Cisco 500 Series Content Engines

Introduction

This document explains how to use a simple router configuration with Access Control Lists (ACLs) in order to permit or deny traffic to the Cisco Content Engine.

In this scenario, any traffic that originates from C1 (172.18.124.193) and C2 (10.27.3.4) and is destined for any host bypasses the Cache Engine as specified by the ACL. All other traffic is forwarded.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco Cache Engine 505 in a lab environment with cleared configurations

• Cisco 2611 Router

• Cisco IOS^® Software Release 12.1(3)T

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Conventions

Refer to the Cisco Technical Tips Conventions for information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

Configurations

This document uses this configuration:

!--- Your command lines should appear similar to the following: 

router# configure terminal
router(config)# ip wccp web-cache redirect-list 120
router(config)# access-list 120 deny ip host 172.18.124.193 any
router(config)# access-list 120 deny ip host 10.27.3.4 any
router(config)# access-list 120 permit ip any any

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT in order to view an analysis of show command output.

• show version - Displays the software that runs on the router, as well as some other components as the system uptime (such as where the code was previously booted, and the date when it was compiled).

       33-ns-gateway#show version
       Cisco Internetwork Operating System Software
       IOS (tm) C2600 Software (C2600-I-M), Version 12.1(3)T,  RELEASE SOFTWARE (fc1)
       Copyright (c) 1986-2000 by cisco Systems, Inc.
       Compiled Wed 19-Jul-00 16:02 by ccai
       Image text-base: 0x80008088, data-base: 0x808A9264
        
       ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
        
       33-Ns-gateway uptime is 1 day, 1 hour, 1 minute
       System returned to ROM by reload
       System restarted at 11:03:21 UTC Thu May 17 2001
       System image file is "flash:c2600-i-mz.121-3.T"
        
       cisco 2610 (MPC860) processor (revision 0x203) with 
          44032K/5120K bytes of memory.
       Processor board ID JAD04330MR6 (3648101504)
       M860 processor: part number 0, mask 49
       Bridging software.
       X.25 software, Version 3.0.0.
       5 Ethernet/IEEE 802.3 interface(s)
       32K bytes of non-volatile configuration memory.
       16384K bytes of processor board System flash (Read/Write)
        
       Configuration register is 0x2102

• show running-config - Displays the running configuration on the router.

       33-Ns-gateway#show running-config
       Building configuration...
       Current configuration:
       !
       ! Last configuration change at 12:04:57 UTC Fri May 18 2001
       ! NVRAM config last updated at 11:01:10 UTC Fri May 18 2001
       !
       version 12.1
       service timestamps debug datetime msec
       service timestamps log datetime msec
       no service password-encryption
       !
       hostname 33-Ns-gateway
       !
       logging buffered 64000 debugging
       enable secret 5 $1$IWJr$nI.NcIr/b9DN7jEQQC17R/
       !
       !
       !
       !
       !
       ip subnet-zero
       ip wccp web-cache redirect-list 120
       ip cef
       no ip domain-lookup
       ip domain-name cisco.com
       ip name-server 161.44.11.21
       ip name-server 161.44.11.206
       !
       !
       !
       !
       interface Ethernet0/0
        ip address 10.1.3.50 255.255.255.0
        no ip route-cache cef
       !
       interface Ethernet1/0
        description interface to the CE .5
        bandwidth 100
        ip address 10.27.2.1 255.255.255.0
        full-duplex
       !
       interface Ethernet1/1
        description inter to DMZ
        ip address 172.18.124.211 255.255.255.0
        ip wccp web-cache redirect out
        no ip route-cache cef
        no ip route-cache
        no ip mroute-cache
       !
       interface Ethernet1/2
        description Preconfigured for recreates 10.27.3.0/24 net
        ip address 10.27.3.1 255.255.255.0
        no ip route-cache cef
       !
       interface Ethernet1/3
        no ip address
        shutdown
       !
       ip classless
       ip route 0.0.0.0 0.0.0.0 172.18.124.1
       no ip http server
       !
       access-list 120 deny   ip host 172.18.124.193 any log-input
       access-list 120 deny   ip host 10.27.3.4 any log-input
       access-list 120 permit ip any any log
       !
       line con 0
        exec-timeout 0 0
        transport input none
       line aux 0
        exec-timeout 0 0
       line vty 0 4
        exec-timeout 0 0
        password ww
        login
       !
       no scheduler allocate
       end

• show access-lists - Lists the access-list command statements in the router configuration. This command also lists a hit count that indicates the number of times an element has been matched when an access-list command search is issued.

       2.33-ns-gateway#show access-lists 120
       Extended IP access list 120
       deny ip host 172.18.124.193 any log-input (114 matches)
       deny ip host 10.27.3.4 any log-input (30 matches)
       permit ip any any log

• show log - Displays the system error log on the router.

       3.33-ns-gateway#show log
       Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
       Console logging: level debugging, 906 messages logged
       Monitor logging: level debugging, 165 messages logged
       Buffer logging: level debugging, 267 messages logged
       Trap logging: level informational, 114 message lines logged 
       Log Buffer (64000 bytes):
       May 18 09:57:00.837: %CLEAR-5-COUNTERS: 
          Clear counter on all interfaces by vty2 
       (172.18.124.193)
       May 18 10:24:53.218: %SEC-6-IPACCESSLOGP: 
          list 120 denied tcp 172.18.124.193(0) 
       -> 216.4.77.193(0), 1 packet
       May 18 10:28:44.890: %SEC-6-IPACCESSLOGP: 
          list 120 denied tcp 10.27.3.4(0) 
       -> 64.224.45.130(0), 1 packet
       May 18 10:29:08.861: %SEC-6-IPACCESSLOGP: 
          list 120 denied tcp 172.18.124.193(0) 
       -> 212.20.160.80(0), 1 packet
       May 18 10:29:53.563: %SEC-6-IPACCESSLOGP: 
          list 120 denied tcp 172.18.124.193(0) 
       -> 216.4.77.193(0), 19 packets
       May 18 10:33:53.672: %SEC-6-IPACCESSLOGP: 
          list 120 denied tcp 10.27.3.4(0) 
       -> 216.4.77.193(0), 1 packet

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

• Cisco Cache Software Support
• Web Cache Communication Protocol Version 2
• Cisco 500 Series Cache Engines Products & Services
• Content Networking Downloads ( registered customers only)
• Content Networking Technology Support
• Technical Support & Documentation - Cisco Systems