|
|
This chapter briefly describes how to use the Cache Engine's management interface. The following options are discussed:
Online Help is integrated into the user interface and is available for most options.
By default each button is in the "off" state. Clicking a button activates the button function as described in Table 3-1.
| Standard Buttons | Description |
|---|---|
ADD | Adds the information that has been entered into the Cache Engine for processing. |
CANCEL | Undoes any changes you made. |
Returns the Cache Engine to its original settings. Default settings are generally acceptable to most networks, and your Cache Engine is set to the default values when you first log in to it. | |
DELETES | Removes the selected information from the Cache Engine. |
REFRESH | Displays the newest information or redraws the page. |
UPDATE | Changes the Cache Engine's configuration. |
The topics covered in this section include:
After you log in to the Cache Engine, it will display the management interface. To work with the cache administrator (admin) and user accounts, click Access (Figure 3-1) and select the Admin option (Figure 3-2).
The cache admin account was already set up on your Cache Engine during the Cache Engine's basic configuration process (see Chapter 2 "Initialize the Cache Engine Configuration.") You cannot delete this account, but you can reset the admin password if you know the current admin password. If you forget the admin password, you must reboot the Cache Engine and proceed as if you were changing the basic configuration. See "Updating the Basic Configuration" for more information.
You can create up to 50 accounts for connecting to the Cache Engine's interface. Each account can be identified as read-only or read-write. Thus, you can permit certain users to monitor the Cache Engines, but limit the number of users who have the authority to change the Cache Engine's parameters.
Users with read and write authority can use all the capabilities of the management interface. Users with read-only authority are limited to viewing the Cache Engine status, event log, current filters, and current settings.
To create a user account for the Cache Engine, perform these steps:
Step 4 Enter the account name in the Name field.
The name is case sensitive and can contain spaces. For example, John Doe.
Step 5 Enter the password for the user in the Password field, and reenter it in the Confirm field.
The password is case sensitive and can be up to 20 characters, including spaces and any printable characters.
Step 6 Check Read Write, if you want the user to be able to change the Cache Engine's operating parameters.
Check Read Only if you only want the user to be able to view the Cache Engine's status and parameters.
"Add" (next to the Read Write column) indicates that you are adding information.
Step 7 Click UPDATE.
To change the admin password, perform these steps:
Step 1 Enter the old password in the Old: field.
Step 2 Enter the new password in the Password field, and reenter it in the Confirm field.
The password is case sensitive and can be up to 20 characters, including spaces and any printable characters.
Step 3 Click UPDATE.
Step 4 If an error message appears, click OK and log in to the Cache Engine with your new password.
To change a user's password, perform these steps:
Step 5 Enter the new password in the Password field, and reenter it in the Confirm field.
The password is case sensitive and can be up to 20 characters, including spaces and any printable characters.
Step 6 If you want to change the type of access the user is allowed, click Read Write or Read Only, as desired.
Step 7 When you are satisfied with the new account information, click UPDATE.
To delete a user's account, perform these steps:
Step 1 Check the box in the Delete field.
Step 2 Click UPDATE.
To set up Remote Access Dial-In User Service (RADIUS) authentication, click Access and select the RADIUS option.
If you use RADIUS servers to manage user authentication, you can identify the RADIUS servers to the Cache Engines. The Cache Engines will require the user to enter a RADIUS username and password to access any page on the web. Users are also asked to log in on their first request for a web page, and they remain authenticated unless they are inactive for more than 20 minutes (at which time they must again log in to use the web).
By using RADIUS, the Cache Engine can associate a username with an IP address. Also, you can selectively enable Uniform Resource Locator (URL) blocking based on RADIUS accounts.
To set up and enable RADIUS authentication, perform these steps for each RADIUS server:
Step 1 Enter the host name or IP address in the Server field.
The RADIUS servers are checked from top to bottom, so enter your most reliable server in the top position.
Step 2 Enter the port number in the Port field; the normal User Datagram Protocol (UDP) port is 1646.
Step 3 Enter the RADIUS secret that the server expects to receive from the client in the Secret field. The secret is a character string. See your RADIUS server's documentation for any limitations on this character string.
