Example: Using Access Lists - Cisco ASR 1000 Series Configuration Manual
Aggregation services router ip application services cisco ios xe release 3s
Hide thumbs
Also See for ASR 1000 Series:
- Software configuration manual (602 pages) ,
- Configuration manual (442 pages) ,
- Replacing (120 pages)
Table of Contents
Advertisement
Example: Using Access Lists
Device(config)# interface gigabitethernet 0/1/0
Device(config-if)# ip wccp web cache group-listen
The following example shows a router configured to run a reverse proxy service, using the multicast address
of 224.1.1.1. Redirection applies to packets outgoing via Gigabit Ethernet interface 0/1/0:
Device# configure terminal
Device(config)# ip wccp 99 group-address 224.1.1.1
Device(config)# interface gigabitethernet 0/1/0
Device(config-if)# ip wccp 99 redirect out
Example: Using Access Lists
To achieve better security, you can use a standard access list to notify the device which IP addresses are valid
addresses for a content engine attempting to register with the current device. The following example shows
a standard access list configuration session where the access list number is 10 for some sample hosts:
Device(config)# access-list 10 permit host 10.1.1.1
Device(config)# access-list 10 permit host 10.1.1.2
Device(config)# access-list 10 permit host 10.1.1.3
Device(config)# ip wccp web-cache group-list 10
To disable caching for certain clients, servers, or client/server pairs, you can use WCCP access lists. The
following example shows that any requests coming from 10.1.1.1 to 10.3.1.1 will bypass the cache, and that
all other requests will be serviced normally:
Device(config)# ip wccp web-cache redirect-list 120
Device(config)# access-list 120 deny tcp host 10.1.1.1 any
Device(config)# access-list 120 deny tcp any host 10.3.1.1
Device(config)# access-list 120 permit ip any any
The following example configures a device to redirect web-related packets received via Gigabit Ethernet
interface 0/1/0, destined to any host except 209.165.200.224:
Device(config)# access-list 100 deny ip any host 209.165.200.224
Device(config)# access-list 100 permit ip any any
Device(config)# ip wccp web-cache redirect-list 100
Device(config)# interface gigabitethernet 0/1/0
Device(config-if)# ip wccp web-cache redirect in
Example: WCCP Outbound ACL Check Configuration
The following configuration example shows that the access list prevents traffic from network 10.0.0.0 leaving
Gigabit Ethernet interface 0/1/0. Because the outbound ACL check is enabled, WCCP does not redirect that
traffic. WCCP checks packets against the ACL before they are redirected.
Device(config)# ip wccp web-cache
Device(config)# ip wccp check acl outbound
Device(config)# interface gigabitethernet 0/1/0
Device(config-if)# ip access-group 10 out
Device(config-if)# exit
Device(config)# ip wccp web-cache redirect-list redirect-out
Device(config)# access-list 10 deny 10.0.0.0 0.255.255.255
Device(config)# access-list 10 permit any
If the outbound ACL check is disabled, the HTTP packets from network 10.0.0.0 would be redirected to a
web cache. Users with that network address could retrieve web pages even though the network administrator
wanted to prevent it.
IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
78
Configuring WCCP
Hide quick links:
Advertisement
Table of Contents
