-7 application discovery
Easy to set up—instant QoS maximum flexibility for advanced users
QoS can be applied to both inbound and outbound traffic.
Bandwidth limits can be set to a maximum amount or an optimal
amount
Burst-ability control
Strict priority for real-time traffic
Allows traffic shaping with high, medium, and low attributes
Discards rogue applications
Packet fragmentation assures VoIP/video latency budget
Integrates with existing environments
Marks, honors and preserves QoS based on application or QoS
markings
Extensible architecture
Additional application classification
QoS troubleshooting/diagnostics mode
Layer-7 Monitoring and Reporting

The Accelerators and the ExpandView stand-alone Application Traffic Management
System provide powerful monitoring and graphical reporting for full application-level
visibility and cost-effective end-to-end network management.
Automatic application detection with hundreds of predefined classes.
Dozens of historical and real-time reports for WAN and links
Throughput, performance, acceleration
Applications and hosts
System-wide, per link, Peer, IP subnet, application inbound and
outbound user customizable
Complex rules available for the advanced user, such as nested
rules and order matching
Export and print functions
End-to-end view with ExpandView
R ev isi o n 3. 0
Branch Office Features

The Accelerators offer much more than just a bandwidth increase. These intelligent
devices deliver a branch office platform that consolidates multiple devices.
Full NetFlow compliance replaces the need for costly probes
Open architecture for future enhancements
Rapid Deployment/Dependable Results

With minimal configuration and no network architecture changes.
2 minute configuration via front panel keypad
Up and running in minutes with environment auto-detection
Easy-to-use WebUI and central deployment stations
Familiar Cisco-like CLI minimizes staff retraining
Secure management with HTTPS, SSH, SNMP (v2c/v3)
Integrates with existing user authentication and administration
systems
RADIUS, TACACS+, and Windows Directory
Validated in over 1,000 enterprise and service provider networks
Maximum Uptime and Reliability

The Accelerators’ resilience features and standards-based implementation
guarantee unsurpassed uptime and availability.
Network integrity preserved with standards-based implementation,
HSRP/VRRP failover
External flash card for effortless device swap-out (for non-hard drive-
based models: Switch-to-wire and software watchdogs) assure zero
network downtime
Remote access never compromised
Out-of-band management
Network integrity preserved with standards-based implementation
IPComp tunnels
Router Transparency Mode
SCPS for TCP Acceleration
SNMP for device management
NetFlow probe

The Accelerator Product Line 7
The Accelerator Product Line

The Accelerator product line consists Accelerators that will cater to a range of
facilities from the small office to the Enterprise Network. Check the corporate web
site (www.expand.com) for new hardware releases.
R ev isi o n 3. 0
How the Accelerator Works

Accelerators can be deployed in any network environment, whether the WAN is a
private line, frame relay, VPN, IP, ATM, xDSL, ISDN, wireless local loop, or
satellite. You can connect Accelerators on the LAN side of the router. Some of the
Accelerator’s benefits can be realized with no far-end Accelerator.
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or
directly on the LAN.
The Accelerator can be located either On-Path, on page 8 or On-LAN, on page 9.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on
both sides of the IP network. The data from the LAN segment passes through the
Accelerator that performs traffic optimization, including compression and QoS,
before the data reaches the router. See the sample On-Path application in Figure
1.
Figure 1: On-Path Application

In this configuration, internal by-pass circuitry ensures the Accelerator fails-to-wire,
enabling invisible protection of the network in the unlikely event of failure. If the
Accelerator fails-to-wire, traffic will continue passing, but will not be accelerated
(by-pass mode).

How the Accelerator Works 9
On-LAN
On-LAN configuration places the Accelerator directly on the LAN as a host. The
Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The
accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path)
where the data is reconstructed before reaching its destination IP address.
Usually, one Accelerator is installed on the LAN segment. However, if resilience is
to be enhanced, you can install two or more Accelerators for redundancy purposes.
The most common configuration up to Version 6.1.2 involves creating two links (two
Accelerators), one of which is assigned a higher priority (metric - ranging from 11 to
10,000), so it will be used as the default link for the connection. If this link fails,
traffic switches to the other link. See Figure 2.
Figure 2: On-LAN Application

If all transparent Proxy services (such as HTTP acceleration or TCP acceleration)
are disabled, you can assign incoming traffic through one link and outgoing traffic
through the other link.
Another optional configuration is shown in Figure 3:
Figure 3: An Optional Configuration

In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router
Redundancy Protocol (VRRP) enables the Accelerator to take part in HSRP/VRRP
R ev isi o n 3. 0
groups. Starting from Version 6.1.2, a link can be destined to an HSRP/VRRP

virtual IP, providing redundancy in cases where an active Accelerator fails.
If an AcceleratorOS link is established, and the Source IP of this link is defined to
be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare
case of primary Accelerator failure, and all of this link’s services are kept. When
the primary Accelerator is available again, the link switches back to it.

Configuration and Management 11
Configuration and Management

You can configure and monitor the AcceleratorOS via a user-friendly Web User
Interface (WebUI). The WebUI is accessible from Microsoft Internet Explorer via the
HTTP protocol or the secured HTTPS protocol. Console-based administration can
be accomplished using a directly connected terminal or terminal software using a
serial connection, a Telnet session, or a secured SSH-based connection. You can
carry out initial configuration by using the front-panel LCD.
The Accelerator operating system, AcceleratorOS, provides a wide range of
management features.
Like most networking equipment, the Accelerator requires some basic
initial configuration in order to function. This configuration is performed
locally by using the front-panel LCD, or an RS-232 console, Telnet
console or browser-based management console, and includes
specifying the Accelerator’s IP address. The initial configuration also
involves defining passwords, and the time and date at the Accelerator
site. The Accelerator’s user-friendly Installation Wizard guides you
through the steps necessary to get your Accelerator up and running.
For Quick Installation Instructions, see the Accelerator Quick Installation Guide.
R ev isi o n 3. 0

Chapter 2: Getting Started
This chapter assumes that you have successfully installed and turned on the
Accelerator without any errors. If you have not been able to install or turn on the
Accelerator successfully, see Troubleshooting, on page 329 and Contacting TAC,
on page 405. The AcceleratorOS lets you set up the Accelerator either via the
LCD, in conjunction with the Accelerator’s Wizard, or via the Wizard alone, by
using the Accelerator’s default IP address (10.0.99.99). In addition, you can use
the CLI to perform complete setup.
This chapter contains the following topics:
Connecting and Configuring Multi-Port Accelerators, on page 14
Working with By-pass Mode, on page 16
Reviewing the Setup Checklist, on page 17
Performing Setup via the LCD, on page 19
Performing Setup via the WebUI, on page 21
Performing Setup via the Wizard, on page 22
Accelerator Main Menu, on page 29
Modifying the Basic Configuration, on page 30
About the AcceleratorOS License, on page 33
Logging On and Off the Accelerator, on page 39
Integrating the Accelerator into Your Network, on page 40
14 C h ap t er 2: Getting Started
Connecting and Configuring Multi-Port

Accelerators
To connect the Accelerator to your network:
1. Connect the Pair 0 first. Connect one port to the switch (LAN). ETH 0/0 for
example
2. Connect the other port from the same pair to the router (WAN). ETH 0/1 for
example.
3. Connect Port ETH0 to a computer for management (optional).
Figure 1: Connecting the Cables

4. Power on the Accelerator.

Connecting and Configuring Multi-Port Accelerators 15
Understanding the LEDs

When the Accelerator powers-up, make note of the LEDs use Figure 2 for the LED
location and the following table for the LEDs description:
Figure 2: LED Display

See this table for 6x50 LED information:
Activity LED Link LED

LED Color Definition LED Color Definition
Green Active traffic Orange 1000 MB link
Off No traffic Green 100 MB link
Off 10 MB link
See this table for 7930 and 7940 LED information:
LED that is Illuminated Definition

Link/Act There is traffic
100 100MB link
1000 1G Link
100 and 1000 By-pass is activated
5. If there is an error or the LEDs light incorrectly, see the troubleshooting

information for your specific device.
R ev isi o n 3. 0
Working with By-pass Mode

When working in On-Path mode, the Accelerator can work in by-pass mode to
enable transparent data transmission in the unlikely event of Accelerator failure.
The move to by-pass mode is carried out automatically by the by-pass switch on
the Accelerator. In addition, all models support invoking the by-pass mode through
the CLI.
Furthermore, with Accelerators that have multi-port support (79xx and 6x50) you
can set specific ports or all ports to by-pass mode, via the CLI only. To activate by-
pass manually on an Accelerator that has multi-port support, see bypass activate,
on page 683.
CAUTION! When by-pass is enabled you will lose connectivity to the CLI/WebUI,
!
unless Out-of-Band management is used.

Reviewing the Setup Checklist 17
Reviewing the Setup Checklist

Follow this checklist to ensure that you have all of the information necessary to
complete Accelerator setup:
Information For more information
Network Checklist
Needed see:
What are the port settings of the Speed: 10/100/1000
devices that will be attached to the Duplex: Half / Full
Accelerator (switch/router)?
What is the IP address of the Default IP Address:
Gateway?
What will the IP address of the IP Address: Performing Setup via the
Accelerator be? Will there be Subnet Wizard, on page 22
secondary IP addresses or VLAN IP Secondary (up to 10):
Addresses? VLAN:
Does this Accelerator have more than Subnet: Setting Subnet Routing, on
one subnet in its network? Acc IP Address: page 90
Subnet:
Acc IP Address:
Subnet:
Acc IP Address:
Do you have HSRP or VRRP Yes: HSRP / VRRP HSRP, on page 310
configured? (circle one) No
Do you have OSPF configured? Yes / No (config-ospf) ospf-mode
If yes, OSPF Area ID: enable, on page 452
or IP address:
Do you have RIP configured? Yes / No RIP Commands, on page 457
Version: 1/2
If yes, RIP
Authentication:
IP address of the remote Accelerator? IP Address: Performing Setup via the
Wizard, on page 22
WAN bandwidth? Performing Setup via the
Wizard, on page 22
Does your network include VLAN Yes / No Working with VLAN, on page
802.1q trunking? 291
Does your network use external traffic Yes / No Encapsulation, on page 25
monitoring software on the router?
Do you have any ToS MPLS, on page 75
implementation? Yes / No Creating QoS Rules, on page
MPLS? Yes / No 224
Diffserv? Yes / No
Any kind of applications that modify
the ToS field? Yes / No
R ev isi o n 3. 0
Information For more information

Network Checklist (Continued)
Needed see:
Do you currently use SNMP? Yes / No Using SNMP, on page 280
If Yes, what is the
community name?
Do you currently collect SNMP traps? Yes / No SNMP Commands, on page
If Yes, what is the IP 579
address of the trap
receiver?
Do you currently use a Syslog server? Yes / No Sending Updates to a Syslog
If Yes, what is the IP Server, on page 281
address of the Syslog
Daemon?
Do you currently use NetFlow? Yes / No Configuring NetFlow Support,
on page 69
Does your network have high latency Yes / No Studying TCP Acceleration,
lines above 40 ms? If yes, enable TCP on page 236
Acceleration

Performing Setup via the LCD 19
Performing Setup via the LCD

Accelerator configuration is made simple with the front-panel LCD.
AcceleratorOS v6.xx should be displayed, where xx is the maintenance
release number (for example 6.3.2) in addition to a status display (Ready, By-pass,
or various error messages).
Press Enter to start configuration.
To navigate between the fields:

Follow these steps:
Press the right/left arrows until the cursor is below the word/value you
want to select or change.
Press the up/down arrows to change the value of the numbers.
Press Enter to write the setting and to navigate to the next screen.
Enter the Setup Menu by making sure the cursor is under Setup and
pressing Enter.
Setup - Verify that the Setup LCD is illuminated, and press Enter.
Figure 3: The Setup LCD

Local IP - Enter the Local IP address and press Enter
Figure 4: Local IP LCD

Subnet Mask - Enter the Subnet Mask and press Enter
Figure 5:Subnet Mask LCD
R ev isi o n 3. 0
Default Gateway - Enter the Default Gateway and press Enter
Figure 6: Default Gateway LCD
When asked if you want to Save the setup, select Yes or No and press Enter.
At this point, management can be performed via the Accelerator’s
Web UI, via the CLI, Telnet, SSH, or via ExpandView- Centralized
Management. To work with ExpandView, you will need to define the
ExpandView server IP address via the CLI.
For other LCD settings, see section Locking and Unlocking the Keypad, on page
326.

Performing Setup via the WebUI 21
Performing Setup via the WebUI

The Accelerator’s Web User Interface (WebUI) provides you with a user-friendly
interface for configuring the Accelerator.
To access the WebUI:

1. The Accelerator comes pre-configured with the IP address: 10.0.99.99
255.255.255.0
If no other IP address was assigned via the LCD, use this default address to
access the Accelerator.
If the Accelerator is connected directly to a management PC, ensure that you set
the PC to the same subnet as the Accelerator’s IP address.
2. In the Address field of your web browser, enter the Accelerator’s IP Address.
Alternatively, the Accelerator WebUI supports access via Secure HTTP, by typing
https:// before the Accelerator IP address.
3. The Accelerator’s WebUI opens and prompts you to log in to use the WebUI.
When prompted, log in to the Accelerator by entering a user name and password.
The default user name and password (both case sensitive) that must be used
on initial login are as follows:
user name: expand
password: Expand
The first time you access the WebUI, the Setup Wizard automatically opens and
guides you through the steps of basic Accelerator configuration.
R ev isi o n 3. 0
Performing Setup via the Wizard

The Accelerator’s Setup Wizard guides you on the step-by-step configuration of the
basic parameters (all parameters that are set via the front-panel LCD), which are
necessary to get your Accelerator up and running.
To access the Setup Wizard:

1. The first time you access the Accelerator’s WebUI, the Setup Wizard opens
automatically.
On subsequent uses, to return to the Setup Wizard, click the Setup Wizard
button.
If the Accelerator is connected directly to a management PC, ensure that you set
the PC to the same subnet as the Accelerator’s IP address.
2. Read carefully the explanations that appear in the Welcome screen and click
Next to move to the My Accelerator screen, which lets you define the local
Accelerator settings.
Note: To carry out any modifications and additions after initial configuration,
i
always use the Basic screen or the My Links screen and not the Wizard. The
Wizard resets other parameters to their default values when accessed.
Additional Topics are as follows:
Configuring Basic Accelerator Details, on page 23 for help with the My
Accelerator Screen
Setting Links via the Wizard, on page 24 for help with the My Links
Screen
Setting the Time, on page 26, for help with the Time screen
Modifying the Password, on page 27, for help with the password
screen
Reviewing Wizard Configuration, on page 28, for help with the
summary screen

Performing Setup via the Wizard 23
Configuring Basic Accelerator Details

Set the following parameters on the Wizard’s My Accelerator screen:
Device Name Set a name for the Accelerator of up to 60 characters, without spaces and
special characters.
IP Address Enter the IP address of the Accelerator.
Subnet Mask Enter the Subnet Mask to identify this Accelerator’s local subnet.
Default Gateways Enter the network’s Default Gateway to which the Accelerator will forward
the traffic it intercepts. You can add more than one gateway, by typing the IP
address in the field and clicking Add. The maximum number of gateways
that you can add is 5.
Licensing The License Stratus is shown here. Enter the Accelerator’s serial number
(product ID). Select either Evaluation, License Key or License File, and
enter the license key or file number. For more information on Licensing, see
About the AcceleratorOS License, on page 33.
Advanced Settings Select a deployment Type (ON-Path or On-LAN). In the deployment size
field enter the approximate number of Accelerators to which the local
Accelerator will be connected(1-500). Setting an accurate network size
enables the Accelerator to better optimize traffic. In network topologies such
as Mesh and Hub, knowing the network size is important for the Accelerator
in order to know how to divide its system resources correctly among
connected Accelerators.
R ev isi o n 3. 0
Setting Links via the Wizard

The My Links screen, accessed via the Wizard, lets you set up the basic
parameters necessary to define your network and begin working with the
Accelerator. Follow these steps to set Link information and click Next to advance to
the next screen:
Figure 7: The Setup Wizard Links Screen
To add a remote Accelerator:

1. Using the parameters described in the table below, add the information as
needed in the appropriate field.
2. Click Add to add the remote Accelerator. Use the Delete button to remove added
links from the Links Table.
3. Click Next to advance to the next screen of the Wizard.

Parameter Description
Destination IP Enter the IP Address of the remote device.
Name Set a name for the link that will let you identify it in the future. Up to 31
characters, no spaces, no special characters.
Bandwidth Set the speed of the link that connects the local Accelerator to the remote
Accelerator. This should be either the local WAN bandwidth or the remote
WAN bandwidth - whichever is lower. To accomplish asymmetrical
bandwidth settings, use either the advanced link parameters or the CLI.
Encapsulation Choose one of the following options, by clicking on the relevant radio
button:
IPComp:
IPComp encapsulation (tunneled encapsulation) compresses the entire
packet. This means that the IP header, the transport header and the
payload are compressed and the packet traversing the network will have an
IPComp header.
IPComp is the default setting, which enables the best compression rate.
Router Transparency (RTM):
In Router Transparency encapsulation, only the packets’ payload is
compressed, leaving the original IP header and the original TCP/UDP
header in their original forms so that their information is available across the
network.
Router Transparency encapsulation is appropriate in an environment where
header preservation is necessary, including QoS deployments, monitoring
(NetFlow), Load Balancing, Billing, encryption, MPLS networks and certain
firewall environments.
UDP:
UDP encapsulation allows for more compatibility with firewalls that use
encapsulated packets.
Note: When using router transparency mode, the payload of packets destined to
i
the router (SNMP requests, Telnet, and so on) will be compressed, making them
unreadable by the router. In this event, it is necessary to set up a decision policy
that does not tunnel specific applications, (like SNMP see Creating New
Applications, on page 213), or excludes specific subnets or IP addresses from
being accelerated on the link (see Configuring Remote Subnets Manually, on
page 92).
Note: Encapsulation settings can be asymmetric. This means that you can set
i
one Accelerator to Router Transparency while setting the other Accelerator to
IPComp in the opposite direction. This is useful for setting RTM mode when one
of the Accelerators is On-LAN and the other is On-Path. However, IPComp
encapsulation will not function if the IPComp protocol is blocked by a firewall.
Therefore, ensure that the IPComp protocol is not blocked before selecting either
IPComp or RTM encapsulation
R ev isi o n 3. 0
Note: TCP port 1928 is needed for establishing a connection between

i
Accelerators. Ensure that this port is not blocked by a firewall that is installed
between the Accelerators.
Note: Deleting the non-link is impossible, because this link name is a logical
i
entity that represents all un-specified traffic in the QoS and Monitoring engines
Setting the Time

Verifying that the Accelerator’s time is accurately set is extremely important in
order to have an accurate reading of when events occur and when statistic items
are gathered and updated. All Accelerators within the same network, must be set
to the same time.
To set the time and time zone:

1. In the Current date and Time field, enter the Time in the following format:
hh:mm
2. Using the Date drop down menus, select the current date using the following
format: dd:mm:yyyy.
3. Using the Time zone drop-down menu, select the time zone that you are located
in. If your country is not listed, select the one that is in your time zone.
4. Click Next to advance to the next screen.
Figure 8: The Setup Wizard

Modifying the Password

Security reasons necessitate changing the default password before exiting the
setup Wizard. The password you select will not display in the field and it is case-
sensitive. Make sure you can remember your password as there is no retrieval
system in case it is forgotten. If you cannot remember your password, you will need
to reset the Accelerator to factory default settings as described in Resetting the
Password, on page 331.
Note: The following values are not accepted as passwords:

i
An empty field (i.e. a blank password)
Expand (the default original password)
Other values as specified in Choosing a Legal
Password, on page 331.
To enter a password:
1. Type the current password in the Current Password field. If you are logging in for
the first time, the default password is Expand.
2. Type a new password (context sensitive) in the New Password field.
3. Confirm this password by typing the same password you typed in step 2.
4. Click Next to move to the next screen.
Figure 9: The Setup Password window
R ev isi o n 3. 0
Reviewing Wizard Configuration

The Summary screen of the Setup Wizard lets you review the parameters set via
the Wizard before saving them to the Accelerator.
If the configuration is correct, press the Finish button to save the settings to the
Accelerator.
CAUTION! Clicking Finish saves the configuration as the Accelerator’s Startup

!
! Config.
Figure 10: Setup Wizard Summary window

Accelerator Main Menu 29
Accelerator Main Menu

The following buttons, which are common to all WebUI menu screens, let you carry
out basic operations as follows:
WebUI Menu Item Description

Setup Wizard Click the Setup Wizard link at any time to open the Setup Wizard.
Write Click the Write link at any time to write the current configuration. This
must be done when specified.
Change Password Click the Change Password link at any time to modify your login
password. The password is case sensitive, but the number of characters
is not limited. For information on choosing a proper password, see
Choosing a Legal Password, on page 331. If you have forgotten your
password, you will need to reset the Accelerator to factory default
settings, see Resetting the Password, on page 331.
Logout Click the Logout link at any time to log out of the Accelerator.
Clicking on this button at any time on any page in the interface will set
that page as the default startup page “home page” each time you log
into the WEB/UI. There is no confirmation to this action.
Click the Refresh button at any time to refresh the data in the WebUI.
Any change not saved will be deleted.
Click the Help button at any time to open the Accelerator’s online help.
This help is pop-up based so make sure your browser’s settings allow
pop-ups.
R ev isi o n 3. 0
Modifying the Basic Configuration

To modify the basic Accelerator setup, you can make changes via the Basic screen
in the Setup menu of the WebUI.
Note: To carry out any modifications and additions after initial configuration,
i
always use the Basic screen or the My Links screen and not the Wizard. The
Wizard resets other parameters to their default values when accessed.
The parameters on this screen are identical to the parameters configurable via the
Setup Wizard’s Basic screen, with the exception of Routing Strategy settings (see
Setting Routing Strategy, on page 31). For more information see Performing Setup
via the Wizard, on page 22. In addition, the Basic screen lets you add a description
to identify the Accelerator.
The Basic screen includes specific details concerning the Accelerator device, as
follows:
Platform Accelerator type
Product ID The product ID is the unique number identifying the Accelerator, and is used
when licensing the product
AcceleratorOS Version Software (AcceleratorOS) version running on the Accelerator
System Up-Time The last time the device was rebooted, and how much time has elapsed since.
Current Time Time set in the Accelerator
If you need help with the AcceleratorOS interface, see Accelerator Main Menu, on
page 29.
To change the basic Accelerator parameters:

1. Enter the information as described in the following table.
2. Click Submit.

Modifying the Basic Configuration 31
3. For advanced configurations, click Advanced Settings Configuration and see

Defining Advanced Settings, on page 32.
Device Name Set a name for the Accelerator of up to 60 characters, without spaces and
special characters.
Description Type a description that is relevant for your use. For example, 3F ACC
IP Address Type a valid IP address for this Accelerator.
Subnet Mask Type a Subnet Mask to identify this Accelerator’s local subnet.
Routing Strategy See Setting Routing Strategy, on page 31.
Default Gateways Enter the network’s Default Gateway to which the Accelerator will forward the
traffic it intercepts. You can add more than one gateway, by typing the IP
address in the field and clicking Add. The maximum number of gateways that
you can add is 5.
Advanced Settings See Defining Advanced Settings, on page 32
Setting Routing Strategy

The Basic screen lets you set the Routing Strategy.
Routing strategy defines how to route traffic. In environments such as router polling
and dynamic routing networks, the Accelerator must route all traffic, and therefore
you should set Routing strategy to Routing only. In other environments, non-link
traffic and inbound traffic should not be directed to the router (normally, when non-
link traffic is transmitted by the Accelerator, it is directed to the router; but this can
cause problems if the destination is a Layer-2 address or for incoming traffic). In
such environments you have to set the Routing strategy to Bridge route, which does
not route non-link and inbound traffic - only traffic destined to an accelerated link or
a virtual link.
Routing-Only –typically used in On-LAN deployments, or in
environments that require the Accelerator to route all traffic (for
example: networks that use Dynamic Routing policies).
Bridge Route – typically used in On-Path deployments, where traffic
is not necessarily routed through the router.
Note: Enabling TCP Acceleration requires you to use “Routing-Only” routing

i
strategy.
R ev isi o n 3. 0
Defining Advanced Settings

Lets you set advanced information about the Accelerator’s setup, as shown in the
following table. Changes made here require you to click the Submit button in order
for those changes to take effect.
Deployment Type On-Path: see On-Path, on page 8

On-LAN: see On-LAN, on page 9
For additional information on both types of deployment, see the Quick
Installation Guide supplied with your Accelerator
Deployment Size Enter the approximate number of Accelerators to which the local
Accelerator will be connected (1-500).
Setting an accurate network size enables the Accelerator to better optimize
traffic. In network topologies such as Mesh and Hub, knowing the network
size is important for the Accelerator in order to know how to divide its
system resources correctly among connected Accelerators.
Bandwidth Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth
Caching Defines the active cache method: WAFS only (for CIFS traffic), Web Cache
only (for HTTP servers), or both or None.
Maximum Links Used for defining the maximum number of requested links. You can set
here any number between 1 and 450.
Traffic Gauge Enabled by default, allows the user to see statistics in the traffic gauge
link’s or non-link output. Select the Enable check box to Enable, clear the
check to Disable.
CAUTION! The WAN bandwidth setting is used by the Accelerator’s QoS

! mechanism. Ensure that the WAN bandwidth is not set too low, otherwise the
! Accelerator’s QoS mechanism may drop packets and cause applications to
disconnect.
Note: For the Accelerator’s application optimization to work properly, you are
i
advised to set an accurate WAN bandwidth defining the physical link that the
Accelerator sits on. Either select the WAN Bandwidth from the pull-down menu
or select Other and enter a specific figure into the provided field along with its
correct unit (bps, Kbps, Mbps, Gbps).
If you are unsure of your WAN bandwidth setting, use the default setting of 100
Mbps.

About the AcceleratorOS License 33
About the AcceleratorOS License

Physical Accelerators are shipped with a temporary license with a grace period,
during which you must register the product and a install a permanent license. Once
the grace period has passed, the Accelerator will continue to pass data in pass-
through mode and will not optimize traffic in any way. Once you have installed the
permanent license only the features (listed below) that you have licensed will be
optimized.
Virtual Accelerators are licensed via the Licensing Server and Dongle. Information
about the Licensing Server is in the Licensing Server User Guide that is supplied
with the Accessories DVD for the Virtual Accelerator.
The following features are subject to individual licensing requirements:
Bandwidth—see note below
QoS
L7-QoS
TCP Acceleration
Web Caching
WAFS (both FB and FBD)
IPsec
A Note about Bandwidth Licensing: the bandwidth license specifies the

i maximum amount of traffic that will be accelerated. Any remaining traffic will
pass-through. For example, if you have a license for 2MB and the network has
more than 2MB of traffic, the maximum amount of traffic up to 2MB is accelerated,
the remaining will pass through. To see if a particular link has exceeded the
licensed bandwidth allowance, look at the My Links screen and a partial icon will
be displayed next to the link.
If you are concerned about exceeding your license limit, you can monitor it within
the Links Statistics Data Table (see Figure 11). If packets are exceeding the
license or if the license is expired, you are notified with a warning message
Figure 11: License Exceeded
R ev isi o n 3. 0
Additional topics in this section include:

Viewing the License Status, on page 34
Reviewing the Licensing Procedure, on page 35
Viewing the License Status

Viewing the license status is possible as follows:
Via the Licensing tab of the My Accelerator screen.
or
Via the CLI see Licensing Commands, on page 426.
The License Table shows all applicable features that are subject to the license and
also shows each license’s status. If the license is a trial license, the amount of time
left to the license is indicated. Should you need to change, upgrade, or re-new
your license, you should contact your local reseller.
Note: The grace period counts only days during which the Accelerator is powered
i
on.
Note: In the unlikely event of Accelerator failure, if you use a non hard drive-
i
based Accelerator, you can immediately replace the Accelerator in the field by
inserting the Compact Flash from an Accelerator with a permanent license into
another Accelerator. This will enable the second Accelerator to function with an
evaluation license, allowing you time to register the new Accelerator.

Reviewing the Licensing Procedure

Licensing a physical Accelerator involves two steps:
Activating the I-Key in the Portal, on page 35
Applying an Accelerator Feature License Key, on page 36
Licensing a Virtual Accelerator involves two steps:
Activating the Licensing Server Dongle via the Portal, on page 37
Configuring the Licensing Server via the Accelerator, on page 37
To renew or upgrade your license, contact Expand’s Technical Assistance Center. If
you do not know how to do this see Contacting TAC, on page 405.
Licensing a Physical Accelerator
Activating the I-Key in the Portal

To Activate the I-Key:
1. Identify the Accelerator’s Serial number (product ID) in the upper right hand
corner of the Basic screen of the AcceleratorOS WebUI.
2. Open your E-mail and copy the I-Key that was sent to you with your order
confirmation.
3. Go to www.expand.com. Click the My Expand tab on the top of the Web page.
Customers are to go to the Extranet site by clicking the Here to Login button on
the right.
4. Enter your login information and click Log In. If you have not yet registered click
First Time Here to do so and then log in.
5. Click on the Accelerator Licensing tab.
6. Click the Add Product link.
7. In the popup window, enter the Site Name, and the Reseller. Type or paste the
Serial Number from the AcceleratorOS WebUI. Re-enter the serial number. Click
the Submit button and a new pop-up window opens.
8. In the I-Key field, enter the I- Key (received via E-mail) and click the Activate
button. The popup window now displays the details of the license key.
9. Copy the information listed in the first line: LICENSE KEY IS:
R ev isi o n 3. 0
This is the number that you need to enter into the Accelerator to activate the
license. Keep this information in a safe place. See Applying an Accelerator
Feature License Key, on page 36 to continue.
Applying an Accelerator Feature License Key

To activate or reactivate an Accelerator feature
License Key:
1. Make sure you have copied the License Key from the Licensing Section of the
customer portal to the clipboard.
2. In the Accelerator’s WebUI, click Setup followed by My Accelerator, and then
Licensing.
3. Click the Activate New License button and click the Key radio button.
4. Click Paste to paste the License Key as copied from the clipboard.
5. To update the new license features for all established links, select the Refresh
acceleration on all links checkbox, if not keep the checkbox deselected.
6. Click Activate License.
To upload a License File:

1. Make sure you have downloaded the license file (.lic) from the Customer Portal
and transfer it to the Accelerator using an appropriate transfer protocol (FTP, for
example). Also, make sure you write down the file name (it is case sensitive).
Licensing.
3. Click the Activate New License button.
4. Click the File radio button and type the complete name of the file in the field.
There is no browse option.
5. To update the new license features for all established links, select the Refresh
acceleration on all links checkbox, if not keep the checkbox deselected.
6. Click Activate License.

Licensing a Virtual Accelerator
Activating the Licensing Server Dongle via the

Portal
Once you have received the Licensing Server Package, you need to register the
Dongle on the Expand Networks’ Channel or Extranet Portal. You will need the
Dongle ID number in order to register the Dongle. This number is supplied to you
within the Confirmation Letter you received when you purchased the Virtual
Accelerator.
1. Go to www.expand.com. Click the My Expand Link. Customers are to go to the
Extranet site by clicking the Here to Login button on the right.
2. Enter your login information and click Log In. If you have not yet registered click
First Time Here to do so and then log in.
3. Click on the Accelerator Licensing tab.
4. Click the Add Product link.
5. In the popup window, enter the Site Name, and the Reseller. Enter the Dongle
ID Number. Re-enter the Dongle ID Number. Click the Submit button and a new
popup window opens.
6. Download the Licensing Deployment File (.lic) by clicking the underlined hyper-
link.
7. The individual Virtual Accelerator License Keys are also displayed. Download the
Excel spreadsheet and save it for your records.
8. Go to Configuring the Licensing Server via the Accelerator, on page 37, to
continue.
Configuring the Licensing Server via the

Accelerator
All Virtual Accelerators require a connection to the Licensing Server in order to
provide acceleration services. Note that, if for any reason the connection to the
licensing server is lost, the license state will default to a grace-period state,
requiring you to fix the problem before the grace-period ends. Failure to do so will
result in your license being invalidated.
R ev isi o n 3. 0
Note: In order to use the Virtual Accelerator, you will need to install the Licensing
i Server and Dongle. For additional information about the Licensing Server
Installation or Licensing Server Dongle, see the documentation included on the
Virtual Accelerator Accessories DVD.
To connect the Virtual Accelerator to the licensing
server:
Licensing.
2. Click the + to open the Licensing Advanced window.
3. Decide how you are going to connect to the server by selecting one of the
following:
If you know the licensing server’s IP address, select IP address
and type it in the IP Address field.
If you know the Host name, type the name in the Host Name field.
If you want the Virtual Accelerator to discover the licensing server
by itself, click Auto Discover.
4. Click Submit.

Logging On and Off the Accelerator 39
Logging On and Off the Accelerator

In the setup of the Accelerator, you set a password. You will need this password to
log into the software.
To log into the Accelerator:

1. Open a web browser.
2. Enter the IP address of the Accelerator. The login screen appears.
3. If your browser has pop-ups disabled, change the properties so that pop-ups are
enabled.
4. Verify that the platform and software version shown on the screen are correct.
5. In the User Name field, enter the user name you used in the Setup Wizard. This
is case sensitive.
6. In the Password field, enter the password you used in the Setup Wizard. This is
case sensitive. If this is your first time logging in, the default user name is
expand and the default password is Expand. Both are case sensitive.
7. Click Submit.
To logout of the Accelerator:

1. From any screen in the WebUI, click Logout. There is no confirmation. You are
immediately logged out.
R ev isi o n 3. 0
I ntegrati ng the Accelerator i nto Your

Network
The steps involved in integrating the Accelerator in your network depend entirely
on the structure of the network and the various technologies and devices already in
place on your network.
The following section describes the steps needed to get the Accelerator up and
running for various network topologies and technologies. Your network may need
one or any combination of the following settings.
The Accelerator Installation Wizard is designed to get the Accelerator up and
running on a standard network, namely: a network that installs the Accelerators in
a point-to-point, or point-to-multipoint configuration, with one router and one or
more remote sites.
After concluding the first stage of using the wizard, as detailed in the Quick
Installation Guide, proceed with the configuration by referring to one of the
following sections, depending on the network environment:
Integrating into Networks that use Dynamic Routing, on page 40
Networks Using External QoS or Monitoring Devices, on page 41
Working in Noisy Link Environments, on page 41
Installing On-LAN at a Data Center, on page 41
Installing in a High Latency Environment, on page 42
Installing in a Web-Intensive Environment, on page 42
Accelerator QoS, on page 198
Integrating into Networks that use

Dynamic Routing
Follow these steps to install the Accelerator on a network that already uses
dynamic routing.
Use the Installation Wizard to set up basic Accelerator properties.
Use the following steps for networks that use OSPF dynamic routing.
See Setting Dynamic Routing, on page 95.

Integrating the Accelerator into Your Network 41
Networks Using External QoS or

Monitoring Devices
When QoS is deployed on the network (not via the Accelerator, but by using third-
party software), setting up the Accelerator is necessary for enabling the QoS device
to continue having access to the traffic traversing the Accelerator. See
Working in Noisy Link Environments

If you add the Accelerator to a particularly noisy environment, with a high number of
BERs, drops or collisions (for example, satellite links or a connection with radio
transmissions), the following configuration modifications may help optimize
Accelerator performance. In addition you may want to consider enabling TCP
Acceleration if links are high-latency, as described in section Installing in a High
Latency Environment, on page 42. See Creating and Editing Links, on page 78 for
information on customizing link connections.
Installing On-LAN at a Data Center

Installing an Accelerator On-LAN at the data center requires taking extra measures
in order to enable redirecting all relevant traffic to the Accelerator. When working in
On-LAN mode, the Accelerator needs to intercept packets from the LAN before they
are handled by the router. This is accomplished either via RIP Route Injection, or
via the Web Cache Communication Protocol (WCCP). For more information, see
Enabling Packet Interception, on page 99.
For information on configuring the router to support WCCP mode, see Setting
WCCP on the Router, on page 105.
If resilience is necessary, and HSRP or VRRP is implemented among the routers at
the central site, you can configure the Accelerator to operate within an HSRP or a
VRRP group. For more information see Router Redundancy Protocols, on page
309.
R ev isi o n 3. 0
Installing in a High Latency

Environment
TCP, which was designed to ensure reliable IP transmission, does not perform well
in high latency and high-packet-loss environments. The TCP limitations are
expressed in the long times required for file transfers over the WAN, degraded web
performance and unresponsive applications. TCP Acceleration enables optimization
and better utilization of WANs that suffer from distance-induced TCP limitations.
For more information on TCP Acceleration, see section Studying TCP Acceleration,
on page 236,.
Installing in a Web-Intensive
Environment
If your network runs many Web-based applications, or a lot of Web browsing takes
place between branch offices to the central office’s Internet link, DNS Acceleration
may decrease some of the network congestion.

Chapter 3: Monitoring the Network
This chapter explains how to use and understand the Accelerator’s advanced
graphic reporting and statistics feature that enables monitoring of Accelerator
performance and throughput.
Introduction to Monitoring, on page 44
Using Link Statistics and Graphs, on page 47
Discovering Traffic, on page 55
Viewing Statistics and Graphs for Specific Applications, on page 60
Viewing Summary Graphs, on page 66
Viewing Ethernet Statistics, on page 67
Configuring NetFlow Support, on page 69
44 C h ap t er 3: Monitoring the Network
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator
history log, so that if Windows closes or if an Accelerator reboots, you can easily
re-access the chart or graph via the Accelerator WebUI.
The graphs are automatically updated, according to a set frequency. The
Accelerator samples the data behind-the-scenes and stores it in a compact way,
which lets you view data up to the minute over a period of up to a year. This
sampled data represents the average over the selected period of time.
Expand recommends that you open a maximum of five charts per-Accelerator
simultaneously. The monitoring feature, available via the Monitor tab, lets you view
statistics and graphs for the following: From WAN, To LAN, To WAN, and From
LAN traffic, as described in the following figure:
Figure 1: WAN to LAN and LAN to WAN
Note: In a non-link environment, if a local subnet is not defined as LOCAL, the

i
Accelerator QoS and Monitoring features do not function properly. Ensure that
all Local subnets are defined as local.

Working with Monitoring 45
Working with Monitoring

To work with monitoring, you first need to take several steps, defined in the
following sections:
Installing the JAVA Applet, on page 45
Using Verisign Security Certificate, on page 46
Studying The Monitoring Window, on page 46
Note: The Accelerator’s graphic reporting feature works with the Java-Applet
i
(JRE 1.4 and up, recommended to use the Java-Applet provided on the Expand
Networks Extranet). The PC used for viewing the graphs must support Java
runtime environments and a Java plug-in must be installed in order to view the
Accelerator’s graphs
Installing the JAVA Applet

To determine whether you need to install the Java plug-in, from the Start button,
click Settings > Control Panel > Add or Remove Programs. Search the list for
JAVA 2 Runtime Environment.
If you do have this software installed and have verified that you are using the
correct version, you are ready to begin working with the Accelerator’s Graph
Monitoring feature.
If the JAVA plugin is not installed on the PC, follow this procedure to download and
install the plugin.
To download and install the Java plugin:

1. Use the Documentation and Software CD and Click on the Java plugin link.
The Java Plug-in installation wizard opens.
2. Use the default settings to install the Java-Plug-in.
This plug-in lets you view the Accelerator’s Graphic-Reporting feature by opening
a new Internet Explorer window and entering the Accelerator’s IP address into the
Address field.
R ev isi o n 3. 0
Using Verisign Security Certificate

In order to work with the Monitoring feature, MS Windows requests you to verify
that the Accelerator is a trusted site, via a popup window that appears on your
screen. To avoid seeing this popup every subsequent time you try to access the
Monitoring menu, you should click the Always button the first time it appears.
Studying The Monitoring Window
Option Description
Direction The Accelerator’s monitoring feature lets you view statistics for inbound or outbound
traffic on the Accelerator.
Link The Accelerator’s monitoring feature lets you view statistics, for the following:
• A specific link
• All of the Accelerator’s links
• All compressible links
• The non-link
• All virtual links
View Last Scroll down in the View Last drop-down menu to select the period for which the
graph is displayed. The default period is 30 minutes.
Link Speed You can set the link speed in the fields above the graph to add a line to the
displayed graph, enabling you to see the limit of throughput that can actually
traverse the link.
By default, when Auto is selected in the link speed column, the link speed is set to
the bandwidth set for the link selected. When Total is selected in the Link column,
the default link speed (when Auto is selected in the Link speed column) is set to
either the total bandwidth set for all links or the sum of all WAN bandwidths; total is
the lower value of the two.
Peak Data Select the Show checkbox if you want to see the peak lines representing the
highest statistics achieved for the reported period. All graphs displayed give an
average of the performance for any given interval. Therefore, viewing Peaks is
necessary for understanding the Accelerator’s overall performance.
Click the Save button to save the generated graphs as a JPG or a PDF file. You are
then directed to browse to a location in which to save the file. The PDF file created
displays each graph in the selected Monitoring window and a brief description of
Save each.
Click the Export to CSV button to save the generated graphs as a CSV file. You will
be directed to browse to a location in which to save the file. The file created
generates a table with the following fields:
Name, Description, Period, Interval, Sample Time, In, Peak In, Effective In, Effective
Peak In, Inbound Acceleration, Inbound Peak Acceleration, Inbound Compression,
Inbound Peak Compression, Out, Peak Out, Effective Out, Effective Peak Out,
Export to CSV Outbound Acceleration, Outbound Peak Acceleration, Outbound Compression,
Outbound Peak Compression
For a description of these fields, see section Viewing Statistics for Applications, on
page 65.

Using Link Statistics and Graphs 47
Using Link Statistics and Graphs

The link statistics and graphs let you monitor the performance of the Accelerator
and its links. Alternatively, you can monitor the Accelerator based on the
Applications traversing its links.
Topics covered include:
Viewing Throughput Statistics per Link, on page 48
Viewing Acceleration Statistics per Link, on page 49
Viewing Compression Statistics per Link, on page 51
Viewing Statistics per Link, on page 52
R ev isi o n 3. 0
Viewing Throughput Statistics per

Link
The Throughput Statistics per Link graph lets you monitor how much traffic
passed through the Accelerator. This graph lets you compare between accelerated
throughput, (what actually goes over your WAN link) and the pre-accelerated
throughput, which is the throughput that would have been used without the
Accelerator’s compression mechanisms. The blue area represents the actual
bandwidth used with the Accelerator, while the yellow represents the amount of
bandwidth that would have been used without the Accelerator.
Note: If the Accelerator is not deployed the available bandwidth is reduced,

i
therefore you should expect to see slower rates used by their servers and hosts.
Figure 2: Link Utilization Statistics

The Utilization Statistics per Link graph lets you monitor how much of the links is
being utilized. The traffic displayed is accelerated traffic, and therefore cannot
exceed 100% of the link speed. Selecting the link speed is necessary in order for
the Utilization graph to display accurate data.

Viewing Acceleration Statistics per

Link
The Acceleration Statistics per Link graph lets you view acceleration percentages
for inbound and outbound traffic on the Accelerator per interface/link or for the total
for the Accelerator.
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing
and compressing the traffic. This statistic does not take into account traffic that by-
passes the acceleration mechanism. Acceleration percentages are calculated as
follows:
Figure 3: Acceleration Process

To calculate acceleration:
Refer to the Monitor > Links > Statistics menu for data to be used in the
following procedure.
1. Multiply the number of In Packets by 14.
This accounts for the Ethernet Layer-2 header.
2. Subtract this number from the number of In Bytes.
3. Divide this number by the sum of the Out Packets multiplied by 14 and subtracted
from Out bytes.
4. Subtract 1 from the sum.
5. Multiply the ratio by 100 to arrive at the acceleration percentage.
R ev isi o n 3. 0
InBytes – 14 X InPackets
------------------------------------------------ – 1 X 100
OutBytes – 14 X OutPackets
Figure 4: Calculating Acceleration

InBytes—Incoming bytes (from LAN) - Do not tunnel bytes-
Routing bytes- Passthrough bytes
InPackets—Incoming packets (from LAN) - Do not tunnel packets -
Routing packets - Passthrough packets
OutBytes—Outgoing bytes (to the WAN) - Do not tunnel bytes -
Routing bytes - Passthrough bytes - System messages bytes
OutPackets—Outgoing packets (to the WAN) - Do not tunnel
packets - Routing packets - Passthrough packets - System
messages packets.
Parameter Item Description

Do Not Tunnel Traffic set with the “Do Not Tunnel” decision,
Non-link traffic, Virtual link traffic
Routing Traffic between the Accelerator and the local
router to retrieve routing information for the local
LAN
Passthrough Traffic set with the “Do Not Accelerate” decision,
overload traffic
System Messages Keepalives and so on.

For example: in a simple scenario in which the packet size is 1000 bytes:
If InBytes = 300,000 and OutBytes = 100,000 then:
300000 – 14 X 300
--------------------------- – 1 X 100 = 208
100000 – 14 X 300
Figure 5:Calculating Acceleration Example
Viewing Compression Statistics per

Link
The Compression Statistics per Link graph displays the amount by which traffic was
reduced by the Accelerator. This graph represents in percents, how much less data
is passing over the physical link because of acceleration. The Accelerator is
capable up to 99.99% reduction.
Viewing Utilization Statistics per

Link
The Utilization Statistics per Link graph lets you monitor how much of the link is
being utilized. The traffic displayed is accelerated traffic, and therefore cannot
exceed 100% of the link speed. Selecting the link speed is necessary in order for
the Utilization graph to display accurate data.
R ev isi o n 3. 0
Viewing Statistics per Link

The Accelerator’s Statistics table displays data presented in the Link graphs in
table format per link or for the entire traffic.
To view a statistics table:

1. Click the following menu sequence: Monitor > Links > Statistics.
2. Select a link from the Link drop-down menu, or select Total to view statistics for
all of the links.
3. From the drop-down menu, select the statistics to be displayed: All,
Throughput, Errors, or Acceleration. For a description of the information that is
displayed in the table, see the following table below:
All statistic items are displayed according to:
Data—Lists type of statistic gathered.
System up—Data transferred over the link selected that was
collected since the Accelerator was powered on. Data is listed in
KB, in percentages, or in number of packets.
Since Clear—Data transferred over the link selected that was
collected since the Accelerator’s counters were last cleared. Data
is listed in KB, in percentages, or in number of packets.
Last 5 Seconds—Data transferred over the link selected that was
collected over the last 5 seconds. Data is listed in Kbps or in
percentages.

Bytes Information
In Bytes Number of input bytes
Out Bytes Number of outgoing bytes
In IPsec Bytes Number of input bytes that are sent over a secure link
Out IPsec Bytes Number of outgoing bytes that are sent over a secure link
Raw In Bytes Total incoming bytes being accelerated using this link
Raw Out Bytes Total outgoing bytes being accelerated using this link
Dropped Out IPsec Bytes Number of outgoing bytes that were dropped on a secure link
Exceeded License Bytes Number of bytes that are not optimized because the bandwidth
limit as set by the AcceleratorOS license is exceeded
Packets
In Packets Number of input packets
Out Packets Number of outgoing packets


Packets
In IPsec Packets Number of input packets sent over a secure link
Out IPsec Packets Number of outgoing packets sent over a secure link
Discarded In Packets Incoming packets that were discarded by a rule with discard policy
Discarded Out Packets Outgoing Packets that were discarded by a rule with discard policy
Dropped In Packets Incoming packets that were dropped by QoS enforcements, such
as queues and obsolete
Dropped Out Packets Outgoing Packets that were dropped by QoS enforcements, such
as queues and obsolete
Dropped Out IPsec Packets Outgoing Packets that were dropped by QoS enforcements, such
as queues and obsolete on a secure link.
Traffic-Gauge Packets Outgoing Packets that were not optimized due to being sent
through the Traffic-Gauge mechanism in order to enhance
performance
Poly In Packets Number of small packets aggregated, or combined, after
transmission
Poly Out Packets Number of small packets aggregated, or combined, before
transmission
Agg Default In Packets Incoming packets that were aggregated as part of the default post-
acceleration aggregation policy.
Agg Default Out Packets Outgoing Packets that were aggregated as part of the default post-
acceleration aggregation policy
Agg User-Defined 1 In Packets Incoming Packets that were aggregated as part of the user
defined-1 post-acceleration aggregation policy.
Agg User-Defined 1 Out Outgoing Packets that were aggregated as part of the user
Packets defined-1 post-acceleration aggregation policy.
Agg User-Defined 2 In Packets Incoming Packets that were aggregated as part of the user
defined-2 post-acceleration aggregation policy.
Agg User-Defined 2 Out Outgoing Packets that were aggregated as part of the user
Packets defined-2 post-acceleration aggregation policy
Agg Thin Client In Packets Incoming Packets that were aggregated as part of the Thin Client
post-acceleration aggregation policy
Agg Thin Client Out Packets Outgoing Packets that were aggregated as part of the Thin Client
post-acceleration aggregation policy
Do Not Acc Packets Number of packets sent out marked as Do not Accelerate.
Do Not Tunnel Packets Number of packets sent out marked not to be routed into the link.
Exceeded License Packets Number of packets that are not optimized because the bandwidth
limit as set by the AcceleratorOS license is exceeded
Errors
CRC Errors Number of CRC-errored packets received
Other Errors Unexpected errors received
R ev isi o n 3. 0

Errors
IPsec Decrypt Errors Errors resulting from Decryption
IPsec Encrypt Errors Errors resulting from Encryption
IPsec Other In Errors Number of errored packets received that were not caused by
decryption
IPsec Other Out Errors Number of errored packets transmitted that were not caused by
encryption
IPsec IPS In Auth Errors Number of Authentication Header failures. This occurs when there
is an authentication mismatch
IPsec IPS In Replay Win Number of Replay Window errors. This is generated when a
Errors duplicate packet is received by the replay window
Acceleration
In Acceleration Inbound Acceleration percentage
Out Acceleration Outbound Acceleration percentage
In Actual Acceleration Acceleration that considers all incoming throughput
Out Actual Acceleration Acceleration that considers all outgoing throughput
In Compression Inbound compression percentage
Out Compression Outbound compression percentage
To clear all of the statistics counters:
Note: This will clear all of the statistics counters, so make sure you want to do
i this before proceeding.
1. Click the Clear Counters button.

2. Click Yes when prompted.

Discovering Traffic 55
Discovering Traffic
The Traffic menu lets you view applications running on the network. Traffic is
divided into the following categories: Detected traffic (all other applications
detected on the network - non-classified traffic that is not part of a predefined or
user-configured application type), Monitored traffic (all applications set to enable
“collect statistics”), and Layer-7 discovery (the application properties discovered on
the network).
This section contains the following topics:
Viewing Detected Applications, on page 55
Viewing Detailed Traffic Discovery, on page 55
Creating a New Application from Discovered Traffic, on page 57
Viewing Monitored Applications, on page 58
Discovering Layer-7 Applications, on page 58
Viewing Detected Applications

The Detected Applications menu lets you view all detected applications that
traverse the network. You can view the applications coming in both directions (from
LAN to WAN and conversely), the throughput before and after the acceleration, and
the acceleration rate.
Viewing Detailed Traffic Discovery

If you want to create a new application from the discovered traffic, see Creating a
New Application from Discovered Traffic, on page 57.
To view detailed traffic discovery for detected

applications:
1. Click on Monitor, followed by the Traffic Discovery tab and then the Detected
Applications tab.
2. Click on the Details column and the Detected Applications window appears.
R ev isi o n 3. 0
Figure 6: Detected Applications

This window contains the following items:
The Clear Counters button - lets you clear all counters for the
discovered application. This is useful in case you want to start
collecting new statistics without restarting the system.
The Inbound section - details data regarding the inbound traffic. All
data items detailed here can be seen since the system was last
started (System up), since the last time the counters were cleared
(Since Clear) or in the last five seconds.
The Outbound section - details data regarding the outbound traffic.
All data items detailed here can be seen since the system was last
started (System up), since the last time the counters were cleared
(Since Clear) or in the last five seconds.
The Inbound section details the following data items:
In Bytes - the amount of compressed bytes that entered the link in
this specific system.
Raw In Bytes - the amount of pre-compressed bytes that entered the
link in this specific system.
Queued in bytes - the amount of bytes waiting to enter the system.
In Packets - the amount of compressed packets that entered the link
in this specific system.
Dropped In Packets - the amount of packets that were not
accelerated.
Discarded In Packets - the amount of packets that were discarded
before passing through the link.
The Outbound section details the same data items, in the outbound direction.

Creating a New Application from

Discovered Traffic
To create a new application from discovered traffic:
1. Click the Monitor tab, followed by Traffic Discovery, and Detected Applications.
2. In the Detected Applications table, click on the name of the detected application
for which you would like to create an application. Follow the directions as in any
new application. See Creating New Applications, on page 213. Once the
Application is created, the application appears in the list of Monitored
Applications. To see this list, see Monitoring Applications, on page 63. You can
view the newly created monitored application from any of the application graph
screens by selecting it from the Applications drop-down box, from within the
graph screen. See Viewing Statistics and Graphs for Specific Applications, on
page 60.
i Note: As soon as even one undefined packet is detected (TCP/UDP), it is

displayed as an unrecognized port in the traffic discovery list.
R ev isi o n 3. 0
Viewing Monitored Applications

The Monitored Applications menu and table lets you view all discovered and
defined applications traversing the network. You can view the applications coming
in both directions for the last five seconds. The Monitored List is done on a per link
basis, or can be done globally to all links. Monitored Applications are added to a
monitor list. Applications can be removed or added to this list. See Monitoring
Applications, on page 63.
Figure 7:Monitored Applications
To view a monitored application:

1. Click the following menu sequence: Monitor >Traffic Discovery > Monitored
Applications.
2. The monitored applications menu opens.
3. To see details about a specific application click the Details link and a table
opens showing statistical information on the application. See Viewing Statistics
for Applications, on page 65 for an explanation on the fields in the table.
Discovering Layer-7 Applications

The L-7 table lists the application properties discovered on the network. These may
be L7-applications that have been defined already or L7-applications that are not
defined but have been detected. To configure the QoS parameters of these
applications, double-click the applications in the table. To configure the QoS
parameters of these applications, double-click the applications in the table.

To discover which applications are present on the

network:
1. In the Accelerator WebUI, click Monitor, followed by Traffic Discovery and then
L7 Discovery.
2. In the Parent L7 Application field, select one of the following: HTTP, Citrix, or
RDP.
3. Select the Enable Discovery checkbox.
By default this checkbox is disabled. The L7 table lists the application properties
discovered on the network. These may be L7-applications that have been defined
already or L7-applications that are not defined but have been detected. To define
the application, see Creating New Applications, on page 213.
4. To configure the QoS parameters of these applications, double-click the
applications in the table.
This eases the process of defining QoS for the applications, because the L7
application parameters are detected and filled-in automatically (MIME type, URL,
Citrix Application name and client and so on). See Applying QoS, on page 197 for
more information.
R ev isi o n 3. 0
Viewing Statistics and Graphs for

Specific Applications
Displaying statistics allows the ability to monitor changes in application behavior.
Displaying the statistics as a graph makes the information easy to understand. The
application allows you to save all statistical data in external formats such as PDF
and Excel. In addition, you can monitor the Accelerators within your system.
The following operations can be performed:
Viewing Utilization Statistics per Application, on page 61
Viewing Acceleration Statistics per Application, on page 62
Viewing Compression Statistics per Application, on page 62
Viewing Bandwidth Distribution Statistics per Application, on page 63
Monitoring Applications, on page 63
Viewing Statistics for Applications, on page 65
Graphs viewed per application let you view statistic data items, export them into a
CSL file, or save them in Acrobat (PDF) format.
For each graph, the following options are available, as seen in the screen below:
Application Select an application to view, or select Top 10 or From List.
Top 10 displays results for the ten applications that are most prevalent on your
network.
From List displays the ten applications selected in the Monitored Applications
window.
Direction The Accelerator’s monitoring feature lets you view data for From WAN, To LAN, To
WAN and From LAN traffic on the Accelerator.
Link The Accelerator’s monitoring feature lets you view data per link or for the total for
all of the Accelerator’s links.
View Last Scroll down in the View-last drop-down menu to select the period for which the
graph is displayed. The default period is 30 minutes.
Link Speed You can set the link speed in the fields above the graph to add a line to the
displayed graph, which lets you see the limit of throughput that can actually
traverse the link.
Peak Data Select the Peak Data checkbox if you want to see the peak lines representing the
best statistics achieved for the reported period. Because all graphs displayed give
an estimate of the performance for any given interval, viewing the peaks is
necessary for getting a full picture of the Accelerator’s overall performance.

Viewing Statistics and Graphs for Specific Applications 61
Setting up Graphs
Only applications defined as “monitored” applications are displayed in the
application graphs. The Traffic Discovery menu lets you view all applications
traversing the network.
Viewing Utilization Statistics per

Application
The Utilization Statistics per Application graph lets you monitor how much in
percentage the link is being utilized by a single application. This graph lets you
compare between inbound and outbound utilization (what actually goes over your
WAN vs. LAN link). The blue area represents your bandwidth gains with the
Accelerator, allowing you to see just how much the Accelerator is really adding to
the line.
You can view the graph per each application, for the top 10 applications or for ten
selected applications.
To enable monitoring of a discovered application:

1. Click on Monitor followed by Applications, followed by Utilization.
2. In the Applications table, highlight the applications to be monitored and use the
arrow keys to add or remove these applications from the monitored applications
table.
3. In the Direction field, select to or from LAN or WAN.
Viewing Throughput Statistics per

Application
The Throughput Statistics per Application graph lets you monitor how much
traffic per application passed through the Accelerator. This graph lets you compare
between accelerated throughput (what actually goes over your WAN link) and the
pre-accelerated throughput, which is the throughput that would have been passed
without our advanced compression mechanisms. The blue area represents your
bandwidth gains with the Accelerator, allowing you to see just how much the
Accelerator is really adding to the line.
You can view the graph per each application, for the top 10 applications or for ten
selected applications.
R ev isi o n 3. 0
To enable monitoring of a discovered application:

1. Click on Monitor followed by Applications, followed by Monitor Applications.
2. In the Applications table, highlight the applications to be monitored and use the
arrow keys to add or remove these applications from the monitored applications
table.
3. In the Apply to Link field, scroll down to select the link whose traffic you want to
display
Viewing Acceleration Statistics per

Application
The Acceleration Statistics per Application graph lets you view acceleration
percentages for inbound and outbound applications on the Accelerator per
interface/tunnel or for the total for the Accelerator.
Viewing Compression Statistics per

Application
Figure 8: Compression Statistics

The Compression Statistics per Application graph display, in percents, the amount
by which data traffic over the physical link was reduced, presented in distribution
per single applications.

Viewing Bandwidth Distribution

Statistics per Application
To gain a better picture of what kind of traffic is traveling across your line, the
Bandwidth Distribution Graph details the percentage of bandwidth consumed by
each selected class.
The distribution is for accelerated data, meaning that traffic types that benefit from a
high acceleration percentage consume a relatively small percentage of the line,
though they constitute a higher percentage of the pre-accelerated data.
Monitoring Applications
This section explains how to use and understand the Accelerator’s advanced
graphic reporting and statistics feature that enables monitoring of accelerated
applications.
Applications are either predefined or user-defined. By default, 50 of the predefined
applications are considered Monitored applications (see Pre-Defined Applications,
on page 363), and all user-defined applications are Monitored by default. Monitored
applications are applications for which statistics are saved in the Accelerator to be
displayed in graphs and charts. You can monitor simultaneously up to 50
applications on each Accelerator, and up to 10 applications on each link.
Applications can be can be monitored on a per-link basis or globally on all links.
Figure 9: Monitored Applications window
R ev isi o n 3. 0
To add an application to the monitored list:

1. Click the following menu sequence: Monitor > Applications > Monitor
Applications.
2. Select the link upon which the application is running, from the Apply to Link
drop-down menu. Select Total for all links.
3. Select the application direction from the drop-down menu at the top of the
Application table.
4. Select the Application within the table and click the >> button to move the
application to the Monitored Application list. To remove an application from this
list, select the application and click the << button.
5. Click Submit.

Viewing Statistics for Applications

This screen allows you to view statistical in formation on a specific defined
application over a specific link or a specific defined application over all links.
Defined applications are all applications that have been discovered and have had
their parameters defined and created as an application. These applications appear
in the Applications table (Setup > My Applications). If you want to add an
application to the Applications table, see Creating New Applications, on page 213.
To view statistics for a specific detected application:

1. Follow the following menu sequence: Monitor> Applications> Statistics.
2. Select the link on which the application is running from the Link drop-down menu.
Select the desired Application from the drop-down menu. The statistical
information for the application appears in the statistics table.

Inbound
In Bytes Number of input bytes.
Raw In Bytes Total incoming bytes being accelerated using these links
Queued In Bytes Number of incoming bytes that are in the queue.
In Packets Number of input packets
Dropped In Packets Incoming packets that were dropped by QoS enforcements,
such as queues and obsolete
Discarded In Packets Incoming packets that were discarded by a rule with
discard policy (discard all P2P)
In Acceleration Inbound Acceleration percentage
In Compression Inbound compression percentage
Outbound
Out Bytes Number of outgoing bytes
Raw Out Bytes Total outgoing bytes being accelerated using this link
Queued Out Bytes Number of outgoing bytes that are in the queue.
Out Packets Number of outgoing packets
Dropped Out Outgoing Packets that were dropped by QoS enforcements
Packets (queues, obsolete and so on.)
Discarded Out Outgoing Packets that were discarded by a rule with discard
Packets policy (discard all P2P).
Out Acceleration Outbound Acceleration percentage
Out Compression Outbound compression percentage
3. To clear the statistics counters, click the Clear Counters button.
R ev isi o n 3. 0
Viewing Summary Graphs

The Accelerator lets you view a selection of important performance graphs to
provide you with an overview of your network performance. The Summary menu
lets you view several graphs via a single screen. The data used in the graphs is
based on the total traffic on all Accelerator links.
To view summary graphs:

1. In the Accelerator’s WebUI, click on the Monitor tab, followed by Summary.
2. Select the link, view last, link speed and peak data options.
Figure 10:Summary Graph

Viewing Ethernet Statistics 67
Viewing Ethernet Statistics

The Accelerator lets you view a statistic detailing of the data displayed on the
monitoring graphs. Refer to one of the following sections for details regarding the
configuration of Ethernet statistics:
Configuring the Ethernet Statistics Display Fields, on page 67, for
WebUI configuration.
Ethernet Statistics Display Commands, on page 512 for configuration
with the CLI.
Configuring the Ethernet Statistics

Display Fields
Follow these steps to view, via the WebUI, a statistic detailing of the data displayed
on the monitoring graphs:
1. Click on Monitor followed by Interfaces.
Figure 11: Ethernet Statistics window

2. In the Ethernet Statistics screen, select the relevant Ethernet card in the
Interface field.
The Interface drop-down menu shows all detected Accelerator interfaces.
Additional ports are shown only for platforms which support multi-port. If optional
panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI
shows only the amount of available ports, as indicated in the following figure:.
R ev isi o n 3. 0
Figure 12: Ethernet Statistics screen
The buttons near the Interface field let you clear either the counters of the
currently selected interface or all counters of all interfaces.
All statistic items, in both inbound and outbound directions, are displayed
according to:
Data—Lists type of statistic gathered
System Up—Data transferred over the selected link, which was
collected since the Accelerator was powered on. Data is listed in
KB, in percentages, or in number of packets.
Since Clear—Data transferred over the selected link, which was
collected since the Accelerator’s counters were last cleared. Data
is listed in KB, in percentages, or in number of packets.
Last 5 Seconds—Data transferred over the selected link, which was
collected over the last 5 seconds. Data is listed in Kbps or in
percentages.

Configuring NetFlow Support 69
Configuring NetFlow Support

The Accelerator supports Cisco’s NetFlow protocol (version 5), which enables
collecting traffic flow statistics on routing devices. NetFlow is based on identifying
packet traffic and reporting the traffic statistics to the collector. The traffic reported is
traffic before acceleration, which lets you receive data regarding “real” traffic (not
encrypted, tunneled or accelerated).
NetFlow does not:
Involve setting any connection-setup protocol either between routers or
to any other networking device or end station
Require any change externally either to the traffic or packets
themselves or to any other networking device.
NetFlow does provide various statistical data items (WAN-to-LAN or LAN-to-WAN),
in addition to the items generated by the Accelerator.
NetFlow uses the following SNMP names:
eth 1 (for ETH 0/0)
eth 2 (for ETH 0/1)
By using these names, the Collector receives on-path indication even when on-LAN
deployment is used.
In the Collector, eth 2 is used as the Out port and eth 1 as the In port in LAN-to-
WAN deployment, while the opposite happens in WAN-to-LAN deployment (eth 1 is
used as the Out port and eth 2 as the In port). When using the CLI to configure
NetFlow, you have to indicate which port is used for connecting to the LAN.
The following traffic types are not reported:
WAN-to-WAN
LAN-to-LAN (including bridgeless traffic).
Note: The NetFlow collector listening port is needed for establishing a connection
i
between the Accelerator and the collector. Ensure that this port is not blocked by
a firewall installed between the Accelerator and the collector.
R ev isi o n 3. 0
Identifying the Traffic

NetFlow detects the local subnets’ source and destination addresses, and
determines the traffic direction according to these addresses: the local address are
detected as LAN, while the other address are detected as WAN. However, local
subnets that were configured in the Accelerator to be excluded (namely: to be
connected through a non-link) are detected as WAN.
NetFlow is completely transparent to the existing network, including end stations,
application software and network devices like LAN switches. In addition, NetFlow is
performed independently on each internetworking device, and need not be
operational on each router in the network. NetFlow exports data to a remote
workstation for collection and further processing. NetFlow does consume CPU
resources; therefore, you should be aware of the resources required on your
Accelerator before enabling NetFlow.
The Accelerator communicates data to Collector as it is set to act as any other
probe on the network, forwarding its packet statistics to the NetFlow Collectors,
such as Scrutinizer™ and PRTG™, which let you monitor and analyze Accelerator
packets.
i Note: For your convenience, an evaluation version of the NetFlow collector has
been provided for you on the Documentation CD.
Enabling NetFlow
To enable NetFlow:
1. Click on the Setup tab, followed by Advanced, followed by Netflow.
2. Use the relevant fields to enter the Collector IP address, port number and
interface. Alternatively, click the Set Default Values button to reset the Netflow
configuration values to factory values.
3. Use the Interface drop-down menu to select one of the detected Accelerator
interfaces. Additional ports are shown only for platforms which support multi-port.
If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words,
the UI shows only the amount of available ports, as indicated in the following
figure:

Configuring NetFlow Support 71
Figure 13: Netflow Statistics Interface Parameters window
4. Click the Submit button.
R ev isi o n 3. 0

Chapter 4: Configuring Networking
This chapter describes how to perform networking configuration on the Accelerator,

including:
Optimizing the Network Topology, on page 74
Defining WAN Setup, on page 76
Configuring Secondary IP Addresses, on page 77
Creating and Editing Links, on page 78
Setting Subnet Routing, on page 90
Adding Static Routes, on page 94
Setting Dynamic Routing, on page 95
Enabling Packet Interception, on page 99
Setting the Date and Time on the Accelerator, on page 106
Configuring DHCP Servers, on page 107
Setting ExpandView Connectivity Parameters, on page 108
74 C h ap t er 4: Configuring Networking
Optimizing the Network Topology

The Accelerator enables support of many complex network topologies. Some of
these environments have special considerations when setting up the Accelerator.
Point-to-Point The Accelerator’s default settings are designed with a basic point-
to-point network in mind. For point-to-point networks as well as for
branch offices connected to headquarters, the basic Wizard
configuration should suffice.
This is the default setting.
Mesh and Hub In a mesh or hub-and-spoke topology it is recommended for the
Accelerator to have a correct estimate of the size of the network
and the number of Accelerators connected. To adjust the size of the
deployment, see Defining Advanced Settings, on page 31.
If the Topology-Size is set to a number that is too large, the Accelerator will not
use all its resources, resulting in lower acceleration percentages than would be
possible if the Topology-Size were set accurately.
If the Topology-Size is set to a number that is too small, too many negotiation
messages will be sent between the Accelerator and the network. In addition, the
amount of time it takes for the Accelerator to reboot and to recover from a
disconnected link will be longer than necessary.

Optimizing the Network Topology 75
Taking into Account Network-Specific

Considerations
The Accelerator’s advanced algorithms support multiple complex networks with no
added or special configuration. The algorithms automatically optimize Accelerator
benefits per network setup. The following are special configuration
recommendations for particular networks:
Environment Type Customized Configuration

Noisy environments Noisy environments are handled automatically via the Accelerator.
The Accelerator’s basic configuration settings can automatically
optimize problematic networks of this type.
Out-of-order Out-of-order environments are handled automatically via the
Accelerator. The Accelerator’s basic configuration settings can
automatically optimize problematic networks of this type.
Load balancing In load-balanced environments, you should set the Accelerator to
Source IP preservation (CLI configuration only) to maintain the
semblance of a session, or RTM encapsulation if necessary.
You can perform load balancing per packet or per session. In a load-
balanced environment you should either enable IPcomp via the CLI,
(see (link) encapsulation ip-comp, on page 442) or use transparent
mode to preserve session information.
MPLS In MPLS networks, enable ToS bit preservation and source IP
preservation. Often it is important to enable router transparency
instead, to work with the network’s QoS deployment (see section
(link) encapsulation ip-comp, on page 442).
QoS cloud or working in Enable router transparency, or ToS bit preservation &/or Source IP
conjunction with a QoS device Preservation (see section (link) encapsulation ip-comp, on page 442).
Depending on the fields in use, enabling one or more of the IPComp
preservation modes may be necessary in order to use RTM.
Monitoring device in a cloud Enable router transparency, or ToS bit preservation &/or Source IP
Preservation (see section (link) encapsulation ip-comp, on page 442).
Depending on the fields in use, enabling one or more of the IPComp
preservation modes may be necessary in order to use RTM.
R ev isi o n 3. 0
Defining WAN Setup

Each Accelerator has a default WAN. The settings on this WAN define the physical
connection of the Accelerator to the WAN.
The WAN bandwidth setting is the total physical bandwidth of the link between the
Accelerator and the network.
The default WAN is automatically generated and will suffice for most networks. For
details regarding the configuration of complex networks, on which more than one
WAN is necessary, see Adding WANs, on page 286.
Setting the Bandwidth

Correct functioning of the Accelerator’s bandwidth management and flow control
mechanisms requires you to configure an accurate bandwidth for the WAN. The
Bandwidth setting is enforced once it is set. Ensure that you set the Outbound
Bandwidth for the local Accelerator. The Accelerator applies no policy for Inbound
Bandwidth unless otherwise specified. See Adding WANs, on page 286. Setting
inbound QoS on a link requires setting the Bandwidth of the inbound link. For more
information see Setting Inbound QoS, on page 223.
Configuring the WAN

In addition to Bandwidth, you can assign Links per WAN, and configure QoS
settings to be applied on the WAN level. For more information about QoS, see
Applying QoS, on page 197.
To carry out basic WAN configuration, use either the Setup - Basic menu in the
WebUI, or the Setup Wizard. For more information on WAN Bandwidth and Links,
see Setting Advanced Parameters, on page 285.

Configuring Secondary IP Addresses 77
Configuring Secondary IP Addresses

You can set on the Accelerator up to 20 Secondary IPs, for connection to multiple
subnets on the same network. Out-of-band management is set here. If Out-of-band
management is used, it is counted as one of the twenty Secondary IP addresses
available.
Starting from Version 6.1.2, you can set several IPs on the same subnet, whereas
prior to this version, a secondary IP address belonged to a different subnet.
Figure 1:My Secondary IPs Window
To set the number of Accelerators in the network:

1. In the Accelerator’s WebUI, click on Setup > My Accelerator, followed by
Secondary IP.
2. Enter the IP address and Subnet Mask to be used, select whether to advertise
the IP address and click the Add button.
3. The IP address appears in the Secondary IP List table.
4. To edit or delete an address that is in the table, highlight the row in the
Secondary IP List table, select the address, and click Edit to edit, or Delete to
delete.
R ev isi o n 3. 0
Creating and Editing Links

A Link is a logical connection between the Accelerator and a connected remote site
and its subnets. The Accelerator optimizes network performance to remote sites
with Accelerators deployed via “Accelerated Links”, and to remote sites without
Accelerators deployed via “Virtual Links”.
The Accelerator’s benefits are greatest when working with another Accelerator on
the other side.
The Accelerator can provide QoS services to Virtual Links, when no other
Accelerators are present on the remote sites.
In addition, the Accelerator enables configuration of a single “Non-link”. The Non-
link is the default link for all traffic not assigned to any known subnet or remote
Accelerator. Internet traffic is one example of traffic assigned to the Non-link. You
can manage this Non-link like any other link, and that lets you determine traffic
QoS and bandwidth restrictions for all traffic not destined for your remote networks
and Accelerators.
When a link is first created or re-established, auto-negotiation occurs between the

local and remote ends of the link and uses the inbound and outbound bandwidth
settings to determine the resources to be allocated for each link.
Studying the Links Screen, on page 79
Adding Links, on page 80
Advanced Link Configurations, on page 82
Editing Links, on page 87
Using Dynamic Bandwidth, on page 88

Creating and Editing Links 79
Studying the Links Screen

The Links screen lets you add, edit, and manage the Accelerator’s links. In addition,
the Links screen also notifies you about the acceleration status on a link by link
basis. The following statuses can be shown:
Blue check - Full Acceleration
Partial Check - Partial Acceleration (Your licence may be exceeded.
See About the AcceleratorOS License, on page 32.)
— No Acceleration. The Link is not accelerating data. This may mean
you have exceeded the bandwidth limit dictated by the licensing
agreement for the software. To check your License status see About
the AcceleratorOS License, on page 32. If this is not the case, it may
indicate a hardware problem and you should contact the customer
service desk. See Contacting TAC, on page 405 for information on
contacting the customer service department.
Figure 2: Links screen
Creating a link requires assigning a destination IP address, a link Name, and an

outbound bandwidth limit to the link.
i Note: Packet Fragmentation does not work in RTM mode.
The Status/Compression column in the Links Table reveals the status of each link.
The mouse-over callout provides further detail as to the status as follows:
R ev isi o n 3. 0
Status Description
Load Error Internal error occurred during definition of the link
in the system
Not Managed A Virtual link (no far-end Accelerator)
Inactive Remote Accelerator is not available
Trying to Connect Link id establishing a connection
Negotiating Link parameters (cache size, and so on) are
being negotiated
Accelerating Link is active and acceleration is on
Active Link is active and the link is tunnelling but not
accelerating traffic
Dropped Communication has been lost
The following sections detail the operations you can carry out via the Links screen:
Adding Links, on page 80
Advanced Link Configurations, on page 82
Editing Links, on page 87
The CLI procedure for adding and editing links is the same as for creating the first
link. For more information, see Link Commands, on page 440.
Adding Links
Add links to the Accelerator via the Setup - My Links menu. Note that TCP port
1928 is needed for establishing a connection between Accelerators. Ensure that
this port is not blocked by a firewall that is installed between the Accelerators.
Note: When configuring a link, it is advised to set a link metric (in the Advanced
i
menu) for it, which is the actual metric for all the link’s subnets, with the exception
of excluded Subnets. If you do not set a link metric for the link, the system
automatically sets a default for the link, which is the current maximum metric +10,
starting from 11. Also note that changing the local link metrics or the metrics for
redistributed routes on the router, may cause clear traffic to exit the Accelerator
even if you are using IPSec enabled links with a Crypto mode configured as Strict.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab, and then the My Links menu.
The Links screen opens by default. See Figure 3.

Figure 3:Links Screen

2. Set the basic link properties, as follows:
Property Description
Source IP IP address of the sending device.
By default, the Accelerator’s primary IP is displayed. You can either
leave this choice or select another source IP address. The Source IP
field, lets you define a source IP for each new link you create, and also
changes the source link while the link is active. In addition, you may
use a virtual IP address for redundancy purposes. In this case the
virtual IP will be a link which, in the case of machine failure, will be
redirected to another machine, unlike a link whose source is a primary
IP address. The valid link source IPs are as follows:
• Primary IP
• Secondary IP
• VLAN IP
• HSRP IP
• VRRP IP
For more details see Using a Virtual IP Address, on page 89.
Name Set a name for the link to let you identify the link in the future. Up to 32
characters, no spaces.
Destination IP IP address of the remote device.
Bandwidth Set the link’s bandwidth, namely: the maximum throughput allowed to
traverse the link.
IPComp IPComp encapsulation enables the best compression rate. IPComp
encapsulation (tunnelled encapsulation) defines complete
compression of the packets intercepted by the Accelerator. This
means that the IP header, the TCP/UDP header and the payload are
compressed and the packet traversing the network will have an
Accelerator-proprietary IPComp header.
R ev isi o n 3. 0
Property Description
Router Transparency In Router Transparency encapsulation, only the packet’s payload is
(RTM) compressed, leaving the original IP header and the original TCP/UDP
header in their original forms so that their information is available
across the network.
Router Transparency encapsulation is appropriate in an environment
where header preservation is necessary, including QoS deployments,
monitoring (NetFlow), load balancing, billing, encryption, MPLS
networks and certain firewall environments.
RTM support for On-LAN deployments is available in AcceleratorOS
5.0(6) and higher.
UDP UDP encapsulation allows for more compatibility with firewalls that use
encapsulated packets.
Note: If you leave the Source IP field empty, the default value is the
i
machine’s primary IP address.
3. If you are finished, click the Add button.
For particularly complex networks, the Accelerator enables advanced link

configuration, as shown Advanced Link Configurations, on page 82.
Advanced Link Configurations

To set additional advanced configuration settings:
1. Click Setup>My Links>Links.
2. Click the Advanced button.

3. Open the different sections by clicking on the + sign next to the section title. After
you have made changes, save the settings by clicking Submit and then click
Back to Links to return to the My Link screen. For Advanced Configuration
options using the CLI, see Additional Commands, on page 564. See the following
table for specific parameter information:
Section/Parameter
Description
Title
Use the Parameters section to edit parameters such as Link Name,
Parameters Destination IP, Source IP, Link Metric, Bandwidth Out and MTU
(Maximum Transmission Unit).
Link Name Supply a logical name for the link
Source IP Enter the IP address of the Accelerator that you are configuring or
another source.
Destination IP Enter the IP address of the destination Accelerator. This is the
Accelerator the source will establish a connection with.
Bandwidth Out Select an Outbound Bandwidth. Choose one from the scroll down
menu, or select Other and supply your own.
Bandwidth In Select an Inbound Bandwidth. Choose one from the scroll down menu,
or select Other and supply your own.
MTU Maximum Transmission Unit. This is the largest packet size (in bytes)
that will be transmitted. Accepted values are 68-6000 bytes.
Metric The actual metric for all the link’s subnets, with the exception of
excluded Subnets. If you do not set a link metric for the link, the system
automatically sets a default for the link, which is the current maximum
metric +10, starting from 11. Also note that changing the local link
metrics or the metrics for redistributed routes on the router, may cause
clear traffic to exit the Accelerator even if you are using IPSec enabled
links with a Crypto mode configured as Strict.
WAN Assigns the link to work on a specific pre-defined WAN. To choose the
WAN, use the scroll down menu. To create a WAN, see Adding WANs,
on page 286.
Fragmentation Select this check box to use fragmentation on packets larger than the
amount of bytes that you enter into the field. Check the box and then
put the byte amount in the field, as long as it is within the accepted
range (68-6000).
Aggregation Select this box to aggregate packets smaller than the amount of bytes
you enter in the field. Check the box then put celibate amount in the
field, as long as it is within the accepted range (68-2500).
Use the Acceleration section to define whether to accelerate the link
Acceleration and to use header compression
Accelerate Select the check box to accelerate the link, clear the check box to not
accelerate the link.
Header Compression Check the Header Compression checkbox to compress the header,
clear the checkbox to not compress it.
R ev isi o n 3. 0
Section/Parameter
Description
Title
Use the Tunneling section to define parameters such as the
Tunneling encapsulation type, preservation and checksum
Encapsulation Choose the encapsulation type - IPComp, UDP, or Transparent. If
choosing UDP, enter the destination and source port IP addresses in the
relevant fields.
System Encapsulation Choose Auto, IPComp, or UDP. If choosing UDP, enter the destination
and source port IP addresses in the relevant field.
ToS Type of Service - select either Preserve to preserve the ToS value, or
Set to pick your own and put this value in the field.
TTL Preservation Preserves the TTL information as used in the original packet header
before it was compressed. Check to enable, clear to disable.
Ports Preservation Preserves the port numbers used in the packet header. Note that if you
selected UDP encapsulation the port information you entered (above)
for UDP will not be used.
SRC Preservation Preserves the source information. Note that if you selected UDP
encapsulation, the source information you entered for UDP (above) will
not be used.
Include checksum When selected, includes checksum information within the compressed
packet header. Check to enable, clear to disable.
In the TCP Acceleration settings section, select whether to use the
Global TCP acceleration settings or Link Specific. In addition, you need
TCP Acceleration to input the Typical Acceleration Rate, as well as choosing the type of
Congestion Control you want to use.
TCP Acceleration To have TCP Acceleration on a specific link, choose Link Specific,
otherwise choose Global.
Typical Round Trip The round trip time is the amount of time for one packet to travel from
an Accelerator to a destination and back. Choose Auto to allow the
Accelerator to automatically adjust, or choose Other and input a time
amount in milliseconds in the field.
Typical Acceleration The rate is the rate at which the TCP sender injects packets into the
Rate network.

