-
Cisco ACNS Software Configuration Guide for Locally Managed Deployments, Release 5.5
-
Preface
-
Chapter 1: Introduction
-
Chapter 2: Understanding the Basics
-
Chapter 3: Deployment Scenarios for Standalone Content Engines
-
Chapter 4: Getting Started
-
Chapter 5: Performing Other Basic Tasks for Standalone Content Engines
-
Chapter 6: Configuring Transparent Redirection for Standalone Content Engines
-
Chapter 7: Configuring Conventional Caching Services for Standalone Content Engines
-
Chapter 8: Configuring RealMedia Services on Standalone Content Engines
-
Chapter 9: Configuring WMT Streaming Media Services on Standalone Content Engines
-
Chapter 10: Configuring Content Authentication and Authorization on Standalone Content Engines
-
Chapter 11: Configuring Content Preloading and URL Filtering on Standalone Content Engines
-
Chapter 12: Configuring ICAP on Standalone Content Engines
-
Chapter 13: Configuring the Rules Template on Standalone Content Engines
-
Chapter 14: Configuring Primary and Backup Proxy Servers for Standalone Content Engines
-
Chapter 15: Configuring Advanced Transparent Caching Features on Standalone Content Engines
-
Chapter 16: Updated Configuring Additional Network Interfaces and Bandwidth on Standalone Content Engines
-
Chapter 17: Configuring Administrative Login Authentication and Authorization on Standalone Content Engines
-
Chapter 18: Configuring AAA Accounting on Standalone Content Engines
-
Chapter 19: Creating and Managing IP Access Control Lists for Standalone Content Engines
-
Chapter 20: Viewing and Modifying TCP Stack Parameters on Standalone Content Engines
-
Chapter 21: Monitoring Standalone Content Engines and Transactions
-
Chapter 22: Troubleshooting
-
Appendix A: Content Engine GUI Menu Options
-
Appendix B: Reference Material for Standalone Content Engine Deployments
-
Index
-
Table Of Contents
Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
Symbols
* wildcard character 7
.gz extension 44
.nsc file 39
.pac files 37
A
AAA accounting
activating on Content Engine 5
command accounting 2
displaying configuration of 8
EXEC shell accounting 2
overview of 2
statistics for 8
system accounting 2
with TACACS+ 2
AAA-based management systems 16
accelerated WCCP support 34
access control
authentication and authorization
of administrative login 1
of content requests 2
IP ACLs 2
RealProxy 8
access control lists. See IP ACLs
access control services, deploying 15
accessing
Content Engine CLI 50
Content Engine GUI 55
access lists, group name-based
disabling 53
for group authorization 47
access lists, WCCP
configuring 20
displaying 20
access-lists 300 command 46
access-lists 300 deny groupname any command 49
access lists enable command 46
ACLs. See IP ACLs
ACNS software CLI
accessing 51
command modes 8
ACNS solution
components of 1
overview of 1
Active Directory groups
description of 33
group searches 49
administrative login accounts
default account 19
managing 3
types of 3
administrative login authentication and authorization
default 3
for standalone Content Engines 2
local database
description of 6
enabling and disabling 16
overview of 2
RADIUS
enabling and disabling 17
overview of 6
TACACS+
enabling and disabling 18
overview of 7
administrative login authentication failover 4
administrative users
AAA accounting for 2
login accounts for 3
administrator levels
normal-level users 3
superusers 3
advanced caching features 14
alarm information
for all alarms 15
for critical alarms 15
for major alarms 15
for minor alarms 15
alarms
displaying
counts of 17
history of 15
list of 15
status of 17
overload of 13
alarm traps
configuring 14
disabling 14
enabling 14
generating 14
list of 14
Apache CLF transaction logging format 36
Apache-style transaction logging 36
Application and Content Networking System. See ACNS
AUP
configuration of 54
description of 54
authenticated HTTP cache settings 12
authentication
content authentication 1
end-to-end authentication 13
HTTP request authentication 13
