Cisco IOS WAP Gateway
`
`Feature History
`Release
`12.2(2)XR
`
`Modification
`This feature was introduced.
`
`This document describes the Cisco IOS WAP Gateway feature in Cisco IOS Release 12.2(2)XR. It
`includes the following sections:
`
`• Feature Overview, page 1
`
`(cid:129) Supported Platforms, page 4
`
`(cid:129) Supported Standards, MIBs, and RFCs, page 4
`
`(cid:129) Prerequisites, page 5
`
`(cid:129) Configuration Tasks, page 5
`
`(cid:129) Monitoring and Maintaining the Cisco IOS WAP Gateway, page 13
`
`(cid:129) Configuration Examples, page 13
`
`(cid:129) Command Reference, page 15
`
`(cid:129) Glossary, page 53
`
`Feature Overview
`
`The Cisco IOS WAP Gateway is a software feature developed in compliance with Wireless Application
`Protocol (WAP) version 1.2. The software runs on the Cisco 3640 and 3660 routers. A Cisco router can
`be configured either as a dedicated gateway server, or as a multifunction box in conjunction with other
`Cisco IOS features.
`
`The Cisco IOS WAP Gateway feature is an implementation of the gateway component of the WAP
`architecture. Companies can deploy the gateway to offer mobile employees and partners access to
`company-specific WAP content that resides on internal web servers. In the WAP architecture, WAP
`security exists from the client device to the gateway but not through to the WAP content server. The
`Cisco IOS WAP Gateway feature can be implemented on a trusted server behind the company firewall,
`at which point it can access secure web content servers.
`
`WAP is a standard for the presentation and delivery of wireless information and telephony services on
`wireless devices. Using an architecture based on the established WWW model, WAP defines a set of
`protocols designed for use with mobile telephone technology and wireless devices.
`
`Cisco IOS Release 12.2(2)XR
`
`1
`
`

`

`Feature Overview
`
`Cisco IOS WAP Gateway
`
`WAP was developed and is promoted by the WAP Forum. Mobile wireless devices containing WAP
`browsers are available from most mobile device manufacturers.
`
`WAP is designed to be independent of both the bearer technology and the device. WAP protocols can
`operate with many bearer technologies such as code division multiple access (CDMA), which is
`currently prevalent in the United States; global system for mobile communications (GSM), which is
`popular in Europe; and the GSM feature known as general packet radio service (GPRS), which is starting
`to be deployed and provides higher-speed data services. The major bearer technologies are all supported
`by WAP.
`
`Figure 1 shows how the WAP gateway functions with the various protocols used to request and deliver
`data between a client wireless device, the Cisco IOS WAP Gateway, and a web content server. The client
`wireless device—a mobile phone in Figure 1—contains a WAP browser that can display Wireless
`Markup Language (WML) and execute Wireless Markup Language Scripts (WMLS). WML is derived
`from eXtensible Markup Language (XML) but is functionally equivalent to HTML, and it is designed to
`display WAP content on the small screens of mobile devices that can display only four or five lines of
`text plus some icons or basic graphics. Wireless mobile devices typically have memory limitations
`compared to the average PC.
`
`Figure 1
`
`Functionality of the Cisco IOS WAP Gateway
`
`Cisco IOS
`WAP Gateway
`
`WML
`HTTP
`TCP/IP
`
`Web server
`
`CGI scripts
`
`WML decks
`including
`WMLS
`
`60288
`
`Content
`
`WML
`encoder
`
`WMLS
`compiler
`
`WMLC
`WSP
`WTP
`WTLS
`UDP/IP
`
`Client
`
`WAP
`browser
`
`WTAI
`
`The mobile phone in Figure 1 also operates the Wireless Telephony Application Interface (WTAI), which
`gives access to the usual telephone capabilities such as phone books and dialing. WTAI allows telephone
`functionality to be controlled by WMLS. One use of this feature is to make the handset place a call to a
`telephone number that a WAP directory application has just retrieved and displayed on the screen.
`
`When the client wireless device in Figure 1 initiates a request for WAP content, the request is forwarded
`to the WAP gateway via the wireless network provider that the client is using. Protocols used in the
`communication between the client and the gateway may include Wireless Session Protocol (WSP),
`Wireless Transaction Protocol (WTP), and Wireless Transport Layer Security (WTLS). All these
`protocols are optimized for use with wireless devices.
`
`Cisco IOS Release 12.2(2)XR
`
`2
`
`