Section/Parameter
Description
Title
Congestion Control Choose from one of the following:
• None—no congestion avoidance is used
• Standard—the congestion avoidance conforms to the standard
TCP/IP protocol (Reno)
• Vegas—TCP Vegas reduces latency and increases overall through-
out, by carefully matching the sending rate to the rate at which
packets are successfully being transmitted by the network. The
Vegas algorithm maintains shorter queues, and is therefore suitable
either for low-bandwidth-delay paths, such as DSL, where the
sender is constantly over-running buffers, or for high-bandwidth-
delay WAN paths, where recovering from losses is an extremely
time-consuming process for the sender. The shorter queues should
also enhance the performance of other flows that traverse the same
bottlenecks.
• Hybla—reduces penalization of TCP connections that incorporate a
high-latency terrestrial or satellite radio link, due to their longer
round trip times. It consists of a set of procedures which includes,
among others:
- An enhancement of the standard congestion control algorithm
- The mandatory adoption of the SACK policy
- The use of timestamps
In the TCP Acceleration Advanced section, select the type of
TCP Acceleration acceleration you want to implement (Global, link specific, or none). If
Advanced you choose link specific, you will need to fill in additional fields.
Send Window Size Restricts the size of packets sent to X amount (if entered) before
sending an ACK request. You can either select Other and enter your
own amount, or select Auto and the value will dynamically change
depending on network and bandwidth conditions.
Receive Window Size Restricts the size of packets received to X amount (if entered) before
sending an ACK request. You can either select Other and enter your
own amount, or select Auto and the value will dynamically change
depending on network and bandwidth conditions.
Acknowledge Packet Enter the number of packets that will be sent before an ACK request is
Rate sent to the destination. Choose a value between 2-8 packets.
Keep Alive Check this checkbox to enable Keep Alive, which ensures that the
connection will not close until the time out interval has passed.
Keep Alive Time This value determines how long to wait before sending out the first
message. Choose a value between 1-10000 seconds
Keep Alive Direction LAN, WAN or both
Keep Alive Probes This value determines how many times a keep alive message will be
sent. Choose a value between 1-10000 probes.
Keep Alive Interval This value determines the waiting time between messages. Choose a
value between 1-500000 seconds.
R ev isi o n 3. 0
Section/Parameter
Description
Title
In the Post Acceleration Aggregation section, select whether to
enable the Default class, a User Defined class, or the Thin client class,
Post Acceleration which can be set on a per link basis. Each link can have aggregation
Aggregation acceleration enabled or disabled independently of other links. The
values you set here
Status Shows the PoA status. Select Enable to enable, Disable to disable.
Threshold Sets the targeted size of the aggregated packet. PoA will not output
packets that are not at least the threshold byte size. It will queue the
packets until the threshold is reached or the window size has been
reached. Select Auto to have the Accelerator automatically select the
threshold or select Other to input your own value in the field as long as
it is within the acceptable range 40-3000 bytes.
Limit Defines the maximal size a packet can be (in bytes) and still be eligible
for PoA. Any packet greater than this amount is not aggregated. Select
Auto to have the Accelerator automatically select the limit or select
Other to input your own value in the field as long as it is within the
acceptable range 40-3000 bytes
Window Size This dictates how long the PoA will hold the packets in the queue (in 10
millisec units). Small packets enter PoA queues and wait there until
either the aggregate packet becomes large enough (i.e. reaches the
threshold size), or too much time elapses (window size * 10 ms). When
either of these limits is reached, the packet is released. Select Auto to
have the Accelerator automatically select the size or select Other to
input your own value in the field as long as it is within the acceptable
range (between 10 and 1500 msecs).
In the Bandwidth Adjustment section, select the Enable Bandwidth
Bandwidth Adjustment check box and fill in the percentage and interval rates. For
Adjustment details see Using Dynamic Bandwidth, on page 88
Enable Bandwidth Select the checkbox to enable, clear to disable.
Adjustment
Minimal Bandwidth Defines the minimum value to which the bandwidth will be reduced as a
result of congestion. This value is calculated as percentage of the user-
defined outgoing bandwidth size. Default: 50%.
First Decrease Rate Choose from the drop-down box Other to enter a percentage of
reduction, or select None.
Increase Rate Defines the rate by which the link’s bandwidth will be gradually restored
to its former size. Increasing the bandwidth is much less critical than
decreasing it in case of congestion, and therefore the default set of the
increase is 2%.
Increase Interval Type a time interval (1-20 seconds) which will be used to base the
increase rate. (i.e. X% every Y seconds).
Decrease Rate To detect a congestion state more accurately, set longer decrease and
increase intervals.
Decrease Interval Type a time interval (1-20 seconds) which will be used to base the
decrease rate. (i.e. X% every Y seconds).

Section/Parameter
Description
Title
In the IPsec section, select the Enable IP Sec checkbox and select a
policy name and enter a local and remote IP address. Note that IPsec
cannot be set if you do not enable IPsec and make sure that IPsec is
also enabled on the other end of the link. In addition you can also
IPsec Encryption select which IPsec policy to apply, out of the policies you configured
earlier. You will also have to include a Public IP address for the local
and remote machines. For additional details, see Configuring IPsec
Policies, on page 268.
Enable IPsec To enable IPSec, select the checkbox. To disable, clear the checkbox.
Policy Name Select the IPSec policy you want to assign to this link.
Local NAT IP Address Enter the local NAT IP address. This IP address is local to the network,
and is usually used as an internal IP address or an intranet address.
When packets are sent out of the network to the WAN, the Remote IP
address (see below) is used.
Remote NAT IP Address Enter the Remote NAT IP address. This IP address is the published,
known IP address. When packets are sent out of the network to the
WAN the local IP address (see above) is replaced with the Remote NAT
IP address.
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This
screen lets you set basic link parameters, acceleration, tunneling and TCP
Acceleration parameters for the link.
To edit an existing link:

1. In the Links table, either click the name of the link to be edited, or click the row of
the link to be edited, and click the Edit button.
2. A menu identical to the Advanced Links menu opens. For assistance on
Parameter information, see Advanced Link Configurations, on page 82. Use the
Link Subnets screen to set the link’s subnets. For configuration details, see
Configuring Remote Subnets Manually, on page 92.
3. If the connection to this link was lost because the license on the remote
Accelerator expired, you can refresh the link once the license on the remote
Accelerator has been re-established by clicking the Refresh Acceleration
License button.
4. Click Submit.
R ev isi o n 3. 0
Using Dynamic Bandwidth

The Bandwidth Adjustment section lets you define settings to detect traffic
congestion on a link, and adjust the outgoing bandwidth accordingly. This feature is
disabled by default and should be used judiciously.
The feature should be used on low to medium bandwidth links, which can suffer
from changing outgoing bandwidth.
i Note: Bandwidth adjustment is possible only on an accelerating link
The bandwidth adjustment mechanism samples internal messages (of the link’s
internal protocol). Based on these messages, the bandwidth adjustment algorithm
detects a state of congestion and decreases the user-defined outgoing bandwidth.
Once the mechanism detects that the state of congestion no longer exists, the
bandwidth is gradually restored to its user-defined size.
The bandwidth adjustment parameters are as follows:
Minimal Bandwidth—Defines the minimum value to which the
bandwidth will be reduced as a result of congestion. This value is
calculated as percentage of the user-defined outgoing bandwidth size.
Default: 50%
Increase Rate—Defines the rate by which the link’s bandwidth will be
gradually restored to its former size. Increasing the bandwidth is much
less critical than decreasing it in case of congestion, and therefore the
default set of the increase is 2%
Decrease Rate—To detect a congestion state more accurately, set
longer decrease and increase intervals
After setting all required parameters, click Submit.

Using a Virtual IP Address 89
Using a Virtual IP Address

As mentioned earlier (see On-LAN, on page 9), in the case of machine failure, a
link that uses a Virtual IP can be redirected to another machine. An example of
such a case is provided in the figure below.
Figure 4: On-LAN Deployment
The source IP (virtual IP) in the sending machine is the destination IP in the
receiving machine.
If an AcceleratorOS link is established, and the Source IP of this link is defined to
be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare
case of primary Accelerator failure, and all of this link’s services are kept. When the
primary Accelerator is available again, the link switches back to it.
R ev isi o n 3. 0
Setting Subnet Routing

To function properly, the Accelerator must correctly detect the layout of the network
to which it is connected. In other words, it must understand where the Accelerator
resides as well as all other subnets on both sides of the link that the Accelerator
should serve. In this way, the Accelerator will be able to forward the packets it
receives to the correct destination, as seen in the figure below.
Figure 5: Subnet Routing
In Figure 5 above, S1 is Accelerator 2’s direct subnet, while S2 and S3 are also
subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices
that are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to
do this, it must detect S1, S2 and S3 as subnets of Accelerator 2.
Accelerator 2 automatically detects S1 and adds it as its local subnet. You can
manually add S2 and S3 to Accelerator 2’s Subnets list, or use routing protocols to
add them dynamically. If the network supports OSPF or RIP the Accelerator can
function as an OSPF or RIP device to receive routing information. If other dynamic
protocols are in use, the Accelerator can poll routers to learn their routing tables.
Then, Accelerator 2 must advertise its subnet list to Accelerator 1, enabling
Accelerator 1 to properly route packets destined to S1, S2 and S3 to Accelerator 2
via Link 1.
Note: The Accelerator supports up to 2500 local subnets and up to 2500

i
remote subnets per link.

Setting Subnet Routing 91
Configuring Subnets Manually

If the network in which Accelerator resides does not work with dynamic routing or if
a subnet was not detected via OSPF or RIP, you will have to add and edit subnets
manually.
To add a subnet to the Accelerator:

1. Click on the following menu sequence: Setup > My Accelerator > My Subnets.
Figure 6: My Subnets screen
2. Set the parameters as follows:
Parameter
Description
Item
IP Address Set the IP address of the Subnet that is connected to the Accelerator.
Subnet Mask Set the Subnet Mask of the subnet.
Metric The metric setting defines the priority of the route or the subnet. Set a lower
number for more desirable routes. For example, on a T3 link with 1 hop, set a
low metric value, whereas on a long-haul 128 Kbps link with 8 hops you should
set a high number.
Advertise Advertised subnets are the Accelerator’s subnets that the Accelerator
broadcasts to other Accelerators when link negotiations occur. Select whether to
advertise this subnet.
By default, subnets that are manually added are advertised.
Add route rule When adding a subnet, the Add route rule checkbox lets you create a static
route rule to define how to reach the subnet. This will add an entry in the My
Routes table, which displays access to the subnet via the next hop.
Note: Once the static route is created, no connection exists between the route-
rule added and the subnet. Any change made in the one will not affect the other.
Next hop Add a next hop via which the subnet will be accessed.
Edit The Edit button lets you modify already added subnets by selecting them in the
table and clicking this button. This may be done for manually added subnets as
well as dynamically learned subnets.
Delete To delete subnets, select them in the table and click this button.
When subnets that are set to be advertised are deleted, they are removed from
all connected Accelerators.
R ev isi o n 3. 0
CAUTION! The Accelerator’s local subnet is automatically detected and added. If

!
! more than one local subnet exists, you have to add all additional local subnets.
Ensure that the local subnets appear in the Local Subnets Table. Otherwise, in a
non-link environment, the Accelerator QoS and Monitoring features will not
function properly.
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps
to edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in the Local Subnet table, and
click the Edit button.
2. Edit the IP address, Subnet mask, Metric and Advertise status as necessary
and click the Submit button.
When subnets that are set to be advertised are edited, the change is
broadcasted to all connected Accelerators:
Figure 7: Edit Subnet Details
Configuring Remote Subnets

Manually
If the Accelerator network does not work with dynamic routing, or if a remote
subnet was not detected via OSPF or RIP, you have to manually add, edit and
delete remote subnets to be advertised by the Accelerator. When adding a subnet,
you have to apply it to a specific link of your choice. The Link Subnets screen lets

Setting Subnet Routing 93
you display all subnets applied to a specific link. You can also use this screen to
add, edit and delete subnets to be excluded from the link.
To add a remote subnet to the Accelerator:

1. Click on the following menu sequence: Setup > My Links > Link Subnets.
Figure 8: Link Subnets screen

2. Set the parameters as follows, and click Add to set the parameters:

IP Address Set the IP address of the Subnet you want to connect to the Accelerator.
Subnet Mask Set the Subnet Mask of the subnet.
Exclude If a subnet has already been added, and specific IP address(es) are to be
excluded, enter the IP address and mask and select the Exclude
checkbox.
CAUTION! The Accelerator’s remote subnet is automatically detected and added.

!
! If more than one remote subnet exists, you have to add all additional remote
subnets. Ensure that the local subnets appear in the Remote Subnets Table.
Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features
will not function properly.
To delete a remote subnet:
Select a remote subnet from the table and click Delete.
To edit a remote subnet:

Select a remote subnet from the table and click Edit. The parameters you can
edit are the same described in the table above.
R ev isi o n 3. 0
Adding Static Routes

Use the following procedure to add static routes to the Accelerator. You can add
multiple static routes. The maximum is 1500. To add a dynamic route, see Setting
Dynamic Routing, on page 95.
To add a static route:
1. Click on the following menu sequence: Setup > My Accelerator > My Routes.
2. In the Dynamic Routing section, enter the subnet IP and Mask, and the next
hop to be used for accessing the subnet.
3. Click the Add Routes button.
The static route now appears in the Route Rules table. To add another route,
repeat from step 2.
4. To add additional Next hops, enter the IP address in the Next Hop table and click
Add. You can add up to 5 Next hops entries. To delete a hop, select the hop in
the table and click Remove.
5. To remove a route from the table, select the route in the table and click Delete.

Setting Dynamic Routing 95
Setting Dynamic Routing

Note: Static routes created via the My Subnets menu also appears in the Route
i
Rules table. For more information, see Configuring Subnets Manually, on page 91. Once
the static route is created, no connection exists between the route-rule added and
the subnet. Any change made in one of them will not affect the other.
Due to the continuous changes in routing and the vast complexity of collecting
necessary routing parameters, many advanced networks use dynamic routing
protocols to enable routers to exchange routing data automatically. In addition to
allowing manual routing configuration, the Accelerator supports dynamic routing
protocols, including OSPF and RIP v1 and v2 and Router Polling. Supporting
dynamic routing protocols enables the Accelerator to use alternate routes in the
event of router failure. In addition, the Accelerator learns the cost and length of
each route (per bandwidth in the case of OSPF and per hop in the case of RIP),
and can forward accelerated packets to the best router. The Accelerator can also
load-balance best routes.
A subnet whose Advertised status is manually manipulated continues to function
dynamically within the routing protocol, but maintains the manually altered
Advertising status.
The following topics are discussed in this section:
Working with OSPF, on page 95
Working with Router Polling, on page 98
Working with RIP, on page 99
Note: Once Subnets are located by using OSPF or RIP, you can perform manual
i
modifications. For example, subnets located via RIP are set by default as Not
Advertised; however, you can modify them to be Advertised subnets.
For Manual Subnet configuration information, see Configuring Subnets Manually,
on page 91.
Working with OSPF

Once the Accelerator is set to work with OSPF, it updates its routing and subnets
tables according to dynamic information coming from OSPF updates.
All local subnets detected via OSPF are automatically set to be “advertised” by
default if their metric value is between the high and the low values. Advertised
subnets are the Accelerator’s subnets, which are broadcasted to other Accelerators
when link negotiations occur.
R ev isi o n 3. 0
Figure 9: My OSPF screen
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes
Menu.
To configure OSPF:
1. Click on the OSPF button.

OSPF Model Enable or Disabled OSPF Mode.
Enabling OSPF Mode lets you configure OSPF parameters.
Disabling OSPF Mode saves any previously configured OSPF settings,
but disables OSPF capabilities.
Area ID OSPF divides its networks into areas. Therefore, you must set the
Accelerator with its OSPF area identification number, which lets the
Accelerator identify itself to local routers.
To set the Area of the Accelerator within the OSPF group, use its number
or its IP Address format number. The default is 0.0.0.0.
Low/High Determines a range of subnets to be advertised. If a subnet is between the
Locality Metric high value and the low value, it should be advertised.

Setting Dynamic Routing 97

Authentication Authentication on the Accelerator must match the OSPF authentication set
across the network.
Set the Authentication to None, Key, or MD5:
None: When no authentication is necessary to communicate with other
OSPF devices.
Key: When a non-encrypted authentication password is needed to
communicate with other devices in the OSPF network, insert the key used.
This key is a common string (non-encrypted) that must be set according to
what is set across all devices on the network using OSPF.
MD5: When an MD5 authentication password is needed to communicate
with other OSPF devices, insert the encrypted key used. This must be the
password that is set across all devices on the network using OSPF. Set
the ID number according to this authentication password’s ID number
across the OSPF network.
Neighbor IP The Accelerator automatically detects neighboring OSPF routers. If a
router was not auto-detected, you can manually add up to 20 routers to
the Neighbors Table. This is particularly important when connecting to
nonbroadcast networks, such as an Accelerator on a subnet that does not
use OSPF. This enables the Accelerator to receive OSPF routing
information from a neighboring router on a subnet that uses OSPF
R ev isi o n 3. 0
Working with Router Polling

The Accelerator’s Router Polling feature enables the Accelerator to retrieve route
rules from the router’s routing table. The Accelerator uses SNMP to collect the
router’s routing table and add it to the Accelerator’s list of routes. You can filter the
list by collecting only routes learned by specific protocols.
To configure router polling:

1. Click the following menu sequence: Setup > Networking > Router Polling.

Router Polling Enable or Disable Router Polling.
Enables the Accelerator to retrieve route rules from the router’s routing
table.
Polling Interval Sets the frequency with which the router is polled (in seconds). Default
is 180 seconds.
Primary Router IP Selects whether to use the local default gateway or to set an IP
Address address manually.
Secondary Router IP Selects whether not to use a secondary router IP address (default) or
Address to set an IP address manually.
SNMP Version Sets the SNMP version to be used for polling the router.
SNMP Community Name Sets the SNMP community to be used for polling the router.
Polling Protocols Table Lists the polling protocols used for retrieving the route rules from the
router’s routing table.
Check the checkbox of the route rule you want to apply, or click the
checkbox next to status, to select all. The following protocols are
supported:
• BBNSPFIGP
• BGP
• CISCO-IGRP
• EGP
• ES IS
• GGP
• HELLO
• ICMP
• IS IS
• Local
• OSPF
• Other
• RIP
• Static
3. After making any change, click Submit.
4. To reset the parameters back to the default value, click Set Default Values and
then click Yes, when asked to confirm.
Enabling Packet Interception 99
Enabling Packet Interception

When the Accelerator is deployed in On-LAN mode, WAN traffic must be redirected
through the Accelerator in order for it to work. To do that, one of the following
methods can be used:
Working with RIP, on page 99
Working with WCCP, on page 101
Working with PBR, on page 105
Working with RIP

Once the Accelerator is set to work with RIP, it detects all subnets (including the
Accelerator’s local network) connected to all routers on all connected networks and
adds these to the Accelerator’s subnet and route tables.
By default, all subnets detected via RIP are set to “Not Advertised”. Advertised
subnets are the Accelerator’s subnets, which are broadcasted to other Accelerators
when link negotiations occur.
Configuring RIP
Configuring RIP is accomplished via the My Routes menu.
To configure RIP:
1. Click the following menu sequence Setup > My Accelerators > My Routes.
2. Click on the RIP button.
Parameter Item
Description
RIP Mode Set RIP Mode to Enable or Disabled.
Enabled Mode allows configuration of RIP parameters.
Disabled RIP Mode saves any previously configured RIP settings, but disables
RIP capabilities.
Passive Mode Set Passive mode to Enable or Disable.
Passive mode enables RIP in a listening mode without sending updates.
Version Select the RIP version in use on the network: either RIP version 1 or RIP version
2. Note that in cases where RIP route injection is used, the RIP version should
be set to version 2.
R ev isi o n 3. 0
Parameter Item
Description
(Continued)
Authentication Authentication on the Accelerator must match the RIP authentication set across
the network.
When working with RIP version 1, Authentication is automatically disabled.
When working with RIP version 2, set the Authentication to None, Key, or MD5:
Disable: When no authentication is necessary to communicate with other RIP
devices.
Enable: When a non-encrypted authentication password is needed to
communicate with other devices in the RIP network, insert the key used. This
authentication key is a common string (non-encrypted) that must be set
according to what is set across all devices on the network using RIP.
MD5: When an MD5 authentication password is needed to communicate with
other RIP devices, insert the encrypted key used. This must be the password
that is set across all devices on the network that use RIP. Set the ID number
according to this authentication password’s ID number across the RIP network.
Neighbor IP The Accelerator automatically detects neighboring RIP routers. If a router was
not auto-detected, you can manually add up to 20 routers to the Neighbors
Table. This is particularly important if the Accelerator is on a subnet that does
not use RIP. The Accelerator can receive its RIP routing information from a
neighboring router on a subnet that uses RIP.
RIP Route Injection

RIP Route Injection adds a route rule to the router’s routing table, which forwards
all traffic from the Accelerator’s subnets to the Accelerator. The Accelerator then
returns the packets to the router after they have been processed by the
Accelerator. The routes to these subnets, set on the Accelerator, are learned by
the router during RIP negotiation.
Note: RIP must be in Active mode and set to version 2 for RIP Route Injection
i
to operate. For more information, see section Working with RIP, on page 99.
Note: For packet-interception with RIP injection, the number of injected routes is
i
as follows:

The number of injected subnets = 32 – Mask_Len

or if If Mask_Len <= 8, then the formula is:
the number of injected subnets = 32 – Mask_Len + 1

For example: for 10.0.0.0/30, 2 subnets
for 10.0.0.0/8, 25 subnets

Using RIP for Packet Interception

RIP (Route Injection Protocol) is the other method used by the AcceleratorOS to
enable Accelerators in On-LAN deployment to intercept packets from the LAN.
To use RIP for Packet Interception:

1. Click the following menu sequence: Setup > Networking > Packet Interception
> RIP.
2. In the RIP Mode drop-down menu, select Enable to enable RIP mode.
Note: If Router RIP mode is configured as Passive, you should disable Passive
i
mode in order to enable RIP mode. For details, see Configuring RIP, on page
99.
3. Select the maximal number of subnets that would use packet interception via RIP
(any number between 1 and 2500; the default is 1000).
4. Click Submit.
Working with WCCP

WCCP, the Web Cache Communication Protocol, is another way in which the router
can learn to forward all traffic from the Accelerator’s subnets to the On-LAN
Accelerator. WCCP, a protocol usually used for directing Web traffic to a local Web
Cache Server before forwarding requests across the WAN, enables the Accelerator
to receive traffic from the router. Starting from Version 6.1.2, the types of traffic
WCCP enables the Accelerator to receive are not only TCP and UDP (service
groups 77 and 78), but also other types such as ICMP, CIFS and TCP-
Promiscuous. For details, see Setting WCCP on the Router, on page 105.
By creating an IP GRE tunnel between the Accelerator and the router, the
Accelerator is able to receive and process all relevant traffic and return it to the
router before the traffic traverses the WAN, as follows:
The Accelerator is set as a WCCP device.
The router directs traffic to the Accelerator.
The Accelerator returns accelerated traffic to the router in a GRE
tunnel.
Data is removed from the GRE tunnel, and sent to its destination.
The WebUI lets you intercept packets by using either WCCP or RIP.
R ev isi o n 3. 0
Using WCCP for Packet Interception

The AcceleratorOS lets Accelerators in On-LAN deployment intercept packets from
the LAN by using either WCCP or RIP.
To use WCCP for Packet Interception:

1. Click the following menu sequence: Setup > Networking > Packet Interception
> WCCP.
Figure 10: WCCP screen

2. In the WCCP drop-down menu select Enable to enable WCCP.
Note: Enabling WCCP is relevant only with On-LAN deployment. If your currently
i
selected deployment is On-Path, please change it by going to Setup > My
Accelerator > Basic > Advanced Settings.
Use the Routers Table to add or delete routers to the list of routers to be used for
packet interception. When adding a router, you have to indicate its router ID (the
IP address used for connecting him to out network, usually the highest value
number), as well as the router status (Connected/Disconnected - indicating a
connection to the network). If you enable the WCCP Service, and do not set a
router IP address, an error will result.

3. Use the Services Table to manage the list of services to be used for packet
interception.
It displays by default all of the pre-defined services, which are as follows:
Web—all TCP traffic that is sent on port 80 (http traffic)
ICMP—Internet Conreol Management Protocol, services such as
ping, and trace-route use this protocol
UDP—all UDP traffic
TCP-Promiscuous—all TCP traffic (not port dependent) both
inbound (towards the LAN) and outbound (towards the WAN)
CIFS - WAFS—Common Internet File System all TCP traffic that is
sent on port 445.
Additional services can be added or deleted from the Services Table. The same
services must be configured on the router that is connected to the Accelerator.
4. To add a service, see Adding a Dynamic Service, on page 104. To delete a
service select the table row and click Delete. To enable or disable a service, click
the ID of the service and Parameters for the specified service opens. Change the
Service Mode to Enable or Disable. To change other parameters see Editing a
Dynamic Service, on page 105.
Note: When you enable the WCCP feature, all pre-defined services are enabled by
i
default, except for Web and CIFS. In addition, if you have multiple Accelerators
deployed on your network, the same WCCP services should be enabled on each
appliance.
R ev isi o n 3. 0
Adding a Dynamic Service

To add a WCCP Dynamic Service:
1. In the Services Table header, click the Add button.
Figure 11: WCCP Services screen
The Parameters box lets you configure the following parameters:

Service ID - any number between 0 and 254 (configurable only on
dynamic services; this number is not editable on pre-defined
services).
Protocol ID - any number between 1 and 255 (again, configurable
only on dynamic services).
Priority - any number between 0 and 255 (default: 100).
Weight - used for load balancing. If you have one or more
Accelerators that share the router to which your Accelerator is
connected, you can use this field to instruct the router what
percentage of the traffic that uses this service is to be directed to
the current Accelerator (default: 100).
Port Direction - lets you set the port direction used for carrying
out load balancing through Hash. This load balancing is configured
in the router, according to either subnets (IPs) or ports. This box
lets you only enable the Hash-assisted load balancing, through the
Destination/Source IP, Port or both.
Password - lets you enter a password for using the service. The
next time your Accelerator synchronizes with the router, the router
reads this password and prevents unauthorized access to this

service’s traffic.
2. Use the Ports Table to add a port (optional).
3. Click Submit.
Once the new dynamic service is added, you can add it like any other WCCP
service. See Editing a Dynamic Service, on page 105.
Editing a Dynamic Service

To edit a WCCP service:
1. In the Services Table, click the number (ID) of the service you want to edit, in the
ID column of the row of this service (for example, ID 52 in the UDP row).
2. In the Edit WCCP Service screen that appears now, edit the service’s various
parameters. As mentioned earlier, the Service ID and Protocol ID parameters can
be edited only in dynamic services. For explanation of the Parameters see
Adding a Dynamic Service, on page 104.
3. Click Submit.
Setting WCCP on the Router

Using WCCP requires you to configure WCCP to work on the network’s router
using the same service settings (the port numbers in the Accelerator must be
identical to the Router on a per service basis). You can use CLI commands to
configure WCCP on Cisco routers. For more information, see the Configuration
Guide supplied with your router. You can use CLI commands to configure WCCP
on the Accelerator. When configuring WCCP on multiple appliances, make sure
that the WCCP services on each Accelerator is identical. See WCCP Commands,
on page 462.
Working with PBR

Policy Based Routing, or PBR is used for intercepting traffic in an On-LAN
deployment scenario. It is defined on the router and not on the Accelerator. Check
your router’s documentation for further assistance.
R ev isi o n 3. 0
Setting the Date and Time on the

Accelerator
You can alter the time setting manually, or set it to receive time synchronization
from a Simple Network Time Protocol server (SNTP).
To set the Accelerator’s date and time:

1. Click on the Setup tab, and then the My Accelerators tab, followed by the Date
and Time menu.
2. Select a time zone that matches the location of the Accelerator using the Time
zone drop-down box. If you need help locating the time zone in which your
Accelerator resides, go to http://www.worldtimezone.com/ and there is a map
that can help you.
3. Select how you want to enter the time and date. Select from one of the following
radio buttons:
Date and Time—to enter the setting manually. or For manual time
settings, fill in the local time and date fields. If you decide to enter
the time and date settings manually and there are either date or
time changes (as in Daylight savings time) you will have to return
to this menu and update accordingly,
Use SNTP—to have the server update the Accelerator
automatically. Enter the server IP address and the frequency with
which the server is to be polled for time updates.

Configuring DHCP Servers 107
Configuring DHCP Servers

Managing the DHCP servers on your system requires a configuration file. By
default, the DHCP server is disabled. To enable it, you have to download the
sample DHCP configuration file and save it on your system. When you have a
configuration file, you can either use the current file or customize the file and then
upload the customized file.
To display the lease data of a selected IP address:

1. In the Accelerator WebUI, Click on the Setup tab, and then the Networking tab,
followed by the DHCP menu.
2. In the DHCP Server field, set the status to Enable.
3. In the Lease section, enter an IP address of your choice and click the Show
Lease button. The host name, IP address and expiry date are displayed on the
screen.
Activating DHCP Relay Agent

The DHCP relay agent allows placing DHCP clients and DHCP servers on different
networks, thus solving the problem that arises because DHCP broadcast messages
do not, by default, cross the router interfaces, without using the costly solution of
placing a DHCP server on each network segment.
Choosing the DHCP relay agent solution lets you use fewer DHCP servers and
place these machines in central locations. To solve the problem of DHCP broadcast
messages, you can configure the routers to pass DHCP/BOOTP messages
selectively, a process known as BOOTP relay.
A router or Accelerator that carries out DHCP relay does not just forward BOOTP
broadcast messages, but actually examines the packet, makes appropriate changes
to it, and only then relays the packet to a DHCP server. The DHCP server to which
the packet is relayed is configured by adding a Helper Address on the router or an
IP address under the local interface of the Accelerator.
The relay agent communicates with a DHCP server and acts as a proxy for DHCP
broadcast messages that need to be routed to remote segments. Like the router-
based BOOTP Relay Agent, the DHCP Relay Agent is configured with addresses of
DHCP servers to which they should relay the DHCP message. The DHCP Agent
communicates with the DHCP server by using unicast communications instead of
broadcast messages. Therefore, the Agent’s requests can be routed to a server on
a remote network, regardless of segment boundaries.
R ev isi o n 3. 0
Setting ExpandView Connectivity

Parameters
Registered users of ExpandView enjoy the benefit of having ExpandView
automatically discover a new registered Accelerator as soon as a link to that
Accelerator is established. However, if the default settings of ExpandView are
changed (for example, port), or if the auto-discovery fails, you have to update the
ExpandView agent’s parameters accordingly.
Figure 12: ExpandView Parameters screen
To define ExpandView Connectivity parameters:

1. Click the following menu sequence: Setup > My Accelerator > ExpandView.
2. In the ExpandView menu, select the Enable ExpandView Agent box.
3. Enter the ExpandView Server’s IP address and port number.
4. Click the Submit button to submit the registration request.
If all parameters were entered appropriately, the Status line now displays the
current status (Enabled / Disabled).

Chapter 5: Configuring and Managing WAFS
This chapter introduces you to the Wide Area File Service feature and shows you
how to use it and manage it to streamline your business while maintaining control
over important company documents.
Topics covered in this chapter include:
Introduction to WAFS, on page 110
Getting Started with WAFS, on page 114
Enabling WAFS Configuration, on page 115
Configuring the Data Center and Branch Office, on page 123
WAFS Management and Operation Modes, on page 132
Managing the Data Center, on page 137
Setting Advanced FileBank Features, on page 151
Replication Service, on page 155
Printing Services for the FileBank, on page 164
Using WAFS Printing Services, on page 174
WAN-OUT Operation, on page 176
DNS Masquerading, on page 180
Monitoring WAFS Functionality, on page 185
Troubleshooting, on page 187
110 C h ap t er 5: Configuring and Managing WAFS
Introduction to WAFS
WAFS stands for Wide Area File Service, namely: remote users who access files
over a WAN, such as branch office or mobile users accessing centralized storage.
Such users often experience poor performance when trying to access files that are
stored in a central location.
Expand Networks’ WAFS solution allows users fast and efficient access to
centralized storage by using intelligent, dynamic caching.
Note: This feature is only supported on Accelerators with a hard drive. If your
i Accelerator does not have a hard drive and you want to have WAFS functionality,
contact your supplier.
Expand Networks’ WAFS Solution

Designed specially for distributed organizations, Expand's intelligent, dynamic
caching solution allows users fast and efficient access to centralized storage.
Expand enables global and fully secure direct file access to users at multiple sites,
as if they were at the same site as the files, eliminating the need for local file
servers and unreliable backup procedures.
By consolidating corporate resources, IT managers regain total control of
enterprise-wide storage, eliminating the cost and complexity associated with remote
system administration, replication, backup and maintenance.
Figure 1:WAFS Solution diagram

Introduction to WAFS 111
The corporate Data Center is equipped with an Expand FileBank Director, and each
remote site (requiring access to the center) is equipped with an Expand FileBank.
Once these hardware devices are installed, branch office users can immediately
work with files located in the Data Center, with the same speed level and efficiency
as if they were working on their local file server.
Expand uses a patent-pending file system technology that allows direct access to
files located in distributed file storage architectures throughout the enterprise.
Network architecture can be deployed as a private network of leased lines, or a
virtual private network (VPN) that utilizes the public Internet in a secure way.
Expand provides the following features and benefits:
Centralization of storage and backup resources
Synchronous, reliable file operations
LAN-like performance
WAN Consumption optimization
Ease of installation and management
Seamless integration
Native security support
Many-to-many architecture
Integrated Branch IT Services
High resilience
Expand's pass-through authentication technology seamlessly ensures enforcement
of enterprise policies such as user authentication, access rights verification and
quota management support.
Expand devices use regular LAN and power connections. Configuration is simple,
and no infrastructure changes are required. No client software is installed on the
Data Center file servers or on any of the remote office workstations.
R ev isi o n 3. 0
Supported Servers
File Servers
Microsoft Windows® NT Server 4.0 SP3 and above
Microsoft Windows® 2000 Server
Network Device Filer series (ONTAP 6.x & 7)
Authentication Servers
Windows NT Server 4.0 Primary Domain Controller (PDC)
Windows NT Server 4.0 Backup Domain Controller (BDC)
Windows 2000 Server Active Directory Domain Controller
Windows 2003 Server Active Directory Domain Controller
Supported Clients
Microsoft Windows® NT Workstation 4.0
Microsoft Windows® 2000
Microsoft Windows® XP Professional
Expand Hardware Device Specifications

The Expand solution is available as an installed device (FileBank Director and
FileBank).
When planning the hardware specification for the FileBank and FileBank Director,
disk capacity is an important consideration, especially in consolidation
environments. Most of the device disk capacity is allocated for maintaining the
cache optimization state.
In general, the chances that a file is available on a FileBank cache improve with
cache partition size. However, because the cache is merely an optimization layer
(meaning, the files are always available on the file server), its size does not have

Introduction to WAFS 113
to be equal to the size of the total data set. Various approaches exist for estimating
optimum FileBank disk capacity, the most common of which are as follows:
Complete data set size (migrated from the legacy file server)
Working set size (for example: 30% of complete data set)
Per number of branch users (for example: 0.5GB x number of branch
users)
The FileBank Director is connected On-LAN to the file servers, and
therefore its cache state is less critical than that of the remote branch
FileBank, which is connected over the narrow-bandwidth, high-latency
WAN. FileBank Director disk capacity planning should take into
account the percentage of data that is shared between branches (that
is, the level of inter-branch collaboration), and a size estimation of the
working set. As a rule of thumb 10-20% of the accumulated branch
FileBank cache is sufficient. Both FileBank and FileBank Director
employ LRU (Least Recently Used) cache management, so a
dynamic, working-set cache is always maintained.
Domains
The FileBank acts as a server in the Windows Domain hierarchy. Windows Clients
at the remote office will see the FileBank as part of this domain when connecting to
the network, and after appropriate mapping.
When configuring the FileBank for the first time, you are asked which domain to
join, so obtain the domain name in advance. In order to perform the join operation,
a user with sufficient access rights is required, namely: a user that is part of the
domain administrators’ group.
Authentication
Identify the name of the authentication server. The authentication server must be a
Windows NT/2000/2003 server that can authenticate users accessing the domain
(Windows NT v4.0 Primary/Backup Domain Controller or Windows 2000/2003
Active Directory Server).
Note: You are advised to utilize the domain controller of the local remote branch
i office, when applicable.
R ev isi o n 3. 0
Getting Started with WAFS
Overview
The main steps for configuring the Data Center are as follows:
1. Enabling WAFS Configuration, on page 115 - to prepare the Accelerator for
WAFS Services.
2. Configuring the Data Center and Branch Office, on page 123 - to specify the file
bank and file bank director
3. Viewing the License Status, on page 34 - to verify you have a WAFS license.
4. FileBank Categories, on page 134- to start the WAFS service
Note that the order that these steps are taken does matter and performing these
steps out of sequence may result in the WAFS services not running. Make sure
that you finish a step before proceeding to the next one.

Enabling WAFS Configuration 115
Enabling WAFS Configuration

There are three steps that need to be done in order to enable WAFS configuration:
Configuring the File Server/Domain Controller, on page 115
Defining Network Settings, on page 117
Enabling WAFS Operation Mode, on page 120
Configuring the File Server/Domain

Controller
Configuration of the File Server/Domain Controller consists of the following steps:
Defining the shared directories on the File Server, from which remote
and local users can access files
Changing the Login scripts (if any are used within your organization)
Defining Shared Directories

To let users access a specific shared directory:
1. Right-click the folder you want to share (using Windows Explorer, My Computer,
or any other Windows convention) and select Properties and the New Share
Properties dialog box opens.
R ev isi o n 3. 0
Figure 2: New Share Properties dialog box

2. Click the Sharing tab and define share properties.
3. Repeat this procedure for all directories you want to share.
Defining User Permissions

To define which users can access the shared
directory:
1. Click the Permissions button on the Share Properties dialog and the
Permissions for New Share dialog box opens.

Figure 3:Permissions for New Share

2. Add the users who are allowed to access the shared directory and define
permissions for each user.
3. Click OK and proceed to the next step, Defining Network Settings, on page 117.
Defining Network Settings

To define the network settings, use either the Accelerator 6940 front-panel LCD or
the CLI command line.
Note: AcceleratorOS v6.xx should be displayed, where xx is the maintenance

i release number (for example 6.00) in addition to a status display (Ready, By-
pass, or various error messages.).
To prepare the Accelerator to work in WAFS mode:
Follow these steps to establish the WAFS services:
1. Log in to the AcceleratorOS WebUI.
2. Enter the setup wizard.
The AcceleratorOS setup wizard appears:
R ev isi o n 3. 0
Figure 4: Setup Wizard
3. If you do not intend to define a link on this device (namely, to use the device as
an Accelerator), press Cancel and continue with the FBD configuration.
4. In the dialog box that appears, click OK to confirm the closure operation.
5. In the Basic tab of the My Accelerator screen, fill-in the device name as shown
below and click Submit.
Figure 5:My Accelerator screen

6. Move to the Time tab to enter your local time settings. You are advised to set the
Accelerator’s time and date manually (default).

Figure 6: Accelerator Time

7. Select Setup > Networking, and then go to the DNS tab. This tab lets you
configure the domain name server.
Figure 7: DNS Configuration

8. Fill-in the domain name in the Domain Name field.
9. In the Domain Name Table pane, click Add to add the domain name.
R ev isi o n 3. 0
In the dialog box that opens now, enter the domain name(s) for the servers in the
order of preferential usage and click Submit.
10. Select the IP Domain Lookup type as Enable.
11. Type the domain name server IP address in the field and click Apply.
Enabling WAFS Operation Mode

To enable the WAFS Operation Mode:
1. Select Services > WAFS.
2. Select File-Bank Director as WAFS operation mode, as shown below:
Figure 8: WAFS Services menu
3. Click Submit.
4. Use the dialog box that appears now to confirm the creation of the WAFS
service.
5. The next dialog box prompts you to execute write configuration and perform
reboot to enable creation of WAFS service.
6. Click OK and then click the Write command at the top of the screen (encircled
below):

Figure 9:Web Page dialog box
7. Click Close.
8. Select Tools > General Tools and click the Reboot button to apply your new
settings.
9. In the dialog box that appears now, click OK to confirm the reboot operation.
Figure 10: Confirm Reboot
R ev isi o n 3. 0
Excluding Servers or Subnets from

WAFS
It is possible to exclude specific servers or subnets from receiving the benefit of
WAFS services.
To exclude servers or subnets:

1. From the Services Menu, click WAFS, then click Exclusion
2. In the Exclude by field select: IP address, Subnet, or Host name.
3. Select either client or server side.
4. Enter a valid IP address and click Add.
To delete an entry in the exclude table:

1. Select the row of the entry.
2. Click Delete.

Configuring the Data Center and Branch Office 123
Configuring the Data Center and

Branch Office
There are two components to the Data Center: the File Bank Director, and the File
Bank. When put on the network, they work together to create a virtual file server
system, in order to accelerate company file sharing as shown in the diagram below.
The WAFS screen lets you view the current WAFS operation mode: either FB
(FileBank) or FBD (FileBank Director).
In addition, this screen lets you select whether to enable WAFS transparency. If you
enable this feature, the FB will poll the FBD for all file servers it recognizes, as well
as each server that is added or removed. All IP addresses of these file servers are
resolved, and all traffic destined to the servers is redirected to the Accelerator.
In order for the data center to function, the following steps need to be done:
Setting Up the File Bank Director, on page 123
Setting Up the File Bank, on page 126
Setting Up the File Bank Director

You should run the Setup Wizard prior to activating the FileBank Director, as part of
the initial FileBank Director installation. You can later use the FileBank Director
Administration GUI for modifying any of the installation parameters.
The Setup Wizard lets you set up FileBank Director in several simple steps. (In the
last step, you have the option of modifying parameters before accepting them.)
To run the setup wizard for the File Bank Director:

1. Make sure you are logged into the machine you want to set as file bank director.
2. From the AcceleratorOS Home Page, select Services > WAFS.
3. In the WAFS Operation Mode field, choose File-Bank Director from the drop-
down menu.
4. You will notice that the WAFS Configuration button is now enabled. Click this
button to enter the WAFS Management screen.
Note: WAFS Management is a pop-up window, and therefore you need to allow
i blocked content (pop-up) to be able to display it.
R ev isi o n 3. 0
Figure 11: WAFS Setup Wizard
5. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The
wizard has the following screens:
File Server Settings, on page 124 - the one that is open now
Summary, on page 125
Confirmation and Application, on page 126
6. Proceed to the next section, File Server Settings, on page 124.
File Server Settings

In this section you will set the Domain Settings.
File Server Name Here
Alias Here
Figure 12: Setup Wizard’s File Server Settings screen

To set the File Server settings:

1. In the fields indicated in the window above, Type in the names of the servers and
their aliases. The alias field is optional. When an alias is not defined for a file
server, the default alias will be the FileBank Director’s host name.
2. Click Next >> to proceed to the next section, Summary, on page 125.
Summary
In this section you see the settings that you made from the previous section, File
Server Settings, on page 124, as shown here in the diagram.
Figure 13: Summary section
At this stage the wizard displays a summary of all parameters entered during setup,
prior to applying them to the FileBank Director.
To confirm the settings:

1. Review the list for any possible errors. If you see an error, click Setup Wizard
and make necessary changes.
2. To accept all parameters and configure the FileBank Director device, click Apply.
3. Proceed to the next section, Confirmation and Application, on page 126.
R ev isi o n 3. 0
Confirmation and Application

The following screen appears to allow you to restart the Accelerator and apply the
settings.
Figure 14:Wizard Summary screen
To apply the settings:

1. To apply the settings, click Restart. To confirm all changes have been made
successfully, a confirmation screen appears.
Figure 15: Confirmation screen

2. Make sure you have a valid WAFS FB license as explained in Viewing the
License Status, on page 34.
3. Once the license is installed go to the machine that will be the File Bank and
follow the directions as described in Setting Up the File Bank, on page 126.
Setting Up the File Bank

You should run the Setup Wizard prior to activating the FileBank, as part of the
initial FileBank configuration. You can later use the FileBank Administration GUI for
modifying any of the installation parameters.

The Setup Wizard lets you set up a FileBank in several simple steps. (In the last
step, you have the option of modifying parameters before accepting them.) Once
Setup is complete, make sure you have a valid FB license. To check if the license
is valid, see Viewing the License Status, on page 34.
Overview
To configure the branch office:
1. Connecting the FileBank device to the branch office LAN.
2. Setting up the FileBank device. For details, see Setting Up the File Bank, on page
126.
3. Configure the client computers.
To run the setup wizard for the File Bank:

1. Make sure you are logged into the machine you want to set as file bank.
2. From the AcceleratorOS Home Page, select Services > WAFS.
3. In the WAFS Operation Mode field, choose File-Bank from the drop-down menu.
4. You will notice that the WAFS Configuration button is now enabled. Click this
button to enter the WAFS Management screen.
Note: WAFS Management is a pop-up window, and therefore you need to allow
i blocked content (pop-up) to be able to display it.
Figure 16: Setup Wizard
R ev isi o n 3. 0
1. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The
wizard has four main screens:
File Server Settings, on page 124
File Bank Director Settings, on page 129
Summary, on page 125
Confirmation and Application, on page 126
2. Proceed to the next section, File Server Settings, on page 124.
Domain Settings
In this section you will set the Domain Settings.
Figure 17: Domain Settings
To set the domain settings:

1. After the screen appears, fill in the fields with the correct information as shown
below:
Windows Domain—this is the domain that you will use to connect
to the File Bank. You will need to have administrator’s username
and password in the screen that follows (see Summary, on page
130) in order to set this parameter.
Authentication Server—supply the name of the domain controller.
Make sure the name you use is known to the DNS.
Virtual Server Prefix—If you are not using WAFS transparency,
you should add a prefix to the server’s name so that all requests to
the file bank (FB) are directed to the VFS and not to the actual
server. You may also add a suffix. Note that this prefix is added to
all servers.

Virtual Server Suffix—If you are not using WAFS transparency,

you should add a suffix to the server’s name so that all requests to
the file bank (FB) are directed to the VFS and not to the actual
server. You may also add a prefix. Note that this suffix is added to
all servers.
2. Once you have filled in these fields, click Next >> and proceed to the next
section, File Bank Director Settings, on page 129.
File Bank Director Settings

In this step, you define the file servers to be exported by the FileBank Director.
Figure 18: FileBank Director Settings screen
To indicate the File Bank Director:

1. This step is critical because it will indicate to the File Bank which server or
servers are to be the File Bank Director. Type in the names of the file bank
director you indicated in File Server Settings, on page 124 and in the order
indicated. If you mismatch these settings it may have an effect on user
performance.
2. Click Next >> to proceed to the next section, Summary, on page 130.
R ev isi o n 3. 0
Summary
Figure 19:Summary
At this stage the wizard displays a summary of all parameters entered during
setup, prior to applying them to the FileBank Director.
To confirm your settings:

1. Review the list for any possible errors.
2. To accept all parameters and configure the FileBank Director device, click Apply.
3. Proceed to the next section, Confirmation and Application, on page 130.
Confirmation and Application

The following screen appears to allow you to restart the Accelerator and apply the
settings.
Figure 20:Confirmation

To apply your settings:

1. In order to assure that the File Bank is joined properly to the Windows domain
that you set in Domain Settings, on page 128, the user that has administrative
rights to the Windows domain should enter his/her username and password and
click Join.
2. To apply the settings, click Restart. To confirm all changes have been made
successfully, a confirmation screen appears.
Figure 21: Successful Installation

3. Go to the next section, WAFS Management and Operation Modes, on page 132.
R ev isi o n 3. 0
WAFS Management and Operation

Modes
This section describes the management and configuration of the WAFS service
under FileBank and FileBank Director operation modes.
The following topics are discussed:
The WAFS Management Screen, on page 132
FileBank Categories, on page 134
FileBank Director Categories, on page 133
The WAFS Management Screen

In general the WAFS Management screen will look the same from both WAFS
operation modes (FileBank or FileBank director). Unless indicated, the features
described within will be for both modes. The WAFS Management screen is divided
into the following sections:
Status Bar—along the top
Navigation Pane—on the left
Workspace—the main area, on the right
Clicking a selection from the navigation pane opens the relevant page in the
workspace. The navigation pane is divided into the following main categories:
System—for detailed description, see Setting Up the File Bank
Director, on page 123 and Setting Up the File Bank, on page 126.
File Services—for detailed description, see section Managing File
Services, on page 138
Additional Services—(FileBank Operation mode only) for a
detailed description, see Configuring Additional Services, on page
164
Utilities—for detailed description, see section FileBank Utilities, on
page 136

WAFS Management and Operation Modes 133
Figure 22: WAFS Management screen
FileBank Director Categories

The following sections describe the WAFS management screen work categories, as
viewed when the WAFS operation mode is FBD (FileBank Director):
FileBank Director System, on page 133
File Services, on page 133
FileBank Director Utilities, on page 134
FileBank Director System

The System category includes the following subsections:
Setup Wizard—lets you set up FileBank Director in several simple
steps. Once Setup is complete, the FileBank Director can function.
You should run the Setup Wizard prior to activating FileBank Director.
All parameters set via the Setup Wizard can be modified within the
GUI. For more information, see Setting Up the File Bank Director, on
page 123.
Boot services—lets you control FileBank Director service and device
status. Controlling the service status lets you start, stop or restart
FileBank Director service. Controlling the device status lets you reboot
or shut down the FileBank Director device. For more information see
Managing the Data Center, on page 137.
File Services
This section describes the following functions offered by FileBank Director:
R ev isi o n 3. 0
FileBank Director Settings—lets you define the Listen Port

Assignments settings and set the FileBank Director ID. The TCP (data
transfer) and UDP (“keep alive”) ports are set to 4049 by default, but
can be changed if necessary.
System Users—used for managing internal users that are used by
specific Expand services (for example: Replication Service).
File Servers—to add file severs to be exported through the Expand
WAFS solution and the FileBank Director, enter the file server name,
and optionally an alias, in this screen.
Filters—allow Expand to avoid unnecessary compression attempts on
files that are already compressed, thereby improving overall system
performance.
Replication Services—the method by which the system can be set to
optimize the handling of very large files over the bandwidth-limited
WAN link.
FileBank Director Utilities

This section describes the FileBank Director utilities, which are as follows:
System Diagnostics—lets you run a diagnostic test on the FileBank
Director device to ensure that the device is working properly. The
results of the test will be displayed in the Results area of this screen.
Logs—lets you generate FileBank Director activity logs for monitoring,
optimization, and troubleshooting purposes.
FileBank Categories
The following sections describe the WAFS management screen work categories,
as viewed when the WAFS operation mode is FB (FileBank):
FileBank System, on page 134
File Services, on page 133
Additional Services, on page 136
FileBank Utilities, on page 136
FileBank System
The System category includes the following subsections:

WAFS Management and Operation Modes 135
Setup Wizard—lets you set up FileBank in several simple steps. Once

Setup is complete, the FileBank can function. You should run the
Setup Wizard prior to activating FileBank. All parameters set via the
Setup Wizard can be modified within the GUI.
Boot services—lets you control FileBank service and device status.
Controlling the service status lets you start, stop, or restart FileBank
service. Controlling the device status lets you reboot or shut down
the FileBank device.
FileBank Services
This section describes FileBank File Services functions, which are as follows:
FileBank Directors—displays the current FileBank Director(s) for the
FileBank, and lets you add or delete FileBank Directors as necessary.
Virtual Servers—lets you configure FileBank to automatically add a
prefix and/or suffix to the original file server name defined at the
FileBank Director site, to represent the local virtual server. This helps
distinguishing the local virtual server name from the Central File
Server name.
Windows Domain—lets you join the FileBank to the domain, use
domain administrator credentials (Username and Password), set the
domain name, and add or delete authentication servers.
Cache Settings—gives you cache statistics, and lets you control basic
cache functionality: cache validation frequency, and manual cache
invalidation.
Fetch Settings—lets you define which data will be fetched from the
Data Center for pre-population of the Cache. Once fetched, this data
resides in the Cache and can be accessed immediately. Thus pre-
population optimizes first-time access to this data.
System Users—lets you add and delete FileBank system users.
Filters—provides smart filters to enhance performance and bandwidth
optimization over the WAN.
Replication Services—the method by which the system can be set to
optimize the handling of very large files over the bandwidth-limited
WAN link.
Kerberos Configuration—allows nodes communicating in a non-
secure network the ability to identify each other in a secure manner.
R ev isi o n 3. 0
Additional Services
This section describes the FileBank Additional Services, which are:
Print Services—you can configure FileBank to serve as the local
branch print server. This screen lets you add network printers, view a
list of already existing printers, and delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows:
System Diagnostics—lets you run a diagnostic test on the FileBank
device to ensure that the device is working properly. The results of the
test will be displayed in the Results area of this screen.
Logs—lets you generate FileBank activity logs for monitoring,
optimization, and troubleshooting purposes.
System Statistics—displays a list of connected users, with their
Session ID, Username, Group and Machine. To update the list, use
the Refresh button.

Managing the Data Center 137
Managing the Data Center

The following topics are discussed:
Starting the Data Center, on page 137
Managing File Services, on page 138
Configuring FileBank Services, on page 145
Starting the Data Center

If you have configured the File Bank and File Bank Director and have installed the
AOS license file on each machine you will need to start the WAFS service on each.
In addition to starting the WAFS service, the following options can be performed:
Start or Stop the File Bank Director Service
Restart or Reboot the File Bank Director Service
Shutdown the File Bank Director Device
Note that, in order to start the WAFS services, you must follow this step.
Caution should be made when stopping, starting, or restarting the WAFS service as
this may interfere with other users who have work in progress.
To start, stop, restart, reboot, or shutdown:

1. Access the Boot Services screen by clicking Boot Services (circled) under the
System Menu lets you to control FileBank Director service and device status.
Figure 23: Boot Services
R ev isi o n 3. 0
2. Perform one of the following actions:

Start the File Bank Director Service—Click Start
Stop the File Bank Director Service—Click Stop (See warning!)
Restart the File Bank Director Service—Click Restart (See
warning!)
Reboot the File Bank Director Device—Click Reboot (See
warning!)
Shutdown the File Bank Director Device—Click Shutdown (See
warning!)
CAUTION! Stopping or Restarting the device while users are connected will
!
! interfere with their work in progress.
CAUTION! If you click Reboot or Shutdown, there is no confirmation dialog so

!
! the operation is carried out immediately. Make sure you want to do this before
clicking! Note too that if you reboot or shutdown while users are connected their
work progress will be affected.
Managing File Services

This section describes File Services options, which are as follows:
Defining FileBank Director Settings, on page 138—for FileBank
Director mode only
Managing System Users, on page 140.
Adding File Servers, on page 141—for FileBank Director mode only
Managing the Compression Filters List, on page 143.
Replication Service, on page 155.
Defining FileBank Director Settings

The FileBank Director Settings screen lets you set the Listen Port Assignments and
the FileBank Director ID. The TCP (data transfer) and UDP (“keep alive”) ports are
set to 4049 by default, but can be changed if necessary.
FileBank Director Settings is also used for changing the FileBank Director ID in a
multi FileBank Director environment—where each FileBank Director is automatically
assigned its own, unique, integer ID. FileBank Director ID should not be changed
once the system is running, because such a change will result in resetting the
cache optimization state (namely, the cache associated with the initial ID will
become obsolete). Also, if the ID is changed and matches the ID of another
machine, errors will result.
Figure 24: FileBank Director Settings screen
To change Listen Port Assignments:

1. Make sure you are using the FileBank Director WAFS operation mode.
2. From the WAFS left menu pane, under File Services select FileBank Director >
Settings.
3. Type in the new TCP value.
4. Type in the UDP value.
5. Click Apply.
To change FileBank Director ID:

1. Make sure you entered the WAFS menu using FileBank Director Operation
Mode.
2. From the WAFS left menu pane, under File Services select FileBank Director >
Settings
3. Type in the new unique ID. It is best to write this ID down for future reference.
4. Click Apply.
R ev isi o n 3. 0
Managing System Users

The System Users screen (File Services > System Users) is used for managing
internal users that are used by specific Expand services (for example: Replication
Service).
Figure 25: System Users
To add a user:
1. From the WAFS left menu pane, under File Services select System Users.
2. Fill in the new user's Domain Name, Username and Password. Verify the
password by typing in the same password you entered in the Password field.
3. Click Add and the User’s information is added to the list at the bottom.
To delete users from the current list:

1. From the WAFS left menu pane, under File Services select System Users.
2. Select the checkbox for the user, or users, to be deleted
3. Click Delete.

Figure 26: Delete Users
Adding File Servers

To add more file severs to be exported through the Expand WAFS solution and the
FileBank Director, type in the file server name—and optionally an alias—in the File
Servers screen (File Services > File Servers).
Note: When the FileBank Director is configured to export a DFS root, it is

i
necessary to export all the participating DFS file servers on the FileBank Director
side.
R ev isi o n 3. 0
Figure 27: File Servers
To add a user:
1. Make sure that you entered the WAFS menu using FileBank Director Operation
Mode.
2. Fill in File Server Name, and optionally an Alias
3. Click Add.
To delete servers:
1. Make sure that you entered the WAFS menu using FileBank Director operation
mode.
2. From the Exported File Servers section, select one or more checkboxes.
3. Click Delete.

To Set a CIFS User:

mode.
2. In the Set a CIFS User section, fill in the following information:
Domain Name
User Name
Password
Verify Password—make sure the password you enter here matches
the password you enter in the Password field.
3. Click Set.
To delete a CIFS User:

mode.
2. This will clear all of the listed CIFS users. There is no confirmation and action will
take place immediately.
3. Click Clear.
Managing the Compression Filters List

The Expand WAFS solution compresses data that travels across the WAN, to
optimize performance. However, several file types are already compressed and
cannot be compressed further. The compression filters allow Expand to avoid
unnecessary compression attempts on files that are already compressed, thus
improve overall system performance.
The Compression Filters list (File Services > Filters) shows you all file extensions
that the system will not attempt to compress.
If you are using compressed files of a type that is not currently included on the
Compression Filters list, you can add it. You can also delete extensions from the
list, if you are sure that they are not compressed and were added by mistake.
R ev isi o n 3. 0
Figure 28: Filters screen
To add a filter:
1. From the WAFS left menu pane, under File Services select Filters.
2. Type in the file extension in the form *.xxx (where xxx is a three or four-letter file-
extension).
3. Click Add.
To delete filters:
1. From the WAFS left menu pane, under File Services select Filters.
2. Select one or more filter checkboxes.
3. Scroll down to the bottom of the Compression Filters list.
4. Click Delete
.
CAUTION! Do not delete filters that were included in the list provided by Expand.
!
! Files of these types are known to be compressed and do not require further
compression. You should only delete a filter if was added by mistake.

Configuring FileBank Services

This section describes FileBank File Services functions that are only accessible
through the FileBank Operation mode, which are as follows:
FileBank Directors, on page 145
Virtual Servers, on page 146
Windows Domain, on page 147
Cache Settings, on page 148
Fetch Settings, on page 153
FileBank Directors
To access the FileBank Directors screen, click File Services > FileBank Directors in the
Navigation Pane (see figure below). This screen displays the current FileBank
Director(s) for the FileBank, and lets you add or delete FileBank Directors as
necessary.
Figure 29: FileBank Director settings
R ev isi o n 3. 0
To add a FileBank Director:

1. Make sure that you entered the WAFS menu using FileBank operation mode.
2. Enter the hostname.
3. Enter the TCP port number
4. Enter the UDP port number
5. Click Add.
Note: You may leave the TCP and UDP fields blank, in which case the default
ii
value - port 4049 - is applied to both.
To delete a FileBank Director:
2. Select one or more checkboxes of hostnames in the current FileBank Directors
list
3. Click Delete.
Virtual Servers
You can configure FileBank to automatically add a prefix and/or suffix to the
original file server name defined at the FileBank Director site, used for representing
the local virtual server (File Services > Virtual Servers). This helps distinguishing
the local virtual server name from the Central File Server name.
CAUTION! Virtual Server Name = File Server Alias + any prefix/suffix added here.
!
! neither a prefix nor a suffix is defined, DNS Masquerading or WAFS
If
Transparency must be activated, to avoid name resolution conflicts. For details
regarding DNS Masquerading, see DNS Masquerading, on page 180. For details
regarding WAFS Transparency, see section WAFS Transparency Commands, on
page 619.
CAUTION! If you plan to use WAFS transparency, do not use an Alias name. Also
!
! if you need to use an Alias name, you must block WAFS transparency.
The lower half of the screen lists Exported Virtual Servers and their connection
status (“Connected”/”Disconnected”).

d
Figure 30: Virtual Servers
To create the virtual server name:

2. Type in a prefix and/or a suffix.
3. Click Apply.
Windows Domain
The Windows Domain screen (File Services > Windows Domain) is used for
carrying out the following tasks:
Joining the FileBank to the domain.
Using domain administrator credentials (Username and Password)
Setting the domain name
Adding or deleting authentication servers.
R ev isi o n 3. 0
Figure 31: Windows Domain
Cache Settings
The Cache Management screen (File Services > Cache Settings) provides you
with cache statistics, and lets you control basic cache functionality: cache validation
frequency, and manual cache invalidation.
Time to Live (TTL) settings

These settings determine how often the FileBank verifies directories or file data
with the FileBank Director. Time to Live applies only to directory listing and read-
only files. Cache coherency is maintained regardless of these settings.
Higher values mean better cache performance, whereas lower values mean that
read-only data is more accurate.

Figure 32: Cache Settings
Invalidate Cache
The Invalidate button resets the TTL for the cached information, thereby forcing the
FB to validate the updated information with the EFS.
Note: Access to Data Center versions of cached files is verified prior to the
ii
invalidation. Cache files are not invalidated if Data Center versions are not
available.
System Users
The System Users screen (File Services > System Users) lets you add and delete
FileBank system users.
R ev isi o n 3. 0
Figure 33: System Users

To delete users from the current list:
1. Select the checkbox for the users to be deleted.
2. Click Delete.
The Expand WAFS solution uses smart filters to provide additional performance
and bandwidth optimization over the WAN. Two types of filters are listed on the
Filters screen (File Services > Filters):
Short Term File (STF) filters
Compression filters
STF Filters
Short Term Files (STFs) are files that are saved locally on the FileBank and not
sent to the central server. Use the STF Filter for files that exist for a short term and
for any other files you do not want to be backed up on the central file server (for
example: photos and media files).
The STF Filter list displays all file extensions that the system is currently configured
not to back up. You can add to or delete from this list as necessary.
ii Note: All Files that match the STF filter extensions selected are not backed up.

Setting Advanced FileBank Features 151
S e t t i n g A d va n c e d F i l e B a n k Fe a t u r e s
This section covers advanced features that you can configure to the FileBank for
added functionality. Topics covered include:
Configuring the Fetch Mechanism, on page 151
Replication Service, on page 155
Replication Service Activation, on page 157
Configuring Replication Services, on page 158
Configuring Additional Services, on page 164
Configuring the Fetch Mechanism

This section covers topics related to the Cache. Topics discussed in this section
include:
Fetch Mechanism Overview, on page 151
Fetch User, on page 152
Fetch Jobs, on page 152
Fetch Settings, on page 153
Creating Fetch Jobs, on page 154
Fetch Mechanism Overview

The Fetch mechanism lets you pre-populate the FileBank cache with specific data
sets from the data-center file server. Cache pre-population optimizes “first-time”
data access to files and directories by utilizing the Expand advantage: once a
particular data set is saved in the local FileBank cache, future requests for files
from that set will require the transfer of minimal amounts of data over the WAN,
speeding up service.
Depending on the mode in which files are opened by Clients, FileBank
synchronously validates that the cached data is updated, and acquires file locks on
the Server.
Although cache pre-population is not essential, for performance reasons it is
strongly recommended that in file server consolidation scenarios you pre-populate
the branch files working set as a minimum (for example: user home drives).
Note: File types that have been configured as Short Term Files (STF) or
ii
Replication files, are not pre-populated by the Fetch mechanism.
R ev isi o n 3. 0
Fetch User
The fetch user is the internal user that performs the data pre-population on the
cache. The fetch user must have sufficient security permissions to traverse the file
system and read permissions for the files being transferred. You can configure the
fetch user on the FileBank using the user CLI command, or the System Users
option in the management web interface.
Fetch Jobs
The term Fetch jobs describes the entities that will be pre-populated onto the
FileBank cache. A fetch job is defined by the path and the fetch user that will be
used for fetching that path. The path is expressed in UNC format (starting with
virtual server name), and the user command argument is entered in
{domain\user} format.
A fetch job can aggregate multiple paths under one entity (see the fetch jobs paths
option). Activating a multiple path job effectively creates a fetch instance for each
specific path.
Figure 34: Fetch Settings

Fetch Settings
The Fetch Settings screen (File Services > Fetch Settings) controls the pre-
population of the Cache with specific data from the Data Center. Once fetched, this
data resides in the Cache and can be accessed immediately. Thus pre-population
optimizes first-time access to this data. The Fetch Settings screen lets you define
which data will be fetched for pre-population. This screen lists Fetch Jobs and their
current status.
Figure 35: Fetch Settings

Fetch Jobs describe the entity that should be fetched (namely, a
specific directory on a file server). For details, see section Creating
Fetch Jobs, on page 154.
Fetch Instances represent Job runs. For details, see section Creating
Fetch Jobs, on page 154.
Fetch Activation
Once configuration is complete, you can activate the Fetch mechanism by running
fetch jobs, and subsequently manage it by running fetch instances.
Fetch Jobs are created with a single path. You can add paths as necessary, as
described below.
R ev isi o n 3. 0
Creating Fetch Jobs

Choose and start the fetch job you want to run. Each time a job is started a new
Fetch instance is created.
To create a Fetch job:

2. In the Add Job area of the Fetch Settings screen (File Services > Fetch
Settings), fill-in the following parameters:
UNC Path - a specific folder on a file server.
Domain/Username - as described in System Users, on page 149
and as described in Virtual Servers, on page 146.
3. Click Add.
The new job is added to the list of Fetch Jobs.
Figure 36:Fetch Jobs

4. Add one or more paths to this Fetch Job, as required, by typing the requested
UNC path and priority, and then clicking Add.
The paths are added to the Fetching Paths list, and are now part of this Job.
5. When you have added all necessary paths, click the Back to Fetch Settings link
at the bottom of the screen.
This link takes you back to the general Fetch Settings screen, for all Fetch Jobs.
To delete a Fetch job:

2. Select the checkbox for the job.
3. Click Delete.

To start a Fetch instance:

2. In the Fetch Jobs list of the Fetch Settings screen, select the checkbox for the
Job.
3. Click Start.
An instance of the Fetch Job is started, and is added to the Fetch Instances list.
To stop a Fetch instance:

2. Select the instance in the Fetch Instance list.
3. Click Stop.
To add Fetch instances:

2. Fill-in the following parameters for the new user:
Domain name
Username
Password
3. Click Delete.
To delete Fetch instances:

2. Select the checkbox for the instance.
3. Click Delete.
Replication Service
One of the main challenges resulting from the consolidation of file services in a data
center, is how to grant users efficient access to very large files over the WAN,
despite limited bandwidth and high latency. The Expand replication service
addresses this challenge, by reducing bandwidth consumption at peak hours. With
this feature, administrator-defined file types (such as. *.PST, *.GHO) are served
locally at the branch by the FileBank virtual server, while a recurring replication
process handles daily synchronization with the data center file server (at times of
low WAN bandwidth consumption).
R ev isi o n 3. 0
When you create a new file (of a type that is replicated), this file is synchronously
created on the central file server with its security metadata (namely ACLs), but
without the actual file data. The file data is then updated asynchronously by the
recurring replication process. The same principle applies to changes made to
existing files.
CAUTION! Replication is an asynchronous process, and as such, should be
!
! activated only for files used exclusively by the branch. Sharing replication files
between branches can result in data loss.
Replication service configuration includes the following parameters:
Replication User, on page 156
Replication File Types, on page 156
Replication Schedule, on page 156
Replication Paths, on page 157(optional)
Replication User
The Replication User is an internal user that performs file replication for the
system. The replication user must have sufficient security permissions for
traversing the file system and writing permissions to replicate to the file server.
The replication user is set both on the FileBank and on the FileBank Director.
Replication File Types

The Replication service handles replication on the basis of file extension (for
example: *.mdb for Microsoft Access files), not file size. All files whose extension is
on the list of Replication File Types are handled by the replication mechanism,
regardless of their size.
When changes are made to the list of Replication File Types, you must reboot the
FileBank for the changes to take effect.
Note: In a nested shares environment, the replication files should be pre-

ii
populated to the FileBank using the same path to which the users are mapped.
Replication Schedule
Replication is programmed to run once a day to synchronize changes between the
FileBank and the Data Center file server. You are advised to run replication at off-
peak hours, when WAN bandwidth is least utilized. You define the time of day

(UTC value) that replication starts, and you can also force a stop time (namely: stop
the process even if replication is not complete). You can also run a non-scheduled
replication at any time by using the Replication Start and Stop options, either over
the web or through the CLI.
Note: AcceleratorOS supports only DNS masquerading and not WINS

ii
masquerading. Therefore, all clients who have NT 4.0 or earlier systems, which
use WINS servers, need to have DNS servers as well to let us support them.
ii Note: Replication Start and End times are defined as UTC values.
Replication Paths
By default, the Replication Service searches the entire file system for files that
correlate to the Replication File Types list. Alternatively, you may define specific
paths to be searched (instead of the entire file system). The replication path can
point either to a share or to a directory within a share. Defining replication paths
results in a faster replication process. When using this option, files outside the
specified paths are not replicated.
Note: When no replication paths are defined, the replication feature searches
ii
the entire file system for files to be replicated. However, once one or more
replication paths are defined, the feature searches only on the defined paths.
Replication Service Activation

General system configuration must be complete before you activate replication.
Once the service is activated, FileBank may be populated with the initial set of files.
Service Activation on FileBank Director

On the FileBank Director side, you need only to define the replication user and start
the replication server that runs on the FileBank Director. Initial service configuration
and activation are easily performed, by using either the FileBank Director web
management or the replication setup command (CLI).
R ev isi o n 3. 0
Service Activation on FileBank

On the FileBank side, service configuration includes defining: replication user,
replication file types, and the daily Start time (the definition of replication paths, and
of a Stop time, are optional, as described above). Initial service configuration and
activation are easily performed, by using either the FileBank Director web
management or the replication setup command (CLI).
Once configuration is complete, the replication service must be enabled on the
FileBank.
Initial Pre-population of Large Files on FileBank

Working with replication services on large files requires pre-populating the files
located in the paths we want to replicate, before starting to work with the FileBank
in the field. Pre-populating involves copying an initial, up-to-date “snapshot” of all
qualifying replication files, from the file server that holds them. This “snapshot”
consists of file data and metadata (for example: timestamps and security
attributes).
You can perform the initial pre-population by either running the Replication Start
initial CLI command or using data migration tools (such as Robocopy, or Secure
copy) to copy the files from the legacy branch file server to the FileBank virtual
server.
Once pre-population is complete, users can start working on the files.
Note: File pre-population onto the FileBank is a prerequisite for working on the
ii
replication files.
Note: Replication files that are on the file server but have not been pre-populated
ii
onto the FileBank cache are visible in directory listings, but are empty if opened.
Configuring Replication Services

The Replication Services screen (File Services > Replication Services) displays
the current status of the Replication Service, and allows you to Start and Stop it. It
also gives you access to the Replication User screen (see section Replication
User, on page 159).
For details of what the Replication Service does, see section Managing the
Compression Filters List, on page 143.

Note: Before you can start the Replication Service for the first time, you must
ii
define a valid Replication User. For more details, see section Replication User,
on page 159.
Figure 37: Replication Services
Replication User
The Replication User is an internal user that performs file replication for the system.
The Replication User Screen (Replication Services > Replication User) displays
the currently defined user, and lets you clear (in other words, delete) the current
user, and/or set a different user.
R ev isi o n 3. 0
Note: The Replication Service cannot function unless a valid Replication User is
ii
set. This user must have sufficient security permissions for traversing the file
system and writing permissions to replicate to the file server.
Figure 38: Replication User

To set the replication user:
1. In the Replication Services screen (File Services > Replication Services), click
the Replication User link.
CAUTION! You should configure the same replication user on the FileBank and
!
! the matching FileBank Director.
Note: The Replication Service cannot function unless a valid Replication User is
ii
set. This user must have sufficient security permissions for traversing the file
system and writing permissions to replicate to the file server.
2. Select the checkbox for the required user, and then click Set.
To clear the current Replication User (without setting

another):
1. In the Replication Services screen (File Services > Replication Services), click
the Replication User link.
The Replication User screen opens, showing the current user.
2. Click Clear.
CAUTION! You should configure the same replication user on the FileBank and
!
! the matching FileBank Director.
The user is no longer the Replication User.

ii NOTE: Using the replication services requires creating a new user.
Kerberos Configuration
Kerberos is a computer network configuration protocol which allows nodes
communicating over a non-secure network to prove their identity in a secure
manner. When used in a client-server model, Kerberos provides mutual
authentication, whereby both the user and the server verify each other's identity.
Kerberos Protocol messages are protected against eavesdropping and replay
attacks.
The following configurations are possible:
Enabling or Disabling Kerberos - available on the FB and FBD
Enabling Kerberos on a Specific Server - FBD only
Auto Configuration - FBD only
Note: It is important to make sure that the time of the Accelerator is

ii
synchronized with all other points on the network. If the time is not synchronous,
it may result in Kerberos failure. To check the Accelerator’s time, see Setting the
Date and Time on the Accelerator, on page 106.
Enabling and Disabling Kerberos on the FB

To enable or disable kerberos on the FB:
1. From the WAFS Configuration menu, under File Services, select Kerberos
Configuration.
2. The Kerberos status is shown. To enable kerberos, click Enable, to disable
kerberos, click Disable.
Enabling and Disabling Kerberos on the FBD

This will enable or disable Kerberos on the File Bank Director and all servers that
are associated with the File Bank Director.
R ev isi o n 3. 0
To enable or disable kerberos on the FBD:

Configuration. The Kerberos menu opens.
2. Fill in the fields as follows:
Realm - supply a Realm name (this is similar to a Domain Name
controller) Although the realm can be any name you want it is
common practice to create the realm by uppercasing the DNS
domain name that is associated with the hosts in the to be defined
realm. For example, if your hosts are all in the mydomain.com
realm, your kerberos realm might be MYDOMAIN.COM.
Admin Server - if the Domain Name Controller is different from the
kerberos name, put the name of the DNC here or else leave the
field empty.
KDCs - in this field, put the name of the Key Distribution Center - if
there are more than one, separate each name by a comma.
Default Domain - if there is more than one domain name
controller, put the name of the default one in the field.
3. Click Apply to submit.
Auto Kerberos Configuration

When selecting this setting, the Accelerator chooses the settings.
To choose the auto-configuration Setting:

2. Click the AutoConfig button.
Enabling Kerberos per Server

This is not available on the FB

To choose the auto-configuration Setting:

2. Under Kerberos per EFS, click Enable.
3. A list of servers opens
4. Choose the servers by clicking on them.
5. Click Apply.
R ev isi o n 3. 0
Printing Services for the FileBank
Configuring Additional Services

This section describes the FileBank Additional Services, which currently include the
Print Services.
Print Services
You can configure FileBank to serve as the local branch print server. The Print
Services screen (Additional Services > Print Services) lets you add network
printers, view a list of already existing printers, and delete printers, as required.
For additional information about print functions, see section Setting Advanced
FileBank Features, on page 151.
Figure 39: Print Services

Printing Services for the FileBank 165
To add a printer:
1. Type in the printer name (preferably a descriptive name such as “Konica 7022”,
“frontdesk” or “floor5”).
2. Type the printer URI (an identifying string such as socket://192.168.1.21:9100/.)
3. Enter a brief description to help other users identify the printer.
4. Click Add.
The printer is added to the list of printers available to branch users (this list
displays Name, Description, and URI).
To delete a printer:
1. Select the checkbox near the name of the printer you want to delete.
2. Click Delete.
Configuring Print Services (FileBank)

Once FileBank is installed at the branch office, you can configure it to replace the
existing local print server (or servers).
FileBank includes the following features:
Lets administrators manage network printers and upload end-user
drivers through the Windows “Add Printer Wizard”
Lets clients download and install drivers and printers via “Point'n'Print”,
or install printer drivers locally
Supports standard network printing protocols
Can be connected directly to the printer
Adding a Network Printer to FileBank

The first stage when installing a new printer to the FileBank, is to set the printer
entry and URI.
R ev isi o n 3. 0
Figure 40: Print Services
Assigning Printing Administrators

Only assigned printing administrators can upload printer drivers. Printing
administrators must be users with full access and write credentials on the central
fileserver PRINT$share.
The default printing administrator values are: Administrator (individual) and
@Administrators (group name). In many cases the default setting is not sufficient
and you need to create additional user(s) and groups.
ii NOTE: Group names must be prefixed with @.
NOTE: Printing administrators must posses full access and write credentials on
ii
the central file server Prints share.
Point’N’Print Configuration
Once you have defined printers, printing mode and printing administrators on
FileBank, you can upload printer drivers to the print server. This Enables clients to
use the “Point'n'Print” feature, which automatically installs the associated printer
driver the first time they access a particular printer.
Uploaded drivers are stored on the central file server and cached on the local
FileBank (a valid network connection between the FileBank and the FileBank
Director is required).
The initial listing of printers in the FileBank Printers and Faxes folder, accessed
from a Client, has no real printer driver assigned to it. The standard Windows Add
Printer Wizard (APW), run from NT/2000/XP clients, is used for printer driver
upload.
Note: The existence of PRINT$share on the central file server is a prerequisite

ii
for uploading/downloading printers drivers (“Point’N’Print”).
Uploading Printer Drivers

1. Log in to a workstation as a user who is also defined as a printing administrator.
2. Browse to the FileBank’s virtual server name, by doing one of the following:
Open Network Neighborhood and browse to the virtual server
name,
OR
Click Start > Run, and type in the UNC path of the virtual server:
\\{virtual server name}
3. Open the Printers and Faxes folder, locate the printer you have added to
FileBank, right-click on the printer icon, and select Properties (from the menu).
You are trying to view the printer’s properties before a driver has been assigned
to it, and therefore the dialog box shown below appears.
Figure 41: Printer Properties
! CAUTION! Do not click Yes.

!
4. Click No.
5. Do one of the following:
Install a new printer driver (thereby activating the Add Printer
Wizard, see next step).
OR
If one or more drivers have already been installed, you can select
one of these drivers from the drop-down list. (If no drivers have
been installed this list will be empty.)
6. If installing a new driver, follow the Windows Add Printer Driver Wizard.
R ev isi o n 3. 0
7. After driver upload is complete, perform the first client driver installation, as
described in the next section.
First Client Driver Installation

After uploading a printer driver or drivers, you must perform the First Client Driver
Installation. Once this initiation step is concluded, further clients are easily set up
and should not require further attention.
1. Log in to any workstation as a user who is also defined as a printing
administrator and has administrator rights on the workstation.
2. Browse to the FileBank’s virtual server name.
3. Right-click on the relevant printer, and select Connect from the menu.
4. The printer is added to the local Printer folder (you can verify this by clicking
Start > Settings > Control Panel > Printers and Faxes).
5. use the following procedure to trigger the printer driver startup.
Right-click on the printer and select Properties.
Note: If Connect still appears on the right-click menu, the driver is not yet
ii
installed. Return to step 3 above.
On the Advanced tab, click Printing Defaults.

Change the current page orientation (Portrait/Landscape) and click
Apply.
Restore original page orientation and click Apply.

At this stage you may also want to set other printing defaults that
will apply to all future clients wanting to carry out “Point’N’Print”
driver installation.
From now on, any client wanting to install this printer can just “Point'N'Print”.
Verifying Point’N’Print Installation

After completing the above two stages, you are advised to verify that “Point’N’Print”
is functioning correctly.
1. Log in to any other workstation (with permission to install drivers locally).
2. Locate the printer (Start > Printers and Faxes) and double-click it.
3. Verify that drivers are installed.
ii Note: If you are running Windows 2000, a dialog box may appear at this stage.
4. Open the print queue for the printer.

5. Print a test page.
6. Verify that the print job is added to the print queue and prints out correctly.
7. Verify that printer properties are visible (see the driver-specific fields)
Manual Client Driver Installation

Once you have defined your printers on the FileBank, you can optionally install
printer drivers locally on workstations (without relying on “Point’N’Print”).
1. Log in to a workstation as a user who has administrator rights on the workstation.
2. Browse to the FileBank’s virtual server name, by doing one of the following:
Open Network Neighborhood and browse to the virtual server
name,
OR
Click Start > Run, and type in the UNC path of the virtual server:
\\{virtual server name}
3. Open the Printers and Faxes folder (Start > Printers and Faxes), locate the printer
you have added to FileBank, right-click on the printer icon, and select Properties
(from the right-click menu).
You are trying to view the printer’s properties before a driver has been assigned
to it. Therefore, the following message appears:
R ev isi o n 3. 0
Figure 42: Printer Properties
4. Click Yes.
The Add Printer Wizard (APW) opens.
5. Select the driver to associate with the printer, install it and connect.
Verifying Driver Installation

To enable a client to use the FileBank as the print
spooler, communicating by using IPP (Internet Printing
Protocol):
1. Open the print queue for the printer.
2. Print a test page.
3. Verify that the print job is added to the print queue and prints out correctly.
To verify driver installation for each Client:

1. Add a printer to the FileBank.
2. Log in to the workstation to which you to install a printer as the workstation’s
administrator.
3. Browse to the Client’s Control Panel.
4. Open the Printers and Faxes folder (Start > Printers and Faxes).
5. On the File menu, click Add Printer.
The Add Printer wizard opens.

