|
This chapter contains an alphabetical listing of all commands of the Cisco Cache software, Release 2.3.0, for Cisco Content Engines and Cisco Cache Engines. To simplify terminology, both the Cache Engine and the Content Engine are referred to as the "CE."
To configure Terminal Access Controller Access Control System Plus (TACACS+), use the authentication global configuration command. Use the no form of the command to selectively disable options.
authentication {configuration {local enable | tacacs enable [primary]} | login {local enable | tacacs enable [primary]}}
Syntax Description
configuration Sets authorization mode. local enable Enables local database for authorization. tacacs enable Enables TACACS+ database for authorization. primary (Optional.) Sets TACACS+ server authorization as a primary. login Sets authentication mode. local enable Enables local database for authentication. tacacs enable Enables TACACS+ database for authentication. primary (Optional.) Sets TACACS+ server authentication as a primary.
Defaults
Local authentication is enabled and TACACS+ authentication is disabled.
Command Modes
Global configuration
Usage Guidelines
Authentication or login is the action of identifying and validating a user. It verifies a username with the password. Authorization or configuration is the action of determining what a user is allowed to do.
Login and configuration privileges can be maintained in two databases: the local database, which resides on the CE, and the TACACS+ remote database, which resides on a remote server. The user global configuration commands or the Users GUI page provides a way to add, delete, or modify users' names, passwords, and access privileges in the local database. The TACACS+ remote database can also be used to maintain login and configuration privileges for CE administrative users. The tacacs command or the TACACS+ GUI page allows you to configure the network parameters required to access the remote database.
Login and configuration privileges can be obtained from both the local database or the TACACS+ remote database. If both databases are enabled, then both databases are queried; if the user data cannot be found in the first database queried, then the second database is tried. When the primary keyword is entered for TACACS+ login or configuration authentication (authentication login tacacs enable primary, authentication configuration tacacs enable primary), the TACACS+ database is queried first, and the local database is queried second. If TACACS+ is not designated as primary, and both local and TACACS+ are enabled, the local database is queried first. If both local and TACACS+ are disabled (no authentication), the CE verifies that both are disabled and if so, sets the CE to the default state.
By default, local authentication is enabled and TACACS+ authentication is disabled. When the TACACS+ authentication is disabled, the local authentication is automatically enabled.
Examples
This example disables local configuration authentication.
CE(config)# no authentication configuration local
Local configuration authentication disabled.
Note If local authentication is disabled and TACACS+ is not configured properly, future logins may fail. |
TACACS+ Statistics
CE# show statistics authentication
Authentication Statistics
--------------------------------------
Number of Local Authentication: 0
Number of TACACS+ Authentication: 4
Total number of Authentication: 4
Number of Local Authorization: 0
Number of TACACS+ Authorization: 4
Total number of Authorization: 4
CE# show statistics tacacs
TACACS+ Statistics
-----------------
Number of access requests: 8
Number of access deny responses: 7
Number of access allow responses: 1
Related Commands
show authentication
show statistics authentication
show statistics tacacs
show tacacs
tacacs
To enable autosense on an interface, use the autosense interface configuration command. To disable this function, use the no form of this command.
autosenseSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Interface configuration
Usage Guidelines
Cisco router Ethernet interfaces do not negotiate duplex settings. If the CE is connected to a router directly with a crossover cable, the CE Ethernet interface has to be manually set to match the router interface settings. Disable autosense before configuring an Ethernet interface. When autosense is on, manual configurations are overridden. You must reboot the CE to start autosensing.
Examples
Console(config-if)# autosense
Console(config-if)# no autosense
To configure an interface bandwidth, use the bandwidth interface configuration command. To disable this function, use the no form of this command.
bandwidth mbits
Syntax Description
mbits Bandwidth size in megabits per second (10 or 100).
Command Modes
Interface configuration
Usage Guidelines
Use this command to set the bandwidth of an interface to either 10 or 100 megabits.
Examples
Console(config-if)# bandwidth 10
Console(config-if)# no bandwidth
To enable transparent error handling and dynamic authentication bypass, and to configure static bypass lists, use the bypass command. To disable the bypass feature, use the no form of the command.
bypass {auth-traffic enable | load {enable | in-interval seconds | out-interval seconds | time-interval minutes} | static {clientipaddress {clientipaddress | any-server} | any-client serveripaddress} | timer minutes}
Syntax Description
auth-traffic Authenticated traffic bypass configuration. load Loads bypass configuration. enable Enables load bypass. in-interval Time interval that determines the rate of making eligible bypassed buckets active buckets. out-interval Time to wait before bypassing another active bucket. time-interval Time interval over which a bypassed bucket remains inactive. seconds Time in seconds (4-600). minutes Time in minutes (1-1440). static Adds a static entry to the bypass list. any-server Bypasses HTTP traffic from a specified client to any Web server. any-client Bypasses HTTP traffic from any client destined to a particular server. clientipaddress IP address of the Web client to be bypassed. serveripaddress IP address of the Web server to be bypassed. timer Sets timer for authentication bypass, in minutes.
Defaults
The default authentication bypass value is 10 minutes. The in-interval default is 60 seconds. The out-interval option default is 4 seconds. The timer-interval option default is 10 minutes.
Command Modes
Global configuration
Usage Guidelines
Bypass features are available only with WCCP Version 2. The CE can only bypass WCCP-redirected traffic, not proxy-style requests.
Authentication Bypass
Some Web sites, because of IP authentication, do not allow the CE to connect directly on behalf of the client. In order to avoid a disruption of service, the CE can use authentication bypass to generate a dynamic access list for these client-server pairs. Authentication bypass triggers are also propagated upstream and downstream in the case of hierarchical caching. When a client/server pair goes into authentication bypass, it is bypassed for a configurable amount of time, set by the timer option (10 minutes by default).
Load Bypass
If a CE becomes overwhelmed with traffic, it can use the load bypass feature to reroute the overload traffic.
When the CE is overloaded and load bypass is enabled, the CE bypasses a bucket. If the load remains too high, another bucket is bypassed, and so on until the CE can handle the load. The time interval between one bucket being bypassed and the next, is set by the out-interval option. The default is 4 seconds.
When the first bucket bypass occurs, a time interval must elapse before the CE begins to again service the bypassed buckets. The duration of this interval is set by the time-interval option. The default is 10 minutes.
When the CE begins to again service the bypassed traffic, it begins with a single bypassed bucket. If the load is serviceable, it picks up another bypassed bucket and so on. The time interval between picking up one bucket and the next is set by the in-interval option. The default is 60 seconds.
Static Bypass
The bypass static command permits traffic from specified sources to bypass the CE. The type of traffic sources are as follows:
Wildcards in either the source or the destination field are not supported.
To clear all static configuration lists, use the no form of the command.
Examples
Console(config)#
bypass static 10.1.17.1 172.10.7.52
Console(config)#
bypass static any-client 172.10.7.52
Console(config)#
bypass static 10.1.17.1 any-server
A static list of source and destination addresses helps to isolate instances of problem-causing clients and servers.
Console# show bypass list
Total number of entries in the bypass list = 5
Client IP Server IP Reason
10.1.17.1 15.1.10.6 Error Handling
10.1.24.1 128.10.2.4 Auth Traffic
10.1.24.2 128.10.2.4 Static Config
10.2.4.5 any-server Static Config
any-client 178.10.45.6 Static Config
Console# show bypass summary
Cache Engine will bypass authenticated HTTP traffic.
Cache Engine will bypass HTTP traffic if it is overloaded.
Total number of entries in the bypass list = 5
Total number of HTTP connections bypassed = 20
Related Commands
show bypass
To synchronize the cache file system (cfs) contents from memory to disk, use the cache sync EXEC command.
cache {clear [force] | reset | sync}To clear the disk of all cached content, use the cache clear EXEC command.
Syntax Description
clear Clears the cache. force Forcefully deletes all cached objects. reset Resets the cache. sync Synchronizes the cache.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
The cache clear command removes all cached contents from the currently mounted cfs volumes. Objects being read or written are removed when they cease being "busy." The equivalent to this command is the clear cache or cfs clear command.
Caution This command is irreversible, and all cached content will be erased. |
The cache clear force deletes all objects, whether busy or not, and may generate broken GIF or HTML messages for objects that were being read from the disk when the command was executed. If an object is being written to the CE disk when a cache clear force command is executed, the application stops caching that object but still delivers the object from the Web server to the client.
The cache sync command synchronizes the cache file system contents from memory to disk. Although synchronization is performed at regular intervals while the CE is operating, this command can be used to ensure all data is written to disk before you reset or turn off the CE. Synchronization can also be done using the cfs sync command.
Examples
Console# cache clear force
Related Commands
clear cache
cfs clear
To change directory, use the cd EXEC command.
cd
directoryname
Syntax Description
directoryname Name of the directory.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to maneuver between directories and for file management. The directory name becomes the default prefix for all relative paths. Relative paths do not begin with a slash "/". Absolute paths begin with a slash "/".
Examples
Relative path:
Console# cd etc
Absolute path:
Console# cd /local/etc
Related Commands
dir
lls
ls
mkdir
pwd
rmdir
To manipulate the cache object file system (cfs), use the cfs EXEC command.
cfs {clear volname [force] | format volname | mount volname | reset volname | sync volname | unmount volname}
Syntax Description
clear Deletes nonbusy objects from the specified cfs volume. force Forcibly deletes all objects from the specified cfs volume. format Erases and formats or creates a file system for caching. mount Mounts a cache file system. reset Resets (unmounts-formats-mounts) a cache file system. sync Synchronizes a cache file system. unmount Unmounts a cache file system. volname Volume name (for example, c0t0d0s3).
Defaults
No defaults behavior or values
Command Modes
EXEC
Usage Guidelines
Cache objects retrieved from the Web are saved and manipulated by the CE with the cache file system (cfs) on a cfs partition of the hard disk. This does not affect the dosfs partition, which saves user data, such as syslog. Cache file system objects cannot be displayed and listed like dosfs files and directories, but transaction logs can record object requests handled by the cfs.
The cfs commands are used to manage the cache object file system.
The cfs clear command deletes nonbusy objects from the specified cfs volume. A nonbusy object is an object that is not being accessed (read or written). The cfs clear command (without force) deletes all possible objects without generating a broken GIF or HTML message to the client.
The cfs clear force command deletes all objects, busy or nonbusy, and may generate broken GIF or HTML messages for objects that were being read from the disk when the command was executed. If an object is being written to the CE disk when a cfs clear force command is executed, the application stops caching that object but still delivers the object from the Web server to the client.
The cfs reset command unmounts, formats, and mounts a specified volume. Unmounting a volume can result in broken GIF or HTML messages for objects that are being read from the disk (cache hits) when the command is executed. When a cfs volume is reset, all cfs data on that volume is lost.
Note The cfs reset command can be invoked on unmounted volumes. |
The cfs format command creates the cache file system internal "dbs" for the cfs partition of the disk if the volume is unmounted. It formats the cfs partition to prepare it for a cfs mount. The cfs mount command creates and maps data structures in memory to the cfs partition.
Caution All cached content is erased with the format command. |
The cfs unmount command frees the in-memory data structures that map to the physical (disk) cfs partition.
The cfs sync command synchronizes the cache file system contents from memory to disk. Although synchronization is performed at regular intervals while the CE is running, this command can be used to ensure that all data is written to disk before you reset or turn off the CE. Synchronization can also be done with the cache sync command.
Examples
Console# cfs sync c0t0d0s3
Related Commands
show cfs
cache clear
clear cache
To check whether superuser accounts are password-protected, use the check EXEC command.
check superuser passwords
Syntax Description
superuser Keyword. passwords Keyword.
Defaults
By default, superuser accounts are not password-protected.
Command Modes
EXEC
Usage Guidelines
This command displays whether or not the superuser account is password-protected. To configure a superuser password, from global configuration mode, use the user modify command. A superuser is defined as an administrator or user with full read and write privileges to the cache files and utilities.
Examples
Console# check superuser passwords
----------------------------------------------------------------------
All super-user accounts are password protected
----------------------------------------------------------------------
Related Commands
user modify
show user
To clear the HTTP object cache, the hardware interface, statistics, transaction logs, or WCCP settings, use the clear EXEC command.
clear {bypass {all | counters | list} | cache [force] | dns-cache | interface serial number | ldap authcache | logging | statistics {all | authentication | dns-cache | ftp | history | http {all | ims | object | proxy outgoing | requests | response | savings} | https | icp {all | client | cluster | server} | ip | ldap {authcache | server {all | interface | protocol}} | radius-server | rule {action action-type {all | pattern pattern-type | all}} | running | services | tacacs | tcp | transaction-logs | url-filter websense} | transaction-log}
Syntax Description
bypass Selects bypass clear commands. all Clears all bypass counters and lists. counters Clears all bypass counters. list Clears all bypass lists. cache Clears the HTTP object cache. force Forcefully deletes all cached objects. dns-cache Clears DNS cache. interface Clears the hardware interface. serial Serial device. number Serial interface number (for example, 0). ldap authcache Purges all the entries in the LDAP authentication cache. logging Clears syslog messages saved in disk file. statistics Clears statistics. all Clears all statistics. authentication Clears authentication statistics. dns-cache Clears DNS cache statistics. ftp Clears FTP caching statistics. history Clears the statistics history. http Clears HTTP statistics. all Clears all HTTP statistics. ims Clears HTTP IMS (if-modified-since) statistics. object Clears HTTP object statistics. proxy outgoing Clears HTTP outgoing proxy statistics. requests Clears HTTP requests statistics. response Clears HTTP response statistics. savings Clears HTTP savings statistics. transaction-logs Clears transaction-log export statistics. https Clears HTTPS statistics. icp Selects Internet Cache Protocol (ICP) statistics. all Clears all ICP statistics. client Clears ICP client statistics. cluster Clears ICP cluster statistics. server Clears ICP server statistics. ip Clears IP statistics. ldap Selects LDAP statistics. authcache Clears LDAP authentication cache statistics. server Selects LDAP server statistics. all Clears all LDAP statistics. interface Clears LDAP interface statistics. protocol Clears LDAP protocol statistics. radius-server Clears RADIUS statistics. rule Selects rule statistics. action Clears rule statistics of the specified action. action-type Specifies one of the following actions: See the "rule" section for explanations of actions and patterns. action-type all Clears statistics of all the patterns for this action. action-type pattern Clears statistics of rules with specified pattern. pattern-type Specifies one of the following patterns: See the "rule" section for explanations of patterns and actions. all Clears all rule statistics. running Clears the running statistics. services Clears services statistics. tacacs Clears TACACS+ statistics. tcp Clears TCP statistics. transaction-logs Clears transaction log export statistics. url-filter Selects URL filtering statistics. websense Clears Websense URL filtering statistics. transaction-log Archives working transaction log file.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
The clear cache command removes all cached contents from the currently mounted cfs volumes. Objects being read or written are removed when they cease being "busy." The equivalent to this command is the cache clear or cfs clear command.
Caution This command is irreversible and all cached content will be erased. |
The clear cache force command deletes all objects, whether busy or not, and may generate broken GIF or HTML messages for objects that were being read from the disk when the command was executed. If an object is being written to the CE disk when a clear cache force command is executed, the application stops caching that object but still delivers the object from the Web server to the client.
The clear interface command clears the statistics presented by the show interfaces command.
The clear statistics command clears all statistical counters from the parameters given. Use this command to monitor fresh statistical data for some or all features without losing cached objects or configurations.
The clear transaction-log command causes the transaction log to be archived immediately to the CE hard disk. This command has the same effect as the transaction-log force archive command.
Examples
To purge all the entries in the LDAP authentication cache, use the clear ldap authcache command.
Console# clear ldap authcache
Entries removed from authcache: 1
To clear all rule statistics, use the clear statistics rule all command.
Console# clear statistics rule all
Related Commands
cache clear
cfs clear
show statistics
show interface
show ldap
show rule
show wccp
To set, clear, or save the battery-backed clock functions, use the clock EXEC command.
clock {clear | save | set hh:mm:ss day month year}
Syntax Description
clear Clears the system clock settings. save Saves the system clock settings. set Sets the system clock. hh:mm:ss Current Universal Coordinated Time (for example, 13:32:00). day Day of the month (for example, 1 to 31). month Current month (for example, January, February). year Current year (for example, 2000).
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
If you have an outside source on your network that provides time services (such as a Network Time Protocol [NTP] server), you do not need to set the system clock manually. When setting the clock, enter the local time. The CE calculates UTC based on the time zone set by the clock timezone global configuration mode command.
Two clocks exist in the system: the software clock and the hardware clock. The software uses the software clock. The hardware clock is used only at bootup to initialize the software clock.
The set keyword sets the software clock.
The save keyword writes the current value of the software clock into the hardware clock. This is used to update the hardware clock with the correct time as maintained by NTP. NTP adjusts only the software clock.
The clear keyword forces the hardware clock to zero (January 1, 1970), which ensures that the time at bootup is the NTP time or an obviously invalid time.
Examples
Console# clock set 13:32:00 01 February 2000
Related Commands Related Commands
clock timezone
show clock detail
To set the time zone for display purposes, use the clock timezone global configuration command. To disable this function, use the no form of this command.
clock timezone {zone hours} [minutes]
Syntax Description
zone Name of the time zone to be displayed when standard time is in effect. hours Hours offset from Coordinated Universal Time (UTC). minutes (Optional.) Minutes offset from UTC.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
To set and display the local and UTC current time of day without an NTP server, use the clock timezone command together with the clock set command.
The clock timezone parameter specifies the difference between UTC and local time, which is set with the clock set command. The UTC and local time are displayed with the show clock detail EXEC command.
Examples
The following example specifies the local time zone as Pacific Standard Time and offsets 8 hours behind UTC:
Console(config)# clock timezone PST -8
Console(config)# no clock timezone
Related Commands Related Commands
clock
show clock detail
To enter global configuration mode, use the configure EXEC command. You must be in global configuration mode to enter global configuration commands.
configureTo exit global configuration mode, use the end, Ctrl-Z, or exit commands.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to enter global configuration mode.
Examples
Console# configure
Enter configuration commands, one per line. End with CNTL/Z.
Console(config)#
Related Commands Related Commands
show running-config
show startup-config
end
exit
Ctrl-Z
To copy configuration or image data from a source to a destination, use the copy EXEC command.
copy {disk {flash imagename | startup-config filename} | flash {disk imagename} | running-config {disk filename | startup-config | tftp}
Syntax Description
disk Copies image or configuration from or to disk. flash Copies image from or to Flash memory. running-config Copies from current system configuration. startup-config Copies from or to startup configuration. tech-support Copies system information for technical support. tftp Copies image from or to TFTP server. imagename Image name (for example, /local/bin). filename Filename of configuration.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use the copy running-config startup-config command to save the configuration to NVRAM memory. This command is equivalent to the write command.
The copy flash disk imagename command copies the image from Flash memory to the disk.
The copy disk flash imagename command copies the image from the disk to Flash memory.
The copy tftp flash command copies the image from a TFTP server to Flash memory.
The copy tech-support tftp command copies technical support information to a TFTP server. You are prompted for the server address following this command.
Examples
Console# copy disk flash /local/bin
Related Commands
write
show running-config
show startup-config
To copy one filename to another filename, use the cpfile EXEC command.
cpfile oldfilename newfilename
Syntax Description
oldfilename Name of the old file from which to copy. newfilename Name of the new file to copy to.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to copy one filename to another. This command only copies dosfs files.
Examples
Console# cpfile ce500-194616.bin cd500-194618.bin
Related Commands Related Commands
copy
dir
lls
ls
mkfile
rmdir
rmname
To set a cron task, use the cron global configuration command. To disable a cron task, use the no form of this command.
cron {del-tab entryid | file tabfile | save-tab | tab-entry tabentry}
Syntax Description
del-tab Deletes tab. file Cron tab file. save-tab Cron save tab. tab-entry Cron tab entry. entryid Entry ID (1 to 1,000). tabfile Cron tab filename. tabentry Cron tab entry line.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
The cron command is used to set up cron tasks.
To view your existing cron configurations, use the show cron command. For example:
Console# show cron
==CRON Configuration==
CRON tab file: /local/etc/crontab
Legend 1: min hr day-of-mon mon day-of-wk tclsh script-name
Legend 2: min hr day-of-mon mon day-of-wk tcl tcl-cmd
Sample: 0 5 * * * tclsh /local/test.tcl
Examples
Console(config)# cron sav-tab
Console(config)# no cron sav-tab
Syntax Description
show cron
Related Commands
EXEC
Usage Guidelines
We recommend that the debug command be used only at the direction of Cisco Systems technical support personnel.
Related Commands Related Commands
no debug
show debug
undebug
To remove a file, use the del EXEC command.
del filename
Syntax Description
filename Name of the file to delete.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to remove a file from any directory. Note that some files are necessary for proper functionality and should not be removed.
Examples
Console# del /local/tempfile
Related Commands RelatedCommands
cpfile
deltree
mkdir
mkfile
rmdir
To remove a directory recursively and all files that it contains, use the deltree EXEC command.
deltree directory
Syntax Description
directory Name of the directory tree to delete.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to remove a directory and all files within the directory from the CE (dosfs file system). Do not remove necessary files or directories, such as log files or directories, for proper functionality. It may not be possible to move a log file to a new directory without losing functionality.
Examples
Console# deltree /local
Related Commands Related Commands
del
To view a long list of files in a directory, use the dir EXEC command.
dir [directory]
Syntax Description
directory (Optional.) Name of the directory to list.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to view a detailed list of files contained within the working directory, including names, sizes, and time created. The equivalent command is lls.
Examples
Console# dir /local
size date time name LongName
------ --------- ----- ----------- ---------------
512 Dec-31-1987 17:02:32 ETC <DIR> etc
512 Dec-31-1987 17:02:32 TFTPBOOT <DIR> tftpboot
512 Dec-31-1987 17:02:32 VAR <DIR> var
512 Jan-07-1988 09:47:52 LIB <DIR> lib
4385154 Apr-22-1999 12:25:36 CE25.PAX ce25.pax
4 DIR(S), 1 FILE(S) 11192642 bytes
2125889536 bytes AVAILABLE ON VOLUME /c0t0d0s1
Related Commands
ls
lls
To turn off privileged EXEC commands, use the disable EXEC command.
disableSyntax Description
This command has no arguments or keywords.
Command Modes
EXEC command
Usage Guidelines
The disable command places you in EXEC mode. To turn privileged EXEC mode back on, use the enable command.
Examples
Console# disable
Related Commands Related Commans
enable
To configure the CE disks, use the disk EXEC command.
disk {erase-all-partitions devname | manufacture devname | partition devname | prepare devname}
Syntax Description
erase-all-partitions Disk initialization procedure. Erases all partitions manufacture Reformats all partitions and volumes on a disk. partition Partitions the hard disk. prepare Partitions and formats volumes on a hard disk. devname Specifies the device name of the disk drive with the following syntax: /cn1tn2dn3 The device name is the same as the volume name, but the device name does not include a partition parameter (the "s" number).
on disk.
Defaults
No default behavior or values
Command Modes
EXEC command
Usage Guidelines
Disk partition allocates portions of a disk for the specified file systems. The partition sizes are not user-configurable. Use the show disks command to obtain the names of installed disks.
Caution Partitioning a disk destroys all of its contents. After partitioning, each file system must be formatted and mounted before it can be used. |
Using the disk prepare command automates the preparation of a disk. This command partitions the disk and then formats and mounts all the partitions.
The disk manufacture command initializes a disk for use by the CE, and must be run on each disk before that disk is used by the CE for the first time. The disk manufacture command needs to be executed only once for each disk.
Note The disk manufacture command is executed on each internal CE disk by Cisco Systems prior to shipping. |
Cisco Storage Array Guidelines
Use the disk manufacture command to partition, format, and mount new disk drives for the Cisco Storage Array. The disk manufacture command erases the master boot record (sector 0) of the disk and sets up the disk to have partitions for the various file systems (that is, dosfs, cfs, bfs). It also formats and mounts the appropriate file system on the volumes.
