Content Engine password
Hi
Does the Content Engine store the passwords which are used to access various sites in its cache? As I understand the passwords will be cached in an encrypted form. If they are cached then can I remove them from the cache?
Thank you
Regards
Sushil
This doculent should help you:
http://www.cisco.com/warp/customer/117/mnl_upgrade_cdn_acns.html
Similar Messages
-
Content Engine NM ACNS/network access
After searching Google and Cisco, here's my setup...
2851 Router running 15.1T
CE-NM-BP-80G-K9 in slot 1/0
Bridge group 1 for LAN and Wireless WIC.
Goal: Either add the external CE interface to the LAN on the bridge group or use WCCP to cache traffic through the internal interface.
I was able to access ACNS once, but I'm completely new to the design and it was only for testing with the IP scheme. I reset the config, reloaded the router and now I can't access ACNS via the web gui nor can I access the network from the CE (ping or ftp).
Interface ContentEngine 1/0 Config:
ip address 10.0.0.1 255.255.255.0
Service Module ip address 10.0.0.2 255.255.255.0
Service Module external ip address 10.0.1.1 255.255.255.0
Service Module ip default gateway 10.0.0.1
Interface BVI1
ip address 192.168.2.1 255.255.255.0
using dhcp etc
Service module config:
CE#sh run
! ACNS version 5.5.3
hostname CE
http proxy incoming 80 8080
ip domain-name mydomain.com
interface FastEthernet external
exit
interface FastEthernet internal
exit
wmt evaluate
wmt accept-license-agreement
wmt enable
ip name-server 8.8.8.8
ip name-server 192.168.2.1
wccp router-list 1 192.168.2.1
wccp web-cache router-list-num 1
wccp reverse-proxy router-list-num 1
wccp wmt router-list-num 1
wccp version 2
username admin password 1 xxx
username admin privilege 15
username xxxx password 1 xxx uid 2001
username xxxx privilege 15
authentication login local enable primary
authentication configuration local enable primary
cdm ip 192.168.2.1
! End of ACNS configuration
Here's what I get when attempting to ping:
CE#ping 192.168.2.1
connect: Network is unreachable
CE#ping 10.0.0.1
connect: Network is unreachable
CE#ping 10.0.1.1
connect: Network is unreachable
And from the LAN:
seth@Sony:~$ ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_req=1 ttl=255 time=1.79 ms
^C
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.799/1.799/1.799/0.000 ms
seth@Sony:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_req=1 ttl=255 time=1.39 ms
64 bytes from 10.0.0.1: icmp_req=2 ttl=255 time=1.93 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.396/1.666/1.936/0.270 ms
seth@Sony:~$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
seth@Sony:~$ ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
^C
--- 10.0.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms
Page cannot be displayed when attempting to hit the CE on port 8001 or securely at 8003 although the CE shows it's listening
CE#sh gui-server
GUI Server is enabled
Listen on port 8001
Secured GUI Server is enabled
Secured GUI Listen on port 8003
Let me know if there's some other pertinent info, but what am I missing?SOLVED --
The mistake was my own...in writing this post and re-testing, I realized I had made a foolish mistake. I applied an access-list (which I forgot to include) to the "ip wccp web-cache redirect-list bypass_content_engine" in the global config of the router.
When I installed service 95 for spoofing, I automatically added the same access list to it as well.
This was not a good thing since the access list denied packets with a destination of our internal IP addresses from going through the content engine. This worked fine on the way *out* of the router. But as the now-spoofed packets returned, their destination was an inside IP address and they were pretty much discarded. Foolish Mistake!
Removing the ACL from the "ip wccp 95" statement in the global config fixed the issue and I am spoofing fine.
Sorry to waste time...
David Hunter -
Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661
I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...
(PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)
I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.
Any advice appreciated.I thought this might help.
Easy NM-CE Configuration Guide!
Router IOS:c3725-ik9o3s-mz.122-15.T2
Content Engine Software: ACNS 5.0.3.5
Configure basic router configuration as normal.