`

`Cisco IOS WAP Gateway
`
`Feature Overview
`
`Benefits
`
`The WAP gateway in Figure 1 receives the request for WAP content from the wireless device and creates
`or reuses a session to the web server and requests content using Hypertext Transfer Protocol (HTTP).
`When the content is supplied to the gateway, it uses the WML encoder to compress the information and,
`if required, the gateway uses the WMLS compiler to compile the request before sending the WAP content
`back to the client device. Compression is achieved using a process called tokenisation.
`
`The web content server in Figure 1 can be an existing web content server using standard URLs and
`Common Gateway Interface (CGI) scripts, but the content destined for client wireless devices must be
`in WML format. The WAP browser in the wireless device cannot display content written in HTML.
`Communication between the gateway and the web server occurs through conventional protocols such as
`HTTP and the TCP/IP protocol stack.
`
`Leverage Existing Equipment and Expertise
`You can integrate WAP services into your existing IP network infrastructure using existing equipment
`because the WAP gateway can run on the Cisco 3640 and 3660 routers and will even run as part of a
`multifunction router. The WAP gateway software uses new and modified commands at the Cisco IOS
`command-line interface (CLI), but the existing commands for configuring an interface or verifying the
`configuration should be familiar to Cisco customers.
`
`Secure WAP Access to Internal Web Content
`Companies can make intranet services available to employees and partners via the WAP gateway without
`compromising security. The Cisco IOS WAP Gateway feature can run on a trusted router within the
`firewall and access WAP content held on an internal server.
`
`The WAP gateway uses WTLS Class 1 security, which provides encryption between the wireless device
`and the gateway, and is widely supported by the wireless devices currently on the market.
`Customers can implement their own user authentication methods by configuring the wap authentication
`service and associated optional commands.
`
`Support for Microbrowsers
`The Cisco IOS WAP Gateway feature implements the version 1.2 standards from the WAP Forum and
`will support all WAP microbrowsers that also implement these standards. Current and future
`WAP-enabled wireless devices will work with the gateway if they implement the WAP Forum
`version 1.2 standards.
`
`Related Features and Technologies
`
`(cid:129) V.110/WAP Access Solution
`
`(cid:129) Cisco IOS Server Load Balancing (SLB)
`
`Cisco IOS Release 12.2(2)XR
`
`3
`
`

`

`Supported Platforms
`
`Related Documents
`
`Cisco IOS WAP Gateway
`
`(cid:129) Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2
`
`(cid:129) Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2
`
`(cid:129) Cisco IOS IP Command Reference, Volume 3 of 3: Multicast, Release 12.2
`
`(cid:129) Cisco IOS IP Configuration Guide, Release 12.2
`
`Supported Platforms
`
`(cid:129) Cisco 3640
`
`(cid:129) Cisco 3660
`
`Platform Support Through Feature Navigator
`Cisco IOS software is packaged in feature sets that support specific platforms. To get updated
`information regarding platform support for this feature, access Feature Navigator. Feature Navigator
`dynamically updates the list of supported platforms as new platform support is added for the feature.
`
`Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software
`images support a specific set of features and which features are supported in a specific Cisco IOS image.
`
`To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your
`account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify
`that your e-mail address is registered with Cisco.com. If the check is successful, account details with a
`new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com
`by following the directions at http://www.cisco.com/register.
`
`Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As
`of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator
`at the following URL:
`
`http://www.cisco.com/go/fn
`
`Supported Standards, MIBs, and RFCs
`
`Standards
`The Cisco IOS WAP Gateway feature conforms to all the mandatory standards requirements set out in
`the WAP 1.2 specifications created by the WAP Forum. All mandatory and certain optional features have
`been implemented. Your Cisco sales representative can provide a product bulletin containing the WAP
`Server Implementation Conformance Statement (WICS) for the Cisco IOS WAP Gateway feature.
`
`MIBs
`No new or modified MIBs are supported by this feature.
`
`To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules,
`go to the Cisco MIB website on Cisco.com at the following URL:
`
`http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
`
`Cisco IOS Release 12.2(2)XR
`
`4
`
`