Target numbers are not statically mapped to a SCSI ID or a slot number. Upon bootup, the CE SCSI driver always scans the SCSI bus in the same direction and assigns logical target numbers to disks in simple numerical sequence according to their order on the SCSI bus. The first disk drive discovered on the SCSI bus is designated target 0; the second target 1; the third target 2; and so on. Targets 0 and 1 are the CE internal disk drives.
Targets 2 through 13 are assigned to Storage Array disk drives. The leftmost hard disk inserted in a Storage Array bus is always target 2. Counting to the right, the next disk is target 3, the next disk is target 4, and so on. There can be empty slots between targets on the same bus, but this is not recommended. In a two-host, split-bus configuration, each bus is counted independently.
For example, in a split-bus, six-disk, fully populated Storage Array, bus 0 disk drive targets are 2, 3, 4, and bus 1 disk drive targets are 2, 3, 4. If the first disk on bus 1 is removed (slot 5 is empty) and the CE rebooted, bus 0 targets are still 2, 3, 4, but bus 1 targets are 2 and 3. The empty disk slot is skipped, and the target count begins with the first detected disk on bus 1.
Once a disk drive has been partitioned and formatted, it can be used in any Storage Array slot, but moving a disk drive from one slot to another makes the data it contains unusable to the CE. Power cycle the CE if the following actions occur while the Storage Array is in operation:
Examples
In the following example, cache1 and cache2 are CE 590 machines running software release 2.2.0. Refer to the Cisco Storage Array Installation and Configuration Guide for further information on configuring the Storage Array.
Note The larger the storage capacity of the disk drive, the longer the duration of the disk manufacture routine. |
In this example, six Storage Array disk drives are initialized in a single-host, joined-bus Storage Array configuration.
cache1# disk manufacture /c0t2d0
cache1# disk manufacture /c0t3d0
cache1# disk manufacture /c0t4d0
cache1# disk manufacture /c0t5d0
cache1# disk manufacture /c0t6d0
cache1# disk manufacture /c0t7d0
In the following example, cache1 is connected to the SCSI 0 connector of the Storage Array and cache2 is connected to the SCSI 1 connector.
The disks of a fully populated six-disk Storage Array are initialized in a two-host, split-bus configuration.
cache1# disk manufacture /c0t2d0
cache1# disk manufacture /c0t3d0
cache1# disk manufacture /c0t4d0
cache2# disk manufacture /c0t2d0
cache2# disk manufacture /c0t3d0
cache2# disk manufacture /c0t4d0
The disk erase-all-partitions command unmounts all the currently mounted file systems on the specified device (disk) and erases all the partitions from the master boot record (sector 0).
To create only a DOS partition on the first disk, enter the following commands:
Console# disk erase-all-partitions
Console# disk partition boot
Related Commands
cfs
disk
dosfs
show disk-partitions
show disks
To configure the DNS cache, use the dns-cache global configuration command. To disable the DNS cache, use the no form of this command.
dns-cache size maxsize
Syntax Description
size Sets the DNS cache size. maxsize Specifies maximum number of cache records (4096-65536).
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Content size refers to the maximum number of DNS entries to be stored at one time. Domain name resolution requires that at least one DNS name server be configured with the ip name-server command. The DNS cache goes online when the ip name-server command is configured, and goes offline when the last IP name-server configuration is deleted with the no ip name-server ip-address command.
Examples
Console(config)# dns-cache enable
Console(config)# dns-cache size 512
Console(config)# no dns-cache enable
Console(config)# no dns-cache size
Related Commands Related Comands
ip name-server
clear dns-cache
show dns-cache
dnslookup
show statistics dns-cache
To resolve a host or domain name to an IP address, use the dnslookup EXEC command.
dnslookup {host | domain-name}
Syntax Description
host Name of host on network. domain_name Domain name.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# dnslookup myhost
official hostname: myhost.cisco.com
address: 172.41.69.11
Console#dnslookup cisco.com
official hostname: cisco.com
address: 198.133.219.25
Console#dnslookup 41.69.11
official hostname: 41.69.11
address: 41.69.0.11
To configure the DOS file system, use the dosfs EXEC command.
dosfs {check volname [force | verbose [force]] | format volname | label volname vol-label | mount volname {rdonly | rdwr} | repair {automatic | interactive} volname [force | verbose [force]] | sync syncdevice | unmount volname}
Syntax Description
check Checks DOS file system. volname Volume name. force (Optional.) Forces a check or repair. verbose (Optional.) Prints extra messages to screen. format Erases and formats a file system on a disk device. label Sets a device volume label. vol-label Label of volume. mount Mounts a disk or volume file system. rdonly Mounts volume as read-only. rdwr Mounts volume as read-write. repair Checks and repairs a uvfat/DOS file system. automatic Automatic (not interactive) repair. interactive Starts a user-interactive repair. sync Synchronizes a disk device. syncdevice Absolute device name. unmount Unmounts a disk or volume file system.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to format and mount the DOS file systems after partitioning disks. Use this command to repair DOS file systems that are causing errors.
The default configuration has only one DOS file system. This file system is created on the first disk in the system and has a special name "/local." This file system contains various files necessary for correct functioning of the CE.
The dosfs format command formats the dosfs partition to prepare it for a dosfs mount.
The dosfs mount command creates and maps data structures that map to the physical dosfs partition on the disk.
The dosfs unmount command frees the in-memory data structures that map to the physical dosfs partition on the disk.
Examples
Console# dosfs format /local
Related Commands Relatmands
cd
copy
cpfile
del
deltree
dir
ls
mkdir
mkfile
To turn on privileged commands, use the enable EXEC command.
enableSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
To return to privileged EXEC mode from user EXEC mode, use the enable command.
The disable command takes you from privileged EXEC mode back to user EXEC mode.
Examples
Console> enable
Console#
Related Commands Related Commands
disable
To exit global configuration mode, use the end global configuration command.
endSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Usage Guidelines
Use the end command to exit global configuration mode after completing any changes to the running configuration. To save new configurations to NVRAM, use the write command.
The Ctrl-Z command also exits global configuration mode.
Command Modes
Global configuration
Examples
Console(config)# end
Console#
Related Commands Related mands
exit
Ctrl-Z
To set error-handling options, use the error-handling global configuration command.
error-handling {reset-connection | send-cache-error | transparent}
Syntax Description
reset-connection Resets TCP connection without specifying any error. send-cache-error Sends CE error. transparent Makes the CE transparent to the client.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
With the transparent option enabled, end users can receive browser-generated messages rather than a CE-generated HTML page for errors that the CE encounters while processing a client request or response. Thus, the CE remains transparent (invisible) to the end user.
Transparent error reporting is implemented as follows:
Examples
Console# error-handling transparent
We recommend that the exception debug command be used only at the direction of Cisco Systems technical support personnel.
Command Modes
Global configuration
To configure the length of time that an inactive terminal session window will remain open, use the exec-timeout global configuration command. To disable the exec timeout, use the no form of this command.
exec-timeout timeout
Syntax Description
timeout Timeout in minutes (0 to 44,640).
Defaults
The default is 150 minutes.
Command Modes
Global configuration
Syntax Description Usage Guidlines
Use this command to establish the length of time, in minutes, that an inactive terminal session window will remain open.
Examples
Console(config)# exec-timeout 100
Console(config)# no exec-timeout
To exit any configuration mode or close an active terminal session and terminate an EXEC mode session, use the exit EXEC command.
exitSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC, global, and interface configuration
Usage Guidelines
Use the exit command in global configuration mode to return to EXEC mode. You can also press Ctrl-Z or use the end command from any configuration mode to return to EXEC mode.
Use the exit command in EXEC command mode to close an active terminal session and terminate the EXEC mode session.
Examples
Console# exit
Related Commands Relateands
end
Use the ftp global configuration command to configure FTP caching services on the CE. Use the no form of the command to selectively disable options.
ftp {age-multiplier directory-listing dl_time file fo_time | max-ttl {days directory-listing dlmax_days file fmax_days | hours directory-listing dlmax_hours file fmax_hours | minutes directory-listing dlmax_ min file fmax_min | seconds directory-listing dlmax_ sec file fmax_sec} | min-ttl min_minutes | object max-size size | proxy {anonymous-pswd passwd | incoming port | outgoing host {hostname | ipaddress} port | reval-each-request {all | directory-listing | none} | serve-ims directory-listing age_percent file age_percent}
Syntax Description
age-multiplier FTP caching heuristic modifiers. directory-listing Heuristic modifier for directory listing objects. dl_time Expiration time of directory listing objects as a percentage of their age (0-100). The default is 30. file Heuristic modifier for file objects. fo_time Expiration time of file objects as a percentage of their age (0-100). max-ttl Sets maximum Time To Live for objects in the cache. days Sets maximum Time To Live units in days. directory-listing Sets maximum Time To Live for directory listing objects in days. dlmax_days Specifies maximum Time To Live in days for directory listing objects (1-1825). The default is 7 days. file Sets maximum Time To Live for file objects in days. fmax_days Specifies the maximum Time To Live in days (1-1825). The default is 3 days. hours Sets maximum Time To Live units in hours. directory-listing Sets maximum Time To Live for directory listing objects in hours. dlmax_hours Specifies maximum Time To Live for directory listing objects in hours (1-43800). The default is 72 hours. file Sets maximum Time To Live for file objects in hours. fmax_hours Specifies the maximum Time To Live for file objects in hours (1-43800). minutes Sets maximum Time To Live units in minutes. directory-listing Sets maximum Time To Live for directory listing objects in minutes. dlmax_ min Specifies the maximum Time To Live for directory listing objects in minutes (1-2628000). The default is 4320 minutes. file Sets maximum Time To Live for file objects in minutes. fmax_min Specifies the maximum Time To Live for file objects in minutes (1-2628000). The default is 10080 minutes. seconds Sets maximum Time To Live units in seconds. directory-listing Sets maximum Time To Live for directory listing objects in seconds. dlmax_ sec Specifies the maximum Time To Live for directory listing objects in seconds (1-157680000). The default is 259200 seconds. file Sets maximum Time To Live for file objects in seconds. fmax_sec Specifies the maximum Time To Live for file objects in seconds (1-157680000). The default is 604800 seconds. min-ttl Sets minimum Time To Live for FTP objects in cache. min_minutes Specifies the minimum Time To Live in minutes for FTP objects in cache (0-86400). object Sets configuration of FTP objects. max-size Sets maximum size of a cachable object. size Specifies the maximum size of a cachable object in KB (1-1048576). proxy Sets proxy configuration parameters. anonymous-pswd Sets anonymous password string (for example, wwwuser@cisco.com). passwd Specifies the anonymous password. The default is anonymous@hostname. incoming Sets the incoming port for proxy-mode requests. port Specifies up to eight ports to listen for requests (1-65535). outgoing Sets parameters to direct outgoing FTP requests to another proxy server. host Sets outgoing FTP proxy host parameters. hostname Specifies the hostname of the outgoing FTP proxy. ipaddress Specifies the IP address of the outgoing FTP proxy. port Specifies the port of the outgoing FTP proxy (1-65535). reval-each-request Sets scope of revalidation for every request. all Revalidates all objects on every request. directory-listing Revalidates directory listing objects on every request. none Does not revalidate for each request. serve-ims Sets the handling of "if-modified-since" requests. directory-listing Modifies handling of "if-modified-since" requests for directory listing objects. age_percent Specifies the percentage of age to serve the object without revalidation (0-100). The default is 50. file Modifies handling of if-modified-since requests for file objects. age_percent Specifies percentage of age to serve the object without revalidation (0-100). The default is 80.
The default is 60.
The default is 168 hours.
Defaults
Command Modes
Global configuration
Usage Guidelines
The CE can handle ftp:// style FTP requests over HTTP transport in proxy mode.
When the CE receives an FTP request from the Web client, it first looks in its cache. If the object is not in its cache, it fetches the object from an upstream FTP proxy server (if one is configured), or directly from the origin FTP server.
The CE caches both the FTP file objects and directory listings. The content (directory listings and files) is stored in CFS.
The FTP proxy supports passive and active mode for fetching files and directories. Passive mode is the default. The CE automatically changes to active mode if passive mode is not supported by the FTP server.
The FTP proxy supports anonymous as well as authenticated FTP requests. Only base64 encoding is supported for authentication. The FTP proxy accepts all FTP URL schemes defined in RFC 1738. In the case of a URL in the form ftp://user@site/dir/file, the proxy sends back an authentication failure reply and the browser supplies a popup window for the user to enter login information.
The FTP proxy supports commonly used MIME types, attaches the corresponding header to the client, chooses the appropriate transfer type (binary or ASCII), and enables the browser to open the FTP file with the configured application. For unknown file types, the proxy uses binary transfer as default and instructs the browser to save the download file instead of opening it. The FTP proxy returns a formatted directory listing to the client if the FTP server replies with a known format directory listing. The formatted directory listing has full information about the file or directory and provides the ability for users to choose the download transfer type.
The CE caches FTP traffic only when the client uses the CE as a proxy server for FTP requests. All FTP traffic that was sent directly from the Web client to an FTP server, if transparently intercepted by the CE, is treated as non-HTTP traffic.
The FTP proxy supports up to eight incoming ports. It can share the ports with transparent-mode services and also with the other proxy-mode protocols supported by the CE, such as HTTP and HTTPS. In proxy-mode, the CE accepts and services the FTP requests only on the ports configured for FTP proxy. All the FTP requests on other proxy-mode ports are rejected in accordance with the error-handling settings on the CE.
The CE can apply the rules template to FTP requests based on server name, domain name, server IP address and port, client IP address, and URL.
The CE logs FTP transactions in the transaction log, in accordance with the Squid syntax. When URL tracking is enabled, the CE logs FTP transaction information to the syslog. The syslog entries are prefixed with <ftp>.
Examples
This example configures an incoming FTP proxy on ports 8080, 8081, and 9090. Up to eight incoming proxy ports can be configured on the same command line.
CE(config)# ftp proxy incoming 8080 8081 9090
This example removes one FTP proxy port from the list entered in the previous example. Ports 8080 and 9090 remain FTP proxy ports.
CE(config)# no ftp proxy incoming 8081
This example disables all the FTP proxy ports.
CE(config)# no ftp proxy incoming
This example configures an upstream FTP proxy with the IP address 172.76.76.76 on port 8888.
CE(config)# ftp proxy outgoing host 172.76.76.76 8888
This example specifies an anonymous password string for the CE to use when contacting FTP servers. The default password string is anonymous@hostname.
CE(config)# ftp proxy anonymous-pswd newstring@hostname
This example configures the maximum size in kilobytes of an FTP object that the CE will cache. By default, the maximum size of a cachable object is not limited.
CE(config)# ftp object max-size 15000
This example forces the CE to revalidate all objects for every FTP request.
CE(config)# ftp reval-each-request all
This example configures a maximum Time To Live of 3 days in cache for directory listing objects and file objects.
CE(config)# ftp max-ttl days directory-listing 3 file 3
Related Commands
rule use-proxy
show ftp
To configure an interface for full-duplex operation, use the fullduplex interface configuration command. To disable this function, use the no form of this command.
fullduplexSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Interface configuration
Usage Guidelines
Use this command to configure an interface for full-duplex operation. Full-duplex operation allows data to travel in both directions at the same time. A half-duplex setting ensures that data only travels in one direction at any given time. If you encounter excessive collisions or network errors, try configuring the interface for half duplex rather than full duplex.
Examples
Console(config-if)# fullduplex
Console(config-if)# no fullduplex
Related Commands Related Commands
halfduplex
To specify the number of the CE management graphical user interface (GUI) server port, use the gui-server global configuration command. To disable the GUI server port, use the no form of the command.
gui-server {enable | port port}
Syntax Description
enable Enables the graphical user interface. port Configures the graphical user interface server port. port Port number (1-65535).
Defaults
The default port is 8001.
Command Modes
Global configuration
Examples
The following example enables the CE management GUI on port 8002.
CE(config)# gui-server enable
CE(config)# gui-server port 8002
Related Commands
show gui-server
To configure an interface for half-duplex operation, use the halfduplex interface configuration command. To disable this function, use the no form of this command.
halfduplexSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Interface configuration
Usage Guidelines
Use this command to configure an interface for half-duplex operation. Full-duplex operation allows data to travel in both directions at the same time. A half-duplex setting ensures that data only travels in one direction at a time. If you encounter collisions or other network errors, try configuring an interface for half duplex rather than full duplex.
Examples
Console(config-if)# halfduplex
Console(config-if)# no halfduplex
Related Commands Related Commands
fullduplex
To get online help for the command-line interface, use the help EXEC or global configuration command.
helpSyntax Description
This command has no arguments or keywords.
Command Modes
EXEC, global configuration
Usage Guidelines
Two styles of help are provided:
Examples
Console# help
Help may be requested at any point in a command by entering a question mark '?'. If
nothing matches, the help list will be empty and you must backup until entering a '?'
shows the available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. 'show ?') and describes each possible
argument.
2. Partial help is provided when an abbreviated argument is entered
and you want to know what arguments match the input
(e.g. 'show stat?'.)
Console# show stat?
statistics
Console# show stat ?
authentication Authentication Statistics
bypass Display Bypass Statistics
cfs Display Cache File System statistics
dns-cache DNS-Cache Statistics
ftp Display FTP caching statistics
To configure the CE network name, use the hostname global configuration command. To reset the host name to the default setting, use the no form of this command.
hostname name
Syntax Description
name New host name for the CE; the name is case sensitive. The name may be from 1 to 22 alphanumeric characters.
Defaults
The default host name is the CE model number (CE505, CE550, CE560, CE570, CE590, and so forth).
Command Modes
Global configuration
Usage Guidelines
Use this command to configure the host name for the CE. The host name is used for the command prompts and default configuration filenames.
Examples
The following example changes the host name to sandbox:
Console(config)# hostname sandbox
sandbox(config)#
Console(config)# no hostname
CE550(config)#
To configure HTTP-related parameters, use the http global configuration command. To disable HTTP related-parameters, use the no form of this command.
http {age-multiplier {text texttime binary bintime} | append {ldap-proxy-auth-header {hostname | ipaddress}| via-header | x-forwarded-for-header} | authenticate-strip-ntlm | cache-authenticated | cache-cookies | cache-miss revalidate | cache-on-abort {enable | max maxthresh | min minthresh | percent percenthresh} | cluster max-delay delayseconds misses totalmisses | l4-switch enable | max-ttl {days text textdays binary bindays | hours text texthours binary binhours | minutes text textminutes binary binminutes | seconds text textseconds binary binseconds} | min-ttl minutes | object {max-size maxsize | url-validation enable} | persistent-connections {enable | max-idle connections | timeout secs [max-idle connections]} | proxy {incoming port | outgoing {host {hostname | ipaddress} port [primary]} | monitor seconds | origin-server} | reval-each-request {all | none | text} | serve-ims text textpercentage binary binpercentage}
Syntax Description
age-multiplier HTTP/1.0 caching heuristic modifiers. text Heuristic modifier for text object. texttime Expiration time of text objects as a percentage of their age (0-100). binary Heuristic modifier for binary object. bintime Expiration time of binary objects as a percentage of their age (0-100). append Configures HTTP headers to be included by CE. ldap-proxy-auth-header Forwards "Proxy Authorization" headers in outbound requests. hostname Host name of upstream proxy or server that will perform LDAP authentication. ipaddress IP address of upstream proxy or server that will perform LDAP authentication. via-header Includes "Via" header in responses and replies. x-forwarded-for-header Notifies Web server of client's IP address through "X-Forwarded-For" header. authenticate-strip-ntlm Strips NT LAN Manager (NTLM) authentication headers. cache-authenticated Caches and revalidates authenticated Web objects. cache-cookies Caches Web objects with associated cookies. cache-miss Configuration for the handling of "no-cache" requests. retrieve Retrieves the object from the point of origin. revalidate Revalidates the object with the origin before serving. cache-on-abort Sets cache-on-abort configuration options. enable Enables cache-on-abort feature. max Sets maximum threshold. maxthresh Value in kilobytes of maximum threshold (1-99999). Default is 256. min Sets minimum threshold. minthresh Value in kilobytes of minimum threshold (1-99999). Default is 32. percent Sets percent threshold. percenthresh Percentage value (1-99). Default is 80 percent. cluster Sets cache cluster configuration options. max-delay Maximum delay to wait for a response. delayseconds Maximum delay in seconds (0-10). misses Duration of healing mode (misses). totalmisses Total number of misses before healing is disabled (0-999). l4-switch enable Enables Layer 4 switch redirection. max-ttl Maximum Time To Live for objects in the cache. days Sets maximum Time To Live for units in days. hours Sets maximum Time To Live for units in hours. minutes Sets maximum Time To Live for units in minutes. seconds Sets maximum Time To Live for units in seconds. text Sets maximum Time To Live for text objects. binary Sets maximum Time To Live for binary objects. days Specifies maximum Time To Live for units in hours. hours Specifies maximum Time To Live for units in hours. minutes Specifies maximum Time To Live for units in minutes. seconds Specifies maximum Time To Live for units in seconds. min-ttl Sets minimum time for objects to live. minutes Specifies minimum time to live in minutes (0-86400). object Sets URL validation and maximum size of HTTP objects. max-size Sets the maximum size of a cachable object. maxsize Maximum size of a cachable object in kilobytes (1-1048576). url-validation enable Enables each HTTP validation request. persistent-connections Persistent connections configuration options. enable Enables persistent connections. max-idle Sets maximum number of idle persistent connections. connections Maximum number of idle persistent connections (1-4096). timeout secs Persistent connections timeout in seconds (1-86400). proxy Configuration parameters for proxy mode. incoming Configuration for incoming proxy-mode requests. port Port on which to listen for incoming HTTP proxy requests (1-65535). Default is port 8080. outgoing Configuration to direct outgoing request to another proxy server. host Use outgoing HTTP proxy. hostname Hostname of outgoing proxy. ipaddress IP address of outgoing proxy. port Port number of outgoing proxy (1-65535). primary (Optional.) Makes the proxy being configured the primary proxy server. monitor Interval at which to monitor the outgoing proxy servers. seconds Monitoring interval in seconds (10-300). origin-server Use origin server if all proxies are failed. reval-each-request Configuration of revalidation for every request. all Revalidates all objects on every request. none Does not revalidate for each request. text Revalidates text objects on every request. serve-ims Configuration for the handling of if-modified-since (IMS) requests for text objects. text Modifies handling of if-modified-since requests for text objects. textpercentage Percentage of age to serve the text object without revalidation (0-100). binary Modifies handling of if-modified-since requests for binary objects. binpercentage Percentage of age to serve the binary object without revalidation (0-100).
Defaults
See the corresponding syntax description for default values.
Command Modes
Global configuration
Usage Guidelines
Use these commands to configure specific parameters for caching HTTP objects.
Note Text objects refer to HTML pages. Binary objects refer to all other Web objects (for example, GIFs or JPEGs). |
If a cached object's HTTP header does not specify an expiration time, the age-multiplier and max-ttl options provide a means for the CE to age cached objects. The CE's algorithm to calculate an object's cache expiration date is as follows:
Expiration date = (Today's date - Object's last modified date) * Freshness factor
The freshness factor is computed from the text and binary percentage parameters of the age-multiplier command. Valid age-multiplier values are 0 to 100 percent of the object's age. Default values are 30 percent for text and 60 percent for binary objects. After the expiration date, the object is considered stale and subsequent requests result in a fresh retrieval by the CE.
The max-ttl option sets the upper limit on estimated expiration dates. An explicit expiration date in the HTTP header takes precedence over the configurable TTL (Time To Live).
The serve-ims option responds to an if-modified-since request issued from a client browser by serving the object directly from the cache without revalidating with the origin server whether the object is less than the configured percentage of its maximum age.