Set the IP addresses for the Service Module (Content-Engine) using these commands:
interface Content-Engine2/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
service-module external ip address 10.0.0.1 255.255.255.0
service-module ip address 10.1.1.2 255.255.255.0
service-module ip default-gateway 10.1.1.1
Complete Config Example (DHCP and NAT for Lab):
urrent configuration : 2440 bytes
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname lab3745_NM-CE
logging queue-limit 100
enable password cisco
ip subnet-zero
ip wccp web-cache
ip dhcp pool NM-ESW-16-POOL
network 10.1.2.0 255.255.255.0
domain-name cisco.com
default-router 10.1.2.1
dns-server 171.68.226.120 171.70.168.183
lease 7
ip audit notify log
ip audit po max-events 100
no voice hpi capture buffer
no voice hpi capture destination
mta receive maximum-recipients 0
interface FastEthernet0/0
ip address 172.16.12.108 255.255.255.0
ip wccp web-cache redirect out
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1/0
no ip address
interface FastEthernet1/1
no ip address
interface FastEthernet1/2
no ip address
interface FastEthernet1/3
no ip address
interface FastEthernet1/4
no ip address
interface FastEthernet1/5
no ip address
interface FastEthernet1/6
no ip address
interface FastEthernet1/7
no ip address
interface FastEthernet1/8
no ip address
interface FastEthernet1/9
no ip address
interface FastEthernet1/10
no ip address
interface FastEthernet1/11
no ip address
interface FastEthernet1/12
no ip address
interface FastEthernet1/13
no ip address
interface FastEthernet1/14
no ip address
interface FastEthernet1/15
no ip address
interface Content-Engine2/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
service-module external ip address 10.0.0.1 255.255.255.0
service-module ip address 10.1.1.2 255.255.255.0
service-module ip default-gateway 10.1.1.1
interface Vlan1
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254
ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24
ip nat inside source list 7 pool TEST-NAT-POOL overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.12.254
access-list 7 permit 10.1.2.0 0.0.0.255
access-list 7 permit 10.1.1.0 0.0.0.255
access-list 7 permit 10.0.0.0 0.0.0.255
call rsvp-sync
mgcp profile default
dial-peer cor custom
line con 0
speed 115200
line 65
flush-at-activation
no activation-character
no exec
transport input all
line aux 0
line vty 0 4
password cisco
login
end
reset service-module 2 to reboot the Content-Engine:
service-module content-Engine 2/0 reload
Within 30 Seconds Session from the Router to the Service Module:
service-module content-engine session
Enter Basic Configuration for Network Module:
Password, etc
Configure The service Modeule using the command line interface:
hostname NM-CE-BP
ip domain-name CISCO.COM
interface FastEthernet 0/0
ip address 10.0.0.1 255.255.255.0
exit
interface FastEthernet 0/1
ip address 10.1.1.2 255.255.255.0
exit
ip default-gateway 10.1.1.1
primary-interface FastEthernet 0/1
ip name-server 172.72.1.1
wccp router-list 1 172.16.12.108
wccp web-cache router-list-num 1
wccp version 2
username xxx password xxxx
username xxxx privilege 15
authentication login local enable primary
authentication configuration local enable primary
NM-CE-BP#exit
You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report. -
Hi Guys,
I am a CCNA doing a collection of Cisco equipment to build my own home lab, now i am in the edge of writing my CCNP though i failed one exam.
I have a Content Engine 507 (i know its outdated) and i am looking for the software, i htink it takes ACNS ver 4.1 and below, please help, i can't download it from cisco because it requires a superior username and password. I am in Africa.
Thanks in advance..
(future CCIE - Mdutywa Farai DaluHello,
I honestly doubt you can get the ACNS software you need unless you have a CCO access that grants download for that software. I would recommend you check for the device entitlement and find out if software download is possible. -
CISCO 2821 WITH CONTENT ENGINE
ANYONE KNOW THE USERNAME / PASSWORD
FOR THE CONTENT-ENGINE WHEN YOU OPEN UP A SESSION TO IT? ON OUR 2651XM'S WITH
CONTENT-ENGINES THE USERNAME IS admin
and the password is default. THIS DOES
NOT WORK WITH THE NEW CONTENT-ENGINES INSTALLED.If you have no luck guessing passwords you can try the following.
Recovering a Lost Administrator Password
If an administrator password is forgotten, lost, or misconfigured, perform the following steps to reset the password on the device.
Note There is no way to restore a lost administrator password. You must reset the password to a new one, as described in this procedure.
Step 1 Establish a console connection to the device and open a terminal session.
