Cisco 500 Series Content Engines

How to Bypass the Content Engine with Router Access Lists

Document ID: 12561

Updated: Jan 08, 2007



This document explains how to use a simple router configuration with Access Control Lists (ACLs) in order to permit or deny traffic to the Cisco Content Engine.

In this scenario, any traffic that originates from C1 ( and C2 ( and is destined for any host bypasses the Cache Engine as specified by the ACL. All other traffic is forwarded.



There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Cache Engine 505 in a lab environment with cleared configurations

  • Cisco 2611 Router

  • Cisco IOS® Software Release 12.1(3)T

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.


Refer to the Cisco Technical Tips Conventions for information on document conventions.


In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:



This document uses this configuration:

How to Bypass the Content Engine with Router ACLs

!--- Your command lines should appear similar to the following: 

router# configure terminal
router(config)# ip wccp web-cache redirect-list 120
router(config)# access-list 120 deny ip host any
router(config)# access-list 120 deny ip host any
router(config)# access-list 120 permit ip any any


Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT in order to view an analysis of show command output.

  • show version - Displays the software that runs on the router, as well as some other components as the system uptime (such as where the code was previously booted, and the date when it was compiled).

         33-ns-gateway#show version
         Cisco Internetwork Operating System Software
         IOS (tm) C2600 Software (C2600-I-M), Version 12.1(3)T,  RELEASE SOFTWARE (fc1)
         Copyright (c) 1986-2000 by cisco Systems, Inc.
         Compiled Wed 19-Jul-00 16:02 by ccai
         Image text-base: 0x80008088, data-base: 0x808A9264
         ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
         33-Ns-gateway uptime is 1 day, 1 hour, 1 minute
         System returned to ROM by reload
         System restarted at 11:03:21 UTC Thu May 17 2001
         System image file is "flash:c2600-i-mz.121-3.T"
         cisco 2610 (MPC860) processor (revision 0x203) with 
            44032K/5120K bytes of memory.
         Processor board ID JAD04330MR6 (3648101504)
         M860 processor: part number 0, mask 49
         Bridging software.
         X.25 software, Version 3.0.0.
         5 Ethernet/IEEE 802.3 interface(s)
         32K bytes of non-volatile configuration memory.
         16384K bytes of processor board System flash (Read/Write)
         Configuration register is 0x2102
  • show running-config - Displays the running configuration on the router.

         33-Ns-gateway#show running-config
         Building configuration...
         Current configuration:
         ! Last configuration change at 12:04:57 UTC Fri May 18 2001
         ! NVRAM config last updated at 11:01:10 UTC Fri May 18 2001
         version 12.1
         service timestamps debug datetime msec
         service timestamps log datetime msec
         no service password-encryption
         hostname 33-Ns-gateway
         logging buffered 64000 debugging
         enable secret 5 $1$IWJr$nI.NcIr/b9DN7jEQQC17R/
         ip subnet-zero
         ip wccp web-cache redirect-list 120
         ip cef
         no ip domain-lookup
         ip domain-name
         ip name-server
         ip name-server
         interface Ethernet0/0
          ip address
          no ip route-cache cef
         interface Ethernet1/0
          description interface to the CE .5
          bandwidth 100
          ip address
         interface Ethernet1/1
          description inter to DMZ
          ip address
          ip wccp web-cache redirect out
          no ip route-cache cef
          no ip route-cache
          no ip mroute-cache
         interface Ethernet1/2
          description Preconfigured for recreates net
          ip address
          no ip route-cache cef
         interface Ethernet1/3
          no ip address
         ip classless
         ip route
         no ip http server
         access-list 120 deny   ip host any log-input
         access-list 120 deny   ip host any log-input
         access-list 120 permit ip any any log
         line con 0
          exec-timeout 0 0
          transport input none
         line aux 0
          exec-timeout 0 0
         line vty 0 4
          exec-timeout 0 0
          password ww
         no scheduler allocate
  • show access-lists - Lists the access-list command statements in the router configuration. This command also lists a hit count that indicates the number of times an element has been matched when an access-list command search is issued.

         2.33-ns-gateway#show access-lists 120
         Extended IP access list 120
         deny ip host any log-input (114 matches)
         deny ip host any log-input (30 matches)
         permit ip any any log
  • show log - Displays the system error log on the router.

         3.33-ns-gateway#show log
         Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
         Console logging: level debugging, 906 messages logged
         Monitor logging: level debugging, 165 messages logged
         Buffer logging: level debugging, 267 messages logged
         Trap logging: level informational, 114 message lines logged 
         Log Buffer (64000 bytes):
         May 18 09:57:00.837: %CLEAR-5-COUNTERS: 
            Clear counter on all interfaces by vty2 
         May 18 10:24:53.218: %SEC-6-IPACCESSLOGP: 
            list 120 denied tcp 
         ->, 1 packet
         May 18 10:28:44.890: %SEC-6-IPACCESSLOGP: 
            list 120 denied tcp 
         ->, 1 packet
         May 18 10:29:08.861: %SEC-6-IPACCESSLOGP: 
            list 120 denied tcp 
         ->, 1 packet
         May 18 10:29:53.563: %SEC-6-IPACCESSLOGP: 
            list 120 denied tcp 
         ->, 19 packets
         May 18 10:33:53.672: %SEC-6-IPACCESSLOGP: 
            list 120 denied tcp 
         ->, 1 packet


There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 08, 2007
Document ID: 12561