The cache-cookies option enables the CE to cache binary served with HTTP set-cookies headers and no explicit expiration information.
The cache-authenticated option enables the CE to cache authenticated content. If this command is enabled, the CE will not serve authenticated objects without first revalidating the authentication header attached to the cached object.
The reval-each-request option enables the CE to revalidate all objects requested from the cache, text objects only, or none at all.
The cache-miss revalidate option revalidates a cache-miss request forced by the client (shift-reload). The cache-miss retrieve option forces a new object retrieval.
Use the object max-size option to specify the maximum size in kilobytes of a cachable object. The default is no maximum size for a cachable object. The no form of the command resets the default value.
The cluster option modifies the healing mode parameters. A cluster refers to a group of two or more CEs within a single WCCP Version 2 environment. Healing mode describes the addition of a CE to an existing network, and the resulting "healing" time it takes to fill the cache with content. To disable healing mode, you must set the number of misses to 0.
The proxy mode option enables the CE to operate in environments where WCCP is not enabled, or where client browsers have previously been configured to use a legacy proxy server. You must configure the proxy incoming port to accept proxy-style requests using the proxy incoming port option.
To configure the CE to direct all HTTP miss traffic to a parent cache (without using ICP or WCCP), use the proxy outgoing hostname port option, in which hostname is the system name or IP address of the outgoing proxy server, and port is the port number designated by the outgoing (upstream) server to accept proxy requests.
The cache-on-abort option provides user-defined thresholds to determine whether or not the CE will complete the download of an object when the client has aborted the request. When the download of an object aborts before it is completed, the object is not stored on the CE or counted in the hit-rate statistics. Client abort processing occurs when a client of the CE aborts the download of a cachable object before the download is complete. Typically, a client aborts a download by clicking the Stop icon on the browser, or by closing the browser during a download.
If the cache-on-abort option is enabled and all cache-on-abort thresholds are disabled, then the CE always aborts downloading an object to the cache. If the CE determines that there is another client currently requesting the same object, downloading is not aborted. The CE only applies those thresholds that have been enabled.
Configure the http ldap-proxy-auth-header global configuration option when the CE and an upstream server or proxy is performing LDAP authentication.
To prevent disclosure of a user's proxy authentication credentials to another host, the CE removes the HTTP Proxy-Authorization header from the HTTP request when it forwards the request. With LDAP authentication it is important that upstream proxies share the authentication credentials carried in the header. To prevent the CE from stripping out the HTTP Proxy-Authorization header, enter the
http append ldap-proxy-auth-header global configuration command. The CE will forward the Proxy-Authorization header with credentials to the specified host name or IP address.
HTTP Proxy Failover
The http proxy outgoing option can configure backup proxy servers for the HTTP proxy failover feature. One proxy server functions as the primary proxy server and all requests are redirected to it. If the primary proxy server fails to respond to the HTTP CONNECT, the server is noted as failed and the requests are redirected to the next outgoing proxy server until one of the proxies service the request.
To explicitly designate the primary proxy, use the primary keyword. If several proxies are configured with the primary keyword, the last one configured overrides the others. Failover to a proxy server occurs in the order the proxy servers were configured. In the event that all the configured proxy servers fail, the CE can optionally redirect requests to the origin server if the user enters the http proxy outgoing origin-server option. If the user has configured the origin-server option, the CE directs HTTP requests to the original server specified in the HTTP header. If the option is not enabled, the client receives the error. Response errors and read errors are returned to the client, since it is not possible to detect whether these errors are generated at the origin server or at the proxy. Up to eight outgoing proxy servers can be configured for a single CE.
The state of the proxy servers is maintained by active monitoring, which occurs in the background. The state of the proxy servers can be seen in the CLI and syslog NOTICE messages. This interval is configured with the http proxy outgoing monitor option. This outgoing monitor interval is the frequency with which a single proxy server is polled. Only one proxy server is polled per interval. If more than one proxy server is configured, the delay is in multiple intervals of the monitor value. If one of the proxy servers is unavailable, the polling mechanism waits for the connect timeout before polling the next server.
The configuration specified by the rule command has precedence over any other configured proxy server. If an administrator created a use-proxy rule, the HTTP request is directed only to the proxy specified by the rule. For example:
Requests to the domain "cisco.com" fail over to the backup proxies if ipaddr1 is unavailable. Any other rule that uses ipaddr1 fails over to the backup proxies when ipaddr1 fails. Each request is checked to determine if the protocol supports failover (currently, only HTTP). If so, those requests failover to the list of outgoing proxies configured with the http proxy outgoing host option. In the event that all proxy servers fail, the failover of the rule command sends the request to the origin server if the http proxy outgoing origin-server option is entered.
Requests with destinations included in the proxy-protocols outgoing-proxy exclude list bypass the CE proxy as well as the failover proxies.
When an HTTP request intended for another proxy server is intercepted by the CE in transparent mode, the CE forwards the request to the intended proxy server if the proxy-protocols transparent original-proxy command was entered.
The proxy failover feature currently supports only HTTP, and not HTTPS or FTP.
The persistent-connections enable command enables persistent connections on the CE. To configure the number of seconds the CE should wait for a connection response before it times out, use the timeout option. To set the number of seconds that the CE should allow an idle persistent connection to remain open, use the max-idle option.
The http object url-validation option has a dependency with the ip name-server CLI command. When the ip name-server option is not configured (for example, during transparent proxy), http object url-validation is dynamically turned off. When the ip name-server option is configured, http object url-validation is turned on automatically if and only if it was enabled.
Caution URL validation is on by default. Cisco Systems strongly recommends that you keep URL validation enabled, because disabling URL validation might make the CE vulnerable to corruption from the HTTP objects in the cache. |
Use the exclude list option in the http proxy outgoing global configuration command to specify domains for which the CE will not use an upstream proxy.
Only one domain can be specified per command line. To specify multiple domains for proxy exclusion, iteratively execute the command for each domain. In the following example, cisco.com and the address 10.9.8.7 are proxy-excluded.
Console(config)# http proxy outgoing exclude list cisco.com
Console(config)# http proxy outgoing exclude list 10.9.8.7
The maximum number of no-proxy domains is 64. The CE will not use an upstream proxy for any domain that ends with a listed domain name. For example, if you specify cisco.com, the configured outgoing proxy server will be bypassed each time the CE tries to retrieve a Web page from videos.cisco.com, or personals.cisco.com.
For IP addresses, enter the full IP address or use the asterisk "*" as a wildcard for IP address fields as follows:
172.16.1.*
172.16.*.*
172.*.*.*
The syntax 172.16.*.* indicates that all requests to the domain host of 172.16.xxx.xxx will be excluded. Wildcard syntax does not support "0" or "?".
The following forms of wildcard specification are not supported:
172.*.10.2
172.31.1*.8
Examples
In this example, the host 10.1.1.1 on port 8088 is designated the primary proxy server, and host 10.1.1.2 is a backup proxy server.
CE(config)# http proxy outgoing host 10.1.1.1 8088 primary
CE(config)# http proxy outgoing host 10.1.1.2 220
In this example, the CE is configured to redirect requests directly to the origin server in the event that all of the proxy servers fail.
CE(config)# http proxy outgoing origin-server
In this example, the CE is configured to monitor the proxy servers every 120 seconds.
CE(config)# http proxy outgoing monitor 120
To disable any of the above, use the no version of the command.
Proxy Failover Show Commands
Console# show http proxy
Incoming Proxy-Mode:
Servicing Proxy mode HTTP connections on ports: 8080
Outgoing Proxy-Mode:
Primary proxy server: 172.69.63.150 port 1 Failed
Backup proxy servers: 172.69.236.151 port 8005
172.69.236.152 port 123
172.69.236.153 port 65535 Failed
172.69.236.154 port 10
Proxy monitor interval: 60 seconds
Use Origin Server upon Proxy Failure.
Statistics
Console# show statistics http requests
Statistics - Requests
Total % of Requests
---------------------------------------------------
Total Received Requests: 43 -
Forced Reloads: 0 0.0
Near Hits: 0 0.0
Server Errors: 0 0.0
URL Blocked: 0 0.0
Sent to Outgoing Proxy: 32 74.4
Failures from Outgoing Proxy: 0 0.0
Excluded from Outgoing Proxy: 11 25.6
ICP Client Hits: 0 0.0
ICP Server Hits: 0 0.0
HTTP 0.9 Requests: 0 0.0
HTTP 1.0 Requests: 43 100.0
HTTP 1.1 Requests: 0 0.0
HTTP Unknown Requests: 0 0.0
Non HTTP Requests: 0 0.0
Non HTTP Responses: 0 0.0
Chunked HTTP Responses: 0 0.0
Flow-controlled HTTP streams: 2 4.7
Http Miss Due To DNS: 0 0.0
Http Deletes Due to DNS: 0 0.0
Objects cached for min ttl: 0 0.0
Console# show statistics http proxy out
HTTP Outgoing Proxy Statistics
Attempts Failures Successes Cleared
----------------------------------------------------
10.1.1.1: 0 1 0 0
172.31.227.111: 32 0 0 40
Requests when all proxies were failed: 0
Console(config)# http append ldap-proxy-auth-header ?
Hostname or A.B.C.D IP address or hostname of proxy/server to receive proxy-auth headers
Console(config)# http append ldap-proxy-auth-header 172.16.1.1
Console(config)# http age-multiplier text 30 bin 60
Console(config)# http reval-each-request text
Console(config)# no http age-multiplier text 30 bin 60
Console(config)# no http reval-each-request text
Console(config)# http cache-on-abort enable
Console(config)# no http cache-on-abort
Console(config)# http cache-on-abort min 16
Console(config)# no http cache-on-abort min
Related Commands
ldap
proxy-protocols
rule no-proxy
rule use-proxy
show http
show http proxy
show ldap
show statistics http requests
show statistics http proxy outgoing
Use the https global configuration command to configure the CE for HTTPS proxy services.
https {destination-port {allow {port | all} | deny {port | all}} | proxy {incoming port |
Syntax Description
destination-port Destination port restrictions proxy. allow Allows HTTPS traffic to ports. port Port numbers on which to listen for HTTPS requests (1-65535). all Listens to all ports from 1 to 65535. deny Denies HTTPS traffic to ports. proxy Sets configuration parameters for proxy mode. incoming Sets configuration for incoming proxy-mode requests. port Port numbers on which to listen for HTTPS requests (1-65535). outgoing Sets configuration to direct outgoing requests to another proxy server. host Uses outgoing HTTPS proxy. hostname Hostname of outgoing proxy. address IP address of outgoing proxy. port Port of outgoing proxy (1-65535).
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Supports proxy on multiple ports (1-8) https proxy incoming port_1-65535 . . . (up to 8 ports) Shares proxy ports with transparent services Configures a WCCP service and an HTTPS incoming proxy on the same port. Shares proxy ports with other proxy protocol services https proxy incoming port_1-65535 . . . (up to 8 ports) Restricts proxy protocols on specific ports https destination-port {allow | deny} port_1-65535 ... (up to 8 ports) Configures outgoing HTTPS proxy server proxy-protocols outgoing-proxy exclude . . . Original versus default outgoing HTTPS proxy proxy-protocols transparent {default-server | original-proxy} Uses global exclude lists for HTTPS proxy proxy-protocols outgoing-proxy exclude . . . Handles in transparent mode an HTTPS request bound for another proxy host proxy-protocols transparent {default-server | original-proxy}
HTTPS Proxy Features
Related CLI Commands (Abbreviated Syntax)
wccp service-number . . .
wccp port-list . . .
wccp custom-web-cache . . .
(up to 8)
https proxy outgoing host {hostname | ip_address} port_1-65535
decision process
The order in which the CLI commands are entered is not important.
The CE with software version 2.2.0 supports HTTPS in the following two scenarios:
In both cases the CE creates a connection to the origin server (directly or through another proxy server) and allows the Web client and origin server to set up an SSL tunnel through the CE.
HTTPS traffic is encrypted and cannot be interpreted by the CE or any other device between the Web client and the origin server. HTTPS objects are not cached.
Because HTTPS does not provide headers used for most rule matching, the CE can only apply rules that are based on server name, domain name, or server IP address and port. See the "rule" section for further information.
The CE as an HTTPS proxy server supports up to eight ports. It can share the ports with transparent-mode services and with HTTP. In proxy mode, the CE accepts and services the HTTPS requests on the ports specified with the https proxy incoming command. All HTTPS requests on other proxy-mode ports are rejected in accordance with the error-handling settings on the CE. In transparent mode, all HTTPS proxy-style requests intended for another HTTPS proxy server are accepted. The CE acts on these transparently received requests in accordance with the proxy-protocols transparent command.
When the CE is configured to use an HTTPS outgoing proxy with the https proxy outgoing host command, all incoming HTTPS requests are directed to this outgoing proxy. The proxy-protocols outgoing-proxy exclude command creates a global proxy exclude list effective for all proxy server protocols including HTTPS. The CE applies the following logic when an outgoing proxy server is configured:
When a CE intercepts a proxy request intended for another proxy server and there is no outgoing proxy configured for HTTPS, and the proxy-protocols transparent default-server command is invoked, the CE addresses the request to the destination server directly and not to the client's intended proxy server.
Statistics Reporting
Only connection statistics are reported. Because requests and responses are sent through the secure tunnel, the CE is not able to identify the number of requests sent, or the number of bytes per request. Thus, the request and transaction per second (TPS) statistics are not available for HTTPS.
Transaction Logging
The CE logs HTTPS transactions in the transaction log in accordance with Squid syntax. One log entry is made for each HTTPS connection, although many transactions are performed per connection. The CE is not aware of objects conveyed through the SSL tunnel, only the HTTPS server name,
Syslog and URL Tracking
When URL tracking is enabled, the CE logs HTTPS transaction information to the syslog file. The syslog entries have the prefix <https>. For HTTPS, there are no "misses" or "hits." Because the CE ignores objects transferred through an SSL tunnel, there is only one URL tracking entry per HTTPS connection (similar to the transaction log).
Examples
In this example, the CE is configured as an HTTPS proxy server, and accepts HTTPS requests on ports 81, 8080, and 8081.
CE(config)# https proxy incoming 81 8080 8081
In this example, the CE is configured to forward HTTPS requests to an outgoing proxy server (10.1.1.1) on port 8880.
CE(config)# https proxy outgoing host 10.1.1.1 8880
In this example, HTTPS destination port connection requests are denied for ports 20, 21, 23, and 119.
CE(config)# https destination-port deny 20 21 23 119
In this example, a domain name is excluded from being forwarded to the outgoing proxy server.
CE(config)# proxy-protocols transparent default-server
CE(config)# proxy-protocols outgoing-proxy exclude enable
CE(config)# proxy-protocols outgoing-proxy exclude list cruzio.com
Related Commands
proxy-protocols
http proxy
show proxy-protocols
show http proxy
To configure the Internet Cache Protocol (ICP) client and server, use the icp global configuration command. To disable the ICP client and server, use the no form of this command.
icp {client {{add-remote-server {hostname | ipaddress} {parent | sibling} icp-port icpport http-port httpport [restrict domainnames]} | enable | exclude domainnames | max-fail retries | max-wait timeout | modify-remote-server {hostname | ipaddress} {http-port port | icp-port port | parent | restrict domainnames | sibling}} | server {enable | http-port httpport | port icpport | remote-client {hostname | ipaddress} {fetch | no-fetch}}}
Syntax Description l
client Sets ICP client functionality. add-remote-server Adds an ICP client remote server. hostname Specifes host name of remote server. ipaddress Specifies IP address of remote server. parent ICP server acts like a parent. sibling ICP server acts like a sibling. icp-port ICP port. icpport Sends remote requests to this ICP port number (0-65535). http-port HTTP port. httpport Sends HTTP requests to this port number (0-65535). restrict Sets restricted list of domains. domainnames Specifes space delimited restricted domain list enable Enables the ICP client. exclude ICP client local domains that are excluded. domainnames Space-delimited local domain list. max-fail Maximum number of retries allowed. retries Number of retries (0-100). max-wait Maximum wait for ICP responses before timeout occurs. timeout Timeout period for ICP responses in seconds (0-30). modify-remote-server Modifies the ICP client remote server parameters. hostname Specifes host name of remote server. ipaddress Specifies IP address of remote server. http-port HTTP port. httpport Sends HTTP requests to this port number (0-65535). icp-port ICP port. icpport Sends ICP requests to this port number (0-65535). parent ICP remote server acts like a parent. restrict Sets restricted list of domains. domainnames Specifies space-delimited local domain list. sibling ICP remote server acts like a sibling. server ICP server functionality. enable Enables the ICP client. http-port HTTP port. httpport Sends HTTP requests to this port number (0-65535). port ICP server port that listens for ICP requests. icpport Sends ICP requests to this port number (0-65535). remote-client ICP server remote client. hostname Specifes host name of remote client. ipaddress Specifies IP address of remote client. fetch ICP remote client will fetch cache miss. no-fetch ICP remote client will not fetch cache miss.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Use these commands to establish and configure the ICP server and client functionality of the CE. Configurations made without enabling ICP functionality will be stored within the configuration until removed. To enable the ICP server or client functionality, use the icp {server | client} enable command. Be sure to enable the ICP on any other CEs or ICP servers or clients within the ICP environment to ensure proper service. You can monitor the statistical data of the ICP service using the show statistics icp EXEC command.
Examples
Console(config)# icp client enable
Icp Client started
Console(config)# no icp client enable
Icp Client disabled
Related Commands Related Commands
show icp client
show icp server
show statistics icp
To configure, enable, and disable TCP/IP services, use the inetd global configuration command. To disable TCP/IP services, use the no form of this command.
inetd enable service concurrent_tasks
Syntax Description
enable Enables TCP/IP service. service Name of the service to be enabled: echo, discard, chargen, TFP, RCP, Telnet, and TFTP. concurrent_tasks Maximum number of concurrent sessions supported for the specified service (1-20).
Command Modes
Global configuration
Defaults
echo: Disabled.
discard: Disabled.
chargen: Disabled.
ftp: Five sessions.
rcp: Five sessions.
tftp: Five sessions.
telnet: Three sessions.
Usage Guidelines
Use these commands to configure the parameters of TCP/IP services on the CE. The limit for any service is a maximum of 20 tasks. Use the show inetd command to list current inetd configurations and the number of current tasks running.
Examples
Console(config)# inetd enable ftp 5
Console(config)# no inetd enable ftp
Related Commands Related Comands
show inetd
To install a new version of CE software, use the install EXEC command.
install paxfilename
Syntax Description
paxfilename Name of the .pax file you want to install.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Install and run the .pax file from the /local directory only. When the install command is executed, the .pax file is expanded. The expanded files overwrite the existing files in the CE. The newly installed version takes effect after the system image is reloaded.
Examples
Console# install ce25.pax
Related Commands Related Commands
reload
To configure an Ethernet or SCSI interface, use the interface global configuration command. To disable an Ethernet or SCSI interface, use the no form of this command.
interface ethernet number
Syntax Description
ethernet Ethernet IEEE 802.3 interface to configure. number 0 or 1; Ethernet interface number.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Use the interface command to begin interface configuration, such as setting an IP address for an interface, a subnet mask for an interface, broadcast address, or manually setting the speed or duplex mode.
Examples
Console(config)# interface ethernet 0
Console(config-if)# ?
Configure Interface commands:
autosense Interface autosense
bandwidth Interface speed
exit Exit from interface mode
fullduplex Interface fullduplex
halfduplex Interface halfduplex
ip Interface Internet Protocol Config commands
no Negate a command or set its defaults
Console(config-if)# exit
Console(config)#
Console(config)# no interface ethernet 0
Related Commands Related Commands
show interface
To configure the IP interface, use the ip interface configuration command. To disable this function, use the no form of this command.
ip {address ip-address ip-subnet | broadcast-address ip-address}
Syntax Description
address Sets the IP address of an interface. broadcast-address Sets the broadcast address of an interface. ip-address IP address. ip-subnet IP subnet mask.
Defaults
No default behavior or values
Command Modes
Interface configuration
Usage Guidelines
Use this command to set or change the IP address and subnet mask of the CE (interface ethernet 0). The CE requires a reboot in order for the new IP address to take effect.
Examples
Console(config-if)# ip address 10.10.10.10 255.0.0.0
Console(config-if)# no ip broadcast-address
To configure the IP addresses of the network hosts necessary for network connectivity, use the ip global configuration command.
ip {default-gateway ipaddress | domain-name domainname | name-server ipaddress | route destaddrs netmask gateway}
Syntax Description
default-gateway Specifies default gateway (if not routing IP). ipaddress IP address of default gateway. domain-name Specifies domain name. domainname Domain name. name-server Specifies address of name server. ipaddress IP address of name server. route Net route. destaddrs Destination route address. netmask Netmask. gateway Gateway address.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
To define a default gateway, use the ip default-gateway global configuration command. To delete the IP default gateway, use the no form of this command.
The CE uses the default gateway to route IP packets when there is no specific route found to the destination.
To define a default domain name, use the ip domain-name global configuration command. To remove the IP default domain name, use the no form of this command.
The CE appends the configured domain name to any IP host name that does not contain a domain name. The appended name is resolved by the DNS server and then added to the host table. The CE must have at least one domain name server specified for the host name resolution to work correctly. Use the ip name-server hostname command to specify domain name servers.
To specify the address of one or more name servers to use for name and address resolution, use the ip name-server global configuration command. To disable IP name servers, use the no form of this command.
For proper resolution of host name to IP address or IP address to host name, the CE uses DNS servers. Use the ip name-server command to point the CE to a specific DNS server. You can configure up to eight servers.
To configure static IP routing, use the ip route global configuration command. To disable an IP routing, use the no form of this command.
Use the ip route command to add a specific static route for a network host. Any IP packet designated to the specified host uses the configured route.
Examples
Console(config)# ip default-gateway 192.168.7.18
Console(config)# no ip default-gateway
Console(config)# ip route 172.16.227.128 ffffff80 172.16.227.250
Console(config)# no ip route 172.16.227.128 ffffff80 172.16.227.250
Console(config)# ip domain-name cisco.com
Console(config)# no ip domain-name
Console(config)# ip name-server 10.11.12.13
Console(config)# no ip name-server 10.11.12.14
Related Commands
show ip route
To configure the CE to perform user authentication with a Lightweight Directory Access Protocol (LDAP) server, use the ldap global configuration command.
ldap {authcache {auth-timeout minutes | max-entries entries} | client auth-header {401 | 407} | server {allow-mode | base baseword | filter filterword | host {hostname | hostipaddress} port portnumber | retransmit retries | timeout seconds | user-id-attribute useidword}}
Syntax Description
authcache Configures LDAP authentication cache parameters. auth-timeout Sets the timeout value of records in the authentication cache. minutes Specifies length in minutes between the user's last Internet access and the removal of that user's entry from the authorization cache, forcing reauthentication with the LDAP server (30-1440). Default is 480 minutes; minimum is 30 minutes; maximum is 1440 minutes (24 hours). max-entries Sets the maximum number of entries in the authentication cache. entries Specifies the maximum number of entries in the authentication cache (500-32000). Default values are as follows: Minimum is 50 percent of default value, Maximum is 200 percent of default value. client Configures LDAP client parameters. auth-header Specifies which HTTP header to use for authentication (user ID and password) when the style of the HTTP request indicates that no proxy server is present. Headers can be either HTTP 401 (server authentication) or HTTP 407 (proxy authentication). The default is HTTP 401. 401 Uses HTTP 401 to query users for credentials. 407 Uses HTTP 407 to query users for credentials. server Configures LDAP server parameters. allow-mode Allows HTTP traffic if the LDAP server does not respond. base Sets the base distinguished name of the starting point for the search in the LDAP database. baseword Specifies the base value. There is no default. filter Sets the LDAP filter for the authentication group. filterword Specifies text for the LDAP filter. There is no default. host Sets host parameters. hostname Specifies host name of the LDAP server. Two servers can be named. hostipaddress Specifies the IP address of the LDAP server. port Sets the TCP port for the LDAP authentication server. portnumber Specifies LDAP server port number (1-65535). The default is 389. retransmit Sets the number of retries to the active server. retries Specifies the number of retries. The default is 3 retries (1-10). timeout Sets the time to wait for an LDAP server to reply. seconds Specifies the waiting time in seconds (1-100). The default is 5 seconds; minimum is 1 second; maximum is 100 seconds. user-id-attribute Sets the user ID attribute on the LDAP server. useidword Specifies the value for the user ID attribute (default is "uid").
