|
|
This chapter describes how to configure source groups, Access Control Lists (ACLS), Extension Qualifier Lists (EQLs), Uniform Resource Locator Qualifier Lists (URQLs), Network Qualifier Lists (NQLs), and Domain Qualifier Lists (DQLs). Information in this chapter applies to all CSS models, except where noted.
This chapter contains the following sections:
For example, if you configure several streaming audio transmitters as a group, the CSS will process flows from the group members and give them all the same source
IP address.
For example:
(config)# group ftpgroup
(config-group[ftpgroup])#
To remove a source group, enter:
(config)# no group ftpgroup
The following commands are available in group mode:
Use the procedure below to configure a source group for TCP/UDP traffic. To configure a source group for FTP traffic, refer to the next section. Note that each source group requires a content rule that contains the same services and VIP as the source group.
1. Create the source group. Source group names can be a maximum of
16 characters. The following example creates a source group ftpgroup.
(config)# group ftpgroup
(config-group[ftpgroup])#2. Configure the source group VIP address to which all service IP addresses will be translated. You can assign the same VIP address to multiple source groups, but only one of the source groups can be active at a time. For example:
(config-group[ftpgroup])# vip address 172.16.36.58
3. Add previously defined services to the source group. For example:
(config-group[ftpgroup])# add service server1 (config-group[ftpgroup])# add service server2
4. Activate the source group. Because a VIP address can belong only to one active source group at a time, the CSS will not allow you to activate a second source group that contains the same VIP address as the one in the active source group.
(config-group[ftpgroup])# active
(config-group[ftpgroup])# remove service server1
5. Create a content rule, add the same services and VIP that are configured in the source group, and activate the content rule. The content rule enables the CSS to match requests for the content rule VIP. When either server1 or server2 replies to the request, the CSS NATs the server IP addresses to the source group VIP.
(config-owner[arrowpoint.com])# content ftpsource1 (config-owner-content[arrowpoint.com-ftpsource1])# add
service server1 (config-owner-content[arrowpoint.com-ftpsource1])# add
service server2
(config-owner-content[arrowpoint.com-ftpsource1])# vip
address 172.16.36.58 (config-owner-content[arrowpoint.com-ftpsource1])#
activate
 |
Note When you use an FTP content rule with a configured VIP address range, be sure to configure the corresponding source group with the same VIP address range (refer to the Content Services Switch Basic Configuration Guide, Chapter 7, "Configuring Content Rules"). |
To configure FTP sessions to a VIP:
1. Configure a content rule as required using the VIP that will be load balanced across multiple servers. The following example shows the portion of a running-config for content rule ftp_rule. Ensure that you use the application ftp-control command to define the application type.
content ftp_rule
vip address 192.168.3.6
protocol tcp
port 21
application ftp-control
add service serv1
add service serv2
add service serv3
active
2. Configure a source group defining the same VIP and services as configured in the content rule. The following running-config example shows source group ftp_group.
group ftp_group
vip address 192.168.3.6
add service serv1
add service serv2
add service serv3
active
To configure a server to resolve domain names:
1. If you have not already done so, configure the server.
(config)# service Server1
(config-service[Server1])# ip address 10.0.3.251
(config-service[Server1])# active
2. Create a content rule to process DNS replies. The content rule to process DNS replies is in addition to the content rules you created to process Web traffic. The content rule example below enables the CSS to NAT inbound DNS replies from the public VIP address (192.200.200.200) to the server's private IP address (10.0.3.251).
(config-owner[arrowpoint.com])# content dns1
(config-owner-content[arrowpoint.com-dns1])# vip address 192.200.200.200
(config-owner-content[arrowpoint.com-dns1])# add service Server1
(config-owner-content[arrowpoint.com-dns1])# active
3. Create a source group to process DNS requests. The source group enables the CSS to NAT outbound traffic source IP addresses from the server's private IP address (10.0.3.251) to the public VIP address (192.200.200.200).
(config)# group dns1
(config-group[dns1])# vip address 192.200.200.200
(config-group[dns1])# add service Server1
(config-group[dns1])# active
To display source group configuration information, use the show group commands. The show group commands are available in all modes. The options are:
(config)# show group
A CSS provides traffic filtering capabilities with Access Control Lists (ACLs). ACLs filter network traffic by controlling whether packets are forwarded or blocked at the CSS interfaces. You can configure ACLs for routed network protocols, filtering the protocol packets as the packets pass through the CSS.
