Appresponse Xpert Administrator Guide.9.0.3.712 00195 02 - Rev 2

AppResponse Xpert
Administrators Guide
Product Release 9.0.3
Riverbed Technology
199 Fremont Street
San Francisco, CA 94105 USA
AppResponse Xpert Administrators Guide
hwi-FM-2
AppResponse Xpert/Release 9.0
Copyright and Contacts
Document Copyright
Document Title: AppResponse Xpert Administrators Guide

Version: 9.0.3
Part number: 712-00143-02
Revised: 6/13/14
Trademarks
Riverbed and any Riverbed product or service name or logo used herein are
trademarks of Riverbed Technology. All other trademarks used herein belong to
their respective owners. The trademarks and logos displayed herein may not be
used without the prior written consent of Riverbed Technology or their
respective owners.
PATENTS
Protected by U.S. Patents 7,277,843; 7,337,206; 7,443,870; 7,519,700;

7,593,351; 7,885,206; 8,589,530; and 8,635,334
COPYRIGHTS
(C) Copyright1987-2014 Riverbed Technology. All rights reserved.

Contacts
Riverbed Technology.
199 Fremont St.,
San Francisco CA 94105,
USA
General
Telephone: 415.247.8800
E-mail: info@riverbed.com
Web: http://www.riverbed.com
Technical Support
Telephone: 240.497.1200
Fax: 240.497.1064
E-mail: support@riverbed.com
This Documentation and Riverbed
This document and the accompanying product documentation describes the functions of the Riverbed
software product(s) (SOFTWARE) identified above (this document and the product documentation are
collectively referred to as DOCUMENTATION). Riverbed Technology, 199 Fremont St., San Francisco,
California 94105 is the sole owner of all rights, title, and interest to the DOCUMENTATION and SOFTWARE.
Nothing herein shall grant or imply a license to the DOCUMENTATION or SOFTWARE. The right to use the
DOCUMENTATION and SOFTWARE shall result only from entering into a Master Software License
Agreement and a Software Usage Agreement, and paying the applicable license fees.
hwi-FM-3
Terms and Conditions of Use

Eligible Users
This document is subject to restrictions on use and distribution is intended solely for persons who are subject
to the terms and conditions of Riverbeds Software Master License Agreement or persons authorized by
Riverbed (Eligible Users). As a condition of being granted access to and use of this document, each User
represents that: i) the User is an Eligible User of a Licensee under a valid Riverbed Software Master License
Agreement or the User is authorized by Riverbed and ii) the User accepts the terms and conditions of
Riverbeds Software Master License Agreement and the terms and conditions governing the use of this
document.
Confidential Information
The User agrees that the DOCUMENTATION, including this document, are the proprietary property of
Riverbed and constitutes a trade secret of Riverbed. The User agrees that access to and use of this document
does not grant any title or rights of ownership. The User shall not copy or reproduce, in whole or in part,
disclose or permit third parties access to this document without the prior written consent of Riverbed. This
document may not be stored, in whole or in part, in any media without the prior written consent of Riverbed.
Any unauthorized use of this document will be subject to legal action that may result in criminal and/or civil
penalties against the User.
Intellectual Property and Proprietary Notices

Alteration, removal, obscuring, or destruction of any proprietary legend, copyright, trademark, patent, or
intellectual property notice contained in this document is prohibited.
All trademarks and service marks in this document are the property of their respective owners.
Restricted Rights Legend

The DOCUMENTATION and SOFTWARE are subject to the restrictions on use and distribution in the
Riverbed Software Master License Agreement (for Agencies of the U.S. Government). Any use of the
DOCUMENTATION or any SOFTWARE by an agency of the U.S. Government or a direct contractor of an
agency of the U.S. Government requires a valid Riverbed Software Master License Agreement and Riverbed
Software Usage Agreement.
For all users, this Software and Documentation are subject to the restrictions (including those on use and
distribution) in Riverbed's Master License Agreement. Use of this Software or Documentation requires a
current Riverbed license and shall be governed solely by the terms of that license. All other use is prohibited.
For the U.S. Government and its contractors, the Software is restricted computer software in accordance with
Federal Acquisition Regulations as applied to civilian agencies and the Defense Federal Acquisition
Regulation Supplement as applied to military agencies. The Software and Documentation qualify as
commercial items, commercial computer software, and commercial computer software documentation.
No Warranty and Limitation of Liability

ALL INFORMATION PROVIDED IN THIS USER MANUAL IS PROVIDED AS IS WITHOUT WARRANTY
OF ANY KIND EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. No representations by Riverbed, such as statements of capability, suitability for use,
accuracy or performance, shall be a warranty by Riverbed, or bind Riverbed or vary any term or condition of
any Software Master License Agreement, unless contained in written agreement and signed by Riverbed and
any other party or parties to such Software Master License Agreement.
In no event shall Riverbed be liable for any incidental, indirect, special, or consequential damages whatsoever
(including but not limited to lost profits arising out of or relating to this document or the information contained
herein) even if Riverbed has been advised, knew, or should have known of the possibility of such damages.
hwi-FM-4
THE USER UNDERSTANDS AND ACCEPTS THAT RIVERBED SHALL NOT BE LIABLE FOR DAMAGES
WHICH ARE: (i) INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR CONSEQUENTIAL, OR (ii) THE
RESULT FROM LOSS OF USE, DATA, OR PROFITS, OR (iii) FROM THE USE OF THE SOFTWARE AND
DOCUMENTATION, WHETHER BROUGHT IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE,
EVEN IF Riverbed WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Export Controls
Any User of the DOCUMENTATION including this document shall comply with the laws of the United States,
including the provisions of the U.S. Department of Commerce, Bureau of Industry Security (BIS), Export
Administration Regulations (EAR), the U.S. Department of State, International Traffic in Arms Regulations,
and the U.S. Treasure Department, Office of Foreign Assets Control, regarding the export, re-export and
disclosure of the DOCUMENTATION or the SOFTWARE. Any export, re-export or disclosure of the
DOCUMENTATION or the SOFTWARE shall be subject to the prior written consent of Riverbed. Users shall
not remove any Destination Control Notices provided by Riverbed from the DOCUMENTATION or the
SOFTWARE.
Destination Control Statement

The DOCUMENTATION and the SOFTWARE were manufactured in the United States by Riverbed. The initial
export of the DOCUMENTATION and the SOFTWARE from the United States, and any subsequent relocation
or re-export to another country shall comply with the laws of the United States relating to the export of
technical data, equipment, software, and know-how. Any diversion contrary to the laws of the United States
is prohibited.
hwi-FM-5
hwi-FM-6
Contents
Contents
Copyright and Contacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Administration and Maintenance
adm-1-13
Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appliance Information Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accessing the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administration > System Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accessing the Administration > System Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Accounts in the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Account Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RADIUS Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Local Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Global Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Order of Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Admin Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Account Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create/Edit a Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assign Roles to a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Network Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Outgoing Email Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Customizing Sender Names of Outgoing Emails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring an Appliance to Send Emails Using an SMTP Relay . . . . . . . . . . . . . . . . . . . . . . .
Running Diagnostics and Viewing Error Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Checking the Factory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Halting or Rebooting the Appliance from the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up Private-Address to AS-Number Maps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring SYSLOG Alert Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Traceroute Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Automated and Manual Traceroutes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Traceroute Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Traceroute Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnostics in the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardware Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Software Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
18
19
19
21
22
22
24
24
24
25
25
25
26
27
28
28
29
30
31
32
32
34
35
36
37
38
39
41
41
42
42
43
43
45
45
47
47
48
49
50
51
53
adm-FM-7
Contents
Log Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Halting or Rebooting the Appliance from the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Traffic Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Managing Software Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Licensing a New Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Activating an Extended Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Moving Licenses from One Appliance/Director to Another . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnostics Bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Diagnostics Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting a Diagnostics Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Downloading a Diagnostics Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing Residual Data from Appliance Disk Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rollback Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diskwipe Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rollback and Diskwipe Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Running DiskWipe in Stand-Alone Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ResetData Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Application Stream Analysis (ASA) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ASA Boost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Calculation of Round Trip Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
VXLAN Decoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ignore Wire Length When Calculating Sizes for Pre-Sliced Packets . . . . . . . . . . . . . . . . . . . . .
Password Complexity Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable / Configure Password Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Change a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Lock a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing the Appliance
adm-2-77
Pre-installation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AppResponse Xpert Appliance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AppResponse Xpert Appliance Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Physical Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Address List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Single Span Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Dual Span Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copper/Fiber Tap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Placement Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Span Port Physical Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Traffic Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Traffic Symmetry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modified Frame Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Encryption, Tunneling and Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
adm-FM-8
53
55
56
58
59
59
60
60
61
63
63
63
63
64
64
64
65
65
66
67
68
68
70
71
71
72
72
74
75
78
78
79
80
81
84
84
85
85
85
85
86
86
86
87
87
87
87
Contents
BGP and the AppResponse Xpert Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Installation Preparation Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Installing the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
AppResponse Xpert Appliance Material Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
AppResponse Xpert-1200 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
AppResponse Xpert-3200 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
AppResponse Xpert-4100 (1G) Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
AppResponse Xpert-4100 (10G) Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
AppResponse Xpert-4100-S16 Expansion Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
AppResponse Xpert Expansion Chassis 200 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
AppResponse Xpert Expansion Chassis 300 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Back Panel Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Front Panel Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Additional Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Installing an AppResponse Xpert Appliance: Workflow Description . . . . . . . . . . . . . . . . . . . . . 118
Step 1: Rackmount and Wire the AppResponse Xpert Appliance . . . . . . . . . . . . . . . . . . . 119
Step 2a: Wiring for Span Port Physical Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Step 2b: Wiring for Copper/Fiber Tap Physical Configuration . . . . . . . . . . . . . . . . . . . . . . 121
Configuring the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Step 3: Initial Setup using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Administration > System Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Accessing the Administration > System Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Step 4: Completing Setup using the Administration > System Web Interface . . . . . . . . . . 126
NTP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Quitting the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Installation and Configuration Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Updating the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Safety Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Important Notes about Installing, Connecting, and Rebooting AppResponse Xpert Appliances . . . 130
Placing and Installing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Connecting Fiber Ports for Monitoring Interface on the Appliance . . . . . . . . . . . . . . . . . . . . . . 132
Guidelines for Powering Down or Rebooting an AppResponse Xpert Appliance . . . . . . . . . . . 134
Verifying Appliance Operations
adm-3-135
AppResponse Xpert Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Checking Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Verifying Ethernet Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
adm-FM-9
Contents
Verifying Diagnostic Reporting, SNMP, and Backup Server Configuration . . . . . . . . . . . . . . . . . . .

Verifying that Manual Diagnostic Reporting is Operational . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying that SNMP is Operational . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying Backup Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Desktop Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Traffic Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying Desktop Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying that DNS is Operating on the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verifying that BGP Peering is Operating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Disk Alert Pop-Up Window in Desktop Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 Support
adm-4-141
How to Set Up IPv6 on an Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Verify Appliance Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enable IPv6 on the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verify Appliance Health with IPv6 Enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
What You Need to Know About IPv6 Support in AppResponse Xpert . . . . . . . . . . . . . . . . . . . . . . .
Backup and Recovery of Appliance Data
Software Updates from the Administration > System Web UI
148
151
152
156
161
163
164
166
168
168
168
169
170
171
172
172
172
175
177
177
ADM-A-179
Updating an Appliance that has Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Updating from a Custom URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Updating from a Local Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Software Update Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Updating Software on a Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting Old Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
adm-FM-10
142
142
142
144
145
adm-5-147
Backup and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Pre-Configuration Tasks and Verifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Defining Backup Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scheduling a Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing an On-Demand Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing a List of Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing a Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restoring a Backup to a Different Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Best Practices and Guidelines for Backup and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recommendation: Use SSH If Possible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Estimating Backup/Recovery Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recovery Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Common Issues with Backup and Recovery . . . . . . . . . . . . . . . . . . . . . . . . .
Fast Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About the Data Restored in a Fast Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing a Fast Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Fast Recoveries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Not Enough Disk Space on Target Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
App A
138
138
138
138
139
139
139
139
139
140
179
180
180
181
181
181
Contents
App B
Software Updates Using the CLI
adm-B-183
Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

release-update Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
release-current Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
App C
Berkeley Packet Filter Syntax
adm-C-187
Tcpdump Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tcpdump Primitives and Qualifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allowable Primitives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Combining Primitives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
App D
Removing Residual Data from Appliance Disk Drives
adm-D-193
Rollback Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diskwipe Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rollback and Diskwipe Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Running DiskWipe in Stand-Alone Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ResetData Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
App E
Expansion Chassis Setup and Administration
193
193
194
194
195
196
adm-E-197
Important Notes and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Expansion Chassis Compatibility by Appliance Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing and Configuring an Expansion Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Step 1: Connect the Appliance and Expansion Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Step 2: Set Up the Expansion Chassis Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Status on the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
raid Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
tw_cli Utility (4100, 4200, and 5000 Appliances Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Expansion Chassis Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Issue: (File System) Does Not Exist or Is Not Mounted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Storage on Expansion Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing an Expansion Chassis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index
187
187
188
190
197
198
198
199
206
207
207
209
209
209
209
211
adm-IX-213
adm-FM-11
Contents
adm-FM-12
1Administration and Maintenance

With the AppResponse Xpert Appliance installed, you can now focus on more
advanced configuration and maintenance (see Installing the Appliance on
page adm-2-77). The configuration procedures covered in this chapter are used
to manage advanced features of the appliance, but are not required for basic
operation of the system. These procedures can be performed at any time after
initial installation of the appliance.
NoteThis manual was last updated on June 13, 2014. Because release notes
and other documentation is sometimes updated after the product
documentation is distributed, it is good practice to visit the Riverbed website to
check for the latest version of the Release Notes and this and other manuals.
Go to https://support.riverbed.com, then navigate to the AppResponse Xpert
Appliance page.
For more information, see:
Audit Log
Appliance Information Window
Using the Command Line Interface
Administration > System Web Interface
Managing User Accounts
Configuring Network Parameters
Configuring Outgoing Email Parameters
Running Diagnostics and Viewing Error Logs
Checking the Factory Settings
Halting or Rebooting the Appliance from the CLI
Setting Up Private-Address to AS-Number Maps
Configuring SYSLOG Alert Destinations
Traceroute Parameters
SNMP Traps
Diagnostics in the Web Interface
Halting or Rebooting the Appliance from the Web Interface
Configuring Traffic Filters
adm-1-13
Configuring Network Ports

Managing Software Licenses
Diagnostics Bundles
Application Stream Analysis (ASA) Configuration
Password Complexity Support
adm-1-14
Audit Log
The Audit Log (View > Log > Audit Log) maintains a list of significant events that
have occurred on the system. The Audit Log of a Domain Director maintains a
list of events related to configuration distribution (see Distributing Configuration
Information on page dir-2-29 of the AppResponse Xpert Director User Guide).
The following events are recorded in the Audit Log:
New, changed or deleted configuration items - An audit log entry is generated
any time a configuration item is created, modified or deleted within a
Manager inside the Desktop Console. The audit log entry includes the name
of configuration item affected, the relevant Manager, the nature of the
configuration change and the user account that made the change. The audit
log on the director includes entries for all global configuration items. The
audit log on an appliance only includes entries for local configuration items.
User Logins - An audit log entry is generated any time a user connects or
disconnects to an AppResponse Xpert Appliance.
You can export the contents of an audit log to a CSV file: while the Audit Log
window is active, choose File > Export (entire log) or File > Export Selection
(selected rows only).
A typical Audit Log is shown in the following figure.
Figure 1-1 Audit Log
adm-1-15
By default, the Audit Log displays the last 500 entries. The number of entries
displayed can be changed; simply type in the number and press the Enter key.
Figure 1-2 Audit log - Show Selector
Alternatively, the Audit Log can be configured to display only entries that were
generated during the current time selection by choosing Project Time Interval.
For more information, see Time Selection on page ug-2-33.
The following fields can be displayed for event records in the Audit Log:
DateThe date and time that the entry was generated.
Manager/InterfaceThe name of the Manager that generated the audit
event.
ParameterThe name of the configuration item.
DescriptionA description of the event. e.g., GROUP CREATED, ALERT
DELETED, USER CONNECT.
Original ValueThe original value of a configuration item that has been
changed.
New ValueThe new value of a configuration item that has been changed.
ResultSpecifies whether the event causing the audit log entry was
successful.
NameThe user account that made the configuration change.
AddressThe IP address from which the user is connecting to the
AppResponse Xpert Appliance.
By default, the Name and Address fields are not displayed. However, you can
customize the fields to display.
Procedure 1-1 Showing/Hiding Fields in the Audit Log

1 Click the Show/Hide columns icon in the Audit Log.
Figure 1-3 Audit Log - Show/Hide Columns Button
The Show/Hide Columns Window appears.
adm-1-16
Figure 1-4 Audit log - Show/Hide Columns Window
2 Select the fields to display. Unselect the fields to not display.

3 Click OK.
End of Procedure 1-1
Related Topics
adm-1-17
Appliance Information Window

The Appliance Information window provides a status report of the appliance
configuration for the categories shown in the following figure. It is located under
the View menu.
Figure 1-5 Appliance Information Window
The buttons on the Appliance Information window can be used in the following
ways:
RefreshDisplays up-to-the minute status information.
EmailSends a copy of the status (by email) to an intended recipient.
CopyCopies to a clipboard.
CancelCloses the window.
?Displays the AppResponse Xpert User Manual.
Related Topics
adm-1-18
Using the Command Line Interface

The AppResponse Xpert Appliance command line interface (CLI) is used during
the initial installation. (See Command Line Interface on page adm-2-122.) After
installation, the CLI can be used to change configuration parameters and run
various commands to maintain appliance operation. These functions include:
Managing User Accounts on page adm-1-24
Configuring Network Parameters on page adm-1-31
Configuring Outgoing Email Parameters on page adm-1-32
Running Diagnostics and Viewing Error Logs on page adm-1-35
Checking the Factory Settings on page adm-1-36
Halting or Rebooting the Appliance from the CLI on page adm-1-37
Software Updates Using the CLI on page adm-B-183
Setting Up Private-Address to AS-Number Maps on page adm-1-38
Configuring SYSLOG Alert Destinations on page adm-1-39
Accessing the Command Line Interface

The CLI can be accessed over the appliance serial port or by using SSH to
connect to the appliance over the network.
Serial Port access - Use a terminal emulator program (such as hyperterm on
Windows or tip on Unix) to connect to the AppResponse Xpert Appliances
serial port with the provided serial cable. Use the following
terminal-emulation settings: 115200 baud, no parity, 8 data bits, and 1 stop
bit.
SSH access - Use SSH to access the appliance over the network. A number
of free SSH clients, such as Teraterm and putty, are available for MS
Windows. SSH to the IP address or hostname of the AppResponse Xpert
Appliance.
adm-1-19
The CLI prompts for a valid username and password before granting access.
After logging in, type help and press Enter to see a list of valid commands.
Figure 1-6 Command Line Interface - Help
The AppResponse Xpert Appliance is based on the FreeBSD operating system.

The CLI exposes many of the commands from the FreeBSD shell to the user.
The following commands should be familiar to users with a UNIX background:
date
df
host
hostname
ifconfig
iostat
netstat
nslookup
ping
stty
traceroute
uptime
The CLI provides help for each command through the Unix man (manual)
command. To access help for a command, type man followed by the command
name and press Enter. e.g., man netstat. Refer to the man pages for help using
the Unix commands listed above. Other sections within this chapter document
usage of commands that are unique to the AppResponse Xpert Appliance CLI.
Related Topics
adm-1-20

You can use the Administration > System web interface to set up and configure
the appliance. To access this interface, choose Administration > System in the
Web Console or View > Web Interface in the Desktop Console. You can do the
following in this interface:
Change network parameters (see Installing an AppResponse Xpert
Appliance: Workflow Description on page adm-2-118)
Set the internal address list (Internal Address List on page adm-2-81)
Configure SNMP (see Configuring SNMP on page adm-1-43)
Configure RADIUS accounts (see RADIUS Accounts on page adm-1-24)
Configure email (see Configuring Outgoing Email Parameters on
page adm-1-32)
Configure automatic traceroute settings
Configure automatic diagnostics settings (see Diagnostics in the Web
Interface on page adm-1-45)
View diagnostics reports (see Status on page adm-1-53)
Back up and restore the appliance database (see Backup and Recovery of
Appliance Data on page adm-5-147)
Halt or reboot the appliance (see Halting or Rebooting the Appliance from the
Web Interface on page adm-1-55)
Configure traffic filters (see Configuring Traffic Filters on page adm-1-56)
Configure network ports (see Configuring Network Ports on page adm-1-58)
Access reports (see Reports in the Web Console on page ug-10-316 of the
AppResponse Xpert User Guide)
Launch the Desktop Console (see Installing the Desktop Console on
page ug-2-28 of the AppResponse Xpert User Guide)
adm-1-21
Accessing the Administration > System Web Interface

The Administration > System web interface runs on TCP ports 8080 and 8443
by default (see Configuring Network Ports on page adm-1-58). To successfully
connect to the web interface, you must be able to access the appliance from
your desktop using these ports.
Procedure 1-2 Accessing the Web Interface
NoteWeb interface features are not supported on all browser platforms. For
more information, see the System Requirements for the AppResponse Xpert
release you are using. To access the System Requirements, log in to the Support
Site at (https://login.riverbed.com/login_support.htm)and navigate to the
AppResponse Xpert Appliance page.
1 Access the web interface using one of the following methods:
Open View > Web Interface
The browser may display the certificate validation popup window. Accept the
certificate to proceed to the Login page.
Start a web browser and go to the appliance web interface by opening one of the
following URLs:
http://<appliance_hostname>:8080
-orhttp://<appliance_ip_address>:8080
This automatically redirects the browser to a secure (SSL) connection on TCP
port 8443. The browser may display the certificate validation popup window.
Accept the certificate to proceed to the Login page.
2 At the Login page, enter your AppResponse Xpert Appliance Username. During
initial set-up, log into the appliance using the admin account.
3 Type the AppResponse Xpert Appliance Password for the user account.
4 Click Login.
5 Choose Administration > System in the Web Console navigation treeview.
User Accounts in the Web Interface
You must provide a valid username and password to access the

AppResponse Xpert Appliance. The default administrative account named
admin is used during the installation process. Additional accounts can be
created using the CLI. See Managing User Accounts on page adm-1-24.
adm-1-22
Only one administrative user can be logged into the web interface at a time. If
an administrative user is already logged in and a second administrative user
attempts to access the web interface, the second user is granted access in
read-only mode. Only the special admin user is granted read-write access while
another administrative user is logged in.
Always use the logout link to exit the web interface. If you leave the appliance
web interface without clicking the logout link, it takes 20 minutes for your session
to expire. If you were granted administrative access, other users are not granted
read-write access (except admin) until the session expires.
Related Topics
adm-1-23
Managing User Accounts

A valid user account is required to access the AppResponse Xpert Appliance
through the CLI, the web interface, or through the Desktop Console.
Account Types
Prior to version 4.0, each appliance maintained a database of local users
accounts which could be used to access that appliances.
With the introduction of version 4.0, the AppResponse Xpert Appliance can also
authenticate users against an external RADIUS server. For appliances that
belong to a domain, a user account can be granted global access to the domain.
Global access allows that account to log into any appliances within the domain.
RADIUS Accounts
Access to each AppResponse Xpert Appliance can now be authenticated

through external RADIUS server. To configure RADIUS servers, log into the
web interface, click radius in the System tab.
Figure 1-7 System Tab - Configuring Radius Authentication
Click activate to enable RADIUS authentication. Each RADIUS server must be

configured with a hostname or IP address in the host field, the UDP port on
which the RADIUS server is listening (the default RADIUS port is 1812) and the
RADIUS secret for that server.
Each AppResponse Xpert Appliance can be configured to authenticate against
up to 3 RADIUS servers. When a user logs into the AppResponse Xpert
Appliance, if the first server is reachable, it is used exclusively for RADIUS
authentication. If the first server is not reachable or does not respond on the
appropriate UDP port, then the second server is tried. Similarly, the second falls
back the third server (if one is specified). This can create confusing effects if the
account databases do not agree between the servers. The intent is that
secondary RADIUS servers would be clones of the primary.
adm-1-24
RADIUS authentication is configured on each appliance separately. This means

that the administrator can choose different authentication schemes for each
appliance.
Configuring the RADIUS Server The RADIUS authentication scheme makes
use of a Vendor-Specific Attribute (VSA) to specify the account privilege level of

the account. (See Account Privileges on page adm-1-27.) If this VSA is not
present for the account (or if its value is unrecognized), the authentication
against RADIUS fails. The reason for this is to support deployments where an
existing RADIUS databases has accounts for other devices and it is not
desirable to grant access to the AppResponse Xpert Appliance to all existing
accounts automatically.
When configuring the RADIUS server to support the AppResponse Xpert
Appliance, use the following Vendor Code and Vendor Specific Attribute (VSA):
Vendor Code: 7119
VSA: 33
The accepted values for the VSA string are listed in Account Privileges.
Local Accounts
Each AppResponse Xpert Appliance maintains a database of local accounts

that can be used to access that appliance. This includes the special admin
account used to configure the appliance at install time. After installation is
complete, the local admin account should not be used for day-to-day
operations. Instead, individual accounts should be created for each user. Local
accounts are configured using the User Admin Manager.
Global Accounts
AppResponse Xpert Appliance user accounts can be distributed to all

appliances within a domain. This means that a single user account can be used
to any appliances in a domain. Global accounts are configured using the User
Admin Manager.
Order of Authentication
When a user logs in, the AppResponse Xpert Appliance attempts to
authenticate the account against RADIUS first, followed by accounts listed in
the User Admin Manager. Therefore, if there is an account in RADIUS with the
same name as an account in the Desktop Console User Admin Manager, the
one in RADIUS takes precedence. If authentication against RADIUS fails for
any reason (e.g., incorrect password, incorrect vendor-specific attribute in
RADIUS), the AppResponse Xpert Appliance attempts to authenticate against
the local or global users listed in the User Admin Manager.
adm-1-25
User Admin Manager

To access the User Admin Manager, start the Desktop Console, click the Tools
menu and select User Admin Manager.
NoteThe password for the admin account cannot be changed using the User
Admin Manager. The CLI command passwd must be used instead.
Figure 1-8 User Admin Manager
The user admin manager is only available to user accounts with administrative
privileges.
To create a new user account, click the New button and supply the name,
description, password and privilege level (see also Account Privileges on
page adm-1-27).
Accounts created on a regular appliance are local to that appliance. Whereas,
accounts created on the Domain Director are global and can log into any
appliance within the domain. However, if a local account exists on an appliance
with the same name as a new global account, the appliance rejects the new
global account when the account configuration information is distributed by the
director. An error appears in the Director Update Log.
adm-1-26
Account Privileges
Each account is assigned a specific privilege which controls the operations that
the account is allowed to perform. The following table lists the account
privileges.
.
Table 1-1 Account Privileges

Privilege
VSA String
Description
Basic
npinsight
A Basic user can

Log into the web interface, CLI, and Desktop Console.
View Insights and access some table and charts by right-clicking on some elements of
an Insight.
A Basic user cannot
View, edit, or export any configurations on the appliance.
View or download any captured packets on the appliance.
Export data from a table to a CSV file.
View Individual Page Views and Web User Troubleshooting insights.
Restricted
npread
A Restricted user can

Access all Desktop Console functionality (with the following exceptions).
A Restricted user cannot
Edit or export any configurations on the appliance or export configuration settings.
View or download any captured packets on the appliance.
Standard
npuser
A Standard user can

View Individual Page Views and Web User Troubleshooting insights.
View and download captured packets on the appliance.
Access all Desktop Console functionality (except the User Admin Manager).
A Standard user cannot view, edit, or export configuration settings in the following
locations:
User Admin Manager
System > Administration web UI
Command Line Interface (CLI)
Administrative
npadmin
An Administrative user can

Access all Desktop Console functionality.
View, edit, and export configurations on the appliance.
View and download captured packets on the appliance.
adm-1-27
The user account associated with the current project is displayed at the top right
of the Desktop Console screen. Hover the mouse pointer over the user name to
see the privilege level of the user.
Figure 1-9 Current User Privilege Level
Related Topics
Role-Based Access Control

Appliance administrators can limit the access of end users to specific insights,
reports, headlines, and SLA dashboards. This is useful when you want to filter
the content that your end users can view and publish. This functionality also
Simplifies the user interface, since an end user sees only authorized content.
Improves access security for the appliance. Unauthorized users cannot
access insights with Administrative functionality, such as configuring the
appliance or downloading captured packets.
The following steps describe the basic workflow:
1) An Administrator opens the Role Manager and defines a role and the
insights, reports, and custom views that users with the role can access.
2) The Administrator opens the User Admin Manager and assigns the role (or
multiple roles) to a specific user profile.
Important Notes
Note the following:

Administrator access is required to view, create, edit, and assign roles.
Roles can apply to Restricted and Basic users only. Roles do not affect
Administrator or Standard users, who can access all insights, reports, and
Custom Views.
Basic users cannot view or download captured packets, even if a user is
assigned a role that includes packet access features.
If a Restricted or Basic user has no roles assigned, that user cannot view any
insights, reports, or Custom Views.
If a Restricted or Insight user has multiple roles assigned, that user can view
all assigned items in all assigned roles.
adm-1-28
Unlike user accounts, role definitions cannot be distributed from a director to

a connected appliance.
If you distribute a user account that includes roles, the following occurs:
a) The director distributes the user account definitionincluding the set of
assigned roles (names, not definitions)to the connected appliances.
b) Each appliance updates the user account with the set of distributed role
names and matches the names to the local role definitions.
c) If a distributed name does not match a local definition, the appliance
creates a new empty role (no insights, reports, or custom views
assigned).
You cannot delete or rename any role if it is assigned to a global user account
on a domain director.
Role names cannot include commas or spaces.
The appliance automatically updates roles and user profiles in response to
the following actions, so that user access is based on the current role
definitions:
Item (insight, report, custom view) is assigned or unassigned in a role
Assigned item in a role is deleted from the appliance
Role is renamed or deleted
User with an assigned role is renamed or deleted
When you update an appliance from a pre-9.0 release, the appliance does
the following:
Creates two default roles, Allow_All_Insights and Allow_All_Reports, in
which all standard insights and reports (respectively) are assigned.
Assigns the Allow_All_Insights role to all Basic users
Assigns the Allow_All_Insights and Allow_All_Reports roles to all
Restricted users
Create/Edit a Role
Procedure 1-3 Create/Edit a Role

1 In the Desktop Console, choose Tools > Role Manager.
2 Click New to create a new role, or select a role in the table to edit it.
3 Define the role:
IdentityRole name and description
adm-1-29
For the following tabs, move the items that a user can view/publish into the
Assigned column, or check Access All (if this option is available).
Insight Accessibility
Report Accessibility
Custom View (Web UI) Accessibility
Special Features
4 Click Apply or OK to save your changes.
Assign Roles to a User
Procedure 1-4 Assign one or more roles to a user

1 In the Desktop Console, choose Tools > User Admin Manager.
2 In the Account tab, select the user profile.
3 In the Roles tab, move the roles into the Assigned tab.
NoteA user can view all assigned items in all assigned roles for that user profile.
4 Click Apply or OK to save your changes.
adm-1-30
Configuring Network Parameters

The following network parameters can configured using either the web interface
System > setup menu or the CLI setup command:
hostname
IP address
netmask
default gateway
domain name
Changes to these parameters may affect the visibility of the appliance on the
network. Verify the parameter values before running this command.
For instructions on setting these parameters using the web interface, see
Administration > System Web Interface on page adm-2-125.
To modify the network parameters using the CLI, log into the CLI, type setup
and press Enter. The CLI displays the setup menu which provides the following
options:
config - Change the appliance network parameters. Changes are not saved
until the commit command is run.
showall - Display the current values of the network parameters.
commit - Save changes made using the config command.
reboot - Reboot the appliance without saving changes.
quit - Return to the main CLI menu without saving changes.
Related Topics
adm-1-31
Configuring Outgoing Email Parameters

The AppResponse Xpert Appliance can be configured to generate email
messages as notification for such things as static alerts and diagnostics reports.
Depending on the setup of the host network, the AppResponse Xpert Appliance
may require some configuration in order to deliver email messages
successfully.
This section discusses the following:
Customizing Sender Names of Outgoing EmailsUseful if mail relay policies
in your network prohibit or restrict emails with the sender name root.
Configuring an Appliance to Send Emails Using an SMTP RelayUseful if
the appliance cannot deliver messages directly.
Customizing Sender Names of Outgoing Emails

The CLI utility mailmgr includes a command to customize the email sender
(From:) field when the appliance sends emails for traffic alerts, sysalerts,
diagnostic reports, and so on. By default, AppResponse Xpert uses the sender
name root (for example, root@acelive.appliance1.mycompany.com).
You might want to change this default if the mail relay policies in your network
prohibit or restrict emails with the sender name root.
Procedure 1-5 Customizing the Sender Names for Outgoing Emails
1 Log in to the appliance using a terminal emulator or SSH client program, as
described in the following section of the AppResponse Xpert Administrator Guide:
Administration and Maintenance > Using the Command Line Interface > Accessing
the Command Line Interface
NoteYou must have administrator privileges on the appliance to configure email
options.
2 Enter the following command: mailmgr
mailmgr shows the list of available commands.
show - Show current mail configuration
config - Configure MTA parameters
reset - Restore stock mailer configuration, discarding any localizations
setrcpt - Set recipients for test mail
sendtest - Send message to test outbound mail
inbox - Review local inbox (for potential email failure notices)
rootmasq - Set up outgoing root masquerade
expert - toggle expert mode
mailq - display/process mail queues
quit - Commit changes, restart mailer (if needed), and exit this program
Noterootmasq is an advanced command; if you do not see it in the list, you can
enter expert to turn on expert mode.
adm-1-32
3 Enter the following command: rootmasq

A prompt appears to enter the new sender name for outgoing emails.
Root masquerade configuration. Enter '?' for help.
(root_masq) Enter Root masquerade address:
4 Enter the new sender name:
(root_masq) Enter Root masquerade address:
user.x@mydomain.com
NoteYou might see a message such as:
WARNING: Unresolvable hostname: user.x@mydomain.com
This message indicates that AppResponse Xpert ran a UNIX gethostbyname()
lookup and could not resolve the hostname. If the sendtest command runs
successfully in the next step, you can usually ignore this warning.
5 Enter the following command: sendtest
mailmgr sends a test email and displays a status message such as:
Test mail was sent (subject: TEST 2010/01/07 14:47:29
NoteThe sendtest email comes from your login username, but diagnostics and
alert emails will have the root masquerade.
A prompt appears asking if you want to save your changes:
Apply configuration changes? (y/n)
6 Enter y to apply the changes.
A series of status messages appears.
7 Enter the following command to quit the utility: quit
AppResponse Xpert now uses the new sender name for all outgoing emails.
8 netmasq command does not affect the common name or screen name used by
different subsystems on the AppResponse Xpert appliance. Thus, the full sender
lines will appear like this:
From: Traffic Monitor <user.x@mydomain.com>
From: ACE Live Reports <user.x@mydomain.com>
adm-1-33
Configuring an Appliance to Send Emails Using an SMTP Relay

By default, the AppResponse Xpert Appliance attempts to deliver messages
directly. If the appliance is unable to deliver messages directly, it must be
configured to use an SMTP relay. The following SMTP relay parameters can be
configured through the CLI or through the System > mail menu of the web
interface.
Table 1-2 Outgoing Email Parameters
Parameter
Description
mta_relay
This parameter specifies the hostname (or IP address) of the SMTP

relay. All outgoing email messages are forwarded to the relay rather
than being delivered directly by the appliance.
mta_relay_port
This parameter specifies the TCP port number used by the SMTP
relay. This parameter does not need to be configured. By default,
the appliance attempts to communicate with the mta_relay host
using TCP port 25.
[optional]
mta_masq_domain
[optional]
This parameters specifies the domain used for email originating

from the appliance. By default, the appliance uses the domain name
specified in the system setup page.
Procedure 1-6 Configuring SMTP Relay Parameters via CLI

1 Login to the AppResponse Xpert Appliance CLI using the appliance serial port or
SSH (see Command Line Interface on page adm-2-122).
2 Type mailmgr at the CLI prompt and press Enter. A list of mailmgr options is
displayed on the screen.
3 Type config at the prompt and press Enter.
4 Input the appropriate SMTP relay parameters for your network:
mta_masq_domain
mta_relay
mta_relay_port
The appliance is automatically reconfigured using these values.
5 Type quit at the prompt and press Enter to exit the mail configuration submenu.
6 Type quit at the prompt and press Enter to terminate the CLI session.
Related Topics
adm-1-34
Running Diagnostics and Viewing Error Logs

The CLI provides two commands related to accessing diagnostics information.
The CLI dmq command displays a complete diagnostics report on the
AppResponse Xpert Appliance. The report includes information and statistics
on the following:
cpu and memory usage
I/O statistics
environmental status
process, driver, database and disk status
The web interface provides the ability to view the diagnostics report, as
described in Diagnostics in the Web Interface on page adm-1-45. The web
interface can also be used to email the diagnostics report directly to Riverbed
support in the event of a problem.
The CLI viewlog command displays the AppResponse Xpert system log. This
log includes detailed information on the status of each core process running on
the AppResponse Xpert Appliance.
Related Topics
adm-1-35
Checking the Factory Settings

The AppResponse Xpert Appliance includes a set of initial system parameters,
known as factory settings, that are set during system production. These
parameters include the model name and number, the initial software version
and the appliance serial number. Run the fset command at the CLI to access
the factory settings.
The appliance serial number is needed if you call Riverbed support. The fset
command displays the serial number on a line starting with
FS::Serial_Number.
Related Topics
adm-1-36

The AppResponse Xpert Appliance should always be shut down gracefully.
Shutting down the appliance using the power switch may result in data loss.
The following CLI commands can be used to shut down the system.
halt - Shut down the appliance.
reboot - Shut down and restart the appliance.
These functions can also be performed using the web interface.
For more information, see Halting or Rebooting the Appliance from the Web
Interface on page adm-1-55.
Related Topics
adm-1-37
Setting Up Private-Address to AS-Number Maps

The AppResponse Xpert Appliance maps IP addresses to AS groups before
data is displayed to the user. Each IP address is mapped to the ISP AS, Peer
AS and Dest AS groups. Private IP addresses (RFC 1918) are mapped to AS
Unknown unless they are present in both the local BGP table and the
appliances WHOIS database. The following two steps must be taken to ensure
that Private IP addresses are mapped to a specific AS number (instead of AS
Unknown):
BGP table - Enter the private IP addresses into the local BGP table. Follow
the instructions provided by your router vendor to add private IP addresses
to BGP.
NoteThese CLI commands must query the BGP routing table and may
take up to 2 minutes to execute.
The AppResponse Xpert Appliance automatically uses this information to
map private IP addresses to the appropriate ISP AS and Peer AS if it has
been configured as a BGP peer.
Appliance WHOIS database - The AppResponse Xpert Appliance provides
CLI commands that can be used to add private IP address entries from BGP
to the appliance WHOIS database. The commands used to manage this
process are:
ipas-display-private-ips
List the private IP addresses that are already in the AppResponse Xpert
Appliance WHOIS database.
ipas-add-private-ips
Add the private IP addresses from the BGP table to the appliance
WHOIS database. The Desktop Console must be restarted before the
changes resulting from ipas-add-private-ips take effect on a desktop
machine.
ipas-undo-private-ips
Remove the private IP address entries from the appliance WHOIS
database. The Desktop Console must be uninstalled then reinstalled
before the changes resulting from ipas-undo-private-ips take effect on a
desktop machine. Remove the Desktop Console using the Java Web
Start Application Manager and download it again from the appliance web
interface.
Related Topics
adm-1-38
Configuring SYSLOG Alert Destinations

All alerts generated by the AppResponse Xpert Appliance can be forwarded to
a SYSLOG server. Note the following:
The AppResponse Xpert Appliance does not generate SYSLOG alerts
unless SNMP is configured and enabled. See Configuring SNMP on
page adm-1-43.
AppResponse Xpert supports syslog messages in UTF-8 format.This
requires a syslog receiver that supports UTF-8 encoding.
To configure a SYSLOG destination for alerts log into the CLI, type alertdir
and press Enter. The CLI displays the setup menu which provides the following
options:
list - List current SYSLOG destinations.
add - Add a new SYSLOG destination. The following parameters must be
supplied to configure a new SYSLOG destination:
host - The hostname or IP address of the SYSLOG server.
facility - The SYSLOG facility assigned to all alerts forwarded by the
priority filter - The lowest priority message that should be sent to this
SYSLOG server. The priorities supported by SYSLOG, from highest to
lowest, are listed in the following table.
Table 1-3 SYSLOG Priorities
SYSLOG priority (text)
SYSLOG priority (numeric)
emerg
alert
crit
err
warning
notice
info
debug
adm-1-39
Static and adaptive alerts generated by the AppResponse Xpert Appliance

are mapped to the following SYSLOG priorities:
Table 1-4 Appliance Alerts and SYSLOG Priorities
AppResponse Xpert Appliance alert
severity
SYSLOG priority
critical
major
minor
normal
delete - Delete an existing SYSLOG destination.

modify - Modify an existing SYSLOG destination.
Related Topics
adm-1-40
Traceroute Parameters
Traceroute is an important source of data for the AppResponse Xpert
Appliance. All topology information displayed in the IP topology tool is collected
through traceroute. In addition, all traceroute metrics are based on data
collected through traceroute.
NoteBy default, traceroute is turned off. To turn on traceroute, go to the

Web Console > Administration > System > Traceroute page and set the
Automatic Traceroute option.
TCP traceroutes may be mistaken as port scanning activity by some intrusion
detection systems. If this is a concern, consider using ICMP traces.
When traceroute is enabled, the AppResponse Xpert Appliance actively runs a
traceroute to network destinations using ICMP. In environments where personal
firewalls (PFW) are mandatory, this traceroute feature may trigger alerts on
personal firewall software with rules involving inbound ICMP. Most PFW
software does not block or alert on inbound ICMP as part of their default. If this
occurs, consider changing the AppResponse Xpert Appliance to TCP (see also
Traceroute Types on page adm-1-42).
Automated and Manual Traceroutes

When traceroute is enabled, AppResponse Xpert Appliance automatically runs
a traceroute to common destinations at frequent intervals. By default, an
automatic process runs a traceroute to the top 100 IP addresses once every 5
minutes. These parameters are configurable through the web interface.
The top IP addresses are selected using the following algorithm:
The Top N IP addresses (N defaults to 100) are selected from the following
groups.
1/3 of the addresses are chosen from the top member IPs within
Business Groups ranked by Throughput (Inbound and Outbound).
1/3 of the addresses are chosen from the preferred IP list. (See Preferred
IPs on page ug-4-175.)
1/3 of the addresses are chosen from the top 50 Dest AS ranked by
Throughput (Inbound and Outbound). The IP addresses are select to
maximize coverage of the top Dest AS. If only 30 IP addresses are
chosen from Dest AS, one IP address is selected from each of the top 30
Dest AS. If 100 IP addresses are chosen from Dest AS, two addresses
are selected from each of the top 50 Dest AS.
adm-1-41
In addition to the automated traceroutes, the user can trigger manual

traceroutes using the IP Topology view in the Desktop Console, as described in
Topology on page ug-7-223. The IP Topology view can also be used to visualize
topology information collected by both manual and automated traceroutes.
Traceroute Types
The AppResponse Xpert Appliance supports both standard ICMP traceroute
and TCP-based traceroute. Conventionally, traceroutes are performed by
sending out either UDP datagrams or ICMP echo request messages and
waiting for ICMP errors. The AppResponse Xpert Appliance can send out either
TCP SYN request or UDP datagrams and detects both ICMP errors and TCP
RST segments. Due to different traffic filtering, one form of traceroute may
provide more accurate results than the other for any given destination.
Configuring Traceroute Parameters

To configure traceroute preferences, click traceroute from the System tab of
the web interface.
Figure 1-10 System > Traceroute Menu
The following traceroute parameters can be configured through the web

interface:
Automatic TracerouteTurn automated traceroutes on or off (default is off).
Traceroute PeriodThe frequency at which batches of automated
traceroutes are executed. Traceroute period is specified in minutes.
Traceroute CountThe number of IP address to traceroute in each batch.
These IP addresses are selected by decreasing Total Outbound Throughput.
Traceroute ProtocolToggle the type of traceroute between TCP and ICMP.
Related Topics
adm-1-42
SNMP Traps
In addition to user-configurable static and adaptive alerts (described in Alerting
and the Dashboard on page ug-11-357 of the AppResponse Xpert User Guide),
the AppResponse Xpert Appliance can be configured to generate alerts of two
other types:
Appliance alertsAppliance alerts are SNMP traps that are automatically
generated when the AppResponse Xpert Appliance experiences abnormal
environmental conditions or excessive resource consumption.
Heartbeat alertsHeartbeat alerts are SNMP traps sent periodically by the
AppResponse Xpert Appliance to indicate that the AppResponse Xpert
Appliance is functioning correctly. This includes an cold-start trap each time
the SNMP agent on the appliance is restarted. These cold-start traps occur
whenever the appliance is rebooted, or when changes are made to SNMP
settings through the web interface.
Configuring SNMP
SNMP must be configured through the web interface in order for the
AppResponse Xpert Appliance to generate SNMP traps. To configure SNMP,
begin by logging into the web interface. On the System menu, click snmp. The
following SNMP parameters can be set:
SNMP AgentEnable or disable the SNMP agent on the
AppResponse Xpert Appliance. If disabled, the SNMP agent does not
respond to SNMP queries.
CommunitySet the community string for the SNMP agent on the
TrapsEnable or disable SNMP traps generated by the AppResponse Xpert
Appliance. This includes static alerts, appliance alerts and heartbeat alerts.
Trap DestinationThe AppResponse Xpert Appliance forwards traps to the
destination specified as a trap destination. The destination IP address, port
number and community string must be defined. The appliance can forward
traps to up to two destinations simultaneously.
Send Heartbeat TrapsEnable or disable heartbeat traps. The INTERVAL
parameter controls the frequency of heartbeat traps.
Snmp VersionSNMP version 1, 2c, or 3.
You can specify the SNMP version for the primary and secondary trap
destination. Version 3 has encryption and privacy features that are
unavailable in versions 1 and 2. The following options are available only
when SNMP v3 is selected:
Sec LevelSelect the security level:
NoAuthNoPriv (no authentication or privacy requested)
AuthNoPriv (authentication but no privacy requested)
adm-1-43
AuthPriv (both authentication and privacy requested).

AuthProtoIf authentication is requested, select the authentication
protocol (MD5 or SHA) and password.
PrivProtoIf privacy is requested, select the privacy protocol (DES or
AES) and password.
Figure 1-11 System Tab - SNMP Page
The AppResponse Xpert SNMP MIB can be browsed using any MIB browser.
By default, the SNMP agent runs on UDP port 161. This port can be changed
through the web interface (see Configuring Network Ports on page adm-1-58).
Related Topics
adm-1-44
Diagnostics in the Web Interface

The Diagnostic tab on the web interface can be used to generate diagnostic
bundles with out using the CLI, modify automatic diagnostic report settings,
activate or deactivate automatic diagnostic reporting and alerts.
The following is available under the Diagnostics tab:
Bundles
Subscription
Settings
Status
Log Viewer
Bundles
Bundles are reports that can be generated on demand. The diagnostic bundles
contain information used for technical support troubleshooting. In general, this
informationwhich includes system configuration, serial numbers, software
versions, process status, and error logsis for Riverbed technical support to
assess the health of your AppResponse Xpert Appliance and can be used to
assist in troubleshooting. There are two types of bundles that can be created:
log bundles
core bundles
Log bundles are diagnostic bundles of all the logs and are used to help
troubleshoot possible issues with the AppResponse Xpert Appliance. Log
bundles created here are the same as using the CLI commands
diag-bundle-create and diag-bundle-delete. (See Diagnostics Bundles on
page adm-1-63.)
adm-1-45
Core files are created when the entire AppResponse Xpert OS kernel crashes
(resulting in a system reboot). Core bundles are one or more core files
packaged together. They are useful when working with support to troubleshoot
problems. Core bundles can be packaged up for delivery to Riverbed technical
support via FTP, after they are created in the CLI or the System > Administration
web UI. Follow instructions from Riverbed Technical Support.
Figure 1-12 Diagnostics TabBundle
Procedure 1-7 Creating Bundles

1 Using the Period fields, enter the time period for the bundle you wish to create. For
a 24 hour period use the same date in each box (as shown in Figure 1-12).
2 Check either the logs or core files radio button.
3 Click Create Bundle.
Bundles are created as a gzip-ed .tar file (.gz). Assembling the bundles can take
a few minutes. Once complete you can download the file directly from the
Diagnostic tab.
To delete a bundle, click the red delete X to the left of the completed bundle.
adm-1-46
Subscription
The Diagnostic > Subscription page has four tabs:
Reports
Hardware Alerts
Software Alerts
Other alerts
Reports
The Reports sub-tab is used to send reports to selected recipients. Reports are
created according to a schedule that you set.
Figure 1-13 Diagnostics TabSubscriptionReports
Procedure 1-8 Configuring Automatic Reports

1 Enter the email of the intended recipients. Multiple addresses are
comma-separated.
2 Select active to send reports automatically and continue with steps 3 and 4.
Select inactive to disable this feature.
Select send report at boot time to send the report every time the
AppResponse Xpert Appliance reboots.
3 Select the radio button for hourly, daily, weekly delivery and use the corresponding
fields to enter the specific information.
4 Click Apply.
adm-1-47
By default, the periodic automatic email report is sent to Riverbed to provide you
with the best support. You can generate manual reports at any time, but these
are usually generated at the request of a Riverbed technical support
representative.
You may view and manually email the report by clicking the status link on the
Diagnostic tab.
Alerts
The hardware alerts, software alerts, and other alerts sub-tabs are used to
configure to whom and when alerts are sent. Alerts are sent in real-time. Alert
types to be sent are selected in Settings.
Please note that at this time there are no other alerts available.
Figure 1-14 DiagnosticsSubscriptionAlerts
The three alerts sub-tabs have the same user interface.

Procedure 1-9 Specifying Report Recipients:
1 Select one of the alert sub-tabs.
2 Enter the email of the intended recipients. Multiple email addresses are
comma-separated. If no email is entered, email is not sent,
and/or
Check SNMP,
and/or
Check SYSLOG.
Both SNMP and SYSLOG need to be configured else where. For more information,
see Configuring SYSLOG Alert Destinations on page adm-1-39 and Configuring
SNMP on page adm-1-43.
3 Select the minimum severity of Alerts you wish to send.
adm-1-48
4 Click Apply.
Settings
The Settings link allows you to choose which alerts are to be sent and to set the
deduplication period. (See Alerts for information on to whom the alerts are sent.)
Alerts are sent in real-time.
Deduplication is when additional alerts are suppressed for the deduplication
interval after the end of the previous alert. For example, if the appliance
temperature is out of range, the CPUTEMP alert is sent. The alert continues to
be active until an acceptable temperature is restored. Alternatively, if the
temperature fluctuates above and below its temperature threshold,
deduplication suppresses additional alerts within the time period. By selected
Deduplication Period, the alert is only sent once at the time interval entered.
Figure 1-15
Diagnostics TabAlert Settings
By default, all alerts are enabled except NICPKTRT (see table for explanation).
Procedure 1-10 Modifying Alerts
1 Select the + next the Hardware alerts. This expands the Hardware alert list.
2 Select Enable all to select all alerts, or select the check box next to specific alerts.
3 Enter the length of the deduplication period in minutes.
4 Repeat steps 1-3 for the Software alerts.
adm-1-49
5 Click Apply.
To restore the default settings, click Restore default.

Hardware Alerts
The following table lists brief descriptions of each hardware alert.

Table 1-5 Hardware Alerts
Alert
Description
Severity Level
CPUCNT: Check detected CPU

count.
An alert is generated if the number of CPUs is not the expected count.

Typically this alert indicates a hardware failure.
Critical
CPUTEMP: CPU temperature

out of limits.
An alert is generated if the CPU temperature exceeds the normal

range.
Critical
CPUTEMPMARG
CPU temperature approaching limit
Critical
Major
Minor
DISKIO: Disk IO error
An alert generated when there is a hard drive or disk I/O failure. If this
error occurs, contact technical support.
Critical
FANRPM: Fan RPM is out of

limits.
An alert is generated if the fan RPMs exceeds or is below the normal

range.
Major
HSCBADPKT
An alert is triggered in response to Ethernet packets that are flagged

as malformed or corrupted by the network interface card receiving the
packet. If you see frequent HSCBADPKT alerts, check the hardware
connectivity between the monitoring interfaces on the appliance and
the devices/ports to which they are connected.
Minor
NETFLOWDRP: Check for

Netflow packet drops
An alert is generated if AppResponse Xpert detects that NetFlow

packets are getting dropped. Alerts are generated only if the
appliance has a NetFlow Monitoring Module license and the NetFlow
data collection is enabled.
Minor
Major
Critical
The severity of the alert is based on the percentage of packets that

are getting dropped:
1-5% ==> Minor alert
5-10% ==> Major alert
>10% ==> Critical alert
This alert indicates the appliance might be oversubscribed and/or
receiving NetFlow data in a format that is not supported by
AppResponse Xpert.
NICCNT: Check detected NIC.
adm-1-50
Available network interfaces are checked once at start up. An alert is

generated if there is an inconsistency in the set of network interfaces.
Critical
Table 1-5 Hardware Alerts (Continued)

Alert
Description
Severity Level
NICDOWN: Check NIC status
An alert is generated if a traffic network interface loses carrier (i.g., is

unplugged).
Major
NICPKTLSS: Check NIC packet

loss limit
An alert is generated if packets are dropped in any other scenario

than the NICPKLIM alert.
Critical
SYSPWR: Vpp value is out of

limits.
An alert is generated if the power supply voltage is out of tolerance.
Critical
SYSTEMP: Sensor temperature

if out of limits.
An alert is generated if the chassis temperature exceeds the normal

range.
Major
Software Alerts
The following table lists brief descriptions of each hardware alert.

Table 1-6 Software Alerts
Alert
Description
Severity Level
COREFILE: abnormal process

termination.
An alert is generated if the abnormal termination of a process occurs.

If this error occurs, contact technical support.
Major
DAQERR: Data acquisition

check.
An alert is generated if data processing on the appliance is stalled for

some reasonif the appliance is not processing packets or takes a
long time to process packets after it sees them on the monitoring
interfaces. This alert is not triggered if appliance sees no traffic on the
interfaces. Typically, a DAQERR alert indicates a problem with the
appliance.
Critical
DIAGINT: Diagnostic internal.
This is an internal error. If this error occurs, contact technical support.
Critical
DMCNAPPL: Connection to a
leaf node is broken.
An alert is generated if the connection to the appliance from the

director is lost.
Critical
DMCNDIR: Connection to the

alpha node is broken.
An alert is generated if the connection to the director is lost.
Critical
DMCNSYNC: Cluster
connectivity error.
An alert is generated if the director leaf an appliance detects that the

time clocks on the appliances are not in sync.
Major
FLOWPKTLSS: Packet loss

seen at flow engine.
An alert is generated if data processing on the appliance is stalled for

some reason: if internal data processing is not working, or the
appliance takes a long time to process packets after it sees them on
the monitoring interfaces. This alert is not triggered if appliance sees
no traffic on the interfaces. Typically, a DAQERR alert indicates a
problem with the appliance.
Major
FSFREE: Check disks free

space.
An alert is generated if free space on the appliance disk drops below

the safe limit.
Minor
adm-1-51
Table 1-6 Software Alerts (Continued)

Alert
Description
Severity Level
IPDROP: Too many IP

addresses observed.
This alert is generated when the limit on the number of recorded IPs
per minute has been reached. When this happens, the topping
algorithm cannot guarantee that the top IPs by throughput are
retained.
Major
MIPMAPCHK: Check MipMap

consistency
The mipmaps is an internal process that generates the coarser

granularities of data (5-minute, 1-hour, 1-day). This alert indicates
that expected granularities are not being generated.
Major
NETGW: Default route gateway

is not reachable.
The system periodically pings (IMCP echo) the default network

gateway to check network connectivity on its management interface.
If the check fails, an alert is generated.
Major
NICPKLIM: Check NIC packet

rate limit.
An alert is generated when rates exceed 160k/sec (NP2000) or

15k/sec (NP500) and packets are dropped.
Critical
NOTIFCHK: check Notification

service (channel).
The notification service is an internal process on the appliance. This

process is checked periodically for proper operation. If this error
occurs, contact technical support.
Minor
NOTIFCON: Check Notification

service (connection).
The notification service is an internal process on the appliance. This

minor
NTPCON: NTP synchronization

failed.
An alert is generated if connection to the Network Time Protocol

server (NTP) is lost.
Minor
SQLCHK: SQL failed to

complete request.
The MySQL server is an internal process on the appliance. This

Major
SQLCON: SQL server down.

Major
SQLPROC:SQL connections
limit reached.

Major
SQLRST: SQL connections

connection reintialized.

Major
adm-1-52
Table 1-6 Software Alerts (Continued)

Alert
Description
Severity Level
SYSCRASH: System crash

occurred, core dumped.
This alert is generated if the appliance reboots as a result of a crash

or a power failure.
Critical
For more information, see Bundles on page adm-1-45.