traffic bypass 2
WMT proxy authentication 10
authentication, authorization, and accounting. See AAA
authentication cache
configuring 12
size adjustments 12
authentication configuration local command 17
authentication configuration radius command 15
authentication configuration tacacs command 19
authentication databases
standalone Content Engines and 2
types of 2
authentication fail-over command 4
authentication local login command 15
authentication login local command 17
authentication login radius command 15
authentication login tacacs command 19
authentication servers
LDAP servers 5
NTLM servers 5
RADIUS servers 5
authorization
administrative login authorization 1
content authorization 11
B
bandwidth
and network resources 11
interface, configuring 11
bandwidth configuration 11
advanced configuration 26
incoming and outgoing 23
subnet-based bandwidth control 24, 12
bandwidth control
and content preloading 11
binary objects, description of 2
BIOS upgrades 24
block.html
customized blocking message 17
browser configuration
for direct proxy routing 5
bypass
authentication traffic 2
static 7
bypass auth-traffic command 5
bypass gateway command 5
bypass lists
displaying summary of 3
static entries in 7
bypass load command 8
bypass options
disabing for URL filtering 12
bypass timer command 4
C
cache
expiration date 10
cache freshness
for HTTP cache 9
cache hits
description of 2
refresh 13
cache misses
description of 2
no-proxy action 13
using upstream proxy 13
caching
CTE HTTP objects 7
description of 2
disabling for certain clients 24
hierarchy 10
HTTP and 2
network protocols and 2
nontransparent caching
proxy-style 13
terminology 8
TFTP and 2
transparent caching 14
caching and streaming services
with direct proxy routing 13
with transparent redirection 14
caching services
configuring with Setup utility 11
conventional caching services 2
RTSP streaming and caching services 5
WMT streaming and caching services 5
calendar
setting 4
caveats
pattern list group type 35
CDP. See Cisco Discovery Protocol
cfs
characters
special 34
chunked transfer coding, description of 7
Cisco Discovery Protocol
enabling 2
purpose of 2
Cisco IP/TV, description of 11
Cisco Streaming Engine, description of 10
CiscoWorks2000 26
clear ip access-list counter 24
clear ip wccp command 1
for WCCP Version 2 34
clear statistics rule command 33
clear statistics rule rtsp command 33
clear statistics tacacs command 8
clear websense command 27
clear wmt incoming command 45
clear wmt outgoing command 46
clear wmt stream-id command 46
CLF, description of 36
CLI
accessing 51
command modes 8
EXEC mode 9
global configuration mode 9
HTTPS server configuration mode 9
interface configuration mode 9
keyboard shortcuts 10
logging in to 50
online help
accessing 10
usage guidelines 10
clients
description of 3
support of 12
clock
clearing and setting 4
daylight saving and local time, setting 4
displaying standard timezones 4
UTC offset, setting 4
clock summertime command 4
command accounting
activating on Content Engine 2
overview of 4
command-line interface. See CLI
configuring
AAA accounting 1
administrative login authentication and authorization 8
alarm traps 14
authentication and authorization
for administrative users 8
for content requests 1
bandwidth 11
content preloading 2
conventional caching services 2
custom-web-cache service
on Content Engine 20
dns-cache service
on Content Engines 62
FTP connection settings 36
FTP native caching service
on Content Engines 55
HTTP request authentication 16
https-cache service
on Content Engines 27
on WCCP routers 29
ICAP services 4
interface bandwidth 11
IP ACLs 10
IP spoofing 10
native ftp caching service
on WCCP routers 29
passwords 24
playserver 10
RADIUS authentication 10
reverse-proxy service
on Content Engines 23
on WCCP routers 33
Rules Template 1
standard web-cache service
on Content Engines 18
on WCCP routers 27
static bypass 7
transaction logging 1
URL filtering 1
user-defined WCCP services 15
content