The default is enabled.
Defaults
See the corresponding parameter description for default values.
Command Modes
Global configuration
Usage Guidelines
An LDAP-enabled CE authenticates users with an LDAP server. With an HTTP query, the CE obtains a set of credentials from the user (user ID and password) and compares them against those in an LDAP server.
Software version 2.2.0 implements LDAP version 3 and supports all LDAP features except for Secure Authentication and Security Layer (SASL).
When the CE authenticates a user through the LDAP server, a record of that authentication is stored locally in the CE RAM (authentication cache). As long as the authentication entry is kept, subsequent attempts to access restricted Internet content by that user do not require LDAP server lookups.
The ldap authcache max-entries command sets the maximum number of authentication cache entries retained. The default values are as follows:
The ldap authcache auth-timeout command specifies how long an inactive entry can remain in the authentication cache before it is purged. Once a record has been purged, any subsequent access attempt to restricted Internet content requires an LDAP server lookup for reauthentication.
Proxy Mode LDAP Authentication
The events listed below occur when the CE is configured for LDAP authentication and one of the following two scenarios is true:
1. The CE examines the HTTP headers of the client request to find user information (contained in the Proxy-Authorization header).
2. If no user information is provided, the CE returns a 407 (Proxy Authorization Required) message to the client.
3. The client resends the request, including the user information.
4. The CE searches its authentication cache (based on user ID and password) to see if the client has been previously authenticated.
5. If a match is found, the request is serviced normally.
6. If no match is found, the CE sends a request to the LDAP server to find an entry for this client.
7. If the server finds a match, the CE allows the request to be serviced normally and stores the client's user ID and password in the authentication cache.
8. If no match is found, the CE again returns a 407 (Proxy Authorization Required) message to the client.
Transparent Mode LDAP Authentication
The events listed below occur when the CE is configured for LDAP authentication and both of the following are true:
1. The CE searches its authentication cache to see if the user's IP address has been previously authenticated.
2. If a match is found, the CE allows the request to be serviced normally.
3. If no match is found in the first step, the CE examines the HTTP headers to find user information (contained in the Authorization header).
4. If no user information is provided, the CE returns a 401 (Unauthorized) message to the client.
5. The client resends the request, including the user information.
6. The CE sends a request to the LDAP server to find an entry for this user.
7. If the server finds a match, the CE allows the request to be serviced normally and stores the client's IP address in the authentication cache.
8. If no match is found, the CE again returns a 401 (Unauthorized) message to the client.
In transparent mode, the CE uses the client's IP address as a key for the authentication database.
If you are using LDAP user authentication in transparent mode, we recommend that the AuthTimeout interval configured with the ldap authcache auth-timeout command be short. IP addresses can be reallocated, or different users can access the Internet through an already authenticated device (PC, workstation, and the like). Shorter AuthTimeout values help reduce the possibility that individuals can gain access using previously authenticated devices. When the CE operates in proxy mode, it can authenticate the user with the user ID and password.
Allow Mode
Two LDAP servers can be specified with the ldap server host command to provide redundancy and improved throughput. CE load-balancing schemes distribute the requests to the servers.
If the CE cannot connect to either server, no authentication can take place. When the ldap server allow-mode command is invoked, the client is permitted access to the origin server if the LDAP server does not respond within the timeout interval specified with the ldap server timeout command. If allow mode is off (no ldap server allow-mode), users who have not been previously authenticated are denied access.
Security Options
The CE uses simple (nonencrypted) authentication to communicate with the LDAP server. Future expansion may allow for more security options based on SSL, SASL, or certificate-based authentication.
Domain Exclude
To exclude domains from LDAP authentication, define a no-auth rule. LDAP or Remote Authentication User Dial-in Service (RADIUS) authentication takes place only if the site requested does not match the specified pattern. See the "rule" section for more details.
LDAP and RADIUS Considerations
LDAP authentication can be used with Websense URL filtering, but not with RADIUS authentication. Both LDAP and RADIUS rely on different servers, which may require different user IDs and passwords, making RADIUS and LDAP authentication schemes mutually exclusive. Should both RADIUS and LDAP be configured on the CE at the same time, LDAP authentication is executed, not RADIUS authentication.
Hierarchical Caching
In some cases, users are located at branch offices. A CE (CE1) can reside with them in the branch office. Another CE (CE2) can reside upstream, with an LDAP server available to both CEs for user authentication.
Note The http append ldap-proxy-auth-header global configuration command must be configured on the downstream CEs to ensure that proxy-authorization information, required by upstream CEs, is not stripped from the HTTP request by the downstream CEs. |
If branch office user 1 accesses the Internet, and content is cached at CE1, then this content cannot be served to any other branch office user unless that user is authenticated. CE1 must authenticate the local users.
Assuming that both CE1 and CE2 are connected to the LDAP server and authenticate the users, when branch office user 2 firsts requests Internet content, CE1 responds to the request with an authentication failure response (either HTTP 407 if in proxy mode, or HTTP 401 if in transparent mode). User 2 enters the user ID and password, and the original request is repeated with the credentials included. CE1 contacts the LDAP server to authenticate user 2.
Assuming authentication success, and a cache miss, the request along with the credentials is forwarded to CE2. CE2 also contacts the LDAP server to authenticate user 2. Assuming success, CE2 either serves the request out of its cache or forwards the request to the origin server.
User 2 authentication information is now stored in the authentication cache in both CE1 and CE2. Neither CE1 nor CE2 needs to contact the LDAP server for user 2's subsequent requests (unless user 2's entry expires and is removed from the authentication cache).
This scenario assumes that CE1 and CE2 use the same method for authenticating users. Specifically, both CEs must expect the user credentials (user ID and password) to be encoded in the same way.
Hierarchical Caching in Transparent Mode
When the CE operates in transparent mode, the user's IP address is used as a key to the authentication cache. When user 2 sends a request transparently to CE1, after authentication, CE1 will insert its own IP address as the source for the request. Therefore, CE2 cannot use the source IP address as a key for the authentication cache.
When CE1 inserts its own IP address as the source, it must also insert an X-Forwarded-For header in the request (http append x-forwarded-for-header command). CE2 must first look for an X-Forwarded-For header. If one exists, that IP address must be used to search the authentication cache. Assuming the user is authenticated at CE2, then CE2 must not change the X-Forwarded-For header, just in case there is a transparent CE3 upstream.
In this scenario, if CE1 does not create an X-Forwarded-For header (for example, if it is not a Cisco CE and does not support this header), then authentication on CE2 will not work.
Hierarchical Caching, CE in Transparent Mode with an Upstream Proxy
In a topology with two CEs, assume that CE1 is operating in transparent mode and CE2 is operating in proxy mode, with the browsers of all users pointing to CE2 as a proxy.
Because the browsers are set up to send requests to a proxy, an HTTP 407 message is sent from CE1 back to each user to prompt for credentials. By using the 407 message, the problem of authenticating based on source IP address is avoided. The username and password can be used instead.
This mode provides better security than using the HTTP 401 message. The CE examines the style of the address to determine if there is an upstream proxy. If so, the CE uses an HTTP 407 message to prompt the user for credentials even when operating in transparent mode.
Authentication Cache Size Adjustments
If the authentication cache is not large enough to accommodate all authenticated users at the same time, the CE purges older entries that have not yet timed out.
The CE increments statistics that record these events. The show statistics ldap authcache command displays these statistics. When the authentication cache reaches 100 percent of capacity, a syslog message is generated. If the capacity stays at 100 percent, no new syslog messages are generated.
Another message is generated only if the capacity drops below 85 percent, and then returns to 100 percent. These syslog entries tell the administrator that the authentication cache size limit may need to be increased, assuming that enough system memory is available.
Transaction Logging
Once a user has been authenticated through LDAP, all transaction logs generated by the CE for that user contain user information. If the CE is acting in proxy mode, the user ID is included in the transaction logs. If the CE is acting in transparent mode, the user IP address is included instead.
If the transaction-logs sanitize command is invoked, the user information is suppressed.
Examples
Specify an LDAP server with IP address 1.1.1.1 on port 88.
Console(config)# ldap server host 1.1.1.1 port 88
To delete an LDAP server, use the no ldap server command.
Console(config)# no ldap server host 1.1.1.1
Specify that the CE should use header 407 when asking the end user for authentication credentials (user ID and password).
Console(config)# ldap client auth-header 407
Related Commands
show ldap
show statistics ldap
clear statistics ldap
debug ldap
To view a long list of directory names, use the lls EXEC command.
lls [directory]
Syntax Description
directory (Optional.) Name of the directory for which you want a long list of files.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
This command provides detailed information about files and subdirectories stored in the present working directory to be viewed (including size, date, time of creation, DOS name, and long name of the file). This information can also be viewed with the dir command.
Examples
Console# lls
Console# lls /local
size date time name LongName
------- ------- ------ ----------- --------------
512 Dec-31-1987 17:02:32 ETC <DIR> etc
512 Dec-31-1987 17:02:32 TFTPBOOT <DIR> tftpboot
512 Dec-31-1987 17:02:32 VAR <DIR> var
512 Jan-07-1988 09:47:52 LIB <DIR> lib
4385154 Apr-22-1999 12:25:36 CE25.PAX ce25.pax
4 DIR(S), 3 FILE(S) 11192642 bytes
2125922304 bytes AVAILABLE ON VOLUME /c0t0d0s1
Related Commands Related Cands
dir
ls
To configure system logging, use the logging global configuration command. To disable logging functions, use the no form of this command.
logging {{hostname | ip-address} | console loglevels | disk filename loglevels | event-export events loglevels facility | facility facility | on | recycle size | trap loglevels}
Syntax Description
hostname Specifies syslog server host name. ip-address Specifies syslog server IP address. console Sets console logging level. Loglevels Use one of these keywords: Immediate action needed. Immediate action needed. Debugging messages. System is unusable. Error conditions. Informational messages. Normal but significant conditions. Warning conditions. disk Stores log in a file. filename Name of the log file. event-export Syslog event export configuration. Events Use one of these keywords: Exports critical events. Exports notice events. Tracks URLs to syslog. Exports warning events. Facility Use one of these keywords: Authorization system. Cron. System daemons. Kernel. Local use. Local use. Local use. Local use. Local use. Local use. Local use. Local use. Line printer system. USENET news. Mail system. Syslog itself. User process. UUCP system. facility Facility parameter for syslog messages. on Enables logging to all destinations. recycle Overwrites syslog.txt when it surpasses the recycle size. size Size of syslog file in bytes (1-50000000). trap Sets syslog server logging level.
Defaults
Logging: On
Priority of message for console: Warning
Priority of message for file: Debugging
Log file: /local/var/log/syslog.txt
Log file recycle size: 5,000,000 bytes
Command Modes
Global configuration
Usage Guidelines
Use this command to set specific parameters of the system log file. System logging is always enabled internally. The system log file is located on the dosfs partition as /local/var/log/syslog.txt. To configure the CE to send varying levels of event messages to an external syslog host, use the logging hostname command. Logging can be configured to send various levels of messages to the console using the logging console loglevels command. It can also be configured to export event messages using the logging event-export events command.
Examples
Console(config)# logging console warnings
Console(config)# no logging console warnings
To view a list of files or subdirectory names within a dosfs directory, use the ls EXEC command.
ls [directory]
Syntax Description
directory (Optional.) Name of the directory for which you want a list of files.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
To list the filenames and subdirectories within a particular directory, use the ls directory command; to list the filenames and subdirectories of the current working directory, use the ls command. To view the present working directory, use the pwd command.
Examples
Console# ls /local
etc
tftpboot
var
lib
ce25.pax
2125922304 bytes AVAILABLE ON VOLUME /c0t0d0s1
Related Commands
dir
lls
pwd
To alter default settings of the memory file system (mfs), use the mfs EXEC command.
mfs {clear [force] | mount [size [objects]] | sync | unmount}
Syntax Description
clear Deletes all objects from the mfs volume. force (Optional.) Forcefully deletes all objects from the memory file system. mount Mounts the memory file system. size Maximum size of the memory file system in megabytes (1-1000). objects (Optional.) Maximum number of objects in the memory file system (1-1000000). sync Saves memory file system objects to the cache file system (cfs). unmount Unmounts the memory file system.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
The memory file system cannot be configured with the GUI.
Examples
The example defines the memory file system to use 1 megabyte of memory and to contain no more than 22222 objects.
CE# mfs mount 1 22222
Related Commands
cfs
show mfs statistics
To create a directory, use the mkdir EXEC command.
mkdir directory
Syntax Description
directory Name of the directory to create.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to create a new directory or subdirectory in the CE file system.
Examples
Console# mkdir /oldpaxfiles
Related Commands
dir
lls
ls
pwd
rmdir
To create a new file, use the mkfile EXEC command.
mkfile filename
Syntax Description
filename Name of the file you want to create.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to create a new file in any directory of the CE.
Examples
Console# mkfile traceinfo
Related Commands
lls
ls
mkdir
To negate a command or set its defaults, use the no interface configuration command.
no {autosense | bandwidth | fullduplex | halfduplex | ip}
Syntax Description
autosense Autosense capability on an interface. bandwidth Interface speed. fullduplex Full-duplex interface. halfduplex Half-duplex interface. ip Interface Internet Protocol (IP) configuration commands.
Defaults
No default behavior or values
Command Modes
Interface configuration
Usage Guidelines
Use this command to negate an interface configuration mode command or to set its defaults. See the "Interface Configuration Commands" section of Chapter 1 for syntax options and descriptions.
Examples
Console(config-if)# no autosense
To undo a global configuration command or set its defaults, use the no form of a command to undo the original command.
no command
Syntax Description
command authentication Configures authentication. bypass Configures bypass. clock Configures time-of-day clock. cron cron commands. dns-cache Configures DNS cache. end Exit configuration mode. error-handling Customizes how CE should handle errors. exception Exception handling. exec-timeout Configures EXEC timeout. exit Exit configuration mode. ftp Configures FTP caching related parameters. gui-server Configures GUI server. hostname Configures the system's network name. http Configures HTTP-related parameters. https Configures HTTPS-related parameters. icp Configures Internet Cache Protocol parameters. inetd Configures inetd. interface Configures an Ethernet or SCSI interface. ip Internet Protocol configuration commands. ldap Configures LDAP. logging Configures system logging (syslog). ntp Configures Network Time Protocol (NTP). proxy-protocols Configures proxy protocols-related parameters. radius-server Configures RADIUS authentication. rule Configures rules. snmp-server Configures SNMP. tacacs Configures TACACS+ authentication. tcp Configures TCP parameters. terminal Current Terminal commands. tftp-server Configures TFTP server. transaction-logs Configures transaction logging. trusted-host Configures a trusted host. url-filter Configures URL filtering. wccp Configures Web Cache Coordination Protocol.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Use the no command to disable functions or negate a command. If you need to negate a specific command, such as the default gateway IP address, you must include the specific string in your command, such as no ip default-gateway ip-address.
Examples
Console(config)# wccp version 2
Console(config)# no wccp version 2
To disable the debugging functions, use the no debug EXEC command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
We recommend that the debug commands be used only at the direction of Cisco Systems technical support personnel.
Related Commands
debug
show debug
undebug
To configure the Network Time Protocol (NTP) and to allow the system clock to be synchronized by a time server, use the ntp server global configuration command. To disable this function, use the no form of this command.
ntp server {hostname | ip-address}
Syntax Description
hostname Host name of the time server providing the clock synchronization (maximum of four NTP servers). ip-address IP address of the time server providing the clock synchronization (maximum of four NTP servers).
Defaults
The default NTP version number is 3.
Command Modes
Global configuration
Usage Guidelines
Use this command to synchronize the CE clock with the specified server.
Examples
Console(config)# ntp server 172.16.22.44
Console(config)# no ntp server 172.16.22.44
Related Commands
clock
show clock
show ntp
To set the software clock (time and date) using a Network Time Protocol (NTP) server, use the ntpdate EXEC command.
ntpdate {hostname | ip-address}
Syntax Description
hostname NTP host name. ip-address NTP server IP address.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use NTP to find the current time of day and set the CE current time to match. The time must be saved to the hardware clock using the clock save command if it is to be restored after a reload.
Examples
Console# ntpdate 10.11.23.40
Related Commands
clock clear
clock save
clock set
show clock
To send echo packets for diagnosing basic network connectivity on networks, use the ping (packet internet groper) EXEC command.
ping {hostname | ip-address}
Syntax Description
hostname Host name of system to ping. ip-address IP address of system to ping.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
To use this command with the hostname argument, be sure DNS functionality is configured on your CE. To force the timeout of a nonresponsive host, or to eliminate a loop cycle, enter Ctrl-C.
Examples
Console# ping mycacheengine
To specify domain names, host names, or IP addresses to be excluded from proxy forwarding, use the proxy-protocols global configuration command.
proxy-protocols {outgoing-proxy exclude {domains-only | enable | list word} | transparent {default-server | original-proxy}}
Syntax Description
outgoing-proxy exclude Sets global outgoing proxy exclude criteria. domains-only Excludes only the domain names defined by the list option. enable Enables global outgoing proxy exceptions. list Sets the global outgoing proxy exclude list. word Domain names, host names, or IP addresses to be excluded from proxy forwarding. transparent Sets transparent mode behavior for proxy requests. default-server Uses the CE to go to the origin server or the outgoing proxy, original-proxy Uses the intended proxy server from the original request.
if configured.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
When you enter the proxy-protocols transparent default-server global configuration command, the CE forwards intercepted HTTP and HTTPS proxy-style requests to the outgoing HTTP or HTTPS proxy server, if one is configured. If no outgoing proxy server is configured for the protocol, the request is serviced by the CE and the origin server.
The proxy-protocols transparent original-proxy global configuration option specifies that requests sent by a Web client to another proxy server, but intercepted by the CE in transparent mode, be directed back to the intended proxy server.
The proxy-protocols outgoing-proxy exclude global configuration options allow the administator to specify domain names, host names, or IP addresses to be globally excluded from proxy forwarding. Domains are entered as an ASCII string, separated by spaces. The wildcard character * (asterisk) can be used for IP addresses (for instance, 174.12.*.*). Only one exclusion can be entered per command line. Enter successive command lines to specify multiple exclusions.
Examples
The following example configures the CE to forward intercepted HTTPS proxy-style requests to an outgoing proxy server. The domain names cisco.com, cruzio.com, and the IP addresses 174.12.*.* are excluded from proxy forwarding. The show proxy-protocols command verifies the configuration.
CE(config)# https proxy outgoing host 174.10.10.10 266
CE(config)# proxy-protocols transparent default-server
CE(config)# proxy-protocols outgoing-proxy exclude enable
CE(config)# proxy-protocols outgoing-proxy exclude list cisco.com
CE(config)# proxy-protocols outgoing-proxy exclude list 174.12.*.*
CE(config)# proxy-protocols outgoing-proxy exclude list cruzio.com
CE# show proxy-protocols all
Transparent mode forwarding policies: default server
Global outgoing proxy exclude list is enabled
Global outgoing proxy exclude list:
cisco.com
cruzio.com
174.12.24.24
Excluding only the domain names on the list is disabled.
The following example configures the CE to forward intercepted HTTP proxy-style requests to the
intended proxy server.
CE(config)# proxy-protocols transparent original-proxy
Related Commands
http proxy outgoing
https proxy outgoing
show proxy-protocols
To show the current directory, use the pwd EXEC command.
pwdSyntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Usage Guidelines
Use this command to display the present working directory of the CE.
Examples
Console# pwd
Examples
cd
dir
lls
ls
To configure Remote Authentication Dial-in User Services (RADIUS) parameters, use the radius global configuration command. To disable RADIUS authentication parameters, use the no form of this command.
radius-server {auth-timeout value | exclude {enable | list domainlist} | host {hostname | hostipaddr} [auth-port port] | key keyword | retransmit retries | timeout seconds}
Syntax Description
auth-timeout Configures RADIUS authentication timeout. value Authentication timeout value in minutes (1-1440). Default is 20. exclude Excludes local domains (selective authentication). enable Enables selective authentication feature. list Specifies domains to be excluded from RADIUS authentication. domainlist Domain name or IP address. host Specifies a RADIUS server. hostname Host name of RADIUS server. hostipaddr IP address of RADIUS server. auth-port Specifies UDP port for RADIUS authentication server. port Port number (1-65535). key Encryption key shared with the RADIUS servers. keyword Text of shared key (15 characters maximum). retransmit Specifies the number of transmission attempts to an active server. retries Number of transmission attempts for a transaction (1-100). Default is 3. timeout Time to wait for a RADIUS server to reply. seconds Wait time in seconds (1-1000). Default is 5 seconds.
Default is 1645.
Defaults
See the corresponding parameter description for default values.
Command Modes
Global configuration
Usage Guidelines
RADIUS authentication clients reside on Cisco CEs. When enabled, these clients send authentication requests to a central RADIUS server, which contains all user authentication and network service access information. Selective RADIUS authentication allows users to access intranet servers without requiring authentication, and can limit RADIUS authentication to those users that access external Web servers.
Selective RADIUS Authentication
Users can specify an exclusion list of IP addresses or domain names (in the form mydomain.com) for which the CE will not perform RADIUS authentication. The maximum number of excluded domains is 64. The selective RADIUS authentication feature can be disabled without deleting the domains.
Examples
Console(config)# radius server 172.16.90.121 70 password enable
Console(config)# no radius server 172.16.90.121 70 password enable
Console# show radius
Radius Authentication is on
Timeout = 5 seconds
AuthTimeout = 20 minutes
Retransmit = 3
Key = ****
Servers
-------
IP 1.1.1.1, Port = 1645 State: ENABLED
Selective Authentication is off.
Console(config)# radius exclude enable
Console# show radius
Radius Authentication is on
Timeout = 5 seconds
AuthTimeout = 20 minutes
Retransmit = 3
Key = ****
Servers
-------
IP 1.1.1.1, Port = 1645 State: ENABLED
Selective Authentication is on.
Local domains to be excluded from Radius Authentication: None.
CE(config)# radius exclude list cisco.com
CE(config)# radius exclude list 171.69.236.202
CE# show radius
Radius Authentication is on
Timeout = 5 seconds
AuthTimeout = 20 minutes
Retransmit = 3
Key = Vash
Servers
-------
IP 1.1.1.1, Port = 1645 State: ENABLED
Selective Authentication is on.
Local domains to be excluded from Radius Authentication:
cisco.com
176.63.236.202
Console(config)# no radius exclude list cisco.com
Console(config)# no radius exclude enable
To halt and perform a cold restart on your CE, use the reload EXEC command.
reloadSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
To reboot the CE, use the reload command. If no configurations are saved to Flash memory, you will be prompted to enter configuration parameters upon restart. Any open connections will be dropped after you issue this command, and the file system will be reformatted upon restart. To save any file system contents to disk from memory before a restart, use the cache sync command.
Examples
Console# reload
Related Commands
cache sync
write
write erase
To rename a file on your CE, use the rename EXEC command.
rename sourcefile destinationfile
Syntax Description
sourcefile Source file or path name of the file you want to rename. destinationfile Destination file or path name of the new file.
Command Modes
EXEC
Usage Guidelines
Use this command to rename any file within the CE.
Examples
Console# rename ce25.pax ce6399.pax
Related Commands
cpfile
To delete a directory, use the rmdir EXEC command.
rmdir directory
Syntax Description
directory Name of the directory you want to delete.