ACLs provide a basic level of security for accessing your network. If you do not configure ACLs on the CSS, all packets passing through the CSS could be allowed onto the entire network. For example, you may want to permit all email traffic, but block Telnet traffic. You can also use ACLs to allow one client to access a part of the network and prevent another client from accessing the same area.
To configure an ACL:
1. Create an ACL and access ACL mode. Define the ACL index number from
1 to 99.
(config)# acl 7
(config-acl[7])#
2. To control traffic on a circuit, configure clauses in the ACL. Enter a clause number from 1 to 254 and define the clause parameters. The syntax for defining a clause is:
clause number permit|deny|bypass protocol [source_info {source_port}] dest [dest_info {dest_port}] {log} {prefer servicename} {sourcegroup name}
(config-acl[7])# clause 1 deny udp any eq 3 dest any eq 3 log prefer serv7
3. Apply the ACL to a specific circuit or add the ACL to DNS queries. For example, to apply acl 7 to circuit VLAN1, enter:
(config-acl[7])# apply circuit-(VLAN1)
4. Enable all ACLS on the CSS. Enter the global acl enable command for all ACLs to take effect. You can enable ACL mode even if no ACLs are configured. When you enable ACLs, all traffic not specifically permitted in an ACL permit clause is denied by default. For example:
(config)# acl enable
 |
Caution When you enter the acl enable command, all traffic is denied except for traffic specified in an ACL permit clause. |
The following sections describe how to configure an ACL:
To create an ACL and access ACL mode, use the acl index number command. The index number defines the ACL and can range from 1 to 99. To display a list of existing ACLs, enter acl ?.
(config)# acl 7
When you access this mode, the prompt changes to the ACL mode of the index number you created. For example:
(config-acl[7])#
To delete an ACL, enter the no acl command followed by the index number you wish to delete. For example:
(config)# no acl 2
To control traffic on a circuit, the CSS enables you to enter clauses in a specific ACL. When implementing an ACL, the number assigned to each clause is very important. The CSS looks at the ACL starting from clause 1 and sequentially progresses through the rest of the clauses. Assign the lowest clause numbers to clauses with the most specific matches. Then, assign higher clause numbers to clauses with less specific matches.
You do not need to enter the clauses sequentially. The CSS automatically inserts the clause in the appropriate order in the ACL. For example, if you enter clauses 10 and 24, and then clause 15, the CSS inserts the clauses in the correct sequence.
The syntax for the clause command is:
clause number bypass protocol [source_info {source_port}]
dest [dest_info {dest_port}] {sourcegroup name} {prefer servicename}
clause number deny protocol [source_info {source_port}]
dest [dest_info {dest_port}] {sourcegroup name} {prefer servicename}
clause number permit protocol [source_info {source_port}]
dest [dest_info {dest_port}] {sourcegroup name} {prefer servicename}
|
Note If you specify both a source group and a preferred service in a clause, you must specify the source group before you specify the preferred service within the clause. |
Table 3-1 provides variables and options for the clause command. Bolded syntax defines keywords that you enter on the command line. Italics define variables where you enter a value such as an IP address or host name.
| Variables and Options | Parameters | |||
|---|---|---|---|---|
number | The number you want to assign to the clause. Enter a number from 1 to 254. | |||
action | The action to apply to the clause. Enter one of the following: bypass, deny, permit | |||
protocol | The protocol for the traffic type. Enter one of the following: any, icmp, igp, igmp, ospf, tcp, udp. | |||
source_info | The source of the traffic. Enter one of the following:
| |||
source_port | The source port for the traffic. If you do not designate a source port, this clause allows traffic from any port number. Enter one of the following:
| |||
destination_info | The destination information for the traffic. Enter one of the following:
| |||
destination_port | The destination port. Enter one of the following. You may use a port number or port name with the options.
port names: https = Port 443 Https, ldap = Port 389 Ldap, bgp = Port 179 Bgp, ntp = Port 123 Ntp, nntp = Port 119 Nntp, pop = Port 110 Pop, http = Port 80 Http, | |||
sourcegroup | ||||
prefer service_name | Define a preferred service based on matching the ACL clause. Enter the service name. To define more than one preferred service, separate each service with a comma (,). You can define a maximum of two services. | |||
To delete a clause, use the no clause command. For example:
(config-acl[7]) no clause 6
When you configure the CSS to log ACL activity, it logs the event of the packet matching the clause and ACL. The CSS sends log information to the location you specified in the logging command. For information on the logging command, refer to the Content Services Switch Basic Configuration Guide.