You must also update the RADIUS server's client list to include the IP address of each Cache Engine and the expected secret.
Step 4 Check the Enable box for each RADIUS server you want a Cache Engine to use.
If you do not check a box for any server, the Cache Engine does not use RADIUS authentication.
You can use RADIUS accounts to determine for whom you enable or disable URL blocking. For example, you can distinguish between child and adult accounts, and you can enable blocking for child accounts but not for adult accounts. You also must enable URL blocking on the Cache Engine as described in the next section "URL Filter".
To block URLs for an account, set the RADIUS Service-Type to Framed-User and the Filter-ID to "Yes-Web-Blocking."
To not block URLs for an account, set the RADIUS Service-Type to Framed-User and the Filter-ID to "No-Web-Blocking."
See your RADIUS documentation for information on setting the parameters for the accounts.
To configure URL filtering, click Access and select the URL Filter option.
You can prevent users from accessing specific URLs by creating a list of restricted URLs. This list allows you to prevent access to sites you find objectionable.
You can restrict access to URLs in one of two ways:
1. By creating a list of sites that your users will be allowed to view. In this way, you are denying your users' access to all of the Internet except for the sites you deem useful.
2. By creating a list of sites that your users are not allowed to view. In this way, you are allowing your users' access to all of the Internet except for the sites you deem objectionable.
Each method has its good and bad points. You might want to choose whichever method requires the least amount of data entry on your part. Because new Internet sites are constantly being added, maintaining the list can be a big job.
If you enable URL blocking, you can selectively block user access based on RADIUS accounts. See the previous section "Selectively Blocking URLs Based on RADIUS Accounts" for more information.
To restrict your users' access to only those sites you want them to visit, perform these steps:
Step 1 Using a text editor, create a list of fully-qualified domain names that you want your users to be able to access. The Cache Engine blocks access to any URL not listed in this file.
The file must be a plain-text file (no formatting), and it must be named goodurl.lst. The file must contain a list of complete URLs, one per line; for example:
www.cisco.com
www.domain.com
www.goodsite.com
You can have blank lines in the file, but you cannot add comments.
Step 2 To determine which directory contains the currently active software version, enter the UpgradeShow command from the Cache Engine console.
The Upgrade Show command also displays (in brackets) the directory name where the blocking files should reside. You must copy your blocking lists to this directory. You may want to use the File Transfer Protocol (FTP) to copy the files as shown in Step 3 through Step 7.
Step 3 Connect to the Cache Engine using FTP. For example:
ftp cache2.domain.com
Step 4 Log in to the FTP session using the same username and password you would use to connect to the Cache Engine. (The account you use must have read-write authority.)
Step 5 Change directories to the directory determined in Step 2 by using the cd command.
For example, if you are currently in /ata0/, and the directory containing the active software version is /ata0/1_7_0.dir, use the cd command to change directories:
cd "1_7_0.dir"
Step 6 Use binary mode (bin) and the put command to copy the file onto the Cache Engine:
bin
put goodurl.lst
Step 7 Exit the FTP session using the quit command:.
quit
Step 8 Connect to the Cache Engine's management interface and log in.
Step 9 Click Access and select the URL Filter option.
Step 10 Click Allow only Good Sites.
Step 11 Click UPDATE.
To restrict your users from accessing specific URLs, perform these steps:
Step 1 Using a text editor, create a list of fully-qualified domain names that you want to block your users from accessing.
The file must be a plain-text file (no formatting), and it must be named badurl.lst. The file must contain a list of complete URLs, one per line; for example:
http://www.badsite.com
http://www.blockit.com
http://www.objectionable.com
The Cache Engine will block access to these URLs and to any URLs contained within these sites' subdirectories. For example, if you list http://www.badsite.com, your users cannot see http://www.badsite.com/subdir either.
Step 2 From the Cache Engine console, determine which directory contains the currently active software version by entering the UpgradeShow command:
UpgradeShow
The Upgrade Show command also displays (in brackets) the directory name where the blocking files should reside. You must copy your blocking lists to this directory. You may want to use the File Transfer Protocol (FTP) to copy the files as shown in Step 3 through Step 7.