Step 2 Reboot the device. While the device is rebooting, watch for the following prompt and press Enter when you see it:
Cisco ACNS boot:hit RETURN to set boot flags:0009
Step 3 When prompted to enter bootflags, enter this value:
0x8000
For example:
Available boot flags (enter the sum of the desired flags):
0x4000 - bypass nvram config
0x8000 - disable login security
[CE boot - enter bootflags]:0x8000
You have entered boot flags = 0x8000
Boot with these flags? [yes]:yes
[Display output omitted]
Setting the configuration flags to 0x8000 lets you into the system, bypassing all
security. Setting the configuration flags field to 0x4000 lets you bypass the NVRAM
configuration.
Step 4 When the device completes the boot sequence, you are prompted to enter the username to access the CLI. Enter the default administrator username (admin):
Cisco Content Engine Console
Username: admin
Step 5 Once you see the CLI prompt, set the password for the user using the username password command in global configuration mode.
The following example shows the different options and parameters for the username command. You can specify that the password be either clear text or encrypted. The user in the example chose to have an encrypted password.
ContentEngine# configure
ContentEngine(config)# username ?
WORD User name
ContentEngine(config)# username biff ?
password Specify the password for the user
privilege Set user privilege level
samba-password Set user's Windows sharing password
ContentEngine(config)# username biff password ?
0 Specifies clear-text password (default)
1 Specifies type 1 encrypted password
WORD User password (clear text)
ContentEngine(config)# username biff password 0 ?
WORD User password (encrypted)
ContentEngine(config)# username biff password 0 mypassword ?
uid User Id
ContentEngine(config)# username biff password 0 mypassword uid ?
<2001-65535> User Id
ContentEngine(config)# username biff password 0 mypassword uid 2001 ?
ContentEngine(config)#
Step 6 Use the write memory command in EXEC mode to save the configuration change.
ContentEngine(config)# exit
ContentEngine# write memory
Step 7 Optionally, reboot your device by using the reload command.
ContentEngine# reload
Rebooting is optional; however, you might want to reboot to ensure that the boot flags are reset, and to ensure that subsequent console administrator logins do not bypass the password check.
Note In ACNS software, the bootflags are reset to 0x0 on every reboot. -
Content Engine compatability with Windows Media Player
I am currently running ACNS version 5.5 on our CE510 Content Engine. We want to set this box up to serve VOD requests from WMT. I think the clients on site are all using Windows Media Player version 10. Does this version of ACNS software work with Windows Media Player 10?
Dan
this brings up an interesting point. The content (which is canned Video on an Intranet Web site) is HTTP? I am wasting my time here by trying to use the Windows MP services?? Perhaps I already have what I need...
Your comments appreciated.
Kevin -
Should the Cisco Content Engines be used as a proxy appliance
Should the Cisco Content Engine be use as a proxy appliance like a Blue Coat appliance, Squid cache engine, ISA server, etc...
I am pretty sure it is but just need some feedback on past experiences. Customer would like to by a Cisco product for Web filtering/proxy.
or is it strictly used to help with web base applications.HI,
the CE is basically able to check every request it supports. If you are using 3rd level products like smartfilter, websense or webwasher you can use the features of those products to supress/forbid certain requests(i.e MSN etc.)
Kind Regards,
Joerg -
Help!!! Content engine
my configuration is follow the attached file. I don't know what is wrong with my content engine using as a cache server. when i connect this CE to my network, i can make my user access to the internet fast only 2 days, but after 2 days it makes my users internet connection slow. So when users access to the internet slow, i disconnect this CE from my network, then my users internet connections is running better. So please help me to find what is incorrect with my configuration and what commands i should add more to this current configuration"
What is the ACNS software version u r using in ur content Engine7305.I am sending u a configuration doc for ACNS rlease 5.2.This has all the info regarding ACNS 5.2.
http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_book09186a00802debd6.html
Let me know, if you have any problem in browsing this big document. and finding out the pblm.I will assist you. -
Dear All,
My apologies if this posting is on the wrong board.
I've a problem with our content engine returning an error of:
"Tre reply from server is not valid"
The URL of the site is http://hiring.monster.co.uk/jobs/createtitle.aspx?mode=qb.
I've attached a screenshot of the error message.