Command Modes
EXEC
Usage Guidelines
Use this command to remove any directory from the CE file system. The rmdir command removes empty directories only.
Examples
Console# rmdir /local/oldpaxfiles
Related Commands
lls
ls
mkdir
Use the rule global configuration command to set the rules by which the CE filters Web traffic.
rule {block options | enable | no-auth options | no-cache options | no-proxy options | refresh options | selective-cache options | use-proxy options}
Syntax Description
enable Enables rules processing. block ActionBlocks the request. no-auth ActionDoes not authenticate. no-cache ActionDoes not cache the object. no-proxy ActionDoes not use any upstream proxy. refresh ActionRevalidates the object with the Web server. selective-cache ActionCaches this object if permitted by HTTP. use-proxy ActionUses a specific upstream proxy. hostname Host name of the specific proxy. ipaddress IP address of the specific proxy. port Port number of the specific proxy (1-65535). failover Specifies use of failover proxy server if host at hostname or ipaddress is unavailable. domain Pattern typeRegular expression to match the domain name. dst-ip Pattern typeDestination IP address of the request. d_ipaddress Destination IP address of the request. d_subnet Destination IP subnet mask. dst-port Pattern typeDestination port number. port Destination port number (1-65535). mime-type Pattern typeMIME type to be matched with the Content-Type HTTP header. src-ip Pattern typeSource IP address of the request. s_ipaddress Source IP address of the request. s_subnet Source IP subnet mask. url-regex Pattern typeRegular expression to match a substring of the URL. LINE PatternRegular expression.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
A rule is a pattern and an action. If an HTTP request matches the pattern, the corresponding action is performed on the request.
A pattern defines the limits of an HTTP request; for instance, a pattern may specify that the source IP address fall in the subnet range 172.69.*.*.
An action is something the CE performs when processing an HTTP request, for instance, blocking the request, using an alternative proxy, and so forth.
Rules can be dynamically added, displayed, or deleted from the CE. The rules are preserved across reboots because they are written into persistent storage such as NVRAM. Only the system resources limit the number of rules the CE can support. Because rules consume resources, the more rules there are defined, the more CE performance may be affected.
Actions
The Rules Template feature supports eight actions as follows:
Note The commands rule no-proxy and rule use-proxy take precedence over http proxy outgoing. |
Rules are ORed together. Multiple rules may all match a request; then all actions are taken, with precedence among conflicting actions. Each rule contains one pattern; patterns cannot be ANDed together. In future releases, ANDed patterns may be supported.
Note Because the MIME type exists only in the response, only the actions refresh, no-cache, and selective-cache apply to a rule of MIME type. |
It is possible to circumvent some rules. For example, to circumvent a rule with the domain pattern, just enter the Web server's IP address instead of the domain name in the browser. A rule may have unintended effects. For instance, a rule with the domain pattern specified as "ibm" that is intended to match "www.ibm.com" can also match domain names like www.ribman.com.
A src-ip rule may not apply as intended to requests that are received from another proxy because the original client IP address is in an X-fowarded-for header.
Patterns
The Rules template feature supports six types of patterns, with the following names and functions.
Note In regular expression syntax, the dollar sign "$" metacharacter directs that a match is made only when the pattern is found at the end of a line. |
Examples
Multiple patterns can be input on the same line. If any of them matches the incoming HTTP request, the corresponding action is taken.
Console(config)# rule block domain \.foo.com ?
LINE <cr>
Console(config)# rule block domain \.foo.com bar.com
Console(config)#
Console(config)# rule no-cache url-regex \.*cgi-bin.* ?
LINE <cr>
Console(config)# rule no-cache url-regex \.*cgi-bin.*
Console(config)#
Console(config)# rule no-cache dst-ip 172.77.120.0 255.255.192.0
Most actions do not have any parameters, as in the preceding examples. One exception is use-proxy, as in the following example.
Console(config)# rule use-proxy ?
Hostname or A.B.C.D. IP address of the specific proxy
Console(config)# rule use-proxy CE.foo.com ?
<1-65535> Port number of the specific proxy
Console(config)# rule use-proxy CE.foo.com 8080 ?
domain Regular expression to match with the domain name
dst-ip Destination IP address of the request
dst-port Destination port number
src-ip Source IP address of the request
url-regex Regular expression to substring match with the URL
Console(config)# rule use-proxy CE.foo.com 8080 url-regex ?
LINE Regular expression to substring match with the URL
Console(config)# rule use-proxy CE.foo.com 8080 url-regex .*\.jpg$ ?
LINE <cr>
Console(config)# rule use-proxy CE.foo.com 8080 url-regex .*\.jpg$ .*\.gif$ .*\.pdf$
Console(config)#
Other branches of the rule command work similarly to the above examples.
To delete rules, use no in front of the rule creation command.
Console(config)#no rule block url-regex .*\.jpg$ .*\.gif$ .*\.pdf$
Console(config)#
Related Commands
bypass static
clear statistics rule
http proxy outgoing
proxy-protocols outgoing exclude
show rule
show statistics rule
url-filter
To display the Address Resolution Protocol (ARP) table, use the show arp EXEC command.
show arpSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show arp
LINK LEVEL ARP TABLE
destination gateway flags Refcnt Use Interface
171.69.227.129 00:e0:b0:e2:6d:a2 405 1 0 fei0
Console#
To display the current Terminal Access Controller Access Control System Plus (TACACS+) current authentication and authorization configuration, use the show authentication command.
show authenticationSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show authentication
Login Authentication: Console/Telnet Session
----------------------------- -----------------------
local enabled
tacacs enabled (primary)
Configuration Authentication: Console/Telnet Session
----------------------------- -----------------------
local enabled
tacacs enabled
To display bypass configuration information, use the show bypass EXEC command.
show bypass [list] [statistics {auth-traffic | load}] [summary]
Syntax Description
list (Optional.) Displays bypass list entries. statistics (Optional.) Shows IP bypass statistics. auth-traffic Displays authenticated traffic bypass statistics. load Displays load bypass statistics. summary (Optional.) Displays a summary of bypass information.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show bypass
Total number of HTTP connections bypassed = 3
Connections bypassed due to system overload = 0
Connections bypassed due to authentication issues = 3
Connections bypassed to facilitate error transparency = 0
Connections bypassed due to static configuration = 0
Total number of entries in the bypass list = 2
Number of Authentication bypass entries = 0
Number of Error bypass entries = 0
Number of Static Configuration entries = 2
Console# show bypass list
Client Server Entry type
------ ------ ----------
171.11.11.11:0 any-server:0 static-config
any-client:0 171.23.23.23:0 static-config
To view information about your cache file system, use the show cfs EXEC command.
show cfs {statistics | volumes}
Syntax Description
statistics Displays the cache file system statistics. volumes Displays the cache file system volumes.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show cfs statistics
Filesystem Statistics for volume /c0t0d0s3 Status: mounted
Data Bytes Max 6815947 KB
Data Bytes Used 39 KB ( 0% full)
Disk Wraps 0
Inode Hits 0
Inode Misses 0
CFS Read error 0
CFS Write error 0
Inode Load error 0
Attribute Load error 0
CFS Object Truncations 0
Truncated CFS Object Flushes 0
Volume Clears 0
Mount time Thu Mar 2 09:23:46 2000
Filesystem Statistics for volume /c0t1d0s3 Status: mounted
Data Bytes Max 6815947 KB
Data Bytes Used 9 KB ( 0% full)
Disk Wraps 0
Inode Hits 0
Inode Misses 0
CFS Read error 0
CFS Write error 0
Inode Load error 0
Attribute Load error 0
CFS Object Truncations 0
Truncated CFS Object Flushes 0
Volume Clears 0
Mount time Thu Mar 2 09:23:47 2000
Console#
Console# show cfs volumes
/c0t0d0s3: mounted
/c0t1d0s3: mounted
Related Commands
cfs
show disks
show dosfs
To display the system clock, use the show clock EXEC command.
show clock [detail]
Syntax Description
detail (Optional.) Displays detailed information; indicates the clock source (NTP) and the current summertime setting (if any).
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show clock
Wed Apr 28 20:52:48 1999 GMT
Console# show clock detail
Tue Jun 1 14:48:18 1999 GMT
Tue Jun 1 07:48:18 1999 LocalTime
Epoch: 928248498 seconds
UTC offset: -25200 seconds (-7 hr 0 min)
timezone: PST
summerzone: PDT
summer offset: 0 minutes
daylight: summer
Related Commands
clock clear
clock save
clock set
To display cron information, use the show cron EXEC command.
show cronSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show cron
==CRON Configuration==
CRON tab file: /local/etc/crontab
Legend 1: min hr day-of-mon mon day-of-wk tclsh script-name
Legend 2: min hr day-of-mon mon day-of-wk tcl tcl-cmd
Sample: 0 5 * * * tclsh /local/test.tcl
Crontab for user: "root"
Id Type Source Entry
1 log_recycle api 0 * * * * tclsh /local/lib/tcl/recycle.tcl 50000
00 /local/var/log/syslog.txt
To display the state of each debugging option, use the show debugging EXEC command.
show debuggingSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
This command only displays the type of debugging enabled, not the specific subset of the command. For example, it shows that ICP debugging is enabled but does not define whether that debugging is monitoring ICP client or server packet transfer.
Examples
Console# debug icp client trace
Console# show debugging
icp debugging is on
Related Commands
debug
no debug
undebug
To view information about your disk partitions, use the show disk-partitions EXEC command.
show disk-partitions devname
Syntax Description
devname Device name.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to display partition information about a particular disk. The command show disks displays the names of the disks currently attached to the CE.
Examples
console# show disk-partitions /c0t0d0
Disk size : 17836668 sectors
Partition 1: CISCO_UVFAT_1, offset 63 sectors, size 4192902 sectors
Partition 2: CISCO_BFS_1, offset 4192975 sectors, size 1024 sectors
Partition 3: CISCO_CFS_1, offset 4194009 sectors, size 13642648 sectors
Partition 4: UNUSED, offset 0 sectors, size 0 sectors
Related Commands
disk partition
disk prepare
show disks
To view information about your disks, use the show disks EXEC command.
show disksSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
The show disks command displays the names of the disks currently attached to the CE. You can partition a disk using the disk partition command.
Examples
Console# show disks
/c0t0d0 (scsi bus 0, unit 0, lun 0)
/c0t1d0 (scsi bus 0, unit 1, lun 0)
Related Commands
disk partition
disk prepare
show disk-partitions
To display DNS cache information, use the show dns-cache EXEC command.
show dns-cacheSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show dns-cache
DNS cache status : CONFIGURED and ONLINE
Max cache size : 16384
Hash table size : 4093
To display a number of system events by category, use the show events EXEC command.
show events number {all | critical | notice | warning}
Syntax Description
number Number of events to display (1 to 65535). all Shows all events. critical Shows critical events. notice Shows notice events. warning Shows warning events.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to show the chosen number of events by category.
Examples
Console# show events 10 notice
Notice: Waiting for admin traffic on port 8001
Thu, 01 Mar 2000 00:00:10 GMT
Notice: Waiting for Web traffic on port 80
Thu, 01 Mar 2000 00:00:09 GMT
Notice: Waiting for Web Proxy traffic on port 8080
Thu, 01 Mar 2000 00:00:10 GMT
Notice: Waiting for admin traffic on port 8001
Thu, 01 Mar 2000 00:00:10 GMT
Notice: Waiting for Web traffic on port 80
cepro#
To display information about the CE file descriptors, use the show file-descriptors EXEC command.
show file-descriptorsSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show file-descriptors
fd name drv
4 /tyCo/0 1 in out err
9 (socket) 6
10 (socket) 6
11 (socket) 6
12 (socket) 6
15 (socket) 6
18 /pipe/ring 2
19 /pipe/log 2
20 /c0t0d0s1/_uv_acl_.db 3
21 /raw0 5
22 /raw1 5
23 /raw2 5
24 /raw3 5
25 /raw4 5
26 /raw5 5
27 /raw6 5
28 /raw7 5
29 /null 0
36 (socket) 6
37 (socket) 6
38 /local/events.dat 4
39 /local/radius.dat 4
50 (socket) 6
To display the Flash memory content, such as file code names, version numbers, and sizes, use the
show flash EXEC command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show flash
System flash directory:
File Length Name/status
1 1198448 system image
[655360 read only, 1460592 bytes used, 5944976 available, 8388608 total]
To display the configuration of the File Transfer Protocol (FTP) on the CE, use the show ftp command.
show ftpSyntax Description
The show ftp command has no keywords or options.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show ftp
FTP heuristic age-multipliers: directory-listing 30% file 60%
Maximum time to live in days : directory-listing 3 file 7
Minimum time to live in minutes: 60
No objects are revalidated on every request.
Serve-IMS without revalidation if...
Directory listing object is less than 50% of max age
File object is less than 80% of max age
Incoming Proxy-Mode:
Servicing Proxy mode FTP connections on ports: 22 23 88 66 48 488 449 90
Outgoing Proxy-Mode:
Not using outgoing proxy mode.
Maximum size of a cachable object is unlimited.
Console#
Related Commands
ftp
show statistics ftp
To display the current port assignment and operational status of the management interface GUI server, use the show gui-server command.
show gui-serverSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show gui-server
GUI Server is enabled
Listen on port 8001
Related Commands
gui-server
To display system hardware status, use the show hardware EXEC command.
show hardwareSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show hardware
Cisco Cache Engine
Copyright (c) 1986-2000 by Cisco Systems, Inc.
Image text-base 0x108000, data_base 0x425a5c
System restarted by Power Up
The system has been up for 19 hours, 43 minutes, 21 seconds.
System booted from fei
Cisco Cache Engine CE505 with CPU AMD-K6 (model 7) (rev. 0) AuthenticAMD
2 Ethernet/IEEE 802.3 interfaces
1 Console interface.
134213632 bytes of Physical Memory
131072 bytes of ROM memory.
8388608 bytes of flash memory.
Related Commands
show version
To view the hosts on your CE, use the show hosts EXEC command.
show hostsSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show hosts
Domain name = cisco.com
Name Servers:
-----------
10.2.2.3
172.89.2.111
Host Table:
hostname inet address aliases
-------- ------------ -------
localhost 172.0.1.5
Console 172.89.117.254
To display the HTTP-related caching parameters, use the show http EXEC command.
show http {age-mult | all | append | authenticate-strip-ntlm | cache-authenticated | cache-cookies | cache-miss | cache-on-abort | cluster | object | persistent-connections | proxy | reval-each-request | serve-ims | ttl}
Syntax Description
age-mult HTTP/1.0 caching heuristic modifiers. all All HTTP-related caching parameters. append Shows HTTP headers appended by CE. authenticate-strip-ntlm Handling of requests with NT LAN Manager (NTLM) authentication headers. cache-authenticated Caching of authenticated Web objects. cache-cookies Caching of Web objects with associated cookies. cache-miss Handling of no-cache requests. cache-on-abort Configuration of cache-on-abort parameters. cluster Cluster healing configuration. object Configuration of HTTP object. persistent-connections Persistent connections configuration. proxy Proxy mode configuration. reval-each-request Configuration of revalidation for every request. serve-ims Handling of if-modified-since requests. ttl Time To Live for objects in the cache.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show http proxy
Incoming Proxy-Mode:
Servicing Proxy mode HTTP connections on ports: 8080
Outgoing Proxy-Mode:
Primary proxy server: 10.1.1.1 port 1 Failed
Backup proxy servers: 172.31.227.111 port 8080
Monitor Interval for Outgoing Proxy Servers is 10 seconds
Use of Origin Server upon Proxy Failures is enabled.
To display HTTPS proxy status and port policies, use the show https command.
show https {all | destination-port | proxy}
Syntax Description
all All HTTPS-related configuration parameters. destination-port Destination port restrictions. proxy Proxy mode configuration.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show https all
Incoming HTTPS proxy:
Not servicing incoming proxy mode connections.
Outgoing HTTPS proxy:
Directing request to proxy server at 1.1.1.1 port 76.
Destination port policies:
Allow all
Allow 111 222 333
Allow 33 44
Deny all
Deny 20
Deny 20 21 23 119
Related Commands
proxy-protocols
show statistics https
To display the ICP client, root, or server information, use the show icp EXEC command.
show icp {client | root | server}
Syntax Description
client Shows ICP client detailed information. root Shows ICP brief client/server information. server Shows ICP server detailed information.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show icp client
ICP client is disabled
max wait for replies = 2 seconds
remove from wait list after 20 failures
local_domain "google.com,cruzio.com"
Number of remote servers = 0
Related Commands
icp client
icp server
To display TCP/IP services that include echo, discard, chargen, FTP, RCP, Telnet, and TFTP, use the show inetd EXEC command.
show inetdSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show inetd
Inetd task ID: 7fbc400
Inetd running configuration:
Service Port Proto Func Max Live Total Acpt Rej Stck Lock
echo 7 tcp 1d863c 0 0 0 0 0 2048 0
echo 7 udp 1d86dc 0 0 0 0 0 2048 0
discard 9 tcp 1d875c 0 0 0 0 0 2048 0
discard 9 udp 1d87cc 0 0 0 0 0 2048 0
chargen 19 tcp 1d884c 0 0 0 0 0 2048 0
chargen 19 udp 1d88fc 0 0 0 0 0 2048 0
ftp 21 tcp 2b9df0 10 0 0 0 0 4096 0
rcp 514 tcp 1ec45c 5 0 0 0 0 4096 0
tftp 69 udp 2bdf2c 5 0 0 0 0 12288 0
telnet 23 tcp 2b81f0 3 0 0 0 0 4096 0
Related Commands
inetd
To display hardware interfaces, use the show interface EXEC command.
show interface {ethernet number | scsi number}
Syntax Description
ethernet Ethernet interface device. number Ethernet interface number. scsi SCSI interface device. number SCSI interface number.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show interface scsi 0
Max Transfer Size: 16777215
Sync: yes
Disconnect: yes
Wide: yes
Console# show interface ethernet 0
fei (unit number 0):
Flags: (0x8063) UP BROADCAST MULTICAST ARP RUNNING
Type: ETHERNET_CSMACD
Internet address: 172.33.211.222
Broadcast address: 172.33.227.225
Netmask 0xffff0000 Subnetmask 0xffffff80
Ethernet address is 00:50:0f:0d:23:06
Maximum Transfer Unit size: 1500
Address Length: 6
Header Length: 14
Metric: 0
Baudrate: 0
Packets Received: 800
Input Errors: 0
Packets Sent: 567
Output Errors: 0
Collisions: 0
Bytes Received: 52754
Bytes Sent: 46678
Multicast Packets Received: 217
Multicast Packets Sent: 0
Received Packets Dropped: 0
Packets with Unknown Protocol: 0
Last Input/Output (ticks): 92746
Line speed: 100Mbit per sec. Duplex: full (AutoSensed)
Hardware statistical counters:
Current Total
------- -----
Tx good frames: 60 570
Tx MAXCOL errors: 0 0
Tx LATECOL errors: 0 0
Tx underrun errors: 0 0
Tx lost CRS errors: 0 0
Tx deferred: 0 0
Tx single collisions: 0 0
Tx multiple collisions: 0 0
Tx total collisions: 0 0
Rx good frames: 135 1725
Rx CRC errors: 0 0
Rx alignment errors: 0 0
Rx resource errors: 0 0
Rx overrun errors: 0 0
Rx collision detect errors: 0 0
Rx short frame errors: 0 0
(current values are polled and cleared for each display)
Related Commands
interface
To display the IP routing table, use the show ip routes EXEC command.
show ip routes
Syntax Description
routes Displays routing table.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show ip routes
Destination Mask TOS Gateway Flags RefCnt Use IntFace Proto
----------------------------------------------------------------------------
0.0.0.0 0.0.0.0 0 172.79.27.12 3 2 983 fei0 1
125.0.0.1 0.0.0.0 0 127.0.0.1 5 0 0 lo 0 0
172.79.22.12 255.255.255.1 172.79.27.200 101 0 0 fei0 0
----------------------------------------------------------------------------
Related Commands
ip route
no ip route
To show LDAP server and authentication cache information, use the show ldap EXEC command.
show ldap {authcache | server}
Syntax Description
authcache Displays the contents of the CE LDAP authentication cache. server Displays LDAP server information.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
To display the contents of the authentication cache, use the show ldap authcache command.
Console# show ldap authcache
AuthCache
=====================
hash 914 : uid: admin nBkt: 0x0 nLRU: 0x0 pLRU: 0x0
lacc: 964025922 ipAddr: a44247ab keyTp: 1
To display the LDAP configuration options of the CE, use the show ldap server command.
Console# show ldap server
LDAP Configuration:
------------------
LDAP Authentication is on
Timeout = 5 seconds
AuthTimeout = 480 minutes
Retransmit = 3
UserID-Attribute = uid
Filter =
Base = ""
AllowMode = ENABLED
----------------------
Servers
-------
IP 1.1.1.1, Port = 88, State: ENABLED
Related Commands
clear statistics ldap
ldap
show statistics ldap
To display the system message log configuration, use the show logging EXEC command.
show loggingSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show logging
Syslog logging: enabled
Console logging: level warning
Trap logging: disabled
Disk logging: level debug
Logging to /local/var/log/syslog.txt, recycle size 5000000
Event export:
Critical events are exported to syslog
To display memory blocks and statistics, use the show memory EXEC command.
show memory [free]
Syntax Description
free (Optional.) Shows free blocks of memory.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show memory free
SUMMARY:
status bytes blocks avg block max block
------ --------- -------- ---------- ----------
current
free 4374032 12 364502 4359952
alloc 125199608 514 243579 -
cumulative
alloc 125341720 1336 93818 -
Page Freelist Summary:
status pagesz pages avg contig pages max contig pages
------ ------ ------- ---------------- ----------------
free 4096 15346 3069 15300
Use the show mfs command to display the statistics and status information of the memory file system.
show mfs statistics
Syntax Description
statistics Displays memory file system statistics.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show mfs statistics
Filesystem Statistics for volume MFS Status: mounted
Data Bytes Max 0 KB
Data Bytes Used 0 KB
Inode Hits 0
Inode Misses 0
MFS Read error 0
MFS Write error 0
MFS Object Truncations 0
Volume Clears 0
Volume Syncs 1
Mount time Wed Jul 19 08:56:48 2000
Related Commands
mfs
show cfs statistics
To display the Network Time Protocol (NTP) parameters, use the show ntp EXEC command.
show ntp status
Syntax Description
status NTP status.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show ntp status
NTP subsystem
-------------
servers:
Related Commands
ntp
clock set
clock timezone
To display CPU or memory processes, use the show processes EXEC command.
show processes [cpu | memory]
Syntax Description
cpu (Optional.) CPU utilization. memory (Optional.) Memory allocation of information.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show processes cpu
Current CPU Percentage = 0
Peak CPU Percentage = 22
Console# show processes memory
Pages:
page size pages free hiwat lowat total
--------- ------- ------ ------ ------ -------
4096 17720 14839 25103 2091 29535
Type:
bytes blocks sizes max byt tot blk pagw
--------- ------ ------- -------- ------- ----
unknown 1600 100 0x10 1616 104 0
fcache bufhdr 12800 100 0x80 12800 100 0
fcache buffer 614400 100 0x3000 614400 100 0
fcache IO 0 0 0x80 256 46 0
fcache phys 409984 14 0x12040 409984 14 0
confval 192 3 0x350 960 402 0
task 71280 270 0x210 71808 500 0
stack 1257472 135 0x1f800 1323008 250 0
DB misc 2048 2 0x400 2048 2 0
DB hashtab 1024 1 0x400 1024 1 0
DB open 128 1 0x80 128 1 0
DB bufhead 64 2 0x20 64 2 0
DB cache 8192 2 0x1000 8192 2 0
DB databuf 0 0 0xb0 160 244 0
DB api 32 1 0x60 96 123 0
--More--
Console# show processes
NAME ENTRY TID PRI STATUS PC SP ERRNO DELAY
---------- ------------ -------- --- ---------- -------- -------- ------- -----
tExcTask 3ca048 3a71aec 0 PEND 3fa981 3a71a5c 3006b 0
tLogTask 39a21c 3a6f1d4 0 PEND 3fa981 3a6ed3c 0 0
tWdbTask 3c46d4 161a18c 3 PEND 3c5a19 1619878 0 0
tScsiTask 3f5920 15ec514 5 PEND 3c5a19 15ec4b4 0 0
tF2000a 1260e8 7df1c00 25 PEND 3c5a19 7ddaf84 0 0
tF2000b 1260e8 7df1e00 25 PEND 3c5a19 7dc9f84 0 0
tF2001a 1260e8 7dc8e00 25 PEND 3c5a19 7507f84 0 0
tF2001b 1260e8 74f5000 25 PEND 3c5a19 74f6f84 0 0
tNetTask 3b201c 162a578 50 PEND 3c5a19 162a52c 41 0
tWCCP2 34e978 74eb200 60 PEND+T 3c5a19 74e8734 3d0004 27
tHotSpot 34b9b0 749a400 60 DELAY 39b996 74b1fa4 0 64
tDtimer 1214d8 7fb1000 75 DELAY 39b996 7f73fa8 0 7
tTtyUtil 264a18 74f5800 75 PEND 3fa981 74eef80 0 0
tOvrldDaemo281120 74a2400 75 PEND 3c5a19 749cfb0 0 0
tHealSrv 336340 74df000 75 PEND+T 3c5a19 74a870c 3d0004 2224
tCfsC000 244ed4 7dc8c00 98 PEND+T 3c5a19 7d93f58 3d0004 210
tCfsC001 244ed4 74f5400 98 PEND+T 3c5a19 74f3f58 3d0004 266
tCfsV000 224a4c 7dc8200 99 PEND+T 3c5a19 7d82f74 3d0004 150
tCfsT000 224d1c 7dc8400 99 PEND 3c5a19 794cfa4 0 0
--More--
To display current global outgoing proxy exclude status and criteria, use the show proxy-protocols command.
show proxy-protocols {all | outgoing-proxy | transparent}
Syntax Description
all All proxy protocols-related parameters. outgoing-proxy Global outgoing proxy exceptions. transparent Transparent mode protocol policies.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show proxy-protocols all
Transparent mode forwarding policies: original proxy
Global outgoing proxy exclude list is disabled
Global outgoing proxy exclude list:
cisco.com
cruzio.com
174.12.24.24
Excluding only the domain names on the list is disabled
Related Commands
proxy-protocols
To show Remote Authentication Dial-in User Service (RADIUS) information, use the
show radius-server EXEC command.