classifications 5
on-demand 5
preloaded 5
pre-positioned 6
types of 5
content authentication
of HTTP requests 13
overview of 2
content authorization
of LDAP users 47
of NTLM users 48
overview of 2
content distribution, types of 5
Content Engine
ACNS software GUI
logging out 57
main components of 53
automatic reload 18
bandwidth configuration 11
configuring for IP spoofing 10
configuring for WCCP 11
mounting to a NAS device 13
rebooting 24
removing or replacing 24
security 35
Content Engine administrators
normal-level users 3
superusers 3
Content Engine CLI
command modes 8
logging in to 50
logging out of 52
online help 10
Content Engine clusters
configuring ICP clients for 5
configuring ICP servers for 5
Content Engine GUI
disabling access to 54
enabling access to 54
exiting 57
feature tabs 2
logging in to 55
logging out from 57
managing administrative login accounts 8
Reporting tab and subtabs 7
System tab and subtabs 6
WCCP tab and subtabs 2
content preloading
configuring 2
creating filter for 5
creating preload URL list file 3
default start time 5
enabling 2
forcing 5
NTLM preloading support 2
preloading authenticated content 3
resuming after aborting 11
scheduling 5
setting DSCP 6
setting Type of Service (ToS) 6
specifying maximum bandwidth for 5
stopping operation 11
viewing statistics for 8
viewing statistics for current preload 8
viewing status of current preload 7
conventional caching services
configuring 2
conventions, documentation 26
copy running-config command 13
CTE HTTP objects, caching 7
custom blocking messages
in URL filtering 12
custom format transaction logging 36
custom messages
for FTP proxy responses 19
for HTTP requests 14
custom web cache service
configuring
on Content Engines 20
on WCCP routers 32
D
daylight savings time
setting 4
daylight saving time
setting 4
debug ip wccp events command 42
debug ip wccp packets command
for WCCP Version 1 42
debug wmt error command 55
debug wmt trace command 55
default administrative login account 19
default user account 3
directing requests back to proxy server 7
direct proxy routing
caching services with 13
configuring
browsers for 5
media players for 5
forward proxy caching and 3
streaming services with 13
supported services for 13
disabling
access to Content Engine GUI 54
caching for certain clients 24
local authentication and authorization 16
persistent connections 68
RADIUS authentication 20
RADIUS authentication and authorization 17
RealProxy caching 30
SNMP agents 10
TACACS+ authentication and authorization 18
transparent caching services 14
WCCP flow redirection 17
disk add command 9
disk config command 11
disk config sysfs command 10
disk configuration, displaying 12
disk configuration settings
configuring
through CLI 14
through Setup utility 14
disk delete-partitions command 11
disk drives
error handling thresholds
description of 18
specifying 18
manually unmarking 19
removing partitions from 11
disk error-handling reload command 18
disk error-handling threshold command 18
disk mark command 19
disk partitions, removing 11
disks
configuring
sysfs space 11
storage types 9
disk unuse command
disk drives
unusing 12
dns-cache service
configuring
on routers 28
on standalone Content Engines 62
DNS caching service
configuring WCCP transparent interception for 64
disabling 67
overview of 63
dns use-original-server command 64
documentation conventions 26
DSCP
rule action 12
Rules Template 6
dynamic traffic bypass 5
E
ecn enable command 3
EIM
through content authentication 2
through group-based authorization 11
through URL filtering with SmartFilter 39
employee Internet management. See EIM
enabling 2
dynamic authentication bypass 4
local authentication and authorization 16
persistent connections 68
RADIUS authentication and authorization 17
SNMP agent 6
transparent error handling 5
WCCP 12
WCCP flow redirection 17
WCCP on routers 23
enabling and disabling
NTLM allow domain lists 44
error logging, WMT 11
EtherChannel configuration 2
Ethernet MAC address mapping 17
