In this chapter, only the minimum set of configurations required to make the system operational with content filtering services are provided. Additional configuration commands specific to the content filtering service are available in the Command Line Interface Reference.This section lists the high-level steps to configure a system with Content Filtering service in conjunction with the Enhanced Charging Services.CAUTION: Before proceeding with the configuration, refer the Additional Requirements on Chassis for Content Filtering section of the Content Filtering Support Overview chapter for the minimum system requirements. If the system has less than two PACs/PSCs, Content Filtering service cannot be activated on the system.
1 Set the initial configuration parameters such as activating PACs and creating the VPN context by applying the example configurations in the Initial Configuration section.
2 Enable the Enhanced Charging Service with Content Filtering, and configure Content Filtering parameters:
l For URL Blacklisting support, enable the Enhanced Charging Service by applying the example configurations presented in the URL Blacklisting Configuration section.
l For Category-based Content Filtering support, enable the Enhanced Charging Service by applying the example configurations presented in the Category-based Content Filtering Configuration section.
3
1
2
3
4 Create the service within the newly created context by applying the example configuration in the Service Configuration chapter of the ST-series System Administration Guide.The following example activates two PACs, placing one in “active” mode and labeling the other as redundant:The following example creates the VPN context and interface and binds the VPN interface to a configured Ethernet port.
1
2
3 Create the Active Charging Service, and set URL Blacklisting matching method by applying the example configuration in the Creating Active Charging Service and Setting URL Blacklisting Matching section.
4 Enable URL Blacklisting functionality in a rulebase, and configure the action to be taken by applying the example configuration in the Enabling URL Blacklisting in Rulebase and Configuring Blacklisting Action section.
5 Use the following configuration to enable the Active Charging Service subsystem for URL Blacklisting:Use the following configuration to create the Active Charging Service and set URL Blacklisting match:Use the following configuration to enable URL Blacklisting in a rulebase and configure the blacklisting action:url-blacklisting action { discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> }The URL Blacklisting functionality can be tested by appending test URLs/URIs to the blacklist file. The test URLs/URIs must be added to the testurldb.pub file in the <WEM_Install_Dir>/flash/blacklist/testurldb directory.The testurldb.pub file must have one URL per line without space. If space is included in the URL entries, the WEM ignores the URLs with space.This section describes the steps to configure the system for Category-based Content Filtering support.
1 Enable the Enhanced Charging mode for Category-based Static or Category-based Static-and-Dynamic Content Filtering by applying the example configuration in the Enabling ACS Subsystem section.
2 Configure the global parameters like database path and version for Content Filtering service by applying the example configuration in the Configuring Content Rating Rule Database Parameters section. This is an optional step. In case this configuration is not performed, the default values will be used.
3
4 Configure the Content Filtering Policy Identifier and actions by applying the example configuration in the Configuring Content Filtering Policy section.
5 Optional. Create billing and charging actions by applying the example configuration in the Configuring Enhanced Charging Services chapter of the Enhanced Charging Services Configuration Guide.
6 Optional. Define rule definitions by applying the example configuration in the Configuring Enhanced Charging Services chapter of the Enhanced Charging Services Configuration Guide.
7 Create and configure the rulebases by applying the example configuration in the Configuring Rulebase for Content Filtering section. For more information on rulebase configuration, refer to the ECS Configuration in Enhanced Charging Services Configuration Guide.
8 Apply the Content Filtering service to subscribers/APNs by applying the example configuration in the APN Configuration/Subscriber Configuration section.
9 Use the following configuration to enable the ACS subsystem with Category-based Static or Category-based Static-and-Dynamic Content Filtering:analyze priority <priority> { all | category <category> | x-category <x-category> } action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]failure-action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]analyze priority <priority> x-category <x-category> action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]
l To configure the action to take for any match, and the default action to take when the category returned after rating is not configured in the subscriber’s content filtering policy, use the following command:analyze priority <priority> all action { allow | content-insert <content_string> | discard | redirect-url <url> | terminate-flow | www-reply-code-and-terminate-flow <reply_code> } [ edr <edr_format> ]route priority <route_priority> ruledef <ruledef_name> analyzer <analyzer_name> [ description <description> ]action priority <priority> { [ dynamic-only | static-and-dynamic ] { group-of-ruledefs <group_name> | ruledef <ruledef_name> } charging-action <charging_action_name> [ description <description> ] }
l Before enabling static-and-dynamic rating in the rulebase, it must be enabled at the global level as the resources required for dynamic rating are allocated at the global level. To enable static-and-dynamic rating at the global level, in the Global Configuration Mode, use the following command:Use the following configuration to apply Content Filtering configuration to an APN through policy identifier:Use the following configuration to apply Content Filtering configuration to a subscriber through policy identifier:IMPORTANT: Category Policy ID applied to APN or subscriber in this mode overrides the Category Policy ID configured using the “content-filtering category policy-id cf_policy_id” command in the Configuring Rulebase for Content Filtering section.