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show radius-server
Radius Configuration:
---------------------
Radius Authentication is off
This could be because there are no servers or key is NULL
Timeout = 5 seconds
AuthTimeout = 20 minutes
Retransmit = 3
Key =
Servers
-------
Selective Authentication is on.
Local domains to be excluded from Radius Authentication: None
To display rule definitions and to determine rule processing status, use the show rule command.
show rule {action {action-type {all | pattern pattern-type}} | all}
Syntax Description
action Specifies which rules to show. all Shows all the rules. Action Type block Specifies block rule to show. no-auth Shows do-not-authenticate rules. no-cache Shows no-cache rules. no-proxy Shows no-proxy rules. refresh Revalidates the object with the Web server. selective-cache Caches this object. use-proxy Uses a specific upstream proxy. Pattern Type domain Regular expression to match with the domain name. dst-ip Destination IP address of the request. dst-port Destination port number. mime-type MIME type to be matched with the Content-Type HTTP header. src-ip Source IP address of the request. url-regex Regular expression to match a substring with the URL.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show rule all
Rules Template Configuration
----------------------------
Rule Processing Enabled
rule block dst-port 33
rule block domain ethel.com
rule no-auth domain giggle.com
rule no-cache domain fred.com
To display all the rules, use the show rule command as follows:
Console# show rule ?
all show all the rules
action show all the rules with the same action
Console# show rule action ?
block Block the request
no-auth Do not authenticate
no-cache Do not cache the object
no-proxy Do not use any upstream proxy
refresh Revalidate the object with the Web server
selective-cache Cache this object
use-proxy Use a specific upstream proxy ContentEngine
Console# show rule action use-proxy ?
all show all the rules
pattern show all the rules with a specific type of pattern
Console# show rule action use-proxy pattern ?
domain Regular expression to match with the domain name
dst-ip Destination IP address of the request
dst-port Destination port number
src-ip Source IP address of the request
url-regex Regular expression to substring match with the URL
Console# show rule action use-proxy pattern url-regex
Action : use-proxy 171.64.1.2 port 8080
Pattern : url-regex \.jpg$ \.gif$ \.pdf$
...
Related Commands
rule
show statistics rule
clear statistics rule
To display the current running configuration information on the terminal, use the show running-config EXEC command. This command is equivalent to the write terminal command.
show running-configSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command in conjunction with the show startup-config command to compare the information in running memory to the startup configuration used during bootup.
Examples
Console# show running-config
Building configuration...
Current configuration:
!
!
!
group add admin gid 0
group add everyone gid 1000
!
user add admin uid 0 password 1 "ceSzbyeb" capability admin-access
user add britta uid 2001
!
!
!
hostname Console
!
interface ethernet 0
ip address 172.16.0.0 255.255.255.008
ip broadcast-address 172.16.10.0
exit
!
!
interface ethernet 1
exit
ip domain-name cisco.com
ip route 0.0.0.0 0.0.0.0 172.16.0.3
cron file /local/etc/crontab
!
bypass static 171.11.11.11 any-server
bypass static any-client 172.16.0.5
http cache-cookies
http max-ttl days text 4 binary 3
http cache-authenticated
http proxy outgoing exclude enable
http proxy outgoing exclude list cisco.com
http proxy outgoing exclude list cruzio.com
http proxy outgoing host 10.2.2.2 8080
http proxy incoming 8080
icp client exclude google.com,cruzio.com
url-filter websense server 172.16.12.0 port 3333 timeout 5
no url-filter websense allowmode
wccp router-list 1 10.1.1.1
wccp web-cache router-list-num 1
wccp reverse-proxy router-list-num 1
wccp custom-web-cache router-list-num 1 port 1 hash-destination-ip weight 33
wccp home-router 10.1.1.1
wccp version 1
!
radius-server exclude enable
transaction-logs archive files 5
transaction-logs archive interval 600
transaction-logs enable
transaction-logs export interval 3600
transaction-logs export enable
!
exec-timeout 60
!
end
Related Commands
configure
copy running-config
copy startup-config
write terminal
To display which services are running on which ports, use the show services command.
show services {ports port_number | summary}
Syntax Description
ports Displays services by port. port_number Specifies up to eight port numbers (1-65535). summary Displays services summary.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
This example displays a summary of all configured services and their port numbers.
Console# show services summary
Service Ports
--------------------------------------------------------------------
Web Cache 80
Reverse Proxy 80
Custom Web Cache 473
WCCPv2 Service 90 10 200 3000 8080 8082 40000
HTTP Proxy 8080
GUI Server 8001
This example displays service information by port number.
Console# show services ports
Service information by port
---------------------------
8001 Started on Thu Jul 27 09:49:21 2000
Runs 1 service
GUI Server
8080 Started on Thu Jul 27 09:49:24 2000
Runs 2 services
Proxy Mode : HTTP
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
80 Started on Thu Jul 27 09:49:24 2000
Runs 2 services
Transparent Mode: Web Cache
Reverse Proxy
Proxy protocols allowed in transparent mode: HTTP HTTPS
473 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: Custom Web Cache
Proxy protocols allowed in transparent mode: HTTP HTTPS
8082 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
10 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
200 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
3000 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
40000 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
This example displays service information for ports 8082 and 8080 only.
Console# show services ports 8082 8080
Service information by port
---------------------------
8082 Started on Thu Jul 27 09:49:24 2000
Runs 1 service
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
8080 Started on Thu Jul 27 09:49:24 2000
Runs 2 services
Proxy Mode : HTTP
Transparent Mode: WCCPv2 Service 90
Proxy protocols allowed in transparent mode: HTTP HTTPS
Related Commands
wccp service-number
wccp custom-web-cache
wccp port-list
wccp reverse-proxy
wccp service-number
wccp web-cache
To check the status of SNMP communications, use the show snmp EXEC command.
show snmpSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
This command provides counter information for SNMP operations.
Examples
Console# show snmp
Contact: Mary Brown, system admin, mbrown@acme.com 555-1111
Location: Building 2, 1st floor, Lab 1
37 SNMP packets input
0 Bad SNMP version errors
4 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
24 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
28 Get-next PDUs
0 Set-request PDUs
78 SNMP packets output
0 Too big errors
0 No such name errors
0 Bad values errors
0 General errors
24 Response PDUs
13 Trap PDUs
Table 2-1 describes the fields shown in the display.
Field | Description |
---|---|
SNMP packets input | Total number of SNMP packets input. |
Bad SNMP version errors | Number of packets with an invalid SNMP version. |
Unknown community name | Number of SNMP packets with an unknown community name. |
Illegal operation for community name supplied | Number of packets requesting an operation not allowed for that community. |
Encoding errors | Number of SNMP packets that were improperly encoded. |
Number of requested variables | Number of variables requested by SNMP managers. |
Number of altered variables | Number of variables altered by SNMP managers. |
Get-request PDUs | Number of GET requests received. |
Get-next PDUs | Number of GET-NEXT requests received. |
Set-request PDUs | Number of SET requests received. |
SNMP packets output | Total number of SNMP packets sent by the router. |
Too big errors | Number of SNMP packets that were larger than the maximum packet size. |
Maximum packet size | Maximum size of SNMP packets. |
No such name errors | Number of SNMP requests that specified a MIB object that does not exist. |
Bad values errors | Number of SNMP SET requests that specified an invalid value for a MIB object. |
General errors | Number of SNMP SET requests that failed because of some other error. (It was not a No such name error, Bad values error, or any of the other specific errors.) |
Response PDUs | Number of responses sent in reply to requests. |
Trap PDUs | Number of SNMP traps sent. |
snmp-server
To get stack trace information from your CE, use the show stacktrace EXEC command.
show stacktrace {task-ID | exception}
Syntax Description
task-ID Hexadecimal number without a 0x prefix (0 toFFFFFFFF). exception Stack trace on previous exception.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show stacktrace exception
To show the startup configuration, use the show startup-config EXEC command.
show startup-configSyntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to display the configuration used during an initial bootup, stored in NVRAM.
Examples
Console# show startup-config
Configuration Size 2552 bytes
!
!
logging event-export critical-events warning user
!
group add admin gid 0
group add everyone gid 1000
group add LocalUsers gid 1004
!
user add admin uid 0 password 1 "ceSzbyeb" capability admin-access
user add bwhidney uid 5013 password 1 "bSzyydQbSb" capability admin-access
user add name uid 5001
!
!
!
hostname Console
!
interface ethernet 0
ip address 172.31.227.250 255.255.255.128
ip broadcast-address 172.31.227.255
exit
!
!
interface ethernet 1
exit
!
ip default-gateway 172.21.227.129
ip name-server 10.1.2.2
ip name-server 172.21.2.132
ip domain-name cisco.com
ip route 0.0.0.0 0.0.0.0 172.31.227.129
cron file /local/etc/crontab
clock timezone pst -8 0
!
bypass static 172.11.11.11 any-server
bypass static any-client 172.23.23.23
http cache-cookies
http max-ttl days text 4 binary 3
http cache-authenticated
http proxy outgoing origin-server
http proxy incoming 8080
icp client exclude google.com,cruzio.com
url-filter websense server 172.22.11.22 port 3333 timeout 5
no url-filter websense allowmode
wccp router-list 1 10.1.1.1
wccp router-list 2 10.1.1.1
wccp router-list 3 10.1.1.1
wccp port-list 1 8082 8080 10 200 3000 40000
wccp port-list 2 65222 65333
wccp port-list 3 10 200 3000 40000
wccp web-cache router-list-num 1
wccp reverse-proxy router-list-num 3
wccp custom-web-cache router-list-num 1 port 473 hash-destination-ip
wccp service-number 90 router-list-num 1 port-list-num 1 hash-destination-ip wei
ght 20 password totot
wccp home-router 10.1.1.1
wccp version 2
wccp shutdown max-wait 1
!
radius-server exclude enable
authentication login tacacs enable primary
authentication login local enable
authentication configuration tacacs enable
authentication configuration local enable
ldap server host 1.1.1.1 port 88
ldap server allow-mode
transaction-logs archive files 5
transaction-logs archive interval every-day at 12:00
transaction-logs enable
transaction-logs export enable
transaction-logs sanitize
proxy-protocols transparent original-proxy
rule enable
rule block dst-port 33
rule block domain ethel.com
rule no-auth domain google.com
rule no-cache domain fred.com
https proxy outgoing host 1.1.1.1 76
https destination-port allow all
https destination-port deny 20 21 23 119
!
exec-timeout 60
!
end
Related Commands
configure
copy running-config
show running-config
write terminal
To display CE statistics, use the show statistics EXEC command.
show statistics {authentication | bypass [auth-traffic | load | summary] | cfs | dns-cache | ftp | http {ims | object | performance | proxy outgoing | requests | savings | usage} | https | icmp | icp {client | cluster | server} | ip | ldap {authcache | server {interface | protocol}} | mbuf | netstat | radius-server | routing | rule {action {action-type {all | pattern pattern-type}} | all} | services | tcp | tacacs | transaction-logs | udp | url-filter websense}
Syntax Description
authentication Displays authentication and authorization statistics. bypass Displays bypass statistics. auth-traffic Displays authenticated traffic bypass statistics. load Displays load bypass statistics. summary Displays a summary of bypass statistics. cfs Displays cache file system statistics. dns-cache Displays DNS cache statistics. ftp Displays FTP caching statistics. http Displays HTTP caching statistics. ims Displays HTTP if-modified-since statistics. object Displays HTTP object statistics. performance Displays HTTP performance statistics. proxy outgoing Displays outgoing requests that were directed to another proxy-server. requests Displays HTTP requests statistics. savings Displays HTTP savings statistics. usage Displays HTTP usage statistics. https Displays HTTPS statistics. icmp Displays ICMP statistics. icp Displays ICP caching statistics. client Displays ICP client statistics. cluster Displays ICP cluster statistics. server Displays ICP server statistics. ip Displays IP statistics. ldap Selects Lightweight Directory Access Protocol (LDAP) statistics. authcache Displays LDAP authentication cache statistics. server Selects LDAP server statistics. interface Displays LDAP interface statistics. protocol Displays LDAP protocol response counts. mbuf Displays memory buffer statistics. netstat Displays Internet socket connections. radius-server Displays RADIUS statistics. routing Displays routing statistics. rule Selects rule statistics. action Displays rule statistics of the specified action. action-type Specifies one of the following actions: See the "rule" section for explanations of actions and patterns. action-type all Displays statistics of all the patterns for this action. action-type pattern Displays statistics of rules with specified pattern. pattern-type Specify one of the following patterns: See the "rule" section for explanations of patterns and actions. all Displays all rule statistics. services Displays services information. tacacs Displays TACACS+ statistics. tcp Displays TCP statistics. transaction-logs Displays transaction-log export statistics. udp Displays UDP statistics. url-filter websense Displays Websense URL filtering statistics.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
To clear statistics without affecting configurations, use the clear statistics command. This will set all counters to zero.
Examples
Console# show statistics icmp
ICMP:
0 call to icmp_error
0 error not generated because old message was icmp
Output histogram:
echo reply: 37
0 message with bad code fields
0 message < minimum length
0 bad checksum
0 message with bad length
Input histogram:
destination unreachable: 1091
echo: 37
37 message responses generated
To show LDAP statistics, use the show statistics ldap server protocol command. The output is displayed for each LDAP server. Because of the large number of protocol responses (about 50), only nonzero statistics are displayed.
Console# show stat ldap server protocol
LDAP Server
---------------------------------
1.1.1.1
LDAP Success: 2005
LDAP Invalid Syntax: 3
---------------------------------
100.4.5.6
LDAP Success: 100
LDAP Undefined Type: 9
LDAP Unwilling To Perform: 8
To show statistics about access to the LDAP authentication cache, use the show stat ldap authcache command.
Console# show stat ldap authcache
Adds 1308 Deletes 297
Hits 23491 Misses 1598
Current Entries Used 1011 No Avail Entry 0
Avg.Cache Search 1.3 Max Cache Search Miss 3
Max Cache Search Hit 2 Dup Add Attempts 0
Number of Compares 26998 Userid Passwd Too Long 0
The show statistics ldap server interface command shows the LDAP statistics that refer to the interface between the rest of the CE code and the LDAP module. The output is broken down by server.
Console# show stat ldap server interface
LDAP Server
---------------------------------------
1.1.1.1
Attempts Successes Fails
Connect 0 0 0
Bind 0 0 0
Search 0 0 0
Unknown Password Format:
------------------------------------------
100.4.5.6
Attempts Successes Fails
Connect 0 0 0
Bind 0 0 0
Search 0 0 0
Unknown Password Format:
----------------------------------------
To display all rules, use the show statistics rule all command.
Console# show statistics rule all
Rules Template Statistics
-------------------------
Rule hit count = 0 Rule: rule block dst-port 33
Rule hit count = 0 Rule: rule block domain sample1.com
Rule hit count = 0 Rule: rule no-auth domain sample2.com
Rule hit count = 0 Rule: rule no-cache domain .foo.com
Console# show statistics rule ?
all show all the rules
action show all the rules with the same action
Console# show statistics rule action ?
block Block the request
no-auth Do not authenticate
no-cache Do not cache the object
no-proxy Do not use any upstream proxy
refresh Revalidate the object with the Web server
selective-cache Cache this object
use-proxy Use a specific upstream proxy
Console# show statistics rule action no-cache ?
all show all the rules
pattern show all the rules with the same type of pattern
Console#show statistics rule action no-cache pattern ?
domain Regular expression to match with the domain name
dst-ip Destination IP address of the request
dst-port Destination port number
mime-type MIME type to be matched with the Content-Type
src-ip Source IP address of the request
url-regex Regular expression to substring match with the URL
Console# show statistics rule action no-cache pattern domain
Action : no-cache
Pattern : domain .foo.com
Time executed : 35 12 77
...
The following example displays FTP statistics.
CE# show statistics ftp
FTP Statistics
--------------
FTP requests Received = 9
FTP Hits
Requests Percentage
Number of hits = 2 22.2 %
Bytes = 13542 22.0 %
FTP Misses
Requests Percentage
Number of misses = 7 77.8 %
Bytes = 47946 78.0 %
Requests sent to Outgoing Proxy = 7
Requests sent to origin ftp server = 0
FTP error count = 0
Related Commands
clear statistics
To display the settings for the Terminal Access Controller Access Control System Plus (TACACS+) server, use the show tacacs EXEC command.
show tacacsSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show tacacs
Login Authentication for Console/Telnet Session: enabled (primary)
Configuration Authentication for Console/Telnet Session: enabled (primary)
TACACS Configuration:
---------------------
Key =
Timeout = 10 seconds
Retransmit = 2 times
Server Status
--------------------- ------
171.69.236.175 primary
171.69.227.254
You can also display login and configuration authentications using the show authentication command.
CE# show authentication
Login Authentication: Console/Telnet Session
----------------------------- -----------------------
local enabled
tacacs enabled (primary)
Configuration Authentication: Console/Telnet Session
----------------------------- -----------------------
local enabled
tacacs enabled (primary)
Related Commands
authentication
show authentication
tacacs
To display TCP configuration information, use the show tcp EXEC command.
show tcpSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show tcp
==TCP Configuration==
TCP keepalive timeout 300 sec
TCP keepalive probe count 4
TCP keepalive probe interval 75 sec
TCP server R/W timeout 120 sec
TCP client R/W timeout 120 sec
TCP server send buffer 8 k
TCP server receive buffer 32 k
TCP client send buffer 32 k
TCP client receive buffer 8 k
TCP Listen Queue 200
TCP init ssthresh 65536
TCP cwnd base 2
TCP server max segment size 1432
TCP server satellite (RFC1323) disabled
TCP client max segment size 1432
TCP client satellite (RFC1323) disabled
TCP retransmit drop threshold 1
To view information necessary for Cisco's Technical Assistance Center (TAC) to assist you, use the show tech-support EXEC command.
show tech-support [page]
Syntax Description
page (Optional.) Pages through output.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to view system information necessary for TAC to assist you with your CE. This is a long display. You can manage the output using the terminal length command.
Examples
Console# show tech-support
---------------------show hardware---------------------
Cisco Cache Engine
Copyright (c) 1986-1999 by Cisco Systems, Inc.
Software Release: CE ver 2.09 (Build: #17 03/02/00)
Compiled: 06:19:45 Mar 2 2000 by morlee
Image text-base 0x108000, data_base 0x392064
System restarted by Reload
The system has been up for 3 hours, 12 minutes, 23 seconds.
System booted from "flash"
Cisco Cache Engine CE505 with CPU AMD-K6 (model 7) (rev. 0) AuthenticAMD
2 Ethernet/IEEE 802.3 interfaces
1 Console interface.
134213632 bytes of Physical Memory
131072 bytes of ROM memory.
8388608 bytes of flash memory.
---More---
To display configured TFTP directories, use the show tftp-server EXEC command.
show tftp-serverSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console#show tftp-server
== TFTPD Directory List ==
/local/public
To show the transaction log summaries or to show transaction log settings, use the show transaction-logging EXEC command.
show transaction-logging [entries number]
Syntax Description
entries (Optional.) Displays the last number of entries to the working log file. number Number of most recent entries to display (1-256).
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use the show transaction-logging command to display the current settings for the transaction logging feature.
Use the show transaction-logging entries number command to display the last entries to the working log files. Transaction logging must be enabled in order for the show transaction-logging entries command to work.
Examples
Console# show transaction-logging
Transaction Logs:
Logging is enabled.
End user identity is hidden. (sanitized)
File markers are disabled
Archive interval: every-day at 12:00
Maximum Number of Archived Files: 5
Exporting files to servers is enabled.
Export interval: every-day every 1 hour
Working Log file - size: 0
age: 18449
Archive Log file - celog_171.69.227.250_20000802_120000.txt size: 0
To display the name of the CE trusted hosts, use the show trusted-hosts EXEC command.
show trusted-hostsSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show trusted-hosts
Trusted Host checking: ON
111.333.123.2/C_Medici
333.222.111.1/Procrustes
To display URL filter information, use the show url-filter EXEC command.
show url-filter [statistics websense]
Syntax Description
statistics websense (Optional.) Displays Websense URL filtering statistics.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show url-filter
Websense URL Filtering Lookup enabled
Websense Server = 171.22.11.22
Server Port = 3333
Server Timeout = 5
Allowmode is not enabled.
Console# show url-filter statistics websense
Websense URL Filtering Statistics:
Lookup requests transmitted = 0
Lookup responses received = 0
Requests BLOCKed by Websense = 0
Requests OKed by Websense = 0
To display user information for a particular user, use the show user EXEC command.
show user {uid number | username name}
Syntax Description
uid User ID keyword. number User ID number (0-2147483647). username Displays information for a user. name Username.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console#show user username bwhidney
Username : bwhidney
Uid : 5013
Number of Groups : 1
Primary Group : everyone (1000)
Password : bSzyydQbSb
Comment :
HomeDir : /local
Capability : admin-access
Related Commands
show groups
show users
To display all users, use the show users EXEC command.
show usersSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show users
There are 2 user(s)
UID USERNAME
0 admin
5013 bwhidney
Related Commands
show groups
show user
To display the current software on your CE, use the show version EXEC command.
show versionSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show version
Cisco Cache Engine
Copyright (c) 1986-2000 by Cisco Systems, Inc.