`

`Cisco IOS WAP Gateway
`
`Prerequisites
`
`RFCs
`(cid:129) RFC 2068, Hypertext Transfer Protocol—HTTP 1.1
`
`(cid:129) RFC 1738, Uniform Resource Locators (URL)
`
`Prerequisites
`
`WML Content Access
`You must ensure that you have access to a web content server that contains WML and WMLS files that
`will be displayed on the WAP-enabled wireless devices. The software running the web server must be
`configured with WAP Multipurpose Internet Mail Extension (MIME) types to handle the various types
`of WAP files. We recommend that you configure the web server software to return an index.wml page
`when a URL is requested without specifying a page, because it can save the user some keystrokes on a
`WAP phone.
`
`Client Software
`The Cisco IOS WAP Gateway feature implements the version 1.2 standards from the WAP Forum and
`will support all WAP microbrowsers that also implement these standards. You must confirm that all your
`client wireless devices implement the 1.2 standards and are configured to access the WAP gateway.
`
`WAP-enabled wireless devices have many different menu configurations but two parameters must be
`configured on each device that will access the Cisco IOS WAP Gateway. The IP address that must be
`entered in the WAP browser is the primary IP address of the interface on which the WAP gateway is
`configured. The User Datagram Protocol (UDP) port number being used by the wireless device must
`correspond to the protocol stack configured on the WAP gateway.
`
`Configuration Tasks
`
`See the following sections for configuration tasks for the Cisco IOS WAP Gateway feature. Each task in
`the list is identified as either required or optional:
`
`(cid:129) Configuring a WAP Gateway Interface (required)
`
`(cid:129) Configuring Customer-Supplied User Authentication on the WAP Gateway (optional)
`
`(cid:129) Configuring a Proxy List on the WAP Gateway (optional)
`
`(cid:129) Configuring Security Features on the WAP Gateway (optional)
`
`(cid:129) Configuring a WAP Gateway on a Multifunction Access Server (optional)
`
`(cid:129) Specifying How the WAP Gateway Locates Content Servers (optional)
`
`(cid:129) Verifying the Cisco IOS WAP Gateway (optional)
`
`Configuring a WAP Gateway Interface
`
`The Cisco IOS WAP Gateway feature is configured on only one interface but it operates over all physical
`interfaces to take advantage of any redundancy and to maximize availability. The interface on which the
`WAP gateway is configured can be a physical or loopback (virtual) interface. The gateway uses the
`primary IP address of this interface as the IP address for all WAP traffic, regardless of the actual physical
`
`Cisco IOS Release 12.2(2)XR
`
`5
`
`

`

`Configuration Tasks
`
`Cisco IOS WAP Gateway
`
`interface over which the packets arrive or depart. To reduce the dependence on a physical interface that
`may be subject to physical connection issues or network failures, we recommend that the WAP gateway
`be configured on a loopback interface.
`
`To enable the Cisco IOS WAP Gateway feature on a router, use the following commands beginning in
`global configuration mode:
`
`Command
`Router(config)# interface type number
`
`Router(config-if)# ip address ip-address mask
`
`Step 1
`
`Step 2
`
`Step 3
`
`Router(config-if)# wap {all | [cl] [co] [secure-cl]
`[secure-co]}
`
`Purpose
`Specifies the type and number of the interface on
`which the feature is to be configured. Enters
`interface configuration mode.
`Configures the interface with an IP address. This
`is the address with which the WAP-enabled
`wireless devices must be configured to
`communicate with the gateway.
`Configures the interface to operate all the protocol
`stacks or a list specifying one or more of the
`options.
`
`Configuring Customer-Supplied User Authentication on the WAP Gateway
`
`The Cisco IOS WAP Gateway feature contains a feature and associated commands that allow the device
`browser to be redirected to a URL where customer-supplied user authentication can occur before the
`gateway will display any requested web content.
`
`The user authentication feature can be used to supplement the static WAP username and password
`provided by most browsers. Static passwords may not provide the required level of security for an
`enterprise where all network access is controlled using one-time passwords. In this environment, the user
`must change the password on the WAP-enabled device before establishing each WAP session. The
`navigation on the device is tedious and may discourage use of the service. Using some form of initial
`group ID and password on the WAP-enabled device, and implementing a customer-supplied user
`authentication on the gateway, could allow the one-time password to be verified using WAP itself. A
`filtering mechanism may be employed on the firewall to ensure that the group ID initial requests access
`only the WAP gateway.
`
`Cisco IOS Release 12.2(2)XR
`
`6
`
`