This section describes how to configure Category-based Content Filtering EDR settings. The system does not generate URL Blacklisting specific EDRs.
1 Enable the EDR module and file format for EDR in context configuration mode by applying the example configuration in the EDR Module Configuration section.
2
3 Optional. Enable charging record retrieval by applying the example configuration in the Charging Record Retrieval section of ECS Configuration Guide.Use the following configuration to enable EDR module and configure the file for EDR generation in Content Filtering services:
l For more information on keywords/options available with the file command, refer to the EDR Module Configuration Mode Commands chapter in the Command Line Interface Reference.Use the following configuration to configure attributes and rule-variables for EDRs for Content Filtering services:
l For more information on options available with attribute and rule-variable commands, refer to the EDR Format Configuration Mode Commands chapter of the Command Line Interface Reference.To save the changes made to the system configuration for Content Filtering service, refer to the Saving Your Configuration chapter.This section describes how to review the configurations after saving them in a .cfg file as described in the Saving Your Configuration chapter, and to retrieve errors and warnings within an active configuration for a service.This command also shows the ambiguities in configurations with Content Filtering service, category, and rulebase configuration. Warnings/errors are displayed in the following scenarios:
l Warning: When “require active-charging content-filtering category” CLI command is not activated and any Content Filtering configurations are done
l Error: When Content Filtering is enabled, but no Content Filtering Policy ID is configured in the Active Charging Service
l
l
l Warning: When default analyze rule is configured in the Content Filtering Policy ID, but not at the lowest priorityIn the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
To view URL Blacklisting statistics, optionally for rulebase(s). show active-charging url-blacklisting statistics [ rulebase { all | name rulebase_name } ] [ verbose ] [ | { grep grep_options | more } ] To view URL Blacklisting static database configuration. show url-blacklisting database [ all | url url | facility acsmgr { all | instance instance } ] [ | { grep grep_options | more } ] To view total Blacklisting URL hits and misses statistics, optionally for rulebase(s) or specific ACS instance. show active-charging subsystem { all | facility acsmgr [ all | instance instance ] | full } | [ rulebase name rulebase_name ] | [ | { grep grep_options | more } ] To view information for rulebase(s) configured in a system or service. show active-charging rulebase { all [ service name svc_name ] | name rulebase_name [ service name svc_name ] | statistics [ name rulebase_name ] } | [ | { grep grep_options | more } ] This section explains how to gather Category-based Content Filtering statistics and configuration information.In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.IMPORTANT: For more information on Content Filtering statistics collection, refer to the Exec Mode Commands chapter of the Command Line Interface Reference.
To view Category-based Content Filtering database statistics/configuration. show content-filtering category database [ active | all | facility srdbmgr { all | instance instance } | url url_string ] [ verbose ] [ | { grep grep_options | more } ] To view Category-based Content Filtering category statistics. show content-filtering category statistics [ facility srdbmgr { all | instance instance } ] [ | { grep grep_options | more } ] To view information of a database URL for Category-based Content Filtering application in a service show content-filtering category url url_string [ policy-id cf_policy_id | rulebase rulebase_name ] [ verbose ] [ | { grep grep_options | more } ] To view Content Filtering Server Group (CFSG) details configured in the service. show content-filtering server-group [ statistics ] [ name cfsg_name ] [ | { grep grep_options | more } ] To view Category-based Content Filtering category policy definitions show active-charging content-filtering category policy-id { all | id policy_id } [ | { grep grep_options | more } ] To view Category-based Content Filtering statistics, optionally for rulebase(s). show active-charging content-filtering category statistics [ rulebase { name rulebase_name | all } ] [ verbose ] [ | { grep grep_options | more } ] To view details of Content Filtering Server Group (CFSG) configured in the service. show active-charging content-filtering server-group [ statistics [ verbose ] ] [ name cfsg_name ] [ | { grep grep_options | more } ] To view information for rulebase(s) configured in a system or service. show active-charging rulebase { all [ service name svc_name ] | name rulebase_name [ service name svc_name ] | statistics [ name rulebase_name ] } | [ | { grep grep_options | more } ] To view Active Charging Service session statistics. For information on bulk statistics configuration and collection, and the list of bulk statistics for the Content Filtering service, refer to the Bulk Statistics Configuration Mode Commands chapter of the Command Line Interface Reference.For information on the SNMP traps and thresholds for the Content Filtering service, see the Content Filtering Application MIB chapter of the SNMP MIB Reference.
|
| Cisco Systems Inc. |
| Tel: 408-526-4000 |
| Fax: 408-527-0883 |