Step 3 Connect to the Cache Engine using FTP. For example:
ftp cache2.domain.com
Step 4 Log in to the FTP session using the same username and password you would use to connect to the Cache Engine. (The account you use must have read-write authority.)
Step 5 Change directories to the directory determined in Step 2 by using the cd command.
For example, if you are currently in /ata0/, and the directory containing the active software version is /ata0/1_7_0.dir, use the cd command to change directories:
cd "1_7_0.dir"
Step 6 Use binary mode (bin) the put command to copy the file onto the Cache Engine:
bin
put badurl.lst
Step 7 Exit the FTP session using the quit command:.
quit
Step 8 Connect to the Cache Engine's management interface and log in.
Step 9 Click Access and select the URL Filter option.
Step 10 Click Block Bad Sites.
Step 11 Click UPDATE.
If you change the goodurl.lst and/or the badurl.lst, you must also update the configuration settings in the Cache Engine's management interface.
Step 1 Click Access and select the URL Filter option.
Step 2 Click UPDATE.
If you have URL blocking enabled and would like to turn it off, perform these steps:
Step 1 Click None
Step 2 Click UPDATE.
URL blocking is turned off.
To work with the cache administrator (admin) and user accounts, click Config (Figure 3-5) and select an option. The topics covered in this section include:
Like all Cache Engine management functions, these basic configurations are set on a per-box basis; you cannot configure these options on a per-farm basis. To switch between different Cache Engines on the same farm, use the IP Address selection box (Figure 3-6).
To set or change the network settings for a Cache Engine, click Config and select the Basic option (Figure 3-7).
The Cache Engine's IP address and netmask are configured during initial configuration. To change the IP Address and Netmask for each Cache Engine you must interrupt the initial boot-up sequence of the Cache Engine (see "Updating the Basic Configuration"). Add the WCCP host router, default gateway, cache name and cache farm name.
Step 1 In the WCCP Host Router field, enter the Cache Engine's home router's IP address. The WCCP host router redirects port 80 web traffic to the Cache Engine.
Step 2 In the Default Gateway field, enter the Cache Engine's default gateway.
Step 3 In the Cache Name field, enter your Cache Engine's host name. Names can be up to 20 characters (excluding spaces).
Step 4 In the Farm Name field, enter the name for a group of Cache Engines to which this Cache Engine belongs. Names can be up to 20 characters (excluding spaces).
Step 5 Click UPDATE.
To update the Cache Engine's basic configuration, perform these steps:
Step 1 From the Cache Engine console, enter the reboot command.
reboot
Step 2 After the Cache Engine displays introductory banners and other messages, it displays the current configuration and a message to press any key if you want to override the basic configuration. You have 10 seconds to press a key. Press a key before this time elapses.
Step 3 As you are prompted for each parameter, perform step (a) or (b):
Step 4 When asked if the basic configuration is acceptable, perform step (a) or (b):
(a) Enter y if it is acceptable. The Cache Engine continues booting.
(b) Enter n if you made a typing error. The Cache Engine displays the prompts for each parameter again.
To change the Domain Name Servers (DNS) the Cache Engine uses to resolve host names into IP addresses, click Config and select the DNS option (Figure 3-8).
Perform the following steps:
Step 1 Enter the domain name for the network in the Local Domain field. For example:
cisco.com
Step 2 Enter up to eight IP addresses in the DNS Servers field.
The first entry is the primary DNS server. Any other IP addresses you enter are used as secondary servers.
Step 3 Click UPDATE.
If you enable your Cache Engine as an ICP client cache, your Cache Engine will use the Internet Caching Protocol (ICP) to request data from other web caches that support ICP. Click Config and select the ICP Client option (Figure 3-9).
To enable your Cache Engine as an ICP client cache, perform these steps:
Step 1 Click On.
(Click Off to disable ICP client cache configuration.)
Step 2 Click UPDATE to implement your changes.