EXEC CLI mode 9
EXEC shell accounting
activating on Content Engine 2
overview of 3
extended IP ACLs
configuration examples 22
configuring 10
supported conditions 14
supported keywords 12
TCP keywords 12
typical uses of 5
Extended Squid-style transaction logging 35
Extended Squid transaction log format 36
external FTP server
exporting transaction logs to 43
permanent error from 45
F
failover
for administrative login authentication 4
Fast Cache
configuring on Content Engines 31
Fast Start
configuring on Content Engines 29
Fibre Channel interface
configuring 9
file system types
description (table) 9
filtering services
deploying 15
URL filtering 11
flow protection
WCCP 9
forwarding
HTTP, HTTPS, and FTP proxy-style requests 7
forward proxy caching, overview of 3
FTP
configuring connection settings 38
description of 2
FTP native caching
overview of 54
FTP caching
nontransparent FTP native caching 42
transparent FTP native caching 54
ftp min-ttl command 10
FTP native caching
nontransparent caching
caching 42
overview of 54
transparent caching
configuring 55
displaying statistics for 46, 58
ftp native caching service
configuring on standalone Content Engines 55
ftp-native custom-message command 19
ftp-native proxy active-mode command 55
FTP native proxy servers
displaying configuration of 57
FTP objects
configuring object freshness 4
FTP-over_HTTP proxy servers
displaying configuration of 41
displaying statistics for 41
FTP-over-HTTP caching
configuring 39
ftp-over-http object max-size command 40
ftp-over-http proxy active-mode enable command 40
ftp-over-http proxy anonymous-pswd command 40
FTP-over-HTTP proxy caching
specifing incoming ports 39, 43
ftp-over-http proxy incoming command 39, 43
ftp-over-http proxy outgoing command 40
ftp-over-http proxy outgoing monitor command 8
ftp-over-http reval-each-request all command 40
ftp proxy outgoing host command 4
FTP requests
native
configuring access lists for 42, 19
configuring nontransparent FTP native caching 42
configuring proxy authentication for nontransparent requests 55
configuring transparent FTP native caching 54
creating custom messages for 19
ftp-server gw proto command 60
FTP servers
exporting transaction logs to 43
FTP statistics, displaying 28
G
generic routing encapsulation. See GRE encapsulation
global configuration CLI mode 9
global exclusion from proxy forwarding 7
GLOP addresses 17
GRE encapsulation 5
group authorization
Active Directory group searches 49
methods of 2
of LDAP users 47
GUI. See Content Engine GUI
gui-server command 54
gzip format
to compress archived log files 44
H
healing mode, configuration of 70
hierarchical caching 10
hostname command 14
HTTP 14
authenticated cache settings 12
cache freshness settings 9
outgoing proxy exclusion 5
proxy failover 2
status codes of 37
http age-multiplier command 10, 11
http append x-forwarded-for-header command 15, 11
http authenticate-strip-ntlm command 8
HTTP authentication cache
configuring 12
displaying configuration of 16
HTTP authentication cache, configuring 12
http authentication cache timeout command 17
http authentication command 12
http cache-authenticated ntlm command 2, 3
http cache-chunk-encoded enable command 7
http cache-cookies command 10
HTTP caching
configuring
nontransparent forward proxy caching 8
reverse proxy caching 23
transparent HTTP forward proxy caching 17
types of 7
http cluster command 71
http cluster heal-port command 71
http cluster http-port command 71
http cluster max-delay command 71
http cluster misses command 72
http custom-error-page command 16
http l4 switch enable command 5
http max-ttl command 11
http monitor url command 5
HTTP objects
configuring object freshness 4
HTTP proxy caching
configuring
through Content Engine CLI 7
through Setup utility 29
http proxy incoming command 14
http proxy outgoing host command 3
http proxy outgoing monitor command 8
http proxy outgoing origin-server command 2
HTTP request authentication 44
configuring 16
hierarchical caching