|
Note Before you configure logging for a specific ACL clause, ensure that global ACL logging is enabled. To globally enable ACL logging, use the (config)# logging subsystem acl level debug-7 command. Because the CSS does not save the clause log enable command in the running-config, you must reenable logging if the CSS reboots. |
To configure logging for an ACL clause:
1. Enter the ACL mode for which you want to enable logging.
(config)# acl 7
(config-acl[7])#
2. Remove the ACL from the circuit. You must remove an ACL from a circuit before making any clause changes.
(config-acl[7]) remove circuit-(VLAN1)
3. Enable logging for the existing clause.
(config-acl[7])# clause 1 log enable
4. Reapply the ACL to the circuit.
(config-acl[7])# apply circuit-(VLAN1)
To disable ACL logging for a specific clause, enter:
(config-acl[7])# clause 1 log disable
To globally disable logging for all ACL clauses, enter:
(config)# no logging subsystem acl
Once you configure the ACL, use the apply command to assign an ACL to all circuits, an individual circuit, or to DNS queries.
|
Note To add a new clause to an existing and applied ACL, reapply the ACL to the circuit with the apply circuit command. To apply any changes to an existing clause on an existing and applied ACL, you must remove the ACL from the circuit with the (config-acl) remove command, and then reapply the ACL to the circuit. To remove a clause currently in use, you must remove its applied ACL from the circuit, delete the clause, and then reapply the ACL to the circuit. |
The syntax and options for this ACL mode command are:
For example, to apply acl 7 to circuit VLAN1:
(config-acl[7])# apply circuit-(VLAN1)
To display a list of circuits, enter apply ?.
|
Note You must enter the global acl enable command for ACLs to take effect. For information on the acl enable command, refer to the section, "Globally Enabling ACLs"later in this chapter. |
Use the remove command to remove an ACL from all circuits, an individual circuit, or from DNS queries.
|
Note To remove a clause currently in use, you must remove its applied ACL from the circuit, delete the clause, and then reapply the ACL to the circuit. |
The syntax and options for this ACL mode command are:
For example:
(config-acl[7])# remove circuit-(VLAN1) (config-acl[7])# remove dns
|
Note When you enter the acl enable command, all traffic is denied except for traffic specified in an ACL permit clause. |
To globally enable all ACLs, enter:
(config)# acl enable
To globally disable all ACLs on the CSS, enter:
(config)# acl disable
Use the show acl commands to display the access control lists and clauses. The show acl commands are available in all modes. The syntax is:
For example:
(config)# show acl 2
Use the zero counts command to set the content and DNS hit counters in the
show acl command screen to zero for a specific ACL. You must be in an ACL to issue this command. The CSS only clears counters for that ACL.
The syntax and options for this command are:
(config-acl[7])# zero counts
The following ACL provides security for a CSS, Server1, and Server2 on one VLAN (VLAN1). The ACL:
The individual clauses provide the following security.
!**************************** ACL ***************************
acl 1
clause 20 permit any 172.16.107.0 255.255.255.0 destination 172.16.107.15
clause 30 permit any 172.16.107.0 255.255.255.0 destination 172.16.107.16
clause 50 permit ICMP any destination any
clause 60 permit udp any eq 520 destination any
clause 70 deny any any destination any
apply circuit-(VLAN1)
An Extension Qualifier List (EQL) is a collection of file extensions that enable you to match a content rule based on extensions. You activate an EQL by associating it as part of a URL in a Layer 5 content rule. Use the eql command to access EQL configuration mode and configure an extension qualifier list. Enter a name that identifies the extension list you want to create. Enter an unquoted text string with no spaces and a length of 1 to 31 characters.
For example:
(config)# eql graphics
(config-eql[graphics])#
To remove an existing EQL, use the no eql command from config mode. For example:
(config)# no eql graphics
Once you create an EQL, you can configure the following attributes for it:
(config-eql[graphics])# description "This EQL specifies graphic file extensions"
(config-eql[graphics])# extension pcx
(config-eql[graphics])# extension gif "This is a graphics file"
To remove an extension from an EQL, use the no extension command. For example:
(config-eql[graphics])# no extension gif
Specify a URL as a quoted text string with a maximum of 256 characters followed by eql and the EQL name.
|
Note Do not specify a file extension in the URL when you use an EQL in the URL or the CSS will return an error message. For example, the CSS will return an error message for the command url "/*.txt" eql graphics. The following command is valid; url "/*" eql graphics. |
For example:
(config-owner-content[arrowpoint.com-products.html])# url "/*" eql graphics
The following example enables the CSS to direct all requests to the correct service for content that matches:
(config-owner-content[arrowpoint.com-products.html])# url "/customers/products/*" eql graphics
To display a content rule EQL, enter show rule.