As an ICP client cache, your Cache Engine sends ICP queries, but it may or may not receive responses from the other caches. If it does not receive a response (for example, if an ICP server cache is down), your Cache Engine can be configured to wait a number of seconds before it retrieves the requested data from the server on the Internet. Enter this number of seconds in the Max wait for replies field. The default is 2 seconds, and the range is from 1 to 10 seconds.
As an ICP client cache, your Cache Engine continues to wait for an ICP server cache response until its request for a response fails the number of times you designate in the Remove from wait list after field. After the designated number of times the ICP server cache fails to respond, the Cache Engine stops waiting for a response from the unresponsive ICP server cache. The default number of attempts is 20, and the range is from 10 to 100 attempts.
You must add ICP servers so that, as an ICP client cache, the Cache Engine can request cached data from other caches.
The ICP servers may be configured as either Parent caches or Sibling caches. Each Parent and Sibling cache requires a port setting as described in the next section, "Entering Port Settings".
Step 1 In the ICP Servers field, enter the IP address of other caches.
Step 2 If an ICP client asks for an object that the cache does not contain, the Parent cache will request (or fetch) the objects from the Internet; siblings caches will not.
(a) Click Yes if the server will act as a Parent cache.
(b) Click No if the server will act as a Sibling cache
Step 3 If you want to limit ICP requests directed towards this ICP server cache to a specific set of domains, enter those domains in the Use only for these domains field. Otherwise, all ICP requests (aside from those specified as local domains) will be forwarded to this ICP server.
Step 4 Click UPDATE.
Your ICP server cache's default ICP port setting is 3130 because many common ICP server caches listen for ICP port requests on port 3130. The default HTTP port setting is 80 because the Cache Engine listens for proxy-style HTTP requests on port 80. The default HTTP port for Squid caches is 3128.
To change the port settings, perform these steps:
Step 1 In the ICP Port field, enter the port number to which ICP queries will be directed at this cache.
Step 2 In the HTTP Port field, enter the port number to which proxy-style requests will be forwarded.
Step 3 Click UPDATE.
The display will show the ICP servers you have added. The colored bullets provide the following information:
ICP determines if the ICP client cache received a hit (the requested data was in the ICP server's cache), or a miss (the requested data was not in the ICP server's cache). If there was a hit, the ICP client will fetch the data from the ICP server through a standard HTTP-style proxy request.
If there was a miss, and an ICP server cache is configured as a Parent, the Parent cache sends the data request through the Internet to the original server that contains the requested object data. The ICP client cache generates a standard HTTP proxy-style request to retrieve the object from the ICP server cache on the port configured in the HTTP Port field.
If there was a miss, and all ICP server caches are configured as Siblings, the ICP client cache sends the data request through the Internet to the original server that contains the requested object data. In summary, Parent caches fetch objects for ICP client caches, and Sibling caches do not fetch data for ICP client caches.
To delete an ICP server, perform these steps:
Step 1 Select an ICP server's IP address from the ICP Servers field.
Step 1 Click the Delete box on the far right.
Step 2 Click UPDATE.
To enable or disable your Cache Engine as an ICP server cache, click Config and select the ICP Server option (Figure 3-10).
To enable your Cache Engine as an ICP server cache, perform these steps:
Step 1 Click On.
(Click Off, to disable the ICP server cache functionality without losing any settings.)
Step 2 In the Listen on Port field, enter the port number to which ICP client caches will send ICP queries. The default is port number is 3130.
Step 3 Click UPDATE to implement your changes.
To add an ICP client cache, perform these steps:
Step 1 Enter the IP address of the ICP client cache in the Valid ICP Clients field.
Step 2 Decide whether you want your Cache Engine to act as a Parent [(a)] or Sibling [(b)] to the ICP client cache listed in the Valid ICP Clients field.
(a) To configure the Cache Engine to act as a Parent to the designated ICP client cache, click Yes in the Fetch Misses field. If the Cache Engine cannot satisfy the other caches' requests, it will forward the requests to another server or to the Internet.
