The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure content filtering support with ECS.
In this chapter, only the minimum set of configurations required to make the system operational with content filtering services are provided. Additional configuration commands specific to the content filtering service are available in the Command Line Interface Reference.
The following topics are described in this chapter:
This section lists the high-level steps to configure a system with Content Filtering service in conjunction with the Enhanced Charging Services.
Caution | Before proceeding with the configuration, refer the Additional Requirements on Chassis for Content Filtering section of the Content Filtering Support Overview chapter for the minimum system requirements. If the system has fewer than two processing cards, Content Filtering service cannot be activated on the system. |
Step 1 | Set the initial configuration parameters such as activating the processing cards and creating the VPN context by applying the example configurations in the Initial Configuration section. |
Step 2 | Enable the Enhanced Charging Service with Content Filtering, and
configure Content Filtering parameters:
|
Step 3 | Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration. For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference. |
Step 1 | Configure the processing cards in the chassis by applying the example configuration in the Activating Processing Cards section. |
Step 2 | Configure system management parameters in the local context by applying the example configuration in the Modifying the Local Context section. |
Step 3 | Create the VPN context and interface by applying the example configuration in the Creating the VPN Context section. |
Step 4 | Create the service within the newly created context by applying the example configuration in the Service Configuration chapter of the System Administration Guide. |
The following example activates two processing cards, placing one in active mode and labeling the other as redundant:
configure card slot_number redundancy card-mode exit card slot_number mode active pac end
The following example sets the default subscriber in the local context:
configure context local interface local_ctx_iface_name ip address ip_address ip_mask exit server ftpd exit server telnetd exit subscriber default exit administrator name encrypted password password ftp ip route ip_addr ip_mask next_hop_addr local_ctx_iface_name exit port ethernet slot#/port# no shutdown bind interface local_ctx_iface_name local exit end
The following example creates the VPN context and interface and binds the VPN interface to a configured Ethernet port:
configure context vpn_context_name -noconfirm interface vpn_interface_name ip address ip_address ip_mask exit subscriber default exit ip route 0.0.0.0 0.0.0.0 next_hop_address vpn_interface_name exit port ethernet slot_number/port_number no shutdown bind interface vpn_interface_name vpn_context_name end
This section describes steps to configure the system for URL Blacklisting support.
Step 1 | Enable the ACS subsystem by applying the example configuration in the Enabling ACS Subsystem section. |
Step 2 | Configure URL Blacklisting database parameters by applying the example configuration in the Configuring URL Blacklisting Database Parameters section. |
Step 3 | Create the Active Charging Service, and set URL Blacklisting matching method by applying the example configuration in the Creating Active Charging Service and Setting URL Blacklisting Matching section. |
Step 4 | Enable URL Blacklisting functionality in a rulebase, and configure the action to be taken by applying the example configuration in the Enabling URL Blacklisting in Rulebase and Configuring Blacklisting Action section. |
Step 5 | Load/upgrade URL Blacklisting database by applying the example configuration in the Loading/Upgrading URL Blacklisting Database section. |
Use the following configuration to enable the Active Charging Service subsystem for URL Blacklisting:
configure require active-charging end
Use the following configuration to configure URL Blacklisting database parameters:
configure url-blacklisting database directory path directory_path url-blacklisting database max-versions max_versions url-blacklisting database override file file.extension end
Use the following configuration to create the Active Charging Service and set URL Blacklisting match:
configure active-charging service service_name [ -noconfirm ] url-blacklisting match-method { exact | generic } end
Use the following configuration to enable URL Blacklisting in a rulebase and configure the blacklisting action:
configure active-charging service service_name rulebase rulebase_name [ -noconfirm ] url-blacklisting action { discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } end
Use the following command to load/upgrade the URL Blacklisting database:
upgrade url-blacklisting database [ -noconfirm ]
The URL Blacklisting functionality can be tested by appending test URLs/URIs to the blacklist file. The test URLs/URIs must be added to the testurldb.pub file in the <WEM_Install_Dir>/flash/blacklist/testurldb directory.
The testurldb.pub file must have one URL per line without space. If space is included in the URL entries, the WEM ignores the URLs with space.
This section describes the steps to configure the system for Category-based Content Filtering support.