Figure 43: Add Printer Wizard

6. Select the radio-button Connect to a printer on the Internet or on a home or
office network.
7. In the URL field, enter the URL for the printer in the following format:
http://<FileBank's hostname>:631/printers/<printer’s name>
8. Click Next.
9. Select the appropriate driver to install, and use the wizard for completing the
installation.
10. When done, print out a test page.
Note: Installing the IPP printer drivers to a workstation does not require
ii
additional settings on the FileBank other than adding the IPP printer URL to the
FileBank.
ii Note: Client side IP configuration does not support “Point’N’Print.”
R ev isi o n 3. 0
Connecting the Printer to the FileBank Server

Although both Parallel and USB connections are supported, you achieve the
following functionality with a USB connected printer:
Installing the printer using a USB driver
Migration of the remote driver for USB
Ability to use all of the printer’s functionality via the USB driver
Ability to create Users and Groups as well as permission settings
If the printer is connected to the FB with a USB cable, the FB will
automatically mount the printer.
To connect a printer to the FileBank server:

1. Connect the printer to the FileBank server via USB (or parallel port if no USB is
available).
2. Use the WebUI to add a printer.
Printing Setup Troubleshooting

Issue: I cannot select a new driver to upload, the option is disabled.

1. Ensure that a PRINT$share is defined on the central file server.

2. Verify that you are logged in as a printing administrator, with full read and write
access to the PRINT$share.
3. Ensure that this user is defined as a printing administrator (see section Assigning
Printing Administrators, on page 166.)
I get an Access Denied message when trying to upload drivers

1. Verify that PRINT$share exists on the target's central file server.
2. Verify that you are logged in as a printing administrator with full read/write access
on the PRINT$share.
3. Verify that you have set the printing driver to server at the FileBank:
> printing drivers set server
and then repeat the driver upload procedure (see Uploading Printer Drivers, on
page 167).
When I try to print out a test page I get one of the following errors:
“Operation could not be completed”
“Could not add a print job”
“Print test page failed”
4. Ensure that you have initialized the printer by performing the first Client driver
installation, before trying to print (see First Client Driver Installation, on page
168).
5. If the printer driver is not yet installed on the workstation, Ensure that you are
logged in as an administrator for this workstation.
6. Verify that the printer is connected and operational (look for errors such as
network connection problems, paper jam and out of paper).
Print jobs are not cleared from the queue (even after refreshing the
queue) and are not printed
7. Verify that the printer is connected and operational ((look for errors such as
network connection problems, paper jam and out of paper).
8. Verify that the printer’s URI is defined correctly on the FileBank, and that the
printer supports the protocol given and is configured to acknowledge on the
specific protocol (IP, port, protocol).
R ev isi o n 3. 0
Using WAFS Printing Services
Adding a WAFS Printer via Windows

WAFS now lets you use the Windows Add Printer Wizard to add a Server printer
on a remote computer.
To add a Server printer:

1. Go to the Printers and Faxes section on the server from which you want to add
the printer.
2. In the Printer Tasks pane, click the Add a Printer button.
The Add Printer Wizard dialog box appears:
Figure 44:Add Printer Wizard
3. The next screen lets you either select the port you want your printer to use or
create a new port:

Using WAFS Printing Services 175
Figure 45: Select Printer Port
4. Select the option of creating a standard TCP/IP port.

5. Use the following dialog box to add a printer name or IP address and a port
name.
Figure 46: Add Port

6. Use the standard Windows wizard to continue with the installation.
R ev isi o n 3. 0
WAN-OUT Operation
This section presents the following topics:
About WAN-OUT, on page 176
Detecting a WAN-OUT Event, on page 176
Working with Files while in WAN-OUT Mode, on page 177
WAN-OUT Known Limitations, on page 179
About WAN-OUT
Expand's WAFS solution comprises of two parts that communicate with one
another: a FileBank (FB) installed at the Remote Branch Office (RBO), and a
FileBank Director (FBD) installed at the Data Center. Expand's WAFS solution lets
users at the RBO optimize their use of shared contents on a File Server installed at
the Data Center.
Expand’s WAFS solution includes support for WAN-OUT mode, thus providing
necessary business continuity for cases of temporary WAN outage, or when the
FileBank Director is temporarily unavailable. When a WAN-OUT event is identified,
the system automatically switches to WAN-OUT Mode, allowing users at the RBO
to open, with READ-ONLY permissions, cached share content stored on the
FileBank.
A WAN-OUT event can be triggered by any of the following scenarios:
The RBO's WAN link is down.
The FBD is inaccessible to the FileBank:.
The FBD is totally inaccessible (disconnected from the network).
The FBD is frequently inaccessible (some network disconnections).
The FBD's WAFS services are down.
Note: If the File Server goes down prior to the communication being cut between
i the FB and FBD, a WAN-OUT event will not be triggered
Detecting a WAN-OUT Event

Generally, a WAN-OUT event is detected on the FileBank installed at the RBO.
However, the FBD installed at the Data Center, has its own WAN-OUT detection
mechanism in order to allow it to identify a WAN-OUT event independently.

WAN-OUT Operation 177
FileBank WAN-OUT Detection Mechanism

The FB communication with the FBD comprises many connections between the two
devices. Some of these connections are created as a result of end-users work with
the File Server (such as opening a file), while other connections are created as a
result of system internal communications between FB and FBD (for example: a
periodical GNS Refresh operation). The FB WAN-OUT mechanism inspects all of
the above connections for failure, and will detect a WAN-OUT event if any of these
connections fail.
FBD WAN-OUT Detection Mechanism

The FBD Keep-Alive mechanism's purpose is to notify the FBD that it is maintaining
a healthy communication with the respective FB. Keep-Alive UDP datagram
messages are sent periodically from the FB to the FBD. These messages are
unidirectional, and are not replied by the FBD.
The Keep-Alive mechanism sends one UDP keep-alive message every 30 seconds.
If the FBD has not received any keep-alive message within 180 seconds, it will
assume that it is no longer communicating with the respective FB, and therefore,
detect a WAN-OUT event.
The FBD Keep-Alive mechanism uses UDP port 4049 datagrams sent from the FB
to the FBD.
Working with Files while in WAN-OUT

Mode
When a WAN-OUT event has occurred, the FB maintains its existing/open WAFS
connections. This allows the FB to maintain end-user security permissions, which
allows end-users to access cached share content stored on the FB with READ-
ONLY permission. The FBD, on its part, releases all file locks on the File Server
(originating/initiated from the respective FB).
Cache
When working in WAN-OUT mode, end-users at the RBO can work only with
cached share content stored on the FB. The entire cache content on the FB is
treated as valid. This means that when consulting the FB's cache, all cache TTL
timers are ignored.
R ev isi o n 3. 0
File Access
When an user tries to open a file, READ ONLY (RO) access is granted (provided
applicable security). Any other access flags - such as WRITE, DELETE,
TRUNCATE, CREATE are denied. Users opening files receive a notification as if
they have a read-only permission to the file. Copying a file to the Client’s hard-
drive is possible, along with all security and permission data, provided that the user
has the applicable security to do so. In WAN-OUT mode all operations that attempt
to change a file, a file system structure, or data are immediately responded with
“Access Denied” by the FileBank.
For security reasons, the time frame granted to the users to access the cached
share content stored on the remote accelerator is limited to the 10 minutes prior to
the WAN-OUT mode initiation. This means that any files that were not opened by
a specific user within 10 minutes prior to the WAN-OUT event initiation, are
blocked and the user will not be able to open them during the WAN-OUT period.
The file access is granted on a per-user basis, so if one user has the file open, but
another user does not, after a WAN-OUT, only the user who opened the file will be
able to access it.
File Security
The way end-users at the RBO work when the FB is in WAN-OUT mode, changes
with respect to whether a Domain Controller is accessible to the FB. Two
possibilities are available:
For a remote site with a local Domain Controller (the Domain
Controller is still reachable by the accelerator while the site is in
WAN-OUT mode):
Users will be able to continue to work on the files opened at the
time the link is lost.
Users that will need to save their work while the link is down would
not be able to do it on Expand cache, but they will be requested to
use an alternative local storage.
Users will be able to open files or folders that were previously
accessed during the time frame defined in the AcceleratorOS (10
minutes). Only those files will only be accessible and will be limited
to READ-ONLY permission.
For a remote site without a local Domain Controller (the Domain
Controller is not reachable by the Accelerator while the site is in
WAN-OUT mode):
Users will be able to continue to work on the files opened at the
time the WAN link is lost.

WAN-OUT Operation 179
Users that will need to save their work while in WAN link is down
would not be able to do it on the Accelerator’s cache, but will need
to use an alternative local storage.
No other files or folders can be opened from the shared cache on
the Accelerator.
Replication files and Short-Term files

When working in WAN-OUT mode, Replication (OSF) files and Short-Term (STF)
files are treated as regular files, meaning they can be opened with RO permissions
only, following the necessary security checks on the file/user.
Partially Completed Transactions

A disconnection event may occur in the middle of a transaction. In this case, the FB
responds to the user as if the request was received in WAN-OUT mode. Unless the
FB receives an affirmative response from the FBD regarding the completion of the
operation, it assumes the operation has not been successful and will switch to the
WAN-OUT mode.
Partial Disconnection
In some cases, a single FileBank is connected to multiple FileBank Directors at
different physical locations. A failure in one or several of these FileBank Directors is
possible, resulting in a situation where only a part of the files accessed by the RBO
are now under ‘disconnection’. As the FileBank has the notion of the origin of each
file (namely: the specific FileBank Director that manages the file), the system
selectively enters the WAN-OUT mode for files from FileBank Directors that are
disconnected and operates normally with files from FileBank Directors that have
valid connection.
WAN-OUT Known Limitations

Printing is not supported while in WAN-OUT mode.
R ev isi o n 3. 0
DNS Masquerading
One primary objective of the Expand solution is to provide a truly dynamic global
file system. To ensure that data is always accessible across the distributed
organization, Expand must anticipate and overcome challenges introduced by
common network issues and user usage patterns. Some key requirements of a
global file system include:
Common name space – the solution must be fully coherent with the
existing naming convention used across different branch offices. For
example, a file server named “efs” should be accessible, using this
name, to branch offices with or without Expand FileBank.
Direct access on failure – users in branch offices should be able to
access the file server at the data center should the FileBank at their
location become unavailable.
Roaming user support – supports mobile users travelling between
different branch offices. The system should automatically redirect
users to the nearest FileBank according to the user's current location.
To meet these requirements, Expand supports DNS Masquerading. Using DNS
Masquerading, Expand becomes part of the DNS scheme in the organization, and
uses DNS to overcome challenges associated with the above requirements.
DNS Masquerading Benefits

Common Name Space—To ensure that users across the
organization can seamlessly access directories at the Data Center,
regardless if their individual office uses FileBank, Expand supports
common name space conventions with and without the device.
Direct Access on Failure—One of the most important features of
any network device is that of fail over and high availability. To ensure
that remote office users continue to access the file server at the
datacenter, even in cases of planned or unplanned downtime of the
FileBank, Expand uses DNS masquerading to redirect users directly
to the file server over the WAN.
Roaming Users Support—Further complicating the already
challenging management of distributed organizations are roaming
users who travel between locations. Expand uses DNS masquerading
to ensure that roaming users have access to centralized data even
when they move from one office to another. Each time the user

DNS Masquerading 181
reboots or wakes the computer from hibernation, the DHCP server

pushes a new DNS server list. If the office uses FileBank, the FileBank
will be listed as the primary DNS as described above.
DNS Masquerading Configuration

To configure DNS Masquerading:
1. In the Setup screen, go to the Networking tab.
2. Select the DNS option.
3. Set the IP domain lookup table status to Enable.
4. Fill-in the relevant details in the Servers table, Domain name table and Static
host table
NOTE: Configuring the NetBios domain name should be carried out via WAFS
ii
CLI.
Figure 47: DNS Configuration
5. In the Services screen go to the DNS Acceleration tab.

6. Set the DNS Masquerade status to Enabled.
Fill-in the relevant IP Address (the FileBank IP Address) and Host Name (Fully
qualified domain name)
R ev isi o n 3. 0
Figure 48: DNS Acceleration

7. In the Services screen go to WAFS. Click on WAFS Configuration.
8. In the WAFS Management screen select System>Setup wizard.
Ensure that the virtual server name includes no prefix, suffix or alias, and is
identical to the file server name. At the end of the process, the WAFS details
should be similar to the following:

DNS Masquerading 183
9. Use the WAFS CLI to verify that spnego option is on.

(using the _auth spnego on command). This setting is essential in order for
DNS Masquerading to function correctly.
Do not use the DNS Masquerading option from the Additional Services menu.
Do not change any settings on the client. There is no need to change the primary
DNS server.
When the FileBank reboots, the client is immediately connected to the Fileserver.
When the FileBank is up, the client continues to be connected to the original
Fileserver. You are advised to reboot the client after the configuration
To use a local client for testing DNS masquerading:

1. Update the list of DNS servers configured on the client so that the FileBank is
configured as the primary DNS server. Do not define any additional DNS servers.
2. Open the command prompt window.
3. At the command prompt, perform an nslookup.
The nslookup should report the FileBank as the primary DNS server.
4. Issue an nslookup request for an existing virtual server (for example:
dsefs.demo.com). The IP address of the FileBank should be returned.
5. Issue a request to any other name recognized by the central DNS server. (for
example: www.cnn.com). The proper IP address should be returned.
General—If you use the domain controller as the file server,
consider defining a DNS alias to be used for accessing the file
server at the datacenter and the virtual file server at the branch
office. For example, you have a domain controller called dc1 that is
also used as the file server. Add an alias to the DNS server called
efs1, which points to the same IP address as dc1. On the FileBank
Director add the file server efs1 (use the command cifs export
efs1). Ensure that no prefix or suffix is defined on the FileBank (see
above).
Testing —DNS masquerading can only be tested when there is an
active virtual server. DNS masquerading is automatically turned off
when there are no active virtual servers to initiate switching to a
secondary DNS server.
Switching to and from FileBank
Changing the TTL of the file server DNS record—The time is
takes for the client to switch between the primary DNS and the
secondary DNS servers depends on the TTL of the file server DNS
R ev isi o n 3. 0
record. You should set the TTL of the file server record to the
minimum in order to shorten the fail-over time.
The DNS client service does not revert to using the primary
DNS server—The Windows 2000 Domain Name System (DNS)
Client service (DNSCache) follows an algorithm when it decides
the order of the DNS servers configured in the TCP/IP properties.
Refer to Microsoft Knowledge Base for more information http://
support.microsoft.com/default.aspx?scid=kb;EN-US;286834
CIFS session time out—In some cases, the client will fall back
from the EFS to the FileBank only after its CIFS session with the
EFS terminates. The time this takes is influenced by the session
time out on the EFS, and can be configured by using the following
command on the Windows file server:
net config server /autodisconnect:<minutes>

Monitoring WAFS Functionality 185
Monitoring WAFS Functionality

This section describes the Utilities options, which are as follows:
Running System Diagnostics, on page 185
Viewing Logs, on page 185
Running System Diagnostics

The System Diagnostics screen lets you run a diagnostic test on the FileBank
Director device to ensure that the device is working properly. The results of the test
are displayed in the Results area of this screen, and describe any problems with
the FileBank Director device. To start the test, click Run Diagnostics.
Figure 49: System Diagnostics
Viewing Logs
The Logs screen lets you generate activity logs of the FileBank Director for
monitoring, optimization, and troubleshooting purposes.
Generating a log archive may take several minutes. When finished, the log file is
saved in a default system location, and a link to the log archive appears in the Log
Archives section of the screen (newest on top).
R ev isi o n 3. 0
Figure 50: Logs screen

Troubleshooting 187
Troubleshooting
In this troubleshooting section it is assumed that:
1. A complete end-to-end Expand WAFS installation has been set up and
configured
2. Devices are connected to the network (L1, L2) correctly and the right network
(L3) settings have been applied
Troubleshooting Tools
Internal Diagnostics: An automated internal utility that provides an
immediate indication of the Expand device performance and issues.
This is the first tool that should be used when troubleshooting is
necessary. You should run this tool at both branch and data center
ends. For details, see Running System Diagnostics, on page 185
(FileBank), and Running System Diagnostics, on page 185 (FileBank
Director).
Logs: The internal system logs that can be viewed, archived and
uploaded. For details, see Viewing Logs, on page 185 (FileBank) and
(FileBank Director).
Statistics: An internal tool that provides FileBank service statistics (see
DNS Masquerading, on page 180).
Status: The status CLI command reports on the current system
running status.
General Network Utilities: Ping, traceroute, ttcp, ifconfig, route, and
netstat.
Networking
No route/connection to the Expand devices
Check that the device is operational and is connected correctly to
the network (both Ethernet cable ends should be firmly in place).
Verify that the green light at the cable socket of each side is on.
Verify that network settings are correct, by examining the output of
the ifconfig CLI command. Pay particular attention to IP address
and netmask.
R ev isi o n 3. 0
Use the route CLI command to verify that routing tables are
correct.
Try to ping a machine in the same subnet (typically the gateway,
depending on your network topology).
No route/connection to the Domain Controller (authentication server)
Use the domain controller's IP address to check connectivity. If this
fails, refer to the previous section and correct networking/routing
problems.
Verify the name set for the authentication server. Use the CLI
authsrv command, or the relevant Web Interface page.
Try to ping the domain controller by its name. Failure to do so
indicates a name resolution issue. To resolve this issue, either add
the domain controller to the static hosts list (using the hosts add CLI
command), or verify correct DNS settings.
Ensure that you have applied valid DNS servers. Use the CLI
prompt command dns, or the relevant web interface page, to
assign/delete/list DNS servers.
Ensure that you have added the DNS suffix required to complete
the FQDN of the authentication server. Use either the CLI prompt
command dns search, or the relevant web page, to apply the
required suffix.
If the FileBank has not been configured with DNS servers, add the
authentication server name under the static hosts. Use the hosts
CLI prompt command, or the relevant web interface page, and
repeat a connectivity check to the authentication server.
No route/connection to Fileserver(s)
Ensure that you have correctly defined the server(s) that needs to
be exported by FileBank Director.
Verify that the file servers’ NetBIOS names are the names you
have defined to be exported by FileBank Director.
Try to ping the file server's NetBIOS names. Failure to do so
indicates a name resolution issue.
Verify correct DNS settings, including DNS search path.
Alternatively, use 'hosts' static entry to add them to the list, as
described in the previous section.
FileBank Director cannot access the file server on port 139 or 445
FileBank Director requires active ports 139 or 445 on the fileserver. If port 139
(SMB over NetBIOS) is disabled, enable the NetBIOS port as follows: browse the

Troubleshooting 189
file servers TCP/IP network properties, select the Enable NetBIOS over TCP/IP
checkbox and apply changes.
If NetBIOS is to remain disabled on the fileserver, please consult the Expand
support team support@expand.com for additional configuration settings.
No route/connection from FileBank to the FileBank Director

Expand utilizes TCP connection to transfer the data between FileBank and
FileBank Director. The UDP port is set to keep alive acknowledgements between
the two. Connection ports between FileBank and FileBank Director are set by
default to 80.
Ensure that the connection ports between the FileBank Director and
the FileBank match each other.
Use the FileBank Director CLI listenport command, or the
relevant web interface page, to verify/alter listen ports.
Use FileBank CLI fport command, or the relevant web interface
page, to verify/alter connection ports.
Ensure that the designated ports (UDP and TCP) are opened on
the firewall (if applicable), and that corresponding settings are
applied.
Check MTU (Maximum Transfer Units) consistency along the
network path. This check is especially needed with DSL
connections. Inconsistency may result in lack of communication.
Test different values for MTU using ifconfig CLI command. Try to
reduce the MTU gradually, and find the largest MTU value that
works for you (ping to verify).
If the problem persists, contact Expand support at
support@expand.com for additional information.
Windows Domain Join

Failed to join FileBank to the domain
FileBank must be joined to the domain just like any other domain
resource. When joined correctly, it appears as a resource object in the
active directory.
Verify that the correct domain name is set, and a route to the
authentication server (DC) is assigned. Use CLI commands
authsrv and domain, or the relevant web interface page, to
apply settings correctly.
R ev isi o n 3. 0
The user that is entered upon joining the domain must have
adequate permissions on the domain to join computer objects.
Ensure that the hostname of the FileBank is a valid NetBIOS
name, and does not exceed 15 characters. If necessary, redefine
the hostname and rejoin the FileBank to the domain.
If the problem persists, contact Expand support at:
support@expand.com.
Service
System status: “Not Running”
Verify the system was started, and try to start it again using
restart CLI command.
Run the status CLI command, and check reported errors in
command output.
Run the diagnostics CLI command, and check reported errors
in command output.
Ensure that the AcceleratorOS license is installed and valid.
If the problem persists, contact Expand support at:
support@expand.com
System is running, no virtual servers appear on FileBank
Run the diagnostics CLI command on the FileBank Director to
verify connectivity to the file server/s, and that FileBank Director is
able to read file server shares.
If FileBank Director cannot read shares, verify the existence of
shares by accessing the file server directly from a workstation
(namely, not via Expand), and define a share listing user (when
necessary) using the FileBank Director cifs user CLI command.
Run the diagnostics CLI command on FileBank to verify
connectivity to FileBank Director.
Run the gns refresh CLI command on FileBank.
Verify that the defined connection ports associated with the various
FileBank Directors match the FileBank Directors’ listen ports (the
listen port can be explored at the FileBank Director end, by issuing
the listenport CLI command or the relevant Web Interface
page).
Verify that no firewall is blocking the FileBank Director/FileBank
connection ports.
Workstations cannot connect to FileBank virtual server(s)

Troubleshooting 191
1)Name Resolution Issues
Possible Error Messages

Network name no longer exists
The network path was not found
Start troubleshooting by verifying virtual server name resolution.
Clients connecting to FileBank virtual server/s require NetBIOS
name resolution. Ensure that the client can resolve the virtual
server NetBIOS name by using at least one of the following options:
Broadcast on the same LAN segment
WINS entry
Local workstations settings (LMHOST/HOST files)
DNS entry (a reverse entry is also needed)
NOTE: A DNS entry can be used when the FileBank exports only one virtual
ii
server, If the FileBank exports more than one virtual server, the Expand DNS
masquerading feature can be utilized to support a DNS resolution (see also
section must be in Active mode and set to version 2 for RIP Route Injection to
operate. For more information, see section DNS Masquerading, on page 180.
Permissions and domain trust issues
Access denied
Continue troubleshooting by verifying user permission to access the central server
resource, and the existence of necessary domain trust when applicable.
Try to connect directly to the central file server (meaning, not via

Expand) by using the same domain user.
Run the diagnostic command via CLI or the web interface, to
validate that FileBank is joined to the domain.
Verify that FileBank is joined to the correct domain.
If the FileBank is joined to a different domain than the centralized
file server, ensure that a trust exists from the central domain to the
FileBank domain.
Cache pre-population failure
Examine the errors in the fetch log.
Validate the correctness of the path given to the fetch job. From a
workstation browse directly to the FileBank giving the same fetch
job path.
R ev isi o n 3. 0
ii Note: Fetch paths are case-sensitive.
Ensure that a valid domain user is assigned to all fetch jobs. From
a workstation, log in as the same user defined in the fetch job, and
browse directly to FileBank. Verify that this user has read
credentials by trying to read a file whose fetch has failed, according
to the logs.
If DFS is in use, ensure that the fetch job path is not a DFS path
(namely, //<virtual server name>/<DFS root>/<path>),
but instead points to the linked virtual server (namely, //<virtual
server name>/<share name>/<path>). To view the FileBank
virtual server names, use the CLI status command or the relevant
web interface page.
Replication failure
The replication service requires the definition of a replication user. The
replication user must have read and write permissions on the paths
where files are to be replicated. The same replication user should be
used for both FileBank Director and FileBank.
Ensure that you set a valid domain user as the replication user.
From a workstation, log in as the replication user, and browse
directly to the FileBank. Verify that this user has read and write
credentials by copying files to a replication folder.
Validate the defined replication paths. From a workstation, browse
directly to the FileBank, using the defined replication UNC path(s).
If DFS is in use, ensure that the replication paths are not DFS
paths
(i.e. //<virtual server name>/<DFS root>/<path>), but
instead point to the linked virtual server (namely, //<virtual
server name>/<share name>/<path>). To view the FileBank
virtual server names, use the CLI status command or the relevant
web interface page.
Some of the DFS shares/folders are inaccessible
Find the physical server name that contains the inaccessible
shares/folders. Ensure that it appears in the exported file server list
(using FileBank Director cifs show CLI command or via FileBank
Director web interface).

Troubleshooting 193
Performance
If the Expand network environment has not been deployed/configured correctly,
users may experience the following problems:
Long delays while opening and saving cached files (WAN like)
Mapped network drive disconnections
Network Interfaces
View the NIC settings (use the CLI command ifconfig). Verify that
no errors have accumulated on the interface. Errors may indicate a
duplex/speed mismatch.
Check the Switch/Hub port settings to which the Expand device is
connected. The port settings must match the NIC settings of the
Expand device. In the case of a mismatch, use the CLI command
ifconfig to force settings on the NIC, such as the auto-negotiation
mode, speed and duplex settings.
For optimum performance, ensure that the Link supports 100Mbps
FD settings.
Quality of Service (QoS)
Branch offices that utilize QoS should prioritize the DSFS protocol
between FileBank and FileBank Director. This will generally result in
an immediate and marked improvement in user experience. The
protocol uses by default port 4049, but for QoS you are advised to
use a different, distinguishable port. You can change protocol port
by using listenport/fport commands on the FileBank Director/
FileBank respectively. Ensure that you change all communicating
devices at the same time.
Route
Investigate the route legs along the communication path from a
workstation to the FileBank to the FileBank Director, terminating at
the file server.
Network location
Ensure that there is no significant latency (latency greater than
1ms) between the FileBank Director and its associated file servers.
Improved performance may be achieved if the file servers and the
FileBank Directors reside on the same LAN segment.
Ensure that there is no significant latency (latency greater than
1ms), or any link mismatch, between the FileBank and the
workstations. Improved performance may be achieved if the
workstations and the FileBank reside on the same LAN segment
Bandwidth issues
R ev isi o n 3. 0
Use the ttcp command (for more details, refer to the Expand CLI
Reference Guide) to check the available bandwidth between the
FileBank and the FileBank Director. Ensure that you compare both
directions (the FileBank should be the Client at the first check, the
Server at the second). This check can reveal bottlenecks and bad
settings along the network path.
Name resolution: Failover (WAN) issues
Several name resolution techniques, such as DNS masquerading and DFS, can
add seamless failover capabilities to the Expand solution. For more details see
section DNS Masquerading, on page 180.
With DNS masquerading in place, in the case of a failure, workstations are
automatically switched to resolve the virtual server name as the centralized file
server name. Failover lets the user continue to work without interruption, though
there may be a deterioration in user experience.
Ensure that workstations resolve the correct virtual server name.
You are advised to execute the nslookup command from the
workstations command prompt, giving the virtual server name as a
parameter. Verify that the IP returned is the same as the IP of the
FileBank.
Ensure that FileBank is defined as the workstation's primary DNS
(use ipconfig /all at the workstation command prompt).
To regain the correct name resolution of the virtual

server, execute the following steps from all
workstation involved in the failover:
1. From each workstation's command prompt execute the following commands (you
may want to aggregate the scenario in a batch process during workstations
boot):
ipconfig /flushdns
nbtstat –R
nbtstat –RR
2. Validate that the IP of the FileBank is returned upon querying the virtual server
name (use the nslookup command).
3. If the problem persists, contact Expand support at: support@expand.com.

Troubleshooting 195
Advanced Expand Services
DHCP Services
When FileBank acts as a branch level DHCP, FileBank’s network settings must all
be static (DNS, NTP, IP, routes, DNS search path and so on).
DNS lookup failed after defining a DHCP service
Define a valid FQDN extension for the DHCP server.
DNS Services
Workstations cannot browse the Internet or network mapping when
using the FileBank as a DNS proxy
Verify that DNS masquerading is running (for more details see DNS
Masquerading, on page 180).
Ensure that the FileBank is defined as the workstation's primary
DNS (use ipconfig /all at the workstation command prompt).
Use the CLI dns command (or the relevant web interface page) to
verify that the primary corporate DNS server is properly set on the
FileBank.
DNS lookup failed for branch workstations
Ensure that the FileBank is defined as the primary DNS for that
client, and that a secondary DNS points to an corporate DNS.
Use the CLI prompt dns command (or the relevant Web Interface
page) to verify that DNS servers are set onto the FileBank.
Ensure that a search path (DNS suffix) is configured for the
workstations.
Duplicate IP error appeared when connecting in file server
Error message:
System error 52 has occurred: A duplicate name exists on the network.
Global Name-Space support (exported virtual servers equals file server alias
name): DNS masquerading might generate this error. To resolve, see Microsoft
Knowledge Base 281308 http://support.microsoft.com/default.aspx?scid=kb;en-
us;281308.
R ev isi o n 3. 0

Chapter 6: Applying QoS
This chapter describes the procedures necessary for configuring the Accelerator’s
QoS plug-in. The QoS plug-in lets you prioritize traffic traversing the Accelerator
network.
The chapter is divided into the following basic sections:
Accelerator QoS, on page 198
Carrying Out Basic QoS Configuration, on page 210
Creating New Applications, on page 213
Setting QoS Rules, on page 223
Viewing QoS Rules, on page 223
Making Decisions for Specific Applications, on page 230
External QoS, on page 232
QoS Troubleshooting, on page 233
Note: QoS settings take effect when there is congestion. Any minimum
i
bandwidth guaranteed to a traffic type is set aside for this type of traffic only if
enough of this type of traffic traverses the line.
198 C h ap t er 6: Applying QoS
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network
in order to combat the congestion, latency and greedy and rogue applications that
all contribute to poor application and network performance. Organizations need to
be able to allocate bandwidth to mission-critical applications, slow down non-critical
applications, and stop bandwidth abuse in order to efficiently deliver networked
applications to the branch office.
About QoS, on page 198
How to Know What is on Your Network, on page 199
How to Prioritize Applications, on page 199
Studying the QoS Solution, on page 199
About QoS
QoS (Quality of Service) is a general term for the control mechanisms that can
assign different priorities to different users, applications, or data flows. These
control mechanisms or priority levels guarantee a certain level (or quality) of
performance of the data flow (service) and simultaneously addresses the requests
from the application. Quality of Service guarantees are important if the network
capacity is limited, especially for real-time multimedia streaming applications, such
as VoIP and IPTV. Such applications often require a fixed bit rate, are delay-
sensitive, and cannot tolerate packets dropping or being delivered in the wrong
order. You can use the QoS feature to prevent such factors and to accelerate
packets passing through the Accelerator based on your policy and reservation
criteria. QoS allows you to maximize the bandwidth you pay for more effectively.
The key to managing the traffic and achieving bandwidth effectiveness, is closely
tied to your knowledge of the type of traffic that is on your network and to the
demands of your users.

Accelerator QoS 199
How to Know What is on Your

Network
The Accelerator’s traffic detection, or sniffing, feature lets you obtain a complete
picture of your bandwidth use. Traffic is classified according to hundreds of
predefined applications, and statistics are gathered as to how much of each traffic
type is traversing (or clogging) your network. Often you may find that the
applications that should be receiving the most bandwidth are in fact being slowed
down by bandwidth-greedy applications that are secondary, or even unwanted and
potentially harmful.
How to Prioritize Applications

Once you know which applications are on your network and how they affect your
traffic flow, understanding the building blocks of QoS is essential in order to
prioritize applications correctly.
Traffic shaping is accomplished primarily by guaranteeing or limiting the amount of
bandwidth an application can receive, and by prioritizing applications.
Setting a Minimum Bandwidth desired allocates a certain amount of bandwidth for a
specific application during periods of congestion. You should set desired bandwidth
for mission-critical, time-sensitive applications such as VoIP, which needs 8 to 16
Kb allocated throughput to function.
Setting Maximum Bandwidth limit puts a ceiling on the amount of bandwidth that an
application can consume. This is useful for bandwidth-greedy applications such as
FTP or P2P, to limit the amount of bandwidth they consume.
Additionally, you can allocate bandwidth proportionately among applications by
setting the priority to Low, Medium or High. You can give critical traffic a higher
priority than all these by setting it to RealTime. To prevent the flow of undesired
traffic on the network, set it to Blocked.
Applications that you may want to prioritize include VoIP, Citrix and video
conferencing.
Studying the QoS Solution

The powerful QoS solution was designed with simplicity of management in mind.
Traffic is automatically categorized into application classes - the Accelerator arrives
with hundreds of applications predefined in the system. This makes it easier to
generate a picture of exactly what is traversing the network, in order to then decide
R ev isi o n 3. 0
what should be traversing the network. Once a clear picture of the current network
and the ideal network is attained, easy to understand shaping policies like “real-
time” or “block” govern the flow of traffic. The Accelerator’s QoS mechanism is
single-sided, in that it can also work across a Virtual Link, in which the Local
Accelerator does not work opposite a Remote Accelerator. For a complete
explanation as to how the QoS mechanism functions and is implemented, see
Setting QoS Rules, on page 223.
For additional QoS Benefits see the following:
Automatic Traffic Discovery, on page 200
End-to-end application performance monitoring, on page 201
Transparency to existing QoS infrastructure, on page 201
Priority treatment for critical applications, on page 201
Guaranteed bandwidth for specific applications, on page 201
Restricting rogue and greedy applications, on page 201
Seamless integration with compression, on page 201
Automatic Traffic Discovery

Accelerators automatically discover and classify hundreds of enterprise applications
based on Layer-3 (IP), Layer-4 (TCP, UDP, and so on) and even Layer-7
parameters including web URLs, MIME types (for example: streaming audio) or
Citrix (published applications over ICA). The default list of applications that can be
discovered include:
• cups discovery • p2p-directconnect discovery

• h225 discovery • p2p-edonkey discoveryp2p-gnutella discovery
• h245 discovery • p2p-kazaa discovery
• im-aol-icq discovery • p2p-soulseek discovery
• im-jabber discovery • p2p-winmx discoveryq931 discovery
• im-msn-messenger discovery • rtcp discovery
• im-qq discovery • rtcp-h323 discovery
• im-skype discovery • rtcp-sip discovery
• im-yahoo discovery • rtp discovery
• lotus-notes discovery • rtp-h323 discovery
• mapi discovery • rtp-sip discovery
• mms discovery • rtsp discovery
• msn-messenger-video discovery • sip discovery
• p2p-bittorent discovery • skinny discovery

Accelerator QoS 201
End-to-end application performance monitoring

Accelerators provide complete network visibility and enable speedy response to
application performance changes on an enterprise-wide scale with end-to-end
monitoring and dozens of reports.
Transparency to existing QoS infrastructure

Accelerators are transparent to router-based QoS implementations by honoring and
preserving priorities set on traffic flowing through them. Advanced networking
features such as router-based QoS rely on IP packet header information to be
effective. The Accelerators preserve packet header information and compress only
the payload that integrates seamlessly with advanced networking features such as
router-based QoS, load-balancing, WAN monitoring and MPLS tagging.
Priority treatment for critical applications

Accelerators enable important and urgent application traffic to get priority treatment
with advanced traffic shaping for both inbound and outbound traffic. Packet
fragmentation assures that VoIP/video latency budgets are not violated by large
data packets, while packet aggregation ensures higher WAN capacity and stabilizes
jitter.
Guaranteed bandwidth for specific applications

Accelerators can reserve bandwidth for specific applications. This guarantees that
you can allocate delay-sensitive traffic such as VoIP a minimum amount of
bandwidth to ensure optimal voice quality even when WAN links are congested or
oversubscribed.
Restricting rogue and greedy applications

Accelerators restrict greedy applications like file sharing and Internet audio
streaming to a maximum bandwidth budget in order to guarantee that other
important applications are not bandwidth-starved. Traffic bursts allow applications to
take advantage of free capacity if available.
Seamless integration with compression

When compression is enabled, the QoS mechanism automatically adjusts to
account for the extra available bandwidth created when traffic is compressed.
In the Accelerator, rule limit and desired shaping are applied to traffic before it is
compressed. However, link shaping (bandwidth for the link and the WAN) is applied
R ev isi o n 3. 0
to traffic after the traffic has been compressed, because the important result is end-
user experience, not the physical link usage.
While basic traffic management is simple via the My Applications menu, you can
program complex QoS with nested rules, decision trees and other advanced
features.

How QoS Works 203
How QoS Works

The Accelerator’s QoS mechanism receives packets from the LAN, and passes
them to the Accelerator’s compression mechanism.
The QoS mechanism automatically adjusts the throughput it transmits to account for
the extra available bandwidth created when traffic is compressed.
Note: While the Accelerator enables the same QoS capabilities on inbound and
i
outbound traffic, most QoS is accomplished on outgoing bandwidth only.
Incoming traffic shaping is useful for non-links and virtual links, and instances in
which limiting or blocking incoming traffic is desired, for example blocking P2P
traffic or limiting incoming Internet traffic.
Note: Using inbound traffic shaping when the remote Accelerator uses outbound
i
traffic shaping is not recommended; in such a case, the inbound shaping may
have only a partial effect on the traffic.

Prerequisites, on page 203
Understanding QoS Rules, on page 204
How Traffic Filtering is Applied, on page 205
Studying QoS Bandwidth Allocation, on page 205
How Traffic Shaping is Applied, on page 205
Prerequisites
Follow these steps before working with QoS:
1. Set an accurate Bandwidth for the WAN. This setting ensures that all traffic
shaping applied is relative to the actual physical bandwidth on the WAN pipe. The
default bandwidth set for the default WAN is 100 Mbps (fast Ethernet).
2. This bandwidth setting assumes the largest possible bandwidth so that the
Accelerator does not limit its throughput over the WAN due to a WAN bandwidth
setting lower than the actual bandwidth. However, to get an accurate QoS
shaping you are advised to modify the bandwidth setting to its actual rate. For
R ev isi o n 3. 0
more information on setting WAN bandwidth see Performing Setup via the
Wizard, on page 22.
3. You must set the bandwidth of each link on the WAN. For more information on
setting the Link Bandwidth, see Performing Setup via the Wizard, on page 22.
Understanding QoS Rules

The Accelerator’s QoS works on the basis of rules. Rules define how QoS controls
applications (streams or sessions). Rules are built out of a filter, a shaper, and can
contain a marker.
While these rules are transparent to the typical user and are not mentioned in the
My Applications screen, for each application defined in the My Applications screen,
you can create a rule that you can view and modify via the Services - QoS Menu
in the Rules Table. The number of rules you can create is unlimited.
To fine-tune traffic management, it is useful to understand the hierarchy that
determines the order in which the QoS mechanism implements traffic shaping
rules.
Rule Description
Filter The Filter defines what kind of traffic qualifies as part of an application. Filters are
generally Layer-4 definitions such as port number, protocol number, and traffic type. For
example, the application FTP is defined by the traffic type TCP and the port number 20.
You can modify and add traffic type and port number for applications that already exist by
default in the Accelerator, as well as defining new applications.
Shaper The traffic shaper defines how to handle the traffic filtered into this application: what
priority the application receives, and how the application is treated by the Accelerator.
Shaping the traffic enables setting a desired (or guaranteed) amount of bandwidth to be
preserved for a specific application, setting a limit on how much bandwidth an application
can consume (to avoid starvation of other applications), and setting the CoS (Class of
Service priority) and ToS (Type of Service) values for the application.
Shaping is crucial for ensuring application integrity - that critical traffic applications get the
bandwidth they need, and that other important applications are not starved completely.
Marking An application in the Accelerator can include a marker per application. You can save the
ToS marking on the rules, either the original ToS value or a newly defined ToS value.
This also means that you can set each application type to be Not-Accelerated or Not-
Tunnelled. This is particularly useful for applications like HTTPS or Encrypted Citrix,
whose packets do not compress, and ensures that the Accelerator does not waste
resources attempting to process these packets.

How QoS Works 205
How Traffic Filtering is Applied

The QoS mechanism contains dozens of preconfigured traffic applications (that can
be modified and shaped as needed). All preconfigured traffic applications, as well
as new traffic applications created (see Creating New Applications, on page 213),
are filtered according to application type. Incoming traffic is matched against the
applications one at a time, starting with the application with the highest “Priority
Order” number, until a match is found. Once a match is found, the application is
handled, despite the fact that it may match other applications as well (this is called
overlapping traffic).
Applications cannot overlap at the Layer-4 level. This means that because
Application FTP is set on TCP port 20, another application cannot be created on
port 20 (or including port 20). However, applications can overlap at the Layer-3
level. for example: a TCP application could exist and be set to include traffic over-IP
protocol 6. In this case, the Priority Order number given to an application (or rule)
determines which application rule governs overlapping traffic. In the above example,
if the FTP traffic is set to 200 (the default) and TCP is given an order number of
100, all FTP traffic is treated according to the definition of TCP.
If the two applications are set with the same order priority, applications are matched
according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one application is
created for all traffic in ports ranging from 2020 to 2060 and the other application is
created for traffic on port number 2062, the 2062 traffic will be handled first.
Another example of higher specificity is when one application defines Layer-7
values and another application with the same priority order defines values only up
to Layer-4 values; the Layer-7 application shaping will be applied to the traffic.
How Traffic Shaping is Applied

The QoS mechanism works in a hierarchical fashion. In a complex QoS setup, it is
often important to understand which shaping carries the greatest weight and is
related to first by the QoS mechanism.
Studying QoS Bandwidth Allocation

The QoS mechanism allocates bandwidth as follows:
R ev isi o n 3. 0
WAN Bandwidth
First, the bandwidth set for the WAN is honored. All further application QoS
decisions are based on the WAN bandwidth.
Link Bandwidth
You can set the bandwidth of the Link with a maximum value, limiting the amount
of the total throughput of the WAN available to a particular link. All Application
decisions based on a particular link are bound by this bandwidth.
Note: Peer oversubscribing is allowed. For example, if the WAN bandwidth is

i
T1 (1.5 Mbps), you can set 10 links at 256 Kbps each, and the bandwidth will be
distributed relatively to all links according to the QoS mechanism.
Like the WAN bandwidth setting, the bandwidth set for a link can never be
exceeded. The bandwidth set for the links is divided by the WAN according to the
priority of the traffic coming across the links. This means that if the WAN bandwidth
is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one
link has high priority traffic, the lower priority traffic on the other link could be
starved. However, if the Link bandwidth is set to a portion of the WAN bandwidth,
then the link does not exceed this portion, and bandwidth is left over for other links.
Diagnostic Mode Traffic

Traffic set with a priority setting of Diagnostic Mode overrides the QoS mechanism.
Diagnostic Mode traffic has all the bandwidth of the WAN at its disposal and
supersedes all other traffic and all other QoS settings.
The Diagnostic Mode Traffic setting should be used only in emergency cases,
where an application is not responding to the QoS mechanism; Diagnostic Mode
traffic is forced to override the QoS mechanism.
Bandwidth Limits
Maximum bandwidth limits set for applications are honored and the traffic
throughput is limited according to this setting.

How QoS Works 207
Bursts
In addition to the hierarchy, if, after all bandwidth is allocated, there is spare
bandwidth, and an application is set to allow bursts, this application uses all spare
bandwidth even if it is set to ordinarily have a maximum bandwidth limit.
For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed FTP
will be able to use the entire 64 Kbps if no other traffic traverses the link, and when
there is traffic, the limit of 16 Kbps is enforced on FTP.
To allow bursts on applications, you have to ensure that the default setting on the
WAN, which allows bursts, is kept. The WAN Burst parameter also lets you set a
maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can
set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum
utilization situations because of burst traffic. By default the WAN bursts are allowed
to use the entire WAN bandwidth. In certain environments, lowering the WAN burst
by up to 10% may be useful in order to protect the line from congestion caused by
bursts.
Note: QoS settings take effect when the WAN link is full. Any limitations and
i
guarantees placed on traffic apply only if not enough bandwidth exists for all
traffic to flow freely.
Note: In the Accelerator, rule limit and desired shaping are applied to traffic
i
before it is compressed, while link shaping (bandwidth for the link and the WAN)
is applied to traffic after the traffic has been compressed.
Desired Bandwidth
Minimum bandwidth Desired set for applications is allocated to all applications on
which a desired minimum bandwidth was set. This is true even for low priority
applications.
For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the
Acceleration percentage, like a cake, with the desired bandwidth applications
reserving the first piece. As long as no congestion exists, all applications set to
Desired receive their guaranteed bandwidth. When there is congestion, if high
priority applications are guaranteed bandwidth, they will receive it before low priority
applications that were guaranteed bandwidth. If there is not enough bandwidth for
numerous high priority applications that were guaranteed a desired bandwidth, the
desired bandwidth will be divided proportionately between those applications.
R ev isi o n 3. 0
Desired bandwidth is useful especially to prevent starvation of lower priority

applications. Setting a desired bandwidth for a low priority application ensures that
the application receives some small amount of bandwidth even when the high
priority applications are consuming the bulk of the bandwidth.
While the Minimum bandwidth desired is allocated hierarchically according to the
application priority (first to real-time, then to high, then to average, and so on), the
desired bandwidth setting is handled before relative spare bandwidth distribution
among prioritized applications. For this reason it is important to use the Minimum
bandwidth desired setting carefully.
For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection,
and HTTP traffic receives low priority, but a minimum desired bandwidth setting of
800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining 200
Kbps is divided proportionally between the VoIP application and the HTTP traffic.
Priority
The relative QoS priority set to the application is considered and bandwidth is
divided proportionally among the applications as follows:
Block
Blocked traffic is discarded.
Real-time
Traffic set to real time receives “strict priority”. This means that as long as real-time
traffic is traversing the network it will receive the entire bandwidth. All lower priority
traffic types wait until there is free bandwidth, thus starving all lower priority
applications (unless a Minimum bandwidth (desired) was set for them). For this
reason it is important to use the Real-time setting with great care. If a chatty/
bandwidth-greedy application constantly transmits traffic, it is possible that no other
application will receive bandwidth (except those set with a Minimum bandwidth
(desired)).
High/Average/Low: High, average and low traffic priorities divide the bandwidth that
is still available (after desired and real-time traffic) in a proportional method based
on time. High priority traffic waits the shortest amount of time before waiting to be
sent, average priority traffic waits longer than the high priority and low priority traffic
waits longer than the average traffic to be sent. This does not mean that high
priority traffic transmits completely before average traffic starts transmitting, rather
high traffic transmits at a faster rate.
How QoS Works 209
Setting the priority to high/average/low is appropriate for most traffic types, setting
the relative importance between the applications without causing starvation.
In advanced configuration, you can set the WAN to handle QoS according to
“strict-priority.” This would set the priorities to act deterministically rather than
proportionally: high priority traffic receives all the available bandwidth (after
desired and real-time traffic), average priority traffic receives bandwidth only if no
high priority traffic exists, and so on. If there is constant high-priority traffic,
average and low priority traffic are starved completely.
i Note: Traffic that waits too long to be transmitted is discarded as obsolete so as

not to cause application problems by transferring stale packets.
The Difference Between Real-time and Desired?

Realtime gets the highest priority; it can cause starvation up to the bandwidth
allocated using the “desired” setting. Guaranteed bandwidth is not touched by
applications because of their real-time priority setting. Because “desired” is useful to
protect lower priority applications from being starved, the default desired setting
allocates a minimal amount of bandwidth (1 Kbps) by default.
R ev isi o n 3. 0
C arrying O u t B a s i c Qo S Con f igu ra tio n

Basic QoS configuration is accomplished via the My Applications menu, which is
populated by all traffic types detected on your network. This menu lets you create
new, user-defined applications for traffic not categorized automatically as a
predefined application, and to set basic traffic shaping parameters for predefined
and user-defined applications - how should the network prioritize and handle each
application.
i Note: In a non-link environment, if a local subnet is not defined as LOCAL, the

Accelerator QoS and Monitoring features do not function properly.
CAUTION! By default, the following encrypted applications are not accelerated:

!
! pop3s, https, ircs, nntps, ftps, ftps-data, telnets, ssh, sshell, ldaps, smtps, imaps.
The following topics contain more information:

Viewing My Applications, on page 210
Editing an Application, on page 211
Layer-7 Applications, on page 217
Creating Web Applications, on page 217
Creating Citrix Applications, on page 218
Creating Remote Desktop Services, on page 220
Viewing My Applications
The My Applications Menu in the Accelerator WebUI lets you view traffic per
application, filtered by a certain criteria.
To view traffic per application:

1. Click on Setup followed by My Applications.
2. In the View drop-down menu, select the traffic type you want to view.
3. In the For Link drop-down menu, select the link for which you are gathering
information.
The table displayed on the My Applications Menu details the Outbound Traffic
(by default, only classified traffic is displayed). Basic data about the settings for
each traffic type is provided, including Application Name, Minimum bandwidth set
(if assigned), Maximum bandwidth set (if assigned), Priority assigned, and

Carrying Out Basic QoS Configuration 211
acceleration status. The From-LAN statistics pull-down menu lets you customize
the statistics type to be viewed for the applications, LAN to WAN (outbound
traffic) or WAN to LAN (inbound traffic).
To add an application to the Applications Table:

See Creating New Applications, on page 213.
Figure 1: Inbound and Outbound Traffic
To remove an application from the Applications Table:

1. Click the application name and then click Delete.
2. There is no confirmation for this action. The application is immediately deleted.
3. To edit an application click the application name in the table and then click Edit.
See Editing an Application, on page 211 for more information.
Editing an Application
Selecting an application lets you modify the application definition (the type of traffic,
also known as the traffic rule, or filter) and set up the way the traffic is treated (or
prioritized, also known as shaping).
R ev isi o n 3. 0
To edit an application:
1. In the My Applications menu, click the application name (alternatively, highlight
the application line and click the Edit button). The Edit Application menu opens.
2. The Edit Application menu lets you modify all application parameters as listed in
Creating New Applications, on page 213.
3. In addition you can select one or more of the following check boxes:
Collect Statistics - Collects statistics on the specified application
for up to one year.
Discover - enabled with L7 Applications. Applications that are
discovered can also be defined so that their QoS criteria is
enabled. Checking this check box allows the L7 Discovery to report
this application on the Discovered Applications List in the
Monitored Applications report. A list of discovered applications is
found in Discovering Layer-7 Applications, on page 58.
4. Click Submit.

Creating New Applications 213
Creating New Applications

New applications should be created for all traffic types that do not already exist in
the list of predefined (classified) traffic applications, or as subsets of these
applications to further filter the traffic type selected.
In addition to the procedure described herein, you can create additional applications
such as:
HTTP or Web applications, see Creating Web Applications, on page
217
Citrix applications, see Creating Citrix Applications, on page 218
Remote Desktop services, see Creating Remote Desktop Services, on
page 220
Figure 2: New Applications menu
i Note: When creating an Application Name, spaces are not allowed. You may use
an underscore to create a visual space. For example, my_application.
The compressed packets are aggregated in the link per class. The classes are
defined via the CLI and set the aggregation packet limit, and allows a pre-defined
delay (window) before sending the packets.
For aggregation class configuration details via the CLI, see Aggregation Class
Commands, on page 541.
R ev isi o n 3. 0
To create an application:
1. In the My Applications menu, click the Create Application button. The Create
Application menu opens.
2. Update the following parameters to define the Application and how it is handled:
Parameter
Description
Item
Application The default name for a new application is new_application. You have to modify
name the name of the application to a name indicating the type of traffic considered in
this application. Maximum of 31 characters, no spaces. Special characters are
allowed.
Collect Enabling statistics history saves statistics for this application for up to one year.
statistics Click the checkbox to enable, clear to disable.
The Application Criteria box lets you set the type of traffic to be considered in an
Application application. These fields define a rule for identifying traffic as part of this
criteria application
TCP Port To set the application to be defined on the basis of a TCP port or a span of TCP
ports:
• Select TCP port from the drop-down menu.
• In the From field enter the first port to be considered, in the To field enter the
last port to be considered. For example, to change HTTP application 80 to
HTTP application 8080, enter 8080 into the From field.
To define a single port, enter the port number into the From field and leave
the To field empty.
• Click the Add button.
The Criteria created appears in the Criteria Table.
UDP Port To set the application to be defined on the basis of a UDP port or a span of UDP
ports:
• Select UDP Port from the drop-down menu.
• In the From field enter the first port to be considered, in the To field enter the
last port to be considered. For example, to change the TFTP application from
port 69 to port 4444, enter 69 into the From field and 4444 into the To field.
To define a single port, enter the port number into the From field and leave
the To field empty.

Parameter
Description
Item
Over-IP To define an application based on a specific protocol:
• Select Over IP from the drop-down menu.
• In the From field enter the first protocol number to be considered, in the To
field enter the last protocol number to be considered.
To define a single protocol, enter the number into the From field and leave
the To field empty.
The criteria table lists all the criteria that must be met in order for traffic to be
Criteria considered part of this application.
Table To delete entries in the Criteria Table, highlight them and click the Delete button
The Prioritize box lets you set the shaping or prioritization to be applied to the
Prioritize traffic type.
Order The order parameter sets the importance of this rule. Traffic that enters the
Accelerator is dealt with by the QoS mechanism based on Prioritization order
number. Traffic that matches the Application criteria set in order number 100 is
handled according to the setting for this application type, even if it may match the
criteria of other Applications with other, less important priority order numbers.
If the two applications are set with the same order priority, applications are
matched according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one application is
created for all traffic in ports ranging from 2020 to 2060 and the other application
is created for traffic on port number 2062, the 2062 traffic is handled first.
Another example of higher specificity is when one application defines Layer-7
values and another application with the same priority order defines values only
up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic.
Most QoS settings do not necessitate setting the Order field.
You can set the order from 100 to 65534.
Minimum The Minimum bandwidth desired setting should be used carefully. This
bandwidth parameter allocates a certain amount of bandwidth to be saved for a specific
(desired) application type during periods of congestion. You should set desired bandwidth
only for mission-critical, time-sensitive applications, such as VoIP, which need 8
to 16 Kbps allocated throughput to function.
Maximum The Maximum bandwidth limit setting puts a ceiling on the amount of
bandwidth bandwidth that an application can consume. This is useful for bandwidth-greedy
(limited) applications such as FTP or P2P, to limit the amount of bandwidth they consume.
ToS You can either preserve the original ToS setting of the packets or set a new ToS
value for this application.
• To preserve the original ToS value, click the Preserve radio button. By
default, ToS preservation is enabled.
• To set a new ToS value for this traffic, click the Set radio button and select
one of the following options:
• ToS value - lets you select a ToS value (0-254) for the Accelerator.
• Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64,
namely: 63) different values.
• CoS ToS - combines the values of the IP precedence field (otherwise known
as CoS, which stands for Class of Service) and the ToS (type of service
field).
R ev isi o n 3. 0
Parameter
Description
Item
Priority You can either preserve the original ToS setting of the packets or set a new ToS
Set the Priority of the application to:
• Blocked: Traffic set to Blocked is dropped.
• Low, Average and High: Traffic set to Low, Average and High are assigned
bandwidth on a proportional scale:
• Low receives the lowest proportion of the bandwidth.
• Average receives a medium proportion of the bandwidth.
• High receives the greatest proportion of the bandwidth.
• Real Time: Real-time traffic always receives bandwidth allocation according
to strict priority. This means that as long as real-time traffic is traversing the
network, all lower priority traffic types waits until there is free bandwidth, thus
starving all lower priority applications with the exception of applications that
received a Minimum bandwidth (desired) setting.
• Diagnostic Mode: You should set traffic to Diagnostic Mode only if the
Application is not responding at all to QoS settings. This is because
Diagnostic Mode traffic overrides all other QoS settings and starves all other
applications (including real-time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be working, set the class
to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
CAUTION! Ensure that you click the Submit button to save configuration changes
!
! before exiting the Create Application menu.
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that
i
two new preconfigured applications were added in this version that may affect
user-defined applications on the same ports. If applications have been
configured for port of 1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in the preconfigured
application before performing an upgrade.
If an application exists for a list of ports or range of ports that include the
specified port numbers (1928 and 2598), remove these ports from the list or
range, and create applications expand-internal with port 1928, and citrix-ica-sr
with port 2598. Then change the policy rules to match this application as well.
CAUTION! Ensure that you click the Submit button to save configuration changes
!
! before exiting the Edit Application menu.

Layer-7 Applications
The Accelerator lets you filter HTTP web applications, Citrix applications, and
Remote Desktop Services at the application layer (Layer-7). This higher level of
specification enables specific applications to receive tailored traffic prioritization
within the Accelerator. Creating a Layer-7 or L7 application is the same procedure
as described in Creating Web Applications, on page 217. Note that traffic is no
longer limited to only port 80. Other ports are now used.
For information on discovering Layer-7 applications, see Discovering Layer-7
Applications, on page 58. For more information on creating/defining specific Layer-7
applications, see one of the following topics:
Creating Web Applications, on page 217
Creating Citrix Applications, on page 218
Creating Remote Desktop Services, on page 220
Creating Web Applications

You can create and prioritize HTTP web applications per Layer-7 application. New
web applications are created much in the same way as new Layer-4 applications,
with the addition of Layer-7 (application specific) information.
Figure 3: Create Web Application menu
R ev isi o n 3. 0
To create a web application:

1. In the My Applications menu, click the Create Web Application button. The
Create Web Application menu opens.
2. The Web application parameters are identical to the parameters set for all
applications, with the following additions.
Parameter
Description
Item
Application You cannot modify the Application Criteria box from within the Create Web
Criteria Application box. The Layer-4 information for this web-based application is taken
from the web definition. To modify the Layer-4 criteria, return to the My
Applications menu and click on HTTP to edit the web application. This is also
disabled for L7 Applications.
Layer-7 Host Name: the host name of the web application. The Host Name is the
Information internet address up until the first “/”, for example, for the address http://
172.10.10.10/loginindex.asp, the Host Name is 172.10.10.10.
For the Internet site http://www.expand.com/extranet/support the Host Name is
www.expand.com
URL Name: the URL name is the internet address after the first “/”. In the
example above, “extranet” can be used as the URL name.
MIME Type: enter the content type.
User Agent: enter the name of the HTTP client (Netscape, Mozilla, and so on)
All Layer-7 information criteria use pattern matching, meaning that, for example,
if the Host Name is www.expand.com, using expand as the host name is
sufficient (up to 128 character string for all HTTP Layer-7 parameters).
Prioritize Prioritizing the traffic based on rules is accomplished by setting the same
parameters available when creating an application. For more information on
available settings, see Creating New Applications, on page 213.
CAUTION! Ensure that you click the Submit button to save configuration
!
! changes before exiting the Create Web Application menu.
Creating Citrix Applications

You can create and prioritize Citrix applications per Layer-7 application. New Citrix
applications are created much in the same way as new Layer-4 applications, with
the addition of Citrix Layer-7 specific information.

To create a Citrix application:

1. In the My Applications menu, click the Create Citrix Application button. The
Create Citrix Application menu opens.
2. The Citrix application parameters are identical to the parameters set for all
applications, with the following additions.

Application Criteria You cannot modify the Application Criteria box from within the Create
Citrix Application box. The Layer-4 information for this Citrix-based
application is taken from the Citrix definition. To modify the Layer-4
criteria, return to the My Applications menu and click on Citrix to edit the
Citrix application.
Layer-7 Information The Layer-7 information box lets you set the application-specific details
necessary for filtering this web application. Enter any or all data to be
treated as criteria for matching this web application type. This means that
all traffic considered as part of this Citrix application has to meet all the
criteria listed in this box, as follows
• Published application: List the Citrix application type, such as
Word, Calc and Notepad.
• Client: List the user name of the device you want to set as part of
this traffic type. For example, to set the priority of the CEO’s Citrix
Client to Real-time for Excel, enter the name of the CEO’s PC into
the Client field
• Layer-7 information for Citrix is not pattern matching, meaning
that the published application listed must be the full name of the
application traffic that is intended (these parameters can use strings
up to 20 characters)
• Service: choose either Browsing, or Published Application.
• Priority: choose a priority from 0-3.
Prioritize Prioritizing the traffic based on rules is accomplished by setting the same
parameters available when creating an application. For more information
on available settings, see Creating New Applications, on page 213.
For more information on working with Citrix, see Calculating Acceleration using
other Applications, on page 388.
R ev isi o n 3. 0
Citrix Benefits
The Citrix Acceleration Plug-in feature has the following benefits:
It utilizes network resources more efficiently in LAN-based Accelerator
deployments and delivers improved acceleration results for Citrix-
hosted applications.
Citrix MetaFrame users repeatedly access the same content from the
network. The Accelerators’ Citrix Acceleration Plug-in feature
enhances support for Citrix MetaFrame applications because, through
the use of statistical multiplexing, the Citrix Acceleration plug-in allows
more Metaframe data to traverse the WAN. The Accelerator achieves
this increase in throughput by:
Consolidating Citrix header data in pure IP implementations - IP
header represents significant overhead in small packets generated by
Citrix. It constitutes almost 30% of the Citrix packet. The Citrix
Acceleration plug-in removes repeat header information and sends
this data only once across the network.
Consolidating Citrix payload in all environments - the Citrix
Acceleration plug-in extracts data from small packets originating from
different Citrix MetaFrame users, and sends packets optimized for
specific WAN conditions. The Citrix Acceleration plug-in eliminates all
redundant data transmissions across the WAN.
Controlling latency and jitter - the Citrix Acceleration plug-in
reduces latency and jitter, especially over slow WAN links that are
commonly used for Citrix Metaframe deployments.
The end-result is better, more consistent Citrix performance; and support of up to
four times more Citrix users on the existing infrastructure. Aggregation is performed
at the link-level and improves acceleration for traffic with small to medium packets
(like Citrix/ICA traffic or Telnet traffic), and aggregates compressed packets. The
Aggregation class sets the class to which this application is related. Aggregation
reduces the size of the traffic by aggregating compressed packets, before sending
them over the WAN.
Creating Remote Desktop Services

You can create and prioritize remote desktop services per Layer-7 application. New
remote desktop services are created much in the same way as new Layer-4
applications, with the addition of RDP Layer-7 specific information.

To create a Remote Desktop Service:

1. In the My Applications menu, click the Create Remote Desktop Service button.
The Remote Desktop Application menu opens.
2. Use the table to set the parameters, click Submit to save the application
Parameter
Description
Item
Application Name The default name for a new application is new_application. You have to modify
the name of the application to a name indicating the type of traffic considered in
this application. Maximum of 31 characters, no spaces. Special characters are
allowed.
Discover If you want this application to be included when a discovery of applications is
run, select this checkbox (selected by default). If not, clear the checkbox.
Application This section is disabled
Criteria
Layer-7 Information Window

Client Name Type a name for the client
Channel Name Type a name for the channel
Prioritize Window
Order Either select the default value (200) or select the open radio button, and in the
field, type your own (100-65534)
Minimum Desired Choose a value from the drop-down box, or other and enter your own value,
Bandwidth remembering to select the bit speed from the second drop-down box. This
amount should be less than the Maximum Bandwidth.
Maximum Choose a value from the drop-down box, or other and enter your own value,
Bandwidth Limit remembering to select the bit speed from the second drop-down box. This
amount should be greater than the Minimum Bandwidth amount.
TOS You can either preserve the original ToS setting of the packets or set a new ToS
• To preserve the original ToS value, click the Preserve radio button. By
default, ToS preservation is enabled.
• To set a new ToS value for this traffic, click the Set radio button and select
one of the following options:
• Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64,
namely: 63) different values.
• CoS ToS - combines the values of the IP precedence field (otherwise known
as CoS, which stands for Class of Service) and the ToS (type of service
field).
R ev isi o n 3. 0
Parameter
Description
Item
Burst Enabled by default, clear the checkbox to disable
Priority You can either preserve the original ToS setting of the packets or set a new ToS
• Real Time: Real-time traffic always receives bandwidth allocation according
to strict priority. This means that as long as real-time traffic is traversing the
network, all lower priority traffic types waits until there is free bandwidth, thus
starving all lower priority applications with the exception of applications that
received a Minimum bandwidth (desired) setting.
• Diagnostic Mode: You should set traffic to Diagnostic Mode only if the
Application is not responding at all to QoS settings. This is because
Diagnostic Mode traffic overrides all other QoS settings and starves all other
applications (including real-time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be working, set the class
to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic
type.

Setting QoS Rules 223
Setting QoS Rules

Advanced configuration of the Accelerator’s QoS mechanism is intended for expert
users, and networks that are particularly complex. Understanding how QoS works is
necessary in order to properly apply advanced QoS settings.
The following sections provide an in-depth knowledge regarding the way QoS
operates:
Setting Inbound QoS, on page 223
Viewing QoS Rules, on page 223
Creating QoS Rules, on page 224
Editing QoS Rules, on page 229
Making Decisions for Specific Applications, on page 230
Setting Inbound QoS

For Inbound QoS, you can set a bandwidth limitation for the WAN or per link. If a
link was created with a bandwidth limitation set for inbound traffic, a rule is
automatically created on the sending side, limiting outbound traffic to the link.
You can set inbound policy rules globally or per link.
Viewing QoS Rules

The Rules table displays the rules on a per application basis. To make a new Rule
see, Creating QoS Rules, on page 224. To edit a rule see, Editing QoS Rules, on
page 229.
To view a rule for a specific application:

1. Click on the QoS tab, and then select QoS Rules.
2. Open the View Rules for Application drop-down menu and scroll down until you
have found the application you want to select. To view all rules for all
applications, select Any.
3. The rules associated with the application appear in the Rules Table.
4. To delete a rule, select the rule in the table and click Delete.
R ev isi o n 3. 0
Creating QoS Rules

Advanced QoS configuration is accomplished by creating and editing rules as they
appear in the QoS menu.
To create a rule:
1. Click on the QoS tab, and then select QoS Rules.
Figure 4: QoS Tables
2. In the View Rules for Application drop-down menu, select the application on
which to apply the rule.
If the application does not exist, you can use the Setup - My Applications menu
to create a new application; for more information see Creating New Applications,
on page 213.
While the QoS menu enables fine-tuning of the definition of the traffic type to be
filtered into an application, making Layer-4 modifications to the application itself
requires using the Setup - My Applications menu.
3. Click the Create New Rule button. The Create Rule menu opens.

Figure 5: Create QoS Rule Menu
4. In the Rule Name field, give a name to the rule. Naming the rule is necessary for
identifying it, if you need to modify the rule at a later date.
R ev isi o n 3. 0
5. Use the Define and Prioritize sections to enter the necessary information per your
networking requirements
Define Section
Description
Options
Application Select the Application onto which to apply this rule from the drop-down
menu. You can define applications only via the My Applications menu. For
information, see Creating New Applications, on page 213.
Source IP If you want to filter the application by its source IP address: Choose from
Other, Any, Single IP, Subnet, Range, or List.
• Other—Displayed if advanced configuration was made via the CLI,
which is more complex than the WebUI display
• Any—Set the Source IP to Any if the application should consider
traffic coming from any device (this is the default).
• Single IP—Select this option if only traffic coming from a single device
should receive the treatment defined in this rule. Enter the IP address
• Subnet Mask—Select Subnet if only traffic from a particular subnet
should receive the treatment defined in this rule. Enter the subnet
address and the subnet mask.
• Range—Select Range if a particular range of source IP addresses
should receive the treatment defined in this rule. Enter the first and
last IP address to be considered.
• List—Select List and enter up to four IP addresses to receive the
treatment defined in this rule.
Destination IP If you want to filter the application by its destination IP address:
Choose from Other, Any, Single IP, Subnet, Range, or List.
• Any—Set the Source IP to Any if the application should consider
traffic coming from any device (this is the default).
• Single IP—Select single IP if only traffic headed to a single device
should receive the treatment defined in this rule. Enter the IP address.
• Subnet—Select Subnet if only traffic toward a particular subnet
should receive the treatment defined in this rule. Enter the subnet
address and the subnet mask.
• Range—Select range if a particular range of destination IP addresses
should receive the treatment defined in this rule. Enter the first and
last IP address to be considered.
• List—Select List and enter up to four destination IP addresses to
receive the treatment defined in this rule.
ToS Bits To filter traffic based on its ToS setting, in the drop-down menu select
from Other, Any, and Value.
• Any—To set the rule to apply to the application’s traffic, if it has any
ToS value set (this is the default).
• Value—To set a ToS value, thereby limiting traffic on which this rule is
applied to the application’s traffic that has a particular ToS value (0 -
255).

Define Section
Description
Options
Links Traffic rules and shaping are applied per link. Select Global to apply to all
links, a specific link to determine how traffic is categorized and prioritized
over a specific link, or select Non-link.
Direction If a link is selected as a filter for this rule, you can select the direction of
the traffic: Inbound or Outbound.
Inbound—
Outbound—
Prioritizing the traffic based on rules is accomplished by setting the same

parameters available when creating an application. For more information on
available settings, see section Creating New Applications, on page 213.
The main difference is that this screen lets you also set a ToS Mask (0-254).
When entering a number in the ToS Mask field, this value is ANDed to the value
entered in the TOS field in the packet’s header and compared against the TOS
entered for this rule. You can use the TOS Mask for comparing specific bits
(Precedence/Type of Service) from the TOS field in the packet’s IP header
against the TOS value entered for this rule.
Prioritize
Section Description
Options
Order The order parameter sets the importance of this rule. Traffic that enters the Accelerator
is dealt with by the QoS mechanism based on Prioritization order number. Traffic that
matches the Application criteria set in order number 100 is handled according to the
setting for this application type, even if it may match the criteria of other Applications
with other, less important priority order numbers.
If the two applications are set with the same order priority, applications are matched
according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one application is created for
all traffic in ports ranging from 2020 to 2060 and the other application is created for
traffic on port number 2062, the 2062 traffic is handled first.
Another example of higher specificity is when one application defines Layer-7 values
and another application with the same priority order defines values only up to Layer-4
values; the Layer-7 application shaping will be applied to the traffic.
Most QoS settings do not necessitate setting the Order field.
You can set the order from 100 to 65534.
Minimum The Minimum bandwidth desired setting should be used carefully. This parameter
bandwidth allocates a certain amount of bandwidth to be saved for a specific application type
(desired) during periods of congestion. You should set desired bandwidth only for mission-
critical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated
throughput to function.
R ev isi o n 3. 0
Prioritize
Section Description
Options
Maximum The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that
bandwidth an application can consume. This is useful for bandwidth-greedy applications such as
(limited) FTP or P2P, to limit the amount of bandwidth they consume.
ToS You can either preserve the original ToS setting of the packets or set a new ToS value
for this application.
To preserve the original ToS value, click the Preserve radio button. By default, ToS
preservation is enabled.
To set a new ToS value for this traffic, click the Set radio button and select one of the
following options:
• Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely:
63) different values.
• CoS ToS - combines the values of the IP precedence field (otherwise known as
CoS, which stands for Class of Service) and the ToS (type of service field).
Priority You can either preserve the original ToS setting of the packets or set a new ToS value
for this application.
• Real Time: Real-time traffic always receives bandwidth allocation according to strict
priority. This means that as long as real-time traffic is traversing the network, all
lower priority traffic types waits until there is free bandwidth, thus starving all lower
priority applications with the exception of applications that received a Minimum
bandwidth (desired) setting.
• Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application
is not responding at all to QoS settings. This is because Diagnostic Mode traffic
overrides all other QoS settings and starves all other applications (including real-
time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be working, set the class to
Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.

Editing QoS Rules

Any changes made to Applications via the My Applications menu appear as rules in
the QoS menu. You can use the QoS menu to edit these changes, and any other
rules created.
To edit a rule:
1. Highlight the Rule to be edited in the Rules Table and click .
2. Make the necessary changes. For any necessary explanation, see section
Creating QoS Rules, on page 224.
R ev isi o n 3. 0
Making Decisions for Specific

Applications
The Decision screen lets you set various aggregation and acceleration parameters
for a specific application, such as how many small packets to accumulate for one
big packet (aggregation class), and whether the application is accelerated and
tunneled. To create a new decision for a specific application, see Creating a New
Application Decision, on page 231.
To delete a decision, click the decision in the table to select it and click Delete. To
edit a decision, click the decision in the table to select it and click Edit. The Field
names and values are identical to those specified in Creating a New Application
Decision, on page 231. Remember to click Submit to implement the changes.
Figure 6: Decision Screen

Making Decisions for Specific Applications 231
Creating a New Application Decision

To create a new decision for a specific application:
1. Click QoS, followed by Decisions.
2. Select an application from the Application Name drop-down menu.
3. Select the Acceleration mode (Enable to enable, Disable to disable, or Auto to
allow the Accelerator to decide).
4. Select the Tunnel mode from the drop-down menu (Enable to enable, Disable to
disable, or Auto to allow the Accelerator to decide).
5. Select the TCP-Acceleration mode (Enable to enable, Disable to disable, or
Auto to allow the Accelerator to decide).
6. Select the Aggregation Class. Your choices are as follows:
Default - enables acceleration on small-packet, encrypted
applications such as pop3s, https and ftps.
Thin Client - enables Citrix acceleration on Citrix, telnet and ms-
terminal-server applications.
User-Defined 1 - enables acceleration on a specific, user-defined
link.
User-Defined 2 - enables acceleration on a specific, user-defined
link.
7. Select from the following ToS parameters:
Auto ToS Values—check this checkbox if you want the
Accelerator to decide
ToS Value—place a ToS value (0-254) in this field if you didn’t
check the auto checkbox
ToS Mask—place a ToS mask (0-254) in this field if you didn’t
check the auto checkbox.
8. Click Add to add a decision for the application to the Decisions Table.
If a decision already exists for this application, a message appears, requesting
your confirmation to modify the existing settings. Click OK to confirm.
9. To delete a specific application from the list, highlight the application name in the
table and click the Delete button.
R ev isi o n 3. 0
External QoS
To set the Accelerator to enable external QoS:
1. In the WebUI, in the Setup menu, click My Links.
2. Select the link to be affected by a QoS device and set it to work in Router
Transparency mode. For more information on Router Transparency mode and
Link configuration, see Adding Links, on page 80.
Figure 7: Links Screen

3. If all links from the Accelerator are to be affected by the QoS device, you may
find it useful to modify the default Link parameters, in order to make all newly
created links use Router Transparency Mode as the default setting.
To use Router Transparency Mode as the default setting:
a. Select the My links command from the Setup menu.
b. Click the Advanced button.
c. Set the default link parameters as needed.
d. Click the Save to template link button.

QoS Troubleshooting 233
QoS Troubleshooting
If the QoS mechanism does not seem to be functioning properly, it could be a result
of the Maximum Queue Length. If there is much latency on the line, the packet
drops may be the result of the queue buffer size, which is normally set per link rate,
or because the packets are waiting too long and are therefore being considered
obsolete packets. By default the packets are considered obsolete after 500 ms.
If limits do not seem to be enforced on traffic, check to see if it is because of the
Burst status. When Burst is enabled during periods of no congestion, limits will
appear not to be enforced properly.
If a class is not transmitting properly and problems are encountered after QoS has
been applied, try setting the class to Diagnostic mode, thereby disabling QoS for
this traffic type. For additional troubleshooting, see Troubleshooting, on page 329 or
Contacting TAC, on page 405.
R ev isi o n 3. 0

Chapter 7: Optimizing Acceleration Services
Expand’s Accelerator lets you reduce the impact of the TCP protocol shortcomings
by applying TCP Acceleration, a standards-based plugin that modifies TCP settings
to optimize throughput in certain environments. In addition, the Accelerator
provides Domain Name Server caching capabilities to shorten the round-trip-time
and save bandwidth over the WAN.
This chapter contains information about the following topics:
Studying TCP Acceleration, on page 236
Configuring TCP Acceleration, on page 244
Understanding Web Acceleration, on page 250
Configuring HTTP Acceleration, on page 251
FTP Acceleration, on page 257
Configuring DNS Acceleration, on page 261
Enabling Aggregation, on page 264
Enabling Traffic Encryption, on page 266
Remote Desktop Protocol Services, on page 271
For information regarding WAFS service, see Configuring and Managing WAFS, on
page 109.
236 C h ap t er 7: Optimizing Acceleration Services
Studying TCP Acceleration

TCP, which was designed to ensure reliable IP transmission, performs well on
LANs but does not deal well with the high latency and high-packet-loss found on
many WANs. These limitations are expressed in the long times required for file
transfers over the WAN, degraded web performance and unresponsive
applications.
SCPS, the Space Communication Protocol Standards developed by NASA and the
US is a collection of standards-based TCP enhancements designed to reduce the
impact of TCP limitations in Long-Haul WANs.
SCPS is implemented by using the TCP Acceleration feature, designed to optimize
and better utilize WANs that suffer from distance-induced TCP limitations.
Use the following table to determine whether your network suffers from high-latency
and would benefit from enabling TCP Acceleration:
Window Size
8 KB 16 KB 32 KB 64 KB
5 160 Kbps 320 Kbps 640 1280

0 Kbps Kbps
1 80 Kbps 160 Kbps 320 640
0 Kbps Kbps
0
1 53 Kbps 106 Kbps 212 424
5 Kbps Kbps
0
2 40 Kbps 80 Kbps 160 320
0 Kbps Kbps
Round Trip Time
0
5 16 Kbps 32 Kbps 64 Kbps 128
0 Kbps
0
1 8 Kbps 16 Kbps 32 Kbps 64
0 Kbps
0
0
Topics in this section include:

Understanding the Shortcomings of TCP, on page 237
The TCP Acceleration Solution, on page 239

Studying TCP Acceleration 237
Understanding the Shortcomings of

TCP
To understand how TCP Acceleration works, it is important to understand the
shortcomings of TCP:
Frequent packet retransmissions:
In TCP transmissions, the sender receives an ACK (Acknowledgement packet)
for each successful packet transmission. If the ACK is not received, the sender
resends the packet. Often, on long distance lines, the packet is retransmitted
before the ACK has time to arrive.
Transmission Window:
To ensure that the receiver gets all data items sent from the sender,
TCP sends only part of the data to the receiver in small amounts
called a window. The size of the window is specified by the receiver
during the setup of a TCP session, and is measured in bytes. The
sender transmits a window, and then waits to hear an
acknowledgement back from the receiver if the window was received
properly. After an acknowledgment is sent from the receiver, the
sender transmits more data until all necessary data is sent. The
following figure explains the handshake process involved in
establishing a TCP connection:
Figure 1: TCP Connection
Once the connection is established, TCP data packets are sent in accordance with
the TCP window set - each time the window threshold is met, the receiver responds
with an acknowledge packet, as described in the following figure:
R ev isi o n 3. 0
Figure 2:Acknowledge Packet Transmission

The time wasted waiting for ACK packets to be sent in a TCP connection
dramatically increases latency.
Slow Start—Because TCP transmissions have no way to know the
size of the bandwidth over which they are being transmitted, each
transmission begins slowly, gradually increasing speed until a packet
is dropped - at which point TCP assumes that it has reached the
maximum bandwidth. On high-bandwidth long-distance lines, this slow
start wastes much expensive bandwidth.
The more latency present, the slower the session will start.
Congestion Avoidance—TCP assumes that any packet lost is due to
congestion. Any time a packet is dropped, TCP reduces transmission
rate by half, slowly increasing it until the maximum rate at which no
drops are experienced. On long-distance lines over which packet
drops are often the result of factors other than congestion,
transmission is being slowed down unnecessarily.

While these TCP functions are useful in controlling and managing congestion
over the LAN, they cause expensive long-distance links to appear slow.
The TCP Acceleration Solution

TCP Acceleration uses the SCPS protocol package to reduce the impact of these
well-known TCP limitations according to the standard developed by NASA (http://
www.scps.org):
Scaling the Transmission Windows

Increases the maximum transmission window to enable ACKs to arrive across long
distance links, thereby reducing the amount of unnecessary packet retransmissions.
Once TCP Acceleration is enabled, the TCP packet transfer process causes less
latency, as seen in the following figure:
Figure 3:TCP Acceleration Packet Transfer

A larger window enables sending more packets before an acknowledge packet is
sent, minimizing the number of acknowledge packets sent and lowering latency.
R ev isi o n 3. 0
Congestion Avoidance
SCPS enhances flexibility of Congestion avoidance mechanisms. TCP
automatically uses congestion avoidance, which is not necessary in networks
where drops are not the result of congestion. You can configure SCPS in such a
way that congestion avoidance is not used when it is unnecessary. If there is
congestion on the line, you can select the method of congestion avoidance and
control (standard TCP, Vegas, or Hybla).
Local Network Isolation

The SCPS protocol uses TCP Spoofing to reduce the time required for establishing
a TCP session, thereby enabling the transmission of data without waiting for the
TCP slow-start. SCPS also enables congestion avoidance by preventing slow traffic
build-up before achieving maximum capacity.
Asymmetric Networks Optimization

In asymmetric environments, if in one direction the bandwidth is significantly lower
than the other, this direction can become congested with ACK packets being sent
in the other direction. TCP Acceleration enables scaling of ACK packets (for
example sending an ACK for only every other packet) to better match uplink/
downlink rates.
SCPS-based TCP Acceleration enables the Accelerator to maximize capacity over
Long-Haul links, thereby guaranteeing optimized throughput across WAN links.