To display an EQL name and extensions configured for a content rule, enter the show rule command.
To display a list of existing EQLs names, enter eql ?.
For example:
(config)# eql ?
To display the extensions configured for a specific EQL including any descriptions, enter the show eql command and the EQL name.
(config)# show eql graphics
URQL configuration mode allows you to configure a Uniform Resource Locator Qualifier List (URQL). A URQL is a group of URLs for content that you associate with one or more content rules. The CSS uses this list to identify which requests to send to a service.
For example, you want all streaming video requests to be handled by your powerful servers. Create a URQL that contains the URLs for the content, and then associate the URQL to a content rule. The CSS will direct all requests for the streaming video URLs to the powerful servers specified in the content rule. Creating a URQL to group the URLs saves you from having to create a separate content rule for each URL.
|
Note You cannot specify both url urql and application ssl w-ithin the same content rule. |
To access URQL configuration mode, use the urql command. The prompt changes to (config-urql [name]). You can also use this command from URQL mode to access another URQL.
Enter the URQL name you want to create or enter an existing URQL. Enter the name as an unquoted text string with no spaces and a maximum of 31 characters. When you create a URQL, it remains suspended until you activate it using the
activate command in urql mode. To display a list of existing URQL names, enter: urql ?.
For example:
(config)# urql videos
(config-urql[videos)#
To remove an existing URQL, enter the following command in global configuration mode:
(config) no urql videos
Once you create a URQL:
1. Configure the URLs you want to group in the URQL by:
a. Specifying the URL entry
b. Defining the URL
c. Optionally, describing the URL
2. Designate the domain name of the URLs in a URQL.
3. Add the URQL to a content rule using the owner-content url command.
4. Optionally, describe the URQL.
The following sections describe how to complete these tasks.
Use the url command to include the URL for content requests you want as part of this URQL, and optionally provide a description. Configuring an URL in a URQL includes:
|
Note You must create the URL entry before you can define the URL, describe it, or associate it with a content rule. |
To specify a URL entry in a URQL, enter a URL number from 1 to 1000. For example:
(config-urql[videos])# url 10
To remove a URL entry from a URQL, use the no url command. For example:
(config-urql[videos])# no url 10
To specify additional URL entries in the URQL, reenter the url command. For example:
(config-urql[videos])# url 20
(config-urql[videos])# url 30
(config-urql[videos])# url 40
To define an URL for the entry, use the url command. Enter the URL as a quoted text string with a maximum of 251 characters. Wildcards are not allowed in a URQL URL. For example:
(config-urql[videos])# url 10 url "/cooking/cookies.avi"
To remove an URL from an entry, use the no url number url command. Use this command to remove a previously assigned URL before you redefine the URL for an entry. For example:
(config-urql[videos])# no url 10 url
To define additional URL for the entries, reenter the url entry url command. For example:
(config-urql[videos])# url 20 url "/cooking/fudge.avi"
(config-urql[videos])# url 30 url "/cooking/pie.avi"
(config-urql[videos])# url 40 url "/cooking/cake.avi"
You may optionally enter a description for the URL. Enter a quoted text string with a maximum length of 64 characters. For example:
(config-urql[videos])# url 10 description "making cookies"
To remove a description about the URL, enter:
(config-urql[videos])# no url 10 description
Use the domain command to designate the domain name or IP address of the URLs to a URQL. Enter the domain name in mnemonic host-name format (for example, www.arrowpoint.com) from 1 to 63 characters. Enter the IP address as a valid address for the domain name (for example, 192.168.11.1)
|
Note You must assign a domain before you can activate a URQL. To change the domain address of an existing URQL, suspend the URQL and then change the domain. |
For example:
(config-urql[videos])# domain "www.arrowpoint.com"
or
(config-urql[videos])# domain "192.168.11.1"
Once you create and configure a URQL, use the url urql command to add it to a previously configured content rule. You can only assign one URQL per rule. Also, a content rule may contain either a URL or a URQL.
|
Note You cannot specify both url urql and application ssl within the same content rule. |
For example:
(config-owner-content[chefsbest-recipes])# url urql videos
To see a list of URQLs, enter: urql ?. To remove a URQL from an URL, enter:
(config-owner-content[chefsbest-recipes])# no url urql
To display a URL for a content rule, enter the show rule command for the content rule.