SYSREBOOT: System reboot
requested by the user.
An alert is generated if the appliance reboots as a result of a user

request.
Minor
WEBCON: Check TomCat

operability (connect)
The internal web server process is checked periodically for proper

operation. If this error occurs, contact technical support.
Major
WEBGET: Check TomCat

operability (request).
The internal web server process is checked periodically for proper

operation. If this error occurs, contact technical support.
Major
Status
The status link shows you the last report that was generated (for information
about how and to whom reports are sent, see Reports on page adm-1-47).
Figure 1-16 Diagnostics TabStatus
The report shown in the status Diagnostic Status window is the last report
generated. To manually send this report:
1) Enter the recipient email in the Send report to dialog box. Multiple
addresses are comma-separated.
2) Click Apply.
Log Viewer
The log utility is useful when working with Riverbed technical support to
troubleshoot problems.
adm-1-53
Related Topics
adm-1-54

The AppResponse Xpert Appliance should always be shut down gracefully.
Shutting down the appliance using the power switch may result in data loss.
From the web interface Action menu, select Reboot to restart the appliance,
select Shutdown to halt the appliance, or select Configure to force a
configuration push to the appliance after a hard drive replacement or if the
appliance configuration is out of sync with the web interface. These functions
can also be performed using the CLI. (See Halting or Rebooting the Appliance
from the CLI on page adm-1-37.)
Related Topics
adm-1-55
Configuring Traffic Filters

It may not be possible to support the estimated traffic rate on all networks. (See
AppResponse Xpert Platform on page ug-1-19 of the AppResponse Xpert User
Guide.) Each network has unique characteristics, including number of unique IP
addresses and number of simultaneous TCP sessions, that influence the
maximum support traffic rate. Using traffic filters, it is possible to disable some
features of the appliance to allow it to support higher traffic rates.
You configure traffic filters on the System > advanced page of the web interface
().
Figure 1-17 System > Advanced Page
The following traffic filters can be configured through the web interface:
Network utilization metrics for IP addresses
TCP metrics for server IP addresses
TCP metrics for client IP addresses
All metrics for Business Groups
adm-1-56
Connected IP Address drilldown for Business Groups

Connected Groups drilldowns for Business Groups
IP Protocols drill-down for Business Group Links
Link Members drilldown for Business Group Links
Application drilldowns
IP Address to IP Address drilldowns
Peer AS drilldown for ISPs
CIDR drilldown for ISPs
Destination AS groups
All metrics for ISPs
Total Traffic group and drilldowns
To increase the maximum traffic rate of the AppResponse Xpert Appliance,
disable a traffic filter if the data it collects is not required.
Related Topics
adm-1-57
Configuring Network Ports

The network ports used by the AppResponse Xpert Appliance can be
reassigned using the web interface. Click the System tab, then click ports to
access the port configuration page. This page lists the network ports that are
used by internal and external services on the AppResponse Xpert Appliance.
Figure 1-18 System Tab - Ports
Internal services are ports used by the AppResponse Xpert Appliance to

communicate with itself. The AppResponse Xpert Appliance rejects all external
connections to these ports. These ports can not be reassigned and are listed for
informational purposes only.
External services are ports used by external devices to communicate with the
AppResponse Xpert Appliance. It is important to ensure that external devices
are able to connect to the AppResponse Xpert Appliance on these ports. If your
network employs firewalls or access control lists that block access to these
ports, either reconfigure the firewall to allow access or reassign the service to a
port that allows access under your security infrastructure.
Related Topics
adm-1-58
Managing Software Licenses

The License Manager is used to enter a license key in order to activate the
appliance the first time you load the Desktop Console, or to upgrade the
appliance or add additional features. Features that have not been activated are
not visible to the user.
Figure 1-19 License Manager
When you purchase a new appliance, an upgrade, or a new feature, you receive
an Activation Key from Riverbed. This Key is needed to create the License Key
that loads the level of features appropriate for your appliance. For more
information, see:
Licensing a New Appliance on page adm-1-59
Adding a License on page adm-1-60
Activating an Extended Feature on page adm-1-60
Moving Licenses from One Appliance/Director to Another on page adm-1-61
Licensing a New Appliance

The first time you load the Desktop Console, the License Manager dialog opens
(see Launching the Desktop Console on page ug-2-30 of the
AppResponse Xpert User Guide).
If the AppResponse Xpert Appliance has connectivity to the Internet, it
automatically connects you to the AppResponse Xpert Product Registration
web page, which is already populated with the serial number of the appliance.
Fill out the remainder of the form with the requested information and click
Submit to generate your License Key, which is emailed to the email address you
entered in the form.
If the appliance does not have connectivity to the Internet, go to the URL listed
in the License Manager to access the AppResponse Xpert Product Registration
web page. Enter the serial number of the appliance (listed in the License
Manager), and fill out the remainder of the form with the requested information.
Click Submit to generate your license key, which is emailed to the email address
you entered in the form.
adm-1-59
Adding a License
To activate a license on an appliance, you must enter the license key in the
License Manager (Desktop Console > Tools > License Manager).
Procedure 1-11 Adding a License
1 Open an instance of the Desktop Console and connect to the appliance.
The following steps describe how to do this:
1.1 Open the web UI: open a web browser and navigate to the following URL:
http://[appliance-ip-address]:8080
1.2 Click the Console link on the login page.
1.3 Connect to the appliance as a user with Administrator privileges.
2 Choose Tools > License Manager.
If the appliance does not have a product license installed, this window appears
automatically when you connect.
Figure 1-20 License Manager
3 Enter the license key and click Submit.

A notification window indicates a successful installation.
Activating an Extended Feature

Procedure 1-12 Activating an Extended Feature
1 On the Tools menu of the Desktop Console, click License Manager. The License
Manager displays the appliance name, serial number, and all configured licenses.
adm-1-60
2 If the appliance has connectivity to the Internet, it automatically connects you to the
AppResponse Xpert Product Registration web page, which is already populated
with the serial number of the appliance. Fill out the remainder of the form with the
requested information and click Submit to generate your license key, which is
emailed to the email address you entered in the form.
3 If the appliance does not have connectivity to the Internet, go to the URL listed in
the License Manager to access the AppResponse Xpert Product Registration web
page. Enter the serial number of the appliance (listed in the License Manager), and
fill out the remainder of the form with the requested information. Click Submit to
generate your license key, which is emailed to the email address you entered in the
form.
4 Enter the license key in the text area labelled Enter License Key.
5 Click the Submit button.
Moving Licenses from One Appliance/Director to Another

In some cases, you might need to move a set of licenses from a source device
(appliance/director) to a target devicefor example, if you are upgrading from
an old device to a new device, and you have only one set of licenses.
Procedure 1-13 Moving Licenses from One Appliance to Another
1 Deregister the licenses on the source device:
1.1 Open the License Manager (Desktop Console > Tools > License Manager).
1.2 Write down or copy the serial number of the device.
1.3 Go to support.riverbed.com and open a support case. Include the serial
number and ask Support to deregister the license for that device.
1.4 Sign the Notice of Permit Deactivation as requested by Support. This form
authorizes Riverbed to de-register the license for the purpose of the move.
1.5 Wait until Support informs you that the licenses for the device have been
deregistered. Do not proceed until you receive notification from Support.
2 Add the licenses on the target device.
2.1 To do this, you need to generate a license key. You can do this yourself: Go
to support.riverbed.com> My Licenses and then follow the link for
AppResponse Xpert licenses that are pending activation.
2.2 After you generate a license key, you can add it to the device from the
Desktop Console > Tools > License Manager.
adm-1-61
Related Topics
adm-1-62
Diagnostics Bundles
Diagnostics bundles contain information required to diagnose
AppResponse Xpert Appliance internals. If you contact Riverbed Support to
submit an issue, you may be asked to generate and send a diagnostics bundle.
Bundles are created through the CLI and downloaded through the web
interface.
NoteDiagnostics bundles can only be created if AppResponse Xpert
Appliance disk utilization is below 90%.
Creating a Diagnostics Bundle

The CLI command diag-bundle-create is used to create a new diagnostics
bundle. The command requires that you specify a begin and end date. All
relevant information logged between the begin and end date is included in the
bundle.
diag-bundle-create <begin_date> <end_date>
e.g., diag-bundle-create 11-Jan-2004 13-Jan-2004
For information about creating a diagnostic bundle from the web interface, see
Bundles on page adm-1-45.
Deleting a Diagnostics Bundle

The CLI command diag-bundle-delete is used to delete an existing
diagnostics bundle. The command requires that you specify the begin and end
date of the diagnostics bundle that you wish to delete.
diag-bundle-delete <begin_date> <end_date>
e.g., diag-bundle-delete 11-Jan-2004 13-Jan-2004
Use zero as a begin and end date to delete all existing diagnostics bundles (e.g.,
diag-bundle-delete 0 0).
A list of existing diagnostics bundle can be seen through the web interface.
Downloading a Diagnostics Bundle

Diagnostics bundles can be downloaded through the AppResponse Xpert
Appliance web interface at the following URL:
http://<ace_live_appliance>:8080/diag/
Related Topics
adm-1-63

To alleviate security concerns, all customer-specific data can be removed from
AppResponse Xpert appliance disk drives. This is especially useful when
replacing and/or returning hardware.The disk drives in an AppResponse Xpert
appliance can be cleared of customer-specific data using the rollback, diskwipe,
and resetData CLI utilities
Rollback UtilityRestores an appliance to its default factory settings.
Diskwipe UtilityOverwrites all unused disk space on one or all disk drives
after rollback is completed.
Important Notes
Running DiskWipe in Stand-Alone Mode
ResetData UtilityDeletes all metric data and captured packets, but retains
configuration settings.
Rollback Utility
The Rollback utility restores an AppResponse Xpert appliance to its default
factory settings. This means that all customer-specific data is removed from the
appliance, including:
configuration settings
data from database tables
logs
reports and report definitions
Diskwipe Utility
The DiskWipe utility overwrites all unused disk space on the specified disk
drives. More specifically, in one pass, the DiskWipe utility writes zeros to all
blocks on the disk drive(s) that have no data. (The DiskWipe Utility is similar to
the dd unix command.)
NoteBecause it writes to blocks that have no data, the DiskWipe utility should
be run only after the Rollback Utility.
adm-1-64
Important Notes
Note the following:
A rollback operation can take 10 to 20 minutes to complete, depending on
the hardware model.
The Rollback utility does not remove AppResponse Xpert software patches.
Therefore, you do not need to re-install software patches after Rollback.
Rollback and Diskwipe Procedure
Procedure 1-14 Performing a Rollback and Diskwipe

1 Access the appliance CLI (Command Line Interface).
Use one of the following access methods:
A direct serial connection to the appliance using a terminal emulator, such as
hyperterm or with a keyboard and monitor.
Through the network, using an SSH client on port 22.
2 Log in to the appliance as an administrator.
The rollback command has the following options:
--noshut
Do not shut down the appliance when rollback is completed. This optional
argument is especially useful when accessing the appliance remotely.
When Rollback is complete, you can re-add the management IP address
without losing connectivity to the appliance.
--keeplicense
Do not delete the licenses during rollback. This optional argument is helpful
if you want to use the same licenses after the rollback.
3 Enter the rollback command with the options you wantfor example:
rollback --noshut --keeplicense
NoteYou must enter two hyphens before each argument.
When the rollback is complete, a CLI prompt asks if you want to run the
diskwipe utility. This utility overwrites all unused disk space on the specified
disk drives; specifically, the utility writes zeros to all blocks on the disk drive(s)
that have no data. (This utility is similar to the dd command in UNIX.)
4 If you choose to run diskwipe,now, enter one of the following commands:
statusdisplays a list of all appliance disk drives and the DiskWipe status
for each disk drive
autowipes all available appliance disk drives
adm-1-65
wipewipes a specified appliance disk drive

stopstops the wipe operation
cleanupremoves the utilities working files from disk drives (typically run
after the stop option)
quitexists the DiskWipe utility
5 Enter a command from the menu, press return, and follow the prompts.

The following procedure describes how to run the Diskwipe Utility after you run
the Rollback Utility. Because diskwipe writes to blocks that have no data, you
should run diskwipe only after you run rollback.
Procedure 1-15 Running DiskWipe in Stand-Alone Mode
1 If the rollback command was just run without the --noshut argument and the
AppResponse Xpert appliance is currently turned off, then turn on the appliance.
3 Login to the appliance as an administrator.
4 Enter the DiskWipe command:
diskwipe
The DiskWipe utility menu appears.
5 Enter an option from the utility menu, press return, and follow the prompts.
for each disk drive
adm-1-66

ResetData Utility
The resetData CLI command deletes all traffic data stored on the appliance,
while retaining all user-specified configurations. Situations in which this
command can be useful include:
The appliance was configured incorrectly, resulting in inaccurate data, so
you correct the configuration and delete the data collected using the previous
configuration.
You want to move the appliance to a new location that requires only minor
changes to the appliance configuration, so you reconfigure the appliance and
delete all traffic data collected at the old location.
When you run the resetData command from the CLI, the following data is
deleted:
Metric data derived from monitored traffic, such as Application Stream
Analysis, Web Transaction Analysis, NetFlow Monitoring, and VoIP/Video
Monitoring
All packet capture data
All generated reports
The following data is retained:
All custom settings in the web UI
All custom settings in the Desktop Console: Business Group Manager,
Defined Application Manager, Preferred IP Manager, and so on
All certificate and private key information stored on the appliance (for
example, in the Web UI > System > Administration > Pages)
Note the following:
The resetData command is case-sensitive: all lowercase except for the
uppercase 'D'.
You must be logged in to the CLI as a user with Administrator privileges to
run this command.
adm-1-67
Application Stream Analysis (ASA) Configuration

Application Stream Analysis refers to the engine that calculates metric data from
traffic observed on the appliance monitoring interfaces. This section describes
the following options for configuring the ASA engine:
ASA Boost
Calculation of Round Trip Times
VXLAN Decoding
Ignore Wire Length When Calculating Sizes for Pre-Sliced Packets
ASA Boost
Application Stream Analysis Boost (ASA Boost) mode that is useful for
monitoring traffic in high-throughput environments such as server farms or data
centers.
Note the following:
This mode is available on certain high-end appliance models only; maximum
processing speeds can vary based on the appliance model and conditions in
the production environment.
You can run ASA Boost at the same time as any of the following features:
RPM Integration
Web Transaction Analysis
NetFlow Data Collection
Database Performance
Module for VoIP Performance
Running ASA Boost together with one or more of these features will add
more load to the appliance and might reduce performance. For example: If
you enable ASA Boost at the same time as either Web Transaction Analysis
or Database Performance Monitoring, the peak packet processing rate on
the appliance will be reduced by up to 20%.
If you want to enable ASA Boost with any of these features, it is good practice
to check consumption on the appliance using the Performance Health Check
Insight. You should do this before you enable ASA Boost and periodically
while ASA Boost is enabled.
WARNINGIt is important to check consumption in the Performance Health
Check insight because, if the appliance gets overloaded, you could lose data.
To install or update the Performance Health Check insight on your appliance,
go to the Update Center (Desktop Console > Insights > Update Center) and
then navigate to the following section:
support.opnet.com/ace_live/insights/support > Tools
adm-1-68
You cannot run ASA Boost and CX-Tracer for AppResponse Xpert at the
same time.
The packet size limit is the maximum number of bytes per captured packet
that an appliance saves to disk. To optimize packet processing at the highest
traffic rates, you might need to set the packet size limit to 128 manually. To
change this setting, go to the Web Console > Administration > System >
Capture page.
Procedure 1-1 To enable ASA Boost:

1 Install the Appliance Health Check insight on your appliance, or (if it is already
installed) verify that you have the latest version installed.
To install or update the Appliance Health Check insight on your appliance, go to
the Update Center (Desktop Console > Insights > Update Center) and then
navigate to the following section:
support.opnet.com/ace_live/insights/support > Tools
2 Check the following feature settings and verify that only the features that you want
to run at the same time as ASA Boost are enabled:
System > Administration web UI > System > Advanced > Collect Netflow Data
System > Administration web UI > System > Advanced > Collect VoIP Data for
Business Groups
System > Administration web UI > System > Advanced >
Collect VoIP Data for Business Groups > Connected Groups
Database Performance Module Management Console
(http://<appresponse-xpert-appliance-ip>:2780) > Manage
software instances page: For the asx instance, set Run Status to Stop and
Autostart at reboot to No.
You can enable and disable Microflow Indexing for RPM Integration in the CLI.
(This process is enabled by default.) Log in to the appliance as Administrator
using an SSH-enabled program such as putty. Then enter the command shark.
Then enter one of the following:
capture_job index enable
capture_job index disable
3 If you have any Citrix insights (Desktop Console > Insights > Citrix) installed,
Riverbed recommends that you delete these insights in the Insight Manager before
you enable ASA Boost.
4 Run the Appliance Health Check insight and verify that there are no performance
issues on the appliance.
5 Open a CLI window, connect to the appliance, and enter the following command:
ASAmode boost
To disable ASA Boost mode, enter the following CLI command:
adm-1-69
ASAmode default
6 After you have enabled ASA Boost, monitor the health of the appliance by running
the Appliance Health Check insight periodically to make sure that no issues have
resulted from enabling ASA Boost. You should check the networks health at the
following times after you enable ASA Boost:
A peak hour in a business day
The busiest day in a week
A typical business week
If these checks detect no performance issues, the appliance can safely run ASA
Boost with the current appliance configuration. If performance issues are detected,
you should do one or more of the following:
Disable ASA Boost
Disable one or more of the following processes if they are running at the same
time as ASA Boost (as described in step 2 on page 69):
Web Transaction Analysis
NetFlow Monitoring Module
Database Performance Monitoring
VoIP Monitoring Module
RPM Integration (Microflow Indexing)
Reduce traffic loads so that performance is no longer impacted.
Calculation of Round Trip Times

Release 8.5 introduced a change in the default method for calculating the
Round Trip Time [msec] metric. The default method considers only immediate
ACKs and ignores delayed ACKs and piggybacked ACKs, resulting in round trip
times that more closely reflect network propagation delay. The difference in
round trip times (compared to previous releases) can be especially apparent for
highly chatty applications. The trade-off of the new method is that you might see
no Round Trip Time metrics at all for some highly chatty applications.
If you want to revert to the old method of calculating round trip times, do the
following:
1) Using a SSH-enabled command line program such as putty, log in to the
appliance as a user with admin privileges.
2) Enter the following command in the CLI:
setNgfestats COUNT_ONLY_IMMEDIATE_RTT=0
adm-1-70
To switch back to the new method later, enter the following command in the
CLI:
setNgfestats COUNT_ONLY_IMMEDIATE_RTT=1
VXLAN Decoding
This release supports decoding of encapsulated Virtual eXtensible LAN
(VXLAN) traffic. To enable VXLAN decoding, log in to the CLI as Administrator
and enter the following command:
setNgfestats DECODE_VXLAN_ENCAPSULATION=1
To disable VXLAN decoding, enter:
setNgfestats Ngfestats -d DECODE_VXLAN_ENCAPSULATION
NoteThis option is disabled by default. You should enable it only if your

network includes VXLAN traffic that you want to monitor and analyze.
By default, the appliance assumes that the network uses TCP port 8472 to
exchange VXLAN-encapsulated traffic. Enter the following command to specify
a different port:
setNgfestats VXLAN_UDP_PORT=[tcp_port_#]
Ignore Wire Length When Calculating Sizes for Pre-Sliced Packets

By default, the appliance calculates packet lengths based on the frame sizes it
observes on the wirethat is, on the monitoring interfaces of the appliance. If
packets are sliced before they arrive at the appliance, utilization and other
metric results might be inaccurate (due to the discrepancy between the original
packet sizes and the truncated frame sizes observed on the wire).
You might want to override this default behavior if packets are sliced before they
arrive at the appliancefor example, by a traffic aggregator or some other
external device. You can configure the appliance to use the IP Length and other
header data to estimate the original sizes of observed packets (regardless of
whether the packets were pre-sliced or not).
To enable this ignore-wire-length mode, log in to the appliance CLI as
Administrator and enter the following command:
setNgfestats IGNORE_WIRE_LENGTH=1
adm-1-71
Password Complexity Support

When password complexity is enabled on the appliance, users will be prompted
to choose a new complex password. The password must have at least one
uppercase character, at least one lowercase character, at least one special
character, and should not be easy to guess (dictionary words, palindromes, and
so on). Also, you will be able to specify additional requirements for the
passwords, such as:
A minimum password length
What types of characters must be used in a password (for example, you can
require numbers, uppercase letters, or special punctuation)
The number of failed attempts before the account is disabled and the user is
locked out.
How often passwords can be changed (for example, not more often than
every 24 hours)
How often passwords must be changed (for example, a new password is
required every 60 days)
How often a password can be reused
Note that after you have enabled password complexity, all user passwords will
have to be changed. Users will be prompted to change their password the next
time the log in to the appliance.
Enable / Configure Password Complexity

To enable and configure password complexity, use the command line interface
to log in to the appliance as an administrator and start the feature editor, as
described below.
Procedure 1-1 Starting the Password Complexity Configuration Editor

1 Open the command line interface for the appliance.
3 Enter pwverify.
Available commands are displayed in the editor. See pwverify Commands on
page adm-1-73.
4 Review or change the password configuration as desired using the enable,
disable, review, and edit commands.
5 When you are satisfied with the configuration changes you have made, enter
commit to save your changes.
adm-1-72
6 Enter exit to close the editor.

The following table lists the commands available in pwverify.

Table 1-1
pwverify Commands
Command
Description
enable
Enables the password complexity requirements. By default, this

feature is turned off.
disable
Disables the password complexity requirements. This is the default

behavior.
edit
Presents each of the configurable parameters, which you can edit.

For a description of each parameter, see Table 1-1
review
Displays the current configuration so that you can view the value of
each parameter.
commit
Saves the changes that you have made to the configuration.
exit
Closes the editor. Note that changes are not automatically saved on
exit, to save changes, use the commit command.
The following table lists the parameters that you can configure to specify the
requirements for new passwords.
Table 1-2
pwverify Parameters
Parameter
Default Value
Description
ENABLED
no
Turns the password complexity feature on or off. This feature is

turned off by default.
OBSCURE_CHECKS_ENAB
yes
Verifies that the password is not a palindrome or too similar to

previous passwords. Although configurable, this value should
always be yes.
PASS_CHANGE_TRIES
When choosing a new password, the user only has this number
of attempts to choose a valid password. If the user does not
specify an valid password within the specified number of
attempts, the session terminates and the user will have to start
the password change operation again.
PASS_MIN_DAYS
-1
The minimum period of time (in days) between password

changes. After changing their password, the user will have to
wait this period of time before changing their password again. A
value of -1 turns this feature off and means that a user can
change their password as often as they wish.
adm-1-73
Table 1-2
pwverify Parameters
Parameter
Default Value
Description
PASS_MAX_DAYS
-1
The maximum period of time (in days) between password

changes. After this period of time, the user must choose a new
password or they will bot be allowed to log in. A value of -1
disables this feature and means that passwords do not expire.
PASS_MAX_LEN
16
The maximum length of a password.
PASS_MIN_LEN
The minimum length of a password.
PASS_WARN_DAYS
-1
Specifies how much advanced warning is provided to users

when their password is about to expire. Setting this value to 5
would warn users each time they tried to log in within 5 days of
the expiry of their password. A value of -1 disables this feature
and means that no advanced warning will be displayed to notify
users that their passwords are about to expire.
PASS_HISTORY
-1
This specifies how often users can reuse a password. A value

of 5 means that the previous 5 passwords are saved and the
user will not be allowed to use any of these passwords when
specifying a new password. A value of -1 disables this feature.
PASS_LOCK_LIMIT
-1
This is the number of times that a user can enter an incorrect

password before their account is locked. When locked out, a
user will not be able to log back in until the account is unlocked
by an administrator. This feature does not apply to administrator
accounts. A value of -1 disables this feature. See Procedure 1-4
for instructions on how to unlock an account.
yes
When this feature is turned on, the user is always notified about
the upcoming password expiration date.
PASS_ALWAYS_WARN
Change a Password
An administrator can change a user password using the alpasswd command.
Procedure 1-2 To Change a Password
1 Open the command line interface.
2 At the prompt, enter:
alpasswd username current-password new-password
NoteThe current-password field is optional for Administrators and required

for non-Administrators.
adm-1-74
Lock a User Account

An administrator can lock the account of any non-administrative and non-root
user using the alpasswd_lock command.
Procedure 1-3 To Lock a User Account
alpasswd_lock user lock
where user is the username on the account.

Procedure 1-4 To Unlock a User Account

alpasswd_lock user unlock
where user is the username on the account.

adm-1-75
adm-1-76
2Installing the Appliance

The Installation Guide provides all the information required to install an
appliance within your network.
This chapter includes the following topics:
Pre-installation Information
Configuring the Appliance
Updating the Software
Safety Warnings
Instructions for setting up the AppResponse Xpert Console are in Installing the
Desktop Console on page ug-2-28 of the AppResponse Xpert User Guide.
NoteThis manual was last updated on June 13, 2014. Because release notes
and other documentation is sometimes updated after the product
documentation is distributed, it is good practice to visit the Riverbed website to
check for the latest version of the Release Notes and this and other manuals.
Go to https://support.riverbed.com, then navigate to the AppResponse Xpert
Appliance page.
adm-2-77
Pre-installation Information
The following sections provide information that should be reviewed prior to
installing the AppResponse Xpert appliance.
AppResponse Xpert Appliance Overview

The AppResponse Xpert appliance is a rackmount system that installs in your
data center (Figure 2-1). The AppResponse Xpert appliance does not require
changes to your content or application servers, IT infrastructure, overlay
network or cooperation from downstream elements, client side applications, or
special protocols. The AppResponse Xpert appliance is a passive data
collection device that is attached to the target network using a span port or a
copper/fiber tap.
Figure 2-1 A Typical AppResponse Xpert Appliance Installation
adm-2-78
AppResponse Xpert Appliance Models

Available AppResponse Xpert appliance models include the following:
AppResponse Xpert-60005U rackmount system that supports up to two
fiber (10GbE enhanced Small Form-factor Pluggable (SFP+)) Ethernet
monitoring interfaces.
fiber (10GbE enhanced Small Form-factor Pluggable (SFP+)) Ethernet
fiber (10GbE XFP SR/LR) Ethernet monitoring interfaces.
AppResponse Xpert-43004U rackmount system that supports up to four
Small Form-factor Pluggable (SFP) copper or fiber (1GbE) Ethernet
AppResponse Xpert-4100 (10G)4U rackmount system that supports up to
two fiber (10GbE XFP SR/LR) Ethernet monitoring interfaces.
AppResponse Xpert-4100 (1G)4U rackmount system that supports up to
four Small Form-factor Pluggable (SFP) copper or fiber (1GbE) Ethernet
copper (10/100/1000 Mbps) or fiber (10Gbps) Ethernet monitoring
interfaces.
adm-2-79

copper (10/100/1000 Mbps) or fiber (1 Gbps) Ethernet monitoring interfaces.
AppResponse Xpert-22001U rackmount system that supports up to three
Small Form-factor Pluggable (SFP) copper and one copper (10/100/1000
Mbps) Ethernet monitoring interfaces.
copper (10/100/1000 Mbps) or fiber (1 Gbps) Ethernet monitoring interfaces.
AppResponse Xpert-12001U rackmount system that supports up to three
Small Form-factor Pluggable (SFP) copper and one copper (10/100/1000
Mbps) Ethernet monitoring interfaces.
NoteSFPs and XFPs are hot-swappable, so you do not need to power down
the appliance before you add or switch an SFP or XFP.
Instead of referring to specific models numbers, the rest of this manual only
uses the term AppResponse Xpert appliance to refer to all models except where
explicitly noted.
Physical Configurations
The AppResponse Xpert appliance can be connected to the network using
either a span port or a copper/fiber tap. The manner in which the appliance is
connected to the network is referred to as the physical configuration.
In many network configurations, the AppResponse Xpert appliance is attached
to a span port on a layer 3 switch. The AppResponse Xpert appliance has two
monitoring interfaces and can be attached to one or two span ports. During the
installation process, the user must configure the number of span ports
connected to the AppResponse Xpert appliance (see Step 4: Completing Setup
using the Administration > System Web Interface on page adm-2-126). The
span port is normally configured to send both inbound and outbound packets to
the AppResponse Xpert appliance so that both directions of network
communication are monitored.
A copper/fiber tap can be used to connect the AppResponse Xpert appliance if
a span port is not available at the desired location in the network. Copper/fiber
taps are installed inline directly within the target network. As a result, the
physical connectivity of the target link must be temporarily interrupted while the
tap is installed. The AppResponse Xpert appliance attaches directly to the tap.
Unlike a span port, the tap does not require reconfiguration of a switch.
adm-2-80
Internal Address List
For most groups, an appliance can rely on packet data to determine the
direction of traffic flows (Inbound / Outbound) and the roles played by specific
IPs and groups (Client, Server, TCP Client, TCP Server). For some group types,
however, you must specify the range of Internal IPs for the appliance to
determine flow directions and IP roles.
By default, the Internal Address List includes all private IPs that are visible to the
appliance (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). To view or
edit this list, go to Administration > System > Setup > Internal Addresses.
Best Practice: Include All Server IPs in the Internal Address List
It is best practice to verify that all server IPs for all Defined Applications are
included in the Internal Address list. This is necessary to ensure that the
directions and roles of all metrics are interpreted correctly. If a server IP is not
included in this list, the directions and roles for some metrics might be the
opposite of what you expect.
Groups Affected by the Internal Address List
How to Set the Internal Address List
Example: What Can Happen when a Server IP is not in the Internal Address
List
Groups Affected by
the Internal Address
List
An appliance uses the Internal Address list when it calculates metrics for the
following groups:
Application
Total Traffic
VLAN
Mon Interface Group
(if Administration > System > Interface Groups > [group] > Traffic relative to
option is set to Internal Addresses)
How to Set the