TCP throughput - Kbps

540msec round-trip-time
4608
With TCP
Acceleration and
4096 compression
3584
With TCP
Acceleration Newly created
No TCP
3072 bandwidth
Acceleration
2560
Kbps
2048
1536 Unutilized bandwidth
1024
512
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Time
Throughput Link Speed
Figure 4:TCP Throughput
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the
computation that follows.
Figure 5: TCP Acceleration Computation elements
R ev isi o n 3. 0
The network in the diagram above will be used for example purposes. The math
used for calculating the theoretical maximum throughput is based on this drawing.
Substitute the values from your specific network in order to learn the TCP
theoretical limitation for a single session in your network.
The network poses 150 milliseconds (msec) of latency between the Client (C) and
the Server (S). You can use a ping for determining the end-to-end latency between
a Client and Server by sending a ping 100 times from the client to the server
during business hours with a 750 byte payload. This payload size ensures some
stress on the network, and should provide a better measurement for latency than
simply sending a 64 or 32 byte ping as some operating systems do. An example of
this ping command used on Windows is:
ping x.x.x.x –l 750 –n 100
(x.x.x.x = the server’s IP address, –l is the payload size, and -n is the amount of
pings)
You can use the following formula to calculate the theoretical limitation:
Bandwidth equals the window size divided by the round trip time
WindowSize
---------------------------- = Bandwidth
RoundTripTime
Figure 6: Bandwidth Calculation
Bandwidth (BW the maximum theoretical throughput. The bandwidth
of a link is normally represented in bits per second.
Window Size (WS the amount of data TCP can send before waiting for
an acknowledgement. This value is in bytes; ensure that any values in
bytes are converted to bits.
Round Trip Time (Rtt though this value is in seconds, most network
tools, such as ping, report it in milliseconds. In the network example
shown above, the latency was 150 msec, and because 1000 msec
equals a full second, then the latency of this network can be
represented in a fraction as 150/1000 msec. Always convert this
fraction into decimal format when calculating the values. In this case
the latency will be represented as.15.
The default window size for Microsoft XP is 8 KBytes. For additional window size
values please consult your operating system vendor. This example assumes that
the client is running Windows XP.

Using the example network provided above, some of the values needed for this
formula are known and can therefore be plugged into the formula in order to
determine the maximum theoretical bandwidth for a single TCP session.
BW = 64000 /.15
After calculating the values, the BW equals 426,666 Bytes. Remember that
because this value is in bytes, it should be multiplied by 8 in order to get the bits
per second (bps). The product shows that the theoretical maximum bandwidth is
3,413,328 bps.
As seen in the example network shown above, the link is a 6 Mb link. 150 msec
of latency has limited a session to about half of the link speed.
The following Throughput table lists some common Round Trip Times and the
effects on TCP:
Window Size
8 KB 16 KB 32 KB 64 KB
Round Trip Time
50 160 Kbps 320 Kbps 640 Kbps 1280 Kbps

As these calculations demonstrate, the maximum throughput was greatly reduced

as the latency increased. The actual maximum throughput that a single TCP
session can have in your network may be even lower.
R ev isi o n 3. 0
Configuring TCP Acceleration

You can use the WebUI to configure basic TCP Acceleration, such as typical RTT
and typical acceleration rate. In addition, using the advanced option, you can set
the Send and Receive windows’ sizes, acknowledge rate and Keepalive. For these
settings see TCP Acceleration Advanced Settings, on page 248.
Additional information is available in the following topics:
Enabling TCP Acceleration, on page 245
TCP Acceleration Advanced Settings, on page 248
Keepalive, on page 249

Configuring TCP Acceleration 245
Enabling TCP Acceleration

TCP Acceleration should be enabled only over long, high latency links. If you
enable TCP Acceleration via the WebUI, the system’s default values will be used
for activating TCP Acceleration. Expand recommends configuring TCP Acceleration
via the CLI. For CLI instructions see TCP Acceleration Commands, on page 496.
To enable TCP acceleration on all Links:

1. In the Accelerator’s WebUI, click on Services and then TCP Acceleration.
2. Select the Enable TCP Acceleration on All Links check box and change or set
the parameters as shown in the following table:
Parameter/Section Description
Typical RTT Enter the typical RTT in miliseconds by choosing Other in the drop down
menu and enter an amount in the field. Alternatively, you can allow the
Accelerator to decide by selecting Auto from the drop down menu.
Typical Acceleration Enter a percentage by selecting Other in the drop-down menu and enter a
Rate value in the field. Alternatively, you can allow the Accelerator to decide by
selecting Auto from the drop down menu
Congestion Control Select from one of the following:
• Standard—the congestion avoidance conforms to the standard TCP/
IP protocol (Reno)
• Vegas—TCP Vegas reduces latency and increases overall through-
out, by carefully matching the sending rate to the rate at which packets
are successfully being transmitted by the network.
The Vegas algorithm maintains shorter queues, and is therefore
suitable either for low-bandwidth-delay paths, such as DSL, where the
sender is constantly over-running buffers, or for high-bandwidth-delay
WAN paths, where recovering from losses is an extremely time-
consuming process for the sender. The shorter queues should also
enhance the performance of other flows that traverse the same
bottlenecks.
• Hybla—reduces penalization of TCP connections that incorporate a
high-latency terrestrial or satellite radio link, due to their longer round
trip times. It consists of a set of procedures which includes, among
others:
- An enhancement of the standard congestion control algorithm
- The mandatory adoption of the SACK policy
- The use of timestamps
- The adoption of channel bandwidth estimates
- The implementation and mandatory use of packet spacing
techniques
See TCP Acceleration Advanced Settings, on page 248.
TCP Acceleration
Advanced
Keep Alive See Keepalive, on page 249
R ev isi o n 3. 0
Note: When TCP acceleration is enabled, all traffic is transferred through the
i
Accelerator in routing-only mode and is not bridged. For additional information
see Setting Routing Strategy, on page 30.
If after enabling TCP Acceleration the Accelerator does not perform as expected,
you should check the size of the window set by Windows:
To check the size of the window set by Windows:

1. Click the Start button on the main menu bar, followed by Run. In the Open field,
type regedit.
2. In the Registry Editor, navigate to the following location:
HKEY_local_machine\system\CurrentControlSet\Services\Tcpip\par
ameters.
3. Search the listed parameters. If TcpWindowSize is not listed, the window size is
set to the Windows’ default of 8 KB.
If TcpWindowSize is listed, double-click on the registry entry to view the value
set.
WARNING! Editing the registry or using a Registry Editor incorrectly can cause
! serious, system-wide problems that may require you to reinstall Windows to
correct them. Microsoft does not guarantee that problems resulting from the
incorrect use of Registry Editor can be solved. Back up your registry first and use
Registry Editor at your own risk.

To calculate the necessary send window size and

receive window size:
Use the following formula to calculate the required window size as set by the
Accelerator:
OutboundBW Kbps - RTT mSec

---------------------------------------------------------- u CompressionRatio u --------------------------------- u 2 u 1000
8 1000
Figure 7: Calculating Required Window Size

Outbound Bandwidth in Bytes/Sec—convert the outgoing bandwidth
to Bytes per second, for example T1 = 1,544 Kbps (193,000 Bytes per
second)
Compression Ratio—expected acceleration in a compression ratio
format (200% acceleration = 3, 350% acceleration = 4.5)
Round trip time—in seconds (for example 500 ms round trip is 0.5
seconds, 650ms round-trip is 0.65 seconds)
For example, a T1 line with 600 ms round trip time with outbound acceleration of
230%:
Bandwidth in bytes/sec - 193000
Compression ratio – 3.3
193000*3.3*0.6*3 = 1146420
Excluding Servers or Subnets from

TCP Acceleration
This allows you to exclude either a client or server from TCP acceleration. In
addition you can exclude the client or server by IP address, host name, or subnet
group.
To exclude a client or a server:

1. Click Services > TCP Acceleration>Exclusion.
2. Choose Client or Server by clicking the relevant radio button.
Client—excludes traffic to the proxy from the Client.
R ev isi o n 3. 0
Server—excludes traffic to the Server from the proxy.

3. Using the drop-down menu choose one of the methods to exclude by:
IP Address—put a valid IP address in the field.
Subnet—put a valid IP address and subnet in the fields.
Host name—put a valid host name in the field.
4. Click Add and the entry is added to the Exclusion table.
5. To delete an entry from the Exclusion table click Delete.
TCP Acceleration Advanced Settings

Additional settings may be configured to make the TCP Acceleration even
smoother.
To set additional TCP Acceleration Settings:

1. Click Setup, followed by My Links, followed by Links.
2. Click the + next to the TCP Acceleration Advanced title bar.
3. In the window that opens fill in the following parameters:
Parameter Value/Description
Send Window Size Choose Auto for the 10MByte default setting or choose Other
and enter a different value (from 4Kb-50Mb) and select the
byte value (Kbytes or Mbytes) from the drop down list
accordingly.
Receive Window Size Choose Auto for the 10MByte default setting or choose Other
and enter a different value (from 4Kb-50Mb) and select the
byte value (Kbytes or Mbytes) from the drop down list
accordingly.
Acknowledge Packet Rate Enter the number of packets that the Accelerator will receive
from a source before sending the source a confirmation
message (called an Acknowledge Packet) that the packet
was received successfully. By default the rate is set to two
packets, and the preferred range is between two and eight
packets.
Keep Alive See Keepalive, on page 249.
Note: Even though the upper limit for the sizes of the receive and send
i
windows is 50MB, setting the size to a value greater than 10MB may
adversely affect the system performance, and therefore a warning message
notifying you about such a possibility appears when you select a value that
exceeds 10MB.

Keepalive
If for any reason there is a disconnect between an appliance and a network device
(LAN) or between an appliance and another appliance, the keepalive setting
ensures that the connection will not close until the time out interval has passed.
To set the time out settings:

1. Click Setup, followed by My Links, followed by Links.
2. Click the Advanced icon.
3. Click the + next to the TCP Acceleration Advanced title bar.
4. Check the Keepalive checkbox.
5. Decide the amount of time you want the appliance to wait before sending the first
keep alive message and put this value in the Keepalive Time field (1-10000
seconds).
6. Pick a direction (LAN, WAN, Both)
7. Decide how many times you want to send the Keep alive message and put this
value in the Keepalive Probes field (1-10000 probes).
8. Decide what kind of waiting time you want in between messages and put this
value in the Keepalive Interval field (1-50000 seconds).
9. Click Submit.
R ev isi o n 3. 0
Understanding Web Acceleration

The Web Acceleration plug-in improves response times for HTTP/FTP-based
applications.
Note: Web Acceleration is supported in hard-drive versions of the Accelerator.

i
On all other Accelerator platforms, HTTP traffic will continue to be accelerated
by using Expand Networks’ patented caching and compression algorithms.
Note: Because the Web Acceleration plugin consumes RAM, it affects the
i
number of tunnels configurable on the Accelerator. Web Acceleration can cache
objects up to 1 GB in size.
The Web Acceleration plug-in serves requested objects from its cache. If the object
is not in the cache, the plug-in retrieves the object on behalf of the client from the
original server, caches it (when relevant) and serves the client's request.
Web Acceleration guarantees network transparency. When the Accelerator is
deployed on the network, there is no need for any configuration modification of
connected LAN clients.
In On-Path deployments—HTTP transparency also applies to the
Server side, meaning that if a sniffer is used between an Accelerator
and the default gateway, HTTP packets will be seen to contain the
client and server IP addresses. FTP traffic will be transparent only on
the client side.
In On-LAN deployments—transparency applies only to the Client
side. A sniffer placed between an Accelerator and the default gateway
will see packets containing the Accelerator and server IP addresses.
This later is necessary to guarantee that replies will travel via the
Accelerator’s Web Cache engine and not be delivered directly to the
client.
Web Acceleration supports both FTP and HTTP caching.
FTP caching—the Web Acceleration cache guarantees that objects
sent to the client from the cache are always fresh (only supported if
the FTP server supports MDTM ex, vsftpd as well as SIZE headers).
Both Passive and Active FTP caching modes are supported.
HTTP caching—the object will have an aging time in the cache until it
is retrieved again from the server.

Configuring HTTP Acceleration 251
Configuring HTTP Acceleration

This section contains the following information:
Enabling and Disabling HTTP Caching, on page 251
Setting the Cache Size, on page 251
Setting Cache Content, on page 252
Clearing HTTP Cache, on page 252
Returning to Default Settings, on page 252
Setting Advanced HTTP Parameters, on page 253
Setting HTTP Acceleration Rules, on page 254
Excluding from HTTP Caching, on page 255
Enabling and Disabling HTTP Caching
By default, HTTP Caching is disabled.
To Enable or Disable HTTP Caching:

1. Click the following: Services-->Web Acceleration--> HTTP Acceleration--
>Configuration.
2. In the HTTP Acceleration field, select Enable from the drop-down menu to
enable HTTP Caching. To disable, select Disable.
Setting the Cache Size

To set the Cache Size:
1. Click the following: Services>Web Acceleration> HTTP
Acceleration>Configuration.
2. In the Cache Size field, enter a number to represent the size allotment for the
cache (between 1 and 60 MB).
R ev isi o n 3. 0
Setting Cache Content

To set the type of content to be cached:
1. Click the following: Services> Web Acceleration> HTTP
2. In the Cache content field, scroll down to select one of the following types of
content to be cached.
Enterprise caches all traffic from links and virtual links.
Internet caches all traffic on the non-link.
All caches all traffic, be it link, virtual link or non-link.
Clearing HTTP Cache

To clear the HTTP acceleration cache:
1. Click the following: Services > Web Acceleration> HTTP
2. Click the Clear Cache button.
Returning to Default Settings

To return HTTP Acceleration settings to factory
default:
1. Click the following menu sequence: Services > Web Acceleration > HTTP
Acceleration > Configuration.
2. Click the Set Default Values button and click Yes when prompted.

Setting Advanced HTTP Parameters

To open the Advanced HTTP Parameters menu:
2. In the Advanced HTTP Parameters menu, click the + in the menu bar.
3. The Advanced HTTP Acceleration Configuration opens, letting you set the
following parameters as shown in the following table:
Parameter
Description
Item
Connect Time The time period (in seconds) that should pass before disconnection (default: 60).
out To set the Connect time out, fill in a number (between 1 and 600 seconds) in the
field
Maximum Cache Sets the Maximum size an object can be in order to be held in the cache. Object
Object Size larger than this number are not held. This parameter is set in KB.
To set the Maximum Cache Object Size, enter a number between 1 and
1,000,000 KB. By default, the size is 102,400 KB.
Note that the Maximum Cache object size must be larger than the Minimum
Cache object size.
Minimum Cache Sets the Minimum size an object can be in order to be held in the cache. Object
Object Size smaller than this number are not held. This parameter is set in KB.
To set the Minimum Cache Object Size, enter a number between 1 and
1,000,000 KB. By default, the size is 102,400 KB.
Note that the Minimum Cache object size must be smaller than the Maximum
Cache object size.
Maximum Client Sets the amount of time the client (browser) can be connected to the cache
Connect Time process before a timeout is initiated. This is merely a safeguard against clients
that disappear without properly shutting down. It is designed to prevent a large
number of sockets from being tied up in a CLOSE_WAIT state. The default for
this
option is 1440 minutes, or 1 day. Acceptable values are between 1 and 5,000
minutes. To set the Maximum Client Connect time, enter a number in the field
between 1 and 5,000 minutes
Persistent Time Sets the amount of time to wait for an HTTP request from the client after the
out connection was established, or after the last request was finished. It is set in
seconds with acceptable values between 1 and 10,000 seconds. To set the
Persistent Time out value, enter a number between 1 and 10,000.
R ev isi o n 3. 0
Parameter
Description
Item
Transparency This command configures the status of the interception proxy.
The interception proxy can be configured as transparent (namely, the proxy
server’s IP address will not be detected by sniffing). Three statuses are possible:
• Semi—applying transparency only on the Client side.
• Full—applying transparency on both the Client and the server sides.
• Auto—setting the transparency status automatically according to
deployment, namely: Semi in On-LAN deployment and Full in On-Path
deployment.
To set the transparency mode, select one of the options from the drop-down
menu
Port When enabled, preserves the original client’s source port information. By default,
Transparency this is disabled. When Transparency (above) is set to either Semi or Auto in an
On-Lan deployment scenario, it is not recommended to set this feature to enable.
TCP When TCP Acceleration is configured in the TCP Acceleration menu, you must
Acceleration also enable this parameter in order for the acceleration to work correctly. By
default, TCP Acceleration is disabled, but to enable TCP Acceleration, select
Enable from the drop-down menu.
Cache Lets you define whether to cache data that arrives from authenticated servers,
Authenticated such as authentication requests.
Requests If you set this option to Enable, the data from such servers is cached even if no
Public indication was set in the authenticated server. If any other condition
exists, which prevents the data from being cached (for example: a Private flag),
the data is not be cached, but it is still accelerated.
Collect Statistics Lets you start or stop the statistics collection. (Supposed to be removed)
Server Ports The list in this table represents the port numbers that will be intercepted by HTTP
Table Acceleration. By default Port 80 is used for HTTP traffic. Using this table, you can
add additional non-standard HTTP ports. Make sure the port number you add is
not used for other types of traffic.
Enable Proxy Select this box to enable the proxy server.
Server If this box is selected, you can set manually the proxy IP address and the proxy
port number.
Setting HTTP Acceleration Rules

The HTTP Acceleration Rules screen lets you configure Direct and No Cache rules
supported by HTTP acceleration.
To set HTTP Acceleration rules:

Acceleration>Rules.
2. In the Type field, scroll down to select either Direct Rule or No Cache Rule.
You should enter regular expressions in the edit fields of both rules.

The expression entered in Direct Rule should be valid on a URL, and determines
that all requests that match this expression are always forwarded directly to the
origin server, without using the proxy server. For example: if you apply rule
direct avaya, all requests that match the avaya regular expression are
forwarded directly to the origin server.
The expression entered in No Cache rule determines that traffic directed to a
specific URL, which matches this specific expression (for example: no cache
avaya) is neither cached nor retrieved from the cache, and after the traffic is
retrieved from the server it will not be cached.
In both cases (Direct and No Cache rules) you can define multiple rules.
Figure 8: HTTP Acceleration Rules
Excluding from HTTP Caching

You can exclude certain components of the traffic from either HTTP caching To
exclude from FTP Caching, see Enabling and Disabling FTP Caching, on page 257.
R ev isi o n 3. 0
To exclude from HTTP caching:

Acceleration > Exclusion.
2. In the Exclude by drop-down list choose whether to exclude by IP address,
Subnet or Hostname.
3. If you select to exclude by IP address, check the appropriate button to indicate
whether this IP Address comes from the Client or from the Server.
4. Enter the IP address you want to exclude.
5. If you previously selected the Server option, select now whether to let
AcceleratorOS assign a port number for you, by selecting the All option, or enter
a specific port number (preferably 80).
6. Click the Add button.
7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have
to enter the subnet mask as well.
8. To exclude by Hostname, repeat steps 3. to 6. This option also requires you to
enter a Hostname. To enable excluding by Hostname, you first have to configure
a DNS that resolves the hostname. For details, see Configuring DNS, on page
297.

FTP Acceleration 257
FTP Acceleration
Figure 9: FTP Acceleration screen

Enabling and Disabling FTP Caching, on page 257
Setting the Cache Size, on page 258
Setting Cache Content, on page 258
Clearing FTP Cache, on page 258
Returning to Default Settings, on page 258
Setting Advanced FTP Parameters, on page 259
Excluding from FTP Caching, on page 260
Enabling and Disabling FTP Caching

By default, FTP Caching is disabled.
To Enable or Disable FTP Caching:

1. Click the following menu sequence: Services > Web Acceleration > FTP
2. In the FTP Acceleration field, select Enable from the drop-down menu to enable
FTP Caching. To disable, select Disable.
R ev isi o n 3. 0
Setting the Cache Size

To set the Cache Size:
2. In the Cache Size field, enter a number to represent the size allotment for the
cache (between 1 and 60 MB).
Setting Cache Content

To set the type of content to be cached:
2. In the Cache content field, scroll down to select one of the following types of
content to be cached:
All caches all traffic, be it link, virtual link or non-link.
Clearing FTP Cache

To clear the FTP acceleration cache:
2. Click the Clear Cache button.
Returning to Default Settings

To return FTP Acceleration settings to factory default:
2. Click the Set Default Values button and click OK when prompted.

FTP Acceleration 259
Setting Advanced FTP Parameters

To open the Advanced HTTP Parameters menu:
2. In the Advanced FTP Parameters menu, click the + in the menu bar.
The Advanced FTP Acceleration Configuration opens, letting you set the following
parameters as shown in the following table:

Connect Time out The time period (in seconds) that should pass before disconnection
(default: 600).
Localization Lets you enable or disable the option to view files in languages that
require Unicode characters, such as Chinese.
Minimum Cache Object size Lets you set a default for the minimum size of the cache object (0-
5000KB, default: 1024).
Cache per User Ascribes a cache object to a single user. Namely, when a specific user
accesses a file from the server, the file is cached per this user, and the
next time a user with the same user accesses the file, it is served from
the cache. However, for anyone who logs in with a different user
name, the file is fetched directly from the origin server and not from the
cache.
Transparency Sets the interception proxy as transparent (namely, the proxy server’s
IP address will not be detected by sniffing), on both the Client and the
Server sides.
R ev isi o n 3. 0
Excluding from FTP Caching

To Exclude from FTP Caching:
Acceleration > Exclusion.
2. In the Exclude by drop-down list choose whether to exclude by IP address,
Subnet or Hostname.
3. If you select to exclude by IP address, check the appropriate button to indicate
whether this IP Address comes from the Client or from the Server.
4. Enter the IP address you want to exclude.
5. If you previously selected the Server option, select now whether to let
AcceleratorOS assign a port number for you, by selecting the All option, or enter
a specific port number (preferably 80).
7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have
to enter the subnet mask as well.
To exclude by Hostname, repeat steps 3. to 6. This option also requires you to
enter a Hostname. To enable excluding by Hostname, you first have to configure
a DNS that resolves the hostname. For details, see Configuring DNS, on page
297.

Configuring DNS Acceleration 261
Configuring DNS Acceleration

The Accelerator’s Domain Name Server (DNS) Acceleration plugin enables the
Accelerator to act as a DNS caching device. By intercepting DNS requests and
saving them on the local Accelerator, the DNS caching feature shortens the amount
of time an end user waits for Web pages to appear and lessens unnecessary
requests from your network to the Domain Name Server asking for Domain Name
translations into IP addresses. DNS Caching is extremely useful when the DNS
server that the clients are accessing is across the WAN over a high-latency link.
You can use the WebUI to set all parameters relevant for DNS acceleration and
DNS masquerading.
Figure 10: DNS Acceleration screen
R ev isi o n 3. 0
To set the DNS parameters:

1. Under Services, click DNS Acceleration.
2. Adjust the parameters as follows, and click Submit when done:
DNS Masquerade DNS masquerading enables the Accelerator to intercept traffic sent from the
Client to the DNS server and back, and masquerade the DNS response’s
address. Select Enable to enable, or Disable to disable. Note that, the
translation of host names into the Accelerator’s user-defined addresses is
defined in the next section of this screen - the Static Hosts table.
DNS Acceleration Enabling allows the Accelerator to cache the DNS addresses, thereby
eliminating repetitive queries over the WAN. Select Enable to enable, Disable
to disable.
Use Accelerator defining the Accelerator as a DNS client. By so doing, the Accelerator will
DNS always intercept traffic and use its setting to process it, even if that traffic was
sent to another DNS server. If you enable this option, you have to configure a
domain name server under Setup > Networking > DNS. For details, see
Configuring DNS, on page 297.
Cache Unresolved Caches DNS queries that were unresolved and will therefore not attempt to
resolve them in the future. Select Enable to enable, Disable to disable.
Transparency Select the appropriate transparency method:
• Semi—the traffic is transparent to the Client, but the server sees it as
coming from the Accelerator.
• Full—the traffic is transparent to both the Client and the Server.
• Auto—the transparency is determined automatically according to the
deployment level: either Semi (in On-LAN deployment) or Full (in On-Path
deployment).
Min TTL Determines whether to keep the Time-to-leave settings defined by the DNS
server (Preserve TTL) or set your own settings (1-1440 minutes).
If the TTL settings you defined here are longer than those set by the DNS
Server (for example: 60 minutes compared with 10 minutes, respectively), for
any period between these two values (as, in this example, 20 minutes) the
Accelerator does not use the DNS Server’s address and takes the address
from its own cache.
To view the statistics for the queries since the last time the DNS Acceleration
feature was enabled, use the Statistics (lower most) section of the DNS
Acceleration screen
Cache Size Defines the maximum number of records that are to be kept in the cache. You
can either select Auto to keep the system-defined default, or select your own
value.
To clear the cache:

Click the Clear Cache button, and click Yes when asked to confirm the action.
To show the current cache:

Click the Show Cache button.
Configuring DNS Acceleration 263
To edit the Static Hosts table:

1. Click DNS Acceleration, and click the + to open the Static Hosts Table, if it isn’t
already open.
2. Click the Add button and the Add New Static Host dialog box opens.
3. In the Host Name field, enter the requested host name (for example:
www.expand.com).
4. In the IP Address field, enter a user-defined masquerading IP address the
Accelerator will use for the host name you had just entered.
5. Click Submit and the information is added to the Static Hosts table.
6. To edit the static host details, click on the host’s IP address, within the Static
Hosts table, and edit the details in the Edit Static Host dialog box.
To delete a static host from the table, click anywhere on the host’s row to select it
and then click the Delete button. When asked to confirm the action, click Yes.
To reset all parameters back to the default value:

Click the Set Default Values button, and click Yes when prompted.
R ev isi o n 3. 0
Enabling Aggregation
Aggregation optimizes applications by using small packets such as Citrix, rdp, and
telnet. This menu allows you to configure aggregation, match applications to
classes and enable the class on all links.
To add a new application:

1. From the Services tab, click Aggregation.
The application names are predefined in the system. To add a new application,
see Creating New Applications, on page 213.
2. Choose an Application from the drop-down menu.
3. Choose an Aggregation class from the drop-down menu.
The aggregation classes are as follows:
User Defined 1—enables Citrix acceleration on a specific, user-
defined link.
User Defined 2—enables Citrix acceleration on a specific, user-
defined link.
Thin Client—enables Citrix acceleration on Citrix, telnet and ms-
terminal-server applications.
To edit the match between an application name and an

application class:
1. Select the application you want to change from the Application Name column in
the Matching Application to Class table.
2. Select an Aggregation Class from the Select Class drop-down list.
3. Click Submit.
The parameters are updated and the change is reflected in the table.
Note: The Citrix Acceleration screen lets you apply Citrix aggregation only on all
i
links. To apply Citrix aggregation on a specific link, use the Post Acceleration
Aggregation section of the My Links table under Setup tab. For details, see
Editing Links, on page 87.

Enabling Aggregation 265
To apply a specific Citrix aggregation class on all

links:
1. Select the Enable option for the relevant class.
2. Click the Apply to All Links button.
3. When prompted whether you want to configure Citrix acceleration on all links,
click OK.
R ev isi o n 3. 0
Enabling Traffic Encryption

The IPsec Encryption menu on the Services screen lets you encrypt the
Accelerator’s outgoing traffic, as well as determine the crypto mode and IPsec
policies.
This menu comprises the following options:
Configuring an IKE Policy, on page 266
Defining Crypto Mode, on page 267
Configuring IPsec Policies, on page 268
Applying IPsec Policies on a Link, on page 269
i Note: When IPsec is enabled on a link, no clear traffic is allowed to pass.

Therefore, by-pass mode cannot be enabled.
Note: To prevent any option for by-pass mode, connect one cable to ETH 0 port
i
and the other cable to either ETH 0/0 or ETH 0/1 port. However, you may want to
use ETH 0 port for Management, in which case both ETH 0/0 and ETH 0/1 ports
will be connected to cables, and a by-pass mode may be enabled.
To connect cables to both ETH 0/0 and ETH 0/1 ports, and still prevent any
option of by-pass mode, ensure that both cables are of the same type (either
Cross or Straight), and that none of the devices connected to the ETH 0/0 and
ETH 0/1 ports has an MDIX.
Configuring an IKE Policy

IKE (Internet Key Exchange) is a pre-shared key, entered manually into both
Accelerators that exchange IPsec traffic, allowing each Accelerator to verify the
identity of its peer.
To configure an IKE policy:

1. Click the Services tab, followed by IPSec Encryption.
2. In the Pre-shared Key field, enter a password.
3. Re-enter the password in the Re-enter field.
Note: The pre-shared key must be identical on both sides of the link, otherwise
i
the link will not be established.

Enabling Traffic Encryption 267
4. Set up the parameters of ESP Algorithms 1, 2 and 3, by selecting the requested

authentication method (either SHA1 or MD5), encryption method (AES-128, AES-
192, AES-256 or 3DES) and Key group (PFS) - 1, 2 or 5.
5. Set up the requested SA lifetime (the time period after which the encryption key
will be replaced) You can set this time either by hours or by seconds.
6. Enter the policy name in the Description field.
7. Click Submit.
Defining Crypto Mode

The Crypto Mode screen lets you control whether the Accelerator’s outgoing traffic
is encrypted, as well as determine the crypto modes by selecting one of the
following options:
Note: Defining crypto mode requires entering first a pre-shared key (password).
i
For details, see Configuring an IKE Policy, on page 266.
None—disables the configuration of IPSec links.
Strict—allows only encrypted traffic to pass the box at all times.
Split-Tunneling—allows clear traffic to pass only after all IPSec
links have been established. (See Note)
Lenient—allows clear links to pass traffic regardless of IPSec links
status.
Note: If you choose strict mode, any traffic whose destination is a local subnet is
i
not accelerated. This is because in Strict mode, the IPSec guards only the traffic
exiting its subnet. This means if a packet comes through the non-link to a local
subnet, the Accelerator will let it pass even if the packet contains clear text and
the traffic will not be blocked. However, traffic that is sent to an unknown subnet
or a remote subnet to which no link is present will be dropped.
R ev isi o n 3. 0
To define Crypto mode:

1. Click the Services tab, followed by IPSec Encryption >Crypto Mode.
2. Use the Crypto Mode drop-down box, to select one of the options mentioned
above.
3. Click Submit (at bottom of screen).
4. In addition, if you want to show the security information on the specific
Accelerator, click the Show Security Information button.
Configuring IPsec Policies

Use the IPsec Policies screen to define the parameters to be applied to traffic that
passes through the links. Unlike the IKE Policy screen, which lets you define only
one IKE policy, you can define several IPsec policies and apply different policies to
different links. Each IPsec policy lets you define three ESP algorithms.
Note: The ESP algorithm you define here as ESP algorithm 1 is the default
i
algorithm that will be activated when enabling the IPsec on a link.
In addition, IPSec services are licence dependent. You are supplied with a
temporary license when you install the software that is valid for 30 days. You will
need to change this license into a permanent license to prevent loss of IPSec
services.
Note: Should your license expire, the IPsec link will be down. This prevents the
i
local Accelerator from informing the remote Accelerator that the license is
dropped. The remote Accelerator therefore, will not be able to list in its log that
its remote IPsec license is dropped.
Note: When you edit existing links, you choose whether to enable IPsec on the
i
link, and which IPsec policy to apply. For details, see Applying IPsec Policies on
a Link, on page 269.
Note: IPSec uses the primary IP address of the Accelerator to create the IPSec
i
tunnel. If you use a protocol that uses an IP address other than the primary (as
is done in virtual IP addresses) the traffic sent out will be dropped. Therefore it is
not recommended to use IPsec in conjunction with features that use virtual IP
addresses (as in HSRP and VRRP).

Enabling Traffic Encryption 269
To configure an IPsec policy:

1. Ensure that the appropriate crypto mode is displayed. Otherwise, use the Crypto
Mode screen to change it. For details, see section Defining Crypto Mode, on
page 267.
2. Define a name for the policy in the Policy Name field.
3. Select the requested PFS Group (1, 2 or 5).
4. Select the requested SA Lifetime (either by hours or by seconds).
5. Set up the parameters of ESP Algorithms 1, 2 and 3, by selecting the requested
authentication method (either SHA1 or MD5) and encryption method (AES-128,
AES-192, AES-256 or 3DES).
6. Click Add.
Applying IPsec Policies on a Link

The Apply IPsec on Link screen lets you select one of the previously defined IPsec
policies and assign them to a single link. You can also assign different policies to
different links. This screen also lets you view the parameters of the IKE policy you
defined.
Note: When IPsec is enabled, the only encapsulation method possible is

i
IPComp, because Transparent encapsulation preserves the packet header and is
therefore unsuitable.
To apply an IPsec policy on a link:
1. Ensure that the appropriate cyrpto mode is displayed. Otherwise, use the Crypto
Mode screen to change it. For details, see section Defining Crypto Mode, on
page 267.
Note: You will not be able to apply an IPsec policy on a link if the Crypto mode is
i
“None”.
2. Select the requested link from the Link Name list.

3. Select the requested policy from the Policy Name list.
4. Click Enable IPsec on Link.
R ev isi o n 3. 0
To terminate the SA time and replace the encryption key immediately, click the
SA Link Renegotiate button. To disable the IPsec on the link, click the Disable
IPsec on Link button.
5. Make sure that the remote and local NAT IP address has been configured, by
clicking Setup > My Links and the Advanced button and then opening the
IPSec Menu, by clicking on the + sign. Make sure that the Enable IPSec
checkbox is checked and that the Local and Remote NATIP address fields are
complete. For further assistance on the link setup, see Editing Links, on page 87.

Remote Desktop Protocol Services 271
Remote Desktop Protocol Services

The Remote Desktop Protocol service captures RDP Proxy traffic and removes the
encryption and compression so that the you don’t have to remember to change the
settings on every remote desktop and server. This action is done automatically once
it is enabled. Note that the RDP Proxy has the best performance on links that have
TCP acceleration enabled as well.
The following topics are included:
Configuring Terminal Services, on page 271
Collecting RDP Proxy Statistics, on page 272
Excluding Terminal Services, on page 273
Configuring Terminal Services

Allows you to enable or disable the RDP Proxy. In addition, you can either use the
certificate supplied on your Accelerator or transfer your own to the RDP.
To enable or disable the RDP Proxy:

1. Go to the Services Menu and click Remote Desktop Proxy > Configuration.
2. To enable the RDP Proxy, click the Proxy Enabled checkbox.
3. To disable the RDP Proxy, clear the Proxy Enabled checkbox.
4. To choose the certificate supplied with your Accelerator, click the Default
Certificate checkbox and click Submit to save your changes.
5. To import your own certificate clear the Default Certificate checkbox and the
Certification File menu opens.
6. In the Transfer Method drop-down menu, choose the method you will use to
transfer the file (TFTP, FTP, HTTP, HTTPs)
7. Enter the User Name, Password, and IP address of the machine (from which
you want to import the file) in the relevant fields.
8. Enter the location of certification file and file name by entering this information
into the File Path/Name field. For example my path/myfilename.
9. Click Import and then click Submit.
10. To collect statistics for an RDP Proxy session, see Collecting RDP Proxy
Statistics, on page 272.
R ev isi o n 3. 0
Collecting RDP Proxy Statistics

The RDP statistics are collected from the moment the RDP service is enabled and
will be collected until it is disabled. The next time you re-enable the RDP service,
the counters in the statistics are reset. Optionally, you can print the report or save it
as an HTML or text file.
To view the RDP Proxy statistics:

1. Make sure you have configured RDP services. See Configuring Terminal
Services, on page 271 to configure RDP. Note, that the statistics counters will be
set to 0 until you have at least one RDP session established.
2. Go to the Services Menu and click Remote Desktop Proxy > Configuration.
3. On the Remote Desktop Proxy screen, click the Statistics button.
4. A pop-up opens with the following information:
Peak Number of Concurrent Sessions—this is the maximum
number of RDP sessions that were detected running
simultaneously from the time that the service was enabled.
Current Number of Sessions—this is the number of RDP
sessions that are currently running.
Average RDP PDU Size—this is the average Protocol Data Unit
size (in bytes) that have traversed the RDP session from the time
the service was enabled.
Maximum RDP PDU Size—this is the maximum PDU detected (in
bytes) for all units that have traversed the RDP session from the
time the service was enabled.
5. To print this report:
a. Click the Print button.
b. Select the printer.
c. Click Print.
6. To save this report:
a. Click the Save button.
b. Select the file’s location and choose the file type (HTML or Text).
c. Click Save.
7. Click Close to close the window.

Remote Desktop Protocol Services 273
Excluding Terminal Services

This allows you to exclude a specific server or subnet from the RDP services. Note
that enabling other services on an excluded machine will have to be done by hand.
To add a server to the exclusion list:

1. From the Services menu, click Remote Desktop Proxy > Exclusion.
2. Decide the direction you want to exclude by clicking one of the following radio
buttons:
Client—excludes traffic to the proxy from the Client.
Server—excludes traffic to the Server from the proxy.
3. Decide how you will exclude the server or client, by selecting one of the following
from the Exclude By drop-down box:
IP Address—fill in a valid IP address in the field.
Subnet—fill in a valid IP address and a valid subnet.
Host Name—fill in a valid host name.
4. Click Add and the entry is added to the Excluded table.
5. To remove an entry from this table, select the row and click Delete.
R ev isi o n 3. 0

Chapter 8: Configuring Management Options
You can configure the Accelerator via CLI via Telnet, SSH, or direct Console
connection. Alternatively, you can configure the Accelerator via WebUI, accessed
by using HTTP or HTTPS. Logging can be sent to SNMP or SyslogD servers and
can be sent via email.
Note: By default, all options mentioned above are enabled (Telnet, SSH, direct
i
console, HTTP and HTTPS). To disable a specific service, see Configuring
AAA, on page 320.
This chapter contains information on the following:
Studying the ExpandView System, on page 276
Using Out-of-Band Management, on page 279
Using SNMP, on page 280
Receiving Log Error Messages, on page 281
276 C h ap t er 8: Configuring Management Options
Studying the ExpandView System

Expand Networks' ExpandView is a centralized monitoring and management
system for Expand Accelerators. ExpandView gives you total visibility, via a
Dynamic Network Map, into global WAN operations, thereby letting you implement
global changes in minutes. Detailed graphs and reports, easy-to-use QoS
templates and tight integration with Expand's award-winning Accelerators make
ExpandView the ideal Centralized monitoring and management system for ensuring
optimal application performance over the WAN.
Using Dynamic Network Map

ExpandView is the industry's first to offer a dynamic map that provides a real-time
view of the wide area network (WAN), with the ability to monitor and manage
Expand's WAN optimization devices via simple click and drag operations. Ideal for
NOC (Network Operations Center) operations, the ExpandView map provides an
immediate visual representation of the enterprise's global WAN status, performance
and alerts. The ExpandView map lets IT managers add Accelerators on-demand,
create or remove links between devices, and boost the performance of any
application or remote location - Directly from the map!
Figure 1: ExpandView

Studying the ExpandView System 277
Simplifying WAN Optimization

ExpandView takes the complexity out of deploying WAN optimization.
Once new Accelerators are powered up, ExpandView automatically updates them
with all preconfigured parameters and starts collecting statistics.
Generating Advanced Alerts for

World-Class NOCs
ExpandView generates alerts on application performance thresholds for remote
Accelerators, thus enabling proactive performance management. Acceleration
percentage, traffic gauge, and a multitude of other parameters can be used to
predict WAN performance incidents, before they happen, giving IT managers the
tool to correct them.
Generating Proactive Reports for

Network Provisioning
ExpandView lets you generate trend reports, which detail anticipated future
utilization of WAN links based on previous usage and performance of the links.
Such reports are useful in helping IT provision networks to accommodate business
growth and expansion.
Figure 2: Statistics and Monitoring graph
R ev isi o n 3. 0
Defining Scalable QoS

Centralized insight into network traffic and application performance enables
informed and controlled use of available bandwidth. ExpandView enables group
configuration of QoS and policy prioritizing. You can publish new policies to
multiple devices in a single step, and enforce QoS policy consistency by creating
QoS templates.
Updating the IP Address of

ExpandView Server
To work with ExpandView, each Accelerator must be updated with the IP address
of the ExpandView server. The following AcceleratorOS CLI commands enable
interaction with ExpandView by setting the ExpandView server IP address and port
number:

Using Out-of-Band Management 279
Using Out-of-Band Management

You can manage the Accelerator remotely from a management station on a LAN
external to the accelerated network. When Out-of-band management is used,
Ethernet 0 cannot participate in VLAN or HSRP/VRRP, should not be part of OSPF
or RIP router polling support, and should not use WCCP or RIP route injection.
To use Out-of-band management:

1. Connect the Accelerator’s Ethernet 0 to the remote network.
2. Set Ethernet 0 to be removed from the Accelerator’s bridging capabilities
3. Add a separate IP address for this interface.
R ev isi o n 3. 0
Using SNMP
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP
agent for monitoring performance statistics from a Network Management System
(NMS). In addition, the Accelerator can send SNMP traps to the NMS and other
network devices. To work with the Accelerator’s SNMP management, you have to
update the network’s SNMP settings in the Accelerator. Define the following SNMP
Communities and enable traps (if requested).
Figure 3: SNMP
To access configuration options:

1. Click on Setup, followed by Advanced, and then SNMP.
2. The default Read Community is public.
3. If you want the Accelerator to receive SNMP traps, make sure the SNMP drop-
down is set to Enable and then enter the Trap Community Name and Manager
IP address in the relevant fields.
4. Enter the SNMP Version 3 password (see note) and then enter a new password.
5. Click the Submit button in the bottom right hand corner.
i The SNMP Version 3 default initial user name is expand_user and the default
initial password is expand_initial_password.

Receiving Log Error Messages 281
Receiving Log Error Messages

The Accelerator can send status updates about the Accelerator to a SYSLOG
server, to an email address, or to both.
The following sections detail how status updates are sent:
Sending Updates to a Syslog Server, on page 281
Sending Updates via Email, on page 283
Figure 4: Logging screen
Sending Updates to a Syslog Server

Syslog is a method of collecting messages from devices to a server running a
syslog daemon. Logging to a central syslog server helps in aggregation of logs and
alerts. Accelerator devices can send their log messages to a SYSLOG service. A
SYSLOG service simply accepts messages, and stores them in files or prints them
according to a simple configuration file. This form of logging can provide protected
long-term storage for logs. This is useful both in routine troubleshooting and in
incident handling.
Set the Syslog parameters to define the syslog server’s IP address and the severity
level of events by which error notifications are to be sent.
R ev isi o n 3. 0
To set syslog parameters:

1. Click on Setup, followed by Advanced, and then Logging.
2. Enter the following parameters as necessary.
Parameter
Description
Item
Facility The Facility setting sets the Syslog level (0-23), as follows:
0—kernel messages
1—random user-level messages
2—Mail system
3—system daemons
4—security/authorization messages
5—messages generated internally by syslog
6—line printer subsystem
7 —network news subsystem
8—UUCP subsystem
9 —clock daemonother codes through 15 reserved for system use
16—reserved for local use
17 —reserved for local use
20 —reserved for local use
Server IP Enter the IP address of the Syslog server.
Address
Severity Select the maximum severity that you want to be notified about by email, the
Maximum default is Fatal. Other choices include: Error, Warning, or Information. It is best
that the maximum level be higher than the minimum level. The hierarchy of
error messages from least to most is information, warning, error and fatal.
Severity Select the minimum severity that you want to be notified about by email, the
Minimum default is Information. Other choices include: Fatal, Error, and Warning. It is
best that the minimum level be lower than the maximum level. The hierarchy of
error messages from least to most is information, warning, error and fatal.

Receiving Log Error Messages 283
Sending Updates via Email

The Accelerator allows log error messages to be sent via email to notify you of
Accelerator status changes.
To set the email logging feature:

1. Click on Setup, followed by Advanced, and then Logging.
2. To enable email notification to be sent, ensure that the Enable checkbox in the
Mail section is selected.
3. Enter the following parameters as necessary:
Parameter
Description
Item
From Enter the information you want to appear in the From field of the e-mail when it is
received. This can either be text (as in your name) or an e-mail address. Make sure
you have checked your spam filter settings if needed.
Recipient Enter the e-mail address to which the e-mail should be sent. Make sure the e-mail
address is valid and correct.
Subject Enter the subject that you want to appear in the subject field of the e-mail. This subject
will be used each time the mail message is sent.
Server IP Enter the IP address of the e-mail server
Address
Server port Enter the port number that the e-mail server uses. The default is 25
Severity Select the maximum severity about which you want to be notified by email; the default
Maximum is fatal. Other choices include: Error, Warning, or Information. It is best that the
maximum level be higher than the minimum level. The hierarchy of error messages
from least to most is information, warning, error and fatal.
Severity Select the minimum severity about which you want to be notified by email; the default
Minimum is Information. Other choices include: Fatal, Error, and Warning. It is best that the
minimum level be lower than the maximum level. The hierarchy of error messages
from least to most is information, warning, error and fatal.
R ev isi o n 3. 0

Chapter 9: Setting Advanced Parameters
Advanced setup includes complex configuration that should be attempted only by

trained and certified Accelerator operators.
You can set the following advanced parameters for the Accelerator:
Adding WANs, on page 286
Handling Interfaces, on page 289
Creating Static ARP Entries, on page 295
Defining Authentication Settings, on page 296
Configuring DNS, on page 297
Dial-on-Demand, on page 299
Dial-on-Demand, on page 299
286 C h ap t er 9: Setting Advanced Parameters
Adding WANs
The Accelerator arrives preconfigured with one default WAN. To define the
bandwidth setting for this default WAN, select Setup >My Accelerator > Basic
menu, and then click the Advanced Settings button to open the Advanced
Settings screen. See Defining Advanced Settings, on page 32.
On large networks (for example in cases where there are two routers or one router
with multiple WAN interfaces) in which the Accelerator will optimize the traffic of
more than one WAN, you can add additional WANs to the Accelerator.
Figure 1:My WANs
To add an additional WAN to the Accelerator:

1. Click the Setup tab, followed by Networking, and then My WANs.
2. Enter the Name of the new WAN.
3. Fill in the remaining parameters as follows

Adding WANs 287
:
Bandwidth Out Select the outbound bandwidth maximum value
Strict Priority Out Select Enable to enable encrypted outbound traffic to have priority, Disable to
disable.
Burst Out If you want to allow “greedier” outbound traffic to temporarily take more
bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it
will only take what hasn’t been taken by any other application, up to the fixed
amount or up to the maximum available), then do one of the following:
• Select Always Allow Burst Out to always allow bandwidth bursts on
outgoing traffic. This will allow the Accelerator to automatically adjust the
bandwidth and to allow bursts in bandwidth where needed.
• Deselect Always Allow Burst Out and select a limit to the burst, using the
Burst Out drop-down menu. This will allow bursts of bandwidth on the
outbound traffic up to the amount selected. If there is more bandwidth
available the application will not use it.
Enable Bandwidth Select the Enable Bandwidth In checkbox to set a bandwidth limit on
In incoming traffic, then select the Bandwidth In value.
Strict Priority In Select Enable to enable encrypted inbound traffic to have priority, Disable to
disable.
Burst In If you want to allow “greedier” inbound traffic to temporarily take more
bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it
will only take what hasn’t been taken by any other application, up to the fixed
amount or up to the maximum available), then do one of the following:
• Select Always Allow Burst In to always allow bandwidth bursts on
outgoing traffic. This will allow the Accelerator to automatically adjust the
bandwidth and to allow bursts in bandwidth where needed.
• Deselect Always Allow Burst In and select a limit to the burst, using the
Burst In drop-down menu. This will allow bursts of bandwidth on the
outbound traffic up to the amount selected. If there is more bandwidth
available the application will not use it.
4. Click Add and the new WAN will appear below the default-WAN in the WAN
table.
To delete a WAN:
Highlight a WAN and use the Delete button if at any point you want to delete a
WAN.
R ev isi o n 3. 0
To edit a WAN:
To edit an existing WAN, highlight the WAN in the WAN Table and click the Edit
WAN button. The Edit WAN popup appears, letting you modify the fields you set
previously (explained in the table above). Click Submit to confirm your changes.

Handling Interfaces 289
Handling Interfaces
Note: The total WAN bandwidth will always be enforced. It is the sum of all
i
WANs configured for the Accelerator
The Accelerator automatically detects the MAC address and Speed and Duplex
settings for each of its interfaces. You can perform all required speed and duplex
setting modifications via the My Interfaces menu. The interface name corresponds
to the name printed on the back panel of the Accelerator and cannot be modified.
The MAC address is permanent and cannot be modified.
The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or
1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex.
The Auto setting automatically configures the Accelerator to the detected link speed
and duplex setting (this is the default setting).
Note: Setting wrong interface speed and duplex values for the Accelerator may
i
result in many errors on the line towards the router, and even loss of connectivity.
If you are uncertain as to the speed and duplex setting required, you can use the
Auto setting; however, you are advised to manually set the speed and duplex.
Note: When the Accelerator is installed in an On-Path deployment, ensure that

i
both interface 0/0 and 0/1 have the same link speed and duplex settings. If the
Accelerator operates in by-pass mode for any reason, this will enable the two
devices adjacent to the Accelerator to interact.
R ev isi o n 3. 0
Viewing Available Interfaces

The Interfaces Table shows all detected Accelerator interfaces. Additional ports are
shown only for platforms which support multi-port. If optional panels are used, 4
pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount
of available ports, as indicated in the following figure:
Figure 2: My Interfaces screen

To view all detected interfaces:
1. Click the following sequence: Setup > Advanced > My Interfaces.
2. The interface table appears, displaying all detected interfaces. The status of
each
To edit an interface:
1. Click the following sequence: Setup > Advanced > My Interfaces.
2. In the Interfaces Table, click on the name of the Interface to be modified.
3. The edit dialog box opens. Information about the interface (MAC address, name,
hardware type, etc.) is given and cannot be modified.
4. The following parameters however can be modified as follows:

Link Mode Choose the link speed in Mbits and if the link is to be full or half duplex.
Bridged State When enabled, allows all Interfaces to receive the same logical IP as the
Accelerator. When disabled, you will have to enter the IP address and subnet
mask of the interface in the fields that follow.
IP Address The IP address of the interface. This is only enabled, when the Bridged state
(above) is Disabled.
Mask The Subnet mask of the interface. This is only enabled, when the Bridged state
(above) is Disabled.
5. Click Submit.
Working with VLAN

The Accelerator supports protocol 802.1q VLAN. VLAN is a virtual layer on top of
the Ethernet that enables the Ethernet to be divided into smaller virtual groups. You
can add up to 255 VLAN groups to the Accelerator.
You can set Each VLAN group, identifiable by a number, on any basis (precise
location, department, primary application, type of user, and so on). The Accelerator
can incorporate itself into a VLAN network as follows: you can assign the
Accelerator a VLAN ID, enabling it to be considered as part of a VLAN group.
If VLANs are defined on the Accelerator, all VLAN traffic passes as bridged traffic.
Defining a VLAN as Native means that the Accelerator uses the IP address from its
local interface as the IP address for a particular VLAN. The Accelerator will handle
packets arriving tagged from the Native VLAN, but will forward them without the tag
(this is especially useful in setups in which the router does not support VLAN).
Setting the Accelerator to work in with Native tagged will enable the Accelerator to
set one VLAN as Native with the IP address from its local interface, but will forward
packets received from the native VLAN with the tag.
If traffic is already handled (for example if VoIP is set on a separate network and
receives priority), the traffic that is not to be handled by the Accelerator should not
be set as a VLAN and it should not be advertised anywhere in the Accelerator
network - the traffic should be bridged through the Accelerator.
The following figure depicts working with VLAN in an On-LAN configuration.
R ev isi o n 3. 0
Figure 3: VLAN in an On-LAN Configuration

In the setup depicted, VLAN 1, 2, and 3 are defined in the Accelerator. VLAN 1 is
defined as native, meaning that it takes its IP address from the Accelerator’s Local
interface. A second 802.1q trunk is created from the Layer-2 switch to the
Accelerator enabling VLAN support in an On-LAN environment.

The following figure depicts working with VLAN in an On-Path configuration:
Figure 4: VLAN in On-Path Configuration

The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q)
trunk. VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as
Native.
To include the Accelerator in a VLAN group:

1. Click the following menu sequence Setup > Advanced > VLAN Interfaces.
2. In the VLAN Interfaces menu, enter the necessary VLAN ID number (1 to 4094).
3. The Accelerator must have an extra IP address and Subnet Mask for each VLAN
group it joins.
R ev isi o n 3. 0
To enter an IP address and subnet mask to be used within the VLAN group,
select the IP address radio button and enter the IP address and subnet mask
into the supplied fields.
To use the Accelerator’s original IP address and subnet mask as its address
within the VLAN group, select the Native IP setting radio button. When Native is
selected, it is possible to select the Tagged checkbox to include the VLAN tag in
the packets sent from the Native VLAN.
All VLAN interfaces added will appear in the VLAN Interfaces table, at the bottom
of the screen.
Note: It is unusual for the Native VLAN to be tagged. Please check if indeed it
i
is. Otherwise the IP address in the Local Interface will act in the Native VLAN
Figure 5: VLAN Interfaces screen

Creating Static ARP Entries 295
Creating Static ARP Entries

If you want to make a replacement within the ARP table, you can add a static ARP
entry, by mapping a specific IP address to a specific MAC address.
To map a static ARP entry:

1. Click the Setup tab, followed by Networking, and then ARP.
2. In the ARP menu, add the IP address and MAC address to be mapped.
3. If this change is to be permanent, select the Permanent checkbox. Otherwise,
this entry will remain until the next Accelerator reboot, or until it is deleted from
the ARP table.
4. Click the Add Static Entry button.
The entry appears in the ARP table.
If you want to delete the entry, click the Delete button. To delete the entire ARP
table, including all its entries, click the Clear All button.
Figure 6: ARP Table
R ev isi o n 3. 0
Defining Authentication Settings

The Accelerator lets you modify the password necessary for logging in.
To modify the password:

1. Click on Setup, followed by Security, and then Users.
2. In the Users table, double-click the name of the user whose password you want
to modify. Alternatively, highlight the line of this user and click the Edit button.
The Edit User Details dialog box appears:
Figure 7: User Details
3. Enter the local password and re-enter it for confirmation.


Configuring DNS 297
Configuring DNS
The Domain Name Server (DNS) Configuration screen lets you manage Domain
Name Servers and define domain name, domain name search path and static
hosts.
To set a domain name:

1. Click the Setup tab, followed by Networking, and then DNS.
2. Enter the domain name in the Domain Name field.
3. Make sure that there is at least one entry in either the servers table or static host
table (see below if you need to add entries).
4. Select whether to enable or disable IP Domain Lookup.
5. Click Apply. The domain now appears in the Domain Name Table.
To add a new server:

1. In the Servers table, click Add.
2. In the Add New Server dialog box that opens now, enter the new server’s IP
address.
3. By default, the order is sequential and the newest entry is last. If you want to
4. change this order, select the new position in the Order drop down box. The order
may also be changed by using the arrows on the side of the table.
5. Click Submit. The newly added server now appears in the Servers Table.
To delete an existing server:

1. In the Servers table, highlight the line that contains the server address, in order to
select it.
2. Click Delete. You are now prompted to confirm the deletion.
3. Click OK. The server is now removed from the Servers Table.
To add a domain name:

1. In the Domain Name table, click Add.
2. In the Add Domain dialog box that opens now, enter the new Domain Name.
3. By default, the order is sequential and the newest entry is last. If you want to
4. change this order, select the new position in the Order drop down box. The order
may also be changed by using the arrows on the side of the table.
5. Click Submit. The newly added server now appears in the Domain Name Table.
R ev isi o n 3. 0
To delete an existing domain name:

1. In the Domain Name table, highlight the line that contains the domain name, in
order to select it.
3. Click OK. The server is now removed from the Domain Name Table.
To add a static host:

1. In the Static Host table, click Add.
2. In the Add Static Host dialog box that opens now, enter the new Host Name.
3. Enter a valid IP address.
4. Click Submit. The newly added server now appears in the Servers Table.
5. To delete an existing static host:
6. In the Static Host table, highlight the line that contains the Static Host name, in
order to select it.
8. Click OK. The server is now removed from the Static Host Table.

Dial-on-Demand 299
Dial-on-Demand
You can deploy the Accelerator in environments that have routers with dial-up (dial-
on-demand) interfaces.
These interfaces initiate a call (dial to) the remote end (typically over ISDN or
Satellite links) when “interesting” traffic is being sent. After a specific quiet period,
the link goes down again until new “interesting” traffic is sent.
Link establishment of the dial-up interfaces and connectivity time can be fairly
expensive. Therefore you may sometimes want to keep the link down until new
“interesting” traffic is forwarded via the link. The Accelerator poses a problem in
these environments as it uses a keep-alive mechanism to check the health of the
link between the remote sites. By default, the keep alive messages are considered
“interesting” and will keep the dial-up link alive (and costly).
The dial-on-demand solution enables the Accelerator to support dial-on-demand
environments by not sending keepalive messages.
i Note: Both peers must configure the link in dialup mode with the same time out.
i Note: The ExpandView agent must be disabled
i Note: Connecting to a link by using its HSRP address will not work.
R ev isi o n 3. 0

Chapter 10: Resiliency and Redundancy
This chapter explains how to get added resiliency and redundancy with the use of
one or more Accelerators. The features documented in this chapter are hardware
specific and the Accelerator you purchased may or may not feature all of these
benefits. Where noted the feature is model specific. If you want to change your
Accelerator model to be able to use these features, contact your account
representative.
The topics in this chapter include:
RAID, on page 302
Multi-Port Support, on page 305
Router Redundancy Protocols, on page 309
302 C h ap t er 10: Resiliency and Redundancy
RAID
About RAID, on page 302
RAID Support in Accelerators' Hard Drives, on page 302
About RAID
RAID (redundant array of independent disks) is a way of storing the same data in
different places (thus, redundantly) on multiple hard disks. By placing data on
multiple disks, I/O (input/output) operations can overlap in a balanced way,
improving performance. Since multiple disks increases the mean time between
failures (MTBF), storing data redundantly also increases fault tolerance.
A RAID appears to the operating system to be a single logical hard disk. RAID
employs the technique of disk striping, which involves partitioning each drive's
storage space into units ranging from a sector (512 bytes) up to several
megabytes. The stripes of all the disks are interleaved and addressed in order.
In a single-user system where large records, such as medical or other scientific
images, are stored, the stripes are typically set up to be small (perhaps 512 bytes)
so that a single record spans all disks and can be accessed quickly by reading all
disks at the same time.
In a multi-user system, better performance requires establishing a stripe wide
enough to hold the typical or maximum size record. This allows overlapped disk I/O
across drives.
RAID Support in Accelerators' Hard

Drives
There are at least nine types of RAID plus a non-redundant array (RAID-0).
Accelerator models 79xx feature RAID-5 support with hot-swappable disk drives.
Accelerator model 6950 uses RAID-1 support and the drives are not hot-
swappable.
The two RAID types supported with current Accelerator equipment includes:
RAID-1 Mirrored set without parity, on page 303
RAID-5 Striped set with distributed parity, on page 303

RAID 303
RAID-1 Mirrored set without parity

Provides fault tolerance from disk errors and failure of all but one of the drives.
Increased read performance occurs when using a multi-threaded operating system
that supports split seeks, very small performance reduction when writing. Array
continues to operate so long as at least one drive is functioning. RAID-1 is
sometimes called duplexing, disk shadowing, real-time copy, or t1 copy.
Figure 1: RAID-1
RAID-5 Striped set with distributed parity

Distributed parity requires all drives but one to be present to operate; drive failure
requires replacement, but the array is not destroyed by a single drive failure. In fact,
the drive failure is masked from the end user and all data is read from the
subsequent drives. Keep in mind however that the array will have data loss in the
event of a second drive failure and the data is vulnerable until the data that was on
the failed drive is rebuilt onto a replacement drive.
R ev isi o n 3. 0
Figure 2:RAID-5
Using the CLI, you can view the list of disk drives, the disk status, and remove
faulty disks. To get the CLI commands for these options, click on one of the
following links:
(RAID) add-disk, on page 538
(RAID) remove-disk, on page 539
(RAID) show, on page 540
(RAID) exit, on page 539

Multi-Port Support 305
Multi-Port Support
Specific Accelerator models (6850, 6950, 7930, and 7940) feature ports that are
designed with optical or copper fail-to-wire circuitry in order to provide maximum up
time for the network. This feature is particularly useful in the event of a host system
failure, power off, or upon software request. In such instances, a crossed
connection loop-back is created between the Ethernet ports and traffic is not
affected. Hence, in by-pass mode all packets received from one port are transmitted
to the other port and vice versa. This feature enables the ports to by-pass a failed
system and provides maximum up time for the entire network.
Figure 3: Multi-Port Accelerator in a Network

Using a multi-port design in your network topology allows you to create more
redundancy in networks that are configured in an On-Path deployment scenario (as
shown above). In the case of an Accelerator failure, power off, or software
requested by-pass, the ports will re-route the traffic as shown.
R ev isi o n 3. 0
Figure 4: Accelerator Failure in Multi-port Scenario

In addition, you can create groups or specify a maintenance/management link.
Using the CLI, you can manually set one pair or all port pairs to by-pass mode.
The by-pass status is reflected in the LED next to the port pair. Green indicates
that by-Pass is disabled. Red indicates by-pass is enabled.

Multi-Port Support 307
Figure 5: LED Locations
Accelerator models 6850, 6950, 7930 and 7940 have port pairs. In the 6x50, the
port number is the numerator (the top of the fraction) and you should make sure to
use both ports from the same pair. For example, ETH0/0 and ETH0/1 are pairs. The
port pairs are shown in below:
Theseportsarea Theseportsarea
pair pair
R ev isi o n 3. 0
Figure 6: Port Pairs

Your Accelerator may not be configured with these ports.
In the 7930 and 7940, the ports not labeled. The ports may be a pair or set of 2
pairs depending on which card you ordered. In the case of a 4 port pair the first
two are a pair and the second two are a pair.
These ports are a pair
These ports are a pair

Figure 7: Port Pairs
See the table below for links to more specific information:
For information on Go to
Installing a multi-port Accelerator Connecting and Configuring Multi-Port
Accelerators, on page 14
Getting information on, or selecting a Handling Interfaces, on page 289
specificAccelerator interface
Enabling NetFlow on a specific Accelerator Enabling NetFlow, on page 70
interface
Receiving a statistic detailing the data displayed Configuring the Ethernet Statistics Display Fields,
on the monitoring graphs per a specific on page 67
Accelerator interface
Enabling AccDump on a specific Accelerator Accdump, on page 359
interface
Initiating by-pass Working with By-pass Mode, on page 16 and in
the CLI, By-pass Mode Commands, on page
683.

Router Redundancy Protocols 309
Router Redundancy Protocols

Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol
(VRRP) are router redundancy protocols that provide network resilience for IP
networks, ensuring that user traffic immediately and transparently recovers from
first-hop failures in network edge devices or access circuits.
In HSRP and VRRP, multiple network devices can act in concert to present the
illusion of a single virtual router to the hosts on the LAN, by sharing an IP address
(known as a Virtual IP Address or VIP) and a MAC address. HSRP is a Router
Protocol developed by Cisco (RFC 2281), while VRRP is the IETF standard for
redundancy protocols (RFC 2338). The main differences between the two are that
HSRP requires you to dedicate an extra IP address as a virtual IP address for the
group, while VRRP takes up less network overhead by letting you use the IP
address of one of the devices already in the group, or set a dedicated VIP.
In HSRP the devices are all configured with a priority status within the group. In
general, the device with the highest priority is naturally the Active device; the device
with the next-highest priority is the Standby device that takes over in the event of
Active device failure or unavailability. Dominant devices in the virtual HSRP group
continually exchange status messages, enabling one device to assume the routing
responsibility of another, should it stop operating for either planned or unplanned
reasons. If the Active device fails, the Standby device assumes the
packet-forwarding duties of the Active device. If the Standby device fails or
becomes the Active device, another device is selected as the Standby device.
VRRP works in much the same way. In general, the Master device is configured to
have the highest priority and is active in the group. It acquires the Virtual IP
address of the group, but does not have management functionality of the Virtual IP,
only the transfer capabilities. The Backup devices perform the standby function. The
VRRP can include many backup devices, and this protocol does not support
knowing, at any given time, which backup device takes over in the event of failure.
Hosts continue to forward IP packets to a consistent IP and MAC address, and the
changeover of devices is transparent. The recovery time of the VRRP is about three
R ev isi o n 3. 0
times faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in
VRRP).
Figure 8: VRRP Group
Accelerators can take part in HSRP and VRRP and work in tandem with the
routers that provide backup for the network. The following figures display an
Accelerator application working with routers in a virtual HSRP and VRRP group.
The Accelerator and routers are configured with the MAC address and the IP
network address of the virtual HSRP/VRRP group.
The Accelerator is configured to have the highest priority and work as the Active/
Master device. It is configured with the IP address and MAC address of the virtual
router and forwards any packets addressed to the virtual router.
In HSRP, one of the routers acts as the Standby router, so that if, due to severe
power failure or any other unlikely event, the Accelerator stops transferring
packets, the router protocol gets into effect and the router assumes the duties of
the Accelerator and becomes the Active device.
In VRRP, both routers are configured as backup routers. Therefore, if due to
severe power failure or any other unlikely event the Accelerator stops transferring
packets, one of the backup routers assumes the duties of the Accelerator.
HSRP
The AcceleratorOS lets you set up HSRP groups, either manually or by automatic
detection.
The following sections describe the options for configuring HSRP groups.
Enabling HSRP Automatic Detection, on page 311
Setting Manual HSRP Configuration, on page 312
(config) HSRP autodetect, on page 565

(config) HSRP, on page 564
Enabling HSRP Automatic Detection

The Accelerator can auto-detect HSRP groups on its networks and add them to its
Group Table. When the groups are added, by default the Accelerator does not join
the groups.
i Note: If you have a network with multiple Accelerators, you must enable the
same HSRP services on every appliance.
Note: IPSec uses the primary IP address of the Accelerator to create the IPSec
i
tunnel. If you use a protocol that uses an IP address other than the primary (as
is done in virtual IP addresses) the traffic sent out will be dropped. Therefore it is
not recommended to use IPsec in conjunction with features that use virtual IP
addresses (as in HSRP and VRRP).
Figure 9: HSRP screen
To automatically detect all HSRP groups:

1. Click the following menu sequence: Setup > Networking > HSRP.
2. In the HSRP screen, select the Auto Detect checkbox. The HSRP table
automatically fills up with the details of the HSRP groups detected on the
network.
3. While the Accelerator adds these groups, by default its status in the groups is Not
Joined.
4. To Join the HSRP group or to modify other HSRP parameters, highlight the
HSRP group in the table and click the Edit button.
R ev isi o n 3. 0
Setting Manual HSRP Configuration

If the Automatic detection does not find an HSRP group, or if you want to manually
add or edit an HSRP group, you can modify the parameters as follows.
To manually modify the HSRP configuration:

1. Click the Setup tab, followed by Networking, and then HSRP.
2. In the HSRP menu, enter the Group ID number (0 - 255), the Virtual IP address,
the Priority (0 - 255), the Virtual MAC address and the status of the Accelerator
in the group (whether the Joined option is Disabled or Enabled).
3. Click Add. The HSRP group immediately appears in the HSRP table.
4. To modify the information, highlight the row in the HSRP table and click the Edit
button to modify the following parameters:
i Note: If you have a network with multiple Accelerators, you must enable the
same HSRP services on every appliance.

Group ID You must enter a group number, even if the target group is group 0
Virtual IP Address All devices in the HSRP group must have the same Virtual IP address.
Adding a virtual IP address of 0.0.0.0 puts the group into Learn mode, in
which the selected group tries to learn the IP address from the network.
Priority Setting the Accelerator’s priority lets you select its status in the HSRP
group.
If two devices in the HSRP group have the same priority, the Active router
is set according to IP address. Expand does not recommend this setup.
Virtual MAC Address All devices in the HSRP group must have the same Virtual MAC address.
Joined Enable or Disable the Accelerator’s status in the group. Joining the group
enables the Accelerator to function as any other router in the HSRP group.
Authentication If Authentication is enabled in the HSRP group, the Authentication
command lets you set the authentication password to communicate with
the routers in the group.
The default setting for the authentication command is cisco.
If you change the default authentication setting, verify that all other
devices in the HSRP group have the same authentication setting.
Force Priority Gives the Accelerator the highest priority in the HSRP group at all times.
When this setting is enabled, Preempt is also enabled automatically.
Force Priority is done per group and enables the Accelerator to hold the
highest priority of the selected group.
Once the Accelerator is set to have the highest priority, it becomes the
active router in the HSRP group.


Preempt Used for determining how to react when a higher priority router joins the
group. When enabled, the higher priority router prevails; when disabled,
the higher priority router assumes the Standby mode until the current
Active router experiences a failure.
Setting the Accelerator to enable preempt is useful when you want the
Accelerator to remain active as much as possible. On the other hand, the
change-over between one device and another can take two to three
seconds, during which the network has no default gateway, so you have to
use preempt carefully.
Hello and hold timers Set the packet rate between the devices in the HSRP group. Hello time is
the interval between Hello messages (an exchange of HSRP priority and
state information) and the Hold Time is the interval between a receipt of a
Hello message and the presumption that the sending router/Accelerator
has failed.
You are advised not to change the default timer setting: 3 seconds Hello
Time and 10 seconds Hold Time. These definitions comply with the
recommended settings of having the Hold Time length more than three
times the length of the Hello Time.
Decreasing timer-default rates shortens the time that the network has
without a default gateway during Active router changeover, but increases
the protocol bandwidth overhead and conversely.
If the Accelerator is not currently the Active device in the HSRP group,
Timer settings are derived from the Active device and any timer
configurations that you set in the Accelerator are not saved.
All members of the HSRP group must have the same Hello Time and Hold
Time. If you change the default parameters, ensure that you update all
members of the HSRP group with the new parameters.
HSRP over VLAN If the Accelerator is part of a VLAN, operating with HSRP requires
updating the VLAN group number (1 to 4094).
R ev isi o n 3. 0
VRRP
Unlike HSRP, you cannot configure VRRP automatically and must add it manually.
Figure 10: VRRP Group

To manually modify the VRRP configuration:
1. Click the Setup tab, followed by Networking, and then VRRP.
2. In the VRRP menu, enter the Group ID number (0-255), the Virtual IP address,
the Priority (1-254), the preempt status and the timer setting.
3. Click Add.
The VRRP group immediately appears in the VRRP table.
4. To modify the information, highlight the row in the VRRP table and click the Edit
button to change the following parameters:
Parameter
Description
Item
Group ID You must enter a group number, even if the target group is group 0. Accelerator
VRRP does not have a default group number.
Virtual IP All devices in the VRRP group must have the same Virtual IP address.
Priority Setting the Accelerator’s priority lets you select its status in the VRRP group.
If two devices in the VRRP group have the same priority, the Active router is set
according to IP address. Expand does not recommend this setup.
Once the Accelerator is set to have the highest priority, it becomes the active router
in the VRRP group.

Parameter
Description
Item
Preempt Preempt is used for determining how to react when a higher priority router joins the
group. When enabled, the higher priority router will prevail, when disabled, the
higher priority router will assume the Standby mode until the current Active router
experiences a failure.
Setting the Accelerator to enable preempt is useful when you want the Accelerator to
remain active as much as possible. On the other hand, the change-over between
one device and another can take two to three seconds, during which the network
has no default gateway, so you have to use preempt carefully.
Timer Sets the interval between the Hello messages sent between VRRP group members.
All devices in the VRRP group must have the same Timer setting. If for some reason
you have to modify this setting, you should modify it for all devices in the group. The
default setting is 1.
VRRP over If the Accelerator is part of a VLAN, operating with VRRP requires updating the
VLAN VLAN group number (1 to 4094).
R ev isi o n 3. 0

Chapter 11: Security
This chapter describes the various methods for ensuring security within the
Accelerator.
Studying the AcceleratorOS AAA, on page 318
Configuring AAA, on page 320
Auditing Administration Activities, on page 325
Locking and Unlocking the Keypad, on page 326
318 C h ap t er 11: Security
Studying the AcceleratorOS AAA

The Accelerator lets you manage access by means of Authentication,
Authorization, and Accounting (sometimes called Auditing), also known as AAA.
The Accelerator, normally installed in enterprises, government and military
organizations, requires strict security for the networks with which it interacts.
Therefore, the Accelerator’s AAA enables the system to be secured.
Authentication—Validates users' identity in advance of granting
login. The Accelerator’s authentication lets you define the users and
set the location in which passwords are stored. Each user must be
defined locally in the Accelerator as well as in remote AAA servers.
Authorization—Lets users access networks and commands. The
Accelerator’s authorization lets you define the users and their roles.
Accounting—Tracks usage patterns of individual users, service, host,
time of day, day of week, and so on. The Accelerator’s accounting lets
you receive logs detailing who signed in, when, and whether their
attempt to access the Accelerator succeeded or failed.
To view the log of these events, use the logging > show events
command. These events can be sent via email or sent to a Syslog
server.
The Accelerator’s AAA functionality includes the Accelerator’s ability to use
remotely accessed user-repositories for authenticating users. This functionality
enables controlling different levels of users in the system with different authorities
and lists the auditing functions performed for various operations.
You can configure the Accelerator to make use of a security server via either the
TACACS+ or RADIUS security protocols, or both.
Authentication is the part of the system that lets users define how they authenticate
to the system, allowing the authentication to be based on external authentication
servers. On the authentication side, the new functionality will include per-user
settings to control access to the Accelerator as well as passwords quality
verification functionality and password aging (to be implemented at a later stage).
The Accelerator’s AAA supports multiple users per Accelerator, allowing end-users
to define additional accounts besides the default expand user.
AAA includes control over provided management services, and allows limiting
access to certain management options available on the Accelerator, as well as
control access to the services from a defined set of sources (subnets for ACL).

Studying the AcceleratorOS AAA 319
Setting different user roles, allowing different access levels to the system is
supported with pre-defined roles available in the system. Definition of new roles is
user-configurable.
AAA includes auditing of all major operations performed on the Accelerator into log
entries saved in the system log files and routable to email message, syslog server
and SNMP trap.
R ev isi o n 3. 0
Configuring AAA
The following Configuration options are available:
Configuring Users, on page 320
Viewing the Authentication Servers, on page 322
Defining the Security Settings, on page 324
Configuring Users
Figure 1: Users screen

To add a new Accelerator user:
1. Click on Setup followed by Security.
2. In the Users menu, enter a name for the user in the User Name field.
3. Scroll down in the User Role field to select one of the following:
Administrator—complete access to the Accelerator and its
commands. Only Administrator users can modify AAA settings.
Monitor—access the Accelerator’s CLI but cannot modify
configuration.
NetAdmin—complete access to the Accelerator and its commands
with the exception of the Security commands and WAFS
management screen.
WAFS-Administrator—complete access to WAFS management
screen and console, in addition to web acceleration and DNS
configuration.
4. If a local password is to be set for this user, select the Enable Local Password
checkbox, then enter and confirm a new password for this user. If the checkbox
is not checked, only remote authentication servers will be able to authenticate
passwords. Passwords must be at least 6 characters in length and cannot be

Configuring AAA 321
keyboard sequences (qwertyu, 123456), palindromes, or simple recognized

dictionary words.
5. Click the Add button to apply settings.
Note: when working with a TACACS server, you must add each user name into
i the Accelerator.
To modify an Accelerator user:

2. In the Users menu, click on the name of the user in the Users Table.
3. Modify details as needed.
Click the Submit button to apply settings.
Deleting Users
To delete an Accelerator user:
2. In the User’s menu, highlight the line in the User’s Table that includes the name
of the user to be deleted. Click the Delete button.
3. Click the Submit button to apply settings.
R ev isi o n 3. 0
Viewing the Authentication Servers

The Authentication screen lets you set Authentication Servers (Radius, TACACS+
and Local) and manage these servers and their preference order in the
Accelerator.
To view the authentication servers:

1. Click the following menu sequence: Setup > Security > Authentication.
2. The Authentication Servers table displays all configured authentication servers.
Figure 2: Authentication Preferences screen
To delete an authentication server:

Click on a server name in the table and click Delete.
To edit the settings for a specified authentication

server:
Click on a server name in the table and click Edit. The parameters that you can
edit are the same as those you filled out in Adding a New Authentication Server,
on page 322.
Adding a New Authentication Server

To add a new authentication server:
1. Click the following sequence: Setup > Security > Authentication.
2. In the Authentication menu, click the Add button above the Authentication
Servers Table.

Configuring AAA 323
Note: If you select Radius or TACACS+ as the Server Authentication Method,

i you will need to add all of the users you wish to allow access to the Accelerator
on the Local Accelerator. Though the user’s credentials exist on the
Authentication Server, as all users must have local identification in order to be
authenticated. See Configuring Users, on page 320, for information on adding
new users.
3. In the Add New Authentication Server dialog box, enter the following information:
Name Description
Server Name The name of the server you want to add.
Server Type The server type (Radius or Tacacs).
IP Address The new server’s IP address.
Server Port The server’s port.
Server Order Defines whether the server is the first, second or third to be addressed.
Encryption Key The server’s encryption key
Server Time out Time period after which the connection times out.
4. Click Submit.
Setting the Authentication Method

The authentication method lets you define which servers are to be checked. If more
than one authentication type is used, select the server types in the order in which
they are to be authenticated.
To set the authentication method:

Figure 3: Authentication Method
R ev isi o n 3. 0
In the Authentication menu, scroll down in the 1 field to set the first level of
Authentication. In the 2 field set the second level of Authentication and so on.
It is recommended that the first level be set to Local.
Defining the Security Settings

The Settings screen lets you define security settings, such as which access
methods to use when connecting to the Accelerator and the maximum failed login
attempts before an account would be disabled.
By default, all transport types are set to Enabled, except for FTP and TFTP, which
are set to Disabled.
Figure 4: Security Settings screen
To define security settings:

1. Click Setup followed by Security.
2. In the Settings menu, select the checkboxes of the types of access methods
allowed for connecting to the Accelerator.
3. Click the Submit button to apply settings.