Use the description command to provide a description for a URQL. Enter the description an a quoted text string with a maximum of 64 characters.
For example:
(config-urql[videos])# description "cooking streaming video"
To clear a description for the URQL, enter:
(config-urql[videos])# no description
Use the active command to activate a suspended URQL. When you create a URQL, it is suspended until you use the active command to activate it.
|
Note Before you can activate a URQL, you must assign the domain for the URLs. Refer to "Designating the Domain Name of URLs in a URQL" in this chapter. |
For example:
(config-urql[videos])# active
Use the suspend command to deactivate a URQL on all currently assigned content rules. For example:
(config-urql[videos])# suspend
To reactivate the URQL, use the (config-urql) active command.
The following example shows a URQL configuration in a startup-config file.
!**************************** URQL ************************** urql excellence1
url 10
url 30
url 30 url "/arrowpoint.gif"
domain "192.168.128.109"
url 10 url "/" urql excellence2
url 10
url 10 url "/poweredby.gif"
domain "192.168.128.109"
To display a list of URQLs, enter: urql ?. To display all configured URQLs, enter:
(config)# show urql
To display a specific URQL, enter:
(config)# show urql videos
The CSS enables you to configure a maximum of 512:
This functionality is useful, for example, in a caching environment where you have a network you want to bypass and send content requests directly to the origin servers (servers containing the content). You can also use an NQL for users who prefer a service based on a specific network.
To access NQL configuration mode, use the nql command. The prompt changes to (config-nql [name]). You can also use this command from NQL mode to access another NQL.
Refer to the following sections to configure an NQL:
Enter the name of the new NQL you want to create or an existing NQL. Enter the name as an unquoted text string with no spaces and a maximum of 31 characters. You can create a maximum of 512 NQLs per CSS.
For example:
(config)# nql bypass_nql (config-nql[bypass_nql])#
To display a list of existing NQLs, enter nql ?. If no NQLs currently exist, the CSS prompts you to enter a new name.
To remove an existing NQL, use the no nql command. For example:
(config)# no nql bypass_nql
Use the description command in NQL mode to provide a description for an NQL. Enter the NQL description as a quoted text string with a maximum length of
63 characters.
For example:
(config-nql[bypass_nql])# description "Bypass services"
Use the ip address command to add a maximum of 512 networks or services to an NQL. Enter an IP address with either a subnet prefix or a subnet address. You may also add an optional description for the IP address and turn on logging.
The syntax and options are:
ip address ip_address[/subnet_prefix| subnet_address] {"description"}{log}
For example, to add two networks to the NQL bypass_nql, enter:
(config-nql[bypass_nql])# ip address 192.168.0.0/16 "Network of dynamic mail content" log (config-nql[bypass_nql])# ip address 123.123.123.0/24
To log events occurring on a network, you must also enable global NQL logging. For example:
(config)# logging subsystem nql level debug-7
|
Note If you do not include a description or turn on logging when you create the entry and later wish to add a description or turn on logging, you must first remove the entry and then re-add it with the desired options. |
To remove an IP address from an NQL, use the no ip address command. For example:
(config-nql[bypass_nql])# no ip address 192.168.0.0/16
To add an NQL to an ACL clause:
(config)# acl 10
2. Define the clause, including the NQL as either a source or destination.
(config-acl[10])# clause 1 bypass any any destination nql bypass_nql eq 80
Use the show nql command to display NQL configuration information. The syntax for this command is:
For example:
(config-nql[bypass_nql])# show nql
When you have a requirement for a content rule to match on multiple domain names, you can associate a Domain Qualifier List (DQL) to the rule. A DQL is a list of domain names that you configure and assign to a content rule, instead of creating a content rule for each domain. Assigning multiple domain names to a DQL enables you to have many domain names match on one content rule.
You can use a DQL on a rule to specify that content requests for each domain in the list will match on the rule. You can determine the order that the domain names are listed in the DQL. You can arrange the names in a DQL by assigning an index number as you add the name to the list.
DQLs exist independently of any range mapping. You can use them as a matching criteria to balance across servers that have no VIP or port ranges. If you want to use range mapping when using range services, you need to consider the index of any domain name in the DQL. If you are not using service ranges with DQLs, you do not need to configure any index and the default index is 1.