Internal Address List
To set the Internal Address list, do the following:

1) Open the Defined Application Manager (Desktop Console > Tools >
Applications > Defined Application Manager).
2) Click the Server tab.
adm-2-81
3) Starting at the top of the Applications table, copy/paste all of the Server IPs
into a text file. Press the Down key to iterate through all entries. (Defined
applications of type Standard do not have a Server IPs field.)
4) Go to Administration > System > Setup > Internal Addresses.
5) Iterate through your list of Server IPs and verify that each server IP is
included in the Internal Address list. If a server IP is not included in an
address range or subnet, redefine or add a range to include this server IP.
WARNINGKeep the number of comma-separated items in the Internal
Address List as small as possible
When the appliance calculates metrics in real time, it checks monitored
packets against each comma-separated item (IP or IP range) in the Internal
Address list. A long or complex list can increase computation loads and affect
monitoring performance on the appliance.
To keep the Internal Address List as simple as possible, it is good practice to
Include no more than 15 comma-separated entries in the list.
Specify IP address ranges, rather than individual IPs, whenever possible.
Example: What Can
Happen when a
Server IP is not in
the Internal Address
List
An appliance monitors the application MyExtApp. The clients for MyExtApp are
included in the Internal Address list, but not the servers (Figure 2-2). If you open
an Applications table, you will see that the metrics for MyExtApp appear in the
reverse role from what is expected.
The Internal and External IPs are reversed: the MyExtApp servers are
External IPs, the clients are Internal IPs, and the metrics are shown in
relation to the clients.
An in-depth application analysis usually starts from the perspective of the
servers and then moves outward to the clients.
The role of clients and servers are reversed: MyExtApp metrics appear as
"[metric] (Clients)" rather than "[metric] (Servers)".
The throughput directions are reversed: for example,
"Throughput (Inbound)" measures traffic to the MyExtApp clients, not
the servers.
adm-2-82
Figure 2-2
Server IPs Not Included in Internal Address List
adm-2-83
By editing the Internal Address list to include the servers for MyExtApp, you
ensure that the MyExtMap metrics identify the roles (Clients, Servers) and
directions (Inbound, Outbound) correctly.
Figure 2-3
Server IPs Included in Internal Address List
Single Span Port
If the AppResponse Xpert appliance is attached to only one span port, the user
must select the single span port physical configuration during system
configuration as described in Step 4: Completing Setup using the Administration
> System Web Interface on page adm-2-126.
Dual Span Port
NoteIn dual span port mode, the monitoring interfaces used must be of the
same type (copper or fiber).
adm-2-84
If the AppResponse Xpert appliance is attached to two span ports, the user
must select the dual span port physical configuration during system
configuration as described in Step 4: Completing Setup using the Administration
> System Web Interface on page adm-2-126.
Copper/Fiber Tap
With a copper or fiber tap, the user must select the copper or fiber tap Monitoring
Interface(s) Speed/Duplex Setting during system configuration as described in
Step 4: Completing Setup using the Administration > System Web Interface on
page adm-2-126. In this configuration, traffic direction is not ambiguous since
the AppResponse Xpert appliance receives outbound and inbound packets
through different monitoring interfaces. As a result, the internal address list does
not need to be specified.
The following taps, supplied by Netoptics, have been qualified for use with
AppResponse Xpert equipment. Other equivalent devices should work as well:
NETOPTICS P/N: 96042-G-30: SX Gigabit Splitter Module, Multimode
62.5/125um, 70:30 split (for optical Ethernet)
NETOPTICS P/N NET-96135-RM: 100BaseT TX Tap (for copper Ethernet)
Network Placement Considerations

Many factors must be considered when choosing where to install the
AppResponse Xpert appliance within your network. In fact, identifying a target
location may be the most difficult part of setting up the appliance. Take the
following items in consideration when choosing the target location.
Network Coverage
The location of the AppResponse Xpert appliance dictates the traffic the
appliance is able to monitor. In general, the appliance is placed at a location of
network aggregation to maximize the monitored traffic. This often means that
the appliance is installed near a border/edge router. Select a network location
that allows the AppResponse Xpert appliance to monitor complete network
sessions, or install the appliance in a dual span port mode and monitor both
network paths.
Span Port Physical Configuration
If using the span port physical configuration, the appliance must be attached
directly to a device, typically a switch, supporting this feature. Each network
equipment vendor implements the span port feature differently, resulting in
different capabilities and limitations. However, all major vendors support basic
span port functionality.
adm-2-85
Traffic Volume
Select a network location that does not exceed the maximum traffic rate
supported by the AppResponse Xpert appliance. If this level is exceeded, a
fraction of the packets are dropped by the appliance. This reduces the accuracy
of collected metrics, but does not affect the network.
Traffic Symmetry
Asymmetric traffic occurs when traffic can take a different route between
endpoints in the incoming and outgoing directions. This condition often exists
within networks with redundant paths. However, the AppResponse Xpert
appliance cannot monitor traffic accurately if it is unable to monitor complete
network sessions. Under asymmetric conditions a number of traffic metrics
collected by the appliance are not measured accurately. Select a network
location that allows the AppResponse Xpert appliance to monitor complete
network sessions.
Modified Frame Formats
The AppResponse Xpert appliance supports frames from VLANs in 802.1Q

format.
The AppResponse Xpert appliance does not support frames in ISL format.
Ethernet jumbo frames are supported on the following appliance models only:
AppResponse Xpert-3170
For more information, contact Riverbed Technical Support.
Select a network location that does not include unsupported frame formats.
adm-2-86
Encryption, Tunneling and Encapsulation
The AppResponse Xpert appliance collects metrics by extracting information

from standard TCP/IP headers. Many network technologies modify the header
format through encryption or introduction of additional encapsulation headers.
Non-standard header formats affect the metrics collected by the
AppResponse Xpert appliance. The following sections discuss technologies
that obscure standard headers at various layers of the OSI protocol stack.
Layer 3 Header Obscurity (MPLS, PPPoE, etc.) These protocols insert an
additional header before OSI layer 3 (Network Layer - IP protocol). As a result,
the headers of the IP protocol (layer 3) and all layers above are not recognized
by the AppResponse Xpert appliance. Traffic of this type is not recorded. Select
a network location that reduces or eliminates traffic of this type.
Layer 4 Header Obscurity (IPSEC, GRE, PPTP, GTP, etc.) These protocols insert
an additional header before OSI layer 4 (Transport Layer - TCP/UDP protocol).

As a result, the layer 4 protocol is not recognized. The AppResponse Xpert
appliance is only able to identify the source, destination and utilization (bytes
sent and received) for these protocol.
Obscurity Above Layer 4 (SSL, TLS, SHTTP, etc.) These protocols encrypt data
above the transport layer and do not impact data collected by the
AppResponse Xpert appliance.
Network Address Translation
The AppResponse Xpert appliance identifies the source and destination for
each packet based on the addresses in the IP header. Network address
translation, a procedure common in firewalls, load balancers and proxies,
replaces the original address with the IP address of an intermediary device. As
a result, all network sessions appear to originate from the network address
translation device rather than the actual originating device. If this is a concern,
select a network location before network address translation occurs.
Security
The AppResponse Xpert appliance monitoring interfaces operate in

promiscuous mode. These interfaces are only used to record traffic. The
interfaces cannot send traffic, nor are they assigned an IP address. It is safe to
connect these interfaces to a network segment outside a firewall.
The management interface of the AppResponse Xpert appliance is used for
general purpose communications and should be connected to a network
segment protected against direct access from the outside world.
Additional Information
The following sections provides addition background information on
AppResponse Xpert appliance configuration and behavior.
adm-2-87
BGP and the AppResponse Xpert Appliance
Configuring the AppResponse Xpert appliance to be a BGP peer is optional. If

this configuration is not completed, the ISP AS, Peer AS and Dest CIDR groups
are not available within the AppResponse Xpert Console. Similarly, the
Trans-ISP Round Trip Time and ISP Peering Point Round Trip Time metrics are
meaningless.
The AppResponse Xpert appliance can use BGP information to enhance the
data it collects. BGP information is used to determine which service providers
are used to reach a particular destination IP address. This information is
accessible in the AppResponse Xpert Console through the ISP AS, Peer AS,
and CIDR groups,.
In order to collect BGP information, the AppResponse Xpert appliance must
become a passive peer in the existing BGP mesh. Typically the appliance is set
up as a passive BGP peer to one of the border routers. You can find these
parameters on the Administration > System > Setup page. Contact Riverbed for
examples of configuring the AppResponse Xpert appliance within a typical
network.
Firewall Configuration
The AppResponse Xpert appliance uses a variety of ports for network

communications. The following sections describe the forms of network
communication between the AppResponse Xpert appliance and other devices.
Ensure that there are no firewalls or access control lists blocking access to the
network ports used by the appliance.
Internal and External Services External services are ports used by external
devices to communicate with the AppResponse Xpert appliance. Ensure that

external devices are able to connect to the AppResponse Xpert appliance on
these ports. The port numbers for these external services can be reassigned in
the security section of the web interface
adm-2-88
The following table lists the external services and the authorization controls
used to restrict access to these ports.
Table 2-1 External Services and Authorization Controls
External
Service
Transport
and Port
SNMP
HTTP
Authorization
Description
UDP 161
Open. The default

SNMP community
string can be
changed through the
Administration >
System web
interface.
The SNMP service provides read-only access to the

AppResponse Xpert SNMP MIB. The appliance supports
only SNMP GET access, it cannot be configured through
SNMP. Riverbed recommends using an external security
mechanism (e.g. firewall, ACLs) to protect this port from
undesired access. Alternatively, the SNMP service can be
disabled through the Administration > System web
interface.
TCP 8080
Open.
The Administration > System web interface is accessed

using the HTTP and HTTPS services. Access is not
restricted by IP address. A valid user with a password can
log into the web interface from any IP address. Use an
external security mechanism to restrict access if desired.
When the web interface connection is received using the
HTTP protocol, it transparently redirects the session to use
HTTPS. Depending on desktop security settings, The
browser immediately presents the user with a Certificate
Verification dialog. This occurs because the
AppResponse Xpert appliance sends a self-signed
certificate that the browsers cannot verify against an
external certificate authority.
HTTPS
TCP 8443
Password required.
See HTTP service.
BGP
TCP 179
Password required
and access restricted
to the IP address of
the BGP peer
configured in the web
interface. This port
shows up on scans,
but connections from
IP addresses other
than the BGP peer
are rejected by the
BGP application.z
The BGP service establishes a peer session with an

external BGP speaker.
(not applicable to the

Domain Director)
adm-2-89
Table 2-1 External Services and Authorization Controls (Continued)

External
Service
Transport
and Port
BGP-VTY (not
applicable to the
Domain Director)
SSH
Authorization
Description
TCP 3605
Password required
and access restricted
to the IP address of
the BGP peer
configured in the
Administration > web
interface. This port
shows up on scans,
but connections from
IP addresses other
than the BGP peer
are rejected by the
BGP-VTY
application.
The BGP-VTY service is used by the appliance to manage

the BGP service.
TCP 22
Password required.
The SSH service is used for a variety of communications:

Provide remote access to the appliance command line
interface
All communication between the AppResponse Xpert
Console and the appliance
UDP 123
Open.
The NTP service is used to synchronize the

AppResponse Xpert appliance clock with an external time
source.
Netflow
UDP 9996
(inbound)
Open.
The port on which the AppResponse Xpert appliance

receives Netflow packets from enabled routers and
switches.
AppTransaction Xpert
Capture Manager
TCP 27401
Open
The port that the op_capture_server service uses to

communicate with the AppTransaction Xpert Capture
Manager running on a remove device.
NTP
1. The port number for this service cannot be changed.
adm-2-90
Internal services are ports used by the AppResponse Xpert appliance for
interprocess communication. The following table lists the internal services and
the authorization controls used to restrict access to these ports.
Table 2-2 Internal Services and Authorization Controls
Internal
Service
Transport
and Port
NPlog
MySQL
Authorization
Description
TCP 4999
Access is restricted to the IP

address of the
AppResponse Xpert
appliance.
The NPlog service is used to aggregate log messages (e.g.

status information, errors) from all the appliance processes.
TCP 3306
Password required. Access is

restricted to the IP address of
the AppResponse Xpert
appliance.
The MySQL service provides access to the internal MySQL

database.
Traceroute (not applicable to the Domain Director) The AppResponse Xpert
appliance can be configured to run traceroutes to selected IP addresses

manually or automatically. These traceroutes can either use TCP or ICMP
packets. To permit this operation, which is necessary for the topology tool and
other functions, firewalls must be configured to allow the following:
Inbound (AppResponse Xpert appliance is the destination)
ICMP mode
ICMP time-exceeded, unreachable, and echo-reply must pass
TCP mode
ICMP time-exceeded and unreachable must pass
TCP RST must pass, with destination port 80 and source ports between
3200 and 63999
If TCP state information is being stored in the firewall, then the RST must
be allowed to pass even though no connection initiation has occurred
(three-way handshake)
Outbound (AppResponse Xpert appliance is the source)
ICMP mode
ICMP echo-request must pass
TCP mode
TCP SYN must pass, with source port 80 and destination ports between
3200 and 63999
If TCP state information is being stored in the firewall, then connection
initiation must be allowed from the AppResponse Xpert appliance side.
adm-2-91
Installation Preparation Sheet

Use the following preparation sheet to collect required configuration information
before starting the installation. Riverbed recommends that you print a copy of
this page, write down all required information, and retain the hardcopy for future
reference.
Table 2-3 Installation Preparation Sheet
Hostname
NoteThe hostname assigned to the
AppResponse Xpert appliance should be
added to the DNS servers.
Domain Name
IP Address
Netmask
Default Router Address (aka gateway)
DNS Server Address(es)
NTP Server Address(es)
NoteThis configuration parameter is
optional, but strongly recommended. See
NTP Servers on page adm-2-129 for more
information on using public NTP servers.
Peer Router Name 1
Peer Router IP Address 1
Appliance AS Number 1
Peer Router AS Number 1
Last Internal AS Number 1
1. The AppResponse Xpert appliance establishes a BGP peering session with a border router in order to learn the BGP route table. This information is used
to construct the ISP AS, Peer AS and Dest AS groups. These parameters are optional.
adm-2-92

After youve determined the appropriate location in your network for the
AppResponse Xpert appliance installation, follow the steps to perform physical
installation, wiring and configuration of the appliance (these steps are outlined
in Installing an AppResponse Xpert Appliance: Workflow Description on
page adm-2-118). It is recommended that you read through the installation
instructions prior to beginning installation and again while performing
installation.
AppResponse Xpert Appliance Material Inventory

Before physically installing and wiring the AppResponse Xpert appliance,
examine the appliance back panel and the items shipped with the appliance to
familiarize yourself with the system. The following sections walk you through
wiring of the appliances power, serial port, management network interface and
monitoring network interfaces. The management interface is used for general
purpose communication and must be connected to a network segment that
allows it to communicate with end-user desktop machines. The monitoring
interfaces are used to collect data passively and must be connected to a span
port or copper/fiber tap.
NoteDo not discard the original shipping carton or packing materials. They
are required for all returns and exchanges or the warranty is void.
For the directory material inventory, see Director Material Inventory on
page hwi-2-68.
adm-2-93
AppResponse Xpert-1200 Appliance
The following figure shows the back panel of an AppResponse Xpert-1200

appliance. For more information, see Back Panel Ports on page adm-2-114.
Figure 2-4 Back Panel of AppResponse Xpert-1200
Monitoring interface ports:
N/A 3
serial port
serial port
video port
adm-2-94

adm-2-95

Monitoring interface ports:
N/A 3
serial port
serial port
video port
adm-2-96

adm-2-97

adm-2-98

mouse
high-speed network
interfaces
keyboard
serial port B
management port
USB ports
VGA port
power supply
units
serial port A
adm-2-99
The following figure shows the back panel of an AppResponse Xpert-3200 and
AppResponse Xpert-3700 appliance. For more information, see Back Panel
Ports on page adm-2-114.
port #4
port #3
port #2
port #1
serial port
management port
VGA port
monitoring ports
power
USB ports
adm-2-100

monitoring ports:
port #4
port #3
port #2
port #1
power supply units
management
port
VGA port
serial port
adm-2-101
The following figure shows the back panel of an AppResponse Xpert-3200 and
AppResponse Xpert-3700 appliance. For more information, see Back Panel
Ports on page adm-2-114.
port #4
port #3
port #2
port #1
serial port
management port
monitoring ports
power
VGA port
USB ports
adm-2-102

monitoring ports:
port #4
port #3
port #2
port #1
power supply units
management
port
VGA port
serial port
adm-2-103
AppResponse Xpert-4100 (1G) Appliance
The following figure shows the back panel of an AppResponse Xpert-4100 (1G)
Figure 2-14 Back Panel of AppResponse Xpert-4100 (1G)
port #1
port #2
port #3
port #4
Monitoring interfaces:
four (4) 1-Gigabit
Ethernet ports
adm-2-104
AppResponse Xpert-4100 (10G) Appliance

(10G) appliance. For more information, see Back Panel Ports on
page adm-2-114.
Figure 2-15 Back Panel of AppResponse Xpert-4100 (10G)
port #1
port #2
two (2) 10-Gigabit
Ethernet ports
adm-2-105

power
serial port
VGA
port
management port
adm-2-106
USB
ports
port #1
port #2
port #3
monitoring
ports
port #4

power
expansion
chassis port
serial port
VGA port
management port
port #1
port #2
port #3
monitoring
ports
port #4
adm-2-107

power
serial
port
VGA
port
management port
adm-2-108
port #1
port #2
USB ports
two (2) 10-Gigabit Ethernet ports

power
port #1
serial port
port #2
VGA port
management port
expansion
chassis port
two (2) 10-Gigabit Ethernet ports
adm-2-109

Management
port (left)
Ports for expansion chassis:

Connect ground
wire here Controller 2 (left) Controller 1 (right)
monitoring interfaces:
two (2) 10-Gigabit SFP+ ports
port #1
port #2
Serial port
VGA port
USB port
NoteYou must provide a permanent ground before connecting to the mains,

with a ground conductor (usually green colored wire), minimum 18AWG size
conductor, copper conductor only.
adm-2-110
AppResponse Xpert-4100-S16 Expansion Chassis
The following figure shows the back panel of an AppResponse Xpert-4100-S16

Expansion Chassis. For more information, see Procedure E-1 Connecting the
Appliance to One or More Expansion Chassis on page adm-E-199.
Figure 2-21 AppResponse Xpert-4100-S16 Expansion Chassis Back Panel
SAS Port A- top

SAS Port B - bottom
adm-2-111
AppResponse Xpert Expansion Chassis 200
The following figure shows the back panel of an AppResponse Xpert Expansion
Chassis 200. For more information, see Procedure E-1 Connecting the
Figure 2-22 AppResponse Xpert Expansion Chassis 200 Back Panel
SAS Expansion ports
SAS Port A- left

(In from appliance or previous Expansion Chassis)
adm-2-112
SAS Port B - right

(Out to next Expansion Chassis)
AppResponse Xpert Expansion Chassis 300
The following figure shows the back panel of an AppResponse Xpert Expansion
Chassis 300. For more information, see Procedure E-1 Connecting the
Figure 2-23 AppResponse Xpert Expansion Chassis 300 Back Panel
Connect top port to

Controller 2 (left) on 6000 appliance
Connect bottom port to

Controller 1 (right) on 6000 appliance
expansion chassis port on 5100 appliance
expansion chassis port on 4300 appliance
adm-2-113
Back Panel Ports
The AppResponse Xpert appliance back panel includes the following ports:
AC powerFor more information, see the specifications sheet for your
specific appliance.
Serial portRJ45 or DB-9
Management InterfaceRJ45 1Gb Ethernet
1 Monitoring interfaceRJ45 (copper) 10/100/1000 Mbps Ethernet (included
for 2200)
2 Monitoring interfacesRJ45 (copper) Gigabit Ethernet (included for 2100,
3100 and 3150)
2 Monitoring interfacesLC (fiber) Gigabit Ethernet (included for 2100 and
3100)
2 Monitoring interfacesLC (fiber) 10Gigabit Ethernet (included for 3150)
3 Monitoring interfacesSFP modules allowing copper or fiber 1Gigabit
Ethernet (included for 2200)
4 Monitoring interfacesSFP modules allowing copper or fiber 1Gigabit
Ethernet (included for 3170, 3200, 3300, 3700, 3800, 4100-1G, 4200, and
4300)
2 Monitoring interfacesXFP modules allowing SR or LR 10Gigabit Ethernet
(included for 4100-10G and 5000)
2 Monitoring interfacesSFP+ modules allowing SR or LR 10Gigabit
Ethernet (included for 5100 and 6000)
SVGA video port (to optionally connect a monitor)
Keyboard port to optionally connect a keyboard. Included on older appliance
models only. (For newer appliances, connect to the appliance using the CLI,
as described in Using the Command Line Interface on page adm-1-19).
adm-2-114
Front Panel Ports
The following diagrams show the buttons and LEDs on the AppResponse Xpert
appliance front panel:
Figure 2-24 AppResponse Xpert Appliance Front Panel
The AppResponse Xpert appliance front panel includes the following ports:
A: RJ45 NIC activity LED (see B on back panel)
B: RJ45 NIC activity LED (see H on back panel)
C: Power/sleep button
D: Power/sleep LED
E: Hard drive status LED
F: System status LED
G: ID LED
H: ID button
I: Reset button
J: USB connector
K: Nonmaskable Interrupt (NMI) button
L: SVGA video port (to optionally connect a monitor)
adm-2-115
Figure 2-25 Front Panel - 4100 / 4200 / 4300 / 5000 / 5100
Power Switch
HDD Tray Activity LED
LAN1 & LAN2 LED
USB 2.0 Port

System Reset
Button
Failure LED
Power LED
Alarm Mute Button
System HDD Activity LED
Figure 2-26 Front Panel - 6000
HDD Tray Activity LED
Power switch
Power LED
USB 2.0 Port
System HDD
LAN 2 (top)
LAN 1 (bottom)
Alarm Mute Button
System Reset Button
adm-2-116
Additional Items
The following items are included in the shipping carton for an

AppResponse Xpert appliance:
Appliance and front bezel
AC power cords. The number of cords differs depending on the appliance
model:
1 cord (1200 and 2200 appliances)
2 cords (3170, 3200, 3300, 3700, 3800, 4300, and 5100 appliances; 200
and 300 directors)
3 cords (4100, 4200, and 5000 appliances)
4 cords (6000 appliances)
4 1GbE SFP modules (3170, 3200, 3300, 3700, 3800, 4100, 4200, and 4300
appliances)
2 10GbE XFP modules (4100 and 5000 appliances)
2 10GbE SFP+ modules (5100 and 6000 appliances)
Serial cable: DB-9 (female)<>RJ45 or DB-9<>DB-9
Rack mount assembly kit and instructions
Warranty paperwork and license
adm-2-117
Installing an AppResponse Xpert Appliance: Workflow Description

The following workflow provides a general outline of the tasks required to wire,
install and configure the AppResponse Xpert appliance. Each step refers to a
procedure detailed in the following pages.
Installation Procedure
Overview:
Step 1 - Rackmount
and Wire
Step 2 - Physical
Configuration
1) Rackmount and Wire

Rackmount the appliance and wire the electrical, serial port and
management network interface as described in Step 1: Rackmount and
Wire the AppResponse Xpert Appliance on page adm-2-119.
2) Physical Configuration
Step 3 - Initial Setup

Step 4 - Complete Setup
Wire the appliances monitoring interfaces using one of the following

procedures depending on the appropriate physical configuration for the
network.
a) Single Span Port or Dual Span Port:
Complete the steps described in Span Port Physical Configuration on
page adm-2-85
b) Copper or Fiber Tap:
Complete the steps described in Step 2b: Wiring for Copper/Fiber Tap
Physical Configuration on page adm-2-121.
3) Initial setup
Use the command line interface to perform initial configuration of the
AppResponse Xpert appliance, as described in Step 3: Initial Setup using
the CLI on page adm-2-123.
4) Complete setup
Use the Administration > System web interface to complete the
AppResponse Xpert appliance configuration Step 4: Completing Setup
using the Administration > System Web Interface on page adm-2-126
After this procedure is complete, AppResponse Xpert appliance configuration is
finished. Install the AppResponse Xpert Console on a desktop machine to
access data collected by the appliance.
adm-2-118
Step 1: Rackmount and Wire the AppResponse Xpert Appliance
Procedure 2-1 Rackmounting and Wiring the AppResponse Xpert Appliance

Overview:
Step 1 - Rackmount
and Wire
Step 2 - Physical
Configuration
1 Rackmount the AppResponse Xpert appliance at a location near the switch on

which the span port (or span ports) is configured. Follow the rack mount
instructions listed in the rack kit installation guide. This document can be found in
the small materials box that ships in the main AppResponse Xpert appliance
shipping carton.
2 Connect the female plug of the supplied AC power cord to the AC input port on the
back of the AppResponse Xpert appliance next to the power-supply fan, and then
connect the male plug of the power cord to a conditioned power outlet. If there are
redundant power supplies, plug every cord into an appropriate power outlet.
3 Connect to the AppResponse Xpert appliance in one of the following ways:
Use a terminal emulator program (such as hyperterm on Windows or tip on
UNIX).
Connect to the AppResponse Xpert appliance's serial port with the provided
serial cable. Use the following terminal-emulation settings: 115200 baud, no
parity, stop bit, and no flow control.
Use a cat5 ethernet cable that connects to a local network node using a static IP
address:
Connect the AppResponse Xpert appliance management ethernet port to a
local PC or laptop with a cat5 cable. The AppResponse Xpert appliance
comes pre-configured with a default static IP address of
192.168.119.119.
Set the network node to an address in the 192.168.119.x address space
(such as 192.168.119.1) with a subnet mask of 255.255.255.0.
Wait for a few minutes before you log in to the appliance. It is useful to ping
the AppResponse Xpert appliance to indicate when it is ready to accept a
login.
Use an SSH client (such as putty) to log into the AppResponse Xpert
appliance at 192.168.119.119.
Use a standard PC keyboard and video display monitor.
NoteThis option is not available on 3200, 3700, 4200, or 5000 appliances
because these models do not have a keyboard port.
NoteUSB keyboards are supported on 1200, 2200, 3300, 3800, 4300, 5100,
and 6000 appliance models only. On all other models, the USB ports are
disabled while the software is running.
Connect the keyboard cable to the purple keyboard port on back of the
Appliance. Connect standard 15 pin video monitor cable to 15 pin video
connector on the back of the Appliance. Connect this video cable to video
monitor and power on the video monitor.
adm-2-119
Nothing appears on the monitor or serial port console until the appliance is
powered on and is booted up, which occurs in the next procedure Step 3: Initial
Setup using the CLI on page adm-2-123.
4 If you are not using the static IP for setup, connect an RJ45 CAT 5 Ethernet patch
cable between the AppResponse Xpert appliance Management interface and a
switch or router.
5 With the rackmount and wiring complete, proceed to one of the following
procedures, depending on your physical configuration.
Procedure 2-2 Wiring for Span Port Physical Configuration on page adm-2-120
Procedure 2-3 Wiring for Copper/Fiber Tap Physical Configuration on
page adm-2-121
Step 2a: Wiring for Span Port Physical Configuration
Procedure 2-2 Wiring for Span Port Physical Configuration

Overview:
Step 1 - Rackmount and
Wire
Step 2 - Physical
Configuration
1 Configure a span port (or two span ports if both monitoring interfaces are used) on
the appropriate switch.
Consider spanning traffic in both directions so that the AppResponse Xpert
appliance can monitor all network traffic.
2 Connect the span port(s) to the AppResponse Xpert appliance:
NoteThe span port configuration and wiring of the monitoring interfaces can be
deferred until the remaining system configuration is complete. Keep in mind that
the appliance does not collect traffic until the span port is configured.
2.1 Connect the first span port to the AppResponse Xpert appliances first
monitoring interface:
For copper networks, use a standard RJ45 CAT 5E ethernet patch cable to
connect the span port to the RJ45 monitoring interface labeled 1.
For fiber networks, connect the span port to the monitoring interface labeled
1 using a fiber patch cable with an LC connector on the
AppResponse Xpert appliance side. In the event that an LC fiber patch
cable is not available, the AppResponse Xpert appliance includes an
LC/SC fiber patch cable and SC/SC female adapter.
2.2 (Optional) Connect the second span port to the AppResponse Xpert
appliances second monitoring interface. NOTEthe second monitoring
interface must be of the same type (e.g., copper) as the first monitoring
interface.
For copper networks, use a standard RJ45 CAT 5E ethernet patch cable to
connect the span port to the RJ45 monitoring interface labeled 2.
adm-2-120
For fiber networks, connect the second span port to the monitoring interface
labeled 2 using a fiber patch cable with an LC connector on the
AppResponse Xpert appliance side. In the event that an LC fiber patch
cable is not available, the AppResponse Xpert appliance includes an
LC/SC fiber patch cable and SC/SC female adapter.
3 With the span port configured and the wiring of the monitoring interfaces complete,
proceed to Step 3 of the installation procedure (Step 3: Initial Setup using the CLI
on page adm-2-123).
Step 2b: Wiring for Copper/Fiber Tap Physical Configuration
Procedure 2-3 Wiring for Copper/Fiber Tap Physical Configuration

Overview:
Wire
Step 2 - Physical
Configuration
1 Install the copper or fiber tap into the network segment carrying the traffic to be
monitored.
Refer to the installation instructions provided with the tap.
2 Connect the tap port facing the internal network to the first monitoring interface.
NoteConsider installing the copper or fiber tap before installing the
AppResponse Xpert appliance when it has the least detrimental effect on traffic.