Step 1 | Enable the Enhanced Charging mode for Category-based Static Filtering by applying the example configuration in the Enabling ACS Subsystem section. |
Step 2 | Configure the global parameters like database path and version for Content Filtering service by applying the example configuration in the Configuring Content Rating Rule Database Parameters section. This is an optional step. In case this configuration is not performed, the default values will be used. |
Step 3 | Create the Active Charging Service and Content Filtering Policy by applying the example configuration in the Creating Active Charging Service and Content Filtering Policy section. |
Step 4 | Configure the Content Filtering Policy Identifier and actions by applying the example configuration in the Configuring Content Filtering Policy section. |
Step 5 |
Optional. Create billing and charging actions by applying
the example configuration in the
Configuring
Enhanced Charging Services chapter of the
Enhanced
Charging Services Administration Guide.
|
Step 6 |
Optional. Define rule definitions by applying the example
configuration in the
Configuring
Enhanced Charging Services chapter of the
Enhanced
Charging Services Administration Guide.
|
Step 7 | Create and configure the rulebases by applying the example configuration in the Configuring Rulebase for Content Filtering section. For more information on rulebase configuration, refer to the ECS Configuration chapter in the Enhanced Charging Services Administration Guide. |
Step 8 | Apply the Content Filtering service to subscribers/APNs by applying the example configuration in the APN Configuration/Subscriber Configuration section. |
Step 9 | Create the EDR format and configure attributes by applying the example configurations in the Configuring Event Detail Record (EDR) section. |
Use the following configuration to enable the Active Charging Service subsystem:
configure require active-charging content-filtering category end
Notes:
A reboot is essential when enabling/disabling Category-based Content Filtering using the require active-charging content-filtering category command.
Use the following configuration to configure Content Rating Rule database parameters:
configure content-filtering category database directory path directory_path content-filtering category database max-versions max_versions content-filtering category database override file file.extension end upgrade content-filtering category { database | rater-pkg }
Use the following configuration to create the Active Charging Service and Content Filtering Policy:
configure active-charging service service_name [ -noconfirm ] content-filtering category policy-id cf_policy_id [ description description ] [ -noconfirm ] end
configure active-charging service service_name content-filtering category policy-id cf_policy_id analyze priority priority { all | category category | x-category x-category } action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format ] failure-action { allow | content-insert content_string | discard | redirect-url url | terminate-flow | www-reply-code-and-terminate-flow reply_code } [ edr edr_format ] end
Notes
Use the following configuration to configure the rulebase:
configure active-charging service service_name rulebase rulebase_name route priority route_priority ruledef ruledef_name analyzer analyzer_name [ description description ] action priority priority { { group-of-ruledefs group_name | ruledef ruledef_name } charging-action charging_action_name [ description description ] } flow end-condition content-filtering edr edr_format_name billing-records { egcdr | radius | udr udr-format format_name } + content-filtering category policy-id cf_policy_id content-filtering mode category { static-only } end
Use the following configuration to apply Content Filtering configuration to an APN through policy identifier:
configure context context_name apn apn_name content-filtering category policy-id cf_policy_id end
Use the following configuration to apply Content Filtering configuration to a subscriber through policy identifier:
configure context context_name subscriber name user_name content-filtering category policy-id cf_policy_id end
When changing the cf_policy_id included in RADIUS CoA and CCA/RAR messages from AAA/PCRF, it is observed that the CF policy ID is applied to subscriber session level even if it is set at rulebase level or APN level. That is, the policy ID set by the latest message takes precedence and the same value is applied at the session level.
Category Policy ID applied to APN or subscriber in this mode overrides the Category Policy ID configured using the content-filtering category policy-id cf_policy_id command in the Configuring Rulebase for Content Filtering section.
This section describes how to configure Category-based Content Filtering EDR settings. The system does not generate URL Blacklisting specific EDRs.
To configure Category-based Content Filtering EDR settings:
Step 1 | Enable the EDR module and file format for EDR in context configuration mode by applying the example configuration in the EDR Module Configuration section. |
Step 2 | Define attributes and rule variables by applying the example configuration in the EDR Attribute Configuration section. |
Step 3 | Optional. Enable charging record retrieval by applying the example configuration in the Charging Record Retrieval section of Enhanced Charging Services Administration Guide. |
Use the following configuration to enable EDR module and configure the file for EDR generation in Content Filtering services:
configure context context_name edr-module active-charging-service file [ edr-format-name ] [ name file_name ]+ end
Notes:
For more information on keywords/options available with the file command, refer to the EDR Module Configuration Mode Commands chapter in the Command Line Interface Reference.