Software Release: CE ver 2.28 (Build: #7 07/21/00)
Compiled: 18:04:21 Jul 21 2000 by morlee
Image text-base 0x108000, data_base 0x4317dc
System restarted by Power Up
The system has been up for 6 days, 7 hours, 20 minutes, 12 seconds.
System booted from "flash"
To display WCCP information, use the show wccp EXEC command.
show wccp {cache-engines | flows {custom-web-cache | reverse-proxy | web-cache} routers | services | slowstart {custom-web-cache | reverse-proxy | web-cache}| status}
Syntax Description
cache-engines Shows WCCP CE information. flows Shows WCCP packet flow count by bucket. custom-web-cache Custom web caching service. reverse-proxy Reverse proxy web caching service. web-cache Standard web caching service. routers Shows WCCP router list. services Show WCCP services configured. slowstart Show WCCP slow start state for the selected service. status Shows which version of WCCP is enabled and running.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Console# show wccp routers
Routers Seeing this Cache Engine
Router Id Sent To
0.0.0.0 10.1.1.1
Routers not Seeing this Cache Engine
10.1.1.1
Routers Notified of but not Configured
-NONE-
Multicast Addresses Configured
-NONE-
Router Information for Service: Reverse-Proxy
Routers Seeing this Cache Engine
Router Id Sent To
0.0.0.0 10.1.1.1
Routers not Seeing this Cache Engine
10.1.1.1
Routers Notified of but not Configured
-NONE-
Multicast Addresses Configured
-NONE-
To enable the SNMP agent and set up the community access string to permit access to the SNMP agent, use the snmp-server community global configuration command. Use the no form of this command to disable the SNMP agent and to remove the previously configured community string.
snmp-server community string
Syntax Description
string Community string that acts like a password and permits access to the SNMP agent.
Defaults
The SNMP agent is disabled and a community string is not configured.
When configured, an SNMP community string by default permits read-only access to all objects.
Command Modes
Global configuration
Examples
The following example enables the SNMP agent and assigns the community string comaccess to SNMP:
Console(config)# snmp-server community comaccess
The following example disables the SNMP agent and removes the previously defined community string.
Console(config)# no snmp-server community
Related Commands
show snmp
To set the system contact (sysContact) string, use the snmp-server contact global configuration command. Use the no form of this command to remove the system contact information.
snmp-server contact line
Syntax Description
contact Text for MIB object sysContact. line Identification of the contact person for this managed node.
Defaults
No system contact string is set.
Command Modes
Global configuration
Usage Guidelines
The system contact string is the value stored in the MIB-II system group sysContact object.
Examples
The following example is a system contact string.
Console# snmp-server contact Dial System Operator at beeper # 27345
Console# no snmp-server contact
Related Commands
snmp-server location
show snmp
To enable the Content Engine to send SNMP traps, use the snmp-server enable traps global configuration command. Use the no form of this command to disable all SNMP traps or only SNMP authentication traps.
snmp-server enable traps [snmp authentication]
Syntax Description
snmp authentication (Optional.) Enables sending the MIB-II SNMP authentication trap.
Defaults
This command is disabled by default. No traps are enabled.
Command Modes
Global configuration
Usage Guidelines
If you do not enter an snmp-server enable traps command, no traps are sent. In order to configure traps, you must enter the snmp-server enable traps command.
The snmp-server enable traps command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP traps. To send traps, you must configure at least one snmp-server host command.
For a host to receive a trap, both the snmp-server enable traps command and the snmp-server host command for that host must be enabled.
In addition, SNMP must be enabled with the snmp-server community command.
To disable the sending of the MIB-II SNMP authentication trap, you must enter the command
no snmp-server enable traps snmp authentication.
Examples
The following example enables the router to send all traps to the host 172.31.2.160 using the community string public.
Console(config)# snmp-server enable traps
Console(config)# snmp-server host 172.31.2.160 public
Console(config)# no snmp-server enable traps
Related Commands
snmp-server host
snmp-server community
To specify the recipient of an SNMP trap operation, use the snmp-server host global configuration command. Use the no form of this command to remove the specified host.
snmp-server host {hostname | ip-address} communitystring
Syntax Description
hostname Host name of SNMP trap host. ip-address IP address of SNMP trap host. communitystring Password-like community string sent with the trap operation.
Defaults
This command is disabled by default. No traps are sent.
The version of the SNMP protocol used to send the traps is SNMPv1.
Command Modes
Global configuration
Usage Guidelines
If you do not enter an snmp-server host command, no traps are sent. To configure the CE to send SNMP traps, you must enter at least one snmp-server host command. To enable multiple hosts, you must issue a separate snmp-server host command for each host. The maximum number of snmp-server host commands is four.
When multiple snmp-server host commands are given for the same host, the community string in the last command is used.
The snmp-server host command is used in conjunction with the snmp-server enable traps command to enable SNMP traps.
In addition, SNMP must be enabled with the snmp-server community command.
The MIB is located in the /local/lib/gui/snmp directory of the CE as the file CISCO-CACHEENGINE-MIB.my.
Examples
The following example sends the SNMP traps defined in RFC 1157 to the host specified by the IP address 172.16.2.160. The community string is comaccess.
Console(config)# snmp-server enable traps
Console(config)# snmp-server host 172.16.2.160 comaccess
The following example removes the host 172.16.2.160 from the SNMP trap recipient list.
Console(config)# no snmp-server host 172.16.2.160
Related Commands
snmp-server enable traps
snmp-server community
To set the SNMP system location string, use the snmp-server location global configuration command. Use the no form of this command to remove the location string.
snmp-server location line
Syntax Description
line String that describes the physical location of this node.
Defaults
No system location string is set.
Command Modes
Global configuration
Usage Guidelines
The system location string is the value stored in the MIB-II system group system location object.
You can see the system location string with the show snmp EXEC command.
Examples
The following example is a system location string.
Console(config)# snmp-server location Building 3/Room 214
Related Commands
show snmp
snmp-server contact
To configure Terminal Access Controller Access Control System Plus (TACACS+) server-related parameters, use the tacacs global configuration command.
tacacs {key keyword | retransmit retries | server {hostname | ipaddress} [primary] | timeout seconds}
Syntax Description
key Sets security word. keyword Specifies keyword. An empty string is the default. retransmit Sets number of times requests are retransmitted to a server. retries Specifies number of attempts allowed (1-10). The default is two retry attempts. server Sets a server address. hostname Specifies host name of TACACS+ server. ipaddress Specifies IP address of TACACS+ server. primary Sets server as primary. timeout Sets number of seconds to wait before a request to a server is timed out. seconds Specifies the timeout in seconds (1-255). The default is 5 seconds.
Defaults
An empty keyword string is the default. The default timeout time is 5 seconds. The default number of retry attempts is two.
Command Modes
Global configuration
Usage Guidelines
A TACACS+ server must be configured before you enable TACACS+ authentication on the CE. The CE can be configured to use the local password authentication if the TACACS+ password authentication fails. See the "authentication" section for more information.
Use the tacacs key command to specify the TACACS+ key, used to encrypt the packets transmitted to the server. This key must be the same as the one specified on the server daemon. The maximum number of characters in the key should not exceed 99 printable ASCII characters (except tabs). An empty key string is the default. All leading spaces are ignored; spaces within and at the end of the key string are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key.
One primary and two backup TACACS+ servers can be configured; authentication is attempted on the primary server first, then on the others in the order in which they were configured. The primary server is the first server configured unless another is explicitly specified as primary with the tacacs server hostname primary command.
The tacacs timeout is the number of seconds the CE waits before declaring a timeout on a request to a particular TACACS+ server. The range is from 1-255 seconds with 5 seconds as the default. The number of times the CE repeats a retry-timeout cycle before trying the next TACACS+ server is specified by the tacacs retransmit command. The default is two retry attempts.
Three unsuccessful login attempts are permitted. TACACS+ logins may appear to take more time than local logins depending on the number of TACACS+ servers and the configured timeout and retry values.
Examples
This example configures the key used in encrypting packets.
CE(config)# tacacs key bronzemonkey789
This example configures the host named rasputin as the primary TACACS+ server.
CE(config)# tacacs server rasputin primary
This example sets the timeout interval for the TACACS+ server.
CE(config)# tacacs timeout 10
This example sets the number of times authentication requests are retried (retransmitted) after a timeout.
CE(config)# tacacs retransmit 5
Related Commands
authentication
show authentication
show statistics authentication
show statistics tacacs
show tacacs
The tclsh command is for Cisco Systems internal use only.
To configure TCP parameters, use the tcp global configuration command. To disable TCP parameters, use the no form of this command.
tcp {client-mss maxsegsize | client-receive-buffer kbytes | client-rw-timeout seconds | client-satellite | client-send-buffer kbytes | cwnd-base factor | init-ssthresh value | keepalive-probe-cnt count | keepalive-probe-interval seconds | keepalive-timeout seconds | listen-queue length | server-mss maxsegsize | server-receive-buffer kbytes | server-rw-timeout seconds | server-satellite | server-send-buffer kbytes}
Syntax Description
client-mss Sets client TCP maximum segment size. maxsegsize Maximum segment size in bytes (512-1460). client-receive-buffer Sets client receive buffer size. kbytes Receive buffer size in kilobytes (1-1024). client-rw-timeout Sets client connection's read/write timeout. seconds Timeout in seconds (1-3600). client-satellite Client TCP compliance to RFC 1323 standard. client-send-buffer Client connection's send buffer size. kbytes Send buffer size in kilobytes (8-1024). cwnd-base Sets TCP cwnd base factor. factor Factor value (1-16). init-ssthresh Sets TCP initial smooth threshold. value Threshold value (2920-1073741824). keepalive-probe-cnt Sets TCP keepalive probe counts. count Number of probe counts (1-10). keepalive-probe-interval TCP keepalive probe interval. seconds Keepalive probe interval in seconds (1-300). keepalive-timeout TCP keepalive timeout. seconds Keepalive timeout in seconds (1 to 3600). listen-queue Maximum size of TCP listen queue. length Listen queue length in kilobytes (1-1000). server-receive-buffer Server connection receive buffer size. kbytes Receive buffer size in kilobytes (1-1024). server-rw-timeout Server connection read/write timeout. seconds Read/write timeout in seconds (1-3600). server-satellite Server TCP compliance to RFC 1323 standard. server-send-buffer Server connection send buffer size. kbytes Buffer size in kilobytes (1-1024).
Defaults
tcp client-receive-buffer: 8 kilobytes
tcp client-rw-timeout: 30 seconds
tcp client-send-buffer: 8 kilobytes
tcp keepalive-probe-cnt: 4
tcp keepalive-probe-interval: 75 seconds
tcp keepalive-timeout: 300 seconds
tcp server-receive-buffer: 8 kilobytes
tcp server-rw-timeout: 120 seconds
tcp server-send-buffer: 8 kilobytes
Usage Guidelines
In nearly all environments, the default TCP setting is adequate. If you modify the listen-queue settings, reboot the CE to effect the changes.
Command Modes
Global configuration
Examples
Console(config)# tcp client-receive-buffer 100
Console(config)# no tcp client-receive-buffer 100
Related Commands
show tcp
To display the current console debug command output, use the terminal EXEC command
terminal monitor
Syntax Description
monitor Monitors debug command output on the console.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
This command allows a Telnet session to display the output of the debug commands that appear on the console. The monitoring continues until the Telnet session is terminated.
Examples
Console# terminal monitor
To set the number of lines displayed in the console window, use the terminal global configuration command. To set the default value, use the no form of the command.
terminal length lines
Syntax Description
length Sets the number of lines displayed by the terminal screen. lines Number of lines on the screen displayed before pausing (0 to 512). Enter 0 for no pausing.
Defaults
Default is 24 lines.
Command Modes
Global configuration
Usage Guidelines
When 0 is entered as the lines parameter, output to the screen does not pause. For all non-zero values of lines, the -More- prompt is displayed when the number of output lines match the specified lines number. The -More- prompt is considered a line of output. To view the next screen, press the Spacebar. To view one line at a time, press the Enter key. To exit the show command output, press the Esc key or any other keystroke.
Examples
The following example sets the number of lines to display to 20:
Console(config)# terminal length 20
The following example sets the number of lines to the default of 24:
Console(config)# no terminal length
The following example configures the terminal for no pausing:
Console(config)# terminal length 0
Related Commands
All show commands.
To set the TFTP server directory, use the tftp-server global configuration command.
tftp-server dir directory
Syntax Description
dir Sets TFTP server directory directory Specifies the path name of TFTP server.
Defaults
No default behavior or values
Command Modes
Global configuration
Examples
Console(config)# tftp-server dir /mypath
To force the immediate creation of a transaction log, use the transaction-log force EXEC command.
transaction-log force {archive | export}
Syntax Description
archive Forces the archive of the working.log file. export Forces the archived files to be exported to a server.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
The transaction-log force archive command causes the transaction log to be archived immediately to the CE hard disk. This command has the same effect as the clear transaction-log command.
The transaction-log force export command causes the transaction log to be exported immediately to an FTP server designated by the transaction-logs export ftp-server command.
The force commands do not change the configured schedule for archive or export of transaction log files. If a scheduled archive or export job is in progress when a corresponding force command is entered, an error message is displayed. If a force command is in progress when an archive or export job is scheduled to run, the scheduled job runs when the force command is complete.
Examples
Console# transaction-log force archive
Starting transaction-log force archive command
Completed transaction-log force archive command
Related Commands
transaction-logs
clear statistics transaction-logs
clear transaction-log
show statistics transaction-logs
show transaction-logging
To enable transaction logs, use the transaction-logs global configuration command. To disable transaction logs, use the no form of this command.
transaction-logs {archive {files maxnumfiles | interval {seconds | every-day {at time | every hour} | every-hour {at minute | every interval} | every-week [on days [at time]]} | enable | export {enable | ftp-server {hostname | servipaddrs} login passw directory} | interval {minutes | every-day {at time | every hour} | every-hour {at minute | every interval} | every-week [on days [at time]]}}} | file-marker | sanitize}
Syntax Description
archive Configures archive parameters. files Saves archive log files to disk. maxnumfiles Maximum number of archive files to save on disk (1-10). The default is 1. interval Determines how frequently the archive file is to be saved. seconds Time interval in seconds (120-86400). The default is 86,400 seconds (1 day). every-day Archives using frequencies of 1 day or less. at time Specifies the time of day at which to archive in hours and minutes (hh:mm). every hour Interval in hours (1, 2, 3, 4, 6, 8, 12, or 24). every-hour Archives using frequencies of 1 hour or less. at minute Specifies the minute alignment for the hourly archive (0-59). every interval Interval in minutes (2, 10, 15, 20, 30). every-week Archives one or more times a week. on days (Optional.) Archives one or more days of the week (mon, tue, wed, thu, fri, sat, sun). at time (Optional.) Specifies the time of day at which to archive in hours and minutes (hh:mm). enable Enables transaction log feature. export Configures file export parameters. enable Enables the exporting of log files at the specified interval. ftp-server Sets FTP server to receive exported archived files. hostname Host name of target FTP server. servipaddrs IP address of target FTP server. login User login to target FTP server. passw User password to target FTP server. directory Target directory for exported files on FTP server. interval Transfers files to the FTP server after this interval. minutes Export time interval in minutes (1-10,080). The default is 60 minutes. every-day Exports using frequencies of 1 day or less. at time Specifies the time at which to export each day in hours and minutes (hh.mm). every hour Interval in hours (1, 2, 3, 4, 6, 8, 12, or 24). every-hour Exports using frequencies of 1 hour or less. at minute Specifies the minute alignment for the hourly archive (0-59). every interval Interval in minutes (2, 10, 15, 20, or 30). every-week Exports one or more times a week. on days (Optional.) Exports on one or more days of the week (mon, tue, wed, thu, fri, sat, sun). at time (Optional.) Specifies the time of day at which to export in hours and minutes (hh:mm). file-marker Adds statements to translog indicating the file begin and end. sanitize Writes user IP addresses in log file as 0.0.0.0.
Defaults
The default for maximum number of archive files is 1. The default frequency for archiving files is 1 day. The default export time interval is 60 minutes.
Command Modes
Global configuration
Usage Guidelines
Enable transaction log recording with the transaction-logs enable command. When enabled, daemons create a working.log file in the /local/var/log/translog/ dosfs directory.
After an interval specified by the transaction-logs archive interval command, the working.log file is renamed and copied as an archive file to the dosfs directory with the path /local/var/log/translog/archive/data. A new working.log file is then created and the process repeats. The CE default archive interval is 86,400 seconds, or one day.
Use the transaction-logs archive files command to specify how many archive files to store on disk. When the maximum number of files has been created, the next archive file overwrites the oldest stored file.
The transaction log archive and export functions are configured with the following commands:
The following limitations apply:
If the transaction-logs export interval is configured to a larger value than the archive interval, the administrator must ensure that there are enough archive files.
Transaction Log Archive File-Naming Convention
The archive transaction log file is named as follows:
celog_10.1.118.5_20001028_235959.txt
Table 2-2 describes the name elements.
celog_10.1.118.5 | IP address of the CE creating the archive file. |
19991228 | Date archive file was created (yyyy/mm/dd). |
235959 | Time archive file was created (hh/mm/ss). |
The transaction logs export feature does not create the legacy archive files named archive.log. Legacy archive files must be manually deleted or copied from the CE hard disk.
Exporting Transaction Logs to External FTP Servers
The transaction-logs export ftp-server option can support up to four FTP servers. To export transaction logs, you must first enable the feature and configure the export interval. The following information is required for each target server:
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Restarting Export After Receiving a Permanent Error from the External FTP Server
When an FTP server returns a permanent error to the CE, the archive transaction logs are no longer exported to that server. You must reenter the CE transaction log export parameters to clear the error condition. The show statistics transaction-logs command displays the current state of transaction log export readiness.
A permanent error (Permanent Negative Completion Reply, RFC 959) occurs when the FTP command to the server cannot be accepted, and the action did not take place. Permanent errors can be caused by invalid user logins, invalid user passwords, and attempts to access directories with insufficient permissions.
In the following example, an invalid user login parameter was included in the transaction-logs export ftp-server command. The show statistics transaction-logs command shows that the CE failed to export archive files.
Console# show statistics transaction-logs
Server:176.79.23.12
Export stopped due to permanent error received from FTP.
Attempts:1
Successes:0
Open Failures:0
Put Failures:0
Other Transport Errors:
Authentication Failures:1
Permanent Directory Failures:0
Permanent Put Failures:0
Previous Permanent Ftp Errors:0
To restart the export of archive transaction logs, the transaction-logs export ftp-server parameters must be reentered:
Console(config)#
transaction-logs export ftp-server 10.1.1.1 goodlogin pass /etc/webcache
Use the sanitized option to disguise the IP address and usernames of clients in the transaction log file. The default is not sanitized. A sanitized transaction log disguises the network identity of a client by changing the IP address in the transaction logs to 0.0.0.0. The no form disables the sanitize feature.
Examples
In this example, an FTP server is configured.
Console(config)#
transaction-logs export ftp-server 10.1.1.1 mylogin mypasswd
/tmp/local/webcache
Console(config)#
transaction-logs export ftp-server myhostname mylogin mypasswd
/tmp/local/webcache
To delete an FTP server, use the no form of the command.
Console(config)#
no transaction-logs export ftp-server myhostname
Console(config)#
no transaction-logs export ftp-server 10.1.1.1
Use the no form of the command to disable the entire transaction log export feature while retaining the rest of the configuration.
Console(config)#
no transaction-logs export enable
Note The default is export disabled; the interval default is 1 hour. There are no defaults for the FTP server configuration. |
To change a username, password, or directory, reenter the entire line.
Console
(config)# transaction-logs export ftp-server 10.1.1.1 mynewname mynewpass
/tmp/local/webcache
The show transaction-logging command displays information on exported log files.
Console# show transaction-logging
Transaction Logs:
Logging is enabled
End user identity is visible.
Current Archive Interval: 86400 sec.
Maximum Number of Archived Files: 6
Exporting files to servers is enabled.
Current export retry interval: 100 minutes.
Working Log file - size: 8650
age: 4885
Archive Log file:
celog_10.1.118.5_19991228_235959.txt - size: 10340
File export feature is enabled
ftp-server username directory
1.1.1.1 mynewname /tmp/local/webcache
2.2.2.2 erasmus /tmp/translogfiles
Note For security reasons, passwords are never displayed. |
The export option has been added to the show statistics transaction-logs command to display the status of logging attempts to export servers.
Console# show statistics transaction-logs
Transaction Logs:
Logging is enabled.
End user identity is visible.
Current Archive Interval: 120 seconds.
Maximum Number of Archived Files: 10
Exporting files to servers is enabled.
Export retry interval:1 minutes.
Working Log file - size:0
age:45
No Archive Log file found
ftp-server username directory
152.59.21.110 zpajanos ~zp/201/translog/logfiles
152.59.33.33 zpajanos ~zp/outputfiles
1.1.1.1 my my
Configuring Intervals Between 1 Day and 1 Hour
The interval can be set for once a day with a specific timestamp. It can also be set for frequencies of hours; these frequencies align with midnight. For example, every 4 hours means archiving occurs at 0000, 0400, 0800, 1200, 1600, and so forth. It is not possible to archive at 0030, 0430, 0830, and so forth.
cepro(config)# transaction-logs archive interval every-day ?
at Specify the time at which to archive each day
every Specify the interval in hours. It will align with midnight
cepro(config)# transaction-logs archive interval every-day at ?
hh:mm Time of day at which to archive (hh:mm)
cepro(config)# transaction-logs archive interval every-day every ?
<1-24> Interval in hours: {1, 2, 3, 4, 6, 8, 12 or 24}
Scheduling Intervals of 1 Hour or Less
The interval can be set for once an hour with a minute alignment. It can also be set for frequencies of less than an hour; these frequencies will align with the top of the hour. That is, every 5 minutes means archiving will occur at 1700, 1705, and 1710.
cepro(config)# transaction-logs archive interval every-hour ?
at Specify the time at which to archive each day
every Specify interval in minutes. It will align with top of the hour
cepro(config)# transaction-logs archive interval every-hour at ?
<0-59> Specify the minute alignment for the hourly archive
Scheduling Weekly Intervals
The interval can be set for once a week or multiple times within the week. For example, it is possible to archive "every Sunday at 0630" or "every Monday, Wednesday, and Friday at 1900." Administrators can select as many days as they wish, including all 7 days. Note that is it not possible to schedule the interval for different times on different days.
cepro(config)# transaction-logs archive interval every-week ?
on Day of the week
<cr>
cepro(config)# transaction-logs archive interval every-week on ?
DAY Day of week to archive
cepro(config)# transaction-logs archive interval every-week on Monday ?
DAY Day of week to archive
at Specify the time of day at which to archive
<cr>
cepro(config)# transaction-logs archive interval every-week on Monday Friday at ?
hh:mm Time of day at which to archive (hh:mm)
Related Commands Related Commands
clear transaction-log
show transaction-logging
show statistics transaction-logs
transaction-log force
To enable trusted hosts on your CE, use the trusted-host global configuration command. To disable trusted hosts, use the no form of this command.
trusted-host {hostname | ip-address | domain-lookup}
Syntax Description
hostname Host name of trusted host. ip-address IP address of trusted host. domain-lookup Trusted host checking.
Defaults
No default behavior or values
Command Modes
Global configuration
Defaults
No trusted hosts is the default.
Syntax Description
To allow reception of files (for example, rcp) from specified hosts, these hosts must be identified using the trusted-host hostname command. You must first enable this feature with the trusted-host domain-lookup command.
Examples
Console(config)# trusted-host domain-lookup
Console(config)# trusted-host 172.31.90.33
Console(config)# no trusted-host domain-lookup
Related Commands
show trusted-hosts
To display a file, use the type EXEC command.
type filename
Syntax Description
filename Name of file.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to display the contents of a file within any CE file directory. This command may be used to monitor features such as transaction logging or system logging (syslog), or to manage files such as badurl.lst for URL filtering.