`

`Cisco IOS WAP Gateway
`
`Configuration Tasks
`
`To configure this optional task, use the following commands in global configuration mode as needed.
`The authentication is activated when a new session begins.
`
`Command
`Router(config)# wap authentication service url
`
`Router(config)# wap authentication completed url
`
`Router(config)# wap authentication prefix url
`
`Router(config)# wap authentication timeout seconds
`
`Configuring a Proxy List on the WAP Gateway
`
`Purpose
`Configures customer-supplied user authentication
`by redirecting the browser to the specified URL.
`The URL normally points to a customer-supplied
`user authentication application where username
`and password information is entered and verified.
`
`Note
`
`The authentication scheme cannot be used
`when the gateway is operating the
`unsecured connectionless WSP protocol
`between the wireless device and the
`gateway because no session context is
`maintained between requests. If the user
`authentication feature is being used, the
`gateway should operate one or a
`combination of the co, secure-cl, and
`secure-co protocol stack options.
`Specifies a URL to be accessed by the browser to
`indicate to the gateway that the customer-supplied
`user authentication has validated the user. The
`gateway will detect that the URL was accessed and
`treat the session as authenticated.
`Specifies a URL prefix to allow certain pages to be
`displayed that are related to the authentication
`process, for example, a screen with a corporate
`logo. The gateway processes requests on an
`unauthenticated session provided that the URL
`begins with this prefix. Other page requests will be
`redirected to the URL specified by the wap
`authentication service command.
`Specifies an interval (in seconds) after which the
`user is forced to reauthenticate.
`
`Using a proxy list allows the WAP gateway to determine which URL requests should be handled directly
`and which should be forwarded to a specified HTTP proxy server. The gateway searches through the
`proxy list in the order in which each filter request is entered when processing a request for a page. The
`gateway tests a page request against each line until a match is found. If no match is found the page
`request is serviced directly. An asterisk (*) wildcard can be used in the proxy filter entries.
`
`Proxy servers are servers that will process information for another server and are sometimes used for
`security reasons to keep external requests from reaching internal servers. Proxy servers can also help
`ease performance issues because they take some of the load off other servers.
`
`Cisco IOS Release 12.2(2)XR
`
`7
`
`

`

`Configuration Tasks
`
`Cisco IOS WAP Gateway
`
`To create a proxy list, use the following command in global configuration mode. The proxy list records
`are searched in the order in which they are entered.
`
`Command
`Router(config)# wap proxy-list http-server [proxy-server]
`
`Purpose
`Specifies a filter record that the gateway can use to
`filter requests to be forwarded to a proxy server,
`and not passed directly to the server specified in
`the request.
`
`The http-server argument identifies a Domain
`Name System (DNS) name or IP address
`corresponding to a Hypertext Transfer Protocol
`(HTTP) server. Asterisk (*) wildcard symbols can
`be used. The optional proxy-server argument
`identifies a DNS name or IP address
`corresponding to a proxy server. Both arguments
`may include an optional port number separated by
`a colon.
`
`Repeat the command, as needed, to create a list of
`filter records.
`
`Configuring Security Features on the WAP Gateway
`
`The Cisco IOS WAP Gateway feature uses WTLS Class 1 security. Several commands have been
`implemented in the software to allow the customer to configure the behavior of the gateway.
`
`The gateway implements a number of different encryption, hash, and key-exchange algorithms. The use
`of each algorithm can be explicitly enabled or disabled. Deciding which algorithm to enable may depend
`on your company policy or the set of algorithms supported by the wireless devices with which the WAP
`gateway must communicate. Many wireless devices only support a subset of the available algorithms.
`While a WAP session is being established, the WAP-enabled device proposes the use of an algorithm and
`the gateway agrees to the proposal if it supports the proposed algorithm. That algorithm is then enabled.
`Unless you have a specific security requirement, the default configurations of both the wireless devices
`and the Cisco IOS WAP Gateway will usually work for all wireless devices.
`
`For each type of algorithm you can select different strengths of security. A shorter key length is easier
`to compute and will impose less overhead on the processor than a longer key length, but a shorter key
`length can compromise security. The level of security you need to configure will be determined by the
`type of information that can be accessed through the gateway. Confidential corporate information
`requires a higher level of security than information about the weather, for example, although having
`current access to such information may be invaluable.
`
`Timeout intervals for idle WTLS sessions or connections can also be configured. A balance must be
`found between configuring a shorter interval in the interests of security and allowing a reasonable
`interval that stops the user from constantly needing to reauthenticate or reconnect when the interval
`expires.
`
`Cisco IOS Release 12.2(2)XR
`
`8
`
`