Any advice or help would be greatly appreciated.
Thank you in advance.
SinhThis symptom is observed on a router on which Web Cache
Communication Protocol (WCCP) is enabled and Cisco Express Forwarding (CEF)
switching is disabled. If the caches are Cisco caches, they will be running
software prior to ACNS 4.2.5.
solution: Ensure that CEF switching is enabled on the router. If this is not possible, the impact of the problem on the cache will be minimized if the authentication bypass function is disabled.also try upgrading IOS to 12.1(18.01)E which may solve the issue. -
Content Engine Module is logging DHCP errors
Content Engine Module in Cisco 3725 is logging the following eror continously:
Sep 29 16:47:50 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Sep 29 16:47:54 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Sep 29 16:47:58 ContentEngine smartd: %CE-SMARTD-3-435000: No Errors Logged
Sep 29 16:48:05 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 1
Sep 29 16:48:06 ContentEngine dhclient: %CE-DHCP-5-191000: No DHCPOFFERS received.
Sep 29 16:48:06 ContentEngine dhclient: %CE-DHCP-5-191000: No working leases in persistent database - sleeping.
Sep 29 16:48:06 ContentEngine %CE-DHCP-5-191000: Script called with reason: FAIL
Sep 29 16:52:58 ContentEngine smartd: %CE-SMARTD-3-435000: No Errors Logged
Disable the external interface (shutdown) didn't fix the problem:
Sep 29 17:02:05 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Sep 29 17:02:05 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:08 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Sep 29 17:02:08 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:11 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Sep 29 17:02:11 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:16 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Sep 29 17:02:16 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:21 ContentEngine dhclient: %CE-DHCP-5-191000: No DHCPOFFERS received.
Sep 29 17:02:21 ContentEngine dhclient: %CE-DHCP-5-191000: No working leases in persistent database - sleeping.
Sep 29 17:02:21 ContentEngine %CE-DHCP-5-191000: Script called with reason: FAIL
Sep 29 17:02:58 ContentEngine smartd: %CE-SMARTD-3-435000: No Errors Logged
Any ideas how to fix this problem ?Try the global command:
ce(config)# no auto-register enable
http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns53/53cref/6812ref.htm#wp1038726 -
Content Engine transaction logs -- monitoring and analysis
At our remote sites there's a local Cisco CE511 to ease our WAN bandwidth. I have been tasked to find a method to gather CE usage for trending and troubleshooting.
From my search on the internet I decided to go with the Webalizer application. I setup the CEs to export their transaction logs every hour to my FTP server. After a test of Webalizer on a log file, it produced a nice HTML report for that hour.
I would like to discuss with anyone on bringing this up to a new level. I would like webalizer to run as a cron job, but the log file names changes every hour. So that's a hurdle I need to figure out. Also keeping track of user web hits is important. I would like to make sure my reports are accurate in reporting what IP address is the top talker.
I hope this will start a productive exchange of ideas. Thanks.Simple Network Management Protocol (SNMP) is an interoperable standards-based protocol that allows for external monitoring of the Content Engine through an SNMP agent.
An SNMP-managed network consists of three primary components: managed devices, agents, and management systems. A managed device is a network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and use SNMP to make this information available to management systems that use SNMP. Managed devices include routers, access servers, switches, bridges, hubs, computer hosts, and printers.
An SNMP agent is a software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. The SNMP agent gathers data from the Management Information Base (MIB), which is the repository for information about device parameters and network data. The agent can also send traps, or notification of certain events, to the manager.
http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a0080236630.html#wp1101506 -
Should the Content Engine work while the Inernet link is down ?
I have installed CE590 in a client network
The http saving performance is from 30 : 40 %
My client want to make sure the CE is caching the web site
He want to shutdown Serial port of the main router , and try to browse web sites. ( the Cached sites )
Should he get a reply from the CE and browse the cached sites ??
I mean , Can the PC browser ( while the internet is link is down ) open page like www.yahoo.com for example if it is cached on the CE ??
Is there is any command of the CE that can display the name of the cahced web pages ?
Note : Cisco Content Engine Software Release 3.11
Can anyone help me ?
Thanks
Mohamed AbdallahMohamed,
Before you go any futher you need to upgrade the CE to ACNS 4.2.3. There are known issues with 3.1.1.