in proxy server mode 14
logging failures of 50
methods of 2
overview of 13
transaction logging 18
transparent mode 15
HTTP requests
creating custom message pages for 14
http reval-each-request all command 11
http reval-each-request command 11
HTTP reverse proxy caching
configuring
through Content Engine CLI 14
through Setup utility 14
HTTPS
description of 3
Rules Template with 2
server configuration CLI mode 9
statistics, displaying 28
https-cache service
configuring
on sContent Engines 27
on WCCP routers 29
HTTPS caching
configuration of 24
SSL termination and 24
https certgroup command 33
https command 32
HTTPS errors, displaying 28
HTTPS outgoing proxy servers
configuring 27
displaying current state of 27
https proxy command 26
HTTPS proxy commands 26
https proxy outgoing host command 34, 4
https proxy outgoing monitor command 8
HTTPS statistics, displaying 28
HTTP statistics, displaying 28
HTTP transparent caching
configuring
through Content Engine CLI 14
through Setup utility 14
I
ICAP 5
approved vendors 3
configuring
Content Engine settings 5
server 8
services 7
maximum file size supported 4
overview of 1
icap append-x-headers command 5
icap apply command 4
icap bypass streaming-media command 6
icap logging enable command 4
icap service command 7
ICAP services
configuring 4
description of 2
icap service server command 8
ICP
client settings 73
server settings 74
icp client command 73
ICP clients
configuring 5
icp server command 74
ICP server configuration 74
IFP
role of 19
inetd enable tftp command 59, 60
interface bandwidth 11
interface configuration CLI mode 9
interface-level DHCP 7
Internet Assigned Numbers Authority. See IANA
Internet Cache Protocol. See ICP
Internet Content Adaption Protocol. See ICAP
Internet Filtering Protocol. See IFP
Internet service provider. See ISP
ip access-group command 16
ip access-list command 3
ip access-list extended command 5
ip access-list standard command 5
IP ACLs
activating 6
activating on an interface 16
applying to interface 17
clearing counter 24
clearing IP ACL counter 24
configuration modes 9
defining 6
deleting 23
description of 2
extended configuration mode
accessing 5
description of 5
extended IP ACLs
typical uses of 5
naming guidelines 9
standard configuration mode
accessing 5
description of 5
standard IP ACLs
typical uses of 5
types of 4
viewing configuration of 23
ip address dhcp command 17
IP addresses
multiple IP addresses on a single interface 9
ip default-gateway command 14
ip default-gateway command (global configuration) 5
ip domain-name command 14
IP multicasting
and insecure services 16
copying files between server and client 16
Ethernet MAC address mapping 17
fundamentals 16
GLOP addresses 17
Layer 2 multicast address considerations 17
limited scope addresses 16
Protocol Independent Multicast. See PIM
source-specific multicast addresses 16
ip name-server command 64
ip name-servers command 14
ip route-cache same-interface command 24
ip route command 5
IP spoofing
configuration of 10
examples of 12
WCCP and 10
ip wccp command 26
ip wccp password command
WCCP Version 2 commands
ip wccp password 23
ip wccp redirect-list command 26
ip wccp redirect out command 25
ip web-cache redirect command 1, 26
K
keystroke combinations, CLI 10
L
launching
Setup utility 19
Layer 2
multicast address 17
redirection 8
Layer 4 switches
forward proxy caching and 8
reverse proxy caching and 13
LDAP
security options 23
LDAP acceptable use policy
configuration of 54
description of 54
LDAP Active Directory 33
LDAP databases
contents of 28
entries in 29
querying 33
structure of 28
LDAP directory service
description of 28
directory entries 28
LDAP memory cache
disabling 35
specifying the maximum TTL for an object 53
specifying the size of 35
LDAP nested static groups
description of 31
searching for user account information 37
LDAP password expiration
configuration of 54
description of 54
ldap server command 23
ldap server enable command
LDAP authentication
for HTTP requests 23
