Content Filtering Service Configuration


Content Filtering Service Configuration
 
This chapter describes how to configure content filtering support with ECS.
In this chapter, only the minimum set of configurations required to make the system operational with content filtering services are provided. Additional configuration commands specific to the content filtering service are available in the Command Line Interface Reference.
The following topics are described in this chapter:
 
 
Configuring the System for Content Filtering Support
 
This section lists the high-level steps to configure a system with Content Filtering service in conjunction with the Enhanced Charging Services.
Caution: Before proceeding with the configuration, refer the Additional Requirements on Chassis for Content Filtering section of the Content Filtering Support Overview chapter for the minimum system requirements. If the system has fewer than two processing cards, Content Filtering service cannot be activated on the system.
To configure the system for Content Filtering service:
Step 1
Step 2
 
–and/or–
 
Step 3
 
Initial Configuration
Step 1
Step 2
Step 3
Step 4
Create the service within the newly created context by applying the example configuration in the Service Configuration chapter of the System Administration Guide.
Activating Processing Cards
The following example activates two processing cards, placing one in active mode and labeling the other as redundant:
 
configure
  card <slot_number>
     redundancy card-mode
     exit
  card <slot_number>
     mode active pac
     end
Modifying the Local Context
The following example sets the default subscriber in the local context:
configure
  context local
     interface <local_ctx_iface_name>
        p address <ip_address> <ip_mask>
        exit
     server ftpd
        exit
     server telnetd
        exit
     subscriber default
        exit
     administrator <name> encrypted password <password> ftp
     ip route <ip_addr> <ip_mask> <next_hop_addr> <local_ctx_iface_name>
     exit
  port ethernet <slot#/port#>
     no shutdown
     bind interface <local_ctx_iface_name> local
     exit
  end
Creating the VPN Context
The following example creates the VPN context and interface and binds the VPN interface to a configured Ethernet port.
configure
  context <vpn_context_name> -noconfirm
     interface <vpn_interface_name>
        ip address <ip_address> <ip_mask>
        exit
     subscriber default
        exit
     ip route 0.0.0.0 0.0.0.0 <next_hop_address> <vpn_interface_name>
     exit
  port ethernet <slot_number/port_number>
     no shutdown
     bind interface <vpn_interface_name> <vpn_context_name>
     end
 
URL Blacklisting Configuration
 
This section describes steps to configure the system for URL Blacklisting support.
Step 1
Step 2
Step 3
Step 4
Step 5
Enabling ACS Subsystem
Use the following configuration to enable the Active Charging Service subsystem for URL Blacklisting:
 
configure
  require active-charging
  end
Configuring URL Blacklisting Database Parameters
Use the following configuration to configure URL Blacklisting database parameters:
configure
  url-blacklisting database directory path <directory_path>
  url-blacklisting database max-versions <max_versions>
  url-blacklisting database override file <file.extension>
  end
Creating Active Charging Service and Setting URL Blacklisting Matching
Use the following configuration to create the Active Charging Service and set URL Blacklisting match:
configure
  active-charging service <service_name> [ -noconfirm ]
     url-blacklisting match-method { exact | generic }
     end
Enabling URL Blacklisting in Rulebase and Configuring Blacklisting Action
Use the following configuration to enable URL Blacklisting in a rulebase and configure the blacklisting action:
 
configure
  active-charging service <service_name>
     rulebase <rulebase_name> [ -noconfirm ]
        url-blacklisting action { discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> }
        end
Loading/Upgrading URL Blacklisting Database
Use the following command to load/upgrade the URL Blacklisting database:
upgrade url-blacklisting database [ -noconfirm ]
Testing URL Blacklisting Functionality
The URL Blacklisting functionality can be tested by appending test URLs/URIs to the blacklist file. The test URLs/URIs must be added to the testurldb.pub file in the <WEM_Install_Dir>/flash/blacklist/testurldb directory.
 
The testurldb.pub file must have one URL per line without space. If space is included in the URL entries, the WEM ignores the URLs with space.
 