For copper networks, connect the monitoring interface labeled 1 on the

AppResponse Xpert appliance to the tap port facing the internal network.
For fiber networks, connect the monitoring interface labeled 1 on the
AppResponse Xpert appliance to the tap port facing the internal network.
3 Connect the tap port facing the internal network to the second monitoring interface.
For copper networks, connect the monitoring interface labeled 2 on the
AppResponse Xpert appliance to the tap port facing the external network.
For fiber networks, connect the monitoring interface labeled 2 on the
AppResponse Xpert appliance to the tap port facing the external network.
4 With the wiring of the copper/fiber tap and the monitoring interfaces complete,
proceed Initial Setup Using the CLI on page adm-2-123.
adm-2-121
Configuring the Appliance

With the physical connections for the AppResponse Xpert appliance complete,
the initial appliance configuration must be performed using one of the methods
described in step 3 of Procedure 2-1 on page adm-2-119. Once this is
complete, the final appliance configuration is done using the web interface.
Command Line Interface

The AppResponse Xpert appliance requires minimal initial configuration; you
must access the command-line interface (CLI) using the appliances serial port,
static IP address, or keyboard/monitor (as described in Step 3: Initial Setup
using the CLI). There you can set the appliance host name, domain name, IP
address, netmask, and the default gateway for the management interface.
The command line interface also provides functionality to set the date, ping and
traceroute arbitrary destinations, check the status and statistics of all network
interfaces, run diagnostics reports and view the error log. These functions are
not required during the initial configuration procedures.
NoteA number of free SSH clients, such as Teraterm and putty, are available
for Windows.
After youve set the basic network parameters using the CLI, you can then
access the CLI over the network by using SSH to login to the appliance. You
can also access the Administration > System web interface to complete the
system configuration (as described in Step 4: Completing Setup using the
Administration > System Web Interface on page adm-2-126).
In general, the CLI should only be used to configure network parameters at
install time. All subsequent changes to network parameters should be
performed using the web interface.
adm-2-122
Step 3: Initial Setup using the CLI
Procedure 2-4 Initial Setup Using the CLI

1 Press the power switch on the front of the AppResponse Xpert appliance to turn
the appliance on. Watch the serial port console for any error messages during the
boot process.
2 The login prompt appears approximately 2 minutes after the appliance is turned
on. Type admin and press Enter.
Overview:
The initial CLI login is admin with either a null password or an initial password of
npadmin.The admin login has administrative privileges and can be used to create
additional CLI logins as well as web interface logins.

Wire
While using the CLI, you can view the list of available commands by typing:
commands
Step 2 - Physical
Configuration
3 At the password prompt, press Enter. If this does not work, enter npadmin and
press Enter.
NoteIf you are able to log in without a password, you must specify a password
now.
To specify or change the password, do the following:

3.1 At the prompt, type passwd, then press Enter.
3.2 At the Old Password prompt, do one of the following based on your results
in step 3:
Press Enter (null password)
Enter npadmin and press Enter
3.3 At the New Password prompt, enter a password and press Enter (you need
to do this twice for confirmation).
4 To display the system configuration menu, at the prompt type setup, and then
press Enter.
5 To begin the interactive system configuration, at the setup prompt type config,
and then press Enter.
6 For each of the following parameters, type the appropriate value.
adm-2-123
CautionIP Address, Netmask, and Gateway changes may affect the visibility of
this system on the network.
Table 2-4 Required Parameters for the Setup Appliance
Parameter
Value Description
Hostname
Type the host name for the system. Enter the hostname only, do not
include the domain name. The hostname must be under 63 characters
long, contain only letters, digits, or dashes, and start with a letter and end
with either a letter or digit.
IP Address
Type the IP address for the management interface.
Netmask
Type the netmask for the management interface.
Default Gateway
Type the primary gateway IP address used by the management interface

to reach other networks.
Domain
Type the default, fully qualified domain name for the system used during
DNS resolution. Do not include the hostname. Each portion of the
domain name must be under 63 characters long, contain only letters,
digits, or dashes, and start with a letter and end with either a letter or
digit.
End of Table 2-4
CAUTIONThe CLI should only be used to set the network parameters at install
time. All subsequent changes should be performed using the Administration >
System web interface.
7 Verify your new settings: At the setup prompt, type showall and then press
Enter.
8 To save the changes if the settings are correct, at the setup prompt type commit
and then press Enter.
9 Because these changes require a restart to take effect, when you are asked if you
want to restart the system, at the setup prompt type yes and then press Enter.
If the login prompt appears approximately two to three minutes after you reboot
the system, the reboot process is complete.
To quit the CLI without rebooting, type no at the reboot prompt, and then type quit
and press Enter.
10 With the initial setup of the appliance finished, proceed to Step 4a of the installation
procedure (Step 4: Completing Setup using the Administration > System Web
Interface on page adm-2-126).
NoteIf this is a first time installation, be sure to read the next section for
information on how to access the web interface (Accessing the Administration >
System Web Interface).
adm-2-124

After you install the AppResponse Xpert appliance hardware and set it up using
the command line interface, start the web interface to finish setup
The web interface is used to complete the configuration of the appliance. The
web interface allows you to change the same parameters as in the initial CLI
configuration host name, domain, IP address, netmask, and default
gatewayplus it allows you to configure additional parameters including
physical configuration, DNS, NTP, and BGP.
Changes to network parameters may affect the visibility and accessibility of the
system on the network. If you are no longer able to access the system on the
network, use the CLI from the serial port to enter appropriate network settings.
Some changes made using the web interface require a restart to take effect.
Accessing the Administration > System Web Interface
If you have never accessed the web interface before, follow these steps.
Key ConceptTo successfully connect to the web interface you must be able
to access the AppResponse Xpert appliance from your desktop machine via
TCP ports 8080 and 8443.
Procedure 2-5 Accessing the Web Interface

1 Start a web browser and go to the appliance web interface by opening one of the
following URLs:
http://<appliance_hostname>:8080
http://<appliance_ip_address>:8080
This automatically redirects the browser to a secure (SSL) connection on TCP port
8443.
The browser may display the certificate validation popup window. Accept the
certificate to proceed to the Login page.
NoteIt takes approximately 5 to 10 minutes after the appliance is rebooted for
the web interface to be available.
2 At the Login page, enter your AppResponse Xpert appliance Username. During
initial set-up, log into the appliance using the admin account.
3 Type the AppResponse Xpert appliance Password for the user account.
4 Click Login.
If the username and password supplied were valid, the main page of the Web
Console appears.
adm-2-125
5 Choose Administration > System in the Web Console sidebar.

The Administration > System web page provides a brief overview of the
functionality available within this interface. It also displays the name and access
rights of the user account used to access the web interface.
Step 4: Completing Setup using the Administration > System Web Interface
Procedure 2-6 Completing Setup Using the Web Interface

1 After installing the AppResponse Xpert appliance hardware, from within the web
interface on the system tab, click setup.
Overview:
Figure 2-27 System > Setup PageWeb Interface

Wire
Step 2 - Physical
Configuration
Step 4 - Complete
Setup
2 Under Network Configuration Settings, verify the network parameters that were set
during the initial CLI configuration (as described in Step 3: Initial Setup using the
CLI on page adm-2-123):
Host Name
adm-2-126
Netmask
Domain
Gateway
IP Address
CAUTIONIP Address, Netmask, and Gateway changes may affect the visibility
of this system on the network.
3 From the Management Interface Speed/Duplex Settings drop-down list, select the
management network interface cards mode of operation (or media type) used for
communication. Note the following:
If the switch port to which the management port is connected is forced to a
specific speed or duplex setting, the management interface media type must be
configured to the same settings; otherwise, select autoselect.
The Administration > System > Setup web page displays the speed/duplex
settings and current status of the management and monitoring interfaces. The
management interface speed/duplex is set to autoselect by default. However, the
speed/duplex settings should be configured to the same value set on the
router/switch port.
Changes to the Management Interface settings may greatly affect the
responsiveness of the system.
4 (Optional) Configure the duplicate packet filter.
Under Physical Configuration, by default, the duplicate packet filter is enabled. The
appliance may receive multiple copies of the same packet.
In certain network configurations, the AppResponse Xpert appliance may receive
duplicate frames. For instance, if a span port is configured to mirror both inbound
and outbound traffic flow, packets between machines being spanned is sent to the
appliance twice. The appliance can be configured to detect and ignore these
packets using the duplicate packet filter.
Riverbed strongly recommends that the AppResponse Xpert appliance is deployed
in a manner such that duplicate packets are minimized or avoided altogether. Even
though the AppResponse Xpert appliance is capable of filtering duplicate packets,
the increased number of packets received and processed by the
AppResponse Xpert appliance can be very detrimental to overall system
performance.
NoteThe appliance must be rebooted before changes to the duplicate packet
filter take effect.
5 Under Domain Name Servers, type the DNS Server IP addresses used by the
AppResponse Xpert appliance to perform network IP address resolution (one
server address per line). Configure this option to see a fully qualified domain name
in the Console (instead of IP addresses).
adm-2-127
6 (Optional) Under Border Gateway Protocol Settings, enter the following settings to
give the AppResponse Xpert appliance access to BGP information required to map
IP addresses to AS numbers:
NoteYou can set the BGP Mode to Inactive if you do not have access to a BGP
router or you do not want to enter this information at this time.
Set the BGP Mode to Active to enable the AppResponse Xpert appliance to
exchange routing information with a border router -or- Inactive to terminate the
AppResponse Xpert appliances exchange of routing information with a border
router.
Enter the hostname of the router under Peer Router Name.
Enter the IP address of the router under Peer Router IP Address.
Under Appliance AS, type the autonomous system number (from 1 to 65535) of
the network in which the AppResponse Xpert appliance is located.
Under Peer Router AS, type the autonomous system number (from 1 to 65535)
of the network in which the border router is located.
Under Last Internal AS, type the autonomous system number of the router at the
border of your network. All AS numbers before this are not displayed in the traffic
report. As a result, the ISP AS number is identified as the 1st Hop after the Last
Internal AS.
The border router must also be configured to allow BGP peering with the
AppResponse Xpert appliance.
7 Under Internal addresses, enter the internal address list. This is a list of IP
addresses within the local network. The AppResponse Xpert appliance uses this
list to determine the direction of traffic flow (inbound or outbound) for the Total
Traffic group. Inbound and Outbound for all other groups are relative to the group
(as described in Physical Configurations on page adm-2-80).
NoteTo ensure accurate results, you must include all server IPs for all Server
Applications and Web Applications in the Internal Addresses list (Administration >
System > Setup page). This ensures that the Applications Table shows the IPs for
that application correctly (Internal IPs ==> [clients] and External IPs ==> [servers]).
The default setting for the Internal Address List is all private address ranges:
10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
8 Under Time Settings, enter the following:
Local Time Zone in which the AppResponse Xpert appliance is used.
Network Time Protocol (NTP) Servers used by the AppResponse Xpert
appliance to synchronize its clock (entered as one server address per line).
9 Set up hardware and software alerts on the appliance. For more information, see
Alerts on page adm-1-48 of AppResponse Xpert Administrators Guide.
NoteTo improve uptime, Riverbed strongly recommends that you set up
hardware and software alerts on all your AppResponse Xpert appliances.
adm-2-128
NTP Servers
To prevent clock drift and to ensure that AppResponse Xpert appliance time
matches the time on other systems, it is strongly recommended that the
AppResponse Xpert appliance clock be synchronized with a known time source
using the NTP protocol. Public NTP servers are available if your organization
does not have internal servers. The IP address of the NTP server should always
be used rather than its hostname. Refer to the Public NTP Server List on
http://www.ntp.org/ for a complete list of public NTP servers and access
policies.
NoteThe system automatically restarts the AppResponse Xpert appliance if

necessary.
Procedure 2-7 Configuring the NTP Server List

1 Under history, the System Log displays details about all configuration changes,
restarts, and shutdowns that have occurred on the system. Review the system log
for any errors that may have occurred during the initial configuration.
2 Scroll down the page (if necessary), and then click Apply to save the configuration
settings.
TIPWhenever you change settings, consider backing up the system
configuration.
Quitting the Web Interface
With the web interface running, click logout at the top of the page (see
Accessing the Administration > System Web Interface on page adm-2-125).
Installation and Configuration Complete
Now that the AppResponse Xpert appliance has been rackmounted and
configured, the AppResponse Xpert Console can be installed on a desktop
machine. Please refer to Installing the Desktop Console on page ug-2-28 of the
AppResponse Xpert User Guide.
NoteYou can log in again at any time (as described in Accessing the
Administration > System Web Interface on page adm-2-125).
If you close the browser window without clicking logout, the web interface does
not allow that user account to make administrative changes for 30 minutes. The
admin user is exempt from this rule.
adm-2-129
Updating the Software

Your AppResponse Xpert appliance might not have the latest version of
AppResponse Xpert software installed. It is good practice to check the Riverbed
Support Center periodically and make sure that you have the most recent
AppResponse Xpert software release. To do this, go to
www.riverbed.com/support and navigate to the Software & Documentation
page for AppResponse Xpert.
Safety Warnings
Heed Safety
Instructions
System Power
On/Off
Before working with your AppResponse Xpert appliance, whether you are using
this guide or any other resource as a reference, pay close attention to the safety
instructions. You must adhere to the assembly instructions in this guide to
ensure and maintain compliance with existing product certifications and
approvals.
WarningDisconnect all power before servicing.
AttentionDbrancher toute alimentation lectrique avant manipulation.
The power button DOES NOT turn off the system AC power.
To remove power from system, you must remove all AC power cords from the
wall outlet.
Battery
The lithium battery on the server board powers the real time clock (RTC) for up
to 10 years in the absence of power. When the battery starts to weaken, it loses
voltage, and the server settings stored in CMOS RAM in the RTC (for example,
the date and time) may be wrong. If you believe this situation is occurring,
contact your customer service representative. The battery is not user
serviceable. The RAID Controller Cards might contain a battery that is not
serviceable.
WARNINGRISK OF EXPLOSION IF BATTERY IS REPLACED BY AN
INCORRECT TYPE.
WARNINGDISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS.
Important Notes about Installing, Connecting, and Rebooting

AppResponse Xpert Appliances
Administrators and users should understand and follow these guidelines to
ensure optimal performance of AppResponse Xpert appliances.
This section discusses the following topics:
Placing and Installing the Appliance on page adm-2-131
adm-2-130
Connecting Fiber Ports for Monitoring Interface on the Appliance on

page adm-2-132
Guidelines for Powering Down or Rebooting an AppResponse Xpert
Appliance on page adm-2-134
Placing and Installing the Appliance

WARNINGTo ensure against hardware damage, you must install the
high-storage appliance in a physical location that
Has a temperature that is normally less than 30C/86F
and never exceeds 35C/95F
(ideally, the temperature should not exceed 25C/77F)
Provides significant airflow across the front of the appliance
adm-2-131
Connecting Fiber Ports for Monitoring Interface on the Appliance

The following figures are included to illustrate the correct fiber port connectivity
for monitoring interfaces on high-end-storage appliances.
Figure 2-28 shows fiber port allocations on the 4100 model AL-4100-2S10X and
ARX-5000
Figure 2-28 Fiber Port Allocations on 4100-2S10X (2x10GbE) and 5000 Appliances
Transmit Receptacle
Receive Receptacle #1
Transmit Receptacle
Figure 2-29 shows fiber port allocations on the 4100-4S01X, 4200, and 4300
appliance models.
Figure 2-29 Fiber Port Allocations on 4100-4S01X (4x1GbE) and 4200 Appliances
Transmit Receptacle
Transmit Receptacle
Port #3 (copper SFP - example)
Port #4 (copper SFP - example)
adm-2-132
Figure 2-30 Fiber Port Allocations on 3300 and 3800 Appliances

port #4
port #3
port #2
port #1
Figure 2-31 Fiber Port Allocations on 5100 and 6000 Appliances
Transmit Receptacle #1
Transmit Receptacle #2
adm-2-133
Guidelines for Powering Down or Rebooting an AppResponse Xpert Appliance

Follow these guidelines when rebooting the appliance:
Recommended reboot methods:
Reboot from the CLI. For more information, see the following:
AppResponse Xpert Administrators Guide >
Administration and Maintenance >
Using the Command Line Interface >
Accessing the Command Line Interface
Reboot from the web interface. For more information, see the following:
Acceptable power-down method:
Press the power button on the front panel, then release quickly (in less
than two seconds).
WARNINGDo not power down the appliance using either of the following
methods unless it is absolutely necessary:
Press the power button on the front panel for an extended period
Unplug the appliance
NoteWe recommend that you print out a copy of this page and then post the
hardcopy in a prominent location near the appliance.
adm-2-134
3Verifying Appliance Operations
Verifying Appliance Operations

The following system tests ensure that your AppResponse Xpert Appliance
configuration, services, and operations are functioning properly:
AppResponse Xpert Appliance on page adm-3-136
Verifying Diagnostic Reporting, SNMP, and Backup Server Configuration on
page adm-3-138
Desktop Console on page adm-3-139
Consider running these tests during or after the initial installation and before
operational deployment. Of course, you can also run these tests at any time to
troubleshoot issues or after future reconfigurations of your appliance.
adm-3-135
AppResponse Xpert Appliance

Log in to CLI mode using either the serial interface or an ssh secured
connection. To display the following list of CLI commands, at the prompt type
commands, and then press Enter.
NPinstallcf
host
ping
alertdir
hostname
quit
core-bundle-create
ifconfig
reboot
core-bundle-delete
iostat
release-current
date
ipas-add-private-ips
release-list
df
ipas-display-private-ips
release-update
diag-bundle-create
ipas-undo-private-ips
setup
diag-bundle-delete
mailmgr
stty
dmq
man
sync
exit
netstat
traceroute
fset
nslookup
uptime
halt
ntpq
viewlog
help
passwd
To view documentation about a command, type man <command name>, and

then press Enter.
Checking Time and Date

If the time is incorrect, check your NTP server address and time zone settings
using the Administration > System Web Interface. If you have a large time
difference (such as more than 2 minutes), consider rebooting your
AppResponse Xpert Appliance to correctly set the time. Smaller time
differences are automatically resolved by NTP slews over several days.
WARNINGBe sure to use the -q option for query only.

To display the local time setting, at the prompt type date, and the press Enter.
adm-3-136
To see the time difference between the AppResponse Xpert Appliance and a
Unix system with an NTP time source, at the prompt type ntpdate -q
<server name>, and then press Enter. The offset should be less than 2
seconds. If more than 2 seconds, reboot the appliance to synchronize time with
your NTP server.
Verifying Ethernet Configuration

To verify Ethernet configuration, at the prompt type ifconfig, and then press
Enter. Verify that the IP address and speed/duplex setting are correct for
fxp0the management interface.
The ifconfig output refers to the monitoring interfaces using the following names:
The copper monitoring interface labeled 1 is referred to as interface em2.
The copper monitoring interface labeled 1 is referred to as interface em3.
The fiber monitoring interface labeled A is referred to as interface em0.
The fiber monitoring interface labeled B is referred to as interface em1.
Check the status of the network interfaces in the Administration > System Web
Interface. The status of active indicates that the speed/duplex setting is correct.
The status of no carrier indicates a bad hardware connection.
To display a 1-second traffic report for any interface, at the CLI prompt type
netstat -I <interface-name> 1 (e.g., netstat -I em2 1), and then
press Enter. To terminate reporting, press Ctrl+C. You should see the number
of packets seen by that interface every second. If traffic is not flowing, check the
status of the Ethernet traffic ports as described above.
adm-3-137
Verifying Diagnostic Reporting, SNMP, and Backup Server Configuration

To complete each of the following items, first start the web interface
Administration > System Web Interface:
Verifying that Manual Diagnostic Reporting is Operational
Verifying that SNMP is Operational
Verifying Backup Server Configuration
Verifying that Manual Diagnostic Reporting is Operational

If you are able to successfully generate a manual diagnostics report, then the
AppResponse Xpert Appliance diagnostics process is functioning properly. A
problem generating the diagnostics report would indicate that the appliance may
be having trouble monitoring its own heath. Run a manual diagnostics report by
clicking the web interface Diagnostic menu, and then click bundles (see Bundles
on page adm-1-45). Your Riverbed support engineer can interpret the
diagnostics report with you.
If you cannot generate a report, reboot the AppResponse Xpert Appliance, and
then try to generate another report. Under manual, type your email address in
the Manual Reports Targets box, click mail, and then click Apply.
Verifying that SNMP is Operational

For traps, on the web interface System tab, click snmp. Next to Traps, select On
to enable sending of SNMP traps to the primary and secondary Network
Operations Center (NOC). Under Primary NOC, type your destination SNMP
manager Host Name IP address, Port number, and Community string. Under
Heartbeat Traps next to Send heartbeat traps, click On. In the Interval box,
type 60. Within 60 seconds, you should receive an SNMP trap from the
AppResponse Xpert Appliance with Heartbeat and Normal SNMP trap variable
binding strings with OID string values. If this does not work, verify that the Host
Name, Port, and Community values match your SNMP manager settings.
(Remember to turn off heartbeat traps if you do not want to display them.)
For SNMP MIB browsing, point any MIB browser to the AppResponse Xpert
Appliance. (The default is port 161 with a public community.) Execute a SNMP
get request to any MIB-2 system OID. A data response indicates that the
SNMP agent is operating. If you cannot gain access, check the port settings to
verify that they match your MIB browser by clicking the web interface security
menu, and then clicking ports.
Verifying Backup Server Configuration

In the web interface Backup tab select servers, then click the edit icon at the
right of the backup server whose configuration you want to verify. Click
Test connection to test the connection and perform a test write. For more
information, see Defining a Backup Server on page adm-5-153.
adm-3-138
Desktop Console
Download and set up the Desktop Console, and then either create or open a
project (see Installing the Desktop Console on page ug-2-28 of the
AppResponse Xpert User Guide).
Viewing Traffic Flow

From within the Desktop Console, click Select Time and choose the Recent
Hour time selection. Then open a group table and view the Total Traffic
group.The metrics displayed should be greater than zero if the
AppResponse Xpert Appliance is successfully monitoring traffic.
Verifying Desktop Time and Date

From within the Desktop Console, invoke the Time Selection dialog. Verify that
the AppResponse Xpert Appliance and desktop times and date toward the top
of the window are correct. (They may differ if your client desktop is in a different
time zone than the AppResponse Xpert Appliance.) Your client time is your
desktop computer time and date. If the Client is 10 Minutes Behind the
AppResponse Xpert Appliance message displays, consider correcting your
local computer time setting.
Verifying that DNS is Operating on the Desktop

From within the Desktop Console, open a Top Traffic table and select the IP
Address group. Make sure that the Information column is included in the table
display. DNS is operational if any of the IP addresses listed are resolved to
hostnames in the Information column. If all columns are blank, either DNS name
lookups are not operational or none of the IP addresses listed in the table have
valid DNS hostnames. Check these results against the operating system's DNS
resolution tools (e.g., nslookup).
Verifying that BGP Peering is Operating

From within the Desktop Console, invoke a Groups table and view the ISP AS
groups. Then click Select Time to select a recent time period (such as the last
hour). The Group column should display an ISP AS other than Unknown. If the
rows are labelled ISP AS Unknown then BGP peering is probably not operating.
Verify that your BGP router is configured to peer with the AppResponse Xpert
Appliance. Also, check the BGP settings in the AppResponse Xpert Appliance
web interface, as described in Administration > System Web Interface on
page adm-2-125.
adm-3-139
Disk Alert Pop-Up Window in Desktop Console

The Desktop Console features a new pop-up window that appears when a disk
alert is generated. This window serves as a visible reminder to fix or replace the
disk.
Figure 3-1 Disk Alert Pop-Up Window in Desktop Console
NoteThe popup for a specific alert will continue to appear until an

Administrator manually deletes it from the appliance. After you resolve a disk
issue, it is good practice to delete the pop-up for that issue. The alert information
is still available under Administration > System > Diagnostic > Log Viewer.
Administrators can add custom information that might be useful to others that
log in to the appliancefor example, "WARNING: This Appliance is
scheduled to be down for maintenance from 1-2 pm, 04/29/14."
The following steps outline this workflow:
1) Click Edit.
2) Resize the window to see the full alert.
3) Edit the HTML text between the <body> and </body> tags with the
content you want displayed for that pop-up. Click Done/Edit to toggle
between edit and view mode.
4) Click Save to save the edited text on the appliance.
adm-3-140
4IPv6 Support
IPv6 Support
AppResponse Xpert now supports monitoring and analysis in IPv6
environments. This section describes how to configure an AppResponse Xpert
appliance to monitor IPv6 networks and how to verify that the IPv6 feature is
functioning correctly.
Topics Covered:
How to Set Up IPv6 on an Appliance on page adm-4-142
Verify Appliance Performance on page adm-4-142
Enable IPv6 on the Appliance on page adm-4-142
Verify Appliance Health with IPv6 Enabled on page adm-4-144
What You Need to Know About IPv6 Support in AppResponse Xpert on
page adm-4-145
adm-4-141
How to Set Up IPv6 on an Appliance

Do the following:
1) Verify Appliance Performance on page adm-4-142
2) Enable IPv6 on the Appliance on page adm-4-142
3) Verify Appliance Health with IPv6 Enabled on page adm-4-144
Verify Appliance Performance

Before you enable IPv6 monitoring on an appliance that is already monitoring
an IPv4 network, you should make sure that the appliance can handle the extra
performance requirements needed to support IPv6 monitoring and analysis.
You can correct any issues that might be present before you enable IPv6 on the
appliance. You can check the health of an appliance by running the Appliance
Health Check insight. If you have the Netflow Health Check insight, you can run
that instead.
If the insights report that the appliance is running smoothly, enable IPv6 on the
appliance.
If the insight reports that there is one or more performance problems (indicated
in red), resolve the issues before you enable IPv6.
Enable IPv6 on the Appliance

Before you can use the IPv6 features of AppResponse Xpert, you must first
enable IPv6 support on the appliances that will be monitoring the IPv6 network.
Procedure 4-1 Enabling IPv6 Support on the Appliance
1 Open the AppResponse Xpert Web Console.
NoteThese steps can be done in the Web Console only.
2 Expand Administration and click System.
3 Expand System and click Advanced.
4 Under Advanced Data Collection Options, click the Enable IPv6 checkbox to select
it.
5 Click Apply to save the configuration then OK in the confirmation dialog box.
After the server restarts, the appliance will be able to collect and view IPv6
information.
adm-4-142
Figure 4-1 Enable IPv6 Checkbox
You can follow these links to specify additional IPv6

configuration information for the appliance.
System Configuration lets you configure DHCP for IPv6 and
specify a DNS server that supports IPv6.
6 Enable DNS support for IPv6. This step is optional, but highly recommended. If
DNS is not enabled or does not support IPv6, you will see only IPv6 addresses in
the output tables and charts. If you enable DNS, the information column in the
output tables and charts will instead show the hostnames, which are much more
readable and easier to work with.
6.1 Return to the System > Advanced > Advanced Data Collection Options.
6.2 Click on the System Configuration link.
6.3 Under DNS Configuration, specify the name of a DNS server that supports
IPv6.
6.4 Click Apply to save changes.
Figure 4-2 Enabling DNS Support for IPv6
Specify a DNS server that supports
IPv6 here.
adm-4-143
Verify Appliance Health with IPv6 Enabled

