Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

poh
New Member

Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661

I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...

(PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)

I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.

Any advice appreciated.

5 REPLIES
Silver

Re: Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & A

Check this URL for details on Content filtering with PIX and CE with Smart filter. http://www.securecomputing.com/index.cfm?sKey=1152

poh
New Member

Re: Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & A

thanks...already read through that one along with others at that site

New Member

Re: Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & A

Also interested to know more about these NM's in 3600s. I'm completey green on Cisco CE technology/software but have a basic grasp on wccp concept. I guess these NM-CEs run an OS (BSD?); what is the maintenance overhead, easy to configure? etc. etc.

What would be nice would be for someone who's done this before to kindly do a quick pros & cons table.

TIA!

New Member

Re: Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & A

I thought this might help.

Easy NM-CE Configuration Guide!

Router IOS:c3725-ik9o3s-mz.122-15.T2

Content Engine Software: ACNS 5.0.3.5

Configure basic router configuration as normal.

Set the IP addresses for the Service Module (Content-Engine) using these commands:

interface Content-Engine2/0

ip address 10.1.1.1 255.255.255.0

ip nat inside

service-module external ip address 10.0.0.1 255.255.255.0

service-module ip address 10.1.1.2 255.255.255.0

service-module ip default-gateway 10.1.1.1

!

Complete Config Example (DHCP and NAT for Lab):

urrent configuration : 2440 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname lab3745_NM-CE

!

logging queue-limit 100

enable password cisco

!

ip subnet-zero

ip wccp web-cache

!

!

!

ip dhcp pool NM-ESW-16-POOL

network 10.1.2.0 255.255.255.0

domain-name cisco.com

default-router 10.1.2.1

dns-server 171.68.226.120 171.70.168.183

lease 7

!

ip audit notify log

ip audit po max-events 100

!

!

!

!

!

!

!

!

!

!

!

!

no voice hpi capture buffer

no voice hpi capture destination

!

!

mta receive maximum-recipients 0

!

!

!

!

interface FastEthernet0/0

ip address 172.16.12.108 255.255.255.0

ip wccp web-cache redirect out

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet1/0

no ip address

!

interface FastEthernet1/1

no ip address

!

interface FastEthernet1/2

no ip address

!

interface FastEthernet1/3

no ip address

!

interface FastEthernet1/4

no ip address

!

interface FastEthernet1/5

no ip address

!

interface FastEthernet1/6

no ip address

!

interface FastEthernet1/7

no ip address

!

interface FastEthernet1/8

no ip address

!

interface FastEthernet1/9

no ip address

!

interface FastEthernet1/10

no ip address

!

interface FastEthernet1/11

no ip address

!

interface FastEthernet1/12

no ip address

!

interface FastEthernet1/13

no ip address

!

interface FastEthernet1/14

no ip address

!

interface FastEthernet1/15

no ip address

!

interface Content-Engine2/0

ip address 10.1.1.1 255.255.255.0

ip nat inside

service-module external ip address 10.0.0.1 255.255.255.0

service-module ip address 10.1.1.2 255.255.255.0

service-module ip default-gateway 10.1.1.1

!

interface Vlan1

ip address 10.1.2.1 255.255.255.0

ip nat inside

!

ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254

ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24

ip nat inside source list 7 pool TEST-NAT-POOL overload

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.12.254

!

!

!

access-list 7 permit 10.1.2.0 0.0.0.255

access-list 7 permit 10.1.1.0 0.0.0.255

access-list 7 permit 10.0.0.0 0.0.0.255

!

!

call rsvp-sync

!

!

mgcp profile default

!

!

!

dial-peer cor custom

!

!

!

!

!

line con 0

speed 115200

line 65

flush-at-activation

no activation-character

no exec

transport input all

line aux 0

line vty 0 4

password cisco

login

!

end

reset service-module 2 to reboot the Content-Engine:

service-module content-Engine 2/0 reload

Within 30 Seconds Session from the Router to the Service Module:

service-module content-engine session

Enter Basic Configuration for Network Module:

Password, etc…

Configure The service Modeule using the command line interface:

hostname NM-CE-BP

!

!

!

!

!

!

ip domain-name CISCO.COM

!

!

!

!

interface FastEthernet 0/0

ip address 10.0.0.1 255.255.255.0

exit

interface FastEthernet 0/1

ip address 10.1.1.2 255.255.255.0

exit

!

!

ip default-gateway 10.1.1.1

!

primary-interface FastEthernet 0/1

!

!

!

!

!

ip name-server 172.72.1.1

!

!

!

!

!

!

!

!

!

wccp router-list 1 172.16.12.108

wccp web-cache router-list-num 1

wccp version 2

!

!

!

!

!

!

username xxx password xxxx

username xxxx privilege 15

!

!

!

!

authentication login local enable primary

authentication configuration local enable primary

!

!

!

!

!

!

NM-CE-BP#exit

You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report.

New Member

Re: Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & A

thanks. the configs help a lot

266
Views
0
Helpful
5
Replies
CreatePlease login to create content