(b) To configure the Cache Engine to act as a Sibling to the designated ICP client cache, click No in the Fetch Misses field. If the Cache Engine cannot satisfy the ICP client caches' requests, it will send Miss-No-Fetch responses to the clients.
Step 3 Click UPDATE.
To delete an ICP client cache from the list, perform these steps:
Step 1 Select an IP address from the Valid ICP Clients field.
Step 1 Click Delete on the far right.
Step 2 Click UPDATE.
 | Caution We recommend that you do not use the Cache Engine as an HTTP proxy cache, because your Cache Engine is optimized by default for transparent caching. |
To configure the Cache Engine to run in Proxy mode, click Config and select the Proxy Mode option (Figure 3-11).
If you already have a cache set up for web traffic, and it acts as an HTTP proxy, you can configure the Cache Engine to act as an HTTP proxy cache. This configuration allows you to begin using the Cache Engine without forcing you to reconfigure your users' browsers and gives you a convenient migration path from a proxy cache system to the transparent caching solution the Cache Engine provides.
If you are not already using a proxy cache, set the browser's HTTP proxy to point to the Cache Engine, using port 80.
Adjust the Cache Engine's proxy configuration:
Step 1 Enter a port number in the Incoming Proxy Port field; that is the port number used by the Proxy server to receive requests. The Cache Engine listens for traffic on this port.
Step 2 Configure the users' browsers to use this port for the HTTP proxy. See your browser's online help or documentation for further browser configuration instructions.
Step 3 Enter a proxy port number in the Upstream Proxy Port field; this is the port the proxy cache listens to for requests.
Step 4 Click UPDATE.
To add a new entry to the routing table, click Config and select the Routing option (Figure 3-12).
To add a static route, perform these steps:
Step 1 In the Destination Net field, enter the appropriate IP address of the target system using one of these formats: xxx.xxx.xxx.0 or xxx.xxx.xxx for a network, (where xxx is a valid octet value for IP addresses); or enter the full IP address for a specific target system.
Step 2 In the Next Hop field, enter the IP address of the router to which packets should be routed.
Step 3 Click ADD.
To delete a route from the routing table:
Step 1 Click DELETE.
The 0.0.0.0 entry is the default gateway. Do not delete the default gateway if you are on a different subnet. To change the default gateway, create a new 0.0.0.0 entry. The new entry will replace the old entry.
To set the Cache Engine's date and time settings, click Config and select the Time option (Figure 3-13).
You may use one of two methods to set your Cache Engine's date and time:
1. Connect to a Network Time Protocol (NTP) server (see "Connecting to an NTP Server").
2. Set the date and time manually (see "Setting Time and Date Manually").
The Cache Engine supports the Simple Network Time Protocol (SNTP), which is an adaptation of the NTP. It synchronizes the Cache Engine's time with NTP server time on the Internet. If you decide to connect to an NTP server, the GMT date and time will automatically appear in the display; you are not required to enter the GMT date and time in addition to an NTP server IP address. If the GMT date and time have been manually configured, the NTP server will override the manual configuration. To add NTP server(s), perform the following steps:
Step 1 In the NTP Servers field, enter the IP addresses of the NTP hosts on your network.
Step 2 Click UPDATE.
Step 1 In the GMT Time field, enter the current local time as measured in Greenwich mean time (GMT). Enter the time in hh:mm:ss format, where hh is hours, mm is minutes, and ss is seconds. For example, 20:35:15 is 8:35 p.m. and 15 seconds.
You must use GMT because the HTTP protocol uses GMT for the timestamps on HTTP objects (web pages, graphics, and so forth).
Step 2 In the GMT Date field, enter the current local date as measured in GMT. Use the mm/dd/yyyy format, where mm is the month, dd is the day, and yyyy is the four- digit year. For example, 09/05/1999 is September 5, 1999.
You must enter the month as the first value. Enter the GMT date in (MM/DD/YYYY) format.
Step 3 Click UPDATE.
The topics covered in this section include:
Click Tuning (Figure 3-14) and select the an option.
To configure Cache Engine farm parameters, click Tuning and select the Cache Farm option.