Auditing Administration Activities 325
Auditing Administration Activities

The Audit screen lets you select which administration activities to audit (for
example: changing the configuration, creating links and adding users.)
Figure 5: Audit screen
To select which activities to audit:

1. Click the Setup tab, followed by Security, and then Audit.
2. In the Accelerator’s audit table, select or deselect the boxes that refer to the
activities you want to audit or to stop auditing.
3. Click Submit.
R ev isi o n 3. 0
Locking and Unlocking the Keypad

The LCD keypad on the front panel of the Accelerator (if included) can be locked.
To set the lock key combination sequence, see section Installing the Accelerator,
on page 13.
Figure 6: Keypad Settings screen
To lock/unlock the keypad via the WebUI:

1. Click the following sequence: Setup > Security > Keypad.
2. In the Keypad status drop-down menu select one of the following:
Locked—immediately locks the LCD
Auto-Locked—automatically locks the LCD when not in use
Unlocked—keeps the LCD unlocked
Setting the Keypad Lock Definitions

Selecting the Auto-Locked value for the keypad lets you set the number of times
after which the keypad will automatically lock, as well as the key sequence to be
entered for unlocking the keypad once it is locked.
To set the auto-lock timer:

1. In the Keypad screen, enter a number (in seconds) into the auto-lock timer field.

Locking and Unlocking the Keypad 327
To set an unlock sequence:

The unlock sequence sets a the sequence of keypad buttons that must be pressed
in order to unlock the LCD.
The default is as follows:
Up arrow, Down arrow, Right arrow, Left arrow, Enter button.
The unlock sequence set should be a combination of the buttons, in any order, up
to five depressions.
Figure 7: Unlocking the Keypad

1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to
select the button to be pressed in the order intended.
Defining Other LCD Settings
Turning By-pass On
Locking the Keypad
You can lock the Accelerator’s keypad via the LCD, the WebUI or the CLI. To
unlock the keypad, enter the unlock sequence. The default unlock sequence is
Right button, Left button, Up button, Down button, Enter. You can modify the lock
sequence via the WebUI as described in section Locking and Unlocking the
R ev isi o n 3. 0
Keypad, on page 326, or via the CLI, as described in section (config) lcd lock, on
page 676.
Product ID
Management IP
Management Mask

Chapter 12: Troubleshooting
This chapter describes troubleshooting procedures for the Accelerator and explains
Accelerator alerts and events, as follows:
Carrying out the Troubleshooting Procedure, on page 330
Password Issues, on page 331
Checking the Event Log, on page 334
Displaying Information for Troubleshooting, on page 337
Checking the Link Status, on page 338
Checking Ethernet Settings, on page 339
Checking Lack of Acceleration, on page 342
Checking Link Malfunction, on page 343
Checking for a Corrupted Terminal, on page 344
330 C h ap t er 12: Troubleshooting
Carrying out the Troubleshooting

Procedure
If there is a problem with your Accelerator, try using the following steps to help
diagnose the source of the problem:
Check the Event log
Check the topology and host settings - is the default gateway set
correctly?
What is being affected? All the links? Particular links?
Use Tools to find the source of the problem
Put the local Accelerator and then the remote Accelerator into by-pass
mode

Password Issues 331
Password Issues
Resetting the Password, on page 331
Choosing a Legal Password, on page 331
Resetting the Password

If you forget your password, you can use the reset command from the login prompt
instead of the password. This command deletes all passwords and configurations
and resets all of the Accelerator’s settings, including the device’s passwords, to
their default values. You will need to re-configure all links, acceleration and QoS
settings.
After resetting, you can use the default login (expand) and password (Expand) to
log in and reconfigure the Accelerator.
T r yi ng 17 2. 1 6. 3 1. 12 (P OR T :2 3 ). ..
C o nn ec t ed t o 1 7 2. 16 . 31 .1 2 .. .
A c ce le r at or O S, Ac ce l er at o r 6 80 0 S er ie s
V e rs io n 6 .3 . 2 ( Bu il d 3. 53 )
l o gi n: re se t
Note: You must connect to the Accelerator you want to reset using a Console
i
connection.
Choosing a Legal Password

Your Accelerator is supplied with a default password and you need to change it
once you enter the Setup Wizard. A password is variable in length and may contain
one, some, or, all of the following character types:
Upper case letters
Lower case letters
Numerals
Symbols
R ev isi o n 3. 0
Password Strength
A password that is strong enough is considered to be valid. A strong password has
the following:
At least 6 characters if in mixed character types
At least 8 characters if in the same character type
Is not composed of a dictionary word (meaning a string of letters that
can be recognized as an English word) or a reverse dictionary word
(in either mixed case or with letters separated by other characters)
Is not a keyboard sequence
Is not a numerical sequence
Is not a palindrome
Is not considered to be too simplistic or too systematic
There are no maximum limits for character length, but it is not advised to make the
password too long, which increases the possibility of a typographical error.
Examples of Good and Bad Passwords

For examples see the following table:
Password
Good/Bad Comments
Choice
dfghkeg Bad characters in all the same character type. This password is too
short if it is to be of the same character type
dfghke9 Good 7 characters, but it is combined of two character types
AeFgL9 Good Only 6 characters but it has 3 character types
31415926 Good 8 characters in length meets the minimum for a single
character type password
1122332211 Bad Although this password is appropriate in length, it is a
palindrome.
Network Bad Although it is appropriate in length and is mixed case, it is a
dictionary word.
Admin223 Good Contains mixed text of appropriate length.
Li!tt!le Bad Contains a dictionary word
Qwerty Bad Contains keyboard sequence
Zaq1xsw2cde3vfr4 Bad Too simplistic and too sequential

5rtgvb
q1w2bghn975lhkp Good Meets minimum length, is complex, and does not contain any
o5tgx45tym4sj0 dictionary words or palindromes.
Li!tfeL Contains a reverse dictionary word (Left)

Password Issues 333
Additional Notes About Passwords

If Authentication is applied via TACACS or RADIUS, those individuals
attempting login whose ID’s exist within the authentication server will
be required to use the passwords associated with that authentication
server. If the ID does not exist within the authentication server, the
login request will be forwarded to the next identified authentication
method (local – if set) and they will be authenticated to that database.
Password changes to the Expand administrative account also affect
access to the kernel when using the start-shell command, but do NOT
impact the password associated with root access within WAFS.
Password changes to the root password appear to impact the root
access in both kernels.
Maximum length for a WAFS password is 15 characters.
R ev isi o n 3. 0
Checking the Event Log

The first thing to do when you encounter problems with Accelerator performance is
to check the Event log for any unusual errors.
The following logging levels are supported:
For Informational messages, see Checking Info Events, on page 334.
To check if Warning conditions exist, see Checking Warning Events,
on page 334.
If you think Error conditions exist, see Checking Error Events, on
page 334.
If you think you have Unit failure, see Checking Fatal Events, on page
335.
These levels are related to the severity levels used by email and broadcast
functions. When used with these, the user can define the minimum and maximum
event logging (range) that will be emailed or broadcasted.
Checking Info Events

Info events notify regarding status changes that occur in the normal operation of
the system, for example:
06-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1,
direction outbound
Checking Warning Events

Warning events identify issues or configuration errors within the Accelerator. The
system continues to run, but action may be required to return the Accelerator to
normal operating standards, for example:
06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has
failed due t11
Checking Error Events

Error events occur sporadically, but the Accelerator easily recovers from them, for
example:
06-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16,
Error:Warning

Checking the Event Log 335
Checking Fatal Events

Fatal events are events for which you have to take corrective action in order to
return the Accelerator to operation, for example:
06-Jun-07 07:37:59 <fatal> #1 TWDSupervisor.cpp(26)
TWDSupervisor:TWDSupervisor Watch Dog: Reboot system due to a failure
of client, named: TelnetDaemon.
The Accelerator event log records changes in the state of Accelerator links and
changes to configuration, saving them in a list format. In the CLI, use the following
commands to view events.
ACC1# show events
06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed
due t11,
06-Jun-07 10:29:07 <WARNING> #1 _peer.cppLink 222.0.0.1 status
changed from acc
29-Jun-07 10:19:19 <INFO> #2 Link ID 1 was Updated
29-Jun-07 10:20:51 <INFO> #1 Subnets for Remote link CP Id 1 changed
29-Jun-07 10:38:41 <INFO> #1 Link 1 was Added
29-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction
outbound
29-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16,
Error:Warning
Studying Log Message Formats

Log messages are displayed in the following format:
TIMESTAMP: <LEVEL of SEVERITY> #OCCURRENCE: Message-text;
Timestamp: Log date and time, in the following format: dd/mmm/
yy hh:mm:ss
Level of Severity: Debug, information, warning, error, or fatal.
Occurrence: The number of times this log has been recorded.
Message-text: Text string containing detailed information about the
event being reported.
Check the Accelerator’s system time when viewing any event the Accelerator
generates. All events are given a timestamp relative to the Accelerator’s local
time.
R ev isi o n 3. 0
To view the Accelerator system time:

ACC1#show clock
System time is: THU SEP 04 17:37:57 2003
Time zone offset: 0 minutes

Displaying Information for Troubleshooting 337
Displaying Information for

Troubleshooting
The Accelerator’s Show Tech-Support command lets you aggregate all necessary
troubleshooting information in the Accelerator via one simple command - providing
a window into the Accelerator’s inner workings and configuration. See Gathering
Statistics for Technical Support, on page 354 for information on gathering and
saving information that the technical support team will require prior to opening a
case. To create a compressed archived file, see Displaying Statistics in a
Compressed, Archived File, on page 337.
Displaying Statistics in a
Compressed, Archived File
The statistics displayed by using the method described above is one of the logs that
you can concentrate to create one compressed archive file. For details, see section
Archiving Log Files, on page 358.
R ev isi o n 3. 0
Checking the Link Status

The status of the link may point to the source of a problem. An initial probe is used
during the Accelerator’s initial link connection stage. If this probe fails, it attempts to
retry until the Accelerator responds. If a link is inactive, a keepalive will be
automatically sent to the remote Accelerator. If 10 keepalive packets do not receive
a response, the Accelerator assumes that the remote Accelerator is down and the
local Accelerator automatically passes the link traffic transparently through to the
WAN.
ACC1# show interface link summary
--------------------------------------------------------
LINK|DEST IP ADDRESS|DESCRIPTION|BANDWIDTH|LINK STATUS
----+---------------+-----------+---------+-----------
1 | 10.2.0.6 | L-10.2.0.6|15000/N/A |dropped
non | N/A | non-link | 100000/ N/A | virtual
---------------------------------------------------------
Link Status states are as follows:

Link Status
Initialize The remote Accelerator is initializing.
Inactive The remote Accelerator is not active.
Trying to Connect Link is establishing connection.
Negotiating Link parameters are being negotiated (cache size, and so on).
Remote Found Link is active.
Accelerating Link is active and acceleration is on.
Active Link is active and the link is tunnelling but not accelerating traffic. Active
can be either No local license, meaning that the link is inactive because
the local Accelerator is not properly licensed; or No remote license,
meaning that the remote Accelerator is not properly licensed.
Drop Communication has been lost.
Load Error Internal error occurred during definition of the link in the system.
Virtual A Virtual link (no far-end Accelerator).
Unknown Remote Accelerator is not available.

Checking Ethernet Settings 339
Checking Ethernet Settings

Although Ethernet level compatibility is not an issue unique to the Accelerator, it
should be considered in all hardware installations. If an Accelerator goes into
hardware by-pass, the two devices that are cabled to the Accelerator are directly
connected, and any incompatibilities between them may cause problems.
Ensure that Ethernet settings are correct.
Figure 1: Ethernet Settings diagram

As a symptom of incorrect Ethernet settings, discarded packets and loss of
connectivity may be experienced on the Accelerator. You can check this by using
the appropriate show interface ethernet commands, as follows.
ACC1# show interface ethernet 0/0?
<cr>
continuous output
ACC1# show interface ethernet 0/0
Description.............................ethernet 0/0
MAC.....................................00:02:B3:C8:4E:9C
Hardware type...........................mii
Link mode...............................auto (100Mbit-Full) -
link is up
Link detected...........................yes
Supports auto-negotiation...............yes
Supports link modes.....................10baseT/Half 10baseT/
Full
100baseT/Half 100baseT/Full
R ev isi o n 3. 0
LAN throughput data System Up Since Clear Last 30 Secs

In Bytes 3826461 N/A N/A
In Packets 23240 N/A N/A
Dropped In Packets 0 N/A N/A
Out Bytes 159363519 N/A N/A
Out Packets 1723079 N/A N/A
Dropped Out Packets 0 N/A N/A
Last 30 Secs
LAN throughput data System Up Since Clear
In Frame Error 0 N/A N/A
In Overruns 0 N/A N/A
Dropped In Packets 0 N/A N/A
In Total Errors 0 N/A N/A
Out Collisions 0 N/A N/A
Out Lost Carrier 92 N/A N/A
Out Underruns 0 N/A N/A
Out Total Errors 92 N/A N/A
Command ACC1#show interface ethernet [0 | 0/0 | 0/1]

[continuous]
Description Lists all ethernet interface configuration and statistics information per interface, 0, 0/
0 and 0/1. Continuous enables the entire output instead of one screen at a time.
Parameters Enter the interface port number and continuous if you want the entire output in a
scrolling window.
Example ACC1#show interface ethernet 0 Continuous
with Syntax
Ensure that Speed and Duplex settings are set correctly. Expand recommends
using the following command to manually set Speed and Duplex values:
Command l in k -m od e
1 00 M bi t- f ul l 1 00 M e ga bi t f ul l d up l ex
10 0 Mb it - ha lf 10 0 M eg a b it ha lf du p le x
10 M bi t- f ul l 1 0 Me g a b it f u ll d u pl e x
10 M bi t- h al f 1 0 Me g a b it h a lf d u pl e x
au t o A ut o

Checking Ethernet Settings 341
Description Enters the mode to set Ethernet interface 0 parameters.

Parameters No additional parameters necessary
Example AC C 1# co nf i gu re
with Syntax
AC C 1( c on fi g )# i n te r fa ce et he r ne t 0
AC C 1( i nt er f ac e) # l i nk -m o de 1 0 Mb i t- ha l f
R ev isi o n 3. 0
Checking Lack of Acceleration

If applications are not being accelerated, often the source of the problem is missing
information in the subnets, links and routing tables. Check the following tables to
ensure that they contain everything they should:
Subnets table—contains all subnets that are part of the Accelerator’s
network that need to be advertised.
Links table—contains all remote networks that the Accelerator is
aware of for Acceleration and QoS, and remote networks that have no
Accelerator for QoS only.
Local and Remote Subnets—use the CLI show subnets command to
view all local and remote subnets known to the Accelerator.
Routing table—must list all next hops necessary to reach all remote
networks.
If acceleration percentages are not as expected, it is often due to one or more of
the following reasons:
Traffic is not associated with the correct link
Another link is being used
QoS classification (application definition) is wrong
QoS rule order is incorrect for the setup
Check link utilization - if the link is underutilized, check for greedy
applications
Accessing Remote Devices

If all necessary connections have been made, but the Accelerator is still not
functioning as expected, use the tools Sending a Ping to the Remote Accelerator,
on page 353 and Sending a Traceroute Packet, on page 353 to check routes to
remote Accelerators and networks.
Can you access a remote device?
Can you access the remote Accelerator?
Can you access the remote router?
From the remote Accelerator, can you ping its router?

Checking Link Malfunction 343
Checking Link Malfunction

If the link is not operating as expected, ensure that the Accelerator configuration
reflects the hardware and software infrastructure. Some external devices may
require that the Accelerator be transparent - consider using RTM encapsulation.
Perhaps performance is being affected by misapplied MPLS or load balancing in
the network.
Consider the following:
Is by-pass disabled on the other side of the link?
Are the bandwidth settings correct?
Is Acceleration enabled on both sides of the link?
Is the MTU size set correctly and not larger than the maximum MTU of
the link path?
Are the correct subnets advertised to the remote site?
Is there bandwidth oversubscription on the WAN or on a link?
Are packets being dropped on the link?
In case there is a firewall in the path, are IPComp and TCP port 1928
open?
Is the correct link destination address configured?
R ev isi o n 3. 0
Checking for a Corrupted Terminal

If the terminal settings become corrupted, exit to the login prompt and log into the
Accelerator as the user named 'r' with no password. This will reset the terminal
settings and let you log in as “expand”, as usual.
Ensure that the terminal settings on your terminal emulation are correct: 9600
baud; 8 data bits; no parity; 1 stop bit; no flow control.

Checking HSRP Malfunction 345
Checking HSRP Malfunction

Ensure that you “join” the HSRP group. In AcceleratorOS 5.0 and
above, after HSRP group parameters are updated, the Accelerator
must join the group. In the CLI this is accomplished using the join
command.
Ensure that the correct HSRP group is configured - check the
configuration on the other units in the group.
Ensure that the correct Priority is configured so the Accelerator does
not conflict with the same priority on another unit in the group.
Ensure that the correct virtual IP address is configured.
If authentication is used, ensure that you use the same password
(default cisco)
R ev isi o n 3. 0
Checking QoS Malfunction

QoS on a non-link: if QoS is not functioning as expected for non-link
traffic, it could be due to the definition of the local subnet. If a local
subnet is not defined as LOCAL, the Accelerator QoS and monitoring
features do not function properly. Ensure that all local subnets are
defined as local.
Ensure that the bandwidth statements on the links are correct.
Check that the policy rules are applied on the correct links.
Check that the application definitions are correct.

Chapter 13: Using the Accelerator Tools
The Accelerator Tools let you manage AcceleratorOS upgrade versions, save and
replace the Accelerator’s configuration file and perform tasks such as traceroute
and ping.
This chapter contains the following sections:
Upgrading the AcceleratorOS Software, on page 348
Using the Configuration Tools, on page 350
Using the General Tools, on page 352
Managing User Files, on page 356
Viewing System Information, on page 357
Archiving Log Files, on page 358
Accdump, on page 359
348 C h ap t er 13: Using the Accelerator Tools
Upgrading the AcceleratorOS

Software
You can upgrade the AcceleratorOS software by uploading software from a remote
server or from the local drive.
To upgrade software:
1. Click on the Tools tab, followed by Upgrade.
2. Scroll down in the Copy method field, to select the way the file will be copied
(FTP, TFTP or HTTP).
3. In the fields provided, enter the User Name, Password and IP address of the
device from which the files are to be copied.
4. Enter the path to the file, followed by the file name (the file will be a *.tgz file).
5. Click the Submit button to copy the file to the user area.
6. Reboot the Accelerator with the new file name.
After rebooting, the Accelerator extracts the file and runs it.
7. Select Locally stored on Accelerator to upgrade to an AcceleratorOS version
that is stored locally on the Accelerator, in case of a hard drive-based
Accelerator. Alternatively, if your Accelerator uses a Compact Flash card, at least
10 MB of free space is provided on the card for file extraction.
Figure 1: Copy Upgrade Package screen

Upgrading the AcceleratorOS Software 349
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that
i
two new preconfigured applications were added in this version that may affect
user-defined applications on the same ports. If applications have been
configured for port of 1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in the preconfigured
application before performing an upgrade.
If an application exists for a list of ports or range of ports that include the
specified port numbers (1928 and 2598), remove these ports from the list or
range, and create applications expand-internal with port 1928, and citrix-ica-sr
with port 2598. Then change the policy-rules to match also this application.
R ev isi o n 3. 0
Using the Configuration Tools

Changes made to the Accelerator’s configuration are automatically saved to the
Accelerator’s Running Configuration and are applied until changed or until the
Accelerator is shut down.
Any changes that you want to remain configured on the Accelerator, even after
shutdown, must be saved to the Accelerator’s Startup Configuration.
Figure 2: Configuration Tools screen
To save a startup configuration:

1. In the WebUI, make any changes to be saved.
2. Scroll down in the Copy method field, to select the way the file is copied (FTP,
TFTP or HTTP).
Note: The running configuration is saved as the startup configuration, and

i
therefore all changes made to the Accelerator since its last shutdown are
now saved as the startup configuration
3. Click on Tools, followed by Configuration Tools.

4. Click the Write Startup Configuration button.
To erase the startup configuration saved on the

Compact Flash Card:
2. Click the Erase Startup Configuration button.

Using the Configuration Tools 351
To export the startup configuration:

Exporting the startup configuration opens a web page dialog that displays the
Accelerator’s startup configuration in CLI command format. You can either save this
file for future reference or upload it to other Accelerators.
2. Click the Export Startup Configuration button.
To export the running configuration:

Exporting the running configuration opens a web page dialog that displays the
Accelerator’s running configuration in CLI command format. You can either save
this file for future reference or upload it to other Accelerators.
2. Click the Export Running Configuration button.
To import the startup configuration:

Importing the startup configuration opens a web page dialog that lets you browse to
select a configuration file to be uploaded to the Accelerator.
2. Click the Import Configuration button.
R ev isi o n 3. 0
Using the General Tools

General tools are provided to let you use basic networking tools and commands via
the Accelerator WebUI.
Figure 3: General Tools

The general tools are as follows:
Sending a Ping to the Remote Accelerator, on page 353
Sending a Traceroute Packet, on page 353
Rebooting the Accelerator, on page 354
Gathering Statistics for Technical Support, on page 354

Using the General Tools 353
Sending a Ping to the Remote

Accelerator
The Accelerator lets you use the WebUI to Ping network devices and remote
Accelerators.
To ping a network device:

1. Click Tools followed by General Tools.
2. Under Ping, in the Destination IP Address field, enter the IP address of the
device to which the ping is to be sent.
3. In the Packet Size field, enter the size of the ping packets to be sent (default is
64 bytes).
4. In the Number of Times field, enter the number of times to try sending packets to
the remote device.
5. Click the Ping button.
Sending a Traceroute Packet

The Accelerator lets you send a traceroute packet to network devices and remote
Accelerators from the Accelerator via the WebUI.
To send a traceroute:
2. Under Traceroute, in the Destination IP Address field, enter the IP address of
the device to which the traceroute is to be sent.
3. In the Maximum Number of Hops field, enter the maximum length the packet
can travel before arriving at the designated destination (default is 30).
4. Click the Trace Route button.
R ev isi o n 3. 0
Rebooting the Accelerator

Rebooting the Accelerator does not save changes from the current running
configuration to the Startup configuration. The Accelerator reboots using the
previously saved Startup configuration, unless other changes were saved. All users
logged into this machine will be logged out.
To reboot the Accelerator:

2. Under Reboot, click the Reboot button.
3. When prompted, click Yes to continue.
Gathering Statistics for Technical

Support
In the unlikely event of Accelerator malfunction or error, it may be necessary to
gather many statistics for Expand Networks’ Technical Support. You can use one
command to gather all of the necessary information. To create a compressed
archived file, see Displaying Statistics in a Compressed, Archived File, on page
337.
To view Accelerator troubleshooting statistics:

1. Click on Tools, followed by General Tools.
2. Click the Show Technical Support button.
The Technical Support dialog box appears, it may take a minute to load.

Using the General Tools 355
Figure 4: Troubleshooting Information

3. Click the Save button to save this data in the requested location, as either a text
or an HTML file.
4. Send an E-mail to technical support at TAC@expand.com and attach the file.
Alternatively, you can contact customer support in the methods described in
Contacting TAC, on page 405.
5. Click the Print button to print the data.
6. Click Close to close the pop-up.
R ev isi o n 3. 0
Managing User Files

The User Files screen lets you manage the files that are located in the User Area
of your Flash card (or hard drive, for hard drive-based Accelerators).
If more space is needed on the Flash card/hard drive, you can use the User Files
screen for deleting unneeded files.
The date listed for the file is the date when the file was copied.
Figure 5: User Files screen
To remove files from the Flash card or hard drive:

1. Click Tools followed by User Files.
2. Highlight the files to be deleted.
3. Click the Delete button.

Viewing System Information 357
Viewing System Information

The System Information screen lets you view information regarding several aspects
of the system, such as the CPU operating frequency and model name as well as
CPU and Memory Utilization Information.
To display system information in the Accelerator’s WebUI, click Tools followed by
System Information.
Figure 6: CPU and Memory Information screen

Almost all parameters shown in this screen are for display only and cannot be
changed. The only parameter that you can set is Requested Maximum Links.
To set up the requested maximum links:

1. Click Setup followed by My Accelerator.
2. Select the Basic tab.
3. Under Basic, click the Advanced Setting Configuration button.
4. In the Maximum Links section, enter a value in the Requested Max Links field.
R ev isi o n 3. 0
Archiving Log Files

The log archiving feature lets you concentrate all existing log archives in the
Accelerator, to create one compressed archive file.
You can create archive files for the following types of logs:
AOS
Webcache
WAFS
Statistics
To create an archive log file:

1. Click Tools followed by Archiving.
Figure 7: Archiving Screen
2. Use the Log Archive Prefix field to set the prefix for the log file you want to create
(default: acclog). The suffix is predetermined by the system (time stamp).
3. Click the Create Log Archive button to create a new log archive.
The newly created log file now appears in the log archive files table.
To download one file or more, select these files in the table and click the
Download button.
To delete one file or more, select these files in the table and click the Delete
button.

Accdump 359
Accdump
i Note: This feature is only available to Accelerators that are configured with a hard
drive.
The Accdump feature lets you download and display tcpdump information from the
system, namely: to intercept and display TCP/IP and other packets being
transmitted or received over a network to which the computer is connected. You
can capture the tcpdump information from various sources, and select whether to
receive this information from all these sources or only from a single source. Note
that once the Accdump is activated a new file will be created for approximately
every 10MB of data. This data is stored in the user area of the Accelerator as a zip
file in the following format/location: /user_area/ACCDumpfiles*.zip.
See the following for more information:
Enabling Accdump, on page 360
Deleting Accdump Files, on page 362
Downloading Accdump Files, on page 362
Figure 8: AccDump screen
R ev isi o n 3. 0
Enabling Accdump
For more information on Accdump, see Accdump, on page 359. To download an
Accdump file, see Downloading Accdump Files, on page 362. To delete an
Accdump file, see Deleting Accdump Files, on page 362.
To enable Accdump:
1. Click Tools followed by Accdump.
2. Click on the scroll box near the Accdump field, and select the Enabled option to
start the Accdump operation.
3. Under Interface, select whether to enable all interfaces (Any), none available (N/
A) or a particular interface.
The Interface drop-down menu shows all detected Accelerator interfaces.
Additional ports are shown only for platforms which support multi-port. If optional
panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI
shows only the amount of available ports, as indicated in the following figure:
Figure 9: AccDump Interface Port Selection

4. Under Number of Files, you can select the Auto option, in which case the default
number of files (100) and file size (10MB) is used. Alternatively, select Other and
insert your customized values.
i Note: The number of files cannot exceed 999, and the maximum size of all files
combined must not exceed 1GB. Note too, the files are saved in a cyclic manner.

Accdump 361
5. If you want to use one or more optional flags, enter these flags in the Optional
Flags field. For a detailed description of the optional flags, see TCPDump
Optional Flags, on page 407.
6. If you do not want to dump all of the packets (default), you can use the Filter
Expression field to intercept only packets that come from a specific source or IP
address, are destined to a specific port or IP address, or belong to a specific type.
For some examples, see the following table which also uses the TCP optional
flags as part of the expression for the filter. The entire flag list is found in the
section TCPDump Optional Flags, on page 407:
Filter Expression Explanation

-e -v -s 0 tcp port 1928 or tcp port 80 For all traffic on port 1928 or all TCP traffic on port
80, produce a report that:
• -e: includes the link-level header on each dump
line.
• -s0 includes all TCP sequence numbers
• -v produces (slightly more) verbose output. For
example, the time to live, identification, total
length and options in an IP packet are printed.
Also enables additional packet integrity checks
such as verifying the IP and ICMP header
checksum.
-v host 1.2.3.4 and host 5.6.7.8 For all traffic between the two hosts (1.2.3.4 and
5.6.7.8) produce a report that:
• -v produces (slightly more) verbose output. For
example, the time to live, identification, total
length and options in an IP packet are printed.
Also enables additional packet integrity checks
such as verifying the IP and ICMP header
checksum.
-q net 1.2.3.0 mask 255.255.255.0 For all traffic belonging to network 1.2.3.0/24 produce
a report that:
• -q produces a report that includes less protocol
information so that the output lines are shorter.
7. Use the File Format scroll box to select in which file format the files are to be
saved and downloaded to the local host. The available types are Pcap (saves the
default format) and Enc (reformats the file).
Having set all the requested definitions, you are now ready to enable
Accdump and download the tcpdump files. Alternatively, if you want to
R ev isi o n 3. 0
revert to default values, click the Set Default Values button and
confirm this operation.
9. Click OK to confirm the operation. To stop the Accdump operation, click on the
scroll box near the Accdump field and select the Disabled option. When you
enable the Accdump feature again, all existing Accdump files are deleted.
10. if you want to download the Accdump file, see Downloading Accdump Files, on
page 362.
Deleting Accdump Files

To delete an Accdump file, select the file in the Accdump table and click Delete.
Downloading Accdump Files

To download Accdump files:
1. In the Accdump Files Table, select the checkbox to highlight the files you want to
download.
2. Click the Download button.
You are prompted that downloading the Accdump files will delete the existing
files.
3. Click OK.
The dialog box that appears now requests you to select a location for saving the
file.
4. Select the requested location and click Save.

Appendix A: Pre-Defined Applications
The following table lists all applications that are predefined in the Accelerator, their
port/protocol number and whether they are monitored by the Accelerator by default.
Automatically
Application Port/Protocol Number
Monitored?
tcpmux 1 No
compressnet-mgmt 2 No
compressnet 3 No
echo 7 No
discard 9 No
systat 11 No
daytime 13 No
qotd 17 No
msp 18 No
chargen 19 No
ftp-data 20 Yes
ftp 21 Yes
ssh 22 Yes
telnet 23 Yes
priv-mail 24 No
smtp 25 Yes
nsw-fe 27 No
msg-icp 29 No
msg-auth 31 No
dsp 33 No
priv-print 35 No
time 37 No
rap 38 No
graphics 41 No
nicname 43 No
364 A p pe n di x A: Pre-Defined Applications
Automatically
Application (Continued) Port/Protocol Number
Monitored?
ni-ftp 47 No
auditd 48 No
tacacs 49 No
xns-time 52 No
domain 53 Yes
xns-ch 54 No
isi-gl 55 No
xns-auth 56 No
priv-term 57 No
xns-mail 58 No
priv-file 59 No
ni-mail 61 No
acas 62 No
whois++ 63 No
covia 64 No
tacacs-ds 65 No
sql*net 66 No
gopher 70 No
priv-dialout 75 No
deos 76 No
priv-rje 77 No
vettcp 78 No
finger 79 No
http-www 80 Yes
hosts2-ns 81 No
xfer 82 No
mit-ml-dev 83 No
ctf 84 No
mfcobol 86 No
priv-termlink 87 No
su-mit-tg 89 No
dnsix 90 No
mit-dov 91 No
npp 92 No
dcp 93 No
objcall 94 No
dixie 96 No

365
Automatically
Monitored?
swift-rvf 97 No
tacnews 98 No
metagram 99 No
newacct 100 No
hostname 101 No
iso-tsap 102 No
gppitnp 103 No
acr-nema 104 No
csnet-ns 105 No
3com-tsmux 106 No
snagas 108 No
pop2 109 No
pop3 110 Yes
mcidas 112 No
auth 113 No
audionews 114 No
ansanotify 116 No
uucp-path 117 No
sqlserv 118 No
nntp 119 No
erpc 121 No
smakynet 122 No
ansatrader 124 No
locus-map 125 No
unitary 126 No
locus-con 127 No
gss-xlicen 128 No
pwdgen 129 No
cisco-fna 130 No
cisco-tna 131 No
cisco-sys 132 No
ingres-net 134 No
endpoint-mapper 135 No
profile 136 No
netbios-ns 137 Yes
netbios-dgm 138 Yes
netbios-ssn 139 Yes
R ev isi o n 3. 0
Automatically
Monitored?
emfis-data 140 No
emfis-cntl 141 No
bl-idm 142 No
imap2 143 Yes
uma 144 No
uaac 145 No
iso-tp0 146 No
iso-ip 147 No
jargon 148 No
aed-512 149 No
sql-net 150 No
bftp 152 No
netsc-prod 154 No
netsc-dev 155 No
sqlsrv 156 No
knet-cmp 157 No
pcmail-srv 158 No
nss-routing 159 No
snmp 161 Yes
snmptrap 162 Yes
xns-courier 165 No
s-net 166 No
namp 167 No
rsvd 168 No
send 169 No
print-srv 170 No
multiplex 171 No
cl-1 172 No
xyplex-mux 173 No
mailq 174 No
vmnet 175 No
genrad-mux 176 No
nextstep 178 No
bgp 179 No
ris 180 No
unify 181 No
audit 182 No

367
Automatically
Monitored?
ocbinder 18 No
ocserver 184 No
remote-kis 185 No
kis 186 No
aci 187 No
mumps 188 No
qft 189 No
gacp 190 No
prospero 191 No
osu-nms 192 No
srmp 193 No
irc 194 No
dn6-nlm-aud 195 No
dn6-smm-red 196 No
dls 197 No
dls-mon 198 No
smux 199 No
src 200 No
at-rtmp 201 No
at-nbp 202 No
at-3-5-7-8 203 No
at-echo 204 No
at-zis 206 No
quickmail 209 No
z39-50 210 No
914c-g 211 No
anet 212 No
vmpwscs 214 No
softpc 215 No
cai-lic 216 No
dbase 217 No
mpp 218 No
uarps 219 No
imap3 220 No
fln-spx 221 No
rsh-spx 222 Yes
cdc 223 No
R ev isi o n 3. 0
Automatically
Monitored?
peer-direct 242 No
sur-meas 243 No
daynachip 244 No
link 245 No
dsp3270 246 No
bh-fhs 248 No
ldap 389 Yes
https 443 Yes
smtps 465 No
exec 512 No
login 513 No
shell 514 No
printer 515 No
talk 517 No
ntalk 518 No
ibm-db2 523 No
uucp 540 No
rtsp 554 No
nntps 563 No
banyan-vip 573 No
alternate-http 591, 8008, 8080 No
sshell 614 No
ldaps 636 No
doom 666 No
ftps-data 989 No
ftps 990 No
telnets 992 No
ircs 994 No
pop3s 995 No
notes 1352 Yes
timbuktu-srv 1419 No
ms-sql-server 1433 No
ms-sql-monitor 1434 No
ms-sna-server 1477 No
ms-sna-base 1478 No
citrix-ica 1494 Yes
sybase_sqlany 1498 Yes

369
Automatically
Monitored?
t-120 1503 No
oracl-tns 1521, 1526, 1527 No
ingres-lock 1524 No
oracl-srv 1525 Yes
oracl-coauthor 1529 No
oracl-remdb 1571 No
oracl-names 1575 No
america-online No
h323 1720 No
oracl-em1 1748 No
oracl-em2 1754 No
ms-streaming 1755 No
ms-sms No
ms-mqs 1801, 2101, 2103, 2105 No
oracl-vp2 1808 No
oracl-vp1 1809 No
openwindows 2000 No
gupta-sqlbase 2155 No
cvs-pserver 2401 No
citrix-ica-sr 2598 No
sybase-sqlanywhere 2638 No
ccmail 3264 No
ms-terminal-server 3389 Yes
sap-r3 3200 No
ibm-db2-conn-svc 3700 No
ibm-db2-int-svc 3701 No
ichat 4020 No
pc-anywhere-data 5631 No
xwin Yes
ircu No
vdolive 7000 No
realaudio 7070 No
cu-seeme No
alternate-rtsp 8554 No
the-palace No
quake 26000 No
filenet-RPC 32769 No
R ev isi o n 3. 0
Automatically
Monitored?
filenet-NCH 32770 No
kazaa 1214 No
gnutella-svc 6346 No
gnutella-rtr 6347 No
edonkey 4662 No
radius 1812 No
radius-acct 1813 No
groupwise 1677 No
smaclmgr 4660 No
nameserver 42 No
wins 1512 No
pcanywhere 65301 No
bittorent No
winmx 6699, 6257 No
microsoft-ds 445 Yes
rlp 39 No
re-mail-ck 50 No
la-maint 51 No
bootps 67 No
bootpc 68 No
tftp 69 Yes
kerberos 88 Yes
cfdptkt 120 No
ntp 123 Yes
xdmcp 177 No
ipx-tunnel 213 No
subnet-bcast-tftp 247 No
backweb 370 No
timbuktu 407 No
biff 512 No
who 513 No
syslog 514 No
ip-xns-rip 520 No
streamworks-xing-mpeg 1558 No
citrix-icabrowser 1604 No
h323-gatekeeper-disc 1718 No
h323-gatekeeper-stat 1719 No

371
Automatically
Monitored?
ms-mqs-discovery 1801 No
ms-mqs-ping 3527 No
rtp 5004 No
rtcp 5005 No
pc-anywhere-stat 5632 No
ivisit 9943, 9945, 56768 No
l2tp 1701 No
sgcp 2427 No
hsrp 1985 No
timed 525 No
nfs 2049 Yes
dhcp 546, 547, 647, 847 Yes
mimix-dr1 Yes
mimix-ha1 Yes
mimix-rj 3777 Yes
novel-netware-over-ip 396 Yes
icmp 1 Yes
igmp 2 Yes
ipencap 4 Yes
egp 8 Yes
igp 9 Yes
trunk-1 23 Yes
trunk-2 24 Yes
leaf-1 25 Yes
leaf-2 26 Yes
ipv6 41 Yes
rsvp 46 Yes
gre 47 Yes
ipv6-crypt 50 Yes
ipv6-auth 51 Yes
ipv6-icmp 58 Yes
eigrp 88 Yes
ospf 89 Yes
ipip 94 Yes
pim 103 Yes
scps 105 Yes
ipcomp 108 Yes
R ev isi o n 3. 0
Automatically
Monitored?
ipx-in-ip 111 Yes
vrrp 112 Yes
l2tp-over-ip 115 Yes
stp 118 Yes
isis 124 Yes

Appendix B: Accelerator Integration
Integrating the Accelerator into environments in which third party applications run
on the network sometimes requires a certain amount of fine tuning. This appendix
describes various environments and applications and how to best set them for
Accelerator performance.
This appendix covers the following topics:
Acceleration and Citrix Traffic, on page 374
Configuring NetFlow, on page 383
Disabling Compression on SAP, on page 386
Calculating Acceleration using other Applications, on page 388
374 C h ap t er B: Accelerator Integration
Acceleration and Citrix Traffic

The Accelerator utilizes network resources efficiently and delivers improved
acceleration results for Citrix-hosted applications. Citrix users repeatedly access
the same content from the network. The Accelerator enhances support for Citrix
applications, because acceleration allows more Citrix data to traverse the WAN.
The Accelerator achieves this increase in throughput by:
Consolidating Citrix header data in pure IP implementations: IP
header represents significant overhead in small packets generated by
Citrix. It constitutes almost 30% of the Citrix packet. The Accelerator
removes repeat-header information and sends this data only once
across the network.
Consolidating Citrix payload in all environments: the Accelerator
extracts data from small packets originating from different Citrix users,
and sends packets optimized for specific WAN conditions. The
Accelerator eliminates all redundant data transmissions across the
WAN.
Controlling latency and jitter: the Accelerator reduces latency and
jitter, especially over slow WAN links that are commonly used for
Citrix deployments.
The end result is better, more consistent Citrix performance; and support of up to
four times more Citrix users on the existing infrastructure.
Citrix has its own internal compression mechanism. The results achieved by this
mechanism are not at all comparable to the throughput increase achieved by the
Accelerator. When accelerating Citrix traffic, Citrix’s internal compression
mechanism must be disabled so that the Accelerator can access the original data.
Disabling Citrix NFuse Compression

You can disable Citrix compression on each Citrix client PC, but disabling
compression via the WebUI will cause all links that are not accelerated to become
congested and unusable.

Acceleration and Citrix Traffic 375
To disable Citrix compression:

1. Back up the current copy of the following files: template.ica, launch.vbs,
Clogin.vbs, Chtmllogin.vbs.
2. Copy the two ica files provided here into the following directory:
C:\Program Files\Citrix\NFuse
3. Copy the three vbs files into the following directory:
C:\inetpub\wwwroot\Citrix\MetaFrameXP\site\include\serverscripts
4. This will modify the Web Interface server by creating a drop-down menu on the
login page, which will allow users to specify which type of connection is required.
Any link connected to an Accelerator should be set to No Compression. Links not
connected to Accelerators should be set to With Compression.
5. Restart the World Wide Web service by opening a command prompt and typing:
iisreset
6. Select No Compression for all Accelerated clients in the Web Interface Login
page.
Figure 1: Citrix Login
Disabling Citrix Encryption and

Compression
Citrix is a popular application installed on top of Microsoft’s Remote Desktop
Protocol (RDP) that was created in joint development by Microsoft and Citrix. Citrix,
also referred to as ICA, adds quite a few features that RDP does not have and
therefore is popular for terminal and thin client deployments.
R ev isi o n 3. 0
Both RDP and Citrix can compress traffic sent to and from the servers. However,
these capabilities are limited, and do not perform as well as Expand’s Accelerator.
Both RDP and Citrix can encrypt traffic sent to and from the servers. However,
because encryption is random by definition, its very nature limits the ability of the
Accelerators to remove repetitive data.
Defining Settings on the Server

An administrator can set encryption and compression settings on the server for the
RDP and Citrix connections by modifying the protocol’s properties. For Encryption,
all Citrix and RDP communications to the server must meet the minimal encryption
settings of the ICA and RDP protocol listener. Settings made to the ICA or RDP
listener apply to all traffic and applications.
Setting/checking ICA or RDP listener traffic

To disable compression and encryption in RDP:
1. Open the Terminal Server Configuration console:
All Programs>Administrative Tools>Terminal Server Configuration.
2. In the Connections tab, double-click the RDP-Tcp connection.
3. The RDP-Tcp properties window opens
Figure 2: RDP-TCP Connection Properties

4. Under the General Tab, set the encryption level to Low.

5. Click OK, and close the configuration console.
To use group policies for disabling compression and

encryption in RDP:
1. Open the Default Domain Group Policies on the Domain Controller (AD)
2. Browse to Computer Configurations > Administrative Templates > Windows
Components > Terminal Services > Encryption and Security.
3. Double-click the “Set client connection encryption level” setting.
Figure 3: Properties window

4. Select the option “Enabled” from the radio button.
5. Set the “Encryption Level” to “Low Level”
6. Click OK, and close the configuration console.
Once set, the setting will replicate to the environment. To speed up the process,
you can manually update the group policy by running the following command from
the command line:
gpupdate /force
R ev isi o n 3. 0
To disable compression and encryption in Citrix:

1. Open the Citrix Connection Configuration tool and double click on the ICA-TCP
connection type.
2. Within the Advanced Connection Settings, set encryption to None.
3. For Published Applications, you can configure each application type individually
for encryption.
4. Open the Published Applications Manager tool and view the properties of the
application being used. Click on the Client tab and view the encryption required
from the Client. If the application is already published, the encryption required is
Read only. Publishing the application and recreating the application with the
lowest encryption level of Basic can remove encryption.
Setting the encryption level for Published Applications can require an identical
encryption level from the client. Any company that uses published applications
normally requires a certain encryption level via the Published Applications
Manager. These encryption levels are the same choices available on the client
(see below).
To disable compression and encryption in NFUSE and

NFUSE Elite Server:
Compression and encryption configurations are set during the publishing of the
application and are stored within a file called template.ica. The location of this file
can vary, however it is typically stored on the web server within the web directory
(if necessary, consult with a Citrix administrator for the specific location).
Compression is enabled by default even though there is not a specific entry within
the template.ica file that mentions this.
1. Edit the template.ica file by adding a line entered under the application name that
reads Compress=Off. If multiple applications exist, you have to enter multiple
times the command Compress=Off.
For additional information on turning off compression, see Citrix documentation:
CTX554864 and CTX101865.
2. To disable encryption, publish the application again with the lowest encryption
level of Basic.
3. In addition, if SSL certificates are used for creating secure web connections (web
connections that begin with HTTPS: instead of HTTP), SSL also provides

encryption for the session. Therefore, disabling encryption requires you to

remove SSL.
Speed Screen Latency Reduction Manager

SpeedScreen Latency Reduction Manager allows an administrator to enable
compression for an application depending on the latency of the connection. When
enabled, Citrix will monitor the round trip time for responses to and from the server
and client and enable compression when needed. Remove any configured
application by clicking Delete.
Defining Settings on the Client For

Citrix
NFUSE is controlled via the server, so no settings need to be altered on the client.
Custom Connections and Published Applications allow for changes to be made on
the clients. Each client has a Citrix Program Neighborhood that contains settings for
the connections that can override the settings on the server. For both of these,
deselect compression and set encryption to Basic.
Published applications use a ‘farm’ concept in which these applications can be
grouped together with settings that apply for all the applications. Within the farm
settings, a client can set the encryption and compression.
To disable compression and encryption for ‘farms’:

1. Right-click the farm and choose Application Set settings. Once the Properties
menu is displayed, click on the tab labelled Options to view and/or change the
settings.
2. Each specific published application can also have settings for encryption and
compression.
3. Right click the specific application and choose Application Set settings. Once
the Properties menu is displayed, click on the Options tab to view and or change
the settings.
4. Custom connections are created from the client, and you can use the Properties
page to set all settings during creation or afterwards.
Right-click the custom connection and choose Properties. Once you see the
Properties menu, click on the Options tab to view and/or change the settings.
R ev isi o n 3. 0
For RDP
Only compression can be set on the client and not encryption as previously
discussed regarding the Citrix client. The place to set these values depends on
how the RDP session is being launched. For most environments this will be done
through the Client Connection Manager.
To disable compression on the RDP client:

1. Within the Client Connection Manager, right-click the connection and choose
Properties. Navigate to the Connection Options tab and deselect the box
labelled Enable data compression if it is selected.
2. When the session for RDP is launched from the ‘raw’ Terminal Services Client
icon, the option for compression is presented when choosing the server to log
into.
Turning Compression off in the

PNAgent Client
This section instructs you how to resolve the Citrix PNA problem by turning of
compression in the PNAgent client.
Understanding the PNA Problem

Citrix Program Neighborhood Agent (PNA) is a combination of published
applications and NFUSE. Data compression in the PNAgent is ON by default if the
value disabling it is not present.
Resolving the PNA Problem

Edit the PNAgent template.ica file on the Web Interface server. This template.ica
file is different than the one used by NFUSE, although the same is required for
NFUSE as well.
To edit the PNA template.ica file:

1. Access the template.ica file:
Default location: C:\Inetpub\wwwroot\Citrix\PNAgent\template.ica
If you are unsure of the location on your server, search for the PNAgent directory
and look there for a template.ica file.
2. Add the value Compress=Off under the Application tag, as follows:

[ [ NF us e _A pp N am e ]]
A dd re s s= [N F us e _A pp S er ve r Ad d re ss ]
I n it ia l Pr og r am = #[ NF u se _A p pN a me ]
L o ng Co m ma nd L in e =” [N F us e_ A pp C om ma n dL in e ]”
D e si re d Co lo r =[ N Fu se _ Wi nd o wC o lo rs ]
T r an sp o rt Dr i ve r =T CP / IP
W i nS ta t io nD r iv e r= IC A 3 .0
A u to Lo g on Al l ow e d= On
C o mp re s s= Of f .
Identifying Citrix Layer-7 Applications

Monitoring Citrix/ICA Layer-7 traffic requires each Layer-7 application running
through Citrix to open a separate TCP session; the Accelerator does not support
Citrix session sharing.
Citrix Applications work as follows: Applications are published, meaning that the
Administrator defines certain applications on the server for users to use on their
desktop. The Administrator also assigns names for these applications. The users
can either download the applications and their names from the server, or define
them manually.
When applications are downloaded, for each Citrix application session run between
the client and the server, Citrix creates a TCP session for running the application
and a UDP session that serves as a control for the application.
The Accelerator’s Layer-7 monitoring is aware of both of these sessions, and
identifies the open sessions by the new published application name. If Citrix is
configured to work in single-session (virtual channel) TCP, in which each application
does not open a new TCP session, the Accelerator is unable to access the Layer-7
information it needs.
Note: The Accelerator supports both Automatic and Direct Citrix application
i discovery mode.
When applications are added manually, the Accelerator still has to monitor the
control session (UDP), which is never encrypted or compressed.
R ev isi o n 3. 0
To disable session sharing in the Citrix server:

1. At the command prompt of the Citrix server, open the registry editor by entering
the regedit command.
2. Create the following entry in the server’s registry (which overrides session
sharing):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\WFS
HELL\TWI
3. Add the following value:
Name: SeamlessFlags
Data type: REG_DWORD
Data value: 1
4. Setting this registry value to 1 overrides session sharing.
Note that this flag is SERVER GLOBAL.
Note: When creating Layer-7 Citrix applications in the Accelerator, the application
i names defined must match the application names exactly as entered into the
Citrix server
WARNING! Editing the registry or using a Registry Editor incorrectly can cause
! serious, system-wide problems that may require you to reinstall Windows to
correct them. Microsoft does not guarantee that problems resulting from the
incorrect use of Registry Editor can be solved. Back up your registry first and use
Registry Editor at your own risk.
Due to this requirement, take into account the following considerations:

You are advised to create Citrix Layer-7 applications via the
Monitoring > Layer-7 Discovery menu, where traffic types are
collected and listed, instead of entering them manually.
All Citrix application names entered into the Accelerator must be in
ALL CAPS. This is because in some environments, when the client
communicates with the server, the client converts the published
application name to capitals.

Configuring NetFlow 383
Configuring NetFlow
The following configuration modifications are needed in order to use NetFlow with
the Expand Accelerator. While previous versions of AcceleratorOS included RMON,
the AcceleratorOS 6.0 and up integrates NetFlow support for detailed reporting.
This combination enables extracting statistics like in RMON’s Top Talker.
The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network
Optimization and Planning and Detection of Network Security Violations, as follows.
Studying Traffic Measurement

Traffic Measurement measures usage of relevant traffic activities. NetFlow tracks
network usage, generating a series of statistics for hosts sending data through the
interface. The necessary information is collected by the host running NetFlow by
observing the traffic on the network. This arrangement offloads the processing
requirements from operational nodes to the NetFlow host. All packets in the subnet
are captured and associated with a sender/receiver pair, thereby letting you track all
traffic activities of a particular host. The following are some of the statistics and
reports that you can collect by using NetFlow Traffic Measurement:
DATA SENT /RECEIVED—(TOP 10) the total traffic (volume and
packets) generated or received by the host. The traffic is classified
according to network protocol (IP, IPX, AppleTalk, and so on) and IP
protocol (FTP, HTTP, NFS, and so on).
USED BANDWIDTH—Actual, average and peak bandwidth usage.
IP MULTICAST—Total amount of multicast traffic generated or
received by the host.
TCP SESSIONS HISTORY—Currently active TCP sessions
established/accepted by the host and associated traffic statistics.
UDP TRAFFIC—Total amount of UDP traffic sorted by port.
TCP/UDP - USED SERVICES—List of IP-based services (for example:
open and active ports) provided by the host with the list of the last five
hosts that used them.
TRAFFIC DISTRIBUTION—Local traffic, local to remote traffic, remote
to local traffic (local hosts are attached to the broadcast network).
IP TRAFFIC DISTRIBUTION—UDP vs. TCP traffic, relative distribution
of the IP protocols according to the host name.
R ev isi o n 3. 0
Studying Traffic Monitoring

Traffic Monitoring lets you identify those situations where network traffic does not
comply with specified policies or when it exceeds a defined threshold. In general,
network administrators specify policies that apply to the behavior of elements in the
managed network.
If a monitoring tool has already been implemented on the network, it may be
possible to integrate NetFlow into the existing tool (for example, Concord, and HP
OpenView support NetFlow). Several open source NetFlow software platforms are
available for free download. Expand recommends NTop-XTRA, which can be
downloaded from http://www.openxtra.co.uk/products/ntop-xtra.htm
Some NetFlow collectors, such as Crannog’s NetFlow Monitor, require enabling
SNMP, because the graphs can be interface-based (IF.Index). The Accelerator’s
SNMP feature, even when enabled, does not include the IF.Index for flows because
the Accelerator functions as a bridge. Therefore, the NetFlow Monitor software
does not present any statistics when working with an Accelerator. Use software
that does not require the IF.Index. For example, Crannog software has another
Netflow collector called NetFlow Tracker, which does not require the IF.Index for
the Netflow statistics and works very well with the Accelerator.
When configuring NetFlow on the Accelerator, it is important to specify the version
number.
i Note: Only NetFlow Version 5 is supported.
Configuring Accelerator NetFlow

accelerator#config
accelerator (config) #netflow
accelerator (NetFlow) #?
exit current node
ip ip NetFlow command
no remove collector
show NetFlow parameters
Here is an example of the config needed if 172.16.80.21 is the PC running the
NetFlow application:
accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5
interface ethernet 0/0

Configuring NetFlow 385
accelerator (NetFlow) # show
---------------------------------------------------------
# | COLLECTOR IP | PORT | VERSION | INTERFACE
---------------------------------------------------------
1| 172.16.80.21|2055 | 5 | Ethernet 0/0
Note: In On-Path installations, use Ethernet 0; in On-LAN installations use

i Ethernet 0/1 when configuring NetFlow.
KNOWN LIMITATION—You can enable NetFlow only on ethernet or bridge and not
per link or virtual link.
You can configure only one NetFlow probe.
R ev isi o n 3. 0
Disabling Compression on SAP

If SAP compression must be disabled in order to achieve higher Accelerator
efficiency, the following procedure describes how to disable SAP compression.
1. From My Computer, click on Properties, or from the Control Panel click on
System.
2. Click on Advanced, followed by Environment Variables.
Figure 4: System Properties-Advanced Tab

3. In the Environment Variables window, click the New button.
4. Type TDW_NOCOMPRESS in the Variable Name field, and 1 in the Variable Value
field.

Disabling Compression on SAP 387
Figure 5: New User Variables

To undo this procedure and restore SAP compression, delete this variable, or set
the Variable Value to 0.
R ev isi o n 3. 0
Calculating Acceleration using other

Applications
The following section explains how to calculate the acceleration percentage
achieved on the Accelerator via Excel, by using data captured from a Management
Application other than ExpandView. If you are using ExpandView to monitor
Accelerators, and capture the relevant data, ExpandView will automatically record
the acceleration values, and use the Throughput Recorder for generating the
graphs.
For these reasons it is preferable to use ExpandView for this purpose. Alternatively,
you can use the Private MIB to view acceleration figures via external applications,
such as What’s Up Gold, HP OpenView, or SNMPc, as follows:
ac cI n te rf a ce P er fo r ma nc e In A cc el e ra ti o nP e ri od
OI D: 1. 3. 6 .1 . 4. 1. 3 40 5. 3 .4 . 2. 1. 3 1
Full path:
is o( 1 ). or g (3 ) .d od ( 6) .i n te r ne t( 1 ). pr i va t e( 4) . en te r pr i se s( 1 )
. ex pa n dn et w or k s( 34 0 5) .a c ce l er at o rO s( 3 ). a cc In t er fa c es ( 4) .a c
c In te r fa ce T ab l e( 2) . ac cI n te r fa ce E nt ry ( 1) . ac cI n te rf a ce P er fo r
m an ce I nA cc e le r at io n Pe ri o d( 3 0)
Module: EXPAND-ACCLERETOROS-MIB
Description: Inbound traffic acceleration percentage during last sampling period.
accInterfacePerformanceOutAccelerationPeriod
OI D: 1. 3. 6 .1 . 4. 1. 3 40 5. 3 .4 . 2. 1. 3 4
Full path:
is o( 1 ). or g (3 ) .d od ( 6) .i n te r ne t( 1 ). pr i va t e( 4) . en te r pr i se s( 1 )
. ex pa n dn et w or k s( 34 0 5) .a c ce l er at o rO s( 3 ). a cc In t er fa c es ( 4) .a c
c In te r fa ce T ab l e( 2) . ac cI n te r fa ce E nt ry ( 1) . ac cI n te rf a ce P er fo r
m an ce O ut Ac c el e ra ti o nP er i od ( 33 )
Module: EXPAND-ACCLERETOROS-MIB
Description: Outbound traffic acceleration percentage during last sampling period.
In AcceleratorOS versions lower than 4.0, in which the Private MIB was not
supported, using external applications to view acceleration statistics can be
complex and it may be necessary to follow the method outlined below to avoid
errors being generated by Excel.
Use the standard method for calculating the acceleration percentage:

Calculating Acceleration using other Applications 389
((Raw Data/Accelerated Data)-1) x 100

In low traffic, when keepalives are sent and no data is transferred, this causes the
raw data to be low or the accelerated data to be high, causing Excel to return error
messages, or even negative acceleration figures, as seen in the screen capture
below:
Working with a small amount of data, this does not cause too much of a problem,
as it is quite easy to alter the resulting acceleration figure to a zero. However, when
working with a large amount of data, it will be almost impossible to remove all these
errors, thus resulting in a graph with gaps, and negative acceleration.
To avoid this, you can use the following formula:

=IF({Accelerated Data}=0,"0",IF({Raw Data}<{Accelerated Data},"0",((({Raw Data}/
{Acc. Data})-1)*100)))
Although this looks difficult, the “real” formula is: =IF(D2=0,"0",IF(C2<D2,"0",(((C2/

D2)-1)*100)))
In effect, what this formula tells Excel, is:

If the Accelerated Data value is 0, then the output, or acceleration percentage will
be 0, if the Raw Data value is less than the Accelerated data, then the output will
be 0. Only if neither of these statements is true will Excel calculate the acceleration
percentage.
Although this may be true in terms of the Accelerated Data value being zero, it is a
workaround enabling Excel to calculate the acceleration figures needed to produce
a graph.
R ev isi o n 3. 0

Appendix C: MIME Types
Thousands of possible MIME types can be used as part of Web application

definition. For a definition of and information about MIME types, please see http://
www.faqs.org/rfcs/rfc2045.html,
http://www.iana.org/assignments/media-types and
http://www.faqs.org/rfcs/rfc2046.html.
This appendix provides a a list of some very common MIME types, divided into the
following categories:
Application, on page 392
Audio, on page 397
Image, on page 398
Message, on page 399
Model, on page 400
Multipart, on page 401
Text, on page 402
Video, on page 403
392 C h ap t er C: MIME Types
Application
Application MIME Types
andrew-inset applefile atomicmail
batch-SMTP beep+xml cals-1840
cnrp+xml commonground cpl+xml
csta+xml CSTAdata+xml cybercash
dca-rft dec-dx dialog-info+xml
dicom dns dvcs
EDI-Consent EDIFACT EDI-X12
epp+xml eshop fits
font-tdpfr http hyperstudio
iges im-iscomposing+xml index
index.cmd index.obj index.response
index.vnd iotp ipp
isup kpml-request+xml kpml-response+xml
mac-binhex40 macwriteii marc
mathematica mbox mikey
mpeg4-generic msword news-message-id
news-transmission ocsp-request ocsp-response
octet-stream oda ogg
parityfec pdf pgp-encrypted
pgp-keys pgp-signature pidf+xml
pkcs10 pkcs7-mime pkcs7-signature
pkix-cert pkixcmp pkix-crl
pkix-pkipath postscript prs.alvestrand.titrax-sheet
prs.cww prs.nprend prs.plucker
rdf+xml qsig reginfo+xml
remote-printing resource-lists+xml riscos
rls-services+xml rtf samlassertion+xml
samlmetadata+xml sbml+xml sdp
set-payment set-payment-initiation set-registration
set-registration-initiation sgml sgml-open-catalog
shf+xml sieve simple-filter+xml
simple-message- slate soap+xml
summary

Application 393

spirits-event+xml timestamp-query timestamp-reply
tve-trigger vemmi vnd.3gpp.pic-bw-large
vnd.3gpp.pic-bw-small vnd.3gpp.pic-bw-var vnd.3gpp.sms
vnd.3M.Post-it-Notes vnd.accpac.simply.aso vnd.accpac.simply.imp
vnd.acucobol vnd.acucorp vnd.adobe.xfdf
vnd.aether.imp vnd.amiga.ami vnd.anser-web-certificate-
issue-initiation
vnd.anser-web-funds- vnd.audiograph vnd.blueice.multipass
transfer-initiation
vnd.bmi vnd.businessobjects vnd.canon-cpdl
vnd.canon-lips vnd.cinderella vnd.claymore
vnd.commerce-battelle vnd.commonspace vnd.cosmocaller
vnd.contact.cmsg vnd.criticaltools.wbs+xml vnd.ctc-posml
vnd.cups-postscript vnd.cups-raster vnd.cups-raw
vnd.curl vnd.cybank vnd.data-vision.rdz
vnd.dna vnd.dpgraph vnd.dreamfactory
vnd.dxr vnd.ecdis-update vnd.ecowin.chart
vnd.ecowin.filerequest vnd.ecowin.fileupdate vnd.ecowin.series
vnd.ecowin.seriesreques vnd.ecowin.seriesupdate vnd.enliven
t
vnd.epson.esf vnd.epson.msf vnd.epson.quickanime
vnd.epson.salt vnd.epson.ssf vnd.ericsson.quickcall
vnd.eudora.data vnd.fdf vnd.ffsns
vnd.fints vnd.FloGraphIt vnd.framemaker
vnd.fsc.weblaunch vnd.fujitsu.oasys vnd.fujitsu.oasys2
vnd.fujitsu.oasys3 vnd.fujitsu.oasysgp vnd.fujitsu.oasysprs
vnd.fujixerox.ddd vnd.fujixerox.docuworks vnd.fujixerox.docuworks.bin
der
vnd.fut-misnet vnd.genomatix.tuxedo vnd.grafeq
vnd.groove-account vnd.groove-help vnd.groove-identity-
message
vnd.groove-injector vnd.groove-tool-message vnd.groove-tool-template
vnd.groove-vcard vnd.hbci vnd.hcl-bireports
vnd.hhe.lesson-player vnd.hp-HPGL vnd.hp-hpid
vnd.hp-hps vnd.hp-PCL vnd.hp-PCLXL
vnd.httphone vnd.hzn-3d-crossword vnd.ibm.afplinedata
R ev isi o n 3. 0

vnd.ibm.electronic- vnd.ibm.MiniPay vnd.ibm.modcap
media
vnd.ibm.rights- vnd.ibm.secure-container vnd.informix-visionary
management
vnd.intercon.formnet vnd.intertrust.digibox vnd.intertrust.nncp
vnd.intu.qbo vnd.intu.qfx vnd.ipunplugged.rcprofile
vnd.irepository.package vnd.is-xpr vnd.japannet-directory-
+xml service
vnd.japannet-jpnstore- vnd.japannet-payment-wakeup vnd.japannet-registration
wakeup
vnd.japannet- vnd.japannet-setstore-wakeup vnd.japannet-verification
registration-
wakeup
vnd.japannet- vnd.jisp vnd.kde.karbon
verification-
wakeup
vnd.kde.kchart vnd.kde.kformula vnd.kde.kivio
vnd.kde.kontour vnd.kde.kpresenter vnd.kde.kspread
vnd.kde.kword vnd.kenameaapp vnd.kidspiration
vnd.Kinar vnd.koan vnd.liberty-request+xml
vnd.llamagraphics.life- vnd.llamagraphics.life- vnd.lotus-1-2-3
balance.desktop balance.exchange+xml
vnd.lotus-approach vnd.lotus-freelance vnd.lotus-notes
vnd.lotus-organizer vnd.lotus-screencam vnd.lotus-wordpro
vnd.mcd vnd.mediastation.cdkey vnd.meridian-slingshot
vnd.mfmp vnd.micrografx.flo vnd.micrografx.igx
vnd.mif vnd.minisoft-hp3000-save vnd.mitsubishi.misty-
guard.trustweb
vnd.Mobius.DAF vnd.Mobius.DIS vnd.Mobius.MBK
vnd.Mobius.MQY vnd.Mobius.MSL vnd.Mobius.PLC
vnd.Mobius.TXF vnd.mophun.application vnd.mophun.certificate
vnd.motorola.flexsuite vnd.motorola.flexsuite.adsi vnd.motorola.flexsuite.fis
vnd.motorola.flexsuite.g vnd.motorola.flexsuite.kmr vnd.motorola.flexsuite.ttc
otap
vnd.motorola.flexsuite.w vnd.mozilla.xul+xml vnd.ms-artgalry
em
vnd.ms-asf vnd.mseq vnd.ms-excel
Application 395

vnd.msign vnd.ms-lrm vnd.ms-powerpoint
vnd.ms-project vnd.ms-tnef vnd.ms-works
vnd.ms-wpl vnd.musician vnd.music-niff
vnd.nervana vnd.netfpx vnd.noblenet-directory
vnd.noblenet-sealer vnd.noblenet-web vnd.nokia.landmark+xml
vnd.nokia.landmark+wbx vnd.nokia.landmarkcollection+xml vnd.nokia.radio-preset
ml
vnd.nokia.radio-presets vnd.novadigm.EDM vnd.novadigm.EDX
vnd.novadigm.EXT vnd.obn vnd.omads-email+xml
vnd.omads-file+xml vnd.omads-folder+xml vnd.osa.netdeploy
vnd.palm vnd.paos.xml vnd.pg.format
vnd.picsel vnd.pg.osasli vnd.powerbuilder6
vnd.powerbuilder6-s vnd.powerbuilder7 vnd.powerbuilder75
vnd.powerbuilder75-s vnd.powerbuilder7-s vnd.previewsystems.box
vnd.publishare-delta- vnd.pvi.ptid1 vnd.pwg-multiplexed
tree
vnd.pwg-xhtml-print+xml vnd.Quark.QuarkXPress vnd.rapid
vnd.RenLearn.rlprint vnd.s3sms vnd.sealed.doc
vnd.sealed.eml vnd.sealed.mht vnd.sealed.net
vnd.sealed.ppt vnd.sealed.xls vnd.sealedmedia.softseal.ht
ml
vnd.sealedmedia.softse vnd.seemail vnd.shana.informed.formdat
al.pdf a
vnd.shana.informed.for vnd.shana.informed.interchange vnd.shana.informed.packag
mtemplate e
vnd.smaf vnd.sss-cod vnd.sss-dtf
vnd.sss-ntf vnd.street-stream vnd.sus-calendar
vnd.svd vnd.swiftview-ics vnd.syncml.ds.notification
vnd.syncml.+xml vnd.triscape.mxs vnd.trueapp
vnd.truedoc vnd.ufdl vnd.uiq.theme
vnd.uplanet.alert vnd.uplanet.alert-wbxml vnd.uplanet.bearer-choice
vnd.uplanet.bearer- vnd.uplanet.cacheop vnd.uplanet.cacheop-wbxml
choice-wbxml
vnd.uplanet.channel vnd.uplanet.channel-wbxml vnd.uplanet.list
vnd.uplanet.listcmd vnd.uplanet.listcmd-wbxml vnd.uplanet.list-wbxml
vnd.uplanet.signal vnd.vcx vnd.vectorworks
R ev isi o n 3. 0

vnd.vidsoft.vidconferenc vnd.visio vnd.visionary
e
vnd.vividence.scriptfile vnd.vsf vnd.wap.sic
vnd.wap.slc vnd.wap.wbxml vnd.wap.wmlc
vnd.wap.wmlscriptc vnd.webturbo vnd.wordperfect
vnd.wqd vnd.wrq-hp3000-labelled vnd.wt.stf
vnd.wv.csp+xml vnd.wv.csp+wbxml vnd.wv.ssp+xml
vnd.xara vnd.xfdl vnd.yamaha.hv-dic
vnd.yamaha.hv-script vnd.yamaha.hv-voice vnd.yamaha.smaf-audio
vnd.yamaha.smaf- vnd.yellowriver-custom-menu watcherinfo+xml
phrase
whoispp-query whoispp-response wita
wordperfect5.1 x400-bp xhtml+xml
xml xml-dtd xml-external-parsed-entity
xmpp+xml xop+xml zip

Audio 397
Audio
3gpp AMR AMR-WB

basic BV16 BV32
clearmode CN DAT12
dsr-es201108 dsr-es202050 dsr-es202211
dsr-es202212 DVI4 EVRC
EVRC0 EVRC-QCP G722
G.722.1 G723 G726-16
G726-24 G726-32 G726-40
G728 G729 G729D
G729E GSM GSM-EFR
iLBC L8 L16
L20 L24 LPC
MPA MP4A-LATM mpa-robusta
mpeg mpeg4-generic parityfec
PCMA PCMU prs.sid
QCELP RED SMV
SMV0 SMV-QCP telephone-event
tone VDVI vnd.3gpp.iufp
vnd.audiokoz vnd.cisco.nse vnd.cns.anp1
vnd.cns.inf1 vnd.digital-winds vnd.everad.plj
vnd.lucent.voice vnd.nokia.mobile-xmf vnd.nortel.vbk
vnd.nuera.ecelp4800 vnd.nuera.ecelp7470 vnd.nuera.ecelp9600
vnd.octel.sbc vnd.rhetorex.32kadpcm vnd.sealedmedia.softseal.
mpeg
vnd.vmx.cvsd
R ev isi o n 3. 0
Im age
cgm fits g3fax

gif ief jp2
jpeg jpm jpx
naplps png prs.btif
prs.pti t38 tiff
tiff-fx vnd.cns.inf2 vnd.djvu
vnd.dwg vnd.dxf vnd.fastbidsheet
vnd.fpx vnd.fst vnd.fujixerox.edmics-mmr
vnd.fujixerox.edm vnd.globalgraphics.pgb vnd.microsoft.icon
ics-rlc
vnd.mix vnd.ms-modi vnd.net-fpx
vnd.sealed.png vnd.sealedmedia.softseal.gif vnd.sealedmedia.softseal.jpg
vnd.svf vnd.wap.wbmp vnd.xiff

Message 399
M e ssage
CPIM delivery-status disposition-notification

external-body http news
partial rfc822 s-http
sip sipfrag tracking-status
R ev isi o n 3. 0
Model
iges mesh vnd.dwf

vnd.flatland.3dml vnd.gdl vnd.gs-gdl
vnd.gtw vnd.mts vnd.parasolid.transmit.binary
vnd.parasolid.transmit.text vnd.vtu vrml

Multipart 401
Multipart
alternative appledouble byteranges

digest encrypted form-data
header-set mixed parallel
related report signed
voice-message
R ev isi o n 3. 0
Text
calendar css csv

directory dns ecmascript (obsolete)
enriched example html
javascript parityfec plain
(obsolete)
RED rfc822-headers richtext
rtx sgml t140
troff uri-list vnd.IPTC.NewsML
[IPTC]
vnd.IPTC.NITF xml-external-parsed-
[IPTC] xml entity

Video 403
Video
3gpp 3gpp2 3gpp-tt

BMPEG BT656 CelB
DV example H261
H263 H263-1998 H263-2000
H264 JPEG MJ2
MP1S MP2P MP2T
mp4 MP4V-ES MPV
mpeg mpeg4- nv
generic
parityfec pointer raw
rtx SMPTE292M vc1
R ev isi o n 3. 0

Appendix D: Contacting TAC
Expand Networks is dedicated to delivering both excellent products and customer

support. From our Technical Assistance Center (TAC) to our online Knowledge
Base, we are committed to solving your networking problems. TAC is available to
all partners and registered customers and allows posting support inquiries directly
to Expand’s help desk.
The Expand Technical Assistance Center provides around-the-clock support to
customers worldwide. Customer call center agents answer calls and dispatch
problems to Support Engineers (SEs) for resolution. The SE becomes the call
owner and is responsible for ensuring that the problem is addressed and fixed
quickly. You can open Priority 1 and 2 cases by calling TAC; to open Priority 3
cases, use Expand’s Extranet or Channel Portal.
The TAC works closely with customers to isolate and replicate problems. In a
critical network-down problem, TAC SEs work with customers until their problems
are resolved. In other instances, SEs may replicate a customer's environment in
the TAC laboratory. When deemed necessary, SEs may involve R&D engineers in
order to ensure that problem cases are resolved to the customer's satisfaction. The
TAC includes highly trained engineers, including Cisco Certified Internetwork
Experts (CCIEs) and Microsoft Certified Professionals (MCPs).
Expand Networks wishes to offer you the best tech support it can. To do this, call
our toll free TAC number at:
International: +1-920-490-7337
North America: +1-877-4-EXPAND (877-439-7263)
UK 08004049236
Ireland 1800559803
Netherlands 08000233047
France 0800906560
When contacting the TAC, it is essential that information about the nature of the
problem be at your disposal. To gather Accelerator troubleshooting information,
use the show tech-support command as described in Displaying Information for
Troubleshooting, on page 337.
406 C h ap t er D: Contacting TAC
Figure 1: Opening a Support Case

Appendix E: TCPDump Optional Flags
You may encounter several TCP flags when using TCPDump. The AcceleratorOS
supports the following flags: -A, -e, -f, -l, -O, -p, -q, -R, -S, -t, -u, -v, -x, -X.
This chapter describes the uses of each of these flags.
i Note: The -a flag is not supported when ethereal is used.
-a
Print each packet (minus its link level header) in ASCII. Handy for capturing web
pages.
-e
Print the link-level header on each dump line.
-f
Print `foreign' IPv4 addresses numerically rather than symbolically (this option is
intended to get around serious brain damage in Sun's NIS server --- usually it
hangs forever translating non-local internet numbers).
The test for `foreign' IPv4 addresses is done using the IPv4 address and netmask
of the interface on which capture is being done. If that address or netmask are not
available, either because the interface on which capture is being done has no
address or netmask or because the capture is being done on the Linux “any”
interface, which can capture on more than one interface, this option will not work
correctly.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
Note: The use of the -l flag by the ‘|’ pipe is not supported in the WebUI, and
i
any attempt for such a use results in an error message.
408 C h ap t er E : TCPDump Optional Flags
-O
Do not run the packet-matching code optimizer. This is useful only if you suspect a
bug in the optimizer.
-p
Don't put the interface into promiscuous mode. Note that the interface might be in
promiscuous mode for some other reason; hence, `-p' cannot be used as an
abbreviation for èther host {local-hw-addr} or ether broadcast'.
-q
Quick (quiet?) output. Print less protocol information so output lines are shorter.
-R
Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829).
If specified, tcpdump will not print replay prevention field. Since there is no protocol
version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/
AH protocol.
-S
Print absolute, rather than relative, TCP sequence numbers.
-t
Don't print a timestamp on each dump line.
-u
Print undecoded NFS handles.
-v
When parsing and printing, produce (slightly more) verbose output. For example,
the time to live, identification, total length and options in an IP packet are printed.
Also enables additional packet integrity checks such as verifying the IP and ICMP
header checksum.
-w
When writing to a file with the -w option, report, every 10 seconds, the number of
packets captured.
-x
Print each packet (minus its link level header) in hex. The smaller of the entire
packet or snaplen bytes will be printed. Note that this is the entire link-layer packet,
so for link layers that pad (For example Ethernet), the padding bytes will also be
printed when the higher layer packet is shorter than the required padding.

409
-X
Print each packet (minus its link level header) in hex and ASCII. This is very handy
for analyzing new protocols.
type
qualifiers say what kind of thing the id name or number refers to. Possible types are
host, net and port. For example, `host foo', `net 128.3', `port 20'. If there is no type
qualifier, host is assumed.
dir
qualifiers specify a particular transfer direction to and/or from id. Possible directions
are src, dst, src or dst and src and dst. For example, `src foo', `dst net 128.3', `src
or dst port ftp-data'. If there is no dir qualifier, src or dst is assumed. For some link
layers, such as SLIP and the ``cooked'' Linux capture mode used for the `àny''
device and for some other device types, the inbound and outbound qualifiers can
be used to specify a desired direction.
proto
qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi,
tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. For example, èther src foo', àrp net
128.3', `tcp port 21'. If there is no proto qualifier, all protocols consistent with the
type are assumed. For example, `src foo' means `(ip or arp or rarp) src foo' (except
the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port
53' means `(tcp or udp) port 53'.
[`fddi' is actually an alias for èther'; the parser treats them identically as meaning
``the data link level used on the specified network interface.'' FDDI headers contain
Ethernet-like source and destination addresses, and often contain Ethernet-like
packet types, so you can filter on these FDDI fields just as with the analogous
Ethernet fields. FDDI headers also contain other fields, but you cannot name them
explicitly in a filter expression.
Similarly, `tr' and `wlan' are aliases for èther'; the previous paragraph's statements
about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers.
For 802.11 headers, the destination address is the DA field and the source address
is the SA field; the BSSID, RA, and TA fields aren't tested.]
In addition to the above, there are some special `primitive' keywords that don't
follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All
of these are described below.
R ev isi o n 3. 0
410
More complex filter expressions are built up by using the words and, or and not to
combine primitives. For example, `host foo and not port ftp and not port ftp-data'. To
save typing, identical qualifier lists can be omitted. For example, `tcp dst port ftp or
ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or
tcp dst port domain'.
Allowable primitives are:
dst host host
True if the IPv4/v6 destination field of the packet is host, which may be either an
address or a name.
src host host
True if the IPv4/v6 source field of the packet is host.
host host
True if either the IPv4/v6 source or destination of the packet is host. Any of the
above host expressions can be pre-pended with the keywords, ip, arp, rarp, or ip6
as in:
ip host host
which is equivalent to:
ether proto \ip and host host
If host is a name with multiple IP addresses, each address will be checked for a
match.
ether dst ehost
True if the ethernet destination address is ehost. Ehost may be either a name
from /etc/ethers or a number (see ethers(3N) for numeric format).
ether src ehost
True if the ethernet source address is ehost.
ether host ehost
True if either the ethernet source or destination address is ehost.
gateway host
True if the packet used host as a gateway. I.e., the ethernet source or destination
address was host but neither the IP source nor the IP destination was host. Host
must be a name and must be found both by the machine's host-name-to-IP-
address resolution mechanisms (host name file, DNS, NIS, etc.) and by the
machine's host-name-to-Ethernet-address resolution mechanism (/etc/ethers,
etc.). (An equivalent expression is
ether host ehost and not host host
R ev isi o n 3. 0
which can be used with either names or numbers for host / ehost.) This syntax
does not work in IPv6-enabled configuration at this moment.
dst net net
True if the IPv4/v6 destination address of the packet has a network number of
net. Net may be either a name from /etc/networks or a network number (see
networks(4) for details).
src net net
True if the IPv4/v6 source address of the packet has a network number of net.
net net
True if either the IPv4/v6 source or destination address of the packet has a
network number of net.
net net mask netmask
True if the IP address matches net with the specific netmask. May be qualified
with src or dst. Note that this syntax is not valid for IPv6 net.
net net/len
True if the IPv4/v6 address matches net with a netmask len bits wide. May be
qualified with src or dst.
dst port port
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port
value of port. The port can be a number or a name used in /etc/services (see
tcp(4P) and udp(4P)). If a name is used, both the port number and protocol are
checked. If a number or ambiguous name is used, only the port number is
checked (For example, dst port 513 will print both tcp/login traffic and udp/who
traffic, and port domain will print both tcp/domain and udp/domain traffic).
src port port
True if the packet has a source port value of port.
port port
True if either the source or destination port of the packet is port. Any of the
above port expressions can be prepended with the keywords, tcp or udp, as in:
tcp src port port
which matches only tcp packets whose source port is port.
less length
True if the packet has a length less than or equal to length. This is equivalent to:
len <= length.

412
greater length
True if the packet has a length greater than or equal to length. This is equivalent
to:
len >= length.
ip proto protocol
True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol
can be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp,
udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and
must be escaped via backslash (\), which is \\ in the C-shell. Note that this
primitive does not chase the protocol header chain.
ip6 proto protocol
True if the packet is an IPv6 packet of protocol type protocol. Note that this
primitive does not chase the protocol header chain.
ip6 protochain protocol
True if the packet is IPv6 packet, and contains protocol header with type protocol
in its protocol header chain. For example,
ip6 protochain 6
matches any IPv6 packet with TCP protocol header in the protocol header chain.
The packet may contain, for example, authentication header, routing header, or
hop-by-hop option header, between IPv6 header and TCP header. The BPF code
emitted by this primitive is complex and cannot be optimized by BPF optimizer
code in tcpdump, so this can be somewhat slow.
ip protochain protocol
Equivalent to ip6 protochain protocol, but this is for IPv4.
ether broadcast
True if the packet is an ethernet broadcast packet. The ether keyword is optional.
ip broadcast
True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes
and all-ones broadcast conventions, and looks up the subnet mask on the
interface on which the capture is being done.
If the subnet mask of the interface on which the capture is being done is not
available, either because the interface on which capture is being done has no
netmask or because the capture is being done on the Linux "any" interface, which
can capture on more than one interface, this check will not work correctly.
R ev isi o n 3. 0
ether multicast
True if the packet is an ethernet multicast packet. The ether keyword is optional.
This is shorthand for èther[0] & 1 != 0'.
ip multicast
True if the packet is an IP multicast packet.
ip6 multicast
True if the packet is an IPv6 multicast packet.
ether proto protocol
True if the packet is of ether type protocol. Protocol can be a number or one of
the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp,
ipx, or netbeui. Note these identifiers are also keywords and must be escaped
via backslash (\).
[In the case of FDDI (For example, `fddi protocol arp'), Token Ring (For example,
`tr protocol arp'), and IEEE 802.11 wireless LANS (For example, `wlan protocol
arp'), for most of those protocols, the protocol identification comes from the 802.2
Logical Link Control (LLC) header, which is usually layered on top of the FDDI,
Token Ring, or 802.11 header.
When filtering for most protocol identifiers on FDDI, Token Ring, or 802.11,
tcpdump checks only the protocol ID field of an LLC header in so-called SNAP
format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated
Ethernet; it doesn't check whether the packet is in SNAP format with an OUI of
0x000000. The exceptions are:
iso
tcpdump checks the DSAP (Destination Service Access Point) and SSAP
(Source Service Access Point) fields of the LLC header;
stp and netbeui
tcpdump checks the DSAP of the LLC header;
atalk
tcpdump checks for a SNAP-format packet with an OUI of 0x080007 and the
AppleTalk etype.
In the case of Ethernet, tcpdump checks the Ethernet type field for most of those
protocols. The exceptions are:
iso, sap, and netbeui
tcpdump checks for an 802.3 frame and then checks the LLC header as it does
for FDDI, Token Ring, and 802.11;

414
atalk
tcpdump checks both for the AppleTalk etype in an Ethernet frame and for a
SNAP-format packet as it does for FDDI, Token Ring, and 802.11;
aarp
tcpdump checks for the AppleTalk ARP etype in either an Ethernet frame or an
802.2 SNAP frame with an OUI of 0x000000;
ipx
tcpdump checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC
header, the 802.3-with-no-LLC-header encapsulation of IPX, and the IPX etype in
a SNAP frame.
decnet src host
True if the DECNET source address is host, which may be an address of the form
``10.123'', or a DECNET host name. [DECNET host name support is only
available on ULTRIX systems that are configured to run DECNET.]
decnet dst host
True if the DECNET destination address is host.
decnet host host
True if either the DECNET source or destination address is host.
ifname interface
True if the packet was logged as coming from the specified interface (applies only
to packets logged by OpenBSD's pf(4)).
on interface
Synonymous with the ifname modifier.
rnr num
True if the packet was logged as matching the specified PF rule number (applies
only to packets logged by OpenBSD's pf(4)).
rulenum num
Synonymous with the rnr modifier.
reason code
True if the packet was logged with the specified PF reason code. The known
codes are: match, bad-offset, fragment, short, normalize, and memory (applies
only to packets logged by OpenBSD's pf(4)).
rset name
True if the packet was logged as matching the specified PF ruleset name of an
anchored ruleset (applies only to packets logged by pf(4)).
R ev isi o n 3. 0
ruleset name
Synonymous with the rset modifier.
srnr num
True if the packet was logged as matching the specified PF rule number of an
anchored ruleset (applies only to packets logged by pf(4)).
subrulenum num
Synonymous with the srnr modifier.
action act
True if PF took the specified action when the packet was logged. Known actions
are: pass and block (applies only to packets logged by OpenBSD's pf(4)).
ip, ip6, arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui
Abbreviations for:
ether proto p
where p is one of the above protocols.
lat, moprc, mopdl
Abbreviations for:
ether proto p
where p is one of the above protocols. Note that tcpdump does not currently
know how to parse these protocols.
vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only
true is the packet has the specified vlan_id. Note that the first vlan keyword
encountered in expression changes the decoding offsets for the remainder of
expression on the assumption that the packet is a VLAN packet.
tcp, udp, icmp
Abbreviations for:
ip proto p or ip6 proto p
iso proto protocol
True if the packet is an OSI packet of protocol type protocol. Protocol can be a
number or one of the names clnp, esis, or isis.
clnp, esis, isis
Abbreviations for:
iso proto p

416
l1, l2, iih, lsp, snp, csnp, psnp

Abbreviations for IS-IS PDU types.
vpi n
True if the packet is an ATM packet, for SunATM on Solaris, with a virtual path
identifier of n.
vci n
True if the packet is an ATM packet, for SunATM on Solaris, with a virtual channel
identifier of n.
lane
True if the packet is an ATM packet, for SunATM on Solaris, and is an ATM LANE
packet. Note that the first lane keyword encountered in expression changes the
tests done in the remainder of expression on the assumption that the packet is
either a LANE emulated Ethernet packet or a LANE LE Control packet. If lane
isn't specified, the tests are done under the assumption that the packet is an LLC-
encapsulated packet.
llc
True if the packet is an ATM packet, for SunATM on Solaris, and is an LLC-
encapsulated packet.
oamf4s
True if the packet is an ATM packet, for SunATM on Solaris, and is a segment
OAM F4 flow cell (VPI=0 & VCI=3).
oamf4e
True if the packet is an ATM packet, for SunATM on Solaris, and is an end-to-end
OAM F4 flow cell (VPI=0 & VCI=4).
oamf4
True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or
end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)).
oam
True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or
end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)).
metac
True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta
signaling circuit (VPI=0 & VCI=1).
R ev isi o n 3. 0
bcc
True if the packet is an ATM packet, for SunATM on Solaris, and is on a
broadcast signaling circuit (VPI=0 & VCI=2).
sc
True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling
circuit (VPI=0 & VCI=5).
ilmic
True if the packet is an ATM packet, for SunATM on Solaris, and is on an ILMI
circuit (VPI=0 & VCI=16).
connectmsg
True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling
circuit and is a Q.2931 Setup, Call Proceeding, Connect, Connect Ack, Release,
or Release Done message.
metaconnect
True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta
signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Release, or
Release Done message.
expr relop expr
True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an
arithmetic expression composed of integer constants (expressed in standard C
syntax), the normal binary operators [+, -, *, /, &, |, <<, >>], a length operator, and
special packet data accessors. To access data inside the packet, use the
following syntax:
proto [ expr : size ]
Proto is one of ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp or
ip6, and indicates the protocol layer for the index operation. (ether, fddi, wlan, tr,
ppp, slip and link all refer to the link layer.) Note that tcp, udp and other upper-
layer protocol types only apply to IPv4, not IPv6 (this will be fixed in the future).
The byte offset, relative to the indicated protocol layer, is given by expr. Size is
optional and indicates the number of bytes in the field of interest; it can be either
one, two, or four, and defaults to one. The length operator, indicated by the
keyword len, gives the length of the packet.
For example, èther[0] & 1 != 0' catches all multicast traffic. The expression ìp[0]
& 0xf != 5' catches all IP packets with options. The expression ìp[6:2] & 0x1fff =
0' catches only un-fragmented datagrams and frag zero of fragmented

418
datagrams. This check is implicitly applied to the tcp and udp index operations.
For instance, tcp[0] always means the first byte of the TCP header, and never
means the first byte of an intervening fragment.
Some offsets and field values may be expressed as names rather than as
numeric values. The following protocol header field offsets are available:
icmptype (ICMP type field), icmpcode (ICMP code field), and tcpflags (TCP flags
field).
The following ICMP type field values are available: icmp-echoreply, icmp-
unreach, icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmp-
routersolicit, icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply,
icmp-ireq, icmp-ireqreply, icmp-maskreq, icmp-maskreply.
The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcp-
push, tcp-ack, tcp-urg.
R ev isi o n 3. 0

420
R ev isi o n 3. 0
Appendix F: Command Line Interface
This chapter lists and describes the commands that you can use with the
Command Line Interface (CLI). Unless noted, the commands herein may also be
configured using the WebUI and are referenced accordingly. This chapter is built
hierarchically, based on the tree created in the CLI. For a alphabetical listing of
commands, see the CLI index.
Topics in this chapter include:
Getting Started, on page 422
Configuration Commands, on page 434
Configuring WAFS, on page 604
Configuring Security, on page 669
Technical Information and Trouble Shooting Tools, on page 683
422 C h ap t er F: Command Line Interface
Getting Started
The following command topics are available:
Understanding the CLI Documentation, on page 422
Accessing the CLI, on page 423
Login and Logout Commands, on page 424
Licensing Commands, on page 426
Basic Setup Commands, on page 429
Configuration Settings Commands, on page 430
Customizing the CLI, on page 432
Understanding the CLI

Documentation
The Accelerator CLI enables complete configuration of the Accelerator, including
basic and advanced configuration via a Command Line Interface (CLI). Use of the
CLI is for experts and technicians familiar with CLI configuration that you will see
and use with a typical router or switch.
Each node is documented separately and the commands within are shown in
alphabetical order. Each command node supports specific commands. For
example, the by-pass enable command can only be used within the configuration
node. Command conventions are displayed in tables as shown:
Command Shows the command as seen in the CLI

Description A description of the command is given.
Parameters Any parameters with accepted values is listed. In some cases only
the command is needed. If this is the case, then the words”no
additional parameters are necessary” are displayed.
Example with Syntax An example with parameters is given. In some cases a screen shot
is included.
Related Commands Links to related commands will be listed
The following conventions are used in examples:

The ()# prompt indicates the current command node. For example,
the following prompt indicates you are within the global configuration
node:
Acc1(config)#
Non-printing characters, are in angle brackets < >.