To answer your question the CE will only server content if it can not access the internet if the object is fresh. By this I mean the object has not expired or the object does not need revalidation eg If modified since request.
This could cause problems with broken pages etc etc.
Your best option is to turn on transaction logging.
transaction-logs enable
You can then go to the local1/logs directory on the CE
type working.log
This will show you the urls that clients are requesting and if they got a hit / miss/ ims hit / ims miss etc etc.
Overall your cache should always have access to the origin server for content.
Cheers
Phil -
Content Engine caching video content?
I am currently running ACNS version 5.5.11.2 on a CE510 Content Engine. I recently had to replace the unit and when I set up the partitions for the new build, I elected to go with CE510#disk config sysfs 10% cfs 45% mediafs 45%.
Before the cfs was setup to use the whole box. I was thinking that the mediafs partition would start to cache video content. Does that happen automatically or is there some other setting to make that happen further. How do I determine if it is getting any use?A content engine can cache files transfered via ftp but not https [as the content is encrypted].
It can cache whatever file, including video, audio, ...
Content routing, content switching are just names.
They refer to how the traffic will be intercepted and forwarded to the content engine.
You could simply use a proxy solution and have your users setup their browser to use the content engine as a proxy, or you could transparently intercept http/ftp traffic via a router running wccp, or you could use a Layer7 device like a CSS to intercept the traffic and redirect to the content engine.
Regards,
Gilles. -
Content Engine Network Module for Caching File Server Objects
We have a content engine network module for a 2821 router located at a branch office that we'd like to use for clients to obtain locally cached file objects from a Windos server located at our headquarters or corporate office. I've been looking for some sample configs or documentation that will show me that this is possible and on how to do it since this is my first time ever doing. All I was able to find so far was the link below under "Support of Preloading of NTLM Authenticated Objects", but it seems incomplete in providing configuration tasks that most CCO doc's usually provide. Has anyone else had any luck finding some useful doc's or sample configs to get this accomplish? Thanks in advance.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns55/55ldg/urlfiltr.htm#wp1158213You can't cache Windows Files using the Cache Engines.
You CAN do this using WAFS though. I'd suggest looking at the WAFS (or upcoming WAAS) products, which use WCCP like the Cache Engines to transparently redirect Windows File Sharing requests. -
Content Engine CE565 authentication cache
I have a Content Engine CE565 running software version CE 5.1.7
The commands <show users request-authenticated> and <show http-authcache> provide me with information on authenticated users, but I would like to know how to determine the time remaining for a user/ip address in the authcache. This is with the understanding that the authentication will timeout after the configured period of inactivity (in minutes).
Also, is there a way to remove the authentication cached for single user/ip address? Understanding that the authentication cache resides in RAM. The only command that I am aware of is <clear users request-authenticated>, which clears all authenticated users. However, this requires all users to reauthenticate. TIAAs far as I know, there is no way to clear a single user, only all of them by using the command you mentioned above. The command http authentication cache timeout can be used to configure the time between last access and cache removal.
Maybe you are looking for
-
<p>Dear fellows,<br> <br> I am designing a matrix report of Rooms those are vacant at certian time and days of week. In this time values are fixed, I have written the mention below query to design the report.<br> <b><br> Table Description is</b> <br>
-
How to get the PLANNING SHORTAGE in the forecast tab of /sapapo/rrp3?
Hi to all! I need your help! I'd like to take the planning shortage quantities in the forecast tab of the product view /sapapo/rrp3 and the related date and I'd like to insert that quantity on the 9AAFCST key figure in the related time bucket. Have y
-
Cfldap and deleted objects container in Active Directory
Hello, I am trying to use a CFLDAP query to bind and search in the Deleted Objects container of Active Directory. This would allow me to get the sAMAccountname values of the users who have been deleted within the last default 60 days (searching tombs
-
Extending Requisition Lines BC4J Object
Hello. A customer has a requirement to add an attribute to the Requisition Approval notification. I searched Metalink and found Note 404524.1. It documented that I would need to create an extension with JDeveloper. I have downloaded the correct versi
-
Disc says Acrobat X PRO but installed software says Acrobat X STANDARD
Install Disc says Acrobat X PRO but installed software (in Help) says Acrobat X STANDARD. Why? Thanks, Frank Meitz