For example, you could configure a DQL named Woodworker.
(config)# dql Woodworker
The domain names you could add as part of the DQL include www.wood.com, www.woodworker.com, www.maple.com, www.oak.com. You could configure www.wood.com and www.woodworker.com to have the same mapping index. You can enter indexes from 1 to 1000 and provide an optional quoted description for each index.
For example:
(config-dql[Woodworker]#domain www.wood.com index 1 "This is the same as the woodworker domain"(config-dql[Woodworker]#domain www.woodworker.com index 1(config-dql[Woodworker]#domain www.maple.com index 2(config-dql[Woodworker]#domain www.oak.com index 3
If you specify a DQL as a matching criteria for content rule WoodSites, and there are two services, S1 and S2, associated with the rule, the CSS checks the services at mapping time for ranges. To add a DQL to a content rule, use the url command as shown:
(config-owner-content[WoodSites])# url "/*" dql Woodworker
For example, if the CSS receives a request for www.oak.com along with other criteria, a match on the WoodSites rule occurs on DQL index 3. If the rule has roundrobin balance method, the CSS examines a service (S2 for this example) to determine the backend connection mapping parameters. If you configured S2 with a VIP address of 10.0.0.1 with a range of 5, the addresses include 10.0.0.1 through 10.0.0.5. Because this service has a range of address and any as its port, the DQL index of 3 matches the service VIP range index of 3, which is address 10.0.0.3.
To access DQL configuration mode, use the dql command from any configuration mode except boot, group, RMON alarm, RMON event, and RMON history configuration modes. The prompt changes to (config-dql [name]). You can also use this command from DQL mode to access another DQL.
Refer to the following sections to configure a DQL:
To create a new DQL, enter the name of the DQL you want to create as an unquoted text string with no spaces and a maximum of 31 characters. To access an existing DQL, enter the DQL name.
For example, to configure a DQL:
(config)# dql pet_domains
(config-dql[pet_domains])#
To display a list of existing DQL names, enter dql ? .
Use the dql description command to provide a description for a Domain Qualifier List (DQL). Enter the description as a quoted text string with a maximum of
63 characters, including spaces.
For example:
(config-dql[pet_domains])# description "pet supplies"
domain name index number {"description"}
The variables and option are:
For example:
(config-dql[pet_domains])# domain www.birds.com index 1 "idaho-based" (config-dql[pet_domains])# domain www.cats.com index 2 "worldwide" (config-dql[pet_domains])# domain www.horses.com index 3 "florida-based"
To add or delete a domain name from a DQL that is assigned to a content rule, you must first suspend the content rule using the suspend command. You cannot make changes to a DQL currently in use by a content rule.
For example, to remove a domain from the example DQL, enter:
(config-dql[pet_domains])# no domain www.birds.com
Once you have configured a DQL, use the url command to add it to a content rule.
For example:
(config-owner-content[pets.com-rule1])# url "/*" dql pet_domains
For example:
(config) no dql pet_domains
For example:
(config-dql[pet_domains])# show dql pet_domains
Virtual Web hosting enables you to host a large number of Web sites on a small number of servers (typically 2 to 10 servers) that have mirrored content. Each server may contain hundreds or thousands of Web sites. The servers determine which Web site is being requested based on IP address, port, and domain name.
Using virtual Web hosting, you may configure:
You can configure the CSS to load balance the Web sites by configuring port ranges, VIP ranges, and DQLs. For more information on the service and content rule commands required, refer to the Content Services Switch Basic Configuration Guide.
Refer to Table 3-2 for the steps required to configure virtual Web hosting.
| Task and Command Example |
|---|
1. Enter config mode by typing config. |
2. Create a service. |
3. Assign an IP address to the service and define the IP address range. Enter a number from 1 to 65535.
|
4. Configure other service rules as needed (for example, protocol, keepalive parameters). |
5. Activate the service. |
6. Create the content rule. |
7. Configure a VIP and define a VIP range.
|
8. Configure other content rules as needed (for example, port, protocol, and add a service). |
9. Activate the content rule. |
10. Create the Domain Qualifier List (DQL). |
11. Add domains to the DQL you created. |
12. Add the DQL to the content rule using the url command. |
Posted: Tue Dec 12 05:42:38 PST 2000
Copyright 1989-2000©Cisco Systems Inc.