Getting Started 423
Accessing the CLI

To access configuration options:
1. Run your terminal-based application, configuring it as follows:
Baud rate: 9600 bps
Parity: none
Data bits: 8
Stop bits: 1
2. Connect to AcceleratorOS Command Line Interface (CLI). Press <Enter> several
times until the Accelerator prompt is displayed:
accelerator>.
3. Login to the Accelerator
R ev isi o n 3. 0
Login and Logout Commands

Secure Shell (SSH) is an application program that provides authentication and
encryption capabilities for secure Internet communications. This lets you log in to
the Accelerator via SSH, if SSH is installed.
To log into the Accelerator via SSH:

In the Accelerator’s CLI, type the command ssh followed by the Accelerator’s IP
address.
login
Logging into the Accelerator is accomplished in a series of steps.
When accessing the Accelerator from the CLI, at the login prompt, enter your user
name and password. The default user name is expand (case sensitive), and the
default password is Expand (case sensitive).
Command lo g i n:
Pa s s wo r d
Description Logs you into the CLI
Parameters Both login and password are case sensitive
Example lo g i n: e x pa n d
Pa s s wo r d :E x p an d
Related Commands exit, on page 424
exit
At any point you can use the Exit command to log out of the Accelerator. The Exit
command exits each level of the CLI hierarchy one at a time, so you may need to
use the Exit command a number of times to leave the Accelerator session.
Command ex i t
Description Logs you out of the CLI
Parameters No additional parameters are necessary
Example ex i t
Related Commands login, on page 424

Getting Started 425
Basic CLI Actions

You have to enter only enough characters for the Accelerator to recognize the
command as unique, as described in detail below. For example, the following string
is enough for the Accelerator to recognize the show startup configuration command:
Acc1# show startup config
To get help in a terminal session:

1. You can use the question mark (?) and arrow keys to help you enter commands.
2. For a list of available commands under each command, enter a question mark.
For example:
Acc1(config)#?
To complete a command:
To complete a command, enter a few known characters followed by a tab. The
CLI will fill in the missing letters For example if you type and press the Tab key:
Acc1(config)#sh
By pressing the Tab key, the CLI will fill in the following:
Acc1(config)#show
To get a list of acceptable commands or values:

For a list of command variables, enter the command followed by a space and a
question mark for example:
Acc1(config)# show?
To re-display a command previously entered:

To re-display a command you previously entered, press the up-arrow key. You
can continue to press the up arrow key earlier entered commands.
R ev isi o n 3. 0
Licensing Commands
Licensing the Accelerator is accomplished by logging into the Accelerator via the
enable mode by using the show licensing command, as shown in (config) show
licensing, on page 428.
This section contains the following commands:
(config) activate-license, on page 427
(config) interface link refresh-acceleration, on page 440
(config) licensing server, on page 427
(config) show interface link summary, on page 441
(config) show licensing, on page 428

Getting Started 427
(config) activate-license
You must have a valid license key or file which is supplied to you from Expand
Networks. If you use a license key copy it from the letter you receive in your email
and paste it where shown. If you use a license file, FTP it to the /user_area/ of the
Accelerator and note its name.
Command AC C1 ( co nf i g) # a c ti v at e- l ic en s e [ ke y| f il e]
Description Activates an Accelerator’s license via a license key or file.
Parameters Key - copy the license key (supplied via e-mail) and paste it
File - FTP the file and type its name.
Example AC C1 ( co nf i g) # a c ti v at e- l ic en s e k ey
my LI c en Se K eY 39 2
Related Commands • (config) interface link refresh-acceleration, on page 440
• (config) licensing server, on page 427
• (config) show interface link summary, on page 441
• (config) show licensing, on page 428
(config) licensing server

You must be logged into a Virtual Accelerator to be able to use this command.
Make sure that you have connected the Dongle to the Licensing Server.
All Virtual Accelerators require a connection to the licensing server in order to
provide acceleration services. Note that, if for any reason the connection to the
licensing server is lost, the license state will default to a grace-period state,
requiring you to fix the problem before the grace-period ends. Failure to do so will
result in your license being invalidated.
Command A CC 1( c on f ig )# l ic en s in g s er v er [ I P| Ho s t| a ut o-
d is co v er y |f or c e]
Description Connects to the Licensing server by the method entered.
Parameters • A.B.C.D type the licensing server IP address
• WORD type the licensing server hostname
• auto-discovery the Accelerator will automatically discover the Licensing
Server (if it is on the same LAN and connected
• force forces the licensing mechanism activation
Example A CC 1( c on f ig )# l ic en s in g s er v er 1.1.1.1
Related Commands • (config) activate-license, on page 427
• (config) show licensing, on page 428
R ev isi o n 3. 0
(config) show licensing

Shows the licensing state of the Accelerator
Command AC C1 ( co nf i g) # sh ow li ce n si n g
Description Lets you view the entire details of Accelerator’s licensing state, such as the licensed
features and the maximum possible links.
Parameters No additional parameters are required.
Example AC C1 ( co nf i g) # sh ow li ce n si n g
with Syntax
Related Commands • (config) activate-license, on page 427
A c c2 21 _ 10 (c o nf i g) # s ho w l ic e ns in g
D i sp la y w ar n in g s. .. . .. .. . .. . .. .. . .e na b le
W a rn in g d ay s .. . .. .. . .. .. . .. . .. .. . .3 0
A l lo ca t ed m a x l in ks . .. .. . .. . .. .. . .3 75
R e qu es t ed m a x l in ks . .. .. . .. . .. .. . .0
M a x po s si bl e l i nk s. . .. .. . .. . .. .. . .4 00
C u rr en t l ic e ns e s ta t e:
F e at ur e L ic e ns e T im e L ef t
- - -- -- - - -- - -- - - -- - -- -- -
B a nd wi d th Al l ow an c e 1 00 Mb p s Un li m it e d
I P se c D i sa bl e d Un l im i te d
L 7 -Q oS E n ab le d Un l im i te d
W A FS -F B Di s ab l ed Un l im i te d
W A FS -F B D Di sa b le d Un l im it e d
T C P A cc e le ra t io n E n ab l ed U nl i mi te d
W e b Ca c hi n g En a bl ed Un li m it e d
QoS E na b le d U nl i mi te d
L a st l o ad ed li c en se ke y:

Getting Started 429
Basic Setup Commands

The Basic Accelerator CLI Configuration needed to get the Accelerator up and
running consists of setting the following parameters:
License key—Licensing Commands, on page 426
IP address/subnet mask—Local Interface Commands, on page 436
IP default gateway—(local interface) ip default-gateway, on page 438
Hostname—(local interface) hostname, on page 437
Deployment—(local interface) deployment, on page 436
Link destination—(config) interface link, on page 440 and (link) link
destination, on page 442
Link bandwidth—(link) bandwidth number, on page 442
R ev isi o n 3. 0
Configuration Settings Commands

The following commands are explained:
(config) write, on page 430
(config) show running-config, on page 430
(config) write
Command ACC1(config)#wr it e
Description Saves the basic configuration as the startup configuration. [Mandatory]
Parameters No additional parameters
Example ACC1(config)#wr it e
with Syntax
Related Commands (config) show running-config, on page 430
(config) show running-config
Command ACC1(config)#s ho w r un n in g- c on fi g
Description Displays the configuration that was set to the Accelerator. This is optional
Example ACC1(config)#s ho w r un n in g- c on fi g
with Syntax
Related Commands (config) write, o n p ag e 4 30
ACC1(config)#s ho w r un n in g- c on f ig
AcceleratorOS, Accelerator 4900 Series

Version: v6.1 (0) (Build 5.29)
login: expand
Password: Expand
Version: 6.3.2
accelerator> enable
accelerator# configure terminal
accelerator(config)# activate-license key ENX1-FUXF-HBJ2-
K3Y6
License successfully activated.
The new License state is:
Feature License Time Left
Getting Started 431
------- ------- ---------

Bandwidth Allowance 45 Mbps Unlimited
Last loaded license key: ENX1-FUXF-HBJ2-K3Y6
accelerator(config)# interface local
accelerator(local interface)# hostname ACC1
ACC1(local interface)# ip address 10.1.0.6 255.255.0.0
ACC1(local interface)#ip default-gateway 10.1.0.1
ACC1(local interface)#deployment onpath
ACC1(local interface)#exit
ACC1(config)#wan default
ACC1(wan)#bandwidth 256 kbps
ACC1(wan)#exit
ACC1(config)#interface link
ACC1(LINK)#link destination 10.2.0.6
ACC1(LINK)#bandwidth 128
ACC1(LINK)#encapsulation transparent
ACC1(LINK)#exit
ACC1(config)#write
ACC1(config)show running-config
R ev isi o n 3. 0
Customizing the CLI

You can customize the CLI banner for your viewing pleasure.
The standard banner appears as follows:
Connected to 10.0.32.99...
AcceleratorOS, Accelerator 6800 Series
Version 6.3.2 (Build3.53)
copy banner, on page 432
(config) banner apply, on page 433
copy banner
You can customize the following fields, which can be displayed as part of the
banner:
Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series,
Serial Number, Software Version, Time and Date.
To customize the fields:

1. Create a text file called banner.txt and save it in /user_area by using the CLI
command:
copy <ftp/scp/tftp/http/sftp> <[path]/banner.txt>
2. In the body of the text file, use the following variables to set the desired values:
Note: Each variable must be preceded by a $ sign.

ii The default banner is:
" $ OE M_ P RO D _N AM E , Ac c el e ra to r $ SE R IE S S er i es ”
“ $ SO FT W AR E _V ER S IO N”
“ ” ( em p ty - li ne )
$OEM_NAME (for example: “expand”)

$OEM_NAME_TITLE (for example: “Expand”)
$OEM_URL (“www.expand.com”)
$OEM_LABEL (“Expand Networks”)
$OEM_LABEL_LTD (“Expand Networks LTD.”)
$OEM_PROD_NAME (“AcceleratorOS”)

Getting Started 433
$OEM_EXTRANET (“extranet.expand.com”)
$PRODUCT_ID (“4820”)
$SERIES (“4800”)
$SERIAL_NUMBER (“0030.0257.0005”)
$SOFTWARE_VERSION (“Version v5.0(7) (Build1.03)”)
$TIME = hh:mm:ss (24-hour format)
$DATE = DD-MMM-YYYY (the day-of-month “DD” is two-digit
number, with leading '0' if needed).
(config) banner apply

Command ACC1(config)#b an n er a p pl y
Description Causes the CLI to use the uploaded banner.
Example ACC1(config)#b an n er a p pl y
with Syntax
Related Commands copy banner, o n pa g e 4 32
R ev isi o n 3. 0
Configuration Commands
The following sections are configurable in this section:
General Commands, on page 435
Local Interface Commands, on page 436
Link Commands, on page 440
Subnet Commands, on page 444
Alias Commands, on page 447
OSPF Commands, on page 449
Router Polling Commands, on page 454
RIP Commands, on page 457
WCCP Commands, on page 462
SNTP Server Commands, on page 467
DHCP Server Commands, on page 468
DHCP Relay Commands, on page 471
WEB Acceleration Commands, on page 473
HTTP Acceleration Commands, on page 476
TCP Acceleration Commands, on page 496
Keep Alive Commands, on page 503
FTP Acceleration Commands, on page 505
Studying a Subnet Configuration Network, on page 511
Ethernet Statistics Display Commands, on page 512
NetFlow Commands, on page 517
QoS Commands, on page 518
Aggregation Class Commands, on page 541
DNS Acceleration Commands, on page 548
Traffic Encryption Commands, on page 556
ARP Commands, on page 562
Additional Commands, on page 564
Link Commands, on page 570
Expand View Commands, on page 577
SNMP Commands, on page 579
Log Commands, on page 582
Log Archives Commands, on page 589
Configuration Tool Commands, on page 591
Accdump Commands, on page 595
RDP Proxy Commands, on page 600

Configuration Commands 435
General Commands
enable, on page 435
config, on page 435
enable
To make any configuration changes to your Accelerator, you must be in
configuration mode. This section describes how to enter configuration mode while
using a terminal or PC that is connected to your router CONSOLE port.
Command ac c el er a to r >e na b le [ M an d at or y ]
Description Enters enable mode. This is necessary for beginning work with the Accelerator. Once
you have entered Enable mode, the prompt at the end of the command line changes
from > to #
Example ac c el er a to r > enable
with Syntax
Related Commands config, on page 435
Enable mode is indicated by the # in the prompt. You can now carry out various
operations in the system, such as deleting data, printing and sending messages.
config
To make any configuration changes to your Accelerator, you must be in
configuration mode. This section describes how to enter configuration mode while
using a terminal or PC that is connected to your router CONSOLE port.
Command ac c 1# co n fi g
Description Enters enable mode. This is necessary for beginning work with the Accelerator. Once
you have entered Enable mode, the prompt at the end of the command line changes
from > to #
Example ac c 1# config
with Syntax
Related Commands enable, o n p ag e 4 35
The config mode is indicated by the (config) in the prompt.
R ev isi o n 3. 0
Local Interface Commands

(local interface) deployment, on page 436
(local interface) hostname, on page 437
(local interface) ip address, on page 437
(local interface) ip address secondary, on page 438
(local interface) ip default-gateway, on page 438
(local interface) routing-strategy, on page 439
(wan) bandwidth, on page 439
(local interface) deployment
Command ACC1(local interface)#d ep l oy m en t

Description Set the deployment type to On-Path or On-LAN.
Parameters Choose the way you want to deploy the Accelerartor. This is dictated by the way you
set-up the Accelerator. For information about On Path deployment see, See “On-
Path”, on page 14. For information about On-LAN deployment, see See “On-LAN”, on
page 14.
Parameters include:
• onpath - for On-path deployment
• onlan - for On-LAN deployment
Example ACC1(local interface)#deployment[onpath]
with Syntax
Related Commands • (local interface) hostname, on page 437
• (local interface) ip address, on page 437
• (local interface) ip address secondary, on page 438
• (local interface) ip default-gateway, on page 438
• (local interface) routing-strategy, on page 439
• (wan) bandwidth, on page 439

(local interface) hostname

To set the device name:
Enter the command string that is shown in the table below:
Command ACC1(local interface)#h os tn a me

Description Sets a name for the Accelerator. Changing the hostname will affect the prompt (in
the Example, the hostname set is ACC1). The hostname can be up to 60
characters, and cannot contain spaces or special characters.
You can also set the hostname from the conf mode.
Parameters Enter up to a 60 character string with no spaces or special characters.
Example ACC1(local interface)#h os tn a me [ ACC1]
with Syntax
Related Commands • (local interface) deployment, on page 436
(local interface) ip address

Note: When executing the ‘no’ command for primary IP address, the IP address
ii
reverts to the AcceleratorOS ‘default IP address - 10.0.99.99/24.
Command A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x
x .x .x . x
or
A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x / x
Description Sets an IP address and subnet mask for the Accelerator.
You can add the parameter secondary after the command, to set this IP address as
the Accelerator’s secondary IP address.
Parameters Valid IP address must be supplied
Example ACC1(local interface)#IP address 10.0.99.99/24
with Syntax
• (local interface) hostname, on page 437
R ev isi o n 3. 0
(local interface) ip address secondary

Command ACC1(local interface)#i p a dd r es s x.x.x.x/xx
secondary
Description Sets a secondary IP for the Accelerator.
Example ACC1(local interface)#IP address 10.0.99.99/22
with Syntax
secondary
(local interface) ip default-gateway

Command AC C1( lo ca l in te rf ac e) # i p d ef au l t- g at ew a y
Description Sets a default gateway for the Accelerator.
Example AC C1( lo ca l in te rf ac e) # i p d ef au l t- g at ew a y
with Syntax
10.0.99.99/24

(local interface) routing-strategy

Command ACC1(local interface)#r ou t in g- s tr a te gy
Description Set the routing strategy to On-Path or On-LAN.
If you select bridge-route, the Accelerator transfers the packets in Layer-2, regardless
of the routing tables. This routing strategy is carried out only in On-Path deployment,
on non-link and local traffic.
Parameters auto for automatic, bridge-route for layer 2 (on-path only) and routing-only for
Example ACC1(local interface)#r ou t in g- s tr a te gy [ auto]
with Syntax
(wan) bandwidth
Command ACC1(wan)#ba n dw id t h
Description Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth.
Parameters A number in Kbps larger than 0 and smaller than 1000000
Example ACC1(wan)#ba n dw id t h 10000
with Syntax
R ev isi o n 3. 0
Link Commands
Commands within this section include:
(config) interface link, on page 440
(config) interface link refresh-acceleration, on page 440
(config) show interface link summary, on page 441
(link) link destination, on page 442
(link) bandwidth number, on page 442
(link) encapsulation ip-comp, on page 442
(link) encapsulation transparent, on page 443
(config) interface link

Command ACC1(config)#i n te rf a ce li nk
Description Creates a link to the remote Accelerator.
Parameters No additional parameters necessary.
Example AC C1( co nf ig )# interface link
with Syntax
Related Commands • (config) interface link refresh-acceleration, on page 440
• (link) link destination, on page 442
• (link) bandwidth number, on page 442
• (link) encapsulation ip-comp, on page 442
• (link) encapsulation transparent, on page 443
(config) interface link refresh-acceleration

Command A CC 1 (c on f ig ) # in t er fa c e l in k 1 r ef r es h -
a cc e le ra t io n
Description Refreshes the interface link. This is necessary when renewing or changing a license.
Parameters No Additional Parameters Needed
Example A CC 1 (c on f ig ) # in t er fa c e l in k 1 r ef r es h -
a cc e le ra t io n
Related Commands • (config) interface link, on page 440

(config) show interface link summary

When the Accelerator license has expired, or if the Accelerator was installed but its
license was not yet activated, the Accelerator’s status is Active, meaning: it would
pass the data but not accelerate it (Work in pass-through mode). Also, if there is an
active license, but the Bandwidth allocation has been exceeded, the Status is
displayed as partial, as shown below:
Command A CC 1( c on f ig )# sh ow in t er fa c e li n k su m ma r y
Description Shows the status of all interfaces.
Parameters No Additional Parameters Needed
Example A CC 1( c on f ig )# sh ow in t er fa c e li n k su m ma r y
• (config) interface link refresh-acceleration, on page 440
ACC1(config)# show interface link summary
Destination
Link Description Bandwidth Link Status
IP Address
1 28.0.214.6 L-28.0.214.6 2000 N/A |active
2 28.0.224.6 L-28.0.224.6 6000 N/A|partial
non N/A non-link 100000 N/A |active
Once you have Renewed or updated the license, you will need to refresh the link in
order to start Accelerating on it. See (config) interface link refresh-acceleration, on
page 440.
R ev isi o n 3. 0
(link) link destination

Command ACC1(link)#l i nk d e st in a ti o n
Description Sets the IP address of the remote device.
Parameters Valid IP address.
Example ACC1(link)#l i nk d e st in a ti o n
with Syntax
100.125.125.2
(link) bandwidth number

Command ACC1(link)#b an dw i dt h number
Description Set the precise bandwidth (in Kbps) of the WAN. 0 is not valid.
Parameters 1-1,000,000 Kbps
Example ACC1(link)#b an dw i dt h number 50000
with Syntax
(link) encapsulation ip-comp

Command ACC1(link)#en ca p su la t io n i p- c om p
Description Sets the link to work with ipcomp encapsulation.
Example ACC1(link)#en ca p su la t io n i p- c om p
with Syntax

(link) encapsulation transparent
Note: Encapsulation settings can be asymmetric. This means that you can set
ii one Accelerator to Router Transparency while setting the other Accelerator to
IPComp in the opposite direction. This is useful when RTM mode is desired and
one of the Accelerators is On-LAN and the other is On-Path. However,
IPCOMP encapsulation will not function if the IPCOMP protocol is blocked by a
firewall. Therefore, ensure that the IPCOMP protocol is not blocked before
selecting either IPCOMP or RTM encapsulation.
Note: Once the link parameters have been modified, saving the parameters
ii requires you to exit the link mode. If after changing the requested parameters
you press Cancel instead of Exit, the parameters are not saved
Command ACC1(link)#e nc ap s ul at i on tr an s pa re n t
[ Op t io na l ]
Description Sets the link to work in router transparent mode. This setting is optional
Example ACC1(link)#e nc ap s ul at i on tr an s pa re n t
with Syntax
R ev isi o n 3. 0
Subnet Commands
This section describes subnet configuration and management.
The section includes the following commands:
(link) link source, on page 444
(link) subnet exclude, on page 444
(subnets) advertise, on page 445
(subnets) advertise, on page 445
(subnets) no network, on page 445
(subnets) show, on page 446
(link) link source

Command ACC1(link)#li n k s ou rc e [ pr i ma r y] [ x .x .x . x]
Description This command lets you define a link source. The valid link source IPs are as follows:
Primary IP, Secondary IP, VLAN IP, HSRP IP and VRRP IP.
Parameters Use only a valid IP addresses
Example ACC1(link)#li n k s o ur c e [ pr i ma r y] [ 10.0.99.99]
with Syntax
Related Commands • (link) subnet exclude, on page 444
• (subnets) advertise, on page 445
• (subnets) no network, on page 445
• (subnets) show, on page 446
(link) subnet exclude

Command ACC1(LINK)#s ub n et e x cl ud e x . x. x. x x .x . x. x
Description Excludes the subnet from the interface.
Parameters Enter the IP address od the subnet
Example ACC1(LINK)subnet exclude 10.0.99.99
with Syntax
Related Commands • (link) link source, on page 444

(subnets) advertise
Command ACC1(SUBNETS)#a d ve rt i se or n o t- ad v er t is e
x. x. x .x x. x. x .x | me t ri c [ number]
Description Sets the subnet to be advertised or not advertised (can optionally add the subnet mask).
Adds a metric value to the subnet.
Parameters Choose advertise to advertise the subnet and not-advertise to not advertise it.
Example ACC1(SUBNETS)#advertise 10.0.99.99/24 | metric
with Syntax
[ 10]
• (link) subnet exclude, on page 444
(subnets) network
Command ACC1(SUBNETS)#ne tw o rk
Description Adds a subnet
Parameters Enter a valid IP address for the subnet, followed by the subnet mask.
Example ACC1(SUBNETS)#ne tw o rk 125.125.2.5 101.120.15.2
with Syntax
(subnets) no network
Command ACC1(SUBNETS)#n o n et w or k x .x . x. x
Description Deletes the subnet (can optionally add the subnet mask).
Parameters Enter the IP address of the subnet
Example ACC1(SUBNETS)#n o n et w or k 10.0.99.99
with Syntax
R ev isi o n 3. 0
(subnets) show
Command ACC1(SUBNETS)#s ho w
Description Displays the configured subnet.
Example ACC1(SUBNETS)#s ho w
with Syntax

Alias Commands
Displays and manages virtual server aliasing. The following commands are
available:
alias show, on page 447
alias set, on page 447
alias map, on page 448
alias map add, on page 448
alias map delete, on page 448
alias show
Displays alias information and manages prefix/suffix for exported names.
Command {hostname}:filecontroller0#alias [show]

Description Shows alias information
Example {hostname}:filecontroller0#alias [show]
with Syntax
Related Commands • alias set, on page 447
• alias map, on page 448
• alias map add, on page 448
• alias map delete, on page 448
alias set
Command {hostname}:filecontroller0#alias set/delete
prefix {prefix}
Description Changes/removes prefix for all exported aliases.
Example {hostname}:filecontroller0#alias set/delete
with Syntax
prefix {prefix}
Related Commands • alias show, on page 447
R ev isi o n 3. 0
alias map
Command {hostname}:filecontroller0#alias map [list]
Description Shows virtual servers alias information
Example {hostname}:filecontroller0#alias map [list]
with Syntax
• alias set, on page 447
alias map add

Command {hostname}:filecontroller0#alias map add
{VSERVER} {ALIAS}
Description Adds an alias to a virtual server. If you are enabling WAFS transparency, do not add an
Alias.
Example {hostname}:filecontroller0#alias map add
with Syntax
{VSERVER} {ALIAS}
alias map delete

Command {hostname}:filecontroller0#alias map delete
{ALIAS}
Description Deletes a virtual server alias.
Example {hostname}:filecontroller0#alias map delete
with Syntax
{ALIAS}

OSPF Commands
The following commands are available:
(config-ospf) area number, on page 449
(config-ospf) authentication-key string, on page 450
(config-ospf) authentication-mode enable, on page 450
(config-ospf) high locality-metric, on page 451
(config-ospf) neighbor, on page 451
(config-ospf) network (ip address), on page 452
(config-ospf) ospf-mode enable, on page 452
(config-ospf) show, on page 453
(config-ospf) area number

Command ACC1(config-ospf)#a r ea n u mb e r or (x.x.x.x)
Description Sets the Area ID for the OSPF group, either as a decimal value or in IP address format
Parameters Enter a valid IP address or area ID
Example ACC1(config-ospf)# 120.129.23.3
with Syntax
Related Commands • (config-ospf) authentication-key string, on page 450
• (config-ospf) authentication-mode enable, on page 450
• (config-ospf) high locality-metric, on page 451
• (config-ospf) neighbor, on page 451
• (config-ospf) network (ip address), on page 452
• (config-ospf) ospf-mode enable, on page 452
• (config-ospf) show, on page 453
R ev isi o n 3. 0
(config-ospf) authentication-key string

Command A CC 1( con fi g- os pf )# a u th en t ic at i on - ke y
s tr in g
Description Sets a non-encrypted authentication password for the Accelerator.
Example A CC 1( con fi g- os pf )# a u th en t ic at i on - ke y
with Syntax
s tr in g
Related Commands • (config-ospf) area number, on page 449
(config-ospf) authentication-mode enable

Command ACC1(config-ospf)# a ut he n ti c at io n -m od e e n ab le /
d is a bl e /M D5
Description Sets the Accelerator to require a password to work with other OSPF devices.
Authentication mode enables MD5 encrypted authentication.
Parameters Enable to enable, disable to disable, MD5 to enable MD5 encrypted authentication
Example ACC1(config-ospf)# a ut he n ti c at io n -m od e e n ab le
with Syntax
• (config-ospf) authentication-key string, on page 450

(config-ospf) high locality-metric

Command ACC1(config-ospf)# h ig h l o ca li t y- me t ri c
[ number] l ow lo c al it y -m et r ic [ number]
Description These two different commands determine a range of subnets to be advertised. If a
subnet is between the high value and the low value, it should be advertised
Parameters Enter a high locality metric and a low locality metric. Make sure that the high locality
metric is a larger number then the low.
Example ACC1(config-ospf)# h ig h l o ca li t y- me t ri c [ 10]
with Syntax
l o w l oc al i ty -m e tr i c [ 5]
(config-ospf) neighbor
Command AC C1 (c on fi g-o sp f) # ne i gh b or x . x. x. x
Description Defines an OSPF neighbor for the Accelerator via the IP address.
Parameters Enter a valid IP address
Example AA CC 1( co nf ig- os pf )# n e ig hb o r 1 00 .1 0 0. 10 . 3
with Syntax
R ev isi o n 3. 0
(config-ospf) network (ip address)

Command A CC 1( con fi g- os pf )# network ( ip a d dr e ss )
x .x . x. x ( su bn e t m as k) x. x. x .x
Description Sets the networks that the Accelerator broadcasts to its OSPF neighbors.
Example A CC 1( con fi g- os pf )# network (ip ad dress)
with Syntax
100 .100.5 0.5
(config-ospf) ospf-mode enable

Command ACC1(config)#ro u te r o sp f
AC C1 (c on fi g- os pf )# ospf-mode
Description Enables OSPF on the Accelerator
Parameters enable to enable, disable to disable.
Example ACC1(config)#ro u te r o sp f
with Syntax
AC C1 (c on fi g- os pf )# ospf-mode enable

(config-ospf) show
Command A CC 1( co nf ig -o sp f) # sh ow
Description Displays OSPF settings.
Example A CC 1( co nf ig -o sp f) # sh ow
with Syntax
R ev isi o n 3. 0
Router Polling Commands

The following options are available:
(config) router-polling, on page 454
(router-polling) router-polling enable, on page 454
(router-polling) poll [protocol name(s)], on page 455
(router-polling) polling-interval, on page 455
(router-polling) router ip, on page 455
(router-polling) snmp version, on page 456
(router-polling) snmp community, on page 456
(config) router-polling
Command ACC1(config)# r o u t e r - p o ll i n g
Description Opens the Router-polling node.
Example AC C1 (c on fi g) # ro ut e r- p ol li n g
with Syntax
Related Commands • (router-polling) router-polling enable, on page 454
• (router-polling) poll [protocol name(s)], on page 455
• (router-polling) polling-interval, on page 455
• (router-polling) router ip, on page 455
• (router-polling) snmp version, on page 456
• (router-polling) snmp community, on page 456
(router-polling) router-polling enable

Command ACC1(router-polling)# r ou t er -p o ll i ng [e n ab le |
di sa b le ]
Description Enables / disables router-polling.
Parameters Enable to enable, disable to disables
Example ACC 1( co nf ig )# r o ut er - po ll i ng en ab l e
with Syntax
Related Commands • (config) router-polling, on page 454

(router-polling) poll [protocol name(s)]

Command ACC1(router-polling)#p o ll [protocol name(s)]
Description Lists the protocols that can be polled.
Parameters Enter a specific protocol name
Example AC C1 (r ou te r- po ll ing )# p ol l [ p ro t o c o l n a me ( s )]
with Syntax
• (router-polling) router-polling enable, on page 454
(router-polling) polling-interval
Command ACC1(router-polling)#p ol l in g- i nt e rv al
Description Sets the frequency with which the router is polled (in seconds). Default is 180 seconds
Parameters Enter a frequency in seconds
Example A CC 1( ro ut er -p ol li ng )# po ll i ng - in te r va l 1 80
with Syntax
(router-polling) router ip
Command ACC1(router-polling)# ro ut e r ip ( x.x.x.x)
Description Sets the IP address of the router to be polled.
Example AC C1 (r ou te r- po ll in g) # ro ut e r ip ( 1 0 0 . 1 0 0 . 5 0 . 5 )
with Syntax
R ev isi o n 3. 0
(router-polling) snmp version

Command ACC1(router-polling)#s n mp v e rs i on [ 1 | 2 c ]
Description Sets the SNMP version to be used for polling the router.
Parameters Enter the SNMP version either 1 or 2c
Example AC C1 (r ou te r-p ol li ng )# sn m p v er si o n [1 ]
with Syntax
(router-polling) snmp community

Command ACC1(router-polling)#s nm p c om m un it y [ name]
Description Sets the SNMP community to be used for polling the router.
Parameters Enter the name of the SNMP community
Example A CC 1( ro ut er -p ol li ng )# po ll i ng -i n te r va l 1 80
with Syntax

RIP Commands
(config) router rip, on page 457
(config-rip) authentication-mode enable, on page 458
(config-rip) authentication-key string, on page 458
(config-rip) network, on page 460
(config-rip) neighbor, on page 458
(config-rip) passive-mode enable, on page 460
(config-rip) rip-mode enable, on page 461
(config-rip) show, on page 461
(config) router rip

Command ACC1(config)#r ou t er r i p
Description Enters the RIP node
Example ACC1(config)#r ou t er r i p
with Syntax
Related Commands • (config) router rip, on page 457
• (config-rip) authentication-mode enable, on page 458
• (config-rip) authentication-key string, on page 458
• (config-rip) network, on page 460
• (config-rip) neighbor, on page 458
• (config-rip) passive-mode enable, on page 460
• (config-rip) rip-mode enable, on page 461
• (config-rip) show, on page 461
R ev isi o n 3. 0
(config-rip) authentication-key string

Command ACC1(config-rip)# a ut he n ti ca t io n -k ey string
Description Sets a non-encrypted authentication password for the Accelerator.
Parameters Enter the name of the authentication key
Example A CC 1( co nf ig -r ip) # a ut he n ti ca t io n -k ey st ri ng
with Syntax
•
(config-rip) authentication-mode enable

Command ACC1(config-rip)# a ut h en ti c at i on -m o de e n ab l e/
d i sa bl e /M D 5
Description Sets the Accelerator to need a password to work with other RIP devices.
authentication mode enables MD5 encrypted authentication.
Parameters Enable to enable, disable to disable
Example A CC 1( co nf ig -r ip )# a ut h en ti c at io n -m o de e n ab le
with Syntax
(config-rip) neighbor
Command ACC1(config-rip)# n ei g hb or x. x. x .x
Description Defines a RIP neighbor for the Accelerator via the IP address.
Example ACC1(config-rip)# n ei g hb or x. x. x .x
with Syntax


R ev isi o n 3. 0
(config-rip) network
Command AC C1 (c on fi g- ri p) # ne tw o rk ( i p a d d r e s s ) x . x. x . x
( s u b n e t m a s k ) x. x . x . x
Description Sets the networks that the Accelerator broadcasts to its RIP neighbors.
Parameters Enter a valid IP address and subnet mask
Example AC C1 (c on fi g- ri p) # network ( i p a d d r e s s ) x . x . x . x
with Syntax
( s u b n e t m a s k ) x. x . x . x
(config-rip) passive-mode enable

Command ACC1(config-rip)# pa s si v e- mo d e [e n ab le |
d is a bl e]
Description Sets RIP to work in Passive mode.
Parameters Enable to enable, Disable to disable
Example ACC1(config-rip)# pa s si v e- mo d e en a bl e
with Syntax

(config-rip) rip-mode enable

Command ACC1(config-rip)#r ip -m o de en a bl e /d is a bl e
Description Enables RIP on the Accelerator
Example ACC1(config)#r ou te r r i p
with Syntax
A CC 1( co nf ig -ri p) # rip-mode en a bl e
(config-rip) show
Command ACC1(config-rip)# s h ow
Description Displays RIP settings
Parameters No additional parameters required
Example ACC1(config-rip)# s h ow
with Syntax
R ev isi o n 3. 0
WCCP Commands
(config) packet-interception wccp, on page 462
(packet interception WCCP) authentication, on page 463
(packet interception WCCP) priority, on page 463
(packet interception WCCP) router-ip, on page 464
(packet interception WCCP) show, on page 464
(packet interception WCCP) tcp-service id, on page 465
(packet interception WCCP) udp-service id, on page 466
(packet interception WCCP) wccp-mode, on page 466
(config) packet-interception wccp

Note that if you have multiple Accelerators deployed on your network the same
WCCP services should be enabled on each appliance.
Command ACC1(config)#p a ck et - in te r ce p ti on wc cp
Description Enters the WCCP configuration node.
Example ACC1(config)#p a ck et - in te r ce p ti on wc cp
with Syntax
Related • (packet interception WCCP) authentication, on page 463
Commands • (packet interception WCCP) priority, on page 463
• (packet interception WCCP) router-ip, on page 464
• (packet interception WCCP) show, on page 464
• (packet interception WCCP) tcp-service id, on page 465
• (packet interception WCCP) udp-service id, on page 466
• (packet interception WCCP) wccp-mode, on page 466

(packet interception WCCP) authentication

Command ACC1(packet interception WCCP)#a ut h en t ic at i on
[n o ne | pa ss w or d word]
Description Sets a password for WCCP authentication.
Parameters None for no password, or enter a password string.
Example ACC1(packet interception WCCP)#a ut h en t ic at i on
with Syntax
pa s sw or d E xp a nd
Related Commands • (config) packet-interception wccp, on page 462
• (packet interception WCCP) priority, on page 463
(packet interception WCCP) priority

Command ACC1(packet interception WCCP)#p r io r it y [0-254]
Description Sets the WCCP priority.
Parameters Enter a number from 0-254
Example ACC1(packet interception WCCP)#p r io r it y 1
with Syntax
• (packet interception WCCP) authentication, on page 463
R ev isi o n 3. 0
(packet interception WCCP) router-ip

Command ACC1(packet interception WCCP)#r ou t er - ip [x.x.x.x]
Description Sets the WCCP router IP address.
Example ACC1(packet interception WCCP)#r ou t er - ip [x.x.x.x]
with Syntax
(packet interception WCCP) show

Command ACC1(packet interception WCCP)#s h ow
Description Displays the status of the WCCP service (activated/deactivated) and the services and
routers’ lists.
Example ACC1(packet interception WCCP)#s h ow
with Syntax

ACC1(packet interception WCCP)#show
The status is shown as in the figure below.
(packet interception WCCP) tcp-service id

Command ACC1(packet interception WCCP)#t cp - se r vi ce id
[51-99]
Description Sets the WCCP TCP service ID.
Parameters Enter a valid ID from 51-99
Example ACC1(packet interception WCCP)#t cp - se r vi ce id 6 0
with Syntax
R ev isi o n 3. 0
(packet interception WCCP) udp-service id

Command ACC1(packet interception WCCP)#u d p- s er vi c e id
[51-99]
Description Sets the WCCP UDP service ID.
Parameters Enter a valid ID from51-99
Example ACC1(packet interception WCCP)#u d p- s er vi c e id 65
with Syntax
(packet interception WCCP) wccp-mode

Command ACC1(packet interception WCCP)#w c cp -m o de [ en a bl e
| d is a bl e]
Description Activates/deactivates WCCP mode.
Example ACC1(packet interception WCCP)#w c cp - mo de en ab l e
with Syntax

SNTP Server Commands

(config) SNTP enable/disable, on page 467
(config) SNTP interval hours, on page 467
(config) SNTP server, on page 467
(config) SNTP enable/disable

Command ACC1(config)#SNTP en ab l e/ di s ab l e
Description Enables the SNTP server.
Example ACC1(config)#SNTP en ab l e
with Syntax
Related Commands • (config) SNTP interval hours, on page 467
• (config) SNTP server, on page 467
(config) SNTP interval hours

Command ACC1(config)#SNTP in te r va l h ou rs [ 1-24] |
m i nu te s [ 1-1440]
Description Polls the SNTP server for time updates by intervals set by this command.
Parameters Enter the time in hours from 1-1440
Example ACC1(config)#SNTP in te r va l h ou rs 24
with Syntax
Related Commands • (config) SNTP enable/disable, on page 467
• (config) SNTP server, on page 467
(config) SNTP server

Command ACC1(config)#SNTP se rv e r [ x.x.x.x]
Description Enter IP address X.X.X.X as the address of the SNTP server.
Example ACC1(config)#SNTP se rv e r 100.100.10.5
with Syntax
Related Commands • (config) SNTP enable/disable, on page 467
• (config) SNTP interval hours, on page 467
R ev isi o n 3. 0
DHCP Server Commands

(config) dhcp, on page 468
(DHCP) enable, on page 468
(DHCP) reload, on page 469
(DHCP) show DHCP, on page 469
(DHCP) show lease, on page 469
(DHCP) test, on page 470
(DHCP) upload, on page 470
(config) dhcp
Command ACC1(config)#dh cp
Description Enters the DHCP node
Example ACC1(config)#dhcp
with Syntax
Related Commands • (DHCP) enable, on page 468
• (DHCP) reload, on page 469
• (DHCP) show DHCP, on page 469
• (DHCP) show lease, on page 469
• (DHCP) test, on page 470
• (DHCP) upload, on page 470
(DHCP) enable
Command ACC1(DHCP)#en a bl e/ d is ab l e
Description Enables or disables the DHCP Server. Enabling the Server requires having a DHCP
configuration file. If this file does not exist, you are prompted to upload it. The DHCP
configuration file should be in the user_area, otherwise you have to use the copy
command to copy it. Alternatively, upload the DHCP configuration file via the WebUI,
thereby copying it directly to the user_area.
Example AC C1 (D HC P) # enable
with Syntax
Related Commands • (config) dhcp, on page 468

(DHCP) reload
Command ACC1(DHCP)#r el o ad [path] [filename]
Description Reloads the DHCP configuration file from the user_area, if you want to update this file
with changes you have made in it.
Parameters Enter a valid path and filename
Example ACC1(DHCP)#reload/user_area/dhcp/dhcpfile
with Syntax
• (DHCP) enable, on page 468
(DHCP) show DHCP

Command ACC1(DHCP)#s ho w D H CP
Description Displays the DHCP status (enabled/disabled).
Parameters no additional parameters necessary
Example ACC1(DHCP)#s ho w D H CP
with Syntax
(DHCP) show lease

Command ACC1(DHCP)#s ho w l ea s e [hostname] [IP address]
Description Displays the end date of the DHCP lease server period.
Example ACC1(DHCP)#s ho w l ea s e [hostname] [IP address]
with Syntax
R ev isi o n 3. 0
(DHCP) test
Command ACC1(DHCP)#t es t [path] [filename]
Description Tests the syntax of the DHCP configuration file.
Parameters Enter a valid path and file name
Example ACC1(DHCP)#test/user_area/dhcp/dhcpfile
with Syntax
(DHCP) upload
Command ACC1(DHCP)#u pl o ad [path] [filename]
Description Uploads the DHCP configuration file from the user_area.
Parameters Enter a valid path and a file name.
Example ACC1(DHCP)#upload /user_area/dhcp/dhcpfile
with Syntax

DHCP Relay Commands

Follow these steps to configure an Accelerator for functioning as a DHCP relay
agent:
(local interface) dhcrelay, on page 471
(local interface) dhcrelay enable, on page 471
(local interface) dhcrelay option, on page 472
(local interface) ip helper address, on page 472
(local interface) dhcrelay

Command ACC1(local interface)#d hc re l ay
Description Enters the DHCP relay node
Parameters No additional parameters needed
Example ACC1(local interface)#d hc re l ay
with Syntax
Related Commands • (local interface) dhcrelay enable, on page 471
• (local interface) dhcrelay option, on page 472
• (local interface) ip helper address, on page 472
(local interface) dhcrelay enable

Command ACC1(local interface)#d hc re l ay en ab l e
Description Enter IP helper address X.X.X.X as the address of the DHCP server
Parameters Enable to enable, Disable to disable, Option to enable the dhcp relay option
Example ACC1(local interface)#d hc re l ay enable
with Syntax
Related Commands • (local interface) dhcrelay, on page 471
R ev isi o n 3. 0
(local interface) dhcrelay option

A DHCP relay agent may receive a client DHCP packet forwarded from a BOOTP/
DHCP relay agent closer to the client and may or may not already have a DHCP
relay agent option on it.
Command ACC1(local interface)#d hc r el ay op t io n

[a pp e nd |d i sc a rd |f o rw ar d |r e pl ac e |d ro p -n o -
ma tc h |m ax - le n gt h]
Parameters • Append - if the append flag is set, the relay agent appends an agent option
field to each request before forwarding it to the server.
• Discard - discards all options sent by another DHCP relay.
• Forward - forwards all options from another DHCP relay.
• Replace - replaces the options sent by another DHCP relay with options set
on the Accelerator.
• Drop-no-match - drops the options without counting the packets.
• Max-length - this is the maximum length allowed.
Example ACC1(local interface)#i p h el pe r a d dr es s 1.1.1.1
with Syntax
• (local interface) dhcrelay enable, on page 471
(local interface) ip helper address

Command ACC1(local interface)#i p h el pe r a d dr es s [IP
address]
Example ACC1(local interface)#i p h el pe r a d dr es s 1.1.1.1
with Syntax
• (local interface) dhcrelay enable, on page 471

WEB Acceleration Commands

Some parameters common to both HTTP and FTP Acceleration are configurable as
follows:
(config) web-acceleration, on page 473
(web-acceleration) cache clear, on page 473
(web-acceleration) cancel, on page 474
(web-acceleration) exit, on page 474
(web-acceleration) http-acceleration, on page 474
(web-acceleration) show, on page 475
(web-acceleration) tcp-acceleration, on page 475
(config) web-acceleration
Command A C C1 (c o nf i g) #w e b- ac c el e ra ti o n
Description Enters Web-Acceleration configuration mode
Example A C C1 (c o nf i g) # web-acceleration
with Syntax
Related Commands • (web-acceleration) cache clear, on page 473
• (web-acceleration) cancel, on page 474
• (web-acceleration) exit, on page 474
• (web-acceleration) http-acceleration, on page 474
• (web-acceleration) show, on page 475
• (web-acceleration) tcp-acceleration, on page 475
(web-acceleration) cache clear

Command A C C1 (w e b- ac c el e ra ti o n) #c a ch e c le a r
Description Clears the HTTP and FTP caches.
Example A C C1 (w e b- ac c el e ra ti o n) # cache clear
with Syntax
Related Commands • (config) web-acceleration, on page 473
R ev isi o n 3. 0
(web-acceleration) cancel
Command AC C 1( c on fi g )# we b -a c ce le r at io n
Description Exits without updating web acceleration parameters
Example AC C 1( c on fi g )# web-acceleration
with Syntax
• (web-acceleration) cache clear, on page 473
(web-acceleration) exit
Command AC C1 ( we b- a cc e le ra t io n) # e x it
Description Exits the web acceleration node
Example AC C1 ( we b- a cc e le ra t io n) # exit
with Syntax
(web-acceleration) http-acceleration
Command A CC 1 (w eb - ac ce l er a ti on ) #h tt p -a c ce le r at io n
Description Enters the HTTP acceleration node.
Parameters No additional parameters are needed.
Example A CC 1 (w eb - ac ce l er a ti on ) # http-acceleration
with Syntax

(web-acceleration) show
Command AC C1 ( we b- a cc e le ra t io n) # sh ow
Description Displays Web-Acceleration parameters.
Example AC C1 ( we b- a cc e le ra t io n) # show
with Syntax
(web-acceleration) tcp-acceleration
Command AC C 1( w eb -a c ce le r at i on )# tc p- a cc e le ra t io n
Description Opens the TCP acceleration node
Example AC C 1( w eb -a c ce le r at i on )# tcp-acceleration
with Syntax
Related • (config) web-acceleration, on page 473
Commands • (web-acceleration) cache clear, on page 473
R ev isi o n 3. 0
HTTP Acceleration Commands

The following configurations are available:
(web-acceleration) http-acceleration, on page 477
(http-acceleration) cache clear, on page 478
(http-acceleration) cache-content, on page 479
(http-acceleration) cache-range, on page 480
(http-acceleration) cache-size, on page 481
(http-acceleration) connect-timeout, on page 482
(http-acceleration) http-acceleration enable, on page 483
(http-acceleration) log-level, on page 484
(http-acceleration) max cached-object-size, on page 485
(http-acceleration) no rule direct, on page 486
(http-acceleration) no rule no-cache, on page 487
(http-acceleration) port, on page 488
(http-acceleration) port-transparency, on page 489
(http-acceleration) proxy outgoing host, on page 490
(http-acceleration) rule direct, on page 491
(http-acceleration) rule no-cache, on page 492
(http-acceleration) show rule direct, on page 493
(http-acceleration) show rule no-cache, on page 494
(http-acceleration) transparency, on page 495

(web-acceleration) http-acceleration
Command AC C 1( w eb -a c ce le r at i on )# h tt p- a cc e le ra t io n
Description Enters the HTTP acceleration node.
Parameters No additional parameters are needed.
Example AC C 1( w eb -a c ce le r at i on )# http-acceleration
with Syntax
Related Commands • (http-acceleration) cache clear, on page 478
• (http-acceleration) cache-content, on page 479
• (http-acceleration) cache-range, on page 480
• (http-acceleration) cache-size, on page 481
• (http-acceleration) connect-timeout, on page 482
• (http-acceleration) http-acceleration enable, on page 483
• (http-acceleration) log-level, on page 484
• (http-acceleration) max cached-object-size, on page 485
• (http-acceleration) no rule direct, on page 486
• (http-acceleration) no rule no-cache, on page 487
• (http-acceleration) port, on page 488
• (http-acceleration) port-transparency, on page 489
• (http-acceleration) proxy outgoing host, on page 490
• (http-acceleration) rule direct, on page 491
• (http-acceleration) rule no-cache, on page 492
• (http-acceleration) show rule direct, on page 493
• (http-acceleration) show rule no-cache, on page 494
• (http-acceleration) transparency, on page 495
R ev isi o n 3. 0
(http-acceleration) cache clear

Command AC C 1( ht t p- a cc el e ra ti o n) #ca ch e c le a r
Description Clears the HTTP Acceleration cache.
Parameters No additional parameters needed.
Example AC C 1( ht t p- a cc el e ra ti o n) # ma x c ac he d -o b je ct -
with Syntax
si z e [n u mb e r in MB ]
Related Commands • (web-acceleration) http-acceleration, on page 477

(http-acceleration) cache-content
Command AC C 1( h tt p- a cc el e ra t io n) #ca ch e -c o nt en t
[e n te r pr is e | i n te r ne t | a ll ]
Description Sets the type of content to be cached:
• Enterprise caches all traffic from links and virtual links.
• Internet caches all traffic on the non-link.
• All caches all link, virtual link and non-link traffic.
Parameters Enterprise, Internet or All, as described above.
Example AC C 1( h tt p- a cc el e ra t io n) #ca ch e -c o nt en t all
with Syntax
• (http-acceleration) cache clear, on page 478
R ev isi o n 3. 0
(http-acceleration) cache-range
Command A CC 1( h tt p- a cc e le ra t io n) # ca c he -r a ng e [ en a bl e
| d is a bl e]
Description Enables or disables (disabled by default) the cache range
Example A CC 1( h tt p- a cc e le ra t io n) # ca c he -r a ng e enable
with Syntax

(http-acceleration) cache-size
Command A CC 1 (h tt p -a c ce le r at io n )# c ac he - si ze [nu m b e r i n
MB]
Description Sets the size of the cache (between 1 and 60 GB). Default is 16 GB.
Parameters Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is
needed for each 1 GB of data cached.
Example A CC 1 (h tt p -a c ce le r at io n )# c ac he - si ze 16
with Syntax
R ev isi o n 3. 0
(http-acceleration) connect-timeout
Command A CC 1 (h t tp -a c ce le r at i on )# c on ne c t- t im eo u t
[ nu m be r ]
Description Sets the amounts of time (in seconds, between 1 and 600) for a client to remain
connected with no traffic being cached. Default is 600 seconds.
Parameters Enter the time amount in seconds, as described above.
Example A CC 1 (h t tp -a c ce le r at i on )# connect-timeout 600
with Syntax

(http-acceleration) http-acceleration enable

Command A CC 1 (h tt p -a cc e le ra t io n )# ht t p- ac c el e ra ti o n
[ en a bl e | d is a bl e]
Description Enables/disables HTTP Acceleration. By default HTTP Acceleration is disabled.
Parameters Enable to enable, disable to disable.
Example A CC 1 (h tt p -a cc e le ra t io n )# http-acceleration
with Syntax
enable
R ev isi o n 3. 0
(http-acceleration) log-level
Command AC C 1( ht t p- ac c el e ra ti o n) #l o g- l ev el [a le r t |
er r or | in fo | w ar ni n g]
Description You can set the Accelerator’s log file to accumulate events that occur in HTTP
Acceleration. To set the type of alerts to be accumulated, set the lowest level of alert to
be logged. By default, logging is disabled. When enabled, the default level is Error.
Parameters Enter the time ammount in seconds, as described above.
Example AC C 1( ht t p- ac c el e ra ti o n) #l o g- l ev el error
with Syntax

(http-acceleration) max cached-object-size

Command AC C1 ( ht tp - ac c el er a ti on ) #m a x ca c he d- o bj e ct -
si ze [n um b er in M B ]
Description Sets the maximum size for objects stored in the cache. Default is 4096 KB.
Parameters Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is
needed for each 1 GB of data cached.
Example AC C1 ( ht tp - ac c el er a ti on ) #m a x ca c he d- o bj e ct -
with Syntax
si ze [n um b er in M B ]
R ev isi o n 3. 0
(http-acceleration) no rule direct

Command AC C 1( ht t p- ac c el er a ti o n) #n o r ul e d i re ct 
Description Deletes a rule.
Parameters Enter a configured regular expression
Example AC C 1( ht t p- ac c el er a ti o n) # no rule direct avaya
with Syntax

(http-acceleration) no rule no-cache

Command AC C1 ( ht tp - ac ce l er a ti on ) #n o ru l e n o -c a ch e 
Description Deletes a specified rule.
Parameters Enter a saved rule.
Example AC C1 ( ht tp - ac ce l er a ti on ) #r ul e n o -c ac h e http://
with Syntax
www.anyurl.com
R ev isi o n 3. 0
(http-acceleration) port
Command A CC 1( h tt p- a cc e le ra t io n) # po r t [p o rt n u mb e r]
Description Sets the default port on which HTTP traffic generally arrives. The default is 80.
Parameters Enter a valid port number
Example A CC 1( h tt p- a cc e le ra t io n) # port 80
with Syntax

(http-acceleration) port-transparency
Note: Preserving the port may have bad implications on outgoing traffic from the
i Web cache. On the other hand, you cannot activate the QoS mechanism
according to the source port, if the source port is not preserved.
Command A C C1 ( ht tp - ac ce l er a ti on )#p or t -t r an sp a re nc y
[ e na b le | di sa b le ]
Description This command configures whether the Client's original source port will be preserved. By
default, port transparency is disabled.
Example A C C1 ( ht tp - ac ce l er a ti on )#p or t -t r an sp a re nc y
with Syntax
enable
R ev isi o n 3. 0
(http-acceleration) proxy outgoing host
Note: After proxy was enabled, disabling DNS requires you to disable proxy
i first.
Command AC C 1( ht t p- a cc el e ra ti o n) # proxy outgoing host

<proxy IP> <proxy listening port>
Description Configures the proxy server IP and listening port. You should configure this command
only if DNS is configured.
Parameters Enter a valid IP address and port If you want to un-configure this port enter the no
command prior.
Example AC C 1( ht t p- a cc el e ra ti o n) # proxy outgoing host
with Syntax
<x.x.x.x> <xxx>

(http-acceleration) rule direct
i Note: You should configure this command only if proxy server is configured.
i Note: You can define multiple rules.
Note: Before configuring a rule direct regular expression, you must configure in the
i client’s browser the same settings configured in the Accelerator.
Command A C C1 ( ht tp - ac ce l er a ti on ) #r ul e d i re ct 
A C C1 ( ht tp - ac ce l er a ti on ) #n o r ul e d ir e ct 
A C C1 ( ht tp - ac ce l er a ti on ) #s ho w r ul e di r ec t 
Description Defining a regular expression that is valid on a URL. For example: rule direct avaya.
When this rule is applied, all requests for the avaya URL will be forwarded directly to the
avaya server, without passing through the proxy server.
Parameters Enter a valid URL
Example A C C1 ( ht tp - ac ce l er a ti on ) # rule direct avaya
with Syntax
R ev isi o n 3. 0
(http-acceleration) rule no-cache
Note: The CLI does not allow regular expression using the following characters:
i # ‘ “ ,. A message error will be displayed as a result of any attempt to insert such
a character.
Note: You should configure this command only if proxy is configured.

i You can define multiple rules.
Command AC C 1( ht t p- ac c el e ra ti o n) #r u le no -c a ch e < ur l
re g ex >
AC C 1( ht t p- ac c el e ra ti o n) #n o r ul e no - ca ch e 
AC C 1( ht t p- ac c el e ra ti o n) #s h ow ru le no -c a ch e

Description Setting a regular expression, valid on a URL, which defines that specific pages will never
be cached. When this rule is applied, upon any request for these pages data will not be
retrieved from the cache, and after these pages were retrieved from the server they will
not be cached.
Example AC C 1( ht t p- ac c el e ra ti o n) #r u le no -c a ch e http://
with Syntax
www.anyurl.com

(http-acceleration) show rule direct

Command A C C1 ( ht tp - ac ce l er a ti on ) #s ho w r ul e di r ec t 
Description Displays the specified rule
Parameters Enter a rule name
Example A C C1 ( ht tp - ac ce l er a ti on ) # show direct avaya
with Syntax
R ev isi o n 3. 0
(http-acceleration) show rule no-cache

Command AC C 1( ht t p- ac c el e ra ti o n) #s h ow ru le no -c a ch e

Description Setting a regular expression, valid on a URL, which defines that specific pages will never
be cached. When this rule is applied, upon any request for these pages data will not be
retrieved from the cache, and after these pages were retrieved from the server they will
not be cached.
Example AC C 1( ht t p- ac c el e ra ti o n) #s h ow ru le no -c a ch e
with Syntax
http://www.anyurl.com

(http-acceleration) transparency
Command AC C 1( h tt p- a cc el e ra t io n) # tr an s pa r en cy [a ut o |
se m i | f ul l ]
Description This command configures the status of the interception proxy.
You can configure the interception proxy as transparent, thereby preventing the detection of
the proxy server’s IP address by sniffing). The following statuses are possible:
• Semi - applying transparency only on the Client side.
• Full - applying transparency on both the Client and the server sides.
• Auto - setting the transparency status automatically according to deployment,
namely: Semi in On-LAN deployment and Full in On-Path deployment.
Parameters Semi, Full, or Auto as explained above.
Example AC C 1( h tt p- a cc el e ra t io n) # transparency full
with Syntax
Related • (web-acceleration) http-acceleration, on page 477
Commands • (http-acceleration) cache clear, on page 478
R ev isi o n 3. 0
TCP Acceleration Commands

(conf) tcp-acceleration, on page 496
(tcp-acc) acknowledge packet rate, on page 497
(tcp-acc) congestion-control, on page 498
(tcp-acc) exclude, on page 499
(tcp-acc) show, on page 499
(tcp-acc) tcp-acceleration enable, on page 500
(tcp-acc) typical-acceleration rate, on page 500
(tcp-acc) typical round-trip, on page 501
(tcp-acc) window receive, on page 501
(tcp-acc) window send, on page 502
(conf) tcp-acceleration
Command A CC 1( c on f )# tc p -a cc e le r at io n
Description Opens the TCP acceleration node.
Example A CC 1( w eb - ac ce l er at i on ) # tcp-acceleration
with Syntax
Related • (tcp-acc) acknowledge packet rate, on page 497
Commands • (tcp-acc) congestion-control, on page 498
• (tcp-acc) exclude, on page 499
• (tcp-acc) show, on page 499
• (tcp-acc) tcp-acceleration enable, on page 500
• (tcp-acc) typical-acceleration rate, on page 500
• (tcp-acc) typical round-trip, on page 501
• (tcp-acc) window receive, on page 501
• (tcp-acc) window send, on page 502

(tcp-acc) acknowledge packet rate

Command A CC 1( t cp - ac ce l er at i on )# a ck no w le dg e pa ck e t r at e
< 2- 8>
Description Determines the number of packets transmitted before sending an ACK message.
Parameters Choose the number of packets within the parameter requirements
(between 2 and 8).
Example A CC 1( t cp - ac c) #ac kn o wl ed g e p ac ke t r at e 3
with Syntax
Related • (conf) tcp-acceleration, on page 496
Commands • (tcp-acc) congestion-control, on page 498
R ev isi o n 3. 0
(tcp-acc) congestion-control
Command AC C 1( tc p -a c c) # c on ge s ti o n- co n tr ol
[n o ne |s t an d ar d| v eg as ]
Description Selects the type of congestion control to be used.
Parameters Choose from one of the following:
• Standard—the congestion avoidance conforms to the standard TCP/IP protocol
(Reno)
• Vegas—TCP Vegas reduces latency and increases overall through-out, by carefully
matching the sending rate to the rate at which packets are successfully being
transmitted by the network. The Vegas algorithm maintains shorter queues, and is
therefore suitable either for low-bandwidth-delay paths, such as DSL, where the
sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths,
where recovering from losses is an extremely time-consuming process for the
sender. The shorter queues should also enhance the performance of other flows
that traverse the same bottlenecks.
Example AC C 1( tc p -a c c) # c on ge s ti o n control vegas
with Syntax
Commands • (tcp-acc) acknowledge packet rate, on page 497

(tcp-acc) exclude
Command A CC 1( t cp - ac c) ex cl u de [c li e nt |s e rv e r| wo r d| IP ]
Description Adds a server or client to the exclude list.
Parameters • Client - choose client to exclude the client
• Server - choose server to exclude the server
• Word - server’s logical name
• IP - IP address of the server or subnet
Example A CC 1( t cp - ac c) # e xc l ud e 120.44.10.2
with Syntax
• (tcp-acc) congestion-control, on page 498
(tcp-acc) show
Command A C C1 (t c p- ac c )# s ho w
Description Shows the TCP Acceleration data.
Parameters No additional parameters required.
Example A C C1 (t c p- ac c )# show
with Syntax
R ev isi o n 3. 0
(tcp-acc) tcp-acceleration enable

Command AC C 1( tc p -a c c) #t c p- ac c el e ra ti o n [e n ab l e |
di s ab le ]
Description Enables/disables TCP Acceleration. By default TCP Acceleration is disabled.
Parameters Enable to enable, Disable to disable.
Example AC C 1( tc p -a c c) #tcp-acceleration disable
with Syntax
(tcp-acc) typical-acceleration rate

Command A CC 1( t cp -a c c) #ty pi c al -a c ce l er at i on r a te
[ au to | <0 -5 0 00 0 >]
Description Configures the TCP acceleration rate in seconds.
Parameters Enter an ammount within the range or select Auto and the Accelerator will chose the value for
you.
Example A CC 1( t cp -a c c) #typical-acceleration-rate 20000
with Syntax

(tcp-acc) typical round-trip

Command AC C1 ( tc p -a cc ) # t yp i ca l r ou n d- tr i p [ au to |
<1 -6 0 00 0 >
Description Configures the RTT in milliseconds.
Parameters Enter an ammount in milliseconds within the accepted range.
Example AC C1 ( tc p -a cc ) # typical round-trip auto
with Syntax
(tcp-acc) window receive

Command AC C 1( tc p -a cc ) w i nd ow re ce i ve [ a ut o |m ax <4 00 0 -
50 0 00 00 0 >
Description Restricts the size of packets received to X ammount (if entered) before sending an ACK
request. You can enter your own amount, Max to enter a maximum amount, or enter Auto
and the value will dynamically change depending on network and bandwidth conditions.
Parameters • auto - the Accelerator will decide the ammount
• max - sets the maximum ammount
• 4000-50000000 the accepted range
Example AC C 1( tc p -a cc e le r at io n )# window receive auto
with Syntax
R ev isi o n 3. 0
(tcp-acc) window send

Command A CC 1 (t cp - ac c) wi n do w s en d [ au t o| ma x < 40 0 0-
5 00 0 00 00 > |< 40 0 0- 5 00 00 0 00 >
Description Restricts the size of packets sent to X ammount (if entered) before sending an ACK request.
You can enter your own amount, Max to enter a maximum amount, or enter Auto and the
value will dynamically change depending on network and bandwidth conditions.
Parameters auto - the Accelerator will decide the ammount
max - sets the maximum ammount
4000-50000000 the accepted range
Example A CC 1 (t cp - ac c) # window send max 20000
with Syntax

Keep Alive Commands

This section contains the following:
(tcp-acceleration) keepalive, on page 503
(tcp-acceleration) keepalive direction, on page 503
(tcp-acc) keepalive interval, on page 504
(tcp-acc) keepalive probes, on page 504
(tcp-acc) keepalive time, on page 504
(tcp-acceleration) keepalive
Command A CC 1 (t c p- ac c ) ke e pa l iv e [ di sa b le | en ab l e]
Description Enables or disables Keep Alive messaging.
Parameters Choose Enable to enable, Disable to disable.
Example A CC 1 (t c p- ac c )# k e ep a li ve enable
with Syntax
Related • (tcp-acceleration) keepalive direction, on page 503
Commands • (tcp-acc) keepalive interval, on page 504
• (tcp-acc) keepalive probes, on page 504
• (tcp-acc) keepalive time, on page 504
(tcp-acceleration) keepalive direction

Command AC C1 ( tc p- a cc ) k ee p al iv e d i re ct i on
[b ot h |l an | wa n ]
Description Configures the direction of the Keep alive messages.
Parameters Choose either LAN only, WAN only, or both.
Example AC C1 ( tc p- a cc ) # keepalive direction both
with Syntax
Related • (tcp-acceleration) keepalive, on page 503
Commands • (tcp-acc) keepalive interval, on page 504
R ev isi o n 3. 0
(tcp-acc) keepalive interval

Command A CC 1 (t cp - ac c) ke e pa li v e in t er v al
< 1- 5 00 00 >
Description Configures the ammount of time to wait between sending keep alive messages.
Parameters Choose a time in seconds (between 1 and 50000).
Example A CC 1 (t cp - ac c) # keepalive interval 300
with Syntax
Commands • (tcp-acceleration) keepalive direction, on page 503
(tcp-acc) keepalive probes

Command A CC 1 (t cp - ac c ) ke e pa li v e p ro be s
< 1- 1 00 00 >
Description Configures the ammount of keep alive probes to send before initiating a time out.
Example A CC 1 (t cp - ac c )# keepalive probes 10
with Syntax
• (tcp-acc) keepalive interval, on page 504
(tcp-acc) keepalive time

Command A CC 1 (t c p- ac c ) ke e pa l iv e t im e < 1- 1 00 00 >
Description Configures the ammount of time to wait (in seconds) before sending the first keep alive probe.
Example A CC 1 (t c p- ac c )# keepalive time 2000
with Syntax
• (tcp-acc) keepalive interval, on page 504

FTP Acceleration Commands

This section includes the following commands:
(web-acceleration) ftp-acceleration, on page 505
(ftp-acceleration) cache-size, on page 507
(ftp-acceleration) cache-per-user, on page 506
(ftp-acceleration) cache-per-user, on page 506
(ftp-acceleration) ftp-acceleration, on page 508
(ftp-acceleration) min cached-object-size, on page 509
(ftp-acceleration) localization, on page 508
(ftp-acceleration) transparency, on page 509
(ftp-acceleration) transparency exclude, on page 510
(ftp-acceleration) transparency excluded-servers, on page 510
(web-acceleration) ftp-acceleration
Command AC C1 ( we b -a cc e le ra t io n )# ft p -a cc e le r at io n
Description Enters the FTP acceleration node.
Parameters No additional parameters are necessary.
Example AC C1 ( we b -a cc e le ra t io n )# ftp-acceleration
with Syntax
Related Commands • (ftp-acceleration) cache-size, on page 507
• (ftp-acceleration) cache-per-user, on page 506
• (ftp-acceleration) ftp-acceleration, on page 508
• (ftp-acceleration) min cached-object-size, on page 509
• (ftp-acceleration) localization, on page 508
• (ftp-acceleration) transparency, on page 509
• (ftp-acceleration) transparency exclude, on page 510
• (ftp-acceleration) transparency excluded-servers, on page 510
R ev isi o n 3. 0
(ftp-acceleration) cache-content
Command A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t
[ e nt e rp ri s e | i nt e rn et | al l ]
Description Sets the type of content to be cached:
All caches all link, virtual link and non-link traffic.
Parameters Enter a valid content type as described above.
Example A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t a ll
with Syntax
Related Commands • (web-acceleration) ftp-acceleration, on page 505
• (ftp-acceleration) cache-size, on page 507
(ftp-acceleration) cache-per-user
Command AC C1 ( ft p -a cc e le ra t io n) # cache-per-user [enable
| disable]
Description Enables/disables the allocation of cache memory per a specific user.
Example AC C1 ( ft p -a cc e le ra t io n) # cache-per-user enable
with Syntax

(ftp-acceleration) cache-size
Command A CC 1( f tp -a c ce l er at i on )# c ac h e- si z e [ n um b er i n
M B]
Description Sets the size of the cache (between 1 and 60 GB). Default is 50 GB.
Approximately 360 KB + 8 MB of RAM is needed for each 1 GB of data cached
Parameters Enter a valid size as described above.
Example A CC 1( f tp -a c ce l er at i on )# cache-size 50
with Syntax
(ftp-acceleration) connect-timeout
Command AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t
[n u mb e r]
Description Sets the amount of time (in seconds, between 1 and 600) for a client to remain
connected with no traffic being cached. Default is 60 seconds.
Parameters Enter a valid time as described above.
Example AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t 60
with Syntax
R ev isi o n 3. 0
(ftp-acceleration) ftp-acceleration
Command A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on
[ en ab l e | d is a bl e]
Description Enables/disables FTP Acceleration. By default FTP Acceleration is disabled.
Example A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on
with Syntax
d is ab l e
(ftp-acceleration) localization
Command AC C1 ( ft p -a cc e le ra t io n )# lo c al iz a ti o n [e n ab le
| di s ab l e]
Description Lets you enable or disable the option to view files in languages that require Unicode
characters, such as Chinese.
Example AC C1 ( ft p -a cc e le ra t io n ) #localization enable
with Syntax

(ftp-acceleration) min cached-object-size

Command A C C1 ( ft p- a cc el e ra t io n) # mi n c ac h ed -o b je ct -
s i ze [n um b er i n K B ]
Description Lets you configure a minimal value for the objects stored in the cache.
Parameters Enter a number in KB that is smaller than the Max value.
Example A C C1 ( ft p- a cc el e ra t io n) # mi n c ac h ed -o b je ct -
with Syntax
s i ze 60
(ftp-acceleration) transparency
Command AC C 1( f tp -a c ce le r at i on )# t ra ns p ar e nc y [ au to |
se m i | f ul l ]
Description This command configures the status of the interception proxy.
You can configure the interception proxy as transparent, thereby preventing the detection
of the proxy server’s IP address by sniffing). The following statuses are possible:
• Semi - applying transparency only on the Client side.
• Full - applying transparency on both the Client and the server sides.
• Auto - setting the transparency status automatically according to deployment,
namely: Semi in On-LAN deployment and Full in On-Path deployment.
Parameters Semi, Full, or Auto as explained above.
Example AC C 1( f tp -a c ce le r at i on )# transparency full
with Syntax
Related • (web-acceleration) ftp-acceleration, on page 505
Commands • (ftp-acceleration) cache-size, on page 507
R ev isi o n 3. 0
(ftp-acceleration) transparency exclude

Command AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex c lu de
[s ou r ce | de s ti na t io n | W O RD | ip ]
Description Excludes servers from caching, as defined by the following parameters:
• Source - source traffic direction
• Destination - destination traffic direction
• WORD - server name
• IP - server IP or subnet
Parameters Enter a valid parameter as described above.
Example AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex c lu de
with Syntax
source
(ftp-acceleration) transparency excluded-

servers
Command AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy
ex cl u de d- s er v er s [ cl ea r ]
Description Removes all servers from the list of excluded servers. This command does not affect
traffic that traversed these servers when they were excluded, but only traffic that passes
after the command entered into effect.
Example AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy
with Syntax
ex cl u de d- s er v er s clear

Studying a Subnet Configuration

Network
The sample Subnet Configuration is as follows:

A CC 1 # co n fi gu r e t er mi n al
A CC 1 (c on f ig )# ro u te r o sp f
A CC 1 (c on f ig -o s pf ) #a re a 2 0. 0 .0 . 6
A CC 1 (c on f ig -o s pf ) # au t he nt i ca t io n- m od e e na b le
A CC 1 (c on f ig -o s pf ) # au t he nt i ca t io n- k ey a c ce l er at o r
A CC 1 (c on f ig -o s pf ) # ne i gh bo r 3 0 .0 .0 . 0/ 8
A CC 1 (c on f ig )# ro u te r r ip
A CC 1 (c on f ig -r i p) # a ut h en ti c at i on -m o de m d 5
A CC 1 (c on f ig -r i p) # a ut h en ti c at i on -k e y ac c el e ra to r
A CC 1 (c on f ig -r i p) # n ei g hb or 30 . 0. 0. 0 /8
A CC 1 (c on f ig )# su b ne ts
A CC 1 (S UB N ET S) # ne t wo rk 30 .0 . 0. 0 2 55 . 25 5. 0 .0
A CC 1 (S UB N ET S) # no t -a dv e rt is e 3 0 .0 .0 . 0 25 5 .2 5 5. 0. 0
A CC 1 (S UB N ET S) # ex i t
R ev isi o n 3. 0
Ethernet Statistics Display

Commands
(config) monitored-application, on page 512
(config) show application, on page 513
(config) show discovered, on page 513
(config) show interface link, on page 514
(config) show traffic-discovery, on page 514
(statistic) discover, on page 515
(config) [application name] statistics-history, on page 515
(config) clear counters link, on page 516
(config) monitored-application
Command ACC1(config)# m o ni t or ed - ap pl i ca t io n [ application
name] no r ma l [ link number | Total]
Description Sets a specified application to be monitored over a certain link or over all links.
Parameters Enter the application name and link number
Example ACC1(config)# m o ni t or ed - ap pl i ca t io n [ application
with Syntax
name] no r ma l [ link number | Total]
Related Commands • (config) show application, on page 513
• (config) show discovered, on page 513
• (config) show interface link, on page 514
• (config) show traffic-discovery, on page 514
• (statistic) discover, on page 515
• (config) [application name] statistics-history, on page 515
• (config) clear counters link, on page 516

(config) show application

Command ACC1(config)# sh o w ap p li ca t io n
Description Displays statistics for all applications.
Example ACC1(config)# sh o w ap p li ca t io n
with Syntax
Related Commands • (config) monitored-application, on page 512
(config) show discovered

Command ACC1(config)# sh o w di s co v er ed ht tp |
c it ri x |m s -t er m in al - se r ve r
Description Displays list of discovered HTTP or Citrix traffic traversing the network.
Parameters • Http: for HTTP traffic
• Citrix for Citrix
• MS-Terminal-Server for RDP
Example ACC1(config)# sh o w di s co v er ed http
with Syntax
• (config) show application, on page 513
R ev isi o n 3. 0
(config) show interface link

Command A CC 1 # ( co nf i g) s h ow in te r fa ce li n k
Description Displays Throughput and Performance statistics for all links since up time, since last
cleared and for the last 5 seconds.
Example ACC1# ( co n fi g) sh o w in t er fa c e l in k
with Syntax
(config) show traffic-discovery

Command ACC1(config)# s h ow tr af f ic -d i sc o ve ry [a ll |
application name]
Description Displays all applications traversing the network.
Parameters Enter all for all applications or a specific application name.
Example ACC1(config)# s h ow tr af f ic -d i sc o ve ry all
with Syntax

(statistic) discover
Command ACC1(statistic)# d is co v er [ h tt p | c i tr ix ]
[ en a bl e | d i sa bl e ]
Description Enables traffic discovery of HTTP or Citrix traffic traversing the network.
Parameters Enter the name of the link.
Example A CC 1( st at is tic )# discover http enable
with Syntax
(config) [application name] statistics-history

Command ACC1(c on f ig )# [ ap pl i ca t io n n am e] s ta t is ti c s-
h is t or y [ en a bl e/ d is ab l e]
Description Enables gathering statistics for a particular application.
Parameters • Application Name: choose an application from the list
• Enable to enable,
• Disable to disable
Example ACC1(config)#application src st a ti st i cs -
with Syntax
h is t or y enable
R ev isi o n 3. 0
(config) clear counters link

Command ACC1# (config) c le ar co u nt er s l in k [ a ll |l i nk
I D| n on - li nk ]
Description Clears link counters for a specific link as identified by its link ID, all of the links, or the
non-link.
Parameters • All - clears counters for all links
• Link ID - clears counters for a specific link as identified by its link ID
• non-link - clears counters for the non-link
Example ACC1# c le a r co u nt er s l i nk all
with Syntax

NetFlow Commands
netflow
Command ACC1# ne tf l ow
ACC1(netflow)# i p f l ow -e x po rt [x . x. x. x ] po r t
[1 to 6 5 53 5] ve r si on [5 ]i n te rf a ce et he r ne t
[0 , 0 /0 , 0 /1 ] t e mp la t e [f u ll , l on g , sh o rt ]
Description Sets the Accelerator to forward all statistic information to the NetFlow server for
monitoring and analysis.
Enter the IP address and port number of the NetFlow collector, as well as the NetFlow
version number. In addition, enter the interface ethernet to be monitored (the LAN
interface Ethernet).
For more information on NetFlow statistics collected, see NetFlow Monitored
Statistics, on page 323, on page 357
Example ACC1# ne tf l ow
with Syntax
ACC1(netflow)# i p f l ow -e x po rt 100.100.10.5
po r t 80 v er s io n [ 5] in t er f ac e e th er n et 0
te m pl at e full
Related Commands Setting the Max Queue Length, on page 517
Setting the Max Queue Length

To set the Max Queue length:
1. In the Accelerator’s CLI, in interface link configuration mode, type priority
max-qlen discard [number] low [number] medium [number] high [number] real-
time [number] pass-through [number]
2. Follow each parameter by the size of the queue desired.
3. The default greedy-threshold size is 1.
ACC1(LINK)#priority max-qlen discard 1000 low 1000 medium
1000 high 1000 real-time 1000 pass-through 1000.
R ev isi o n 3. 0
QoS Commands
The following lists the commands necessary to perform QoS configuration as
described above via the CLI.
(config) application name, on page 519
(config) application l-7 name http, on page 520
(config) decision, on page 521
(config) policy-rule global, on page 522
(config) policy-rule link number, on page 523
(config) show application, on page 524
(config) wan, on page 525
(decision) match application, on page 526
(decision) set accelerate, on page 527
(decision) set tunnel, on page 528
(rule) match, on page 529
(rule) set policy pass-through, on page 531
(rule) set policy priority, on page 532
(rule) set policy rate burst enable, on page 533
(rule) set policy rate desired number, on page 534
(rule) set policy rate limit number, on page 535
(WAN) strict-priority, on page 536
(WAN) burst, on page 537

(config) application name

Command ACC1(config)#a pp l ic a ti on name
t c p [p o rt nu mb e r]
u d p [p o rt nu mb e r/ ra n ge ]
o v er -i p [ p or t/ r an ge ]
Description Defines a new application and application criteria.
Parameters Enter a valid TCP port number, a valid UDP port number and range and a valid over-IP
port number and range.
Example ACC1(config)#a pp l ic a ti on name
with Syntax
t c p 80
u d p 60
o v er -i p 55
Related Commands • (config) application l-7 name http, on page 520
• (config) decision, on page 521
• (config) policy-rule global, on page 522
• (config) policy-rule link number, on page 523
• (config) wan, on page 525
• (decision) match application, on page 526
• (decision) set accelerate, on page 527
• (decision) set tunnel, on page 528
• (rule) match, on page 529
• (rule) set policy pass-through, on page 531
• (rule) set policy priority, on page 532
• (rule) set policy rate burst enable, on page 533
• (rule) set policy rate desired number, on page 534
• (rule) set policy rate limit number, on page 535
• (WAN) strict-priority, on page 536
• (WAN) burst, on page 537
R ev isi o n 3. 0
(config) application l-7 name http

Command ACC1(config)#a pp li c at i on l - 7 name h t tp
h os t -n am e [x.x.x.x or name]
u rl - na me [name]
m im e -t yp e [name]
u se r -n am e [name]
Description Define a new web application and criteria on the basis of the specified parameters.
Example ACC1(config)#a pp li c at i on l - 7 name h t tp
with Syntax
h os t -n am e [x.x.x.x or name]
u rl - na me [name]
m im e -t yp e [name]
u se r -n am e [name]
Related Commands • (config) application name, on page 519