Category-based Content Filtering Configuration
 
This section describes the steps to configure the system for Category-based Content Filtering support.
Step 1
Step 2
Step 3
Step 4
Step 5
Optional. Create billing and charging actions by applying the example configuration in the Configuring Enhanced Charging Services chapter of the Enhanced Charging Services Administration Guide.
Step 6
Optional. Define rule definitions by applying the example configuration in the Configuring Enhanced Charging Services chapter of the Enhanced Charging Services Administration Guide.
Step 7
Create and configure the rulebases by applying the example configuration in the Configuring Rulebase for Content Filtering section. For more information on rulebase configuration, refer to the ECS Configuration chapter in the Enhanced Charging Services Administration Guide.
Step 8
Step 9
Important: Category-based Static-and-Dynamic Content Filtering is not supported in this release.
Enabling ACS Subsystem
Use the following configuration to enable the Active Charging Service subsystem:
 
configure
  require active-charging content-filtering category
  end
Configuring Content Rating Rule Database Parameters
Use the following configuration to configure Content Rating Rule database parameters:
configure
  content-filtering category database directory path <directory_path>
  content-filtering category database max-versions <max_versions>
  content-filtering category database override file <file.extension>
  end
upgrade content-filtering category database
Creating Active Charging Service and Content Filtering Policy
Use the following configuration to create the Active Charging Service and Content Filtering Policy:
configure
  active-charging service <service_name> [ -noconfirm ]
     content-filtering category policy-id <cf_policy_id> [ description <description> ] [ -noconfirm ]
     end
Configuring Content Filtering Policy
Use the following configuration to configure the content filtering policy:
configure
  active-charging service <service_name>
     content-filtering category policy-id <cf_policy_id>
        analyze priority <priority> { all | category <category> | x-category <x-category> } action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
        failure-action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
        end
Notes:
 
analyze priority <priority> x-category <x-category> action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow<reply_code> } [ edr <edr_format> ]
analyze priority <priority> all action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
Configuring Rulebase for Content Filtering
Use the following configuration to configure the rulebase:
configure
  active-charging service <service_name>
     rulebase <rulebase_name>
        route priority <route_priority> ruledef <ruledef_name> analyzer <analyzer_name> [ description <description> ]
        action priority <priority> { [ dynamic-only | static-and-dynamic ] { group-of-ruledefs <group_name> | ruledef <ruledef_name> } charging-action <charging_action_name> [ description <description> ] }
        flow end-condition content-filtering edr <edr_format_name>
        billing-records { egcdr | radius | udr udr-format <format_name> }+
        content-filtering category policy-id <cf_policy_id>
        content-filtering mode category static-only
        end
Enabling Category-based Content Filtering Support
APN Configuration
Use the following configuration to apply Content Filtering configuration to an APN through policy identifier:
configure
  context <context_name>
     apn <apn_name>
        content-filtering category policy-id <cf_policy_id>
        end
Subscriber Configuration
Use the following configuration to apply Content Filtering configuration to a subscriber through policy identifier:
configure
  context <context_name>
     subscriber name <user_name>
        content-filtering category policy-id <cf_policy_id>
        end
Important: Category Policy ID applied to APN or subscriber in this mode overrides the Category Policy ID configured using the “content-filtering category policy-id cf_policy_id” command in the Configuring Rulebase for Content Filtering section.
 
Configuring Event Detail Record (EDR)
This section describes how to configure Category-based Content Filtering EDR settings. The system does not generate URL Blacklisting specific EDRs.
To configure Category-based Content Filtering EDR settings:
Step 1
Step 2
Step 3
Optional. Enable charging record retrieval by applying the example configuration in the Charging Record Retrieval section of Enhanced Charging Services Administration Guide.
EDR Module Configuration
Use the following configuration to enable EDR module and configure the file for EDR generation in Content Filtering services:
configure
  context <context_name>
     edr-module active-charging-service
        file [ edr-format-name ] [ name <file_name> ]+
        end
Notes:
 