Use the following configuration to configure attributes and rule-variables for EDRs for Content Filtering services:
configure active-charging service service_name edr-format edr_format_name attribute attribute priority priority rule-variable protocol rule priority priority end
Notes:
For more information on options available with attribute and rule-variable commands, refer to the EDR Format Configuration Mode Commands chapter of the Command Line Interface Reference.
This section describes how to review the configurations after saving them in a .cfg file, and to retrieve errors and warnings within an active configuration for a service.
configure context context_name end show configuration
Use the following configuration to view the errors in configuration for a service:
configure context context_name end show configuration errors verbose
This command also shows the ambiguities in configurations with Content Filtering service, category, and rulebase configuration. Warnings/errors are displayed in the following scenarios:
This section explains how to gather statistics and configuration information for:
This section explains how to gather URL Blacklisting statistics and configuration information.
In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
Statistics Wanted | Action to Perform |
---|---|
To view URL Blacklisting statistics, optionally for rulebase(s) | show active-charging url-blacklisting statistics [ rulebase {all | name rulebase_name } ] [ verbose ] [ | { grep grep_options | more } ] |
To view URL Blacklisting static database configuration | show url-blacklisting database [ all | url url | facility acsmgr { all | instance instance } ] [ verbose ] [ | { grep grep_options | more } ] |
To view total Blacklisting URL hits and misses statistics, optionally for rulebase(s) or specific ACS instance | show active-charging subsystem { all | facility acsmgr [ all | instance instance ] | full } | rulebase name rulebase_name ] | [ | { grep grep_options | more } ] |
To view information for rulebase(s) configured in a system or service | show active-charging rulebase { all [ service name svc-name ] | name rulebase-name [ service name svc-name ] | statistics [ name rulebase-name ] } | [ | { grep grep_options | more } ] |
To view ACS session statistics | show active-charging sessions all [ | { grep grep_options | more } ] |
This section explains how to gather Category-based Content Filtering statistics and configuration information.
In the following table, the first column lists what statistics to gather, the second column lists the action to perform, and the third column describes what information is displayed or what information to look for in the resulting output.
Statistics Wanted | Action to Perform |
---|---|
To view Category-based Content Filtering database statistics/configuration | show content-filtering category database [ active | all | facility srdbmgr { all | instance instance } | url url_string ] [ verbose ] [ | { grep grep_options | more } ] |
To view Category-based Content Filtering category statistics | show content-filtering category statistics [ facility srdbmgr { all | instance instance } ] [ | { grep grep_options | more } ] |
To view information of a database URL for Category-based Content Filtering application in a service | show content-filtering category url url_string [ policy_id cf_policy_id | rulebase rulebase_name ] [ verbose ] [ | { grep grep_options | more } ] |
To view Content Filtering Server Group (CFSG) details configured in the service | show content-filtering server group [ statistics ] [ name cfsg_name ] [ | { grep grep_options | more } ] |
To view Category-based Content Filtering category policy definitions | show active-charging content-filtering category policy-id { all | id policy_id } [ | { grep grep_options | more } ] |
To view Category-based Content Filtering statistics, optionally for rulebase(s) | show active-charging content-filtering category statistics [ rulebase { name rulebase_name | all } ] [ verbose ] [ | { grep grep_options | more } ] |
To view details of Content Filtering Server Group (CFSG) configured in the service | show active-charging content-filtering server-group [ statistics [ verbose ] ] [ name cfsg_name ] [ | { grep grep_options | more } ] |
To view information for rulebase(s) configured in a system or service | show active-charging rulebase [ all [ service name svc_name ] | name rulebase_name [ name cfsg_name ] [ | { grep grep_options | more } ] |
To view Active Charging session statistics | show active-charging sessions all [ | { grep grep_options | more} ] |
For information on bulk statistics configuration and collection, and the list of bulk statistics for the Content Filtering service, refer to the Bulk Statistics Configuration Mode Commands chapter of the Command Line Interface Reference.
The CF traps related to embedded/StarOS CF are available in the chassis MIB file. The CF Applications specific traps related to WEM processes like DB conversion, merging, etc. are now packaged with the WEM MIB file.
For information on the SNMP traps and thresholds for the Content Filtering service, see the Content Filtering Application MIB chapter of the SNMP MIB Reference.
For information on configuring CF thresholds, see the Content Filtering Thresholds chapter of the Thresholding Configuration Guide.