After you have enabled IPv6 on the appliance, monitor the health of the
appliance by running the Appliance Health Check insight periodically to make
sure that no issues have resulted from enabling IPv6. You should check the
networks health at the following times after you enable IPv6 support:
a peak hour in a business day
the busiest day in a week
a typical business week
If these checks detect no performance issues, the appliance can safely monitor
IPv6 environments. If performance issues are detected, the appliance is unable
to support IPv6 monitoring with the current traffic load. You can either disable
IPv6 or reduce traffic loads so that performance is no longer impacted.
Related Topics
What You Need to Know About IPv6 Support in AppResponse Xpert
Viewing IPv6 Information (AppResponse Xpert User Guide)
adm-4-144
What You Need to Know About IPv6 Support in AppResponse Xpert

You should consider the following implementation details when using
AppResponse Xpert in IPv6 environments:
Dual-stack environment for the management port. You can add an IPv6
address to the management port so that the management port is configured
with the IPv6 address and an IPv4 address. In other words, a dual-stack
environment is required in order to add an IPv6 address to the management
port. You can configure this IPv6 management port on the System / Setup
page.
DHCP support. Support for DHCP (IPv4 and/or IPv6) is included in this
release. You can configure this setting on the System / Setup page. Note that
if you enable DHCP, you must also enable dynamic DNS.
DNS server support. Support for DNS servers with IPv6 addresses. You
can configure this setting on the System / Setup page.
Management through Director over IPv4 only. Appliances that have IPv6
enabled cannot be added to a Directors domain through the IPv6
management interface. All appliances must be added to the Directors
domain by specifying their IPv4 management interface.
IPv6 is not supported for the following features:
Defined web apps and Web Transaction Analysis
Web Dashboards
VoIP
AppSensor Xpert, AppSQL Xpert, AppMapper CX-Tracer, and the Shark
module
BGP
Destination AS numbers
Auto-traceroute and topology to IPv6
Sendmail configuration
Prefix/24 or Dest AS table
NetFlow on the IPv6 management interface. Support for NetFlow monitoring
of IPv6 traffic is limited to IPv6 flows embedded in NetFlow records received
over the IPv4 management interface.
adm-4-145
RPM Dashboards over IPv6

If the appliance is running in dual-stack mode, you must use the IPv4
address when adding the appliance as a data source to RPM
Dashboards.
Release 2.3 PL1 or later of RPM Web Dashboards includes support for
the IPv6 features in AppResponse Xpert. Earlier versions will not display
IPv6 information.
Import to AppMapper Xpert. When you import traffic data from Release 9.0
of AppResponse Xpert into AppMapper Xpert, only IPv4 traffic data is
includedthe IPv6 traffic is filtered out.
SNMP polling
Backup and recovery. Backup and recovery requires an IPv4 server.
Fast recovery must be done using the IPv4 address of the appliance.
Related Topics
How to Set Up IPv6 on an Appliance
Viewing IPv6 Information (AppResponse Xpert User Guide)
adm-4-146
5Backup and Recovery of Appliance Data
Backup and Recovery of Appliance Data

This chapter describes the backup and recovery methods for
AppResponse Xpert appliances.
The methods are:
Backup and Recovery
Use this method to schedule regular backups that provide snapshots of
appliance data. The data can then be restored after an unexpected loss of
data, including accidental file deletion, database corruption, or hardware
failure.
Backup
Appliance A
(source)
Recovery
Backup Server
Appliance B
(target)
Fast Recovery
Use this method to quickly add or replace an appliance by transferring data
directly from one appliance to another.
Fast-Recovery
Appliance A
(source)
Appliance B
(target)
Backup Server
(not needed)
adm-5-147
Backup and Recovery

AppResponse Xpert appliances monitor, collect, and analyze network data
24/7. The data and analysis are critical to the smooth operation of your
enterprise. Therefore, it is important to protect the data and analysis by
implementing a backup and recovery plan.
AppResponse Xperts backup and recovery functionality serve as your backup
and recovery plan. Regularly scheduled backups provide snapshots of data that
can be restored after an unexpected loss of data, including accidental file
deletion, database corruption, or hardware failure. The backup and recovery
feature is also useful to transfer data from one appliance to another.
ImportantBackup and recovery is a disaster recovery toolnot an archiving
tool. When a backup is restored on an appliance, the backup data replaces the
existing data.
About the Data
Included in a Backup
The following AppResponse Xpert appliance data can be included in a backup:

Configuration Data
Includes all parameters necessary to configure the appliance. Also includes
all database tables relevant for configuring (or reconfiguring) an appliance.
Traffic Data
Includes 5-minute tables and/or 1-minute tables.
Reports
Includes all published reports.
Packet Captures
Includes packet capture files.
NoteThis option is only available on appliances without High Speed
Capture.
For detailed information about the data included in a backup, see the Include
option listed in Table 5-2 Options for Scheduling a Backup.
adm-5-148
About Backups
Backups can be performed either on-demand or scheduled at regular intervals

(daily, weekly, monthly) at a specific time (preferably during off-peak hours).
Before a backup can be performed, the backup process must be configured,
which includes defining the following information:
1) Backup server(s)specifies where the backup files are stored and the
protocol used by the backup process (FTP or SSH).
2) Data to includespecifies the data to include in the backup (e.g.,
configuration data, traffic data, reports).
NoteFor the most reliable disaster recovery plan, it is best to schedule regular
backups. On-demand backups are best when performed just before and/or just
after a major change to an appliance, such as a software upgrade.
Global vs. Local

Backups
Depending on your environment (e.g., whether you have an appliance or a

director) backups can be configured locally (by appliance) and globally (by
domain). The advantage of globally configuring a director domain is that the
identical backup configuration is sent to all appliances, saving you from defining
the same information on each appliance.
NoteAfter defining global backups on a director, you must activate the
backups on each appliance. Additionally, it is best to stagger the time of the
backups on each appliance so that multiple appliances are not simultaneously
copying data to the backup server.
Note the Global vs. Local statement before procedures for a description of
the difference between the two types of backups.
adm-5-149
Accessing the
Backup and
Recovery
Operations
The Administration > System > Backup navigation menu has five choices:
serversConfigures backup servers.
(See Defining Backup Servers.)
backup nowPerforms an on-demand backup.
(See Performing an On-Demand Backup.)
scheduleSchedules backups.
(See Scheduling a Backup.)
recoveryRestores configuration and/or other data from a backup.
(See Performing a Recovery.)
historyLists available backups and the status of in-progress backups.
(See Viewing a List of Backups.)
General Workflow
for Backup and
Recovery
The general workflow for configuring backups is as follows:

1) Pre-Configuration Tasks and Verifications
2) Defining Backup Servers
3) Scheduling a Backup -orPerforming an On-Demand Backup
To view a list of available and in-progress backups, see Viewing a List of
Backups.
To perform a recovery, see Performing a Recovery.
For additional information, see:
Best Practices and Guidelines for Backup and Recovery
Troubleshooting Common Issues with Backup and Recovery
adm-5-150
Pre-Configuration Tasks and Verifications

Before configuring backups, perform the following tasks and verifications:
Identify the backup server(s) where backup files will be copied and stored.
For each backup server, note the following information:
IP address
Username/password to access the server
Path to the directory on the server where backups will be copied
NoteYou can specify multiple backup servers with different paths,
protocols, and security settings on the same physical server.
On each backup server, verify the following:
SSH and/or FTP is installed and configured
The user account for the backup server has access to the backup
directory with read, write, delete, and execute privileges
The backup server has sufficient disk space for the backup files
On each AppResponse Xpert Appliance, verify that the AppResponse Xpert
user account has write privileges on the appliance. (Write privilege is
required to perform a recovery.)
For more information, see Best Practices and Guidelines for Backup and
Recovery.
adm-5-151
Defining Backup Servers

At least one backup server must be configured to perform or schedule a backup.
NoteYou can specify multiple backup servers with different paths, protocols,
and security settings on the same physical server.
Global vs. LocalBackup servers can be defined for an appliance or for an

entire domain. Local backup servers are defined from an
AppResponse Xpert appliance, while domain backup servers are defined
from an AppResponse Xpert Director.
When a backup server is defined on an AppResponse Xpert Director, the
backup server definition is pushed to all AppResponse Xpert appliances in
the domain. If the backup server names conflicts, (e.g., a global and local
server have the same name), the conflict is resolved as follows:
If a local backup server with the same name and the same settings already
existsthe backup server becomes global.
If a local backup server with the same name, but different settings already
existsthe name of the existing backup server is marked as local.
Whether a backup server is defined globally or locally is designated in the
third column of the List of Backup Servers page. Global is defined with a
blue globe; local is defined with a greyed-out globe and name. (The globe and
name are greyed-out as a reminder that the backup server cannot be edited
or deleted from the AppResponse Xpert appliance).
Before defining backup servers, be sure to review Best Practices and
Guidelines for Backup and Recovery.
adm-5-152
Procedure 5-1 Defining a Backup Server

1 Login to AppResponse Xpert.
Login to the AppResponse Xpert Director to define a global backup server
definition (for use by all appliances in the domain).
Login to an AppResponse Xpert appliance to define a local backup server
definition (for use by the specific appliance).
2 Navigate to the Administration > System > Backup > Servers page.
3 Do one of the following:
To define a new backup server, click Add new.
(The Add new option is located on the last line of the table, on the right.)
To edit an existing backup server, click Edit corresponding to the backup server
that you want to edit.
(The Edit option is the first column of the table.)
Remember that global backup servers can only be edited on the
AppResponse Xpert Director.
adm-5-153
4 Specify the information listed in the following table.

Table 5-1 Options for Defining a Backup Server
Option
Description
Name
Specifies the name of the backup server.

The name is used to identify the backup server in the user interface.
Host
Specifies the IP address of the backup server.
Protocol
Specifies the protocol used to communicate with the backup server.

You can choose FTP (the default) or SSH.
For more information, see Best Practices and Guidelines for Backup
and Recovery.
Path
Specifies the path where backup files are stored on the backup
server. Each backup goes into its own directory under this path. (If
using SSH protocol, this is the same path used in a secure copy
(scp) command.)
User
Specifies the user name for logging into the backup server. If no user
name is specified, then the same user name that is used to login to
the AppResponse Xpert appliance is used.
Password/RSA Key
For FTP protocol, specify the password for logging into the backup
server.
For SSH protocol, specify the RSA key used in authentication
procedure. Either click Generate to generate a key or paste an
existing key.
Note the following:
The RSA Key must be generated and stored on the backup server
before the backup procedure can execute. This is accomplished
by adding the key to the $HOME/.ssh/authorized_keys file for the
appropriate user account on the backup server. For more
information, contact your system administrator or consult the ssh
manual pages.
When you select and copy the key from the RSA key field to paste
it in the authorized_keys file, be sure to select all characters in the
string. It is good practice to compare the string in the RSA field
and the authorized_keys file carefully to verify that the entire
string is copied.
If defining a global backup server (e.g., defining a backup server
on a AppResponse Xpert Director) using an RSA key, note that
the same RSA key will be used to connect to the backup server by
all AppResponse Xpert appliances in the domain.
5 Click Apply to save the backup server definition.

6 Optionally, edit the backup server and click Test connection to initiate a
connection with the specified backup server and to execute a test write.
adm-5-154
To delete a backup server from an appliance, click the Delete option

corresponding to the backup server. (The Delete option is in the second column
in the List of Backup Servers page.) Remember that global backup servers
can only be deleted from the AppResponse Xpert Director. Also note that a
backup server cannot be deleted if it is currently specified as the backup server
for a scheduled backup.
adm-5-155
Scheduling a Backup
For the most reliable disaster recovery plan, it is best to schedule regular
backups.
Global vs. LocalBackup schedules can be defined on local appliances or
for an entire domain. Global schedules must use global backup servers, but
local schedules can use local or global backup servers.
Backup schedules defined on a Director are automatically pushed to all
appliances in the domain. Whether a scheduled backup is defined globally or
locally is designated in the fourth column of the List of Backup Schedules
page. Global is defined with a blue globe; local is defined with a greyed-out
globe.
When a global backup schedule is pushed to the appliances in the domain,
the schedules are inactive by default. To activate the schedule, you must edit
the schedule on each appliance and change the status from inactive to active.
Additionally, it is best to change the start date and/or time to avoid having all
the appliances in a domain attempting backups to the same server at the
same time.
ImportantWhen editing a global schedule on an AppResponse Xpert
appliance (not a Director), you can only change Status (active/inactive),
Start date, and Start time.
Before scheduling backups, see Best Practices and Guidelines for Backup and
Recovery.
Procedure 5-2 Scheduling a Backup

1 Log in to the web console (https://[appliance]:8080) of the appliance or director. To
schedule a global backup, log in to the AppResponse Xpert Director.
NoteBackup schedules created on a director are automatically pushed to all
appliances in the domain.
To schedule a local backup, login to an AppResponse Xpert appliance.
2 Navigate to the Administration > System > Backup > Schedule page.
adm-5-156
3 Do one of the following:

To define a new scheduled backup, click Add new.
(The Add new option is located on the last line of the table, on the right.)
To edit an existing scheduled backup, click Edit corresponding to the backup
schedule that you want to edit.
(The Edit option is the first column of the table.)
To copy an existing scheduled backup, click Copy corresponding to the backup
schedule that you want to copy. The Copy option is useful when you want to
schedule a backup that is similar to an exiting backup. After copying a scheduled
backup, you can then edit the copy.
(The Copy option is the third column of the table.)
NoteScheduled backups can be deleted or inactivated. An inactive backup is not
performed. Use the inactive feature to temporarily stop a scheduled backup.
To delete a scheduled backup, click Delete corresponding to the backup
that you want to delete.
(The Delete option is the second column of the table.)
To activate/inactivate a scheduled backup, click the Active checkbox
corresponding to the backup schedule that you want to activate/inactivate.
(The backup is active when a check appears in the checkbox.)
The following figure shows the New Schedule page that appears when defining
a new scheduled backup.
adm-5-157
4 Specify the information listed in the following table.

Table 5-2 Options for Scheduling a Backup
Option
Description
Schedule name
Specifies the name of the scheduled backup.
The name is used to identify the scheduled backup in the user

interface.
Status
Indicates whether the schedule backup is active. (The backup is

active when a check appears in the checkbox.)
NoteFor a global schedule (e.g., a schedule that was defined on a
Director), this option can be changed on an appliance.
Start date
Specifies the date on which the first backup is performed.

Enter a date in YYYY-MM-DD format or click the calendar icon next
to the field to select a date from the calendar.
Start time
Specifies the time at which the backup is performed.

Server name
Specifies the backup server to which the backup is copied and

stored.
Select a backup server from the pull-down list. Click the
Add new backup server option to add a backup server in a new
browser window. (See Defining Backup Servers.)
Prefix
Adds a prefix to the directory name in which the backup is copied.

(The directory name consists of the appliance name, version
number, and timestamp.) This field is optional.
Use the prefix option for identification purposes. For example,
supposed you schedule multiple backups, and each backup includes
different data. You could specify the data included in the backup
using the prefix option.
Compressed
adm-5-158
Indicates whether the backup files are compressed, using the gzip
algorithm. (Files are compressed when a check appears in the
checkbox.)
Table 5-2 Options for Scheduling a Backup (Continued)

Option
Description
Include
Specifies the data to be included in the backup.

Select one or more of the following:
configincludes all parameters necessary to configure the
AppResponse Xpert appliance (including alerts, insights,
applications, business groups, SLA dashboards, and appliance
setup). All database tables relevant for configuring (or
reconfiguring) an appliance are saved in a separate tar file on the
backup server with the name CNF.tgr or CNF.tar.
(NoteThe config option is always included in a backup.)
traffic dataSelect 5-minute tables (less granular but create a
smaller backup file) and/or 1-minute tables (more granular but
create a larger backup file). Traffic data is stored in two separate
tar files on the backup server: open database tables (can be
updated) in a file called DOP.tgz or DOP.tar, and closed database
tables (historical, no longer updated) in a file called DCL.tgz or
DCL.tar.
reportsIncludes all published reports in a file named REP.tgz or
REP.tar. (Note that this is not the same as report definitions,
which are stored with configuration data.) For more information,
see AppResponse Xpert User Guide > Console Reports.)
packet captureIncludes all packet capture files. Packet capture
files are stored in files named CAP.tgz or CAP.tar.
(NoteThis option is only available on appliances without
High Speed Capture.)
Frequency
Specifies the frequency of the backup.

Select one of the following:
daily (every x days)
weekly (every x weeks and the day(s) of the week)
monthly (every x months and the day(s) of the month)
Keep last x full

backups
Specifies the number of backups to keep on the backup server. The

default is 2. If unchecked, each backup overwrites the previous
backup.
NoteThe more backup you keep, the more disk space you need to
store the backup files.
Retry attempts
If a backup fails, specifies the number of times the appliance tries to

connect to the backup server. The default is 3.
Minutes between
retry attempts
Specifies the minutes between retry attempts. The default is 30

minutes.
5 Click Apply to save the scheduled backup definition.
adm-5-159
6 If scheduling global backups, edit the schedules on the individual appliances:

Change Inactive to Active.
Change the start date and/or time to avoid having all the appliances in a domain
attempting backups to the same server at the same time.
adm-5-160
Performing an On-Demand Backup

On-demand backups are best when preformed just before and/or just after a
major change to an appliance, such as a software upgrade.
Global vs. LocalOn-demand backups copy data from the specific
appliance from which the backup is performed. In other words, when
performing an on-demand backup from a Director of a domain, only the data
on the Director is included in the backup.
Before performing an on-demand backup, see Best Practices and Guidelines
for Backup and Recovery.
Procedure 5-3 Performing an On-Demand Backup

1 Log in to the appliance (https://[appliance]:8080) and navigate to the
Administration > System > Backup > Backup Now page.
2 Specify the following information:

Server nameSelect the backup server from the pull-down menu.
PrefixAdd a prefix to the backup directory name. (optional)
CompressedCompress the backup files using gzip compression.
IncludeSpecify the data to backup.
For more information about these options, see Table 5-2 Options for Scheduling a
Backup in Procedure 5-2 Scheduling a Backup.
3 Optionally, click Estimate size to estimate the size of the backup files.
The Backup estimation page appears.
adm-5-161
The Backup estimation page refreshes every 10 seconds while the estimation is
in progress. When complete, the page lists the size of the backup files. Click Back
to return to the Backup Server Information page.
4 Click Backup.
The Backup progress page appears.
During backup, a progress screen appears. A checkmark indicates completed

tasks, an hourglass for tasks in-progress or yet to execute, and a red X for tasks
that failed.
If you close the browser window while the backup is in progress, you can monitor,
abort, and/or verify the backup on the Backup History page. For more
information, see Viewing a List of Backups.
When the backup completes, the completion screen appears and displays the
success of the backup.
adm-5-162
Viewing a List of Backups

You can display and search completed backups and monitor in-progress
backups. Also, you can delete backup files from the backup servers.
Procedure 5-4 Viewing a List of Backups
1 Log in to the appliance (https://[appliance]:8080) and navigate to the
Administration > System > Backup > Backup History page.
Note the following:

The second column shows a solid blue rectangle for a full backup.
The third column shows a checkmark for a successful backup.
2 Do any of the following:
To search for an available backup, specify a date range using the Start date and
End date fields. Or click any of the pre-defined searches (current week,
last week, current month, last month).
To delete a backup, select the checkbox in the first column of the table and click
Delete.
adm-5-163
Performing a Recovery
Perform a recovery to restore the system configuration, traffic data, and reports,
to an appliance or Director from a selected backup.
Before performing a recovery, see Best Practices and Guidelines for Backup
and Recovery.
For information about restoring a backup to a different backup server, see
Restoring a Backup to a Different Appliance.
NoteBefore performing a recovery on an AppResponse Xpert appliance
that is connected to an expansion chassis, do the following:
Verify that the expansion chassis is connected and operational.
Backup the expansion chassis before performing the appliance recovery.
Additionally, when rebooting the AppResponse Xpert appliance, wait
30 seconds to 1 minute for the expansion chassis to reconnect with
appliance.
Procedure 5-5 Recovering Data on an Appliance

1 Login to AppResponse Xpert.
2 If restoring an appliance in a domain, disconnect the appliance from the domain
using the Domain Manager on the Director. For more information, see
Disconnecting an Appliance from a Domain.

3 Click the Backup tab.
4 Click recovery.
5 The Recovery page appears.
6 Select the backup server:

Select the backup server from the Server pull-down option. You can add a new
backup server in a separate browser window by clicking the Add new backup
server option to the right of the pull-down field. (See Defining Backup Servers.)
7 Select a backup:
adm-5-164
Select the most recent checkbox to restore with the most recent backup. Or,
uncheck the checkbox and click Find backup archives to display a list of available
backups. You can then select a backup from the list.
8 Select the data to restore:
Click the Clock icon located to the left of the backup that you want to restore and
select the types of data to restore. Uncheck the ones you do not want to restore at
this time: opened (current tables), closed (archive tables), reports, and packet
capture (on appliances without High Speed Capture). Configuration data is always
restored.
NoteAll selected data is restored. You cannot choose specific files from a
backup to restore. However, you can restore data from a backup one set at a time,
called a partial recovery. For example: restore configuration files and later restore
traffic data, reports, and/or capture data.
9 Click Recover to start the process.
A recovery progress screen displays.
10 When the recovery process completes, click Reboot to reboot the appliance and to
activate the restored configuration files.
11 If the recovery is partial (you want to restore additional data (i.e., traffic data,
reports) from the selected backup):
11.1 Select the checkboxes for the data to restore.
11.2 Click Continue Recover.
12 When the recovery process completes, click Reboot.

(Perform the partial recovery and reboot as many times as necessary.)
13 If you are restoring an appliance in a domain, re-activate the appliance from the
Domain Manager, as described in Connecting an Appliance to a Domain.
adm-5-165
Restoring a Backup to a Different Appliance
You can restore a backup to a different appliance from which the backup data
originated, by renaming the backup directory with the AppResponse Xpert
appliance to which the backup will be restored.
For example, suppose you have a backup on the backup server under the
following directory name:
ARX2_8.5.5_119908473000
where:
ARX2 = the hostname of the AppResponse Xpert appliance
8.5.5 = the AppResponse Xpert version
119908473000 = the UNIX or POSIX time (number of seconds since
January 1,1970)
Now suppose that you want to restore this backup to a different
AppResponse Xpert appliance: ARX5.
To restore the ARX5 appliance with the ARX2 backup, do the following:
1) Rename the backup directory by changing the appliance name from ARX2
to ARX5.
2) On ARX5 appliance:
a) Add the backup server.
(See Procedure 5-1 Defining Backup Servers.)
b) Perform a recovery.
(See Procedure 5-5 Recovering Data on an Appliance.)
Be sure to unselect the most recent checkbox and click
Find backup archives to find and select the backup that you want to
restore.
Important Notes
When restoring a backup to a different device, note the following:

Recovering downward to an older or lower-end device is not
recommended. Not all appliance/director models can used as the target
device for a specific source device. If the target device does not support the
source data, the Fast Recovery will exit with a warning message.
The target device must have the same or higher software release installed
as the source device. You can restore to a newer release, but not to an older
release.
You can verify the installed release in the Administration > System > Setup
page (top-left corner).
adm-5-166
The target device must have at least as much available disk space as the
source device.
You can verify the amount of disk space in the Desktop Console > View >
Appliance Info window. Scroll to the bottom and note the second-to-last line:
Disk Usage.
If you are recovering data that requires a specific license, you will need to
have that license installed on the target device to view that data.
have that license installed on the destination appliance to view that data.
If you have only one set of licenses, and need to transfer these licenses from
the source to the target, do the following:
a) Back up the data on the source device.
b) Recover the data to the target device.
c) Deregister the licenses on the source device:
i) Open the License Manager (Desktop Console > Tools > License
Manager).
ii) Copy or write down the serial number of the appliance.
iii) Go to www.riverbed.com/support and open a support case. Include
the serial number of the appliance in the initial request.
d) When Support notifies you that the licenses are available, add them on
the destination device.
After you generate a license key, you can add it to the device from the
To verify and compare licenses, access the License Manager on each
appliance. Open the Desktop Console (Administration > Desktop Console)
and choose Tools > License Manager Note the list of licenses in the
License Manager.
adm-5-167
Best Practices and Guidelines for Backup and Recovery

For best practices and guidelines, see:
Recommendation: Use SSH If Possible
Estimating Backup/Recovery Times
Recovery Guidelines
Recommendation: Use SSH If Possible
If you have an SSH server, Riverbed recommends that you back up and restore
over SSH. SSH is more reliable than FTP, especially for large backup/restore
operations.
Estimating Backup/Recovery Times
The average speed of a backup/restore operation ranges from 35Mbps to

50Mbps (megabits per second), with a maximum possible speed of 55Mbps.
You can estimate the amount of time a backup/restore operation will take based
on the amount of data that needs to compressed and archived (or
uncompressed and extracted). For example, suppose you want to back up
100GB (gigabytes) of data. You can estimate the backup time as follows:
100GB * 8 = 800Gb of data
convert gigabytes to gigabits
800Gb / 50Mbps = ~16k seconds backup time
total backup data (bits) / estimated backup speed (bits per second)
16k / 60 = ~267 minutes backup time
267 / 60 = ~4.44 hours backup time
You can estimate the size of a proposed backup using the Estimate size
option (Backup > backup now page). (See step 3 in Procedure 5-3 Performing
an On-Demand Backup.) The Backup > recovery page shows the size of each
available archive.
Note the following:
Backup operations can take longer if the appliance is busy.
Restore operations take slightly longer than backup operations.
Restore operations can take longer if you are restoring data from one release
to another (for example, restoring 8.0.x data onto an 8.5.x appliance).
adm-5-168
Recovery Guidelines
Before you perform a Recovery operation, note the following:

1) To restore an appliance in a domain, you must first disconnect the
appliance from the domain using the Domain Manager on the director, as
described in Disconnecting an Appliance from a Domain of the
AppResponse Xpert Director User Guide. After the restore, you must
re-connect the appliance to the domain.
2) Most of the Administration > System web UI functionality becomes
unavailable during recovery. Therefore it is best to perform a restore during
off-peak hours. Also note that a recovery replaces the data on the
AppResponse Xpert appliance. Therefore, any changes to the appliance or
packet capture data collected during a recovery (on appliances without
High Speed Capture) will be lost. Therefore, it is best to restore when you
dont need the appliance to collect data.
3) When you perform a recovery operation that includes tables, reports, or
packet capture data (on appliances without High Speed Capture)that is,
when you want to recover anything in addition to configuration datait is
best to split the operation into separate phases:
a) On the restore system, open the License Manager (Tools >
License Manager in the Desktop Console) and verify that the appliance
has a valid, unexpired license installed.
b) Perform the Recovering Data on an Appliance procedure with all
Content checkboxes (Traffic Data, Reports, and Packet Capture)
unselected. This will recover the configuration data only.
c) When the Recover operation finishes, click Reboot.
d) When the appliance finishes rebooting, re-connect using the
Administration > System web UI and return to the Backup > Recovery.
e) Select the additional data you want to recover (under Continue
Recovery Process) and click Continue Recovery.
adm-5-169
Troubleshooting Common Issues with Backup and Recovery

Typically, backup and recovery problems are related to permissions issues, an
improperly defined backup server, connection timeouts, etc. The following table
lists troubleshooting tasks.
Task
Description
FTP or SSH
Check whether the backup is using FTP or SSH.