For more information on keywords/options available with the file command, refer to the EDR Module Configuration Mode Commands chapter in the Command Line Interface Reference.
EDR Attribute Configuration
Use the following configuration to configure attributes and rule-variables for EDRs for Content Filtering services:
configure
  active-charging service <service_name>
     edr-format <edr_format_name>
        attribute <attribute> priority <priority>
        rule-variable <protocol> <rule> priority <priority>
        end
Notes:
 
For more information on options available with attribute and rule-variable commands, refer to the EDR Format Configuration Mode Commands chapter of the Command Line Interface Reference.
Saving the Configuration
To save the changes made to the system configuration for Content Filtering service, refer to the Verifying and Saving Your Configuration chapter.
Verifying the Configuration
 
This section describes how to review the configurations after saving them in a .cfg file as described in the Verifying and Saving Your Configuration chapter, and to retrieve errors and warnings within an active configuration for a service.
Viewing System Configuration
Use the following configuration to view the active configuration for a service:
configure
  context <context_name>
  end
show configuration
Viewing Service Configuration Errors
Use the following configuration to view the errors in configuration for a service:
configure
  context <context_name>
  end
show configuration errors verbose
This command also shows the ambiguities in configurations with Content Filtering service, category, and rulebase configuration. Warnings/errors are displayed in the following scenarios:
 
Warning: When “require active-charging content-filtering category” CLI command is not activated and any Content Filtering configurations are done.
Gathering Statistics
This section explains how to gather statistics and configuration information for:
 
 
URL Blacklisting Statistics
This section explains how to gather URL Blacklisting statistics and configuration information.
 
In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
Gathering URL Blacklisting Statistics and Configuration Information
show active-charging url-blacklisting statistics [ rulebase { all | name <rulebase_name> } ] [ verbose ] [ | { grep <grep_options> | more } ]
show url-blacklisting database [ all | url <url> | facility acsmgr { all | instance <instance> } ] [ | { grep <grep_options> | more } ]
show active-charging subsystem { all | facility acsmgr [ all | instance <instance> ] | full } | [ rulebase name <rulebase_name> ] | [ | { grep <grep_options> | more } ]
show active-charging rulebase { all [ service name <svc_name> ] | name <rulebase_name> [ service name <svc_name> ] | statistics [ name <rulebase_name> ] } | [ | { grep <grep_options> | more } ]
Category-based Content Filtering Statistics
This section explains how to gather Category-based Content Filtering statistics and configuration information.
 
In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
Important: For more information on Content Filtering statistics collection, refer to the Exec Mode Commands chapter of the Command Line Interface Reference.
 
Gathering Category-based Content Filtering Statistics and Configuration Information
show content-filtering category database [ active | all | facility srdbmgr { all | instance <instance> } | url <url_string> ] [ verbose ] [ | { grep <grep_options> | more } ]
show content-filtering category url <url_string> [ policy-id <cf_policy_id> | rulebase <rulebase_name> ] [ verbose ] [ | { grep <grep_options> | more } ]
show content-filtering server-group [ statistics ] [ name <cfsg_name> ] [ | { grep <grep_options> | more } ]
show active-charging content-filtering category policy-id { all | id <policy_id> } [ | { grep <grep_options> | more } ]
show active-charging content-filtering category statistics [ rulebase { name <rulebase_name> | all } ] [ verbose ] [ | { grep <grep_options> | more } ]
show active-charging rulebase { all [ service name <svc_name> ] | name <rulebase_name> [ service name <svc_name> ] | statistics [ name <rulebase_name> ] } | [ | { grep <grep_options> | more } ]
Supported Bulk Statistics
For information on bulk statistics configuration and collection, and the list of bulk statistics for the Content Filtering service, refer to the Bulk Statistics Configuration Mode Commands chapter of the Command Line Interface Reference.
Supported Thresholds and SNMP Traps
 
For information on the SNMP traps and thresholds for the Content Filtering service, see the Content Filtering Application MIB chapter of the SNMP MIB Reference.
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883