ldap server group command 24
ldap server password-expiry command 54
ldap server policy-redirect attribute command 54
ldap server policy-redirect enable command 54
ldap server policy-redirect redirect-url command 54
LDAP servers
configuring for Content Engine 5
types of 22
ldap server version 3 command 33
LDAP Version 3
enabling 33
less command 9
license keys
RealProxy
restoring factory defaults 29
uninstalling 31
limited scope addresses 16
list of
nontransparent mode services 13
supported caching and streaming services
with transparent redirection 14
WCCP features and services 10
WCCP services 3
live content
description of 6
live splitting
description of 10
load-balance command 4
load balancing 5
load shedding 5
log files
exporting 43
restarting export of 45
logging command 22
logging console priority command 23
logging disk command 24
logging host command 25
logging host hostname command 25
logging in to
Content Engine GUI 55
logging on
to Content Engine
using GUI 50
using SSH 52
using Telnet 50
logging out
of Content Engine CLI 52
of Content Engine GUI 57
login authentication
local method 15
M
MAC address mapping 17
MAC address table 17
mapping of RealProxy error level to syslog priority level 26
media file system. See mediafs
mediafs
configuring
through the Setup utility 25
function of 9
media player configuration
for direct proxy routing 5
media player configuring
for direct proxy routing 5
menu options
Setup utility 14
MIBs
supported 5
monitoring
with ACNS software alarms 11
with SNMP 2
with the Cisco Discovery Protocol 2
monitoring URLs 5
mounting to NAS devices 18, 13
multicast
WMT, logging 48
multicast address
unusable assignments 12
multicasting
See also IP multicasting
multicast stations
defining 40
description of 40
starting and stopping 42
multiple IP addresses
configuring on a single interfacesconfiguring 9
multiple router support 8
N
N2H2 URL filtering 12
NAS devices
native ftp caching service
configuring
on WCCP routers 29
near-miss
definition 70
network connectivity
testing 10
network interfaces
configuring 2
network settings
configuring
no authentication login local enable command 17
no authentication login radius enable command 18
no auto-register enable command 22
Node Health Manager
description of 11
Node Manager
description of 13
no disk error-handling reload command 18
no dns-cache size command 67
no ntlm basic-auth enable command 45
no ntlm server ad-group-search mem-cache command 35
nontransaprent caching
SSL tunneling and 6
nontransparent FTP native caching
description of 42
nontransparent mode
forward proxy caching 3
nontransparent mode services
list of 13
nontransparent requests
description of 4
no pre-load enable command 11
no radius-server enable command
RADIUS authentication
disabling 20
no rtsp proxy media-real enable command 30, 31
no snmp-server command 10
no snmp-server enable traps command 11
no transaction-logs export enable command 47
no transaction-logs logging enable command 48
no transaction-logs logging facility command 48
no transaction-logs logging host command 48
no wccp version command 14
no wmt license-key command 13
NTLM
description of 3
end-to-end authentication
object caching 9
pass-through service 9
NTLMv1
re-enabling 6
NTLMv2
enabling 6
ntlm allow-domain enable command 44
NTLM allow domain lists
enabling and disabling 44
ntlm basic-auth enable command 45
NTLM preloading support 2
ntlm server ad-group-search command 52
ntlm server ad-group-search mem-cache command 52
ntlm server ad-group-search mem-cache max-ttl command 53
ntlm server ad-group-search mem-cache size command 53
ntlm server command 41
ntlm server enable command 49
ntlm server host command 48
NTLM servers
configuring for Content Engine 5
ntlm version 2 command 6
O
on-demand content
description of 5
origin web servers
description of 3
outgoing FTP-over-HTTP proxy servers
monitoring 8
outgoing FTP proxy servers
configuration of 8
configuring 4
designating primary server 3
outgoing HTTP proxy servers 8