In healing mode, the Cache Engine will populate its cache with information from other caches due to its own cache misses or due to IP address bucket redistribution.
Step 1 Enter a number in the Max delay in healing mode field.
This number is the maximum number of milliseconds the Cache Engine should wait for a response from other Cache Engines in the farm to fulfill its request before retrieving the object itself. The default is 10. The range is between 10 and 200 milliseconds.
Step 2 Enter a number in the Disable healing mode after field.
This number is the total number of failed attempts the Cache Engine should allow before it no longer tries to communicate with the other caches. The default is 200. The range is between 0 and 9999 milliseconds.
Step 3 Click UPDATE.
All Cache Engine objects are removed when you flush the Cache Engine. Therefore, you may want to flush the cache only if you are performing debugging or other diagnostic tasks and you want to start with a clean Cache Engine.
If you want to flush the cache so that you can perform a troubleshooting task, click Tuning and select the Cache Farm option.
Step 1 Click Flush.
Step 2 Click UPDATE.
If you get a repeating series of critical event messages for a Cache Engine and the problem appears to be specific to the operation of the Cache Engine, you can try resolving the problem by rebooting the Cache Engine. Rebooting does not flush data.
Step 1 Click Reboot.
Step 2 Click UPDATE.
If you cannot reboot the Cache Engine from its interface, you must use the Cache Engine's console. From the console, enter the reboot command. The Cache Engine should then reboot. If this fails, you must turn off the Cache Engine and turn it back on to reboot the Cache Engine.
If a web server is running HTTP 1.1, it can assign to each object parameters that control how that object gets cached. If a web server is running HTTP 1.0, however, it cannot assign explicit instructions related to expiration dates.
Because HTTP 1.0 objects have only limited caching parameters, the Cache Engine determines how long to keep these objects in its storage by using a freshness factor. The freshness factor is multiplied against the age of the object to determine how long the Cache Engine should allow the object to reside in its storage.
To view and configure object freshness factors for the Cache Engine, click Tuning and select the Freshness option (Figure 3-16).
Step 1 In the Age Multiplier field, enter a number.
The age multiplier number is multiplied by the object's age to determine how long the object should remain cached. Text objects refer to HTML pages. Binary objects refer to all other Web objects (GIFs, JPEGs, etc). The default is 10% for text objects and 30% for binary objects; there is no upper limit.d
Step 2 In the Maximum TTL field, enter a number.
Step 3 Click Yes to enable cookie caching.
Click No to disable (or not allow) cookie caching.
If you disable cookie caching, any web page that uses a cookie is not cached. This ensures that the customized data on the page is fresh if the cache settings for the page are not set correctly. When cookie caching is off, the graphics on affected text pages may still be cached.
Step 4 In the Serve IMS out of Cache without checking if... field enter a percentage number for:
The Cache Engine responds to a reload, or if-modified-since (IMS) action from a client browser by serving objects directly from the cache (without revalidation) if the objects are less than the configured percentage of their maximum ages.
Step 5 Choose an option in the If the client forces a cache-miss (no-cache headers)... field.
Step 6 Click UPDATE.
Step 7 To return to the default settings, click DEFAULT.
To configure TCP settings from default, click Tuning and select the TCP option.
Step 1 Enter the TCP outgoing window size in kilobytes in the Send Buffer field.
Step 2 Enter the TCP incoming window size in kilobytes in the Receive Buffer field.
Step 3 Enter the interval that the Cache Engine will timeout trying to read or write to the network in the R/W Timeout field.
Step 1 Enter the time the Cache Engine will keep a connection open before disconnecting in the Connection Timeout field.
Step 2 Under the Idle column, enter the number of seconds the Cache Engine will keep an idle connection open.
Step 3 Under the Wait column, enter the number of seconds the Cache Engine will wait before sending a keep-alive to an idle connection.
Step 4 In the Retry column, enter the number of times the Cache Engine will resend a keep-alive to a connection.
Step 5 Click UPDATE.
Step 6 To restore the factory default settings, click DEFAULT.
Posted: Sun Sep 29 00:29:02 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.