Examples
Console# type badurl.lst
Related Commands
cpfile
dir
lls
ls
mkfile
To disable debugging functions, use the undebug EXEC command. Also see the debug EXEC command.
Command Modes
EXEC
Defaults
No default behavior or values
Usage Guidelines
We recommend that debug commands be used only at the direction of Cisco Systems technical support personnel.
Related Commands
debug
no debug
show debug
To enable URL blocking, use the url-filter global configuration command. To disable URL blocking, use the no form of this command.
url-filter {bad-sites-block [custom-message] | good-sites-allow [custom-message] | websense {allowmode enable | server {hostname | ipaddrs} [port port] [timeout seconds]}}
Syntax Description
bad-sites-block Blocks access to sites listed in badurl.lst file. custom-message (Optional.) Displays customized URL blocking message from block.html file. good-sites-allow Allows access only to sites listed in goodurl.lst file. websense Uses Websense Enterprise server to govern URL access. allowmode Allows HTTP traffic if Websense server does not respond. enable Enables allowmode. server Configures Websense server host name or IP address. hostname Host name of Websense server. ipaddrs IP address of Websense server. port (Optional.) Sets the Websense server port number. port (Optional.) Port on which to send the Websense requests (1-65535). Default is 15868. timeout (Optional.) Specifies the time to wait for a response from the Websense server. seconds (Optional.) Timeout value in seconds (1-120). Default is 20 seconds.
Defaults
Default Websense server port is 15868. Default Websense server request timeout is 20 seconds.
Command Modes
Global configuration
Usage Guidelines
The CE can control client access to Web sites as follows:
Only one form of URL filtering can be active at a time.
URL Filtering with URL Lists
The url-filter bad-sites-block command causes the CE to block a client request for a URL if the URL is listed in an administrator-created plain text file named badurl.lst copied to the /local/etc dosfs directory of the CE.
The url-filter good-sites-allow command causes the CE to fulfill a client request only if the requested URL is listed in an administrator-created plain text file named goodurl.lst copied to the /local/etc dosfs directory of the CE.
The list of URLs in the goodurl.lst and badurl.lst text files must be written in the form www.domain.com and delimited with carriage returns.
Use the no form of the command to disable blocking or Websense permission requests (for example, no url-filter bad-sites-block).
Custom Blocking Messages
When the CE blocks a URL, it returns a blocking message to the client. A customized message can be returned by including the custom-message option (for example, url-filter good-sites-allow custom-message).
The custom message must be an administrator-created HTML page named block.html copied to the /local/etc dosfs directory. Copy all embedded graphics associated with the custom message HTML page to the /local/lib/gui/pub directory and reference the image from the custom message HTML page with a fully qualified path name. If the custom-message option is enabled but the block.html file is not in the /local/etc directory, the CE returns a "file not found" message to the client upon blocking.
The following is an example of the block.html file:
<HTML>
<HEAD>
<TITLE>
URL Blocked
</TITLE>
</HEAD>
<BODY>
The site you are trying to view is blocked. Please contact your system administrator if
you need to unblock this site
<IMG_SRC = /local/lib/gui/pub/stop.gif width=492 height=94 border=0>
</BODY>
</HTML>
Tips You can cut and paste sample files from the .PDF or HTML versions of this publication. |
To disable the custom-message option without disabling URL filtering, enter the URL filtering command without the custom-message option (for example, url-filter good-sites-allow).
URL Filtering with the Websense Enterprise Server
The CE can use a Websense Enterprise server as a filtering engine and enforce the filtering policy configured on the Websense server. Refer to the Websense documentation for further information on Websense filtering policies.
To enable Websense URL filtering on the CE, specify the Websense server IP address or host name. The timeout option sets the maximum amount of time that the CE will wait for a Websense response. The timeout default is 20 seconds. The port option specifies the port number on which the server will intercept requests from the CE (the default port is 15868). Use the no url-filter websense server command to disable Websense URL filtering.
The url-filter websense allowmode enable command permits the CE to fulfill the client request after a Websense server timeout. Use the no form of the command to disable Websense allowmode.
The Websense server returns its own blocking message.
Note To use Websense URL filtering with a cluster of CEs, make sure to configure the url-filter websense server command on each CE in the cluster to ensure that all traffic is filtered. |
Examples
To block listed URLs and return a custom message, enter:
Console# url-filter bad-sites-block custom-message
Console# url-filter good-sites-allow custom-message
To turn off the customized URL blocking message but still block listed URLs, enter:
Console# url-filter bad-sites-block
Console# url-filter good-sites-allow
To disable URL blocking, use the no form of this command:
Console(config)# no url-filter bad-sites-block
Console(config)# no url-filter good-sites-allow
To configure a CE to use Websense URL filtering with a 4-second timeout, enter:
Console# url-filter websense server 172.16.11.22 timeout 4
Related Commands
show url-filter
show url-filter statistics websense
To configure user accounts on your CE, use the user global configuration command.
user {add | delete | modify}
Syntax Description
add Creates a new user account on the CE. delete Removes the specified user account from CE. modify Changes the user information. username CE login name for the user. password (Optional.) See password options. capability (Optional.) See capability options. Adds capability to a new user. Use with add keyword. add-capability (Optional.) See capability options. uid Assigns a user ID. userid Range of administrator-assigned user ID numbers (2001-2147483647). add-capability (Optional.) Adds capability to an existing user. Use with modify keyword. See capability options. del-capability (Optional.) Deletes capability of an existing user. Use with modify keyword. See capability options.
Defaults
No default behavior or values
Capability Options
admin-access Grants all possible access to the CE. ftp-access Grants FTP access to the CE. FTP access includes HTTP access. http-access Grants HTTP access to the CE. telnet-access Grants Telnet access to the CE. Telnet access includes FTP and HTTP access.
Password Options
password Sets a password for the specified user. 0 Specifies that a clear-text password will follow (default). 1 Specifies that a type 1 encrypted password will follow. password Password for the specified user. For no password, omit this option. Password must be a string of 4 to 128 characters in length. Passwords of one to three characters are rejected.
Command Modes
Global configuration
Defaults
The default users are admin and anonymous.The default password option is 0.
Usage Guidelines
The user command creates, modifies, and deletes CE user accounts. Up to 50 user accounts can be added to the CE. Only administrator access capability permits a user to write to the CE. The admin user account is included by default.
The user identification number (UID) 0 is reserved for the user "admin" and cannot be assigned to another user. The user ID numbers 2001 to 2147483647 can be assigned manually by the administrator. The CE assigns a UID number from 1 through 2000 if a UID is not assigned by the administrator.
In summary, ID numbers 1 to 2000 are assigned by the CE; 2001 to 2147483647 can be assigned by the administrator. User accounts with ID numbers 1 to 2147483647 can be modified or deleted, and the show users command displays ID numbers 0 through 2147483647.
Examples
Console(config)# user add dilbert
Operation successful
Console(config)# user add bwhidney password 0 dzgchenpa capability ftp
Operation successful
Console(config)# user modify user bwhidney add admin-access
Operation successful
Console(config)# show users
There are 4 user(s)
UID USERNAME
0 admin
1002 anonymous
5013 bwhidney
5014 dilbert
Console(config)# user delete uid 5014
Operation successful
Related Commands Related Commands
show user
show users
To enable the CE to accept redirected HTTP traffic on a port other than 80, use the wccp custom-web-cache command. To disable custom Web caching, use the no form of this command.
wccp custom-web-cache router-list-num num port port [[hash-destination-ip] [hash-destination-port] [hash-source-ip] [hash-source-port] [l2-redirect] [password passw] [weight percentage]]
Syntax Description
router-list-num Router list number. num Router list number (1-8). port Specifies port number. port Port number range (1-65535). hash-destination-ip (Optional.) Load-balancing hash - destination IP (default). hash-destination-port (Optional.) Load-balancing hash - destination port. hash-source-ip (Optional.) Load-balancing hash - source IP. hash-source-port (Optional.) Load-balancing hash - source port. l2-redirect (Optional.) WCCP forwarding encapsulation method. password (Optional.) Specifies authentication password. passw Password. weight (Optional.) Sets weight percentage for load balancing (0-100). percentage Percentage value (0-100).
Defaults
Command Modes
Global configuration
Usage Guidelines
The wccp custom-web-cache command can configure the CE to automatically establish WCCP Version 2 redirection services with a Cisco router on a user-specified port number and then perform transparent Web caching for all HTTP requests over that port while port 80 transparent Web caching continues without interruption. For custom Web caching, service 98 must be enabled on the routers. WCCP Version 1 does not support custom Web caching.
Transparent caching on ports other than port 80 can be performed by the CE in environments where WCCP is not enabled or where client browsers have previously been configured to use a legacy proxy server. See the http proxy global configuration command for further information.
The weight parameter represents a percentage of load redirected to the CE cluster (for example, a CE with a weight of 30 receives 30 percent of the total load). If the total of all weight parameters in the CE cluster exceeds 100, the percentage load for each CE is recalculated as the percentage that its weight parameter represents of the combined total.
To use the l2-redirect hashing option, the CE must be directly connected at Layer 2 to a switch or router that supports accelerated hardware switching.
Examples
Starting custom web caching on interface 3 of a WCCP Version 2-enabled router:
router(config): ip wccp 98
[Output not shown]
router(config-if): ip interface 3
router(config-if): ip web-cache 98 redirect out
[Output not shown]
On the CE:
CE(config)# wccp custom-web-cache router-list-num 5 port 82 weight 30 password Allied
hash-destination-ip hash-source-port
CE(config)# no wccp custom-web-cache
CE(config)# http proxy outgoing ans.allied.com 82 no-local-domain
CE# sh running-config
Building configuration...
Current configuration:
!
....
!
http proxy outgoing 192.168.200.68 82 no-local-domain
!
wccp router-list 5 10.1.1.1
wccp custom-web-cache router-list 5 port 82 weight 30 password Allied hash-destination-ip
hash-source-port
wccp home-router 10.1.1.2
wccp version 2
!
end
Related Commands
wccp web-cache
http proxy incoming
http proxy outgoing
To enable WCCP flow redirection, use the flow-redirect enable global configuration command. To disable flow redirection, use the no form of the command.
wccp flow-redirect enable
Syntax Description
enable Enables flow redirection.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
This command works with WCCP Version 2 only. The flow protection feature is designed to keep the TCP flow intact and to not overwhelm CEs when they come up or are reassigned new traffic. This feature also has a slow start mechanism where the CEs try to take a load appropriate for their capacity.
Examples
Console# wccp flow-redirect enable
Related Commands
wccp slow-start enable
To configure a WCCP Version 1 router IP address, use the wccp home-router global configuration command. To disable this function, use the no form of this command.
wccp home-router ip-address
Syntax Description
ip-address Home router IP address.
Defaults
No default behavior or values
Command Modes
Global configuration
Defaults
Disabled.
Usage Guidelines
To use WCCP Version 1 with the CE, you must also point the CE to a designated home router. Use the wccp home-router ip-address command to do this. This may also be the address of the IP default gateway.
Make sure that WCCP Version 1 is enabled on the router.
Examples
Console(config)# wccp home-router 172.16.65.243
Console(config)# no wccp home-router 172.16.65.243
Related Commands
show wccp routes
wccp version 1
To associate ports with specific WCCP dynamic services, use the wccp port-list global configuration command.
wccp port-list listnum portnum
Syntax Description
listnum Port list number (1-8). portnum Port number. Up to eight ports per list number are allowed (1-65535).
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Up to eight port numbers can be included in a single port list. The port list is referenced by the
wccp service-number command that configures a specific WCCP dynamic service (90-97) to operate on those ports included in the port list.
Examples
In the following example, ports 10, 200, 3000, 110, 220, 330, 440, and 40000 are included in port list 3.
Console(config)# wccp port-list 3 10 200 3000 110 220 330 440 40000
Related Commands
wccp service-number
To enable WCCP Version 2 reverse proxy service, use the wccp reverse-proxy global configuration command. To disable this function, use the no form of this command.
wccp reverse-proxy router-list-num number [l2-redirect] [password key] [weight percentage]
Syntax Description
router-list-num Router list number. number Router list number range (1-8). l2-redirect (Optional.) WCCP Version forwarding encapsulation method. password (Optional.) WCCP services authentication password (key) set on router. key (Optional.) Password character string. weight (Optional.) Sets a load-balancing parameter. percentage Percentage of the load that the CE shares with the other CEs (1-100).
Defaults
Disabled.
Command Modes
Global configuration
Usage Guidelines
This command applies only to WCCP Version 2.
You must configure the wccp router list command before you use this command. The routers in the list must have WCCP reverse proxy service enabled (service 99). Refer to the Cisco Cache Software Configuration Guide for further information on configuring the router.
By default, the router does load balancing across the various CEs in a cluster based on the destination IP address (for example, Web server IP address). When WCCP reverse proxy is enabled, the router does load balancing in a cluster based on the source IP address (for example, the client browser IP address).
To enable the use of a password for a secure reverse proxy cache within a cluster, use the password key command to be sure to enable all other CEs and routers within the cluster with the same password.
The weight parameter represents a percentage of the total load redirected to the CE in a cluster (for example, a CE with a weight of 30 receives 30 percent of the total load). If the total of all weight parameters in a CE cluster exceeds 100, the percentage load for each CE is recalculated as the percentage that its weight parameter represents of the combined total.
To use the l2-redirect hashing option, the CE must be directly connected at Layer 2 to a switch or router that supports accelerated hardware switching.
Examples
Console(config)# wccp reverse-proxy router-list-num 8 password mykey weight 100
Console(config)# no wccp reverse-proxy
Related Commands
show wccp cache-engines
show wccp services
wccp router-list
wccp version 2
To configure a router list for WCCP Version 2, use the wccp router-list global configuration command. To disable this function, use the no form of this command.
wccp router-list number ip-address
Syntax Description
number Router list number (1-8). ip-address IP address of router to add to list.
Command Modes
Global configuration
Defaults
Disabled.
Usage Guidelines
Use this command to configure various router lists for use with WCCP Version 2 services. For example, you can specify one router list for WCCP Version 2 web-cache service and another list for reverse-proxy at the same time without having to reconfigure groups of routers or caches. You can add up to eight router lists and up to six IP addresses per list.
Examples
Console(config)# wccp router-list 7 172.31.68.98
Console(config)# no wccp router-list 7 172.31.68.98
Related Commands
wccp reverse-proxy
wccp web-cache
wccp version 2
To enable up to eight dynamic WCCP redirection services on the CE, use the wccp service-number command. The services must also be configured on the router running WCCP Version 2.
wccp service-number servnumber router-list-number routnumber port-list-number plistnumber
Syntax Description
service-number Specifies the dynamic WCCP Version 2 servnumber WCCP Version 2 service number (90-97). router-list-number Specifies the router list number. routnumber Router list number (1-8). port-list-number Specifies the port list number. plistnumber Port list number (1-8). hash-destination-ip (Optional.) Load-balancing hashdestination IP (default). hash-destination-port (Optional.) Load-balancing hashdestination port. hash-source-ip (Optional.) Load-balancing hashsource IP. hash-source-port (Optional.) Load-balancing hashsource port. l2-redirect (Optional.) WCCP Version 2 forwarding encapsulation method. password (Optional.) Specifies authentication password. passw Password. weight (Optional.) Sets weight percentage for load balancing (0-100).
service number.
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Proxy Mode
The CE supports up to eight incoming ports for HTTPS and eight incoming ports for HTTP. The incoming proxy ports can be the same ports that are used by the transparent-mode services. The incoming proxy ports can be changed without stopping any WCCP services running on the CE or on other CEs in the farm.
The CE parses requests received on a port to determine the protocol to be serviced. If the CE is not configured to support a received protocol, the proxy server returns an error. For example, if port 8080 is configured to run an HTTP and HTTPS proxy service, a File Transfer Protocol (FTP) request coming to this port is rejected.
Some TCP ports are reserved for system or network services (for example, the CE FTP server and GUI) and cannot be used for proxying services in transparent mode or in proxy mode. If more than eight ports are required, the administrator can configure multiple custom WCCP services. Intercepted HTTP and HTTPS requests addressed to other proxy servers (received on transparent-mode ports) are serviced according to the proxy-protocols transparent command parameters.
Transparent Mode
The wccp service-number command can enable up to eight WCCP redirection services on a CE, provided that the services are also configured on the router. There are eight new dynamic WCCP services (90 to 97).
Each wccp service-number command specifies a router list, single port list (containing up to eight ports), hash parameters, password, and weight. With eight custom services using a maximum number of eight ports each, the maximum number of ports that can be specified for transparent redirection is 64.
The legacy custom Web cache and reverse proxy services (service numbers 98 and 99) can be configured with only one port each. If only one legacy service is configured, the total maximum number of transparent redirection ports is 57. If both legacy services are configured, the maximum port total is 50.
All ports receiving HTTP that are configured as members of the same WCCP service share the following characteristics:
With CEs in a farm, the following restrictions apply:
The CE WCCP implementation currently allows global settings that apply to all WCCP services, such as healing parameters, slow start, and others. The multiple service model does not change that, and the settings in question remain global for the whole WCCP system.
Modifying Configurations
For proxy-mode and transparent-mode commands, issuing a new command replaces the old one.
In proxy mode, a no command that specifies the protocol and no ports disables the service for that protocol. To add or remove ports in proxy mode, issue a new command that specifies all the ports to be used. Ports can also be removed by a no command with a list of ports to remove. A no command that specifies only some of the configured ports removes these ports from the list, and the service continues to run on the remaining ports. For example, if HTTPS is received on 8080, 8081, and 82, the
no https proxy incoming 8081 command disables port 8081 but permits the HTTPS proxy service to continue on ports 8080 and 82.
In transparent mode, to add or remove ports for a WCCP service, modify the port list or create a new port list for the WCCP service.
In transparent mode, a no command that specifies the WCCP service number disables the service.
To use the l2-redirect hashing option, the CE must be directly connected at Layer 2 to a switch or router that supports accelerated hardware switching.
Examples
In the following example, WCCP dynamic service 90 is configured with router list 1, and port list 1. Port 8080 is the only element in port list 1.
CE(config)# wccp 90 router-list-num 1 port-list-number 1 hash-source-ip
hash-destination-port
CE(config)# wccp port-list 1 8080
In this example, the CE is configured to accept HTTP and HTTPS proxy requests on ports 81, 8080, and 8081:
CE(config)# http proxy incoming 81 8080 8081
CE(config)# https proxy incoming 81 8080 8081
Related Commands
https proxy incoming
http proxy incoming
proxy-protocols
show https proxy
show http proxy
show services
show wccp services
To set the maximum time interval over which the CE will perform a clean shutdown, use the wccp shutdown global configuration command.
wccp shutdown max-wait seconds
Syntax Description
max-wait Sets the clean shutdown time interval. seconds Time in seconds (0-86400). The default is 120 seconds.
Defaults
120 seconds
Command Modes
Global configuration
Usage Guidelines
To prevent broken TCP connections, the CE performs a clean shutdown of WCCP after a reload or wccp version command is issued. The CE does not reboot until either all connections have been serviced or the configured max-wait interval has elapsed.
During a clean shutdown, the CE continues to service the flows it is handling but starts to bypass new flows. When the number of flows goes down to zero, the CE takes itself out of the cluster by having its buckets reassigned to other CEs by the lead CE. TCP connections can still be broken if the CE crashes or is rebooted without WCCP being cleanly shut down. The clean shutdown can be aborted while in progress.
Examples
Console(config)# wccp shutdown max-wait 4999
Related Commands
wccp versionTo enable the CE slow start capability, use the wccp slow-start enable global configuration command. To disable slow start capability, use the no form of this command.
wccp slow-start enable
Syntax Description
enable Enable WCCP slow start.
Defaults
The default is slow start enabled.
Command Modes
Global configuration
Usage Guidelines
Within a cluster of CEs, TCP connections are redirected to other CEs as units are added or removed. A CE can be overloaded if it is too quickly reassigned new traffic or introduced abruptly into a fat pipe.
WCCP slow start performs the following tasks to prevent a CE from being overwhelmed when it comes online or is reassigned new traffic:
Slow start is applicable only in the following cases:
In all other cases slow start is not necessary and all the CEs can be assigned their share of the buckets right away.
Examples
Console# wccp slow-start enable
Console# no wccp slow-start enable
Related Commands
wccp flow-redirect
wccp shutdown
To specify the version of WCCP that the CE should use, enter the wccp version global configuration command. Use the no form of the command to disable the currently running version.
wccp version {1 | 2}
Syntax Description
1 WCCP Version 1. 2 WCCP Version 2.
Defaults
Version 1
Command Modes
Global configuration
Usage Guidelines
Both WCCP versions allow transparent caching of Web content. For a detailed description of both versions, refer to the Cisco Cache Software Configuration Guide. It is necessary to disable WCCP Version 1 before enabling WCCP Version 2, and vice versa. Be sure the routers used in the WCCP environment are running a software version that supports the WCCP version configured on the CE.
To prevent broken TCP connections, the CE performs a clean shutdown of WCCP after a reload or wccp version command is executed. See the wccp shutdown global configuration command for an explanation of a clean shutdown.
Examples
Console(config)# no wccp version 1
Console(config)# wccp version 2
Related Commands
wccp home-router
wccp shutdown
To instruct the router to run the Web cache service with WCCP Version 2, use the wccp web-cache global configuration command. To disable this function, use the no form of this command.
wccp web-cache router-list-num number [l2-redirect] [password key] [weight percentage]
Syntax Description
route-list-num Specifies router list number. number Router list number (1-8). l2-redirect WCCP Version 2 forwarding encapsulation method. password (Optional.) Authentication password (key) set by the router. key Password string for the router. weight (Optional.) Sets weight percentage. percentage Weight of load that the CE carries as compared to other CEs (1-100).
Defaults
No default behavior or values
Command Modes
Global configuration
Usage Guidelines
Use this command to enable Web cache service with WCCP Version 2. With Web cache service, the router balances the traffic load within a CE cluster based on the destination IP address (for example, Web server IP address).
You must set the wccp router-list command before you use this command.
Both weight and password are optional and may be used together or separately.
To enable the use of a password for a secure Web cache cluster, use the password key option and be sure to enable all other CEs and routers within the cluster with the same password.
The weight parameter represents a percentage of the total load redirected to the CE (for example, a CE with a weight of 30 receives 30 percent of the total load). If the total of all weight parameters in a CE cluster exceeds 100, the percentage load for each CE is recalculated as the percentage that its weight parameter represents of the combined total.
Examples
Console(config)# wccp web-cache router-list-num 1
Console(config)# no wccp web-cache
Related Commands
show wccp cache-engines
show wccp routers
show wccp status
wccp version 2
To display the current user's name, use the whoami EXEC command.
whoamiSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to display the current user's username and user identification number.
Examples
Console# whoami
admin
Related Commands
pwd
To write running configurations to memory or to a terminal session, use the write EXEC command.
write [erase | memory | terminal]
Syntax Description
erase (Optional.) Erases startup configuration from NVRAM. memory (Optional.) Writes the configuration to NVRAM. This is the default. terminal (Optional.) Writes the configuration to a terminal session.
Defaults
No default behavior or values
Command Modes
EXEC
Defaults
The configuration is written to NVRAM by default.
Usage Guidelines
Use this command to either save running configurations to NVRAM or to erase memory configurations. Following a write erase command, no configuration is held in memory, and a prompt for configuration specifics occurs after you reboot the CE.
Use the write terminal command to display the current running configuration in the terminal session window. The equivalent command is show running-config.
Examples
Console# write
Related Commands
copy running-config startup-config
show running-config
Posted: Tue Jun 5 22:06:08 PDT 2001
All contents are Copyright © 1992--2001 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.