`

`Cisco IOS WAP Gateway
`
`Configuration Tasks
`
`To configure security options, use any or all the following optional commands in global configuration
`mode as needed:
`
`Command
`Router(config)# wap wtls encryption {all | [rc5-cbc-40]
`[rc5-cbc-56] [rc5-cbc-128]}
`
`Router(config)# wap wtls hash {all | [md5-40] [md5-80]
`[md5-128] [sha-0] [sha-40] [sha-80] [sha-160] [sha-xor-40]}
`
`Router(config)# wap wtls key-exchange {all | [dh-anon-512]
`[dh-anon-768] [dh-anon-unrestricted] [rsa-anon-512]
`[rsa-anon-768] [rsa-anon-unrestricted]}
`
`Router(config)# wap wtls timeout connection seconds
`
`Router(config)# wap wtls timeout handshake seconds
`
`Router(config)# wap wtls timeout key seconds
`
`Router(config)# wap wtls timeout session seconds
`
`Purpose
`Specifies the encryption algorithms operated by
`the WAP gateway.
`Specifies the hash algorithms operated by the
`WAP gateway.
`Specifies the key-exchange algorithms operated
`by the WAP gateway.
`
`Specifies an interval (in seconds) after which an
`inactive WTLS connection will be closed by the
`gateway.
`Specifies an interval (in seconds) that the gateway
`allows for the WTLS handshake process to
`complete.
`Specifies an interval (in seconds) during which the
`gateway will retain a WTLS session key when the
`session is unused.
`Specifies an interval (in seconds) after which an
`inactive WTLS session will be closed by the
`gateway.
`
`Configuring a WAP Gateway on a Multifunction Access Server
`
`The WAP gateway can run either on a dedicated router or on a multifunction router. One example of a
`multifunction router would be to run the Cisco IOS WAP Gateway software on an access server. The
`ability to enable other Cisco IOS features will depend on the CPU and memory in the router. Feature
`enablement will affect the performance of the router. To run the WAP gateway on a multifunction access
`server, note the following configuration tips:
`
`(cid:129) Refer to the Cisco IOS Dial Technologies Configuration Guide, Release 12.2 for configuration
`scenarios.
`
`(cid:129) Configure the gateway on a loopback (virtual) interface for enhanced availability.
`
`Specifying How the WAP Gateway Locates Content Servers
`
`When a wireless device requests a web page via the WAP gateway, the Cisco IOS software must
`determine where to find the requested web page. A number of Cisco IOS commands can be configured
`to help reduce the time required to access the requested web page.
`
`Cisco IOS Release 12.2(2)XR
`
`9
`
`

`

`Configuration Tasks
`
`Cisco IOS WAP Gateway
`
`To specify multiple DNS servers and associated features, use any or all of the following commands in
`global configuration mode:
`
`Command
`Router(config)# ip domain-lookup
`
`Router(config)# ip name-server server-address1
`[server-address2..server-address6]
`
`Router(config)# ip domain-name domain-name
`
`Router(config)# ip domain-list domain-name
`
`Router(config)# ip host name [tcp-port-number] address1
`[address2...address8]
`
`Verifying the Cisco IOS WAP Gateway
`
`Purpose
`Enables IP DNS host name to IP address
`translation to help access web content across the
`Internet. This command is enabled by default.
`Specifies the IP addresses of up to six name
`servers to access DNS information. The first IP
`address specified becomes the first server that is
`accessed and the following IP addresses are
`checked in the order in which they are input.
`Defines a default domain name to complete an
`unqualified host name. Configuring a default
`domain name can save keystrokes on the wireless
`devices.
`Defines a list of default domain names to complete
`an unqualified host name. Each default domain
`name in the list is tried in turn until a match is
`found. Configuring a list of default domain names
`can save keystrokes on the wireless devices.
`
`Note
`
`If there is a domain list, the domain name
`defined in an ip domain-name command
`is not used.
`Defines a static host name to IP address mapping
`that is saved in the host cache. Defining frequently
`accessed content servers avoids any dependency
`on DNS servers and can improve the software
`performance.
`
`Verifying that the WAP gateway is working involves checking the configuration of the wireless devices
`and web servers. Those tasks may not be possible at the same location as the router that is acting as the
`WAP gateway. Some Cisco IOS commands, however, can be run on the router to determine if the correct
`WAP parameters are configured and running. Depending on the level of security required, one or more
`of the WAP protocol stacks are configured. Each WAP protocol stack is assigned a specific port number
`from 9200 through 9203. When the router is listening on a port number, use the show ip sockets EXEC
`command to display the port number information.
`
`To verify that the Cisco IOS WAP Gateway feature is running, perform the following steps:
`
`Step 1
`
`Enter the show wap EXEC command to display the settings of all the WAP parameters. The values of
`all the WAP parameters, even those set to their default settings, are displayed.
`
`Cisco IOS Release 12.2(2)XR
`
`10
`
`