If using FTP, note that in some cases, performing large file backups over FTP may result in a
failure. To test, try performing a small file backup over FTP. If a small backup (i.e., configs only)
works, but a full backup fails, try performing an SSH backup.
Confirm
Connectivity
Verify the following and contact your network administrator if either of the following items fail:
From the backup server, try to ping the AppResponse Xpert appliance.
If there is a firewall between the backup server and the appliance, make sure that the
appropriate ports (FTP or SSH) are open for backup/restore.
Confirm the
Backup Directory
Path
Verify that the path to the backup directory is correctly defined in AppResponse Xpert.
Check
Permissions
Verify that the user performing the backup has read, write, delete, and execute permissions to
the backup directory on the backup server.
Check Logs
Obtain the exact error message in the br.log file. This file can be accessed through the
System > Administration web UI: Diagnostic > log viewer.
Try the following:

Log in to the backup server from your Windows command prompt (Start > Run > cmd) using
the same username and password defined in the Administration > System web UI.
After logging in, type pwd or dir to determine where it's logging in. For instance, when you
enter pwd it shows that you are logged in under C:\desktop\ftp and your backup ftp directory
path is C:\desktop\ftp\opnet\backup. Then you know that in the System > Administration
web UI, you need to define the path as \opnet\backup and not the complete path.
Related Topics
Fast Recovery
adm-5-170
Fast Recovery
Fast Recovery allows you to recover data directly from one AppResponse Xpert
device to another directly, without the step of transferring data via an
intermediate backup server. Fast Recovery offers the following advantages over
a standard Backup and Recovery:
Fast Recovery is significantly faster
Fast Recovery always recovers the most recent data from the appliance or
director (instead of archived data from a backup server).
Figure 5-1 Fast Recovery: No Backup Server Needed
Appliance A
(source device)
Appliance B
(target device)
Backup Server
(not needed)
NoteFast Recovery does not replace a standard Backup and Recovery and
is not always recommended. Fast Recovery is typically used to add or replace
an appliance when both source and target are running, available, and visible to
each other. You cannot use Fast Recovery to recover data on the same
appliance, or to recover data from a source device that has already been
decommissioned.
NoteFast Recovery is usually faster than an equivalent Backup and Recover
in part because Fast Recovery transfers uncompressed data while Backup and
Recovery compresses, transfers, and uncompresses the data. This eliminates
the compression/uncompression processing time, but also results in more data
being transferred across your network. The actual Fast Recovery time depends
on latency, bandwidth, utilization, and other conditions in your network. You
might want to start the Fast Recovery when network usage is minimallate at
night, for example, or during the weekend--especially if the amount of data
being transferred is very large.
About the Data Restored in a Fast Recovery
Important Notes on page adm-5-172
Performing a Fast Recovery on page adm-5-175
Troubleshooting Fast Recoveries on page adm-5-177
adm-5-171
About the Data Restored in a Fast Recovery

The following AppResponse Xpert appliance data can be restored during a Fast
Recovery:
Configuration Data
Includes all parameters necessary to configure the appliance. Also includes
all database tables relevant for configuring (or reconfiguring) an appliance.
The configuration data is always restored during a Fast Recovery.
Traffic Data
Includes 1-minute, 5-minute, 60-minute, and 1-day tables. You can specify
the traffic data to restore during a Fast Recovery.
Reports
Includes all published reports. Reports are always restored during a Fast
Recovery.
General Workflow
The Fast-Recovery process is performed using CLI commands and includes the
following steps:
1) Establish a public/private key authentication between the source and target
appliances.
2) Initiate and run the Fast-Recovery process.
Important Notes
Before you do a Fast Recovery, note the following:
Recovering downward to an older or lower-end device is not
recommended. Not all appliance/director models can used as the target
device for a specific source device. If the target device does not support the
source data, the Fast Recovery will exit with a warning message.
If the original appliance is part of a director domain, you must
Remove the original appliance from the domain,
Do the Fast Recovery, and
Add the new appliance to the domain.
If you are doing Fast Recovery between two directors, and the original
director has appliances in its domain, you must
Remove all appliances from the original directors domain,
Do the Fast Recovery, and
Add all appliances to the new directors domain.
adm-5-172
The target device must have the same or higher software release installed
as the source device. You can restore to a newer release, but not to an older
release.
You can verify the installed release in the System > Administration web UI >
System > Setup page (top-left corner).
If the source device is running a pre-8.5.5 software release, you must install
the following patch before you do a Fast Recovery:
Desktop Console >
Insights >
Update Center >
support.opnet.com/insights/support >
patches >
patchAV-all-xx00-R807_853-Backup-101
The target device must have at least as much available disk space as the
source device.
You can verify the amount of disk space in the Desktop Console > View >
Appliance Info window. Scroll to the bottom and note the second-to-last line:
Disk Usage.
NoteDuring the Fast-Recovery process, a warning message displays if
there is not enough space on the target device.
Depending on the hardware model and the data specified for recovery, the
recovery process can take several hours. For more information, see
Estimating Backup/Recovery Times on page adm-5-168.
While a Fast Recovery is in progress, all traffic monitoring is suspended on
the source device. For this reason, you should perform a Fast Recovery only
when you do not need to use the device for critical work.
have that license installed on the target device to view that data.
If you have only one set of licenses, and need to transfer these licenses from
the source to the target, do the following:
a) Fast-Recover the source device to the target device (as described in
Procedure 5-6 on page adm-5-175).
b) Deregister the licenses on the source device:
i) Open the License Manager (Desktop Console> Tools > License
Manager).
ii) Copy or write down the serial number of the appliance.
iii) Go to www.riverbed.com/support and open a support case. Include
the serial number of the appliance in the initial request.
When Support notifies you that the licenses are available, add them on
the destination device.
adm-5-173
After you obtain a license key, you can add it to the device from the
adm-5-174
Performing a Fast Recovery
Procedure 5-6 Performing a Fast Recovery

1 Target device: Log in as admin.
NoteYou must be logged in as user admin, not simply as a user with
Administrative privileges.
2 Target device: Run the following command to generate an RSA public key:
ssh-keygen -t rsa
NoteSkip this step if the target appliance already has an RSA public key.
3 Target device: Run the following command to display the RSA public key on the
screen:
ssh-keygen -D rsa
4 Target device: Select and copy the key displayed on the screen.
Be sure to select and copy the entire key.
In the next step, you will paste the key as part of the command.
5 Source device: Run the following command to copy the public key to the source
appliance (paste the key string into the command line:
add-sshkey <key>
The key string must begin and end with a double-quote () character:
Enter the following: add-sshkey
Paste the key string, add a second double-quote, and press Enter.
The key is copied to the source appliance in the /<uid>/.ssh/authorized_keys file
(where <uid> is the admin user).
adm-5-175
6 Target device: Run the fast-recover command:

fast-recover -s <hostname> <options>
where:
-s <hostname> = Source. Specifies the host name or IP address of the source
appliance.
<options>:
-x '1,5,60,1440' = Exclude tables. Specifies the traffic data tables (both
historical and current) to exclude from the Fast Recovery. If excluding more than
one table type, separate the tables with commas:
1 = 1-minute tables
5 = 5-minute tables
60 = 60-minutes tables
1440 = 1-day tables
<no option> = No data is excluded from the Fast Recovery.
NoteThe configuration data and published reports are always restored during
the Fast Recovery.
other option:
-h = Help. Lists the available options.
The following examples show how the command options can be used for different
use cases:
>fast-recover -s ARX5
Copy all recovery data from the ARX5 appliance.
>fast-recover -s ARX5 -x '1,5,60'
Copy all recovery data from the ARX5 appliance except for 1-minute tables,
5-minute tables, and 60-minute tables.
>fast-recover -s ARX5 -x '1,5,60,1440' -p
Copy only the configuration data and the published reports from the ARX5
appliance.
7 Before the Fast Recovery begins, the appliance shows the amount of data to be
transferred. If you want to estimate the approximate recovery time, see Estimating
Backup/Recovery Times on page adm-5-168. Otherwise, enter y to proceed.
The Fast Recovery outputs characters to the CLI to indicate that the recovery is in
progress. Thus, you might see a string of characters like the following, which
continually updates as the recovery proceeds:
=>=>=>=>=>=>=>=>=>=>=>=>
When the recovery is complete, the following message appears:
Fast-Recovery Successful
adm-5-176
8 Run the following command to configure the target appliance.

setup
Follow the prompts to configure/verify the appliance settings (e.g., IP address and
other network parameters). When complete, the appliance automatically reboots.
Related Topics
.Backup and Recovery
Troubleshooting Fast Recoveries

This section describes the following issue:
Not Enough Disk Space on Target Appliance on page adm-5-177
Not Enough Disk Space on Target Appliance
Before it starts a Fast Recovery, AppResponse Xpert checks the target

appliance to ensure that it has enough disk space for all source data. A target
appliance can allocate up to 75% of its disk space to receive data from a source
appliance during a Fast Recovery. If the amount of source data exceeds this
threshold, Fast Recovery does not transfer any data; it simply generates an
error message and exits.
In this case, you can run the following command on the source appliance to trim
the database size:
dbcleanup -f [trim-original-size-to-this-percentage]
This command trims the 1-minute tables first; if the target percentage is not
reached, it trims some of the 5-minute tables.
Riverbed has the following guidelines for trimming databases for a Fast
Recovery:
When transferring data from lower- to a higher-model appliance, or between
two same-model appliances, you can trim the source database to 75%
(dbcleanup -f %75) in most cases.
When transferring data from a higher- to a lower-model appliance, you need
to trim the database by 50% (dbcleanup -f %50) in most cases.
When transferring data from a 4100, 4200, 5000, or 5100 to a 6000
appliance, you should trim the database by 50%. Although the 6000 has
more total disk space than these source models, it has less space allocated
for metric data (the extra space is dedicated to storing captured packets).
adm-5-177
If you're not interested in retaining the most recent data, you can discard
1-minute tables using the -x command-line argument. This effectively
reduces the database size by 50% while retaining all of the 5-minute, 1-hour,
and 1-day data:
fast-recover -s [hostname] -x 1
If you want to calculate a more precise percentage, you can also run the
following command to see disk usage and availability on the source and target:
df -H
The following example shows how to calculate determine the trimming

percentage for an example source and destination. First, run df -H on the
source and target appliance:
my-source-appliance.mycompany.com> df -H
Filesystem
Size
Used
Avail Capacity
/dev/da0s4d
1.9T
1.5T
240G
86%
Mounted on
/u1
My-target-appliance.mycompany.com> df -H
Filesystem
Size
Used
Avail Capacity
/dev/da0s4d
1.2T
0.3T
900G
25%
Mounted on
/u1
The key values here are Used on the source and Size on the target:
Size-on-target = 1.2T
Disk space on target available for Fast Recovery = 1.2T * 0.75 = 0.9T
Used-on-source = 1.5T
In this case, the source has much more data (1.5T) than it can transfer to the
target. You would need to trim the database by 50% (dbcleanup -f %50) to
bring the source database down to 0.75T. This is within the maximum threshold
on the target (0.9T) and would allow the Fast Recovery to proceed.
adm-5-178
App ASoftware Updates from the Administration > System Web UI
App A Software Updates from the Administration >

System Web UI
You can download and install software Updates for Appliances and Directors
using the Administration > System > Update web page.
Figure A-1 System Tab - Appliance Update
There are three ways to download and install software Updates:

Download (Updating an Appliance that has Internet Access)
URL (Updating from a Custom URL on page ADM-A-180)
Upload (Updating from a Local Host on page ADM-A-180)
Updating an Appliance that has Internet Access

This procedure describes how to Update an appliance that has internet access.
If your appliance is on an isolated network, follow the directions in Updating from
a Local Host on page ADM-A-180.
To Update an appliance from a Director or support.riverbed.com, do the
following:
1) Log in to the Web Console and navigate to the Administration > System >
Update page.
If the appliance connects to the internet through a proxy server, you can
use the options link (right of page) to specify a proxy URL.
2) In the New Version pull-down menu, select the Update you want.
3) Select the Copy and Install checkboxes.
4) Click Install.
179
Updating from a Custom URL

You can Update an appliance from a custom URLeither from a local URL to
which you have downloaded and copied the software, or from a URL given to
you by Riverbed support.
1) If you are copying the file from a local URL, download the file and copy it to
the local web server
2) Select Specify URL in the New Version pull-down menu, enter the URL,
and click OK.
3) Check the Copy and Install check boxes and click Install.
Figure A-2 System TabURL Dialog
NoteYou can copy the Update to a desktop or notebook computer and follow
the directions shown in Updating from a Local Host on page ADM-A-180.
Updating from a Local Host

Because of security concerns, some network configurations wont allow a direct
download to the appliance. This method can be used to download the software
Update to the appliance from another location (such as your desktop computer).
The following steps describe this workflow:
1) From the Riverbed support site, using a valid support account, download
the software to your desktop computer.
2) In the New Version pull-down menu, select Specify Local File.
3) Browse for the Update file that you downloaded to your desktop computer
and then click OK.
4) Check the Copy and Install check boxes and then click Update.
Figure A-3 System Tab - Specify Local File Dialog
180
Once the operation begins, you can use the Status box to see the status. During
the download and verify stages, you may stop the process by clicking the Stop
icon. However, if you do this, you lose what you have already
downloaded/verified and must start at the beginning.
WARNINGYou must not stop the process during the staging and installing
stages.
Software Update Options

In some cases, the AppResponse Xpert Appliance may have access to the
Internet via a proxy. Click Options to specify the proxy URL, and any user
credentials, if needed. Proxy settings apply to downloads only. If you upload an
Update, your browser must be able to make a direct connection with the
appliance.
Figure A-4 System tab - Software Update Options Dialog
Updating Software on a Director

See App A Updating the Director and Connected Appliances from the Web UI
on page ASI-A-51 of Director User Guide.
Deleting Old Releases

Since a domain can include appliances running versions of the
AppResponse Xpert Operating System older than the Director, it is customary
for Directors to maintain a set of Upgrades that allow any members of the
domain to Upgrade to the same release as the Director. Bear in mind that
intermediate releases may be needed to Upgrade to the current release on the
Director.
181
When you install a new release, the old release stays on the system but is not
installed. Once the you have verified that the new release is running smoothly,
select the delete release link to remove the old release.
Figure A-5 System Tab - Update - Delete
182
App BSoftware Updates Using the CLI
App B
Software Updates Using the CLI

Alternatively from the System > Administration web UI, you can download and
install software updates using the CLI, which includes a release-update
command. Before updating, be sure to back up the system configuration to
simplify error recovery in case an update fails.
Important Notes
Note the following:
You cannot downgrade any appliance or director to a previous release.
The CLI method is primarily intended for updating appliances that currently
have 8.5.5 or earlier installed. Riverbed recommends that you use the
System > Administration web UI to update or upgrade from 8.6.2 or higher.
The CLI method requires a local FTP or HTTP server that is visible to the
appliance you want to update.
If you do not have a local FTP or HTTP server, you can use the System >
Administration web UI to update the appliance.
release-update Commands
To download and install a new software release access the CLI, type
release-update and press Enter. The CLI displays the update menu which
provides the following commands:
download
Download a software release from a local web server. If the check
command was run previously, download provides a list of available software
releases. If the check command has not been run, you must provide the
complete URL to a software JAR. The download command supports URLs
with an embedded username and password. This can be useful for
transferring files from FTP servers requiring authentication.
ftp://username:password@host/path
http://username:password@host/path
This command transfers the software release to the appliance but does not
install it.
install
Install a software release that has been downloaded to the appliance. This
command provides a list of software JARs that are currently stored on the
appliance.
delete
183
Delete a software release that has been downloaded to the appliance. The
delete command provides a list of releases that are currently on the
appliance.
NoteBefore you start using the CLI to update an appliance, it is good
practice to delete any old JARs that are still stored on the appliance. This
frees up disk space that might be needed to store new JARs.
In this context, an old JAR corresponds to
Any release that is not the currently installed release (for appliances)
Any release that is neither the current release nor a release that needs
to be installed on any connected appliance. (for directors)
Suppose you want to install 9.0.3 on an 8.6.8 director. The director and all
connected appliances have been updated to 8.6.8, but the director still has
several older release JARs in its storage area. Therefore, you should delete
all JARS for all releases up to but not including 8.6.8.
To remove old JARs from an appliance or director, do the following steps:
a) Log in to the director as a user with Administrator privileges, using an
SSH-enabled program such as putty.
b) Enter the following command: release-update
The CLI displays the AppResponse Xpert Software Update menu.
c) Enter the following command: releases
The CLI displays all releases that are currently stored on the director.
d) For all old JARs (neither the current release nor a release needed to
update the director or a connected appliance), run the following
commands:
delete <release_number>
unpublish <release_number>
All JAR files for <release_number> are removed from the director.
e) For the release currently installed on the Director, run the following
command:
unpublish <release_number>
You must perform this step for the currently installed release if it was
installed on the director using the CLI rather than the System >
Administration web UI.
log
Examine a software installation log. A new log file is created each time a
software release is installed. The log command provides a list of available
software logs.
proxy
184
Configure an HTTP proxy server used by the check and download

commands
check
NoteThis command is useful only on an appliance that is connected to a
director. To confirm all connections in the domain, log in to the director for the
Desktop Console and confirm all connections under Tools >
Domain Manager.
You can use this option to check for software releases on a connected
director that are available for downloading and installing. By default, an
appliance connected to a director should show the following path. (If this path
is not displayed, log in to the director Desktop Console and check the
connection under Tools > Domain Manager.)
http://director-ip-or-name:8080/updates/releases.txt
quit
Return to the main CLI menu.
release-current Command
The release-current CLI command displays the current software release
running on the appliance. This command does not take arguments.
185
186
App CBerkeley Packet Filter Syntax
App C
Berkeley Packet Filter Syntax

You an specify packet filters using the tcpdump expression format; you can then
apply these filters to packet captures and traffic monitoring, as described in the
following sections of the AppResponse Xpert User Guide:
Packet Captures
Traffic Monitoring: Enabling, Disabling, and Applying Packet (BPF) Filters
Starting, Stopping, and Configuring High-Speed Captures
This section is extracted from the tcpdump documentation available at
http://www.tcpdump.org/. References to non-ethernet protocols should be
ignored since the AppResponse Xpert Appliance only supports Ethernet
network interfaces.
NoteThis Appendix does not apply to AppResponse Xpert Standard.
Tcpdump Expressions
The expression consists of one or more primitives.
Tcpdump Primitives and Qualifiers

Primitives usually consist of an id (name or number) preceded by one or more
qualifiers. There are three different kinds of qualifier:
type qualifiers say what kind of thing the id name or number refers to.
Possible types are host, net and port. E.g., host foo, net 128.3,
port 20. If there is no type qualifier, host is assumed.
dir qualifiers specify a particular transfer direction to and/or from id.
Possible directions are src, dst, src or dst, and src and dst. E.g.,
src foo, dst net 128.3, src or dst port ftp-data.
If there is no dir qualifier, src or dst is assumed. For `null' link layers (i.e.,
point-to-point protocols such as slip) the inbound and outbound qualifiers can
be used to specify a desired direction.
proto qualifiers restrict the match to a particular protocol.
Possible protos are: ether, fddi, ip, ip6, arp, rarp, decnet, lat, sca,
moprc, mopdl, iso, esis, isis, icmp, icmp6, tcp, and udp. E.g., èther
src foo', àrp net 128.3', `tcp port 21'.
If there is no proto qualifier, all protocols consistent with the type are
assumed. E.g., src foo means (ip or arp or rarp) src foo (except the latter
is not legal syntax), net bar means (ip or arp or rarp) net bar and port 53
means (tcp or udp) port 53.
adm-C-187
Additionally, there are special primitive keywords that don't follow the pattern:
gateway, broadcast, less, greater and arithmetic expressions. For a list of the
allowable tcpdump primitives, see Table C-1 on page adm-C-188.
More complex filter expressions are built up by using the words and, or and
not to combine primitives. E.g., `host foo and not port ftp and not port ftp-data'.
To save typing, identical qualifier lists can be omitted. E.g., `tcp dst port ftp or
ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data
or tcp dst port domain'.
Allowable Primitives
The following table lists the allowable tcpdump primitives.
Table C-1 tcpdump Primitives
Primitive
Description
dst host host
True if the IPv4/v6 destination field of the packet is host, which may be either an address or
a name.
src host host
True if the IPv4/v6 source field of the packet is host.
host host
True if either the IPv4/v6 source or destination of the packet is host. Any of the above host
expressions can be prepended with the keywords, ip, arp, rarp, or ip6 as in: ip host host which
is equivalent to: ether proto \ip and host host If host is a name with multiple IP addresses,
each address is checked for a match.
ether dst ehost
True if the ethernet destination address is ehost. Ehost may be either a name from /etc/ethers
or a number (see ethers(3N) for numeric format).
ether src ehost
True if the ethernet source address is ehost.
ether host ehost
True if either the ethernet source or destination address is ehost.
gateway host
True if the packet used host as a gateway, i.e., the ethernet source or destination address
was host but neither the IP source nor the IP destination was host. Host must be a name and
must be found in both /etc/hosts and /etc/ethers. (An equivalent expression is ether host
ehost and not host host which can be used with either names or numbers for host / ehost.)
This syntax does not work in IPv6-enabled configuration at this moment.
dst net net
True if the IPv4/v6 destination address of the packet has a network number of net. Net may
be either a name from /etc/networks or a network number (see networks(4) for details).
src net net
True if the IPv4/v6 source address of the packet has a network number of net. net net True
if either the IPv4/v6 source or destination address of the packet has a network number of net.
net net mask mask
True if the IP address matches net with the specific netmask. May be qualified with src or dst.
Note that this syntax is not valid for IPv6 net.
net net/len
True if the IPv4/v6 address matches net a netmask len bits wide. May be qualified with src
or dst.
adm-C-188
Table C-1 tcpdump Primitives (Continued)

Primitive
Description
dst port port
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port value of port.
The port can be a number or a name used in /etc/services (see tcp(4P) and udp(4P)). If a
name is used, both the port number and protocol are checked. If a number or ambiguous
name is used, only the port number is checked (e.g., dst port 513 prints both tcp/login traffic
and udp/who traffic, and port domain prints both tcp/domain and udp/domain traffic).
src port port
True if the packet has a source port value of port.
port port
True if either the source or destination port of the packet is port. Any of the above port
expressions can be prepended with the keywords, tcp or udp, as in: tcp src port port which
matches only tcp packets whose source port is port.
less length
True if the packet has a length less than or equal to length. This is equivalent to: len <=
length.
greater length
True if the packet has a length greater than or equal to length. This is equivalent to: len >=
length.
ip proto protocol
True if the packet is an ip packet (see ip(4P)) of protocol type protocol. Protocol can be a
number or one of the names icmp, igrp, udp, nd, or tcp. Note that the identifiers tcp, udp, and
icmp are also keywords and must be escaped via backslash (\), which is \\ in the C-shell. Note
that this primitive does not chase protocol header chain.
ip6 proto protocol
True if the packet is an IPv6 packet of protocol type protocol. Note that this primitive does not
chase protocol header chain.
ip6 protochain protocol
True if the packet is IPv6 packet, and contains protocol header with type protocol in its
protocol header chain. For example, ip6 protochain 6 matches any IPv6 packet with TCP
protocol header in the protocol header chain. The packet may contain, for example,
authentication header, routing header, or hop-by-hop option header, between IPv6 header
and TCP header. The BPF code emitted by this primitive is complex and cannot be optimized
by BPF optimizer code in tcpdump, so this can be somewhat slow.
ip protochain protocol
Equivalent to ip6 protochain protocol, but this is for IPv4.
ether broadcast
True if the packet is an ethernet broadcast packet. The ether keyword is optional.
ip broadcast
True if the packet is an IP broadcast packet. It checks for both the all-zeroes and all-ones
broadcast conventions, and looks up the local subnet mask.
ether multicast
True if the packet is an ethernet multicast packet. The ether keyword is optional. This is
shorthand for èther[0] & 1!= 0'.
ip multicast
True if the packet is an IP multicast packet.
ip6 multicast
True if the packet is an IPv6 multicast packet.
ether proto protocol
True if the packet is of ether type protocol. Protocol can be a number or a name like ip, ip6,
arp, or rarp. Note these identifiers are also keywords and must be escaped via backslash (\).
[In the case of FDDI (e.g., `fddi protocol arp'), the protocol identification comes from the 802.2
Logical Link Control (LLC) header, which is usually layered on top of the FDDI header.
Tcpdump assumes, when filtering on the protocol identifier, that all FDDI packets include an
LLC header, and that the LLC header is in so-called SNAP format.]
adm-C-189
Table C-1 tcpdump Primitives (Continued)

Primitive
Description
ip, ip6, arp, rarp
Abbreviations for: ether proto p where p is one of the above protocols.
lat, moprc, mopdl
Abbreviations for: ether proto p where p is one of the above protocols. Note that tcpdump
does not currently know how to parse these protocols.
vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only encountered
in expression changes the decoding offsets for the remainder of expression on the
assumption that the packet is a VLAN packet.
tcp, udp, icmp
Abbreviations for: ip proto p or ip6 proto p where p is one of the above protocols.
expr relop expr
True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an arithmetic
expression composed of integer constants (expressed in standard C syntax), the normal
binary operators [+, -, *, /, &, |], a length operator, and special packet data accessors. To
access data inside the packet, use the following syntax: proto [expr: size] Proto is one of
ether, fddi, ip, arp, rarp, tcp, udp, icmp or ip6, and indicates the protocol layer for the index
operation. Note that tcp, udp and other upper-layer protocol types only apply to IPv4, not IPv6
(this will be fixed in the future). The byte offset, relative to the indicated protocol layer, is given
by expr. Size is optional and indicates the number of bytes in the field of interest; it can be
either one, two, or four, and defaults to one. The length operator, indicated by the keyword
len, gives the length of the packet.
End of Table C-1
For example, èther[0] & 1 != 0' catches all multicast traffic. The expression ìp[0]
& 0xf != 5' catches all IP packets with options. The expression ìp[6:2] & 0x1fff
= 0' catches only unfragmented datagrams and frag zero of fragmented
datagrams. This check is implicitly applied to the tcp and udp index operations.
For instance, tcp[0] always means the first byte of the TCP header, and never
means the first byte of an intervening fragment.
Combining Primitives
Primitives may be combined using:
A parenthesized group of primitives and operators (parentheses are special
to the Shell and must be escaped).
Negation (`!' or `not')
Concatenation (`&&' or ànd')
Alternation (`||' or òr')
Negation has highest precedence. Alternation and concatenation have equal
precedence and associate left to right. Note that explicit and tokens, not
juxtaposition, are now required for concatenation.
adm-C-190
If an identifier is given without a keyword, the most recent keyword is assumed.