(config) decision
Command ACC1(config)#d ec i si on
Description Enters the Decision node
Parameters No additional Parameters
Example ACC1(config)#d ec i si on
with Syntax
• (config) application l-7 name http, on page 520
R ev isi o n 3. 0
(config) policy-rule global

Command ACC1(config)#p o li cy - ru l e gl o ba l o ut b ou nd /
in bo u nd
Description Defines a new rule for globally handling an application.
Parameters Inbound for inbound, outbound for outbound
Example ACC1(config)#p o li cy - ru l e gl o ba l inbound
with Syntax

(config) policy-rule link number

Command ACC1(config)#po li c y- r ul e l in k number ou tb o un d /
in b ou n d
Description Defines a new rule for a specific link.
Parameters Inbound for inbound, outbound for outbound
Example ACC1(config)#po li c y- r ul e l in k number outbound
with Syntax
R ev isi o n 3. 0
(config) show application

Command ACC1(config)#sh o w a pp li c at io n
Description Displays all detected applications.
Example ACC1(config)#sh o w a pp li c at io n
with Syntax

(config) wan
Command ACC1(config)#w a n [name] /[default]
Description Enters the WAN node
Parameters WAN name.
Example ACC1(config)#w a n
with Syntax
R ev isi o n 3. 0
(decision) match application

Command ACC1(decision)#m a tc h a pp li c at i on [name]
Description Creates an application matcher
Parameters A valid application name
Example ACC1(decision)#m a tc h a pp li c at i on [name]
with Syntax

(decision) set accelerate

Command ACC1(decision)#s et ac ce l er at e d i sa bl e /en ab l e
Description Sets a specific application to accelerate or do not accelerate.
Example ACC1(decision)#m at c h ap p li ca t io n [name]
with Syntax
R ev isi o n 3. 0
(decision) set tunnel

Command ACC1(decision)#se t t u nn el di sa b le /en a bl e
Description Sets a specific application to tunnel or do not tunnel.
Example ACC1(decision)#se t t u nn el enable
with Syntax

(rule) match
Command ACC1(rule)#ma t ch
a pp li c at io n [ name o r l - 7 name]
i p [a n y, s o ur c e, d e st in a ti o n] x . x. x. x t o s
b it s
Description Defines the filter for what type of traffic is handled by this rule per IP, tos bits and/or
application name.
Parameters Enter the application name and a valid IP address
Example ACC1(rule)#ma t ch
with Syntax
a pp li c at io n [ name o r l - 7 name]
i p [a n y, s o ur c e, d e st in a ti o n] x . x. x. x t o s
b it s
R ev isi o n 3. 0
(rule) set policy order

Command ACC1(rule)#s e t po l ic y o rd e r
[ 1 00 to 6 5 53 4]
Description Defines the importance of the rule.
Parameters Enter a valid policy order
Example ACC1(rule)#s e t po l ic y o rd e r 1000
with Syntax

(rule) set policy pass-through

Command A C C1 (r u le )# s et po li c y pa s s- t hr ou g h
Description Sets the traffic type to override the entire QoS mechanism and pass through critical/
Diagnostic traffic
Parameters Enter a valid policy priority.
Example ACC1(rule)#s et po li c y p as s- t hr ou g h
with Syntax
R ev isi o n 3. 0
(rule) set policy priority

Command ACC1(rule)#s e t po l ic y p ri o ri ty
h i gh
low
m e di u m
r e al - ti me
Description Defines the Priority for the application.
Parameters Enter a valid policy priority.
Example ACC1(rule)#s e t po l ic y p ri o ri ty
with Syntax
h i gh
low
m e di u m
r e al - ti me

(rule) set policy rate burst enable

Command A C C1 (r u le )# s et p oli cy r at e bu rs t en ab le
Description Sets the traffic defined for this rule to be allowed to send bursts
Example A C C1 (r u le )# s et p oli cy r at e bu rs t en ab le
with Syntax
R ev isi o n 3. 0
(rule) set policy rate desired number

Command ACC1(rule)#s et p ol i cy ra t e d es i re d number ( 1 t o
1 0 00 00 0 )
Description Sets a minimum bandwidth for the application.
Parameters Enter a valid policy rate
Example ACC1(rule)#s et p ol i cy ra t e d es i re d number 10000
with Syntax

(rule) set policy rate limit number

Command ACC1(rule)#se t p ol i cy r a te li mi t number (1 to
10 0 00 0 0)
Description Sets a maximum bandwidth for the application.
Parameters Enter a valid policy rate larger than the minimum
Example ACC1(rule)#se t p ol i cy r a te li mi t number 100000
with Syntax
R ev isi o n 3. 0
(WAN) strict-priority
Command AC C 1( WA N )# st r ic t -p ri o ri ty [e n ab le | di sa b le ]
[i n bo un d |o ut b ou n d| bo t h]
Description Sets strict-priority for inbound and/or outbound traffic.
Parameters • Inbound for inbound
• Outbound for outbound
• Both for both
Example AC C 1( WA N )# st r ic t -p ri o ri ty enable both
with Syntax

(WAN) burst
Command ACC1(WAN)#b u rs t [ nu mb e r]
Description Enables bursts on the WAN up to the set bandwidth (1 to 1000000).
Parameters Enter the bandwidth
Example ACC1(WAN)#b u rs t [ nu mb e r]
with Syntax
R ev isi o n 3. 0
RAID Commands
For general information on RAID, see About RAID, on page 302. The 6950 has 2
RAID arrays with up to two disks. The 79xx has 1 RAID array and up to 8 disks.
Your specific Accelerator, may be configured differently.
(config) raid, on page 538
(RAID) add-disk, on page 538
(RAID) exit, on page 539
(RAID) remove-disk, on page 539
(RAID) show, on page 540
(config) raid
Command Acc(config)# r ai d
Description Enters the RAID node
Example Acc(config)# r ai d
with Syntax
Related Commands • (RAID) add-disk, on page 538
• (RAID) exit, on page 539
• (RAID) remove-disk, on page 539
• (RAID) show, on page 540
(RAID) add-disk
Command A cc 2 3- 79 4 0( RA I D) a dd -d i sk [ d is k -n am e ]
Description Adds a disk to the RAID array.
Parameters Enter the disk name, HDD01 for example
Example A cc 2 3- 79 4 0( RA I D) add-disk HDD01
with Syntax
Related Commands • (config) raid, on page 538

(RAID) exit
Command Ac c( R AI D) ex i t
Description Exits the RAID menu and returns to the Configuration Menu.
Example Ac c( R AI D) exit
with Syntax
• (RAID) add-disk, on page 538
(RAID) remove-disk
Command A cc (R A ID ) r em o ve -d i sk [d is k -n am e ]
Description Removes a disk from the RAID array.
Parameters Enter the disk name, HDD01 for example
Example A cc (R A ID ) remove-disk HDD01
with Syntax
R ev isi o n 3. 0
(RAID) show
This command allows you to view the RAID array list and the disk list that are
included in the RAID array. This list is dependent on the model of Accelerator that
you have deployed.
Note: Should the status of the RAID disk be displayed as dirty, no errors it is not
i indicative of a problem.
Command A cc 23 - 79 40 ( RA I D) sh o w
Description Shows the RAID Arrays list and the Disk List (list will be different for each Accelerator)
Example A cc 23 - 79 40 ( RA I D) show raid arr0
with Syntax
A similar screen is shown:
A c c2 3- 7 94 0( R AI D ) show raid arr0
T h is o p er at i on ma y t ak e a f e w se c on ds . P l ea se be p a ti e nt ..
A r ra y T yp e. . .. . .. .. . .. .. . .. . .. .. . .R AI D 1
A r ra y S ta te . .. . .. .. . .. .. . .. . .. .. . .d ir t y, no -e r ro rs
A r ra y S iz e. . .. . .. .. . .. .. . .. . .. .. . .4 88 2 79 4 88
A r ra y N um be r O f D ev i ce s. . .. . .. .. . .1
A r ra y A ct iv e D e vi ce s .. .. . .. . .. .. . .1
A r ra y F ai le d D e vi ce s .. .. . .. . .. .. . .0
A r ra y S pa re De v ic es . .. .. . .. . .. .. . .0
A r ra y D ev ic e L i st :
A r ra y D ev ic e 0 . .. .. . .. .. . .. . .. .H D D0 0
A r ra y D ev ic e 1 . .. .. . .. .. . .. . .. .H D D0 1

Aggregation Class Commands

The following commands are covered:
(config) aggregation post class, on page 542
(decision) set aggregation-class, on page 543
(LINK) aggregation post, on page 544
(LINK) aggregation post class, on page 544
(LINK) aggregation post limit, on page 545
(LINK) aggregation post threshold, on page 546
(LINK) aggregation post window, on page 547
R ev isi o n 3. 0
(config) aggregation post class

Command ACC1(config)#a gg r eg at i on po st cl a ss [d ef a ul t |
c u st om - 1 | c us t om 2 | c it ri x ] gl o ba l [ en a bl e
| di sa b le ]
Description Sets the Citrix aggregation classes globally.
Parameters Citrix Aggregation on a link has 4 predefined classes that let you configure and apply
different Citrix Aggregation settings to different types of traffic:
• default
• custom-1
• custom-2
• citrix
Different applications may require different Citrix Aggregation class configuration (for
example: different window size and aggregated packet size). Several well-known
applications are defined as belonging to 'default' or 'citrix' aggregation class (for example:
Citrix and Telnet applications predefined to belong to the 'citrix' class, which is pre-
configured to properly handle these applications).
You can disable, enable or configure each class.
You can set each application that exists in the Accelerator to belong to one of the Citrix
Aggregation classes.
By default, Citrix is enabled but default, custom-1 and custom-2 are disabled.
The Citrix Aggregation class parameter configuration is available only per-link. The
Global command is for ease of use. This command is not saved in the configuration file,
but goes over each link and changes its configuration to enable/disable.
To view Citrix Aggregation statistics, use the show interface link command from the
config prompt.
Example ACC1(config)#a gg r eg at i on po st cl a ss [d ef a ul t |
with Syntax
c u st om - 1 | c us t om 2 | c it ri x ] gl o ba l [ en a bl e
| di sa b le ]
• (decision) set aggregation-class, on page 543
• (LINK) aggregation post, on page 544
• (LINK) aggregation post class, on page 544
• (LINK) aggregation post limit, on page 545
• (LINK) aggregation post threshold, on page 546
• (LINK) aggregation post window, on page 547


Command ACC1(config)#in t er f ac e l in k [ number]
Description Opens the node for the configuration of a specific link
Parameters Enter the link number
Example ACC1(config)#in t er f ac e l in k [ number]
with Syntax
Related Commands • (config) aggregation post class, on page 542
(decision) set aggregation-class

Command ACC1(decision)#s et a g gr eg a ti o n- cl a ss [ c it r ix
| d e fa ul t | cu st o m- 1 | c u st om - 2]
Description Sets the post-acceleration class of an application.
An application is coupled with a Citrix Aggregation class through a decision.
To see which application belongs to which class, type the show decision command.
Parameters Enter the application name and the correct aggregation class.
Example ACC1(decision)#m at ch a p pl ic a ti o n myapplication
with Syntax
ACC1(decision)#s et a g gr eg a ti o n- cl a ss citrix
• (config) interface link, on page 543
R ev isi o n 3. 0
(LINK) aggregation post

Command ACC1(LINK)#a gg re g at io n p o st [e na b le | d is ab l e]
Description Sets the Citrix aggregation classes per link.
Example ACC1(LINK)#a gg re g at io n p o st enable
with Syntax
(LINK) aggregation post class

Command ACC1(LINK)#a gg r eg at i on p o st cl as s [ de f au l t |
c us t om - 1 | c us to m 2 | ci t ri x] [d i sa bl e |
e na b le | li m it | t hr e sh ol d | wi n do w ]
Description Defines a class of post aggregation settings. You can define settings per link per class
or for the entire link. For limit, threshold and window details see below.
The Citrix Aggregation class parameter configuration is available only per-link (see
(LINK) aggregation post, on page 544).
This command is for ease of use. It is not saved in the configuration file, but goes over
each link and changes its configuration to enable/disable
Example ACC1(LINK)#a gg r eg at i on p o st cl as s [ de f au l t |
with Syntax
c us t om - 1 | c us to m 2 | ci t ri x] [d i sa bl e |
e na b le | li m it | t hr e sh ol d | wi n do w ]

(LINK) aggregation post limit

Command ACC1(LINK)#a gg r eg at i on p o st li mi t [ 40 - 3 00 0]
Description Sets the upper limit for packets to be aggregated. Number in bytes.
The limit, set in bytes, is the upper ceiling of packet size for packets to be eligible for
Citrix aggregation: packets that are larger than LIMIT are not aggregated (they are
supposed to be big enough to be sent one at a time).
Parameters Enter the bandwidth. You can configure LIMIT in range 40-3000 bytes. The default value
is 256
Example ACC1(LINK)#a gg r eg at i on p o st li mi t 256
with Syntax
R ev isi o n 3. 0
(LINK) aggregation post threshold

Command ACC1(LINK)#a gg r eg at i on po st th re s ho l d [4 0 -
3 0 00 | au to ]
Description Sets the post aggregation threshold, number in bytes 40 to 3000 or automatic.
The threshold, set in bytes, is the maximum size of aggregated packets. That is, when
an aggregate packet reaches this size, it can be sent. You can configure THRESHOLD
in range 40-MTU. If fragmentation is configured in the link, the threshold auto value will
not be larger than the fragmentation size.
Parameters Enter the correct threshold. The default value is auto, which means that the threshold
will be calculated dynamically according to available bandwidth as follows:
• 512 bytes - for bandwidth that is less than or equal to 512 Kbps
• 1024 bytes - for bandwidth that is greater than 512 Kbps and less then
1Mbps
• MTU (usually 1500 bytes but no more than 3000) - for bandwidth that is
more than 1Mbps
Example ACC1(LINK)#a gg r eg at i on po st th re s ho l d 512
with Syntax

(LINK) aggregation post window

Command ACC1(LINK)#ag gr e ga t io n p o st wi n do w [ 1 - 1 00 |
au t o]
Description Sets the post-acceleration window, number in bytes 1 to 100 or automatic. The window
command is set in units of 10 ms. This is the maximum amount of time a packet can be
delayed in Citrix Aggregation queues. This means that when WINDOW * 10 ms elapses,
an aggregate packet is sent (even if its total size has not yet reached LIMIT value). This
is done to avoid long packet delays. WINDOW can be configured in a range of 1-100
units. The default value is auto, which means that the WINDOW value is calculated
dynamically given the bandwidth and the threshold value. An estimated value of the auto
value is bandwidth/Threshold. This enables the aggreagator to wait enough time to get
an aggregated packet with the largest size close to the THRESHOLD value.
Parameters Enter the correct threshold
Example ACC1(LINK)#ag gr e ga t io n p os t t hr es h ol d 90
with Syntax
R ev isi o n 3. 0
DNS Acceleration Commands

This section has the following commands:
(Conf) dns-acceleration, on page 548
(DNS-ACC) cache clear, on page 549
(DNS-ACC) cache size, on page 549
(DNS-ACC) dns-acceleration, on page 550
(DNS-ACC) Dns-masquerading, on page 550
(DNS-ACC) ip host, on page 551
(DNS-ACC) ip host purge, on page 551
(DNS-ACC) min TTL, on page 552
(DNS-ACC) query timeout, on page 552
(DNS-ACC) show cache, on page 553
(DNS-ACC) show statistics, on page 553
(DNS-ACC) show statistics, on page 553
(DNS-ACC) use-accelerator-dns, on page 555
(Conf) dns-acceleration
Command A CC 1 (c on f )# Dn s -a c ce le r at io n
Description Enables/disables DNS Acceleration. By default DNS Acceleration is disabled.
Example A CC 1 (c on f )# Dn s -a c ce le r at io n
with Syntax
Related Commands • (Conf) dns-acceleration, on page 548
• (DNS-ACC) cache clear, on page 549
• (DNS-ACC) cache size, on page 549
• (DNS-ACC) dns-acceleration, on page 550
• (DNS-ACC) Dns-masquerading, on page 550
• (DNS-ACC) ip host, on page 551
• (DNS-ACC) ip host purge, on page 551
• (DNS-ACC) min TTL, on page 552
• (DNS-ACC) query timeout, on page 552
• (DNS-ACC) show cache, on page 553
• (DNS-ACC) show statistics, on page 553
• (DNS-ACC) use-accelerator-dns, on page 555

(DNS-ACC) cache clear

Command AC C 1( DN S -A CC ) #c a ch e c le ar
Description Lets you clear the cache contents.
Example AC C 1( DN S -A CC ) # cache clear
with Syntax
(DNS-ACC) cache size

Command A CC 1( D NS -A C C) # ca ch e s iz e [ 1 00 -3 0 00 0 | a u to ]
Description Lets you select whether to accept the system-defined value of the cache size or to set
your own value (between 100 and 30000).
Parameters Enter the application name and the correct aggregation class.
Example A CC 1( D NS -A C C) # ca ch e s iz e 2400
with Syntax
R ev isi o n 3. 0
(DNS-ACC) dns-acceleration
Command A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n [ en a bl e |
d is a bl e]
Description Enables/disables DNS Acceleration. By default DNS Acceleration is disabled.
Example A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n enable
with Syntax
(DNS-ACC) Dns-masquerading
Command A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng [ e na bl e |
d i sa bl e ]
Description Enables/disables DNS masquerading. By default DNS masquerading is disabled.
Example A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng enable
with Syntax

(DNS-ACC) ip host
Command A C C1 (D N S- AC C )# i p ho s t [W O RD ] [I P]
Description Lets you define a static host-name to address, by using the WORD parameter followed
by an IP address.
Parameters Enter the site name and the correct IP address.
Example A C C1 (D N S- AC C )# i p ho s t mysite 100.100.20.5
with Syntax
(DNS-ACC) ip host purge

Command A C C1 (D N S- A CC )# i p ho s t [ pu rg e ]
Description Lets you remove all definitions of static hosts, by using the purge parameter.
Example A C C1 (D N S- A CC )# i p ho s t purge
with Syntax
R ev isi o n 3. 0
(DNS-ACC) min TTL

Command A CC 1 (D N S- AC C )# mi n T TL (m i nu te s ) [p r es e rv e-
t tl | 1 -1 44 0 ]
Description Lets you select whether to keep the system-defined value of the time-to-leave period
(preserve-ttl) or to set your own value (between 1 and 1440 minutes).
Parameters Enter the a valid time period as described above.
Example A CC 1 (D N S- AC C )# mi n T TL (m in u te s ) pr e se rv e -t tl
with Syntax
440
(DNS-ACC) query timeout

Command AC C1 ( DN S -A CC ) #q ue r y t im eo u t (0 - 30 )
Description Lets you set your own value for the query time out period (between 0 and 30)
Parameters Enter a valid time out period as described above.
Example AC C1 ( DN S -A CC ) #q ue r y t im eo u t 25
with Syntax

(DNS-ACC) show cache

Command AC C1 ( DN S- A CC ) #s ho w c ac h e
Description Displays the details of all hosts currently stored in the cache: host name, host address,
flags and expiry time (time-to-leave).
Example AC C1 ( DN S- A CC ) #s ho w c ac h e
with Syntax
(DNS-ACC) show statistics

Command A CC 1( D NS - AC C) # sh ow st a ti st i cs
Description Displays the statistics for the queries since the last time the DNS Acceleration feature
was enabled: total number of queries, number of hits and number of misses.
Example A CC 1( D NS - AC C) # show statistics
with Syntax
• (DNS-ACC) transparency, on page 554
R ev isi o n 3. 0
(DNS-ACC) transparency
Command A C C1 (D N S- A CC )# t ra ns p ar e nc y [ au to | f ul l |
s e mi ]
Description Lets you set your requested transparency mode:
• Semi - the traffic is transparent to the Client, but the server sees it as coming
from the Accelerator.
• Full - the traffic is transparent to both the Client and the Server.
• Auto - the transparency is determined automatically according to the
deployment level: either Semi (in On-LAN deployment) or Full (in On-Path
deployment). The default value is Auto.
Parameters Enter a valid transparency mode as described above.
Example A C C1 (D N S- A CC )# t ra ns p ar e nc y auto
with Syntax

(DNS-ACC) use-accelerator-dns
Command A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s [ e na bl e |
d i sa bl e ]
Description Enables/disables the use of Accelerator DNS, thereby defining the Accelerator as a
DNS client. By so doing, the Accelerator will always intercept traffic and use its setting
to process the traffic, even if that traffic was sent to another DNS server.
If you enable the use of Accelerator DNS, you have to configure an IP name server
under the DNS node.
Example A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s enable
with Syntax
R ev isi o n 3. 0
Traffic Encryption Commands

Note: In the Accelerator, subnets that are not defined as local subnets are
i considered by default as remote subnets (subnets over the WAN). Thus, when
IPsec is enabled, users sending traffic from such subnets will not be able to
communicate with the Accelerator, as their packets will be dropped. Therefore,
enabling these subnets to communicate with the Accelerator requires you to
define them as local in the Accelerator, by using the following CLI command:
subnet network x.x.x.x/y
This section features the following options:

(config) show crypto, on page 556
(config) show interface link, on page 557
(config) show running-config, on page 557
(crypto) ipsec, on page 558
(crypto) show tech-encryption, on page 558
(ike_policy) description, on page 559
(ike_policy) esp-algorithm, on page 559
(ike_policy) pre-shared key, on page 560
(ipsec) ike-policy, on page 561
(config) show crypto

Command AC C1 ( co n fi g) # sh ow cr y pt o
Description Lets you view the entire details of Accelerator’s crypto, such as the crypto mode, the
IKE and the IPsec policies.
Example AC C1 ( co n fi g) # sh ow cr y pt o
with Syntax
Related Commands • (config) show interface link, on page 557
• (config) show running-config, on page 557
• (crypto) ipsec, on page 558
• (crypto) show tech-encryption, on page 558
• (ike_policy) description, on page 559
• (ike_policy) esp-algorithm, on page 559
• (ike_policy) pre-shared key, on page 560
• (ipsec) ike-policy, on page 561

(config) show interface link

Command A CC 1( c on f ig )# s ho w i nt e rf ac e l in k [ n um be r ]
Description Lets you view whether IPsec is enabled, which IPsec policy is used and other details.
Parameters Enter the link number.
Example A CC 1( c on f ig )# s ho w i nt e rf ac e l in k 1
with Syntax
Related Commands • (config) show crypto, on page 556
(config) show running-config

Command AC C1 ( co n fi g) # sh ow ru n ni ng - co nf i g
Description Lets you view the entire details of the current crypto configuration, such as crypto
mode, policy rules and decision number.
Example AC C1 ( co n fi g) # sh ow ru n ni ng - co nf i g
with Syntax
R ev isi o n 3. 0
(crypto) ipsec
Command A CC 1 (c r yp to ) #i ps e c
Description Lets you enter the IPsec node
Example A CC 1 (c r yp to ) #i ps e c
with Syntax
(crypto) show tech-encryption

Command A CC 1 (c ry p to )# s ho w t ec h -e nc r yp t io n
Description Lets you view the IPsec tunnel status and the Pluto log.
Example A CC 1 (c ry p to )# s ho w t ec h -e nc r yp t io n
with Syntax

(ike_policy) description
Command A CC 1( i ke _ po li c y) #d e sc r ip ti o n [W O RD ]
Description Lets you add a description to the IKE policy.
Parameters Legal text string. Use underscores in place of spaces.
Example A CC 1( i ke _ po li c y) #d e sc r ip ti o n th i s_ d es cr i pt io n
with Syntax
Related • (config) show crypto, on page 556
Commands • (config) show interface link, on page 557
(ike_policy) esp-algorithm
Command A C C1 (i k e_ po l ic y )# es p -a lg o ri t hm
< 1 -3 >
Description Lets you set the ESP algorithm for the IKE policy.
Parameters Pick an order from 1-3.
Example A C C1 (i k e_ po l ic y )# esp-algorithm 2
with Syntax
R ev isi o n 3. 0
(ike_policy) pre-shared key

Command AC C 1( ik e _p ol i cy ) #p re - sh ar e d k ey
Description Lets you create a pre-shared key.
Parameters No additional parameters are necessary. Enter Y to confirm. This command is
recommended only for transactions over a secure channel:
Example AC C 1( ik e _p ol i cy ) # pre-shared key
with Syntax
(ike_policy) sa-lifetime hours

Command AC C1 ( ik e _p ol i cy )# s a- l if et i me h o ur s < 1- 2 4>
Description Lets you set the number of hours for the SA lifetime
Parameters 1 to 24 hours.
Example AC C1 ( ik e _p ol i cy )# sa-lifetime hours 12
with Syntax

(ike_policy) sa-lifetime seconds

Command A CC 1 (i k e_ po l ic y) # sa - li fe t im e s ec o nd s < 30 0-
8 64 0 0>
Description Lets you set the number of hours for the SA lifetime
Parameters 300 to 86400 seconds.
Example A CC 1 (i k e_ po l ic y) # sa-lifetime 4000
with Syntax
(ipsec) ike-policy
Command AC C1 ( ip s ec )# i ke -p o li c y
Description Lets you enter the IKE policy node.
Example AC C1 ( ip s ec )# i ke -p o li c y
with Syntax
R ev isi o n 3. 0
ARP Commands
This section contains the following configurations:
(config) arp, on page 562
(config) arp cache limits, on page 562
(config) arp cache max-size, on page 563
(config) arp clear-table, on page 563
(config) arp
Command ACC1(config)#a r p [ IP a d dr es s x .x . x. x ] [M A C
ad dr e ss x x: x x: xx : xx : xx :x x ]
Description Sets manual ARP cache entries
Parameters Enter a valid IP address and MAC address.
Example ACC1(config)#a r p I P ad d re ss 100.100.50.2 MA C
with Syntax
Ad dr e ss 00:06:5B:15:04:B4
Related Commands • (config) arp cache limits, on page 562
• (config) arp cache max-size, on page 563
• (config) arp clear-table, on page 563
(config) arp cache limits

Command ACC1(config)#ar p c ac h e li m it s [ three numbers
between 128000 and 8000000]
Description Sets three limits on the size of the ARP cache
Parameters Enter up to three numbers within the valid range
Example ACC1(config)#ar p c ac h e li m it s 200000 300000
with Syntax
400000
Related Commands • (config) arp, on page 562

(config) arp cache max-size

Command ACC1(config)#ar p c ac he m a x- si z e [ number between
128000 and 8000000]
Description Sets a limit on the size of the ARP cache
Parameters Enter the maximum size within the range listed above.
Example AC C1 (c on fi g) # a r p ca c he m a x- s iz e 800000
with Syntax
• (config) arp cache limits, on page 562
(config) arp clear-table

Command ACC1(config)#a rp cl ea r -t a bl e [ vo la t il e ]
Description Clears the ARP cache table. Using the volatile variable lets you clear entries from the
active ARP without clearing the database.
Example ACC1(config)#a rp cl ea r -t a bl e [ vo la t il e ]
with Syntax
• (config) arp cache limits, on page 562
R ev isi o n 3. 0
Additional Commands
This section contains the following configuration commands:
(config) HSRP, on page 564
(config) HSRP autodetect, on page 565
(config) interface ethernet 0, on page 566
(config) interface vlan, on page 566
(config) VRRP, on page 567
(config) wan, on page 567
(interface) bridged-state disable, on page 568
(interface) ip address, on page 568
(interface) link-mode, on page 569
(config) HSRP
Note: In AcceleratorOS versions up to 6.0, adding an HSRP group automatically

ii included the Accelerator in the group. Starting from AcceleratorOS 6.0, after
HSRP group parameters are updated, the Accelerator must join the group. In the
CLI this is accomplished using the join/leave commands.
Command ACC1(config)#H S RP [number]

Description Sets manual configuration of HSRP
Parameters Enter the following Parameters:
• authentication [string]
• force-priority
• ip (update IP address- create group if it does not exist)
• join
• leave (leave HSRP group)
• preempt
• priority [number 0 - 254]
• timers
• virtual-mac (virtual MAC address)
• vlan (assign HSRP group to VLAN)
Example ACC1(config)#H S RP 20
with Syntax
Related Commands • (config) HSRP autodetect, on page 565
• (config) interface ethernet 0, on page 566
• (config) interface vlan, on page 566
• (config) VRRP, on page 567
• (interface) bridged-state disable, on page 568
• (interface) ip address, on page 568
• (interface) link-mode, on page 569

ACC1(config)#H SR P 20
a ut h en ti c at i on myauthentication
f or c e- pr i or i ty
i p 100.100.50.2
j oi n
p re e mp t
p ri o ri ty 1
t im e rs
v ir t ua l- m ac F:F:F:F:F:F:F:
v la n 2
(config) HSRP autodetect

Command ACC1(config)#HS R P au t od et e ct en ab l e/ di s ab l e
Description The Accelerator can auto-detect HSRP groups on its networks and add them to its
Group Table
Example ACC1(config)#HS R P au t od et e ct enable
with Syntax
Example ACC1(config)#in t er fa c e vl a n 1 100.100.50.5
with Syntax
Related Commands • (config) HSRP, on page 564
R ev isi o n 3. 0
(config) interface ethernet 0

Command ACC1(config)# i nt er f ac e e th e rn et 0
Description Enters the configuration node for the Ethernet 0 interface.
Example ACC1(config)# i nt er f ac e e th e rn et 0
with Syntax
• (config) HSRP autodetect, on page 565
(config) interface vlan

Command ACC1(config)#i n te rf a ce v l an [number]
x . x. x .x x . x. x. x
Description Enables VLAN, sets group number and IP address or native or native tagged
Accelerator IP address as VLAN group IP address.
Parameters Enter the following information
• (enter ip address and subnet mask)
• native
• native tagged
Example ACC1(config)#i n te rf a ce v l an 1 100.100.50.5
with Syntax

(config) VRRP
Command A C C1 (c o nf i g) #V R RP [ n um b er ]
Description Sets manual configuration of VRRP
Parameters Enter the following parameters:
• ip (update IP address- create group if it does not exist)
• preempt
• priority [number 0 - 254]
• timer
Example A C C1 (c o nf i g) #V R RP [ n um b er ]
with Syntax
i p 1 .1 . 1. 1
p r ee mp t
p r io ri t y 100
t i me r
(config) wan
Command ACC1(config)#w an [name]
Description Creates a new WAN.
Parameters Enter the name of the WAN.
Example ACC1(config)#w an mywan
with Syntax
R ev isi o n 3. 0
(interface) bridged-state disable

Command ACC1(interface)# b ri dg e d- s ta te di sa b le
Description Disables bridge support for the Ethernet 0 interface.
Example ACC1(interface)# b ri dg e d- s ta te disable
with Syntax
(interface) ip address
Command ACC1(interface)# i p a dd re s s [x . x. x .x y . y. y. y ]
Description Sets an IP address and subnet mask for the Ethernet 0 interface.
Parameters Enter a valid IP and subnet mask
Example AC C 1( in t er fa c e) # i p a dd re s s 100.100.23.2
with Syntax
255.255.255.255

(interface) link-mode
Command ACC1(config)#i nt e rf a ce e t he rn e t [0, 0/1, 0/0]
ACC1(interface)l in k -m o de
Description Sets the speed and duplex setting of the interface.
Parameters You can use any of the following speed settings:
• 1000Mbit-full
• 100Mbit-full
• 100Mbit-half
• 10Mbit-full
• 10Mbit-half
• auto
Example ACC1(config)#i nt e rf a ce e t he rn e t 0
with Syntax
ACC1(interface)l in k -m o de auto
R ev isi o n 3. 0
Link Commands
(LINK) acceleration, on page 571
(LINK) aggregation, on page 571
(LINK) cache-size large, on page 572
(LINK) checksum, on page 572
(LINK) force, on page 573
(LINK) fragmentation, on page 573
(LINK) header compression, on page 574
(LINK) header preservation, on page 574
(LINK) wan-id, on page 576
(LINK) header preservation tos, on page 575
(LINK) header preservation ttl, on page 576
(LINK) wan-id, on page 576

Command ACC1(config)#in te r fa c e li n k
Description Enters the Interface Link node.
Example ACC1(config)#in te r fa c e li n k
with Syntax
Related Commands • (LINK) acceleration, on page 571
• (LINK) aggregation, on page 571
• (LINK) cache-size large, on page 572
• (LINK) checksum, on page 572
• (LINK) force, on page 573
• (LINK) fragmentation, on page 573
• (LINK) header compression, on page 574
• (LINK) header preservation, on page 574
• (LINK) wan-id, on page 576
• (LINK) header preservation tos, on page 575
• (LINK) header preservation ttl, on page 576

(LINK) acceleration
Command ACC1(LINK)# ac ce l er at i on en ab l e/ di s ab l e
Description Sets the link to accelerate all traffic
Example ACC1(LINK)# ac ce l er at i on enable
with Syntax
(LINK) aggregation
Command AC C1 ( LI NK ) #a g gr eg a ti on au t o [n u mb er ]
Description Enables small packets to be aggregated on this link. If packets arrive smaller than the set size
(68 to 6000), the QoS mechanism aggregates them and sends them together across the link.
This only applies to traffic set with a CoS value of low, medium and high priority.
Aggregation is accomplished on outgoing packets before the packets are compressed, and
therefore you do not have to configure the aggregation symmetrically on both ends.
Aggregation is applied only on congested links, to avoid adding unnecessary latency on non-
problematic links.
Parameters Enter a valid number as described above, or Auto for the Accelerator to decide.
Example AC C1 ( LI NK ) #a g gr eg a ti on au t o 900
with Syntax
Related • (config) interface link, on page 570
Commands • (LINK) acceleration, on page 571
R ev isi o n 3. 0
(LINK) cache-size large

Command ACC1(LINK)# ca c he -s i ze l a rg e e na b le
Description Sets the link to work in Large cache size mode.
Example ACC1(LINK)# ca c he -s i ze l a rg e enable
with Syntax
• (LINK) acceleration, on page 571
(LINK) checksum
Command ACC1(LINK)# c he ck s um e n ab l e/ di s ab le
Description Includes a checksum in all packet transmissions. This setting is useful for high error rate
links and troubleshooting purposes.
Example ACC1(LINK)# c he ck s um enable
with Syntax

(LINK) force
Command ACC1(LINK)# f or c e e na bl e /d is a bl e
Description Sets the link to force all traffic into the tunnel.
Example ACC1(LINK)# f or c e enable
with Syntax
(LINK) fragmentation
Command A CC 1( L IN K )# fr a gm en t at i on a u to [ n um b er ]
Description Enables packets to be fragmented on this link. If packets arrive larger than the set size (68 to
6000), the QoS mechanism breaks them up. This setting is useful for handling latency on low
bandwidth links, and applies only to traffic set with a CoS value of low, medium and high
priority.
Fragmentation does not have to be configured symmetrically on both ends. Fragmentation is
accomplished on outgoing packets before the packets are compressed.
Parameters Enter a valid number as described above, or auto for the Accelerator to pick.
Example A CC 1( L IN K )# fr a gm en t at i on 900
with Syntax
Related • (config) interface link, on page 570
Commands • (LINK) acceleration, on page 571
R ev isi o n 3. 0
(LINK) header compression

Command ACC1(LINK)# h ea de r c om p re s si on
[ en a bl e| d is ab l e]
Description Enables or disables header compression
Example ACC1(LINK)# h ea de r c om p re s si on enable
with Syntax
(LINK) header preservation

Command ACC1(LINK)# h ea d er p r es er v at i on s r c
[ e na bl e |d is a bl e ]
Description Preserves the source IP address of the original IP header. This setting, which is useful
for Policy Routing, also enables distinguishing between sessions. The SRC setting is
disabled by default.
Example ACC1(LINK)# h ea d er p r es er v at i on
with Syntax
src enable

(LINK) header preservation ports

Command ACC1(LINK)# he a de r p re se r va t io n p or ts
[e n ab l e| di s ab le ]
Description Preserves the port settings.
Example ACC1(LINK)# he a de r p re se r va t io n ports enable
with Syntax
Related Commands
(LINK) header preservation tos

Command ACC1(LINK)# h ea de r p r es er v at io n t o s
[ en a bl e |d is a bl e]
Description TOS: Preserves the original ToS point settings - this is enabled by default.
Example ACC1(LINK)# h ea de r p r es er v at io n t o s enable
with Syntax
Related Commands
R ev isi o n 3. 0
(LINK) header preservation ttl

Command ACC1(LINK)# he ad e r p re se r va ti o n t tl
[e n ab le | di s ab le ]
Description TTL: Preserves the original TTL. This is disabled by default.
Example ACC1(LINK)# he ad e r p re se r va ti o n ttl enable
with Syntax
(LINK) wan-id
Command ACC1(LINK)#w an - id [ number/ de f au lt ]
Description Sets the WAN to which this Link is assigned.
Parameters Enter a valid IP, VRRP group number, and priority number
Example ACC1(LINK)#w an - id [ number/ de f au lt ]
with Syntax

Expand View Commands

This section demonstrates how to configure the Accelerator to work with
ExpandView NMS. For more information on ExpandView, contact your Expand
Networks supplier.
This section contains the following configuration options:
(config) expand-view, on page 577
(EVIEW) agent, on page 577
(EVIEW) IP address, on page 578
(EVIEW) port, on page 578
(EVIEW) show, on page 578
(config) expand-view
Command ACC1(config)# ex pa n d- v ie w
Description Enables/Disables interaction with ExpandView.
Example ACC1(config)# ex pa n d- v ie w
with Syntax
Related Commands • (EVIEW) agent, on page 577
• (EVIEW) IP address, on page 578
• (EVIEW) port, on page 578
• (EVIEW) show, on page 578
(EVIEW) agent
Command AC C 1( E VI EW ) # ag e nt [e na b le /d i sa b le ]
Description Enables/Disables interaction with ExpandView.
Example AC C 1( E VI EW ) # ag e nt enable
with Syntax
Related Commands • (config) expand-view, on page 577
R ev isi o n 3. 0
(EVIEW) IP address
Command A CC 1 (E VI E W) # I P ad d re s s [x . x. x. x ]
Description Sets the address of the ExpandView server in an Accelerator.
Parameters Enter a valid IP address of the ExpandView server
Example A CC 1 (E VI E W) # I P ad d re s s 100.100.25.5
with Syntax
• (EVIEW) agent, on page 577
(EVIEW) port
Command A CC 1 (E VI E W) # p or t [ xx x x]
Description Sets the port to use for interaction with the ExpandView server.
Parameters Enter a legal port number that should be used to interact with the ExpandView server.
Example A CC 1 (E VI E W) # p or t 81
with Syntax
(EVIEW) show
Command AC C 1( EV I EW )# sh ow
Description Verifies whether the unit is connected to ExpandView.
Example AC C 1( EV I EW )# show
with Syntax
Note: For more information on ExpandView, please refer to the ExpandView

i user guide.

SNMP Commands
This section contains the following configuration options:
(config) snmp change-v3-password, on page 579
(config) snmp community access, on page 580
(config) snmp enable, on page 580
(config) snmp trap community, on page 581
(config) snmp traps, on page 581
(config) snmp change-v3-password

Command ACC1(config)#s nm p c h an ge - v3 -p a ss w or d
Description Sets the password SNMP v.3 password. The default password is
expand_initial_password and should be changed.
Parameters Enter a valid password as described above.
Example ACC1(config)#s nm p c h an ge - v3 -p a ss w or d
with Syntax
expand_initial_password
Related Commands • (config) snmp community access, on page 580
• (config) snmp enable, on page 580
• (config) snmp trap community, on page 581
• (config) snmp traps, on page 581
Note: When monitoring for specific MIBs, add the index number of the
i processor even if only one processor exists. Failing to add the index number
results in an error message.
For example: using the snmpget command with the syntax
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3
returns the following error:
There is no such variable name in this MIB.
Failed object: SNMPv2-SMI:enterprises.3405.1.3.1.1.2.1.3

The correct string would be:
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3.1 <processor id>
R ev isi o n 3. 0
(config) snmp community access

Command ACC1(config)#s nm p c om m un it y [ na m e] ac ce s s
[ re a d- on l y/ r ea d- w ri te ]
Description Sets the name of the SNMP community (a group of users that are granted access to
certain Accelerator devices). Each SNMP community can have either read-only or read-
write authorization. The default community is Public, and its authorization is read-write.
Parameters Enter a valid name and access type as described above.
Example ACC1(config)#s nm p c om m un it y Public access read-
with Syntax
write
Related Commands • (config) snmp change-v3-password, on page 579
(config) snmp enable

Command ACC1(config)#s n mp e n ab le / di s ab le
Description Enables/Disables SNMP support in the Accelerator.
Example ACC1(config)#s n mp enable
with Syntax
• (config) snmp community access, on page 580

(config) snmp trap community
Note: If, after defining snmp trap manager-ip, snmp read community or snmp
i trap community, you want to clear these values, use the no command to
reverse this definition. For example: no snmp read community [name]
Command ACC1(config)#s nm p t r ap c o mm un i ty [n am e ]
Description Sets the name of the SNMP trap community. The default is Public.
Parameters Enter a valid name as described above.
Example ACC1(config)#s nm p t r ap c o mm un i ty public
with Syntax
(config) snmp traps

Command ACC1(config)#sn m p t ra ps en ab l e/ di s ab l e
Description Enables/Disables SNMP trap support.
Example ACC1(config)#sn m p t ra ps enable
with Syntax
R ev isi o n 3. 0
Log Commands
(config) logging, on page 582
(logging) mail active, on page 583
(logging) mail from, on page 584
(logging) mail recipient, on page 584
(logging) mail server ip, on page 585
(logging) mail server port, on page 585
(logging) mail severity, on page 586
(logging) syslog active, on page 586
(logging) syslog facility, on page 587
(logging) syslog server ip, on page 587
(logging) syslog severity maximum, on page 588
(logging) syslog severity minimum, on page 588
(config) logging

Command ACC1(config)#l og g in g
Description Enters the Logging node.
Example ACC1(config)#l og g in g
with Syntax
Related Commands • (logging) mail active, on page 583
• (logging) mail from, on page 584
• (logging) mail recipient, on page 584
• (logging) mail server ip, on page 585
• (logging) mail server port, on page 585
• (logging) mail severity, on page 586
• (logging) syslog active, on page 586
• (logging) syslog facility, on page 587
• (logging) syslog server ip, on page 587
• (logging) syslog severity maximum, on page 588
• (logging) syslog severity minimum, on page 588
(logging) mail active

Command ACC1(logging)#m a il a c ti v e [d i sa bl e | en ab l e]
Description Sets the Accelerator to send email notification when events and alerts are received
Example ACC1(logging)#m a il a c ti v e enable
with Syntax
Related Commands • (config) logging, on page 582
R ev isi o n 3. 0
(logging) mail from

Command ACC1(logging)#ma il fr om [ name]
Description Sets the name to appear in the From field of emails sent from the Accelerator.
Parameters Enter a valid password as described above.
Example ACC1(logging)#ma il fr om [ name]
with Syntax
• (logging) mail active, on page 583
(logging) mail recipient

Command ACC1(logging)#m ai l r ec i pi en t [ name]
Description Sets the name to appear in the To field of emails sent from the Accelerator.
Parameters Enter a valid email address as described above.
Example ACC1(logging)#m ai l r ec i pi en t
with Syntax
username@emailaddress.com

(logging) mail server ip

Command ACC1(logging)#m ai l s er v er i p [ ip address (x.x.x.x)]
Description Sets the IP address of the mail server.
Parameters Enter a valid IP address as described above.
Example ACC1(logging)#m ai l s er v er i p 100.100.50.8
with Syntax
(logging) mail server port

Command ACC1(logging)#m a il s e rv er po r t[ port number]
Description Sets the port of the mail server.
Parameters Enter a valid port number as described above.
Example ACC1(logging)#m a il s e rv er po r t 86
with Syntax
R ev isi o n 3. 0
(logging) mail severity

Command ACC1(logging)#m ai l s ev e ri ty mi ni m um [i nf o |
w ar n in g | e r ro r | f a ta l] ma xi m um [e rr o r |
f at a l | i nf o | w a rn i ng ]
Description Defines which events are sent, from the minimum to the maximum. Log events are as
follows:
• info - informational events
• warning - warnings
• error - errors in acceleration
• fatal - fatal errors
Parameters Enter the event as described above.
Example ACC1(logging)#m ai l s ev e ri ty minimum info
with Syntax
maximum fatal
(logging) syslog active

Command ACC1(logging)#s y sl og ac t iv e [ di sa b le |
en ab l e]
Description Enables Syslog events to be sent.
Example ACC1(logging)#s y sl og ac t iv e enable
with Syntax

(logging) syslog facility

Command ACC1(logging)#sy sl o g f ac il i ty [ number]
Description Sets the Syslog facility number.
Parameters Enter a valid number
Example ACC1(logging)#sy sl o g f ac il i ty 23
with Syntax
(logging) syslog server ip

Command ACC1(logging)#s ys l og s e rv e r ip [ IP address
(x.x.x.x)]
Description Sets the IP address of the Syslog server.
Parameters Enter a valid IP address as described above.
Example ACC1(logging)#s ys l og s e rv e r ip 100.100.20.3
with Syntax
R ev isi o n 3. 0
(logging) syslog severity maximum

Command ACC1(logging)#s y sl og se v er it y m ax i mu m
Description Defines which events to send, from the minimum to the maximum. Use in conjunction
with severity minimum.
Parameters Enter a valid event:
• info
• warning
• error
• fatal
Example ACC1(logging)#s y sl og se v er it y maximum warning
with Syntax
maximum error
(logging) syslog severity minimum

Command ACC1(logging)#s y sl og se v er it y m in i mu m
Description Defines which events to send, from the minimum to the maximum. Use in conjunction
with severity maximum.
Parameters Enter a valid event:
• info
• warning
• error
• fatal
Example ACC1(logging)#s y sl og se v er it y minimum warning
with Syntax
maximum error

Log Archives Commands

The log archive creation does not have its own mode, and can be carried out either
from the Enable or Config nodes. the examples below are done from the Enable
node.
log archive, on page 589
log archive delete, on page 589
log upload, on page 590
show log archive, on page 590
log archive
Command ACC1#lo g a r ch iv e [ pr e fi x ]
Description Enables creating a log archive.
To insert your selected prefix, type this prefix in the WORD field.
Parameters Enter a valid prefix if desired
Example ACC1#lo g a r ch iv e myprefix
with Syntax
Related Commands • log archive delete, on page 589
• log upload, on page 590
• show log archive, on page 590
log archive delete

Command ACC1#lo g a rc hi v e [ de le t e] [ f il e na me ] | [ a ll ]
Description Enables deleting a log archive.
You can select between the following options:
• WORD - to delete a specific file.
• all - to delete all files.
Parameters Enter a specific file name or All to delete all files as described above.
Example ACC1#lo g a rc hi v e delete all
with Syntax
Related Commands • log archive, on page 589
R ev isi o n 3. 0
log upload
Command ACC1#l og u p lo ad [m e th od ] [ fi l en a me ] |
[ la te s t] [d es t in at i on ]
Description Lets you select the parameters for uploading log archive files: which method to use,
which files to upload, and the requested destination.
The optional values are as follows:
• Method - FTP, SFTP, TFTP and SCP
• Filename - to select a specific file.
• Latest - to upload the latest generated log archive.
• Destination - the destination of the file.
Parameters Enter parameters as described above
Example ACC1#l og u p lo ad FTP myfilename latest
with Syntax
T:\\mynetworkdrive
• log archive delete, on page 589
show log archive

Command ACC1#s ho w l og a r ch i ve
Description Lets you view all archived log files, including name, size and time stamp.
Example ACC1#s ho w l og a r ch i ve
with Syntax
• log archive delete, on page 589

Configuration Tool Commands

The following topics are available:
(config) copy startup-config running-config, on page 591
(config) erase startup configuration, on page 592
(config) ping, on page 592
(config) show tech-support, on page 593
(config) traceroute, on page 593
(config) traceroute host, on page 594
(config) write startup-config, on page 594
(config) write terminal, on page 594
(config) copy startup-config running-config

Command ACC1(config)#co p y s ta rt u p- co n fi g r un n in g-
c on f ig
Description Reverts the running configuration to the last saved startup configuration.
Example ACC1(config)#co p y s ta rt u p- co n fi g r un n in g-
with Syntax
c on f ig
Related Commands • (config) erase startup configuration, on page 592
• (config) ping, on page 592
• (config) show tech-support, on page 593
• (config) traceroute, on page 593
• (config) traceroute host, on page 594
• (config) write startup-config, on page 594
• (config) write terminal, on page 594
R ev isi o n 3. 0
(config) erase startup configuration

Command ACC1(config)#e ra se st ar t up co nf i gu ra t io n
Description Restores the Accelerator’s configuration to the Factory Default Settings.
Example ACC1(config)#e ra se st ar t up co nf i gu ra t io n
with Syntax
Related Commands • (config) copy startup-config running-config, on page 591
(config) ping
Command ACC1(config)#pi n g [ ip (x.x.x.x) | hostname]
Description Pings network devices
Parameters Enter a valid IP and host
Example ACC1(config)#pi n g 100.100.10.4 myhostname
with Syntax
• (config) erase startup configuration, on page 592

(config) show tech-support

Command ACC1(config)#s h ow t e ch - su pp o rt [ c on t in uo u s]
Description Gathers troubleshooting statistics from the Accelerator. Press More to view additional
output each time; alternatively, add the parameter continuous, to enable continuous
output.
Parameters Only add the continuous parameter if you want continuous output
Example ACC1(config)#s h ow t e ch - su pp o rt continuous
with Syntax
Related • (config) copy startup-config running-config, on page 591
Commands • (config) erase startup configuration, on page 592
(config) traceroute
Command ACC1(config)#t r ac er o ut e [ ip (x.x.x.x) | hostname]
Description Sends a traceroute to network devices
Example ACC1(config)#t r ac er o ut e 100.100.10.4 myhostname
with Syntax
R ev isi o n 3. 0
(config) traceroute host

Command A CC 1( c on fi g )# tr ac e ro ut e [ h os t]
Description Displays the route to a remote machine
Parameters Enter a valid host, where [host] represents the machine host’s name.
Example A CC 1( c on fi g )# tr ac e ro ut e
with Syntax
(config) write startup-config

Command A CC 1 (c o nf ig ) #w ri t e s ta rt u p- co n fi g
Description Saves the running configuration as the startup configuration.
Example A CC 1 (c o nf ig ) # write startup-config
with Syntax
(config) write terminal

Command A CC 1 (c on f ig )# w ri t e te r mi na l
Description Displays the running configuration on the terminal screen (similar to the show
startup-config command).
Example A CC 1 (c on f ig )# write terminal
with Syntax

Accdump Commands
The following configuration options are available:
(config) accdump, on page 595
(ACCDUMP) ipaccdump enable, on page 596
(ACCDUMP) ip tcpdump files-number, on page 597
(ACCDUMP) ip tcpdump files-number, on page 597
(ACCDUMP) ip tcpdump file-size, on page 597
(ACCDUMP) ip tcpdump filter, on page 598
(ACCDUMP) ip tcpdump flags, on page 598
(ACCDUMP) ip tcpdump filter, on page 598
(ACCDUMP) ip tcpdump upload, on page 599
(config) accdump
Command A CC 1( c on fi g )# a cc du m p
Description Enters the Accdump node.
Example A CC 1( c on fi g )# accdump
with Syntax
Related • (ACCDUMP) ipaccdump enable, on page 596
Commands • (ACCDUMP) ip tcpdump files-number, on page 597
• (ACCDUMP) ip tcpdump files-number, on page 597
• (ACCDUMP) ip tcpdump file-size, on page 597
• (ACCDUMP) ip tcpdump filter, on page 598
• (ACCDUMP) ip tcpdump flags, on page 598
• (ACCDUMP) ip tcpdump upload, on page 599
R ev isi o n 3. 0
(ACCDUMP) ipaccdump enable

Command ACC1(ACCDUMP)#i p a cc du m p en a bl e |d is a bl e
Description Enables or disables accdump.
Note: If you choose enable, all values you configured do not affect the database. The
database is being updated only after you carry out the exit command.
Example ACC1(ACCDUMP)#i p a cc du m p enable
with Syntax
Related • (config) accdump, on page 595
Commands • (ACCDUMP) ip tcpdump files-number, on page 597
(ACCDUMP) ip tcpdump files-format

Command ACC1(accdump)#i p t cp d um p f il e s- fo r ma t
Description Configures the tcpdump file format.
The available types are:
• Pcap (saves the default format)
• enc (re-formats the file)
Example ACC1(accdump)#i p t cp d um p f il e s- fo r ma t enc
with Syntax
Commands • (ACCDUMP) ipaccdump enable, on page 596

(ACCDUMP) ip tcpdump files-number

Command ACC1(accdump)#i p t cp d um p f il e s- nu m be r a ut o /
[ number]
Description Configures the tcpdump file number. Possible values are 1 to 1000. If you type auto,
the system sets the file number and file size to default (100 and 10MB, respectively).
Parameters Enter a valid number or auto as described above
Example ACC1(accdump)#i p t cp d um p f il e s- nu m be r auto
with Syntax
(ACCDUMP) ip tcpdump file-size

Command ACC1(accdump)#ip tc p du mp fi le - si z e [ number]
Description Configures the tcpdump file size. Possible values are 1 to 1000 MB.
Parameters Enter a valid number as described above.
Example ACC1(accdump)#ip tc p du mp fi le - si z e 500
with Syntax
R ev isi o n 3. 0
(ACCDUMP) ip tcpdump filter

Command ACC1(accdump)#i p t cp d um p f il t er [ f il te r
ex pr e ss io n ]
Description Lets you capture only specific packets into the tcpdump files by using filter
expressions in the formats acceptable by the system, such as net_10.2.3.0/
24_and_port_20. or host_10.2.3.4_and_pronto 17.
Parameters Enter a valid expression
Example ACC1(accdump)#i p t cp d um p f il t er net_10.2.3.0
with Syntax
(ACCDUMP) ip tcpdump flags

Command ACC1(accdump)#ip tc p du mp fl ag s ( f l a g n a m e)
Description Lets you select tcpdump optional flags. For a detailed description of the optional flags,
see in the appendix,TCPDump Optional Flags, on page 407
Parameters Enter a flag name as described in the appendix, TCPDump Optional Flags, on page 407
Example ACC1(config)#tr a ce r ou te 100.100.10.4 myhostname
with Syntax
• (ACCDUMP) ip tcpdump interface, on page 599

(ACCDUMP) ip tcpdump interface

Command ACC1(accdump)#i p t cp du m p in t er f ac e[ i nt er f ac e
n am e ]
Description Lets you select an option for an interface:
Parameters Enter a valid interface as follows:
• any - capture packets from all interfaces.
• eth-local - capture packets from local interfaces.
• eth0 - captures packets from ethernet 0
• eth0/0 - captures packets from ethernet 0/0
• eth0/0 - captures packets from ethernet 0/1
• internal - captures packets from internal interfaces
Example ACC1(accdump)#i p t cp du m p in t er f ac e any
with Syntax
(ACCDUMP) ip tcpdump upload

Command ACC1(accdump)#ip t c pd u mp u p lo ad [m e th od ]
[f i le ] [ de s ti na t io n ]
Description Lets you select the parameters for uploading tcpdump files: which method to use, which
files to upload, and the requested destination.
The optional values are as follows:
• Method - FTP, SFTP, TFTP and SCP
• File - one of the accdump files
• Destination - like in the Copy operation: user.password@ip/
file_destination_path
Example ACC1(accdump)#ip t c pd u mp u p lo ad FTP myfile
with Syntax
T:\mynetworkdrive
R ev isi o n 3. 0
RDP Proxy Commands

The following configuration options are available:
(remote-desktop-proxy) copy certificate, on page 600
(remote-desktop-proxy) default certificate, on page 601
(remote-desktop-proxy) exclude, on page 601
(remote-desktop-proxy) excluded-servers, on page 602
(remote-desktop-proxy) no <removal parameter>, on page 602
(remote-desktop-proxy) proxy, on page 603
(remote-desktop-proxy) show, on page 603
(remote-desktop-proxy) copy certificate

Command AC C 1( re m ot e- d es k to p- p ro xy ) # c op y c er ti f ic a te
Description Copies a saved authentication certificate.
Parameters Use one of the following methods:
• scp
• sftp
• tftp
• ftp
• http
In th e f ol lo w in g f or m at :
co p y ce r ti fi c at e [ pr o to co l t o b e u se d]
us e rn am e :p as s wo r d@ [v a li d s er v er I P a dd r es s ]/
[c e rt if i ca te fi l e pa t h an d n a me ]
Note that the ‘user name’ and ‘password’ may not be needed for all copying methods
Example Ac c (r em o te -d e sk t op -p r ox y) # copy certificate http
with Syntax
myuser:mypassword@1.2.3.4/certs/certificate-file-name-
03.txt
Related • (remote-desktop-proxy) copy certificate, on page 600
Commands • (remote-desktop-proxy) default certificate, on page 601
• (remote-desktop-proxy) exclude, on page 601
• (remote-desktop-proxy) excluded-servers, on page 602
• (remote-desktop-proxy) no <removal parameter>, on page 602
• (remote-desktop-proxy) proxy, on page 603
• (remote-desktop-proxy) show, on page 603

(remote-desktop-proxy) default certificate

Command AC C 1( re m ot e -d es k to p- p ro x y) # d ef a ul t c er t if i ca te
Description Enables or disables the authentication certificate.
Example AC C 1( re m ot e -d es k to p- p ro x y) # de f au lt c e rt if i ca te
with Syntax
en a bl e
Commands • (remote-desktop-proxy) exclude, on page 601
(remote-desktop-proxy) exclude
Command A CC 1( r em ot e -d e sk to p -p ro x y) ex cl u de
[ cl ie n t| se r ve r |w or d |I P]
Description This allows you to exclude a specific server, client, or subnet from the RDP services. Note
that enabling other services on an excluded machine will have to be done by hand.
Parameters Enter one of the following parameters:
• Client - choose client to exclude the client
• Server - choose server to exclude the server
• Word - server’s logical name
• IP - IP address of the server or subnet
Example ACC1(remote-desktop-proxy)# exclude client 120.44.10.2
with Syntax
R ev isi o n 3. 0
(remote-desktop-proxy) excluded-servers
Command AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs
Description This allows you to clear the servers from the excluded servers table. This action clears all of
the servers that are on the list in a single execution.
Parameters Clear to clear, and when prompted enter Y or N to continue or cancel.
Example AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs
with Syntax
cl e ar
Wa r ni ng : T hi s o p er at i on w i ll de le t e al l
ex c lu de d s er v er s .
Ar e y ou su re ? ( y /n ) Y
(remote-desktop-proxy) no <removal
parameter>
Command A CC 1( r em ot e -d e sk to p -p ro x y) # n o < re mo v al
p ar am e te r>
Description This allows you to clear the servers from the excluded servers table. This action clears all of
the servers that are on the list in a single execution.
Parameters enter one of the following commands:
• Default certificate - to remove the default authentication certificate
• Exclude - to remove the exclude servers
• Proxy - disables the RDP Proxy
Example A CC 1( r em ot e -d e sk to p -p ro x y) # n o d ef au l t
with Syntax
c er ti f ic at e

(remote-desktop-proxy) proxy
Command A CC 1 (r em o te -d e sk t op -p r ox y) # p r ox y
Description Enables or disables the RDP service
Parameters Enable to enable Disable to Disable
Example A CC 1 (r em o te -d e sk t op -p r ox y) # proxy enable
with Syntax
(remote-desktop-proxy) show
Command A CC 1( r em o te -d e sk to p -p ro x y) # s ho w
Description Shows the RDP service status
Parameters • Proxy - for proxy status
• Remote-desktop-proxy for RDP status
Example A CC 1( r em o te -d e sk to p -p ro x y) # sh remote-desktop-proxy
with Syntax
The following screen appears (in this example the RDP status is shown):
Proxy.............................enable
Default certificate...............enable
Proxy statistics
-----------------------------------------------------
Peak number of concurrent sessions: 3
Current number of sessions: 1
Average RDP PDU size: 952.43
Max RDP PDU size: 15452
-----------------------------------------------------
No Remote Desktop Proxy excluded servers exist.
For an explanation on the statistics output, see Collecting RDP Proxy Statistics, on
page 272.
R ev isi o n 3. 0
Configuring WAFS
Most of the WAFS configuration is done through the CLI, letting you display and
manage printing devices and printing authorizations.
Basic Operation Commands, on page 605
Print Administration Commands, on page 609
Printer Driver Commands, on page 611
CUPS Commands, on page 613
Printer Port Commands, on page 614
Printer Management Commands, on page 617
WAFS Transparency Commands, on page 619
Excluded Server Commands, on page 620
CIFS Commands, on page 621
Compression Filter Commands, on page 622
Time and Date Commands, on page 623
Additional Commands, on page 624
Fetch Commands, on page 627
FileBank Director Commands, on page 628
WAFS Help Commands, on page 632
WAFS Licensing Commands, on page 633
WAFS Log File Commands, on page 634
Replication Service Commands, on page 639
Replication User Commands, on page 646
Event Scheduling Commands, on page 652
Service Management Commands, on page 655
Software Commands, on page 659
Statistic Commands, on page 660
Stf_filter Commands, on page 661
Transaction Monitoring Commands, on page 663
TTCP Commands, on page 664
User Commands, on page 666
Virtual Memory Statistic Commands, on page 667
Wins Commands, on page 668

Configuring WAFS 605
Basic Operation Commands

These commands require a confirmation. The following commands are available:
{hostname}:filecontroller0# exit, on page 605
{hostname}:filecontroller0# ping [host], on page 605
{hostname}:filecontroller0# reboot, on page 606
{hostname}:filecontroller0# restart, on page 606
{hostname}:filecontroller0# shutdown, on page 606
{hostname}:filecontroller0# start, on page 607
{hostname}:filecontroller0# stop, on page 607
{hostname}:filecontroller0# exit
Command { ho st n am e} : fi l ec on t ro ll e r0 # [ ex i t| qu i t]
Description Logs out from shell.
Example { ho st n am e} : fi l ec on t ro ll e r0 # quit
with Syntax
Related • {hostname}:filecontroller0# ping [host], on page 605
Commands • {hostname}:filecontroller0# reboot, on page 606
• {hostname}:filecontroller0# restart, on page 606
• {hostname}:filecontroller0# shutdown, on page 606
• {hostname}:filecontroller0# start, on page 607
• {hostname}:filecontroller0# stop, on page 607
{hostname}:filecontroller0# ping [host]

Command {h o st n am e} : fi le c on t ro ll e r0 # p in g [ ho s t]
Description Pings a remote machine.
Example {h o st n am e} : fi le c on t ro ll e r0 # ping 122.222.22
with Syntax
Related • {hostname}:filecontroller0# exit, on page 605
Commands • {hostname}:filecontroller0# reboot, on page 606
R ev isi o n 3. 0
{hostname}:filecontroller0# reboot
Command { ho s tn am e }: fi l ec o nt ro l le r0 # r e bo ot
Description Reboots the WAFS module.
Parameters No additional parameters are needed
Example { ho s tn am e }: fi l ec o nt ro l le r0 # reboot
with Syntax
Commands • {hostname}:filecontroller0# ping [host], on page 605
{hostname}:filecontroller0# restart
Command {h o st na m e} : fi le c on tr o ll e r0 # r es ta r t
Description Stops and then restarts the application.
Example {h o st na m e} : fi le c on tr o ll e r0 # restart
with Syntax
• {hostname}:filecontroller0# reboot, on page 606
{hostname}:filecontroller0# shutdown
Command { h os tn a me }: f il ec o nt r ol le r 0# s h ut d ow n
Description Shuts down the system.
Example { h os tn a me }: f il ec o nt r ol le r 0# shutdown
with Syntax

{hostname}:filecontroller0# start
Command { ho st n am e} : fi l ec on t ro ll e r0 # s ta r t
Description Starts the WAFS module on the logged device.
Example { ho st n am e} : fi l ec on t ro ll e r0 # start
with Syntax
{hostname}:filecontroller0# stop
Command { ho st n am e }: fi l ec on t ro l le r0 # s to p
Description Stops the WAFS module on the logged device.
Example { ho st n am e }: fi l ec on t ro l le r0 # stop
with Syntax
R ev isi o n 3. 0
Cache Commands
Manages and displays cache-related information. The following commands are
available:
{hostname}:filecontroller0# cache invalidate, on page 608
{hostname}:filecontroller0# cache [show], on page 608
{hostname}:filecontroller0# cache ttl set, on page 608
{hostname}:filecontroller0# cache invalidate

Command { h os tn a me }: f il e co nt r ol le r 0# c ac he in va l id a te
Description Resets the TTL for the cached information, thereby forcing the FB to validate the
updated information with the EFS.
Parameters Enter a valid parameter as described above.
Example { h os tn a me }: f il e co nt r ol le r 0# c ac he invalidate
with Syntax
Related • {hostname}:filecontroller0# cache [show], on page 608
Commands • {hostname}:filecontroller0# cache ttl set, on page 608
{hostname}:filecontroller0# cache [show]

Command {h o st na m e} :f i le c on tr o ll er 0 #c a ch e s ho w
Description Displays cache-related information.
Example {h o st na m e} :f i le c on tr o ll er 0 #c a ch e show
with Syntax
Related • {hostname}:filecontroller0# cache invalidate, on page 608
Commands • {hostname}:filecontroller0# cache ttl set, on page 608
{hostname}:filecontroller0# cache ttl set

Command { h os tn a me }: f il e co nt r ol le r 0# c ac he tt l s et
Description Displays or sets cache Time To Live for directories or files.
Parameters The Time To Live is expressed in seconds, where the default is 1800 (30 minutes) and
the Maximum is 14,400. The specific directory and file must be included.
Example { h os tn a me }: f il e co nt r ol le r 0# c ac he tt l s et c /
with Syntax
m y fi le s .t xt 25 0 0
Related • {hostname}:filecontroller0# cache invalidate, on page 608
Commands • {hostname}:filecontroller0# cache [show], on page 608

Print Administration Commands

{hostname}:filecontroller0# printing admins add group, on page 609
{hostname}:filecontroller0#printing admins add user, on page 609
{hostname}:filecontroller0#printing admins list, on page 610
{hostname}:filecontroller0# printing devices list, on page 610
{hostname}:filecontroller0#printing drivers show, on page 610
{hostname}:filecontroller0# printing admins add

group
Command {h o st na m e} :f i le c on tr o ll er 0 # pr i nt in g a dm i ns
ad d |d el e te g r ou p { [d o ma in \ ]u s er }
Description Lets you add or delete printer administrators’ groups.
Parameters Enter the username/group for the printer administrator
Example {h o st na m e} :f i le c on tr o ll er 0 # printing admins add
with Syntax
group {[www.mydomain.com\]myusername}
Related • {hostname}:filecontroller0#printing admins add user, on page 609
Commands • {hostname}:filecontroller0#printing admins list, on page 610
• {hostname}:filecontroller0# printing devices list, on page 610
• {hostname}:filecontroller0#printing drivers show, on page 610
{hostname}:filecontroller0#printing admins add

user
Command { ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g a dm i ns
a dd us er
Description Lets you add or delete printer administrators users.
Parameters Use the following parameters:
• Add - adds a user
• Delete - deletes a user
• Domain - a valid domain address
• User - the username of the account you want to have administrative status.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # printing admins add
with Syntax
user {[www.mydomain.com\]myusername}
Related • {hostname}:filecontroller0# printing admins add group, on page 609
Commands • {hostname}:filecontroller0#printing admins list, on page 610
R ev isi o n 3. 0
{hostname}:filecontroller0#printing admins list

Command {h o st na m e} :f i le co n tr o ll er 0 #p ri n ti n g ad m in s
li s t
Description Displays a list of printer administrators’ users and groups
Example {h o st na m e} :f i le co n tr o ll er 0 #p ri n ti n g ad m in s
with Syntax
li s t
Commands • {hostname}:filecontroller0#printing admins add user, on page 609
{hostname}:filecontroller0# printing devices list

Command {h o st na m e} : fi le c on tr o ll e r0 # p ri nt i ng de vi c es
li s t
Description Shows information regarding locally connected printers.
Example {h o st na m e} : fi le c on tr o ll e r0 # printing devices
with Syntax
list
• {hostname}:filecontroller0#printing admins list, on page 610
{hostname}:filecontroller0#printing drivers
show
Command { h os tn a me }: f il e co nt r ol le r 0# pr i nt i ng d r iv er s
s h ow
Description Displays the status of the printing drivers.
Example { h os tn a me }: f il e co nt r ol le r 0# pr i nt i ng d r iv er s
with Syntax
show
• {hostname}:filecontroller0#printing admins list, on page 610

Printer Driver Commands

{hostname}:filecontroller0# printing drivers migrate, on page 611
{hostname}:filecontroller0# printing drivers set local, on page 612
{hostname}:filecontroller0# printing drivers set local, on page 612
{hostname}:filecontroller0# printing drivers set remote, on page 612
{hostname}:filecontroller0# printing drivers set server, on page 612
{hostname}:filecontroller0# printing drivers

migrate
Command {h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng dr iv e rs
mi gr a te { d om a in |u s er }
Description Use domain user to migrate drivers from File Server to the File Bank
Parameters Enter a valid UserID and domain name
Example {h os t na me } :f i le co n tr ol l er 0 # printing drivers
with Syntax
migrate www.mydomain.com myusername
Related • {hostname}:filecontroller0# printing drivers set local, on page 612
Commands • {hostname}:filecontroller0# printing drivers set local, on page 612
• {hostname}:filecontroller0# printing drivers set remote, on page 612
• {hostname}:filecontroller0# printing drivers set server, on page 612
{hostname}:filecontroller0# printing drivers set

client
Command {h os t na m e} :f i le co n tr o ll er 0 # pr in t in g dr i ve rs
se t c li e nt
Description Setting manual mode for client driver installation.
Example {h os t na m e} :f i le co n tr o ll er 0 # pr in t in g dr i ve rs
with Syntax
se t c li e nt
Related • {hostname}:filecontroller0# printing drivers migrate, on page 611
R ev isi o n 3. 0

local
Command {h o st na m e} : fi le c on tr o ll e r0 # pr i nt in g d ri ve r s
se t l oc a l
Description Store uploaded printer drivers on local print $ share (on the File Bank).
Example {h o st na m e} : fi le c on tr o ll e r0 # pr i nt in g d ri ve r s
with Syntax
se t l oc a l

remote
Command {h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng dr iv e rs
se t r em ot e
Description Store uploaded printer drivers on remote print $ share (on the File Server).
Parameters Enter a valid UserID and domain name
Example {h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng dr iv e rs
with Syntax
se t r em ot e
• {hostname}:filecontroller0# printing drivers set local, on page 612

server
Command { ho s tn am e }: fi l ec o nt ro l le r0 # p ri n ti n g dr i ve rs
s et se rv e r
Description Setting point and print mode for client driver installation.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # p ri n ti n g dr i ve rs
with Syntax
s et se rv e r
• {hostname}:filecontroller0# printing drivers set local, on page 612

CUPS Commands
{hostname}:filecontroller0# printing restart, on page 613
{hostname}:filecontroller0# printing status, on page 613
{hostname}:filecontroller0# printing restart

Command {h os t na me } :f i le co n tr ol l er 0 # p r in ti n g r e st ar t
Description Restarts the CUPS service, which is responsible for the print spooling and processing
in the system.
Example {h os t na me } :f i le co n tr ol l er 0 # pr i nt in g restart
with Syntax
Related • {hostname}:filecontroller0# printing status, on page 613
Commands
{hostname}:filecontroller0# printing status

Command { ho s tn a me }: f il ec o nt r ol le r 0# p r in t in g s ta tu s
Description Checks the status of the CUPS service. This command checks only whether this
service is supposed to run, and not the service’s actual state
Example { ho s tn a me }: f il ec o nt r ol le r 0# p r in t in g s ta tu s
with Syntax
Related • {hostname}:filecontroller0# printing restart, on page 613
Commands
R ev isi o n 3. 0
Printer Port Commands

{hostname}:filecontroller0# printing port add, on page 614
{hostname}:filecontroller0# printing ports, on page 614
{hostname}:filecontroller0# printing printers add, on page 615
{hostname}:filecontroller0# printing printers delete, on page 615
{hostname}:filecontroller0# printing settings force, on page 616
{hostname}:filecontroller0# printing port add

Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p or t
[d e le t e| ad d ][ na m e]
Description Lets you add or delete a printing port. The default port - Accelerator Local Port - cannot
be modified or deleted.
Parameters Enter a valid printing port name
Example {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g po r t a d d
with Syntax
Accelerator Local Port2
Related • {hostname}:filecontroller0# printing ports, on page 614
Commands • {hostname}:filecontroller0# printing printers add, on page 615
• {hostname}:filecontroller0# printing printers delete, on page 615
• {hostname}:filecontroller0# printing settings force, on page 616
{hostname}:filecontroller0# printing ports

Command { h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng p o rt s
Description Displays the list of the existing printer ports, with their names and URI. Accelerator
Local Port is the default printer port, which appears always, and only its name is
displayed. All other printers added afterwards appear with both their names and URIs
Example { h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng p o rt s
with Syntax
Related • {hostname}:filecontroller0# printing port add, on page 614
Commands • {hostname}:filecontroller0# printing printers add, on page 615

{hostname}:filecontroller0# printing printers add

Command { h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng pr in t er s
a d d [n a me ] [ UR I |I D] [d es c ri p ti on ]
Description Adds a specific printer, including the printer’s alphanumeric name, URI or ID and
(optionally) a textual description.
Parameters Enter a valid printer name, URI, ID and a description.
Example { h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng pr in t er s
with Syntax
a d d myprinter laserjet
Commands • {hostname}:filecontroller0# printing ports, on page 614
{hostname}:filecontroller0# printing printers

delete
Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p ri nt e rs
de l et e [ na m e]
Description Deletes a specific printer by indicating the printer’s alphanumeric name.
Parameters Enter the printer name
Example {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p ri nt e rs
with Syntax
de l et e myprinter
• {hostname}:filecontroller0# printing printers add, on page 615
R ev isi o n 3. 0
{hostname}:filecontroller0# printing settings

force
Command {h o st na m e} :f i le c on tr o ll er 0 #p r in ti n g s et ti n gs
fo r ce [ s ho w] [e n ab le | di sa b le ]
Description Prevents the Windows Client from renaming the printer when uploading a new driver.
Changing this setting requires restarting SAMBA. You should pay attention to the
warning that appears in the CLI: “Changing this setting may cause clients that are
connected to exported printer queues to be unable to print until they delete and
reconnect to the print queue”
Parameters Show to show settings, Enable to enable, or Disable to disable.
Example {h o st na m e} :f i le c on tr o ll er 0 #p r in ti n g s et ti n gs
with Syntax
fo r ce show
• {hostname}:filecontroller0# printing printers add, on page 615

Printer Management Commands

{hostname}:filecontroller0# printing printers list, on page 617
{hostname}:filecontroller0# printing printers set, on page 617
{hostname}:filecontroller0# printing printers testpage, on page 618
{hostname}:filecontroller0# printing printers list

Command {h o st na m e} :f i le c on tr o ll er 0 #p r in ti n g
pr i nt er s [ li s t]
Description Displays a list of all printers.
Example {h o st na m e} :f i le c on tr o ll er 0 #p r in ti n g
with Syntax
pr i nt er s list
Related • {hostname}:filecontroller0# printing printers set, on page 617
Commands • {hostname}:filecontroller0# printing printers testpage, on page 618
{hostname}:filecontroller0# printing printers set

Command { ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g
p ri n te rs se t [ na m e] [ n ew U R I] [n ew co mm e nt ]
Description Changes the URI of an existing printer.
Parameters Enter a valid domain and user
Example { ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g a dm i ns
with Syntax
add user {mydomain\myuser}
Related • {hostname}:filecontroller0# printing printers list, on page 617
Commands • {hostname}:filecontroller0# printing printers testpage, on page 618
R ev isi o n 3. 0
{hostname}:filecontroller0# printing printers

testpage
Command { ho s tn a me }: f il ec o nt r ol le r 0# pr i nt i ng pr i nt er s
t es t pa g e {n a me }
Description Prints a test page.
Parameters Enter name of printer
Example { ho s tn a me }: f il ec o nt r ol le r 0# pr i nt i ng pr i nt er s
with Syntax
t es t pa g e myprinter
Related • {hostname}:filecontroller0# printing printers list, on page 617
Commands • {hostname}:filecontroller0# printing printers set, on page 617

WAFS Transparency Commands

(config) wafs, on page 619
(WAFS) transparency, on page 619
(WAFS) transparency exclude excluded-servers, on page 619
(config) wafs
Command AC C1 ( co nf i g) # w af s
Description Enters the WAFS node
Example AC C1 ( co nf i g) # wafs
with Syntax
Related • (WAFS) transparency, on page 619
Commands • (WAFS) transparency exclude excluded-servers, on page 619
(WAFS) transparency
Command AC C1 ( WA FS ) #t r an sp a re nc y e na b le | d is a bl e
Description Enables or disables WAFS transparency.
Parameters Enable to enable, disable to disable. When WAFS transparency is enabled, the
FileBank polls all servers by default.
If you are enabling an Alias, this should be set to disable.
Example AC C1 ( WA FS ) #t r an sp a re nc y enable
with Syntax
Related • (config) wafs, on page 619
Commands • (WAFS) transparency exclude excluded-servers, on page 619
(WAFS) transparency exclude excluded-servers

Command A CC 1( W AF S )# tr a ns pa r en c y ex c lu de ex c lu de d -
s er ve r s
Description Defines which servers to exclude from WAFS transparency.
Example A CC 1( W AF S )# tr a ns pa r en c y ex c lu de ex c lu de d -
with Syntax
s er ve r s
Related • (config) wafs, on page 619
Commands • (WAFS) transparency, on page 619
R ev isi o n 3. 0
Excluded Server Commands

(WAFS) show transparency excluded-servers, on page 620
(WAFS) transparency excluded servers clear, on page 620
(WAFS) show transparency excluded-servers

Command ACC1( WA F S) #s h ow t r an s pa re n cy e x cl u de d-
s er v er s
Description Displays the list of servers that are excluded from WAFS transparency.
Example ACC1( WA F S) #s h ow t r an s pa re n cy e x cl u de d-
with Syntax
s er v er s
Related • (WAFS) transparency excluded servers clear, on page 620
Commands
(WAFS) transparency excluded servers clear

Command AC C1 ( WA F S) #t r an sp a re n cy e x cl ud e d s er ve r s
cl ea r
Description Clears the excluded servers’ list.
Example AC C1 ( WA F S) #t r an sp a re n cy e x cl ud e d s er ve r s
with Syntax
cl ea r
Related • (WAFS) show transparency excluded-servers, on page 620
Commands

CIFS Commands
{hostname}:filecontroller0# cifs status, on page 621
{hostname}:filecontroller0# cifs status

Command { h os t na me } :f il e co n tr ol l er 0# ci f s st a tu s
Description Displays status of CIFS connections, shares and locks.
Example { h os t na me } :f il e co n tr ol l er 0# cifs status
with Syntax
R ev isi o n 3. 0
Compression Filter Commands

Displays and manages the list of compression filters.
{hostname}:filecontroller0# comp_filters, on page 622
{hostname}:filecontroller0# comp_filters list, on page 622
{hostname}:filecontroller0# comp_filters
Command { ho s tn a me }: f il ec o nt r ol le r 0# co m p_ f il te r s ad d /
d el e te {f il t er }
Description Adds/deletes a given filter to/from a list.
Parameters Add to add Delete to delete
Example { ho s tn a me }: f il ec o nt r ol le r 0# co m p_ f il te r s
with Syntax
d el e te {f il t er }
Related • {hostname}:filecontroller0# comp_filters list, on page 622
Commands
{hostname}:filecontroller0# comp_filters list

Command { ho s tn am e }: f il ec o nt ro l le r 0# c o mp _f i lt e rs
l is t /c le a r
Description Displays/clears a list of current compression filters.
Example { ho s tn am e }: f il ec o nt ro l le r 0# c o mp _f i lt e rs
with Syntax
l is t /clear
Related • {hostname}:filecontroller0# comp_filters, on page 622
Commands

Time and Date Commands

Changes and displays current date and/or time. The following commands are
available:
{hostname}:filecontroller0# date, on page 623
{hostname}:filecontroller0# date show, on page 623
{hostname}:filecontroller0# date
Command { h os t na me } :f il e co n tr ol l er 0# d at e [ DA T E]
[ T IM E ]
Description Changes the current system’s date and time.
Parameters Make sure the date is mmddyyyy and time is hh:mm:ss
Example { h os t na me } :f il e co n tr ol l er 0# d at e 11112011
with Syntax
12:12:12
Related • {hostname}:filecontroller0# date show, on page 623
Commands
{hostname}:filecontroller0# date show

Command { ho s tn am e }: fi l ec o nt ro l le r0 # da t e sh o w
Description Displays the current system’s date and time.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # da t e show
with Syntax
Related • {hostname}:filecontroller0# date, on page 623
Commands
R ev isi o n 3. 0
Additional Commands
{hostname}:filecontroller0# diagnostics, on page 624
{hostname}:filecontroller0# domain set, on page 625
{hostname}:filecontroller0# domain show, on page 625
{hostname}:filecontroller0# domain join, on page 625
{hostname}:filecontroller0# enable, on page 626
{hostname}:filecontroller0# exit|quit, on page 626
{hostname}:filecontroller0# diagnostics
Command {h o s tn a m e} : f il e c on t r ol l e r0 # d ia g n os t i cs
Description Runs diagnostics tests. You can use this command to diagnose either the full system,
the configuration settings of the Accelerator, hardware problems or communication
problems.
Parameters Enter one of the following:
• all - runs a complete diagnostic check
• settings - checks the settings
• hardware - checks hardware functioning
• communication - tests communication settings.
Example {h o s tn a m e} : f il e c on t r ol l e r0 # d ia g n os t i cs
with Syntax all
Related • {hostname}:filecontroller0# domain set, on page 625
Commands • {hostname}:filecontroller0# domain show, on page 625
• {hostname}:filecontroller0# domain join, on page 625
• {hostname}:filecontroller0# enable, on page 626
• {hostname}:filecontroller0# exit|quit, on page 626