`

`Cisco IOS WAP Gateway
`
`Configuration Tasks
`
`Router# show wap
`
`Cisco IOS Wireless Application Protocol Gateway parameters
`
`WAP Gateway is enabled on interface Loopback0
`WAP services available are: secure-cl secure-co
`
`UP browser-specific settings:
` 'device:home' is substituted with : 'http://www.company-name.com/wapserver/i'
` 'device:base' is substituted with : 'http://www.company-name.com/wapserver'
` 'x-up-subno' header is appended with 'gateway.company-name.com'
`
`HTTP headers are wrapped after 80 bytes
`User authentication service is 'http://www.company-name.com/auth/login.wml'
`User authentication completed is 'http://www.company-name.com/auth/scripts/validate.cgi'
`User authentication prefix is 'http://www.company-name.com/auth/scripts'
`User authentication timeout is set to 20 minutes
`WSP maximum sessions is set to 1000
`WSP session timeout is set to 5 minutes
`WTLS master key timeout is set to 1 day
`WTLS session timeout is set to 1 hour 30 minutes
`WTLS connection timeout is set to 1 hour 30 minutes
`WTLS handshake timeout is set to 5 minutes
`
`WTLS Encryption Algorithms:
` RC5-CBC-128 - enabled
` RC5-CBC-56 - enabled
` RC5-CBC-40 - enabled
`
`WTLS Hash Algorithms:
` MD5-128 - disabled
` MD5-80 - disabled
` MD5-40 - disabled
` SHA-160 - enabled
` SHA-80 - enabled
` SHA-40 - enabled
` SHA-XOR-40 - disabled
` SHA-0 - disabled
`
`WTLS Key Exchange Algorithms:
` DH-ANON-UNRESTRICTED - enabled
` DH-ANON-768 - enabled
` DH-ANON-512 - enabled
` RSA-ANON-UNRESTRICTED - enabled
` RSA-ANON-768 - enabled
` RSA-ANON-512 - enabled
`
`Proxy list is:
` *.company-name.com
` *.company-name.com:*
` *.*->proxy.company-name.com
`
`Step 2
`
`Enter the show ip sockets EXEC command to display the ports that are being used. Ports 9202 and 9203
`are in use, confirming the configuration of the wap command.
`
`Router# show ip sockets
`
`Proto Remote Port Local Port In Out Stat TTY OutputIF
` 17 0.0.0.0 0 172.20.1.1 67 0 0 489 0
` 17 10.1.0.2 49998 172.20.1.1 9203 0 0 B1 0
` 17 0.0.0.0 0 172.20.1.1 9202 0 0 B1 0
`
`Cisco IOS Release 12.2(2)XR
`
`11
`
`