For example, not host vs and ace is short for not host vs and host ace which
should not be confused with not (host vs or ace).
Expression arguments can be passed to tcpdump as either a single argument
or as multiple arguments, whichever is more convenient. Generally, if the
expression contains Shell metacharacters, it is easier to pass it as a single,
quoted argument. Multiple arguments are concatenated with spaces before
being parsed.
adm-C-191
adm-C-192
App DRemoving Residual Data from Appliance Disk Drives
App D Removing Residual Data from Appliance Disk

Drives
To alleviate security concerns, all customer-specific data can be removed from
AppResponse Xpert appliance disk drives. This is especially useful when
replacing and/or returning hardware.
The disk drives in an AppResponse Xpert appliance can be cleared of all
customer-specific data using the following utilities that are run from the CLI
(Command Line Interface):
Rollback Utility
Restores an AppResponse Xpert appliance to its default factory settings.
Diskwipe Utility
Overwrites all unused disk space on one or all disk drives after rollback is
completed.
ResetData Utility
Deletes all metric data and captured packets, but retains configuration
settings.
Rollback Utility
The Rollback utility restores an AppResponse Xpert appliance to its default
factory settings. This means that all customer-specific data is removed from the
appliance, including:
configuration settings
data from database tables
logs
reports and report definitions
Diskwipe Utility
The DiskWipe utility overwrites all unused disk space on the specified disk
drives. More specifically, in one pass, the DiskWipe utility writes zeros to all
blocks on the disk drive(s) that have no data. (The DiskWipe Utility is similar to
the dd unix command.)
NoteBecause it writes to blocks that have no data, the DiskWipe utility should
be run only after the Rollback Utility.
adm-D-193
Important Notes
Note the following:
A rollback operation can take 10 to 20 minutes to complete, depending on
the hardware model.
The Rollback utility does not remove AppResponse Xpert software patches.
Therefore, you do not need to re-install software patches after Rollback.
Rollback and Diskwipe Procedure
Procedure D-1 Performing a Rollback and Diskwipe

The rollback command has the following options:
--noshut
Do not shut down the appliance when rollback is completed. This optional
argument is especially useful when accessing the appliance remotely.
When Rollback is complete, you can re-add the management IP address
without losing connectivity to the appliance.
--keeplicense
Do not delete the licenses during rollback. This optional argument is helpful
if you want to use the same licenses after the rollback.
3 Enter the rollback command with the options you wantfor example:
rollback --noshut --keeplicense
NoteYou must enter two hyphens before each argument.
When the rollback is complete, a CLI prompt asks if you want to run the
diskwipe utility. This utility overwrites all unused disk space on the specified
disk drives; specifically, the utility writes zeros to all blocks on the disk drive(s)
that have no data. (This utility is similar to the dd command in UNIX.)
4 If you choose to run diskwipe,now, enter one of the following commands:
for each disk drive
adm-D-194

5 Enter a command from the menu, press return, and follow the prompts.
End of Procedure D-1

The following procedure describes how to run the Diskwipe Utility after you run
the Rollback Utility. Because diskwipe writes to blocks that have no data, you
should run diskwipe only after you run rollback.
Procedure D-2 Running DiskWipe in Stand-Alone Mode
1 If the rollback command was just run without the --noshut argument and the
AppResponse Xpert appliance is currently turned off, then turn on the appliance.
3 Login to the appliance as an administrator.
4 Enter the DiskWipe command:
diskwipe
The DiskWipe utility menu appears.
5 Enter an option from the utility menu, press return, and follow the prompts.
for each disk drive
adm-D-195

End of Procedure D-2
ResetData Utility
The resetData CLI command deletes all traffic data stored on the appliance,
while retaining all user-specified configurations. Situations in which this
command can be useful include:
The appliance was configured incorrectly, resulting in inaccurate data, so
you correct the configuration and delete the data collected using the previous
configuration.
You want to move the appliance to a new location that requires only minor
changes to the appliance configuration, so you reconfigure the appliance and
delete all traffic data collected at the old location.
When you run the resetData command from the CLI, the following data is
deleted:
Metric data derived from monitored traffic, such as Application Stream
Analysis, Web Transaction Analysis, NetFlow Monitoring, and VoIP/Video
Monitoring
All packet capture data
All generated reports
The following data is retained:
All custom settings in the web UI
All custom settings in the Desktop Console: Business Group Manager,
Defined Application Manager, Preferred IP Manager, and so on
All certificate and private key information stored on the appliance (for
example, in the Web UI > System > Administration > Pages)
Note the following:
The resetData command is case-sensitive: all lowercase except for the
uppercase 'D'.
You must be logged in to the CLI as a user with Administrator privileges to
run this command.
adm-D-196
App EExpansion Chassis Setup and Administration
App E
Expansion Chassis Setup and Administration

The Expansion Chassis enables you to extend the storage capacity for
high-speed captures on an AppResponse Xpert appliance that supports High
Speed Captures such as the AL-4100, ARX-4200, ARX-4300, ARX-5000,
ARX-5100, or ARX-6000. The Expansion Chassis uses a pre-configured RAID
(R6) array of hard drives. You can monitor these hard drives and the overall
Expansion Chassis system using the command-line interface (CLI) on an
AL-4100, ARX-4200, ARX-4300, ARX-5000, ARX-5100, or ARX-6000
appliance.
Important Notes and Warnings

Note the following:
The Expansion Chassis package includes a 1-meter SAS cable. Riverbed
recommends that you mount the Expansion Chassis within 1 meter of the
appliance. A 2-meter cable is available by special order.
Each Expansion Chassis is configured at the factory to operate with a
specific appliance. The shipping information specifies the appliance to which
the Expansion Chassis should be attached.
WARNINGWhen turning on the appliances, first apply power to the
Expansion Chassis and wait for a few seconds until the blue indicator lights for
all hard drives come on. Only then is it safe to apply power to the appliance.
WARNINGWhen turning off the appliance, first shut down the appliance using
the halt command in the CLI or the Shutdown command available under
Administration > System > Action (you must be logged in as admin to shut down
the appliance). Wait for the appliance to power down completely after you shut
it down. Do not turn off the Expansion Chassis until the power light on the
appliance goes off.
WARNINGThe RAID card in the appliance does not support hot swapping.
Before you connect or disconnect an Expansion Chassis SAS interface cable
(SFF-8080), make sure that the power light on the appliance is off.
The following table shows the expansion chassis models that are compatible
with each appliance model.
adm-E-197
Expansion Chassis Compatibility by Appliance Model

The following table shows the expansion chassis models that are compatible
with each appliance model.
Table E-1
Expansion Chassis Compatibility by Appliance Model

S16
EXP-200
AL-4100
(expansion card required)
ARX-4200
EXP-300
ARX-4300
ARX-5000
X
X
ARX-5100
ARX-6000
(includes two controllers)
Installing and Configuring an Expansion Chassis

Follow these procedures to attach one or more Expansion Chassis to an
appliance and configure them to operate together:
Step 1: Connect the Appliance and Expansion Chassis on page adm-E-199
Step 2: Set Up the Expansion Chassis Disks on page adm-E-206
adm-E-198
Step 1: Connect the Appliance and Expansion Chassis

Use the following procedure to connect the Expansion Chassis to the appliance.
Procedure E-1 Connecting the Appliance to One or More Expansion Chassis

WarningBefore proceeding, verify that the appliance and all Expansion Chassis (if
any) are powered off.
1 Install the new Expansion Chassis in the equipment rack close to the appliance
(the supplied SAS cable is 1 meter in length).
2 Using the supplied AC power cords, connect the power supplies in each Expansion
Chassis to a conditioned power source.
3 Connect the appliance to the expansion chassis using SFF-8080 cables, based on
your appliance and Expansion Chassis model:
4100, 4200, and 5000 Appliance Connectivity with S-16 Expansion Chassis on
page adm-E-200
4100, 4200, and 5000 Appliance Connectivity with EXP-200 Expansion Chassis
on page adm-E-201
4300 and 5100 Appliance Connectivity with EXP-300 Expansion Chassis on
page adm-E-202
6000 Appliance Connectivity with EXP-300 Expansion Chassis on
page adm-E-204
4 Proceed to Step 2: Set Up the Expansion Chassis Disks on page adm-E-206.
End of Procedure E-1
adm-E-199
4100, 4200, and 5000

Appliance
Connectivity with
S-16 Expansion
Chassis
To attach an ARX-4100, -4200, or -5000 appliance to one, two, or three S16

expansion chassis devices, connect the ports as indicated in Table E-2 and
Figure E-1. Always use SFF-8080 cables.
After you finish connecting the appliance and chassis, proceed to Step 2: Set
Up the Expansion Chassis Disks on page adm-E-206.
Table E-2
4100 / 4200 / 5000 Appliance Connectivity

with S16 Expansion Chassis
Device (Port)
Device (Port)
appliance (expansion card, port B, bottom)
chassis 1 (expansion card, port A, top)
chassis 1 (expansion card, port B, bottom)
chassis 2 (expansion card, port B, bottom)
Figure E-1 4100 / 4200 / 5000 Appliance Connectivity with S16 Expansion
Chassis
Appliance
(expansion card, slot 5)
Expansion Chassis #1
adm-E-200
4100, 4200, and 5000

Appliance
Connectivity with
EXP-200 Expansion
Chassis
To attach an ARX-4100, -4200, or -5000 appliance to one, two, or three

EXP-200 expansion chassis devices, connect the ports as indicated in
Table E-3 and Figure E-2. Always use SFF-8080 cables.
Table E-3
4100 / 4200 / 5000 Appliance Connectivity

with S16 / EXP-200 Expansion Chassis
Device (Port)
Device (Port)
appliance (expansion card, port B, bottom)
chassis 1 (expansion card IN port, left)
chassis 1 (expansion card OUT port, right)
chassis 2 (expansion card IN port, left)
chassis 2 (expansion card OUT port, right)
chassis 3 (expansion card IN port, left
Figure E-2 4100 / 4200 / 5000 Appliance Connectivity with EXP-200 Expansion
Chassis
adm-E-201
4300 and 5100

Appliance
Connectivity with
EXP-300 Expansion
Chassis
To attach an ARX-4300 or ARX-5100 appliance to one or two EXP-300

expansion chassis, connect the ports as indicated in Table E-4 (below) and
Figure E-3 (next page). Always use SFF-8080 cables that are no longer than 1
meter.
Table E-4
adm-E-202
5100 or 4300 Appliance Connectivity

with EXP-300 Expansion Chassis
Device (Port)
Device (Port)
appliance (SAS-OUT)
chassis 1 (A1-IN bottom left)
chassis 1 (A2-IN top left)
chassis 1 (A1-OUT bottom right)
chassis 1 (A2-OUT top right)
Figure E-3 Port Connectivity between 4300 / 5100 Appliance and 300 Expansion Chassis
SAS-OUT port on
4300 / 5100 appliance
4300 / 5100 appliance
SAS-OUT
expansion chassis #1
A2-IN
A2-OUT
A1-IN
A1-OUT
A2-IN
A2-OUT
A1-IN
A1-OUT
IN / OUT ports on expansion chassis

A2-IN
A1-IN
A2-OUT
A1-OUT
adm-E-203
6000 Appliance
Connectivity with
EXP-300 Expansion
Chassis
To attach an ARX-6000 appliance to one, two, or three EXP-300 expansion

chassis, connect the ports as indicated in Table E-5 (below) and Figure E-4
(next page). Always use SFF-8080 cables.
Up the Expansion Chassis Disks on page adm-E-206
Table E-5
adm-E-204
ARX-6000 Port Connectivity with EXP-300 Expansion Chassis
Device (Port)
Device (Port)
appliance (A2-OUT left)
appliance (A1-OUT right)
Figure E-4 ARX-6000 Port Connectivity with EXP-300 Expansion Chassis
ARX-6000 appliance
A2-OUT
A1-OUT
A2-IN
A2-OUT
A1-IN
A1-OUT
A2-IN
A2-OUT
A1-IN
A1-OUT
IN / OUT ports on expansion chassis

A2-IN
A2-OUT
A1-IN
A1-OUT
A2-IN
A2-OUT
A1-IN
A1-OUT
adm-E-205
Step 2: Set Up the Expansion Chassis Disks

This step mounts the new hard drives and configures AppResponse Xpert to
use them.
Procedure E-2 Setting Up the Expansion Chassis Disks
NoteThis procedure requires AppResponse Xpert version 8.0.8 or higher (for
4100, 4200, and 5000 appliances) and 8.6.8 or higher (for 4300, 5100, and 6000
appliances). If the appliance does not have an appropriate version installed,
contact Technical Support for upgrade assistance.
1 Apply power to each Expansion Chassis and wait for a few seconds until the blue
indicator lights for all hard drives come on. Then apply power to the appliance.
2 Open a CLI window and log in to the appliance as admin.
3 If you are setting up a new (never used) EXP-300 expansion chassis connected to
a 4300 or 5100 appliance, do step 3.1.
For all other setup scenarios, skip this step and proceed to step 4.
3.1 Run one of the following commands, depending on the appliance model:
exenroll 4300
exenroll 5100
4 Run the command:
exls
For each expansion chassis, the CLI shows the serial number (Label), the disk
ID (Disk), and the mount point (Mounted On). If an Expansion Chassis has not
been set up, it appears as UNENROLLED in the Mounted On column. Here are
some examples:
4100-S16 or 200 Expansion Chassis connected to 4100, 4200, or 5000
appliance:
# exls
Label
Disk
Mounted On
00063005A01
da3p1
UNENROLLED
00063001A01
da2p1
UNENROLLED
300 Expansion Chassis connected to 4300 or 5100 appliance:
# exls
Label
Disk
Mounted On
NADE3300002BA01
mfid2p1
UNENROLLED
NADE3300002TA01
mfid3p1
UNENROLLED
300 Expansion Chassis connected to 6000 appliance:
# exls
Label
Disk
NADE3300001A01
stripe/NADE3300001GSp1
adm-E-206
Mounted on
UNENROLLED
5 For each Expansion Chassis that is listed as UNENROLLED in the Mounted On

column, run the command:
exenroll <serial-number>
Each specified Expansion Chassis is configured for operation.
6 Verify that each Expansion Chassis was added by running the exls command
again. For example, the following sample shows that all Expansion Chassis are
mounted and ready for use:
# exls
Label
NADE3300002BA01
NADE3300002TA01
Disk
mfid2p1
mfid3p1
Mounted on
/ex/1/0
/ex/2/0
Viewing Status on the Appliance

The following utilities provide information about the operation of attached disk
arrays:
raid Utility
tw_cli Utility (4100, 4200, and 5000 Appliances Only)
raid Utility
raid is a command-line program that is useful for viewing high-level array and
device information for both internal and external RAID controllers. To view
high-level information about all RAID controllers, arrays, and devices, do the
following:
1) Open a CLI window and log in to the appliance as admin.
2) Run the command:
raid
3) From the RAID menu, run the command:
status
Figure E-5 shows an example of RAID status command output from an
appliance with one EXP-300 expansion chassis.
Figure E-5 raid status Output (Example)
RAID menu: status
ARX6000-000000 (rev. 2013-08)
mfi0/0 status as of 2013/08/13-01:10:42 GMT: ONLINE
adm-E-207

Disk
1
2
3
4
VD
0
0
0
0
Name
0:252:00
0:252:01
0:252:02
0:252:03
Model
Number
ST480FN0021
ST480FN0021
ST480FN0021
ST480FN0021
Serial
Number
P3Y010AE
P3Y010FB
P3Y0114E
P3Y01140
Volumes: Volume Volume RAID Volume

ID
Name
Level Size
Status
VD0/0 ARX6000OS 5
1TB
Optimal
Volumes:
Volume Volume RAID Volume
ID
Name
Level Size
VD0/0 ARX6000OS 5
1TB
SMART
Status
OK
OK
OK
OK
Port
Status
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Up
Up
Up
Up
Volume
Volume
Status
Optimal
Disk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
VD
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
1
1
1
Name
1:245:00
1:245:01
1:245:02
1:245:03
1:245:04
1:245:05
1:245:06
1:245:07
1:245:08
1:245:09
1:245:10
1:245:11
1:058:00
1:058:01
1:058:02
1:058:03
1:058:04
1:058:05
1:058:06
1:058:07
1:058:08
1:058:09
1:058:10
Model
Number
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
Volumes:
Volume Volume RAID Volume
ID
Name
Level Size
VD1/0 ARX6000GSB 6
18TB
VD1/1 E3B
6
18TB
Serial
Number
Z1Y02D05
Z1Y02D06
Z1Y02D07
Z1Y02D08
Z1Y02D09
Z1Y02D10
Z1Y02D11
Z1Y02D12
Z1Y02D13
Z1Y02D14
Z1Y02D15
Z1Y02D16
Z1Y02D17
Z1Y02D18
Z1Y02D19
Z1Y02D20
Z1Y02D21
Z1Y02D22
Z1Y02D23
Z1Y02D24
Z1Y02D25
Z1Y02D26
Z1Y02D27
SMART
Status
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
Port
Status
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Volume
Status
Optimal
Optimal

Disk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
adm-E-208
VD
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
1
Name
2:245:00
2:245:01
2:245:02
2:245:03
2:245:04
2:245:05
2:245:06
2:245:07
2:245:08
2:245:09
2:245:10
2:245:11
2:045:00
2:045:01
2:045:02
2:045:03
2:045:04
Number
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
Number
Z1Y02D43
Z1Y02D44
Z1Y02D45
Z1Y02D46
Z1Y02D47
Z1Y02D48
Z1Y02D49
Z1Y02D50
Z1Y02D51
Z1Y02D52
Z1Y02D53
Z1Y02D54
Z1Y02D55
Z1Y02D57
Z1Y02D58
Z1Y02D59
Z1Y02D60
Status
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK
Status
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Online, Spun
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up

18
19
20
21
22
23
1
1
1
1
1
1
2:045:05
2:045:06
2:045:07
2:045:08
2:045:09
2:045:10
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
ST3000NM0033-9ZM178
Volumes:
Volume Volume
RAID Volume
ID
Name
Level Size
VD2/0 ARX6000GST 6
18TB
VD2/1 E3T
6
18TB
Z1Y02D61
Z1Y02D62
Z1Y02D63
Z1Y02D64
Z1Y02D65
Z1Y02D66
OK
OK
OK
OK
OK
OK
Online,
Online,
Online,
Online,
Online,
Online,
Spun
Spun
Spun
Spun
Spun
Spun
Up
Up
Up
Up
Up
Up
Volume
Status
Optimal
Optimal
tw_cli Utility (4100, 4200, and 5000 Appliances Only)

tw_cli is a command-line utility for RAID controllers. This utility is not
supported on 4300, 5100, or 6000 appliance models.
You can run this utility from the CLI using the raid command as described in
raid Utility. To view the status for a specific controller, run the command:
tw_cli /cn show
where n is the controller number. For example, for the status of Controller 0,
enter:
tw_cli /c0 show
Troubleshooting Expansion Chassis Operations

Issue: (File System) Does Not Exist or Is Not Mounted
After you install and configure the appliance, you can run the exls command
to see the file system on the expansion chassis:
cmd# exls
Label
NADE3300001A01
NADE3300002A01
Disk
Mounted On
/ex/1/0
/ex/2/0
If the file system does not appear, repeat the steps in Installing and Configuring
an Expansion Chassis on page adm-E-198 to ensure that the file system is
configured and mounted correctly.
If this does not resolve the issue, contact Riverbed Technical Support.
Configuring Storage on Expansion Chassis

You can specify the percentage of disk space to reserve on each Expansion
Chassis for
captured packets (Rolling Buffer)
adm-E-209
alert snapshots (Snapshot Buffer)

individual page views (Web Transaction Analysis)
Figure E-6 Expansion Chassis Configuration Options
(Administration > System > Capture Page)
The Administration > System > Capture web page includes storage
configuration options for every Expansion Chassis that is connected to the
appliance. The following steps outline the general workflow:
1) Specify the percentage of total disk space reserved for Rolling Packet
Storage.
The Remaining Storage label updates automatically based on the new
percentage.
2) Specify the percentage of remaining disk space reserved for alert
snapshots and individual page views.
The Snapshot Storage and Individual Pages Storage fields update
automatically based on the new percentage.
3) Repeat this process for each Expansion Chassis that is connected to the
appliance.
4) Scroll to the bottom of the page and click Apply.
NoteThe configuration options for each expansion chassis are stored on the
chassis itself, not on the appliance to which it is attached. This ensures that the
chassis configuration is persistent even if you move the chassis to a different
appliance.
adm-E-210
Removing an Expansion Chassis

WarningFailure to perform this procedure exactly as described might result
in loss of data or other issues.
Procedure E-3 Removing an Expansion Chassis from an Appliance
1 Log in to the appliance as admin.
2 Power down the appliance and Expansion Chassis exactly as described in the
following steps.
2.1 Power down the appliance using the halt command in the CLI or the
Shutdown command (in the Administration > System > Action treeview).
2.2 Wait for the power light on the appliance to turn off so that you are sure that
the appliance is powered down completely.
2.3 Press the Power button the Expansion Chassis and wait for it to power down
completely.
3 Remove the power cord and SAS cable from the Expansion Chassis.
adm-E-211
adm-E-212
Index
Index
A
activate an extended feature, adm-1-34, adm-1-60
alerts
appliance, adm-1-43
descriptions, adm-1-50 to adm-1-51
hardware, adm-1-48
heartbeat, adm-1-43
other, adm-1-48
settings, adm-1-49
software, adm-1-48
syslog, adm-1-39
appliance
available models, adm-2-79
BGP, adm-2-88
installation, adm-2-77
physical configuration, adm-2-80
appliance information window, adm-1-18
appliance overview, adm-2-78
ARX-1200
back panel, adm-2-94, adm-2-96
ARX-2100
back panel, adm-2-95
overview, adm-2-80
ARX-3100
overview, adm-2-80
ARX-3150
overview, adm-2-79
ARX-3170
back panel, adm-2-99, adm-2-101, adm-2-103
overview, adm-2-79
ARX-3200
overview, adm-2-79
ARX-3300
overview, adm-2-79
ARX-3700
overview, adm-2-79
ARX-4100
front panel, adm-2-116
ARX-4100 (10G)
overview, adm-2-79
ARX-4100 (1G)
overview, adm-2-79
ARX-4100-S16
ARX-4200

overview, adm-2-79
ARX-4300
overview, adm-2-79
ARX-5000
back panel, adm-2-107 to adm-2-109
overview, adm-2-79
ARX-5100
overview, adm-2-79
ARX-6000
overview, adm-2-79
B
backup and recovery
backup
global vs. local, adm-5-149
on-demand, adm-5-161
pre-configurations and verifications, adm-5-151
schedule, adm-5-156
servers, adm-5-152
view list of, adm-5-163
best practices and guidelines, adm-5-168
error logs, adm-5-170
estimate backup/recovery time, adm-5-168
general workflow, adm-5-150
introduction, adm-5-148
recovery
different appliance, adm-5-166
guidelines, adm-5-169
partial, adm-5-165
same appliance, adm-5-164
SSH vs. FTP protocol, adm-5-168
troubleshoot, adm-5-170
BGP and the appliance, adm-2-88
BGP settings, adm-2-128
bundles
core, adm-1-45
log, adm-1-45
web interface, adm-1-45
C
CLI
software updates, adm-B-183
cli
configure number of span ports during installation, adm-2-127
configuring
using the cli, adm-2-123
copper tap, adm-2-85
core bundles, adm-1-45
adm-IX-213
D
COREFILE (software alert), adm-1-51
CPUCNT (hardware alert), adm-1-50
CPUTEMP (hardware alert), adm-1-50
CPUTEMPMARG (hardware alert), adm-1-50
D
DAQERR (software alert), adm-1-51
deduplication, adm-1-49
DIAGINT (software alert), adm-1-51
diagnostic reports
automatic, adm-1-45
email, adm-1-47
manual, adm-1-45
status, adm-1-53
web interface, adm-1-47, adm-1-53
diagnostics, adm-1-45
alert descriptions, adm-1-50 to adm-1-51
alert setttings, adm-1-49
alerts, adm-1-48
bundle, adm-1-45
log viewer, adm-1-53
reports, adm-1-47
status, adm-1-53
director
software update, ADM-A-181
DISKIO (hardware alert), adm-1-50
DMCNAPPL (software alert), adm-1-51
DMCNDIR (software alert), adm-1-51
DMCNSYNC (software alert), adm-1-51
dmq, adm-1-35
dns, adm-2-127
domain, adm-2-124, adm-2-127
dual span port, adm-2-84
H
halt, adm-1-37
hardware alerts
host name, adm-2-126
HSCBADPKT (hardware alert), adm-1-50
I
installation
ACE Live appliance, adm-2-77
additional information, adm-2-87
appliance installation procedure, adm-2-118
cli, adm-2-122
inventory, adm-2-93
network coverage, adm-2-85
network placement considerations, adm-2-85
preparation sheet, adm-2-92
rackmount, adm-2-119
span port, adm-2-127
wiring the appliance using a span port, adm-2-120
wiring the appliance using a tap, adm-2-121
internal address list, adm-2-81, adm-2-85, adm-2-128
internal services, adm-2-91
ip address, adm-2-127
IPDROP (software alert), adm-1-52
email
diagnostic reports, adm-1-47
encapsulation, adm-2-87
encryption, adm-2-87
external services, adm-2-88
last internal as, adm-2-128

license
appliance, adm-1-59
software, adm-1-59
license key, adm-1-59
license manager, adm-1-59
licensing
extended feature, adm-1-60
log bundles, adm-1-45
log viewer
login, adm-1-22
FANRPM (hardware alert), adm-1-50

features not visible, adm-1-59
fiber tap, adm-2-85
firewall configuration, adm-2-88
FLOWPKTLSS (software alert), adm-1-51
flowstats, adm-1-42
fset, adm-1-36
FSFREE (software alert), adm-1-51
mailmgr, adm-1-34
management console
troubleshooting, adm-3-139
management interface, adm-2-127
management nic, adm-2-127
manager
user admiin, adm-1-26
MIPMAPCHK (software alert), adm-1-52
modified frame formats, adm-2-86
mta_masq_domain, adm-1-34
mta_relay, adm-1-34
mta_relay_port, adm-1-34
G
gateway, adm-2-124, adm-2-127
adm-IX-214
N
NETFLOWDRP (hardware alert), adm-1-50
NETGW (software alert), adm-1-52
netmask, adm-2-127
network address translation, adm-2-87
network configuration settings, adm-2-126
network placement, adm-2-85
802.1q, adm-2-86
asymmetric traffic, adm-2-86
encapsulation, adm-2-87
encryption, adm-2-87
header obscurity, adm-2-87
isl, adm-2-86
jumbo frames, adm-2-86
maximum traffic rate, adm-2-86
modified frame formats, adm-2-86
network address translation, adm-2-87
network coverage, adm-2-85
security considerations, adm-2-87
span port, adm-2-85
tunneling, adm-2-87
NICCNT (hardware alert), adm-1-50
NICDOWN (hardware alert), adm-1-51
NICPKLIM (software alert), adm-1-52
NICPKTLSS (hardware alert), adm-1-51
NOTIFCHK (software alert), adm-1-52
NOTIFCON (software alert), adm-1-52
np appliance
troubleshooting, adm-3-135 to adm-3-136
verifying operations, adm-3-135
NTP public server, adm-2-129
NTPCON (software alert), adm-1-52
ntps, adm-2-128
O
other alerts
P
copper/fiber tap, adm-2-85
dual span port, adm-2-84
single span port, adm-2-84
physical configurations, adm-2-80
port
dual span, adm-2-84
single span, adm-2-84
ports
used for network communications, adm-2-88
preparation sheet, adm-2-92
privileges, adm-1-27
R
rackmount and wire the appliance, adm-2-119
N
radius, adm-1-24
reboot, adm-1-37
recovery. See backup and recovery
release-current, adm-B-185
release-list, adm-B-185
release-update command, adm-B-183
restore. See backup and recovery
S
services
internal and external, adm-2-88
set the internal address list, adm-2-128
setup, adm-1-31
single span port, adm-2-84
snmp
agent port, adm-1-44
community string, adm-1-43
enable/disable snmp agent, adm-1-43
trap destination, adm-1-43
software alerts
software update
appliance, ADM-A-179
deleting old releases, ADM-A-181
director, ADM-A-181
web ui, ADM-A-179
software updates in CLI, adm-B-183
span port
SQLCHK (software alert), adm-1-52
SQLCON (software alert), adm-1-52
SQLPROC (software alert), adm-1-52
SQLRST (software alert), adm-1-52
SYSCRASH (software alert), adm-1-53
syslog alerts, adm-1-39
SYSPWR (hardware alert), adm-1-51
SYSREBOOT (software alert), adm-1-53
system requirements
SYSTEMP (hardware alert), adm-1-51
T
tcp dump
expression format, adm-C-187
time zone, adm-2-128
traceroute
firewall configuration, adm-2-91
traceroutes
automated, adm-1-41
selection algorithm, adm-1-41
types, adm-1-42
traffic filters, adm-1-56
traffic symmetry, adm-2-86
traffic volume, adm-2-86
adm-IX-215
U
management console, adm-3-139
np appliance, adm-3-136
U
Updating
software in CLI, adm-B-183
user admin manager, adm-1-26
V
verifying operations, adm-3-135
viewlog, adm-1-35

alerts, adm-1-48
diagnostic reports, adm-1-47, adm-1-53
diagnostics page, adm-1-45
log viewer, adm-1-53
logging in, adm-1-22
ports page, adm-1-58
snmp page, adm-1-44
software update, ADM-A-179
system requirements, adm-2-125
traceroute, adm-1-42
web interface system setup page, adm-2-126
WEBCON (software alert), adm-1-53
WEBGET (software alert), adm-1-53
wire the Appliance using a span port, adm-2-120
W
adm-IX-216

Appresponse Xpert Administrator Guide.9.0.3.712 00195 02 - Rev 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Appresponse Xpert Administrator Guide.9.0.3.712 00195 02 - Rev 2

Uploaded by

Copyright:

Available Formats

AppResponse Xpert

Product Release 9.0.3

AppResponse Xpert Administrators Guide

AppResponse Xpert/Release 9.0

AppResponse Xpert Administrators Guide

Copyright and Contacts

Copyright and Contacts

Document Title: AppResponse Xpert Administrators Guide

Protected by U.S. Patents 7,277,843; 7,337,206; 7,443,870; 7,519,700;

(C) Copyright1987-2014 Riverbed Technology. All rights reserved.

AppResponse Xpert/Release 9.0

Copyright and Contacts

AppResponse Xpert Administrators Guide

Terms and Conditions of Use

Intellectual Property and Proprietary Notices

Restricted Rights Legend

No Warranty and Limitation of Liability

AppResponse Xpert/Release 9.0

AppResponse Xpert Administrators Guide

Copyright and Contacts

Destination Control Statement

AppResponse Xpert/Release 9.0

Copyright and Contacts

AppResponse Xpert Administrators Guide

AppResponse Xpert/Release 9.0

Administration and Maintenance

Installing the Appliance

AppResponse Xpert/Release 9.0

BGP and the AppResponse Xpert Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Verifying Appliance Operations

AppResponse Xpert Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

AppResponse Xpert/Release 9.0

Verifying Diagnostic Reporting, SNMP, and Backup Server Configuration . . . . . . . . . . . . . . . . . . .

How to Set Up IPv6 on an Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Backup and Recovery of Appliance Data

Software Updates from the Administration > System Web UI

Updating an Appliance that has Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Backup and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

AppResponse Xpert/Release 9.0

Software Updates Using the CLI

Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Berkeley Packet Filter Syntax

Removing Residual Data from Appliance Disk Drives

Expansion Chassis Setup and Administration

AppResponse Xpert/Release 9.0

Important Notes and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

AppResponse Xpert/Release 9.0

1Administration and Maintenance

Administration and Maintenance

1Administration and Maintenance

Configuring Network Ports

AppResponse Xpert/Release 9.0

1Administration and Maintenance

AppResponse Xpert/Release 9.0

1Administration and Maintenance

Procedure 1-1 Showing/Hiding Fields in the Audit Log

The Show/Hide Columns Window appears.

AppResponse Xpert/Release 9.0

1Administration and Maintenance

Figure 1-4 Audit log - Show/Hide Columns Window

2 Select the fields to display. Unselect the fields to not display.

AppResponse Xpert/Release 9.0

1Administration and Maintenance