Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2211
Views
0
Helpful
5
Replies

Squid WCCP different VLANS

Go to solution
akshaycjoshi
Level 1
Level 1

‎09-13-2013 02:45 AM - edited ‎03-07-2019 03:27 PM

I am following one tutorial on setting up WCCP with squid which is here at:

http://www.crypt.gen.nz/papers/cisco_squid_wccp.html

In this tutorial, the clients and proxy server has been setup on the same interface(192.168.1.0/24)

//To identify proxy-servers

access-list 10 permit 192.168.1.252
access-list 10 permit 192.168.1.253
ip wccp web-cache group-list 10

//To make redirection only for clients

access-list 120 deny ip host 192.168.1.253 any
access-list 120 deny ip host 192.168.1.252 any
access-list 120 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 120 deny ip any any

ip wccp web-cache redirect-list 120

int G0/1
ip wccp web-cache redirect in

My question is this:

I want to keep all my cache servers on a separate vlan (vlan100, 172.16.100.1) and there will also be around 10 vlans(172.16.1.0-172.16.10.0/24) for clients.

The internet facing interface is G0/0 and the LAN facing interface is G0/1 and the VLANs would be created using router-on-a-stick (using interfaces like G0/1.1, G0/1.2, G0/1.3,  etc)

When the proxy server and clients were on the same subnet, I had to use an ACL to separate the proxy server and client redirection. Now, with proxy servers on a different subnet and rest all vlans belong to clients, what should be my configuration.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to akshaycjoshi

‎09-13-2013 06:25 AM

//To identify proxy-servers

access-list 10 permit 192.168.1.252
access-list 10 permit 192.168.1.253
ip wccp web-cache group-list 10

//To make redirection only for clients

access-list 120 permit tcp any any eq 80
access-list 120 deny ip any any

ip wccp web-cache redirect-list 120

all sub-interface, excpet the VLAN for cache engine.  

int G0/1.x
ip wccp web-cache redirect in

HTH,

Lei Tian

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎09-13-2013 04:48 AM

Hi,

Just apply WCCP redirect in on all client VLANs.

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
akshaycjoshi
Level 1
Level 1
In response to Lei Tian

‎09-13-2013 05:19 AM

So you want to say that following commands are not needed:

ip wccp web-cache group-list X
ip wccp web-cache redirect-list

Only the following commands would be needed:

int g 0/0.X

ip wccp web-cache redirect in
0 Helpful

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to akshaycjoshi

‎09-13-2013 05:41 AM

No, you still need those commands, but the ACL would be different, and you don't need to deny the Cache engine IP on ACL

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
akshaycjoshi
Level 1
Level 1
In response to Lei Tian

‎09-13-2013 06:02 AM

I am a bit confused.

Can you please tell me the exact config that I would need.

0 Helpful

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to akshaycjoshi

‎09-13-2013 06:25 AM

//To identify proxy-servers

access-list 10 permit 192.168.1.252
access-list 10 permit 192.168.1.253
ip wccp web-cache group-list 10

//To make redirection only for clients

access-list 120 permit tcp any any eq 80
access-list 120 deny ip any any

ip wccp web-cache redirect-list 120

all sub-interface, excpet the VLAN for cache engine.  

int G0/1.x
ip wccp web-cache redirect in

HTH,

Lei Tian

0 Helpful
Customers Also Viewed These Support Documents