`

`Configuration Tasks
`
`Cisco IOS WAP Gateway
`
`Step 3
`
`Enter the show wap statistics EXEC command to show that traffic is being generated. A wireless phone
`or phone-emulator software on a PC, configured to access the WAP gateway, will generate traffic. Run
`this command several times while generating the traffic to ensure that the counters are being updated.
`
`Router# show wap statistics
`
`errors requests responses sessions sessions-HWM rx-udp tx-udp
`0 2614 2614 0 2 5151 2894
` timers: 0
` number of memory pools: 17
`
`Troubleshooting Tips
`
`WAP Gateway
`The Cisco IOS WAP Gateway feature introduces a new EXEC mode command, debug wap, to enable
`diagnostic output concerning various events relating to the operation of the WAP gateway to be displayed
`on a console. The debug wap command is intended only for troubleshooting purposes because the
`volume of output generated by the software can result in severe performance degradation on the router.
`To minimize the impact of using the debug wap commands, perform the following steps:
`
`Step 1
`
`Step 2
`
`Step 3
`
`Step 4
`
`Step 5
`
`Attach a console directly to the router running the WAP gateway.
`Enter the no logging console command in global configuration mode to disable all logging to the console
`terminal. To reenable logging to the console, use the logging console command in global configuration
`mode.
`Use Telnet to access a router port. Enter the enable command in EXEC configuration mode.
`Enter the terminal monitor command in global configuration mode and enter the necessary debug wap
`commands. Try to enter only specific debug wap commands to isolate the output to a certain
`subcomponent and minimize the load on the processor. Use the detailed keyword to generate more
`detailed debug information on specified subcomponents. To disable logging on the virtual terminal, enter
`the no terminal monitor command.
`Enter the specific no debug wap command when you are finished.
`
`This procedure will minimize the load on the router created by the debug wap commands because the
`console port is no longer generating character-by-character processor interrupts. If you cannot connect
`to a console directly, you can run this procedure via a terminal server. If you must break the Telnet
`connection, however, you may not be able to reconnect because the router may be unable to respond due
`to the processor load of generating the debug wap output.
`
`WAP Wireless Devices
`Ensure that your WAP-enabled wireless device is configured with the appropriate WAP parameters. The
`IP address that is entered in the WAP browser in the wireless device is the primary IP address of the
`interface on which the WAP gateway is configured. The UDP port number being used by the wireless
`device must correspond to the protocol stack configured on the WAP gateway.
`
`Cisco IOS Release 12.2(2)XR
`
`12
`
`

`

`Cisco IOS WAP Gateway
`
`Monitoring and Maintaining the Cisco IOS WAP Gateway
`
`Web Content Servers
`Ensure that the content server contains the relevant WML files and scripts and can be accessed by the
`router running the Cisco IOS WAP Gateway feature. The content server software must be configured to
`register the various WAP MIME types.
`
`Monitoring and Maintaining the Cisco IOS WAP Gateway
`
`To monitor and maintain the Cisco IOS WAP Gateway feature, use the following commands in EXEC
`mode:
`
`Command
`Router# clear wap statistics
`
`Router# show wap
`
`Router# show wap statistics
`
`Configuration Examples
`
`Purpose
`Resets the WAP gateway counters.
`Displays the values of all the WAP gateway
`parameters. All parameters, even those set to their
`defaults, are displayed.
`Displays the counters maintained by the WAP
`gateway.
`
`This section provides the following configuration examples:
`
`(cid:129) WAP Gateway Interface Configuration Example
`
`(cid:129) Customer-Supplied User Authentication Configuration Example
`
`(cid:129) Proxy List Configuration Example
`
`(cid:129) WAP Security Features Configuration Example
`
`(cid:129) Content Server Location Configuration Example
`
`WAP Gateway Interface Configuration Example
`
`In the following example, the WAP gateway is enabled on a loopback (virtual) interface, the secure
`connectionless protocol stack is configured, and the secure connection-oriented protocol stack is
`configured:
`
`interface Loopback0
` ip address 172.20.1.1 255.255.0.0
` wap secure-cl secure-co
`
`Customer-Supplied User Authentication Configuration Example
`
`In the following example, customer-supplied user authentication is enabled, a file called login.wml
`prompts the user for a username and password, and a CGI script called validate.cgi validates the
`username and password and displays a page with an HTTP status indicating success or failure:
`
`wap authentication service http://www.company-name.com/auth/login.wml
`wap authentication completed http://www.company-name.com/auth/scripts/validate.cgi
`
`Cisco IOS Release 12.2(2)XR
`
`13
`
`

`

`Configuration Examples
`
`Cisco IOS WAP Gateway
`
`wap authentication prefix http://www.company-name.com/auth/scripts/
`
`The first command causes the gateway to run the customer-supplied authentication procedure in
`login.wml whenever a new session is started. Instead of serving the first page request on the session, the
`browser will be re-directed to the file called login.wml. This file contains WML, which prompts the user
`for a username and a password. The username and password parameters that are entered by the user are
`sent to the CGI script called validate.cgi.
`
`The second command registers that validate.cgi is the file that must be successfully retrieved to indi