{hostname}:filecontroller0# domain set

Command { ho st n am e} : fi le c on t ro ll e r0 # d om a in s e t
Description Sets or displays the Windows NT domain on a local network. This command also
defines a domain name.
Example { ho st n am e} : fi le c on t ro ll e r0 # domain set
with Syntax
Related • {hostname}:filecontroller0# diagnostics, on page 624
Commands • {hostname}:filecontroller0# domain show, on page 625
{hostname}:filecontroller0# domain show

Command { h os tn a me }: f il e co nt r ol le r 0# d om ai n s ho w
Description Displays the current domain name.
Example { h os tn a me }: f il e co nt r ol le r 0# d om ai n show
with Syntax
Commands • {hostname}:filecontroller0# domain set, on page 625
{hostname}:filecontroller0# domain join

Command { ho s tn am e }: f il ec o nt ro l le r 0# d o ma in jo i n
Description Joins a FileBank to the current domain.
Example { ho s tn am e }: f il ec o nt ro l le r 0# d o ma in join
with Syntax
• {hostname}:filecontroller0# domain show, on page 625
R ev isi o n 3. 0
{hostname}:filecontroller0# enable
Command { ho s tn a me }: f il ec o nt r ol le r 0# e n ab l e
Description Switches to privileged mode command prompt (root shell). Requires knowledge of the
root password.
Parameters No additional parameters needed. Enter password when prompted.
Example { ho s tn a me }: f il ec o nt r ol le r 0# e n ab l e
with Syntax
{hostname}:filecontroller0# exit|quit
Command { h os tn a me } :f il e co nt r ol l er 0# ex it | qu i t
Description Logs out from shell.
Example { h os tn a me } :f il e co nt r ol l er 0# quit
with Syntax

Fetch Commands
Manages fetch jobs and instances. The fetch commands are used for pre-
populating the FileBank’s cache.
Fetch jobs describe the entity that should be fetched, namely: a specific directory
on a file server. Fetch instances perform the actual work.
{hostname}:filecontroller0# fetch, on page 627
{hostname}:filecontroller0# fetch log, on page 627
{hostname}:filecontroller0# fetch
Command { h os t na me } :f il e co n tr ol l er 0# fe t ch [ j ob s |
i n st a nc es ]
Description Manages fetch jobs or instances.
Parameters Jobs to fetch jobs, Instances to fetch instances.
Example { h os t na me } :f il e co n tr ol l er 0# fetch jobs
with Syntax
Related • {hostname}:filecontroller0# fetch log, on page 627
Commands
{hostname}:filecontroller0# fetch log

Command {h o st na m e} : fi le c on tr o ll e r0 #f e tc h l og
Description Shows the log of current and completed fetch instances.
Example {h o st na m e} : fi le c on tr o ll e r0 # fetch log
with Syntax
Related • {hostname}:filecontroller0# fetch, on page 627
Commands
R ev isi o n 3. 0
FileBank Director Commands

Displays or manages the connected FileBank Director configuration. The following
commands are available:
{hostname}:filecontroller0# fport add, on page 628
{hostname}:filecontroller0# fport define, on page 629
{hostname}:filecontroller0# fport disconnected force, on page 629
{hostname}:filecontroller0# fport disconnected handle, on page 630
{hostname}:filecontroller0# fport list, on page 630
{hostname}:filecontroller0# gns refresh, on page 631
{hostname}:filecontroller0# iostat, on page 631
{hostname}:filecontroller0# fport add

Command {h o st na m e} : fi le c on tr o ll er 0 # f po rt [a dd |
de l et e] [F P ]
Description Adds or deletes a named FileBank Director to or from the FileBank Directors’ list.
Parameters Use a legal port number. Default ports: UDP 4049, TCP 4049 are then assigned to this
{FP}.
Example {h o st na m e} : fi le c on tr o ll er 0 # fport 4049 add FP
with Syntax
Related • {hostname}:filecontroller0# fport add, on page 628
Commands • {hostname}:filecontroller0# fport define, on page 629
• {hostname}:filecontroller0# fport disconnected force, on page 629
• {hostname}:filecontroller0# fport disconnected handle, on page 630
• {hostname}:filecontroller0# fport list, on page 630
• {hostname}:filecontroller0# gns refresh, on page 631
• {hostname}:filecontroller0# iostat, on page 631

{hostname}:filecontroller0# fport define

Command { h os tn a me } :f il e co nt r ol l er 0# f po rt [T C P | U DP ]
[ F P] [P O RT ]
Description Defines the IP port {PORT} for networking with the specified FileBank Director {FP}.
Parameters Use a legal port number and a specific FBD
Example { h os tn a me } :f il e co nt r ol l er 0# fport UDP FP 4049
with Syntax
{hostname}:filecontroller0# fport disconnected

force
Command {h os t na me } :f i le co n tr ol l er 0# f po r t
di sc o nn ec t ed fo rc e { FP } [o n| o ff ]
Description Force / unforce {FP} to be in disconnected mode.
Changes take effect only after FileBank reset.
Parameters Use On to force and Off to unforce
Example {h os t na me } :f i le co n tr ol l er 0# fport
with Syntax
disconnected force on
R ev isi o n 3. 0
{hostname}:filecontroller0# fport disconnected

handle
Command {h os t na me } :f i le co n tr ol l er 0 #f po r t
di sc o nn ec t ed ha nd l e {F P }[ o n| of f ]
Description Enable/disable disconnected operation handling for {FP}.
Changes take effect only after FileBank reset.
Parameters Use on to enable and Off to disable
Example {h os t na me } :f i le co n tr ol l er 0 # fport
with Syntax
disconnected handle on
{hostname}:filecontroller0# fport list

Command {h o st na m e} :f i le c on tr o ll er 0 # f po rt li st
Description Shows a list of FileBank Directors.
Example {h o st na m e} :f i le c on tr o ll er 0 # fport list
with Syntax

{hostname}:filecontroller0# gns refresh

Command { h os tn a me }: f il e co nt r ol le r 0# g ns r e fr es h
Description Refreshes the list of file servers.
Example { h os tn a me }: f il e co nt r ol le r 0# gns refresh
with Syntax
{hostname}:filecontroller0# iostat
Command {h os t na me } :f i le co n tr ol l er 0 # io s ta t
Description Shows the disk utilization report.
Example {h os t na me } :f i le co n tr ol l er 0 # iostat
with Syntax
R ev isi o n 3. 0
WAFS Help Commands

Displays general or command-specific usage information.
{hostname}:filecontroller0# help, on page 632
{hostname}:filecontroller0# help command, on page 632
{hostname}:filecontroller0# help
Command { ho s tn am e }: f il ec o nt ro l le r 0# h e lp
Description Lists the commands and parameters.
Example { ho s tn am e }: f il ec o nt ro l le r 0# help
with Syntax
Related • {hostname}:filecontroller0# help command, on page 632
Commands
{hostname}:filecontroller0# help command

Command { ho s tn am e }: f il ec o nt ro l le r 0# he l p <c o mm a nd >/
h el p < co m ma n d> < s ub co m ma n d>
Description Provides command-specific help information. If a command is typed without a required
parameter (or a wrong parameter), usage information is provided.
Example { ho s tn am e }: f il ec o nt ro l le r 0# help license
with Syntax
install
Related • {hostname}:filecontroller0# help, on page 632
Commands

WAFS Licensing Commands

From version 6.3.0 WAFS licensing is managed via the AcceleratorOS License
bundle. For information about licensing via the CLI, see Licensing Commands, on
page 426.
R ev isi o n 3. 0
WAFS Log File Commands

Creates a log file and uploads it to a destination URL. This command also lists the
event log, shows the current level of the log file and sets the minimal level. The
following commands are available:
{hostname}:filecontroller0# log archive generate, on page 634
{hostname}:filecontroller0# log archive list, on page 635
{hostname}:filecontroller0# log archive upload, on page 635
{hostname}:filecontroller0# log level set, on page 636
{hostname}:filecontroller0# log level show, on page 636
{hostname}:filecontroller0# log show, on page 637
{hostname}:filecontroller0# log syslog status, on page 637
{hostname}:filecontroller0# log upload, on page 638
{hostname}:filecontroller0# log archive

generate
Command { ho s tn am e }: f il ec o nt ro l le r 0# lo g a rc h iv e
g en e ra te
Description Generates a new log archive file.
Example {hostname}:filecontroller0# lo g a rc h iv e
with Syntax
g en e ra te
Related • {hostname}:filecontroller0# log archive list, on page 635
Commands • {hostname}:filecontroller0# log archive upload, on page 635
• {hostname}:filecontroller0# log level set, on page 636
• {hostname}:filecontroller0# log level show, on page 636
• {hostname}:filecontroller0# log show, on page 637
• {hostname}:filecontroller0# log syslog status, on page 637
• {hostname}:filecontroller0# log upload, on page 638

{hostname}:filecontroller0# log archive list

Command { h os tn a me } :f il e co nt r ol l er 0# lo g a rc h iv e l is t
Description Lists all log archive files.
Example { h os tn a me } :f il e co nt r ol l er 0# log archive list
with Syntax
Related • {hostname}:filecontroller0# log archive generate, on page 634
Commands • {hostname}:filecontroller0# log archive list, on page 635
• {hostname}:filecontroller0# log archive upload, on page 635
{hostname}:filecontroller0# log archive upload

Command { ho st n am e} : fi l ec on t ro ll e r0 # lo g a rc hi v e
u pl oa d
Description Uploads a log archive file to an FTP server.
Example { ho st n am e} : fi l ec on t ro ll e r0 # log archive upload
with Syntax
R ev isi o n 3. 0
{hostname}:filecontroller0# log level set

Command { ho st n am e }: fi l ec on t ro l le r0 # lo g l ev e l se t
{ in fo | wa r ni ng | er ro r |c r it ic a l}
Description Sets minimal level for events to log. The lowest level being info and the highest being
critical. Any log events below the level you set are not logged.
Parameters Enter the log level (info, warning, error, critical)
Example { ho st n am e }: fi l ec on t ro l le r0 # log level set info
with Syntax
{hostname}:filecontroller0# log level show

Command {h o st na m e} :f i le c on tr o ll er 0 # l og le v el s h ow
Description Displays the current log level.
Example {h o st na m e} :f i le c on tr o ll er 0 # log level show
with Syntax

{hostname}:filecontroller0# log show

Command { ho st n am e }: fi l ec on t ro l le r0 # lo g s ho w
[ al l| c om m un ic a ti on | se c ur it y |s ys t em ]
Description Lists the event log.
Example { ho st n am e }: fi l ec on t ro l le r0 # log show all
with Syntax
{hostname}:filecontroller0# log syslog status

Command { ho s tn am e }: fi l ec o nt ro l le r0 # l o g sy s lo g
s ta t us
Description DIsplays the current syslog status.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # log syslog status
with Syntax
R ev isi o n 3. 0
{hostname}:filecontroller0# log upload

Command { ho s tn a me }: f il ec o nt r ol le r 0# lo g u p lo ad {U R L}
Description Uploads the current logs to the indicated URL.
Parameters Enter a valid URL.
Example { ho s tn a me }: f il ec o nt r ol le r 0# log upload
with Syntax
www.myurl.com

Replication Service Commands

{hostname}:filecontroller0# replication enable, on page 639
{hostname}:filecontroller0# replication filters, on page 640
{hostname}:filecontroller0# replication instances, on page 640
{hostname}:filecontroller0# replication log, on page 641
{hostname}:filecontroller0# replication log list, on page 641
{hostname}:filecontroller0# replication paths, on page 642
{hostname}:filecontroller0# replication setup, on page 642
{hostname}:filecontroller0# replication start, on page 643
{hostname}:filecontroller0# replication start initial, on page 643
{hostname}:filecontroller0# replication status, on page 644
{hostname}:filecontroller0# replication stop, on page 644
{hostname}:filecontroller0# replication user, on page 645
{hostname}:filecontroller0# replication enable

Command {h o st n am e} : fi le c on t ro ll e r0 # r ep l ic at i on
[e n ab l e| di s ab le ]
Description Enables or disables the replication service.
Example {h o st n am e} : fi le c on t ro ll e r0 # replication enable
with Syntax
Related • {hostname}:filecontroller0# replication filters, on page 640
Commands • {hostname}:filecontroller0# replication instances, on page 640
• {hostname}:filecontroller0# replication log, on page 641
• {hostname}:filecontroller0# replication log list, on page 641
• {hostname}:filecontroller0# replication paths, on page 642
• {hostname}:filecontroller0# replication setup, on page 642
• {hostname}:filecontroller0# replication start, on page 643
• {hostname}:filecontroller0# replication start initial, on page 643
• {hostname}:filecontroller0# replication status, on page 644
• {hostname}:filecontroller0# replication stop, on page 644
• {hostname}:filecontroller0# replication user, on page 645
R ev isi o n 3. 0
{hostname}:filecontroller0# replication filters

Command { ho s tn am e }: f il ec o nt ro l le r 0# r e pl ic a ti o n
f il t er s
Description Manages the replication filters. For details see Replication Service, on page 155
Example { ho s tn am e }: f il ec o nt ro l le r 0# replication filters
with Syntax
Related • {hostname}:filecontroller0# replication enable, on page 639
Commands • {hostname}:filecontroller0# replication instances, on page 640
{hostname}:filecontroller0# replication
instances
Command { ho s tn am e }: fi l ec o nt ro l le r0 # r e pl ic a ti on
i ns t an ce s
Description Manages the replication instances. For details see Replication Service, on page 155
Example { ho s tn am e }: fi l ec o nt ro l le r0 # replication
with Syntax
instances
Commands • {hostname}:filecontroller0# replication filters, on page 640

{hostname}:filecontroller0# replication log

Command { h os tn a me } :f il e co nt r ol l er 0# re pl i ca t io n l og
[ s ho w]
Description Displays a specific replication log.
Example { h os tn a me } :f il e co nt r ol l er 0# replication log
with Syntax
[show]
• {hostname}:filecontroller0# replication instances, on page 640
{hostname}:filecontroller0# replication log list

Command { ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on lo g
l is t
Description Lists all replication log files.
Example { ho st n am e }: fi l ec on t ro l le r0 # replication log
with Syntax
list
R ev isi o n 3. 0
{hostname}:filecontroller0# replication paths

Command { ho s tn a me }: f il ec o nt r ol le r 0# r e pl i ca ti o n
p at h s
Description Manages the replication paths. For details see section Replication Service, on page
155
Example { ho s tn a me }: f il ec o nt r ol le r 0# r e pl i ca ti o n
with Syntax
p at h s
{hostname}:filecontroller0# replication setup

Command {h os t na m e} :f i le co n tr o ll er 0 # re p li c at io n
se tu p
Description Sets up replication service.
Example {h os t na m e} :f i le co n tr o ll er 0 # replication setup
with Syntax

{hostname}:filecontroller0# replication start

Command { ho s tn am e }: f il ec o nt ro l le r 0# r e pl ic a ti on
s ta r t
Description Starts an unscheduled replication process now.
Example { ho s tn am e }: f il ec o nt ro l le r 0# replication start
with Syntax
{hostname}:filecontroller0# replication start

initial
Command { ho s tn am e }: fi l ec o nt ro l le r0 # r e pl ic a ti on
s ta r t in i ti al
Description Starts initial pre-population of replication files from the file server to the FileBank
Director.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # replication start
with Syntax
initial
R ev isi o n 3. 0
{hostname}:filecontroller0# replication status

Command {h os t na me } :f i le co n tr ol l er 0 # re p li ca t io n
st at u s
Description Displays the replication process status.
Example {h os t na me } :f i le co n tr ol l er 0 # replication status
with Syntax
{hostname}:filecontroller0# replication stop

Command { ho s tn am e }: fi l ec o nt ro l le r0 # r e pl ic a ti on st o p
Description Stops the replication process.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # replication stop
with Syntax

{hostname}:filecontroller0# replication user

Command { h os t na me } :f il e co nt r ol l er 0# re pl i ca t io n u se r
Description Manages the replication user. For details see Replication User Commands, on page
646
Example { h os t na me } :f il e co nt r ol l er 0# replication user
with Syntax
R ev isi o n 3. 0
Replication User Commands

You must first define the internal replication user on the system with the user
command (see User Commands, on page 666), and then assign this user as
replication user with the Replication User command.
The following are available:
{hostname}:filecontroller0# replication filters add, on page 646
{hostname}:filecontroller0# replication filters clear, on page 647
{hostname}:filecontroller0# replication filters list, on page 647
{hostname}:filecontroller0# replication instances, on page 648
{hostname}:filecontroller0# replication paths add, on page 648
{hostname}:filecontroller0# replication paths clear, on page 649
{hostname}:filecontroller0# replication paths delete, on page 649
{hostname}:filecontroller0# replication paths list, on page 650
{hostname}:filecontroller0# replication user delete, on page 650
{hostname}:filecontroller0# replication user set, on page 651
{hostname}:filecontroller0# replication user show, on page 651

add
Command { ho s tn am e }: f il ec o nt ro l le r 0# r e pl ic a ti on
f il t er s a dd / de le t e {f i lt e r}
Description Adds or deletes the current replication filter.
Example { ho s tn am e }: f il ec o nt ro l le r 0# replication filters
with Syntax
add myfilter
Related • {hostname}:filecontroller0# replication filters clear, on page 647
Commands • {hostname}:filecontroller0# replication filters list, on page 647
• {hostname}:filecontroller0# replication paths add, on page 648
• {hostname}:filecontroller0# replication paths clear, on page 649
• {hostname}:filecontroller0# replication paths delete, on page 649
• {hostname}:filecontroller0# replication paths list, on page 650
• {hostname}:filecontroller0# replication user delete, on page 650
• {hostname}:filecontroller0# replication user set, on page 651
• {hostname}:filecontroller0# replication user show, on page 651


clear
Command { ho st n am e} : fi l ec on t ro ll e r0 # r ep l ic at i on
f il te r s cl e ar
Description Clears the current replication filters (file types).
Example { ho st n am e} : fi l ec on t ro ll e r0 # replication filters
with Syntax
clear
Related • {hostname}:filecontroller0# replication filters add, on page 646
Commands • {hostname}:filecontroller0# replication filters list, on page 647

list
Command {h os t na m e} :f i le co n tr o ll er 0 # re p li c at io n
fi lt e rs [l is t ]
Description Lists the current replication filters (file types).
Example {h os t na m e} :f i le co n tr o ll er 0 # replication
with Syntax
filters list
Commands • {hostname}:filecontroller0# replication filters clear, on page 647
R ev isi o n 3. 0
{hostname}:filecontroller0# replication
instances
Command { h os tn a me } :f il e co nt r ol l er 0# re pl i ca t io n
i n st an c es [l is t ]
Description Displays all replication instances.
Parameters The possible values are as follows:
• Running - The instance is running
• Finished - The instance has finished successfully
• Failed - The instance has failed due to an error (see log)
• Aborted - The instance has been aborted by the user
Example { h os tn a me } :f il e co nt r ol l er 0# replication
with Syntax
instances running
• {hostname}:filecontroller0# replication filters list, on page 647

add
p at h s a dd { U NC PA T H} [P RI O RI TY ]
Description Adds a new replication path.
Parameters Path and priority
Example { ho s tn a me }: f il ec o nt r ol le r 0# r e pl i ca ti o n
with Syntax
p at h s a dd { U NC PA T H} [P RI O RI TY ]


clear
Command { h os t na me } :f il e co n tr ol l er 0# re p li ca t io n
p a th s c le a r
Description Deletes all replication paths.
Parameters Enter one of the parameters above
Example { h os t na me } :f il e co n tr ol l er 0# replication paths
with Syntax
clear

delete
Command { h os t na me } :f il e co n tr ol l er 0# re p li ca t io n
p a th s d el e te [ P AT H -I D]
Description Deletes a replication path.
Parameters Enter the name of the path
Example { h os t na me } :f il e co n tr ol l er 0# replication paths
with Syntax
delete mypathID
R ev isi o n 3. 0

list
p at h s l is t
Description List all current replication paths.
Example { ho s tn a me }: f il ec o nt r ol le r 0# replication paths
with Syntax
list

delete
Command { h os tn a me }: f il e co nt r ol le r 0# r e pl ic a ti o n us er
d e le te
Description Deletes the current replication user.
Example { h os tn a me }: f il e co nt r ol le r 0# replication user
with Syntax
delete

{hostname}:filecontroller0# replication user set

Command { ho st n am e} : fi l ec on t ro ll e r0 # r ep l ic at i on u s er
s et { d om ai n \u s er na m e}
Description Sets the replication user.
Parameters Valid domain name and valid username
Example { ho st n am e} : fi l ec on t ro ll e r0 # replication user
with Syntax
set mydomain\myusername

show
Command {h o st n am e} : fi le c on t ro ll e r0 # r ep li c at i on u s er
[s h ow ]
Description Displays the current replication user.
Example {h o st n am e} : fi le c on t ro ll e r0 # replication user
with Syntax
show
R ev isi o n 3. 0
Event Scheduling Commands

Displays and manages scheduled events. The following commands are included:
{hostname}:filecontroller0# schedule actions, on page 652
{hostname}:filecontroller0# schedule events add, on page 652
{hostname}:filecontroller0# schedule events clear, on page 653
{hostname}:filecontroller0# schedule events delete, on page 653
{hostname}:filecontroller0# schedule events list, on page 654
{hostname}:filecontroller0# schedule actions

Command { ho s tn a me }: f il ec o nt r ol le r 0# sc h ed ul e ac ti o ns
Description Lists all actions that can be scheduled.
Replication schedule actions: replication.start and replication.stop
Example { ho s tn a me }: f il ec o nt r ol le r 0# schedule actions
with Syntax
Related • {hostname}:filecontroller0# schedule events add, on page 652
Commands • {hostname}:filecontroller0# schedule events clear, on page 653
• {hostname}:filecontroller0# schedule events delete, on page 653
• {hostname}:filecontroller0# schedule events list, on page 654
{hostname}:filecontroller0# schedule events

add
Command { h os tn a me }: f il ec o nt r ol le r 0# s c he d ul e e ve nt s
a d d [A C TI ON NA ME ] [ T IM E]
Description Adds a new daily recurring event.
Parameters Enter the following:
• A name for the action that appears on the list of actions
• A time for it to occur. HH:MM
Example { h os tn a me }: f il ec o nt r ol le r 0# schedule events add
with Syntax
clear 23:00
Related • {hostname}:filecontroller0# schedule actions, on page 652
Commands • {hostname}:filecontroller0# schedule events clear, on page 653


clear
Command { ho st n am e} : fi l ec on t ro ll e r0 # s ch e du le ev e nt s
c le ar
Description Clears all scheduled events.
Example { ho st n am e} : fi l ec on t ro ll e r0 # schedule events
with Syntax
clear
Commands • {hostname}:filecontroller0# schedule events add, on page 652

delete
Command { ho st n am e} : fi l ec on t ro ll e r0 # s ch e du le ev e nt s
d el et e [ EV E NT ID ]
Description Deletes a scheduled event.
Parameters Enter a valid event id
Example { ho st n am e} : fi l ec on t ro ll e r0 # s ch e du le ev e nt s
with Syntax
delete myevent
• {hostname}:filecontroller0# schedule events clear, on page 653
R ev isi o n 3. 0
{hostname}:filecontroller0# schedule events list

Command { ho s tn a me }: f il ec o nt r ol le r 0# s c he d ul e e ve nt s
[ li s t]
Description Lists all events.
Example { ho s tn a me }: f il ec o nt r ol le r 0# schedule events
with Syntax
list
• {hostname}:filecontroller0# schedule events clear, on page 653

Service Management Commands

Lets you enable or disable the current service, and also check whether the service
is enabled.
{hostname}:filecontroller0# service enable, on page 655
{hostname}:filecontroller0# service status, on page 656
{hostname}:filecontroller0# services create FileBank Director, on page
656
{hostname}:filecontroller0# services create FileBank Director ha, on
page 657
{hostname}:filecontroller0# services create filecontroller, on page 657
{hostname}:filecontroller0# services list, on page 658
{hostname}:filecontroller0# services set, on page 658
{hostname}:filecontroller0# service enable

Command { ho s tn am e }: fi l ec o nt ro l le r0 # s er v ic e [ en ab l e|
d is a bl e]
Description Enables or disables the current service.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # service enable
with Syntax
Related • {hostname}:filecontroller0# service status, on page 656
Commands • {hostname}:filecontroller0# services create FileBank Director, on page 656
• {hostname}:filecontroller0# services create FileBank Director ha, on page
657
• {hostname}:filecontroller0# services create filecontroller, on page 657
• {hostname}:filecontroller0# services list, on page 658
• {hostname}:filecontroller0# services set, on page 658
R ev isi o n 3. 0
{hostname}:filecontroller0# service status

Command {h o st na m e} :f i le c on tr o ll er 0 # se r vi c e st a tu s
Description Checks whether the current service is enabled.
Example {h o st na m e} :f i le c on tr o ll er 0 # service status
with Syntax
Related • {hostname}:filecontroller0# service enable, on page 655
Commands • {hostname}:filecontroller0# services create FileBank Director, on page 656
657
{hostname}:filecontroller0# services create

FileBank Director
Command { ho s tn am e }: f il ec o nt ro l le r 0# s e rv ic e s c re at e
F il e Ba nk Di r ec to r
Description Creates a FileBank Director service.
Example { ho s tn am e }: f il ec o nt ro l le r 0# services create
with Syntax
FileBank Director
Commands • {hostname}:filecontroller0# service status, on page 656
• {hostname}:filecontroller0# services create FileBank Director ha, on page 657


FileBank Director ha
Command {h os t na me } :f i le co n tr ol l er 0 # se r vi ce s c re a te
Fi le B an k D ir e ct or ha
Description Creates a FileBank Director HA.
Example {h os t na me } :f i le co n tr ol l er 0 # services create
with Syntax
FileBank Director ha
• {hostname}:filecontroller0# services create FileBank Director, on page 656

filecontroller
Command { h os tn a me } :f il e co nt r ol l er 0# se rv i ce s c re a te
f i le co n tr o ll er
Description Creates a FileBank service.
Example { h os tn a me } :f il e co nt r ol l er 0# services create
with Syntax
filecontroller
R ev isi o n 3. 0
{hostname}:filecontroller0# services list

Command { h os tn a me }: f il e co nt r ol le r 0# s e rv i ce s l is t
Description Displays the list of services
Example { h os tn a me }: f il e co nt r ol le r 0# services list
with Syntax
657
{hostname}:filecontroller0# services set

Command {h os t na m e} :f i le co n tr o ll er 0 # se r vi c es s e t
Description Sets the SERVICE as active. All operations will act on SERVICE from now on.
Service-name should be a valid service name (for example: FileBank Director0/
FileBank Director1), monitored by cluster.
Parameters Enter the service’s name
Example {h os t na m e} :f i le co n tr o ll er 0 # services set
with Syntax
myservice

Software Commands
Displays version numbers for all currently installed software packages.
{hostname}:filecontroller0# software version, on page 659
{hostname}:filecontroller0# software version

Command { ho st n am e} : fi l ec on t ro ll e r0 # s of t wa re ve r si on
Description Displays the version numbers of all currently installed software packages.
Example { ho st n am e} : fi l ec on t ro ll e r0 # s of t wa re ve r si on
with Syntax
R ev isi o n 3. 0
Statistic Commands
Shows product statistics. The following configuration options are available:
{hostname}:filecontroller0# statistics, on page 660
{hostname}:filecontroller0# statistics upload, on page 660
{hostname}:filecontroller0# status, on page 660
{hostname}:filecontroller0# statistics
Command { ho s tn am e }: fi l ec o nt ro l le r0 # s t at is t ic s
Description Displays a table of indicated file statistics for today/past week/past month.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # statistics
with Syntax
Related • {hostname}:filecontroller0# statistics upload, on page 660
Commands • {hostname}:filecontroller0# status, on page 660
{hostname}:filecontroller0# statistics upload

Command {h o st na m e} : fi le c on tr o ll er 0 # s ta ti s ti cs
up l oa d
Description Uploads the yearly statistics file to the destination URL.
Parameters The URL protocol must be FTP and the URL must end in a filename.
Example {h o st na m e} : fi le c on tr o ll er 0 # statistics upload
with Syntax
myftp/myURL//filename.htm
Related • {hostname}:filecontroller0# statistics, on page 660
Commands • {hostname}:filecontroller0# status, on page 660
{hostname}:filecontroller0# status
Command {h o st na m e} : fi le c on tr o ll e r0 # s ta tu s
Description Shows the current status of the system.
Example {h o st na m e} : fi le c on tr o ll e r0 # status
with Syntax
Related • {hostname}:filecontroller0# statistics, on page 660
Commands • {hostname}:filecontroller0# statistics upload, on page 660

Stf_filter Commands
Displays, adds and deletes STF (Short Term Files) filters. STF filters define the files
which are not sent by the FileBank to the FileBank Director. For example, the
default STF filter in the FileBank includes *.TMP files which are not sent by the
FileBank to the FileBank Director.
{hostname}:filecontroller0# stf filters add, on page 661
{hostname}:filecontroller0# stf filters clear, on page 661
{hostname}:filecontroller0# stf filters list, on page 662
{hostname}:filecontroller0# stf filters add

Command { h os tn a me }: f il e co nt r ol le r 0# st f f il te r s a dd
Description Add or deletes a given filter to/from the list.
Example { h os tn a me }: f il e co nt r ol le r 0# stf filters delete
with Syntax
filtername
Related • {hostname}:filecontroller0# stf filters clear, on page 661
Commands • {hostname}:filecontroller0# stf filters list, on page 662
{hostname}:filecontroller0# stf filters clear

Command { ho st n am e} : fi l ec on t ro ll e r0 # s tf fi lt e rs
c le ar
Description Clears the list of filters.
Example { ho st n am e} : fi l ec on t ro ll e r0 # stf filters clear
with Syntax
Related • {hostname}:filecontroller0# stf filters add, on page 661
Commands • {hostname}:filecontroller0# stf filters list, on page 662
R ev isi o n 3. 0
{hostname}:filecontroller0# stf filters list

Command {h os t na m e} :f i le co n tr o ll er 0 # st f f i lt er s l is t
Description Lists current STF filters.
Example {h os t na m e} :f i le co n tr o ll er 0 # stf filters list
with Syntax
Related • {hostname}:filecontroller0# stf filters add, on page 661
Commands • {hostname}:filecontroller0# stf filters clear, on page 661

Transaction Monitoring Commands

Enables the monitoring of Read and Write transactions. The following commands
are available:
{hostname}:filecontroller0# transaction list, on page 663
{hostname}:filecontroller0# transaction stop, on page 663
{hostname}:filecontroller0# transaction list

Command { h os t na me } :f il e co n tr ol l er 0# tr a ns ac t io n l is t
Description Lists transactions that match the filter.
Example { h os t na me } :f il e co n tr ol l er 0# transaction list
with Syntax
Related • {hostname}:filecontroller0# transaction stop, on page 663
Commands
{hostname}:filecontroller0# transaction stop

Command { ho s tn am e }: fi l ec o nt ro l le r0 # t r an s ac ti o n s to p
[ id ]
Description Stops the transaction of the given ID.
Example { ho s tn am e }: fi l ec o nt ro l le r0 # transaction stop
with Syntax
myid
Related • {hostname}:filecontroller0# transaction list, on page 663
Commands
R ev isi o n 3. 0
TTCP Commands
Times the transmission and reception of the data between two systems using TCP
protocol. Client should receive a server's hostname parameter, which indicates the
remote TCP server destination.
{hostname}:filecontroller0# uptime, on page 665
{hostname}:filecontroller0# ttcp server, on page 664
{hostname}:filecontroller0# uptime, on page 665
{hostname}:filecontroller0# ttcp client

Command { h os tn a me }: f il e co nt r ol le r 0# tt cp cl ie n t
Description Run this on the host from which you want measure traffic. Specify the host on which
you run the 'ttcp server' as SERVER.
Example { h os tn a me }: f il e co nt r ol le r 0# ttcp client
with Syntax
myserver
Related • {hostname}:filecontroller0# ttcp server, on page 664
Commands • {hostname}:filecontroller0# uptime, on page 665
{hostname}:filecontroller0# ttcp server

Command { h os tn a me }: f il e co nt r ol le r 0# tt cp se rv e r
Description Run this on the host to which you want measure traffic.
Example { h os tn a me }: f il e co nt r ol le r 0# tt cp se rv e r
with Syntax
Related • {hostname}:filecontroller0# uptime, on page 665
Commands • {hostname}:filecontroller0# uptime, on page 665

{hostname}:filecontroller0# uptime
Command { h os tn a me } :f il e co nt r ol l er 0# up ti m e
Description Displays the period of time for which the system has been running since it was last
booted.
Example { h os tn a me } :f il e co nt r ol l er 0# uptime
with Syntax
Related • {hostname}:filecontroller0# uptime, on page 665
Commands • {hostname}:filecontroller0# ttcp server, on page 664
R ev isi o n 3. 0
User Commands
Manages the users’ database. The following commands are available:
{hostname}:filecontroller0# user add, on page 666
{hostname}:filecontroller0# user list, on page 666
{hostname}:filecontroller0# user password, on page 666
{hostname}:filecontroller0# user add

Command { ho s tn am e }: f il ec o nt ro l le r 0# u s er a d d
Description Adds or deletes a given user to/from the list.
Parameters Add to add, Delete to delete. You also need the domain and UserName.
Example { ho s tn am e }: f il ec o nt ro l le r 0# user delete
with Syntax
mydomain\myuser
Related • {hostname}:filecontroller0# user list, on page 666
Commands • {hostname}:filecontroller0# user password, on page 666
{hostname}:filecontroller0# user list

Command { ho s tn am e }: f il ec o nt ro l le r 0# u s er l i st
Description Lists all users.
Example { ho s tn am e }: f il ec o nt ro l le r 0# user list
with Syntax
Related • {hostname}:filecontroller0# user add, on page 666
Commands • {hostname}:filecontroller0# user password, on page 666
{hostname}:filecontroller0# user password

Command {h os t na m e} :f i le co n tr o ll er 0 # us e r pa s sw o rd
Description Changes the given user's password (prompts for new password).
Parameters old password, new password
Example {h os t na m e} :f i le co n tr o ll er 0 # user password
with Syntax
Related • {hostname}:filecontroller0# user add, on page 666
Commands • {hostname}:filecontroller0# user list, on page 666

Virtual Memory Statistic Commands

Reports virtual memory statistics. The report is repeated 10 times at 5 seconds’
intervals. The following commands are available:
{hostname}:filecontroller0# vmstat, on page 667
{hostname}:filecontroller0# vmstat
Command { ho s tn am e }: f il ec o nt ro l le r 0# v m st at
Description Reports virtual memory statistics. The report is repeated 10 times at 5 second
intervals.
Note:Press Ctrl-C to interrupt
Example { ho s tn am e }: f il ec o nt ro l le r 0# uptime
with Syntax
R ev isi o n 3. 0
Wins Commands
Manages WINS server settings for automatic registration. The following commands
are available:
{hostname}:fp0# wins server delete, on page 668
{hostname}:fp0# wins server set, on page 668
{hostname}:fp0# wins server show, on page 668
{hostname}:fp0# wins server delete

Command {ho stnam e}:fp 0# wi ns se r ve r d el et e
Description Deletes the current WINS server settings.
Example {ho stnam e}:fp 0# wins server delete
with Syntax
Related • {hostname}:fp0# wins server set, on page 668
Commands • {hostname}:fp0# wins server show, on page 668
{hostname}:fp0# wins server set

Command {ho stnam e}:fp 0# wi ns se r ve r s et { A DD R ES S}
Description Sets the WINS server address.
Example {ho stnam e}:fp 0# wins server set myADDRESS
with Syntax
Related • {hostname}:fp0# wins server delete, on page 668
Commands • {hostname}:fp0# wins server show, on page 668
{hostname}:fp0# wins server show

Command {ho stnam e}:fp 0# wi n s se r ve r s ho w
Description Shows the current WINS server settings.
Example {ho stnam e}:fp 0# wins server show
with Syntax
Related • {hostname}:fp0# wins server delete, on page 668
Commands • {hostname}:fp0# wins server set, on page 668

Configuring Security 669
Configuring Security
You can set the following basic AAA parameters:
Transport Type Commands, on page 669
Server Configuration Commands, on page 671
User Account Configuration Commands, on page 675
Software OS Upgrade Commands, on page 682
Transport Type Commands

WARNING! Disabling Console access immediately disconnects you from
! the Accelerator’s CLI

(config) aaa, on page 669
(config) transport input, on page 670
(config) aaa
Command ACC1(conf)# a a a
Description Opens the AAA node.
Example ACC1(conf)# aaa
with Syntax
Related • (config) transport input, on page 670
Commands
R ev isi o n 3. 0
(config) transport input

Command AC C 1( a aa )# t ra ns p or t i np u t
(t e ln e t| ss h |c on s ol e |w eb | se cu r e-
we b |f t p| sn m p| tf t p) (e na b le |d i sa b le )
Description Enables or disables access to the transport type. For example, typing:
transport input web disable disables access to the Accelerator via the WebUI.
By default, all transport types are set to enabled, except FTP and TFTP which are set
to disabled
Parameters Enter one of the following transport input types:
• telnet
• ssh
• console
• web
• secure-web
• ftp
• snmp
• tftp
Followed by Enable to enable, Disable to disable.
Example AC C 1( a aa )# transport input ftp enable
with Syntax
Related • (config) aaa, on page 669
Commands

Server Configuration Commands

(aaa) authentication login, on page 671
(aaa) radius name, on page 672
(aaa) radius name timeout, on page 673
(aaa) tacacs+, on page 673
(aaa) tacacs name timeout, on page 674
{hostname}:filecontroller0# authsrv add, on page 674
{hostname}:filecontroller0# authsrv list, on page 674
(aaa) authentication login

Command AC C 1( a aa )# a ut he n ti c at io n l og i n [ lo ca l |
ra d iu s | t a ca cs ]
Description Sets server to be checked. If more than one authentication type is used, lists the server
types in the order in which they are to be authenticated.
Parameters Enter parameter string as described above
Example AC C 1( a aa )# authentication login local
with Syntax
Related • (aaa) radius name, on page 672
Commands • (aaa) radius name timeout, on page 673
• (aaa) tacacs+, on page 673
• (aaa) tacacs name timeout, on page 674
• {hostname}:filecontroller0# authsrv add, on page 674
• {hostname}:filecontroller0# authsrv list, on page 674
R ev isi o n 3. 0
(aaa) radius name

Command A CC 1 (a aa ) #r a di us na me [ server name] i p
[ x. x .x .x ] | k ey [ encryption key] | p o rt [ tcp port for the
server] )
Description Sets the RADIUS server and server information including IP address, encryption key
and TCP port. The default port is 49.
Parameters Enter server name, IP address and port number
Example A CC 1 (a aa ) #r a di us na me [ server name] i p
with Syntax
[ x. x .x .x ] | k ey [ encryption key] | p o rt [ tcp port for the
server] )
Related • (aaa) authentication login, on page 671
Commands • (aaa) radius name timeout, on page 673

(aaa) radius name timeout

Command A CC 1( a aa )# r ad i us n a me [ server name] t im e ou t
Description Sets the time out in seconds between 0 and 5000 to wait for a server to reply. The
default time out is 180 seconds.
Example A CC 1( a aa )# r ad i us n a me myserver t im eo u t 180
with Syntax
Commands • (aaa) radius name, on page 672
• (aaa) radius name timeout, on page 673
(aaa) tacacs+
Command A C C1 (a a a) #t a ca c s+ n a me [ server name] i p
[ x .x .x . x] | k ey [ encryption key] | or de r [ server
authentication order] | p o rt [ tcp port for the server]
Description Sets the TACACS server and server information including IP address, encryption key
and TCP port.
Parameters Enter parameters as follows:
• Server name - enter the correct server name
• IP address - enter a valid IP address
• Encryption Key - enter the encryption key
• Server authentication order -enter the server authentication order
• Port - enter the TCP port for the server The default port is 1645.
Example A C C1 (a a a) #tacacs+ name myserver ip 122.22.222
with Syntax
mykey order 2 port 1645
R ev isi o n 3. 0
(aaa) tacacs name timeout

Command A CC 1 (a aa ) #t a ca cs na me [ server name] t im e ou t
Description Sets the time out in seconds between 0 and 5000 to wait for a server to reply. The
default time out is 180 seconds.
Example A CC 1 (a aa ) #tacacs name myserver timeout 2000
with Syntax
{hostname}:filecontroller0# authsrv add

Command { h os tn a me }: f il e co nt r ol le r 0# a ut hs r v
[ a dd |d e le te ] { h os t}
Description Defines or deletes current authentication server.
Parameters Add to add, Delete to delete and a valid host.
Example { h os tn a me }: f il e co nt r ol le r 0# authsrv add
with Syntax
myhost
{hostname}:filecontroller0# authsrv list

Command { ho s tn am e }: fi l ec on t ro l le r0 # a ut h sr v l is t
Description Displays current authentication server.
Example { ho s tn am e }: fi l ec on t ro l le r0 # authsrv [list]
with Syntax

User Account Configuration

Commands
(aaa) user lock, on page 675
(aaa) user role, on page 676
(config) lcd lock, on page 676
password local, on page 677
show aaa, on page 678
(aaa) user lock

Command A C C1 ( aa a) # us er [ user name] [l o ck | un lo c k]
Description Disables or enables the specified user’s account.
Parameters Enter the user name and Lock to lock, Unlock to unlock.
Example A C C1 ( aa a) # us er myusername lock
with Syntax
Related • (aaa) user role, on page 676
Commands • (config) lcd lock, on page 676
• password local, on page 677
• show aaa, on page 678
R ev isi o n 3. 0
(aaa) user role

Command A CC 1 (a aa ) #u s er [ user name] ro le [ ad m in is t ra t or |
n et a dm in | mo n it or ] p as s wo r d lo c al [ password |
n on e ]
Description Creates users and sets the user’s access level: Administrators have complete access
to the Accelerator and its commands. netadmins have complete access to the
Accelerator and its commands with the exception of the Security commands. monitors
can access the Accelerator’s CLI but cannot modify configuration.
Only administrator users can write a configuration.
To set a local password, type in the user name and local password and press Enter.
You will be prompted to enter a password.
If local is set to none, passwords are necessary only for the remote authentication
servers.
Example A CC 1 (a aa ) #u s er myuser r ol e administrator
with Syntax
p as s wo rd lo c al mypassword
Related • (aaa) user lock, on page 675
Commands • (config) lcd lock, on page 676
(config) lcd lock
Note: If you lock the keypad via the WebUI or via the CLI, you cannot use the
i keypad’s unlock sequence to unlock the keypad. In such a case, the unlock
operation can be carried out only via the CLI or the WebUI
Command ACC1(config)#l cd l o ck | un l oc k
Description Locks/unlocks the keypad.
Parameters Lock to lock, Unlock to unlock
Example ACC1(config)#l cd lock
with Syntax
Commands • (aaa) user role, on page 676

password local
Command A cc 1# pa ss w or d l oc a l
Description To set a local password, type in the user name and local password and press Enter.
You will be prompted to enter a password.
Example A cc 1# pa ss w or d l oc a l myusername
with Syntax
mypssword
• (config) lcd lock, on page 676
Note: Use the command no user [name] to remove a user. You cannot
i remove a root user, but you can modify the password. (Changing an Expand
user’s password will automatically change the root user as well.)
R ev isi o n 3. 0
show aaa
Command A cc 1 # sh o w a aa
Description Displays the security settings
Example A cc 1 # show aaa
with Syntax
• (config) lcd lock, on page 676

show aaa
You can enter the show aaa command from the configuration mode. This command
lists all the AAA options and their settings.
User Name Status Role

r o ot p er mi t te d ad m in is t ra to r
e x pa nd p er mi t te d ad m in is t ra to r
u s er 1 p er mi t te d ad m in is t ra to r
u s er 2 p er mi t te d ne t ad mi n
u s er 3 p er mi t te d mo n it or
Acc1(config)# show aaa
te ln e t t ra ns p or t- i np u t st a tu s. . .. . en ab l e
ss h t ra n sp or t -i np u t s ta tu s .. .. . .. . en ab l e
co ns o le tr an s po rt - in p ut s t at us . .. . en ab l e
we b t ra n sp or t -i np u t s ta tu s .. .. . .. . en ab l e
se cu r e- w eb t r an sp o rt - in pu t s ta t us . en ab l e
ft p t ra n sp or t -i np u t s ta tu s .. .. . .. . di sa b le
tf tp tr a ns po r t- in p ut st at u s. .. . .. . di sa b le
sn mp tr a ns po r t- in p ut st at u s. .. . .. . en ab l e
Fi rs t A u th en t ic at i on Me th o d. .. . .. . Lo ca l
Se co n d A ut he n ti ca t io n M et h od .. . .. . Ra di u s
Th ir d A u th en t ic at i on Me th o d. .. . .. . TA CA C S+
Ma xi m um Fa il e d Lo g in At te m pt s. . .. . 5
Co nf i gu r at io n C ha n ge Au di t E ve n t. . .. .d i sa bl e
Cr ea t e L in k A ud it Ev e nt .. . .. .. . .. . di sa b le
R ev isi o n 3. 0
Server
Server Order IP Port Time-out
Name
radius first rad2 10.0.130.139 1645 180
radius second rad3 10.0.130.132 1645 180
radius third rad4 24.0.214.160 1645 180
tacacs first tac2 21.0.214.160 49 180
The show authentication order command lists which of the authentication servers is
set as the first, second and third level authentication server.
Ac c 1( aa a )# show authentication login order

Fi r st A u th e nt ic a ti on Me t ho d. . .. .. . Lo c al
Se c on d A ut h en ti c at io n M e th od . .. .. . Ra d iu s
Th i rd A u th e nt ic a ti on Me t ho d. . .. .. . TA C AC S+
show servers
The show servers command lists the authentication servers defined in the
Accelerator.
A c c1 (a a a) # show servers
Server
Server Order IP Port Time-out
Name
radius first rad2 10.0.130.139 1645 180
radius second rad3 10.0.130.132 1645 180
radius third rad4 24.0.214.160 1645 180
tacacs first tac2 21.0.214.160 49 180

show transport input

The show transport input command lists all possible management protocols and
services available and their status.
Ac c1 ( aa a )# s h ow t r an s po rt in pu t
te ln e t t ra ns p or t- i np u t st a tu s. . .. . en ab l e
ss h t ra n sp or t -i np u t s ta tu s .. .. . .. . en ab l e
co ns o le tr an s po rt - in p ut s t at us . .. . en ab l e
we b t ra n sp or t -i np u t s ta tu s .. .. . .. . en ab l e
se cu r e- w eb t r an sp o rt - in pu t s ta t us . en ab l e
ft p t ra n sp or t -i np u t s ta tu s .. .. . .. . di sa b le
tf tp tr a ns po r t- in p ut st at u s. .. . .. . di sa b le
sn mp tr a ns po r t- in p ut st at u s. .. . .. . en ab l e
show user
The show user command lists the users and their authorization levels.
A cc 1 (a aa ) # show user
User Name Status Role

root permitted administrator
expand permitted administrator
user1 permitted administrator

user2 permitted netadmin
user3 permitted monitor
R ev isi o n 3. 0
Software OS Upgrade Commands

copy bundle name, on page 682
reboot bundle name, on page 682
copy bundle name

Command AC C 1 #c o py [s cp | sf t p | t ft p | f t p | h tt p ]
[b u nd le na m e] [ b un dl e l o ca ti o n]
Description This command, used for copying any file, lets you upgrade the AcceleratorOS in any of
the methods mentioned above, by copying the upgrade bundle file from its location.
Parameters You should use the following format for specifying the location: user:password@ip/file-
path.
Example AC C1 # copy ftp user:pswd3@1.1.1.2/myfile-
with Syntax
location
Related • copy bundle name, on page 682
Commands
reboot bundle name

Command AC C1 # r eb o ot [ b un d le n a me ]
Description This command should be used when upgrading, for the Accelerator to use the new
bundle file after rebooting.
Parameters Enter the same bundle name you entered in the previous section
Example AC C1 # reboot mybundlename
with Syntax
Related • reboot bundle name, on page 682
Commands

Technical Information and Trouble Shooting Tools 683
Technical Information and Trouble

Shooting To o l s
By-pass Mode Commands, on page 683
show tech-support continuous, on page 686
show events, on page 686
Configuring Core Allocation, on page 687
By-pass Mode Commands

In addition to the regular by-pass commands (by-pass enable/disable, show by-
pass) the following commands are supported:
bypass activate, on page 683
bypass activate interface, on page 684
bypass enable, on page 684
bypass enable interface, on page 684
show bypass, on page 685
show bypass interface, on page 685
bypass activate
Command AC C1 # b y pa s s a c t iv a t e| d e ac t i va t e
Description Activates or Deactivates the by-pass functionality on all the interfaces.
Parameters Activate to activate, Deactivate to deactivate.
Example AC C1 # b y pa s s a c t iv a t e
with Syntax
Related • bypass activate interface, on page 684
Commands • bypass enable, on page 684
• bypass enable interface, on page 684
• show bypass, on page 685
• show bypass interface, on page 685
Note: After entering the by-pass Deactivate command it is necessary to Write

i this change. Failure to do so in the case where an Accelerator shuts down will
cause the Accelerator to be in by-pass activate state following reboot.
R ev isi o n 3. 0
bypass activate interface

Command AC C1 # b yp a s s a c ti v a te / d ea c t iv a t e x / x
Description Activate or Deactivate the by-pass functionality on a specific interface.
Parameters Activate to activate, Deactivate to deactivate, followed by the complete port
number
Example AC C1 # bypass activate 1/0
with Syntax
Related • bypass activate, on page 683
Commands • bypass enable, on page 684
Note: After entering the by-pass Deactivate command it is necessary to Write

i this change. Failure to do so in the case where an Accelerator shuts down will
cause the Accelerator to be in by-pass activate state following reboot.
bypass enable
Command A C C 1# b yp a s s e n ab l e /d i s ab l e
Description Enable or disable the by-pass on all the interfaces.
Example A CC 1# by p a ss e na b l e
with Syntax
Commands • bypass activate interface, on page 684
bypass enable interface

Command A CC 1# by p a ss [ en a b le | d is a bl e ] [ x / x]
Description Enable or disable the by-pass on all the interfaces.
Parameters Enable to enable, Disable to disable. Enter the complete port number
Example A CC 1# by p a ss e na b l e 1 / 0
with Syntax
• bypass enable, on page 684

show bypass
Command A CC 1# s h ow b yp a s s
Description Shows the by-pass status on all the interfaces. (enabled, disabled,
activated, deactivated)
Example A CC 1# s h ow b yp a s s
with Syntax
show bypass interface

Command A CC 1# s h o w b y pa s s x / x
Description Shows the by-pass status on a specific interface (enabled, disabled,
activated, deactivated).
Parameters Enter the command with the specific valid port number
Example A CC 1# s h o w b y pa s s 0 / 1
with Syntax
R ev isi o n 3. 0
show tech-support continuous

Command ACC1#s h ow te ch - su pp o rt co nt i nu ou s
Description Lists all information necessary to troubleshoot Accelerator problems. Information
gathered here includes: version information, license state, CPU and memory utilization,
events, link statistics, interface statistics, QoS configuration, route-rules, discovered
traffic, running configuration and startup configuration.
Press More to view additional output each time; alternatively, add the parameter
Continuous to enable continuous output.
Example ACC1#s h ow te ch - su pp o rt continuous
with Syntax
show events
Command A CC 1# s ho w e ve n ts [ l on g | s h or t] fi l te r
s ev er i ty fr om [f at a l | w ar n in g | e r ro r |
i nf o] to [f at a l | w ar n in g | e rr o r | in fo ]
t ai l [ nu m be r o f la s t x e ve n ts t o b e
d is pl a ye d ]
Description Lists Accelerator events. Long gives all available information on the event, while short
gives a brief summary of each event.
Example A CC 1# s ho w A CC 1 #s ho w e v en ts long filter
with Syntax
severity from fatal to info tail 100

Configuring Core Allocation

In some scenarios, the Topology-Size is not sufficient and optimizing the
Accelerator for the environment requires a more granular tuning. In such cases,
adjust the Core Allocation. The Accelerator’s memory is divided into cores, or
logical memory components used for acceleration. The larger the core allocated to
a link, the higher the acceleration.
The system allocates cores according to bandwidth settings. For more information
on CLI configuration, see “Performing Basic Setup” on page 445.
While you can set topology-size via the WebUI (see section Defining Advanced
Settings, on page 31, on page 30), setting greedy-threshold size is possible only via
the CLI, as follows:
To assign cores:
1. In the Accelerator’s CLI, in configuration mode, type core-allocation.
2. In core alloc mode, type greedy-threshold followed by the minimum
number of Accelerators to equally share memory, as follows:
ACC1(CORE ALLOC)# greedy-threshold [minimum number of Accelerators]
The default greedy-threshold size is 1.
To set the number of Accelerators in the network:

1. In the Accelerator’s CLI, in configuration mode, type core-allocation.
2. In core alloc mode, type resource-policy topology size followed by
the number of Accelerators in the network, as follows:
ACC1(CORE ALLOC)# resource-policy topology size [number of
Accelerators on the network]
The default resource-policy topology size value is 5
.
Note: After the core allocation is modified, it is recommended to reboot the

i Accelerator.
R ev isi o n 3. 0

Appendix G: Specifications and Warranty
Updated Specifications are found on Expand Networks’ website.

The following model numbers and topics are available:
Standards, on page 690
Terms and Conditions of Sale, on page 692
690 C h ap t er G : Specifications and Warranty
Standards
RFC / Standard List

Modules RFC /Standard #
Router Protocols
RIP 1058
RIPv2 1723, 2082
OSPFv2 2328, 2370
WCCP 3040
Router Polling 2096
Networking
Spanning Tree Protocol IEEE 802.1D
VLAN 802.1Q IEEE 802.1Q
HSRP 2281
VRRP 3768
SCPS ISO 15893:2000
CCSDS-714.0-B-1
MIL-STD-2045-44000
NetFlow 3954
DNS Acceleration 1034, 1035, 2181
Management
MIB-2 1213
Telnet COM port 2217
Telnet service 818
TFTP 1350
FTP 959
HTTP, HTTPS 2045, 2616, 2818
NTP 1361
SSH, SCTF, SFTP IETF drafts
SNMPv1 1157, 1155, 1212,1215
SNMPv2 1901-1908, 2578–2580
SNMPv3 3411-3418
Security
HMAC 2104 (HMAC),
2403(96), 2404 (96),
1321 (MD5)
HMAC 2404
MD5 Signing 1321

Standards 691
Radius 2138, 2865

TACACS+ 1492
HW
Safety approvals UL 1950,
CAN/CSA C22.2,
EN60950/A4,
No. 950-95
EMC approvals FCC Part 15 Class B
EN55022:1998 Class B
EN55024:1998
IEC EN61000-4-2:1995
IEC EN61000-4-3:1995
IEC EN61000-4-4:1995
IEC EN61000-4-5:1995
IEC EN61000-4-6:1996
IEC EN61000-4-
11:1994
IEC EN61000-3-2:2000
IEC EN61000-3-3:1995
CISPR16-1:1999
CISPR16-2:1999
ITU IEC 60950-1:2001, EN
60950-1:2001.
QMS ISO 9001:2000, EN
46001, ISO 13485
Manufacturing ISO 9000
Environmental and ETSI EN 300019-
Vibration tests 2(1999-09), ESTI EN
300019-2(1994),
Bellcore standard: GR-
63-ORE.
MTBF Telcordia (Bellcore)
R ev isi o n 3. 0
Terms and Conditions of Sale

Please read these terms and conditions carefully before using the product. By using the product you agree to be
bound by the terms and conditions of this agreement. If you do not agree with the provisions of these terms and
conditions, promptly return the unused products, manual, and related equipment (with proof of payment) to the
place of purchase for a full refund.
Acceptance
These terms and conditions of sale (“Terms and Conditions”) are the terms and conditions upon which Expand
Networks, Ltd. and its affiliates and subsidiaries (together “Expand“) make all sales. Expand will not accept any
other terms and conditions of sale, unless Purchaser and Expand have executed an agreement that expressly
supersedes and replaces these Terms and Conditions. Acceptance of all purchase orders is expressly made
conditional upon Purchaser's assent, expressed or implied, to the Terms and Conditions set forth herein without
modification or addition. Purchaser's acceptance of these Terms and Conditions shall be indicated by Purchaser's
acceptance of any shipment of any part of the items specified for delivery (the “Products”) or any other act or
expression of acceptance by Purchaser. Expand's acceptance is expressly limited to the Terms and Conditions
hereof in their entirety without addition, modification or exception, and any term, condition or proposals hereafter
submitted by Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and
Conditions set forth hereon is objected to and is hereby rejected by Expand.
Price and Payment

The Purchaser agrees to pay the purchase price for the Products as set forth in Expand's invoice on the date of
installation. Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as
sales, use and similar taxes), as well as import or customs duties, license fees and similar charges, however
designated or levied on the sale of the Products (or the delivery thereof) or measured by the purchase price paid
for the Products. (Expand's prices set forth on the front side of the invoice does not include such taxes, fees and
charges.) Unless otherwise specified, payment terms are COD in United States Dollars. Expand, at its discretion,
may require reasonable advance assurances of payment through irrevocable bank letters of credit or otherwise. All
unpaid invoices shall bear interest at an amount equal to 1-1/2% of the outstanding balance per month (or the
maximum rate of interest allowed to be contracted for by law, whichever is less), commencing upon the date
payment is due. Expand shall have no continuing obligation to deliver Products on credit, and any credit approval
may be withdrawn by Expand at any time and without prior notice.
Title and Security Interest

Title to the Products shall vest in the Purchaser upon date of shipment of the Products to Purchaser. Expand shall
retain a security interest in the Products until the Products price and all other monies payable hereunder are paid
in full. The Purchaser shall execute, upon request by Expand, financing statements deemed necessary or
desirable by Expand to perfect its security interest in the Products. Purchaser authorizes Expand to file a copy of
the invoice, these Terms and Conditions or a financing statement with the appropriate state authorities at any time
thereafter as a financing statement in order to perfect Expand's security interest. A financing statement may be
filed without Purchaser's signature on the basis of Expand's invoice or these Terms and Conditions where
permitted by law. Purchaser shall keep the Products in good order and condition until the purchase price has been
paid in full and shall promptly pay all taxes and assessments upon the Products or use of the Products.

Terms and Conditions of Sale 693
Risk of Loss
Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the common
carrier, regardless of whether the purchase price has been paid in full. Unless advised otherwise, Expand may
insure the Products shipped to full value and all such insurance costs shall be for the Purchaser's account. The
Purchaser shall inspect the Products immediately upon receipt and shall promptly file any applicable claims with the
carrier when there is evidence of damage during shipping.
Warranty
Expand warrants to the purchaser for a period of ninety (90) days from shipment that the products shall be free
from defects in material and workmanship and shall perform in substantial conformance with specifications
published by Expand. Expand's obligations under these terms and conditions shall be limited solely to Expand
making, at Expand's cost and expense, such repairs and replacements as are necessary to place the products in
good working order and to conform the products to Expand's published specifications. This warranty is in lieu of all
other warranties, express or implied, including without limitation, implied warranties of merchantability and fitness
for a particular purpose.
Product Returns
Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the date of the
invoice. Expand reserves the right to modify or eliminate such policies at any time. The right to return defective
Products, as previously described, shall constitute Expand's sole liability and Purchaser's exclusive remedy in
connection with any claim of any kind relating to the quality, condition or performance of any Product, whether such
claim is based upon principles of contract, warranty, negligence or other tort, breach of any statutory duty,
principles of indemnity or contribution, the failure of any limited or exclusive remedy to achieve its essential
purpose, or otherwise. In the event Expand issues a return authorization to Purchaser allowing Purchaser to return
Product to Expand, Purchaser will deliver the Product to Expand's address in the United States, if so required by
Expand, and Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as
sales, use and similar taxes) as well as import or customs duties, license fees and similar charges, however
designated or levied, on any replacement Product to be shipped by Expand to Purchaser.
License Grant
The Products, though primarily composed of hardware components, contain software that is proprietary to Expand
or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal non-exclusive,
nontransferable license to use the Program, in object code form only, and the accompanying documentation
(collectively referred to as the “Software”) only as authorized in these Terms and Conditions. The Software is
licensed for Purchaser's internal use and the Software or any derivative or by-product of the Software may not be
used by, sub-licensed, re-sold, rented or distributed to any other party. Purchaser agrees that Purchaser will not
assign, sublicense, transfer, pledge, lease, rent, or share Purchaser's rights under these Terms and Conditions.
Purchaser shall not copy, modify, reverse assemble, reverse engineer, reverse compile, or otherwise translate all or
any portions of the Software. The Software and the Documentation are proprietary to Expand and are protected
under U.S. and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to
the Software, including associated intellectual property rights, are and shall remain with Expand.
R ev isi o n 3. 0
Limitation of Liability
In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential damages
(including, without limitation, loss of use, income or profits, losses sustained as a result of personal injury or death,
or loss of or damage to property including, but not limited to, property handled or processed by the use or
application of the products) arising out of any breach of these Terms and Conditions or obligations under these
Terms and Conditions. Expand shall not be liable for any damages caused by delay in delivery, installation, or
furnishing of the Products hereunder. No action arising out of any claimed breach of these Terms and Conditions
or transactions under these Terms and Conditions may be brought by either party more than two years after the
cause of action has accrued. Expand's liability under these Terms and Conditions shall in no event exceed the
purchase price of the Products.
Default
The failure of the Purchaser to perform its obligations under these Terms and Conditions including but not limited
to payment in full of the purchase price for the Products, or the filing of any voluntary or involuntary petition under
the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or liquidation of the Purchaser's business
shall constitute a default under these Terms and Conditions and shall afford Expand all the remedies of a secured
party under the Uniform Commercial Code. In the event of default, Expand may, with or without demand or notice
to Purchaser, declare the entire unpaid amount immediately due and payable, enter the premises where the
Products is located and remove it, and sell any or all the Products as permitted under applicable law. Expand may,
in addition to any other remedies which Expand may have, refuse to provide service on the Products under any
applicable maintenance agreement relating to the Products then in effect between the parties at the time of the
default.
Indemnity
Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that Products
sold hereunder constitutes an infringement of any existing United States patent, copyright or trade secret providing
that Expand is notified promptly in writing and is given complete authority and information required for the defense.
Expand shall pay all damages and costs awarded against Purchaser, but shall not be responsible for any cost,
expense or compromise incurred or made by Purchaser without Expand's prior written consent. If any Products is
in the opinion of Expand likely to or does become the subject of a claim for patent infringement, Expand may, at
its sole option, procure for the Purchaser the right to continue using the Products or modify it to become non-
infringing. If Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using
the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of a
reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use of the
Products in combination with other Products or with software not supplied by Expand or with modifications made
by the Purchaser.
General
Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's obligations
under these Terms and Conditions if such performance is prevented, hindered or delayed by reason of any cause
beyond the reasonable control of Expand. These Terms and Conditions and the rights and duties hereunder shall
not be assignable by either party hereto except upon written consent of the other. Purchaser agrees to pay to
Expand any reasonable attorney's fees and other costs and expenses incurred by Expand in connection with the
enforcement of these Terms and Conditions. These Terms and Conditions and performance hereunder shall be

Terms and Conditions of Sale 695
governed by and construed in accordance with the laws of the State of New York. Each party acknowledges that it
has read, fully understands and agrees to be bound by these Terms and Conditions, and further agrees that it is
the complete and exclusive statement of the agreement between the parties, which supersedes and merges all
prior proposals, understandings and all other agreements, oral and written, between the parties relating to the
subject matter of these Terms and Conditions. These Terms and Conditions may not be modified or altered except
by a written instrument duly executed by both parties. If any provision of these Terms and Conditions shall be held
to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall in no
way be affected or impaired thereby. The failure of either party to exercise in any respect any right provided for
herein shall not be deemed a waiver of any right hereunder.
Open Source Provisions

The Software is accompanied by the following third party products: JfreeChart (Copyright 2000-2004, by Object
Refinery Limited. All rights reserved), Cewolf, and JBoss, which are subject to the GNU Lesser General Public
License (the “LGPL”), as published by the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA (or found at http://jasperreports.sourceforge.net/license.html#lgpl), and the following terms:
Expand agrees, upon request to provide, at the cost of distribution only, a complete machine-readable copy of the
source code for JfreeChart, Cewolf, or JBoss software. This offer is valid for three (3) years from installation of the
Software.
The Software is accompanied by the following third party product: Apache Copyright © 1999-2004, The Apache
Software Foundation, which is subject to the Apache License Version 2.0 (found at www.apache.org/licenses/
LICENSE-2.0).
The Software is accompanied by the following third party product: TouchGraph Software: (Copyright ©2001-2002
Alexander Shapiro. All rights reserved) developed by TouchGraph LLC (http://www.touchgraph.com/), which is
subject to the TouchGraph LLC. Apache-Style Software License.
The Software is accompanied by the following third party product: JavaMail, which is subject to the following terms:
Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved
Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote
products derived from this software without specific prior written permission.
This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN
MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES
SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR
ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE
DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE
USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
You acknowledge that this software is not designed, licensed or intended for use in the design, construction,
operation or maintenance of any nuclear facility.
The Software is accompanied by the following third party product: AdventNet SNMP API 4 (Release 4.0.0), which is
subject to the following terms: Copyright (c) 1996-2002 AdventNet, Inc. All Rights Reserved. This software may not
be distributed in any modified form without the prior consent from AdventNet, Inc.
R ev isi o n 3. 0

I n de x 697
Appendix H: Index
A Authentication 113
Authentication servers, compatibility
AAA with 112
configuring via the CLI 669
configuring the Radius server 671
configuring users 675 B
viewing AAA configuration 678 bandwidth
configuring via the WebUI 320 setting a minimum bandwidth
configuring users 320 desired 199
defining the security settings 324 bandwidth management
setting authentication Layer-7 and bandwidth management 5
preferences 322 setting the bandwidth 76
description 318 bypass mode
AccDump 359 carrying out the troubleshooting
download files 362 procedure 330
enable 360 checking the link status 338
access authentication 318 description 16
activating WCCP 466 in an On-Path deployment 289
adding entries to the ARP cache 562
advanced QoS
configuring 224 C
setting parameters 223
aggregation Cache Management 148
aided by Syslog server 281 checking Ethernet settings 339
applying aggregation classes to an checking for corrupted terminals 344
application 543 checking HSRP malfunction 345
configuring classes 541 checking lack of acceleration 342
enabling classes per link 544 checking link malfunction 343
prioritizing applications 201 checking QoS malfunction 346
selecting a class 264 CIFS
setting by using the Decision defining active cache method 32
screen 230 Compact Flash
setting limit 545 replacing the Accelerator in the
setting window 547 field 34
AID 302 upgrading the AcceleratorOS
ARP software 348
creating static ARP entries 295 compression
assigning a link to a wan 576 by using IPComp 25, 81
R ev isi o n 3. 0
698 I n de x
Citrix’s internal compression running configuration

mechanism 374 as startup configuration 350
disabling compression creating static ARP entries 295
disabling Citrix encryption and Crypto 266
compression 375 crypto mode 267
disabling Citrix NFuse
compression 374
in the PNAgent client 380 D
on SAP 386 Defining Shared Directories 115
next-generation WAN compression 3 deployment
QoS’ integration with 201 Citrix deployment
viewing compression statistics benefits in terminal and thin client
per application 62 deployments 375
per link 51 Citrix metaframe deployments 220
Compression filter 143 controlling latency and jitter 374
Configuring 109 configuring via the CLI 431
configuring Accelerator NetFlow 384 defining deployment size 32
configuring Accelerator defining deployment type 32
networking 73 transparency
configuring DHCP servers 107 configuring transparency
configuring OSPF support 254, 495, 509
via the WebUI 96 in On-LAN deployments 250
configuring remote subnets in On-Path deployments 250
manually 92 DFS 141
configuring RIP DHCP servers
via the CLI 457 configuring
via the WebUI 99 via the CLI 468
configuring router polling via the WebUI 107
via the CLI 454 Disconnected Operation 176
via the WebUI 98 DISKSITES Services Issues
configuring secondary IP DHCP services 195
addresses 77 displaying information for
configuring subnets troubleshooting 337
manually 91 DNS 180
Configuring the File Server/Domain DNS acceleration 261
Controller 115 benefits 4, 42
configuring the WAN 76 DNS Acceleration
configuring the wizard 23 Configuring
configuring WCCP via CLI 462 via the WebUI 261
copying Domains 113
last saved startup configuration to dynamic bandwidth
running configuration 591 using 88
I n de x 699
dynamic routing File Services Functions 145

a feature in WAN compression 3 FileBank
integrating into networks that use 40 adding FileBank Directors 145
setting routing strategy 31 cache management 148
deleting FileBank Directors 145
fetch settings 153
E filters 150
Editing 87 print services 164
Enabling Packet Interception 99 short term files filter 150
encryption 210 Time to Live settings 148
Ethernet users 149
checking Ethernet settings 339 Windows domain 147
Ethernet port FileBank Director
configuring NetFlow 384 compression filter 143
connecting file servers 141
out-of-band management 279 file services 138
Ethernet statistics settings 138
viewing Setup Wizard 123, 127
via the CLI 512 system functions 123, 127
via the WebUI 67 FileBank Director Settings 138
event log Filters 150
checking for unusual errors FTP acceleration
checking error events 334 configuring
checking fatal events 335 via the WebUI 257
checking info events 334 definition 4
checking warning events 334
Expand solution 110
ExpandView H
working with Accelerators via 285 high latency environment
external monitoring devices 41 installing in 42
external QoS devices HSRP 309
integrating into 41 configuring
autodetecting HSRP groups 565
enabling HSRP automatic
F detection 311
Fetch Settings 153 setting HSRP group number 564
Fetch Users 149 setting manual HSRP
File Server/Domain configuration 312
configuring 115 understanding router redundancy
File servers 141 protocols 296
File servers, compatibility with 112 HTTP acceleration
configuring
R ev isi o n 3. 0
700 I n de x
via the CLI 476 increased by waiting for ACK

definition 4 packets 238
setting rules 254 installing in a high latency
HTTP transparency environment 42
in On-Path deployment 250 SpeedScreen Latency Reduction
Manager 379
TCP poor handling of high latency 236
I using Citrix acceleration plug-in to
IKE policy 266 reduce 220
installing the Accelerator using packet fragmentation to prevent
On-Path violation of VoIP/video latency
using bypass mode 16 budgets 201
OnPath 8 ways to reduce
IP address DNS acceleration 261
configuration DNS caching 261
configuring router polling 98 packet aggregation 571
configuring secondary 77 packet fragmentation 573
configuring subnets manually 91 scaling the transmission
configuring the Accelerator 437 window 239
creating QoS rules 226 TCP Vegas 245
creating static ARP entries 295 using QoS 198
defining OSPF and RIP neighbors using SCPS 239
defining a RIP neighbor 458 Layer-7 applications
defining an OSPF neighbor 451 classifying 217
editing a subnet 92 discovering 58
enabling NetFlow 517 identifying Citrix Layer-7
settings 28, 32 applications 381
setting a network for broadcasting Layer-7 QoS 5
the Accelerator’s rules 452 monitoring and reporting 5
setting ExpandView agent link statistics 51
parameters 108 links
setting links via the wizard 25 adding via the my links screen 79
setting the Accelerator’s clock 106 assigning a link to a WAN 576
setting the WCCP router IP 464 creating and editing 78
IPSec policies 268 defining advanced settings 32
defining maximum number of 32
editing via the my links screen 87
L enabling citrix acceleration 265, 269
latency generating trend reports via
causing slower session start 238 ExpandView 277
computing 241 managing 299
noisy links 232
I n de x 701
selecting the direction of a QoS traffic networks

rule 227 asymmetric networks optimization 240
setting the Accelerator to enable computing latency 242
external QoS 232 congestion avoidance 240
setting the bandwidth of 206 defining printers for 136
checking QoS malfunction 346 IP-based network
setting to work in large cache On-LAN 9
mode 572 On-Path 8
using graphs to view link statistics 47 overviewing your network
acceleration 49 performance 66
compression 51 preparing network integration 13, 91
summary graphs 66 Non-Link 78
using the statistics table to view link
statistics 52
checking lack of acceleration 342 O
On-LAN deployment
configuring transparency support 254
M defining encapsulation settings 443
monitoring window enabling packet interception 99
description 46 RTM support for 82
Multi 305 setting routing strategy 31
multiport 305 setting the deployment type in the
my links screen CLI 436, 439
uses using WCCP to forward traffic to an
adding links 80 On-LAN accelerator 101
editing links 87 On-LAN installation
using for setting links 24 at a data center 41
configuring Accelerator NetFlow in 385
defining encapsulation settings 25
N use in IP-based network 9
NetFlow On-Path deployment
configuring NetFlow support 69 applying HTTP transparency to the
enabling server side 250
via the CLI 517 configuring NetFlow support 69
identifying the traffic 70 configuring transparency support 254
NetFlow compliance as an Expand defining encapsulation settings 25
benefit 6 operating in bypass mode 289
requiring router transparency setting the deployment type in the
encapsulation 82 CLI 436, 439
network topology using bridge route 31
optimizing 74 working with bypass mode 16
working with VLAN 293
R ev isi o n 3. 0
702 I n de x
On-Path installation restricting rouge and greedy

configuring NetFlow 385 applications 201
operating requirements 22 seamless integration with
OSPF compression 201
adding remote subnets manually 92 transparent to existing QoS
configuring 40, 96 infrastructure 201
configuring subnets manually 91 checking
setting dynamic routing 90, 95 lack of acceleration 342
using out-of-band management 279 malfunction 346
working with 95 configuring the WAN 76
defining scalable 278
P dropped out packets 53, 65
packet interception external QoS devices 41
enabling 99 Layer-7 QoS
Print Services 164 bandwidth management 5
prioritizing applications part of On-Path configuration 8
methods of 199 providing QoS services to virtual
when creating a new Citrix links 78
application 218 router transparency 25
when creating a new Web rules
application 217 creating 223
when creating a QoS rule 226 editing 229
when filtering traffic 205 understanding 204
prioritizing traffic setting inbound 223
by using traffic shaping 206, 208 understanding how QoS works
QoS rules 204
studying QoS bandwidth
Q allocation 205
QoS traffic filtering 205
applications traffic shaping 205
creating 213
creating Citrix applications 218
creating Web applications 217
R
modifying 216 RAID 302, 305
benefits of the Expand QoS solution RAID support 302
end-to-end application performance RAID-1 303
monitoring 201 RAID-5 303
guaranteed bandwidth for specific RDP
applications 201 description 375
disabling compression and
encryption 376
I n de x 703
recovering the password 331 description 236

redundancy 301, 305 preserving network integrity 6
resiliency 301 standard number 690
RIP studying SCPS 239
configuring 99, 101, 102 TCP spoofing 240
via the CLI 457 secondary IP address
via the WebUI 99 configuring
setting routing 90 in the WebUI 77
dynamic routing 95 Security 317
subnet routing 90 security
setup checklist 17 Accelerator’s AAA 318
working with 99 authentication
router polling setting authentication method 324
configuring setting authentication servers 322,
via the CLI 454 324
setting dynamic routing 95 entering user-defined password 27,
setting routing strategy 31 296
using out-of-band management 279 locking and unlocking the keypad 326
working with 98 managing users
router redundancy 309 defining authorization for a new
HSRP 309 user 320
On-LAN deployment 9 deleting users 321
understanding router redundancy modifying authorization for an
protocols 309 existing user 321
VRRP 309 using Verisign security certificate 46
router transparency setup
monitoring device in a cloud 75 via the WebUI 21
preserving network integrity 6 setup wizard
setting links via the wizard 25 accessing 22
setting the link to work with 443 configuring 23
WAN compression 3 defining advanced settings 32
with a QoS device 75 reviewing configuration 28
RS232 console 11 setting links via 24
rules setting time 26
route rules Shared Directories
working with router polling 98 defining 115
Short Term Files filter 150
SNTP
S setting the Accelerator’s time 106
SCPS standard SSH
compliance of TCP acceleration with 4 enabling secure management 6, 20
congestion avoidance 240 logging into the Accelerator via 424
R ev isi o n 3. 0
704 I n de x
static ARP entries 295 troubleshooting

subnet routing displaying information for 337
setting 90
summary graphs
viewing 66 U
upgrading the AcceleratorOS
software
T via the CLI 682
TCP acceleration via the WebUI 348
computing latency 241 utilization statistics 51
configuring 244
via the WebUI 244
editing links 87 V
enabling 245 Verisign security certificate
optimizing WANs in a high latency using 46
environment 42 virtual links 78
understanding the shortcomings of VLAN
TCP 237 including the Accelerator in a VLAN
technical support group 293
displaying information for setting in the CLI 566
troubleshooting 337 working with
time in an On-LAN configuration 291
setting the Accelerator time 106 in an On-Path configuration 293
Time to Live settings 148 VRRP 309
traffic discovery Setting VRRP Group Number 567
discovering Layer-7 applications 58 understanding router redundancy
enabling L-7 traffic discovery via the protocols 296
CLI 515
gathering statistics for detected
applications 57, 66, 70 W
viewing detailed 55 WAFS
traffic shaping FileBank categories 138
how it is applied 205 additional services 136
prioritizing applications 199, 201 file services 135
role in the QoS mechanism 203 system 134
transparency support utilities 136
configuring 254, 495, 509 FileBank Director categories 133
Troubleshooting 329 file services 133
DISKSITES services issues 195 system 133
general 187 utilities 134
networking issues 187, 190 WAFS transparency
security issues 189, 193
I n de x 705
enabling 619 Windows Domain 147

excluding servers from 619 Working with Accelerators Via
WAN ExpandView 151
adding
via the CLI 567
via the WebUI 286
addressing ‘WAN-Outs’ 4
assigning a link to 576
configuring
configuring NetFlow support 69
configuring the WAN 76
defining link speed 46
enabling bursts 537
enabling packet interception 99
identifying ongoing traffic 70
setting the bandwidth of
QoS bandwidth allocation 205
setting inbound QoS 223
via the CLI 439
via the WebUI 32
setting to work in strict-priority
mode 536
viewing detected applications 55
WAN bandwidth
configuring the Accelerator 439
setting 23, 32
studying QoS bandwidth
allocation 206
WAN bursts 207
WAN-OUT 176
WCCP
activating 466
setting authentication 463
setting priority 463
setting router IP 464
setting TCP service ID 465
setting UDP service ID 466
installing On-LAN at a data center 41
using out-of-band management 279
Web-intensive environment
installing in 42
R ev isi o n 3. 0
706 I n de x

AOS632GA V1R3 020211-Mx93Yeqm

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

AOS632GA V1R3 020211-Mx93Yeqm

Diunggah oleh

Hak Cipta:

Format Tersedia

AcceleratorOS

Software Version 6.3.2

Chapter 1: Introducing the Accelerator................................... 1

Chapter 2: Getting Started........................................................ 13

Configuring Basic Accelerator Details........................................................ 23

Chapter 3: Monitoring the Network ......................................... 43

Viewing Compression Statistics per Link.................................................... 51

Chapter 4: Configuring Networking......................................... 73

Using Dynamic Bandwidth ......................................................................... 88

Chapter 5: Configuring and Managing WAFS......................... 109

Getting Started with WAFS................................................................................. 114

Configuring FileBank Services ................................................................... 145

Point’N’Print Configuration.................................................................. 166

DHCP Services................................................................................... 195

Chapter 6: Applying QoS.......................................................... 197

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Creating Web Applications ......................................................................... 217

Chapter 7: Optimizing Acceleration Services......................... 235

Excluding from HTTP Caching................................................................... 255

Chapter 8: Configuring Management Options........................ 275

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Chapter 9: Setting Advanced Parameters............................... 285

Chapter 10: Resiliency and Redundancy ................................ 301

Chapter 11: Security.................................................................. 317

Defining Other LCD Settings...................................................................... 327

Chapter 12: Troubleshooting ................................................... 329

Chapter 13: Using the Accelerator Tools ................................ 347

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Using the General Tools ..................................................................................... 352

Model ................................................................................................................. 400

RAID Commands........................................................................................ 538

Stf_filter Commands................................................................................... 661

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Expand Networks’ AcceleratorTM is the ideal Application Traffic Management

Features and Benefits

Virtual Bandwidth Management

Easy Management and Configuration

Redefining Application Traffic

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Next-generation WAN Compression

conditions. The TCP acceleration plug-in is standards-based,

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Layer-7 QoS and Bandwidth

Layer-7 Monitoring and Reporting

Branch Office Features

Rapid Deployment/Dependable Results

Maximum Uptime and Reliability

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

The Accelerator Product Line

How the Accelerator Works

Figure 1: On-Path Application

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Figure 2: On-LAN Application

Figure 3: An Optional Configuration

groups. Starting from Version 6.1.2, a link can be destined to an HSRP/VRRP

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Configuration and Management

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Connecting and Configuring Multi-Port

Figure 1: Connecting the Cables

Ac ce ler at o rOS 6 .3 .2 Us er Gui d e

Understanding the LEDs

Point’N’Print Configuration.................................................................. 166

Expand Networks’ AcceleratorTM is the ideal Application Traffic Management

CAUTION! Clicking Finish saves the configuration as the Accelerator’s Startup

Note: Enabling TCP Acceleration requires you to use “Routing-Only” routing

CAUTION! The WAN bandwidth setting is used by the Accelerator’s QoS